TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets

This paper proposes the TuDoor Attack, by systematically exploring and exploiting logic vulnerabilities in DNS response pre-processing with malformed packets, leading to DNS cache poisoning (1s), denial-of-service, and resource consuming attacks.

BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet

This paper proposes a BreakSPF attack framework, a newly discovered method for attackers to bypass the SPF protocol and launch email spoofing attacks.

Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation

In this paper, we propose **Phoenix Domain**, a general and novel attack that allows adversaries to maintain the revoked malicious domain continuously resolvable at scale, which enables an old, mitigated attack, Ghost Domain.

Detecting and Measuring Security Risks of Hosting-Based Dangling Domains

In this paper, we present a novel framework, **HostingChecker** (**DareShark**), for detecting domain takeovers.

A Large-scale and Longitudinal Measurement Study of DKIM Deployment

DomainKeys Identified Mail (DKIM) is an email authentication protocol to protect the integrity of email contents. It has been proposed and standardized for over a decade and adopted by Yahoo!, Google, and other leading email service providers. …

Ethics in Security Research: Visions, Reality, and Paths Forward

Ethics has become a prevalent and important criterion for academic research. However, achieving ethical compliance in practice is a highly complex and specialized task. In the field of computer security research, although top-tier conferences all …

HDiff: A Semi-automatic Framework for Discovering Semantic Gap Attack in HTTP Implementations

The Internet has become a complex distributed network with numerous middle-boxes, where an end-to-end HTTP request is often processed by multiple intermediate servers before it reaches its destination. However, a general problem in this distributed …

Talking with Familiar Strangers: An Empirical Study on HTTPS Context Confusion Attacks

We discovered a new HTTPS hijacking attack method and won the GeekPwn International Championship

An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come?

DNS packets are designed to travel in unencrypted form through the Internet based on its initial standard. Recent discoveries show that real-world adversaries are actively exploiting this design vulnerability to compromise Internet users' security …

Measuring Privacy Threats in China-Wide Mobile Networks

HTTP transparent proxies are widely deployed in mobile networks and can lead to potential security and privacy issues. HTTP traffic is increasingly subject to in-path manipulation, especially in cellular networks. Although the traffic manipulation …