Biography

Xiang Li is an Associate Professor at the College of Cryptology and Cyber Science, Nankai University. He received his Ph.D. from Network and Information Security Lab (NISL) at Tsinghua University (advised by Professors Qi Li and Haixin Duan) in 2024. He was a visiting scholar at UC Irvine as a project specialist, working with Professor Zhou Li. Additionally, he is the author of the fast IPv6 network device scanner XMap, open-sourced on GitHub (460+ stars). He is also a member of the DataCon Expert Committee. He is the advisor of Nankai University’s CTF teams and Infomation Security Association, an ACM member, CCF member, and CIC member. He serves as PC for top-tier venues like CCS, IMC, RAID, ACSAC and others like AsiaCCS. His research interests include network security, protocol security, IPv6 security, DNS security, Internet measurement, network & protocol fuzzing, network vulnerability discovery & attack, web security, and underground economy with over 25 research papers. As the first author, he has published many research papers at all top-tier security conferences, including Oakland S&P (2), USENIX Security (1), CCS (2), NDSS (1), and other conferences like DSN. As the corresponding author and co-author, he also published multiple papers in top conferences like USENIX Security, CCS, NDSS, SIGMETRICS, and IMC. He also gets his presentations accepted by top industry security conferences like Black Hat (Asia, USA^2, and Europe^2). He likes to attend talks and workshops like IDS, OARC, and VehicleSec to share his research. He applied for 12 patents (2 authorized and 5 in checking as the first author). He has obtained over 250 CVE/CNVD/CNNVD vulnerability numbers for a variety of influential IPv6 and DNS vulnerabilities, which have impacted over 20 home router vendors and all DNS implementations and resolver vendors. He received acknowledgements and more than $17,100 rewards from those vendors, like Google, Microsoft, Cloudflare, and Akamai; an Austria government CERT daily report; A Sweden government CERT weekly news; A Bournemouth University (BU) CERT news; 100+ news coverage by media such as BleepingComputer. He is working for the improvement of network protocols (related work has been referenced in RFC). He got multiple prizes, such as 2024 ACM SIGSAC China Excellent Doctoral Dissertation Award (1st), 2024 Pwnie Award Nominations for Most Innovative Research (Hacker Oscar), 1st prize of IPv6 Technology Application Innovation Competition, 1st place of GeekCon 2025 DAF Contest, 2nd place of GeekCon 2023 DAF Contest, National Scholarship, Wang Dazhong Scholarship, Tsinghua Outstanding Scholarship, Outstanding Graduate, and Extraordinary Hacker of GeekCon International 2024. As the advisor or competition leader, he instructed the teamers to get the 1st and 3rd prizes of 2025 National College Student Infomation Security Contest, the 2nd prize of 2025 National College Student AI Security Contest, the 2nd prize of 2024 Changcheng Cup, and the 1st and 3rd prizes of 2024/2025 Beijing–Tianjin–Hebei College Student Infomation Security Cyber Attack and Defence Contest.

About openings: I am actively seeking self-motivated Master’s and PhD students, as well as intern researchers, who have a strong interest in network security and privacy, web security, vulnerability discovery, code analysis, reverse engineering, LLM security, and related fields. If you’re interested, please email me your resume. I apologize in advance if you don’t receive a response due to the high volume of inquiries. Thank you!

2026 OPENING, PLEASE FEEL FREE TO CONATCT ME!

Recent News

Interests
  • Network Security
  • Protocol Security
  • IPv6 Security
  • DNS Security
  • Internet Measurement
  • Network & Protocol Fuzzing
  • Network Vulnerability Discovery & Attack
  • Underground Economy
  • Web Security
Education

  • Ph.D. in Cyberspace Security

    2019 -- 2024, Tsinghua University, Advised by Professors Qi Li and Haixin Duan

  • Visiting Scholar

    11/2022 -- 04/2023, University of California, Irvine

  • B.E. in Information Security / LL.B. (Double Major)

    2015 -- 2019, Nankai University

Classes

Teaching

  • 🏫 Software Security (Sophomore). 2025-Spring
  • 🏫 Cutting-edge Technology of Information Security (Sophomore). 2024-Fall, 2025-Fall
  • 🏫 Freshman Seminar (Freshman). 2024-Fall, 2025-Fall
  • 🏫 Internet Architecture and Its Security Fundamentals (Graduate). 2023-Fall (TA)
  • 🏫 Network Protocol Security Design and Analysis (Graduate). 2023-Fall (TA)

Lab

Members

Ph.D.

  • Yuqi Qiu (2025-)

Master

  • Lu Sun (2025-)
  • Zuyao Xu (2025-)

Supervised Students

  • Fasheng Miao from THU (2025-)

Publications

📑 Publications

  • Publications in total: 30

  • Publications at top-tier security venues (17): S&P (‘24a, ‘24b, ‘25, ‘26), NDSS (‘23, ‘24a, ‘24b, ‘24c, ‘25), USENIX Security (‘23a, ‘23b, ‘24a, ‘24b), CCS (‘23a, ‘23b, ‘25a, ‘25b)

  • Publications at other computer science venues/journals (13): DSN (‘21), VehicleSec (‘23), SIGMETRICS (‘23), IMC (‘23, ‘25), IMC Poster (‘25a, ‘25b), NDSS Poster (‘24), ACNS (‘25), SecureComm (‘25), ECAI (‘25), TrustCom (‘25), TOSEM (‘25)

  • Publications as the 1st author (7): S&P (‘24a, ‘24b), NDSS (‘23), USENIX Security (‘23), CCS (‘23, ‘25), DSN (‘21)

  • Publications as the corresponding author (8): S&P (‘26), USENIX Security (‘24), NDSS Poster (‘24), IMC Poster (‘25a, ‘25b), ACNS (‘25), SecureComm (‘25), TrustCom (‘25)

  • Full paper list: Google Scholar, DBLP

Xiang Li, Wei Xu, Baojun Liu, Mingming Zhang, Zhou Li, Jia Zhang, Deliang Chang, Xiaofeng Zheng, Chuhan Wang, Jianjun Chen, Haixin Duan, Qi Li (2024). TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets. In Oakland S&P ‘24. San Francisco, California, May 20–23, 2024. (Acceptance rate: 261/1,466=17.8%, Acceptance rate in first cycle: ??%, Acceptance rate in second cycle: ??%, Acceptance rate in third cycle: ??%).
* ✉ Corresponding authors.
* Presented in OARC 42.
* Referenced by RFC 9520: Negative Caching of DNS Resolution Failures.
* Presented in GeekCon 2024 International.
* Presented in Black Hat USA 2024.
* Got the 2024 Pwnie Award Nominations for Most Innovative Research (Hacker Oscar).

PDF Cite Code Project Poster Slides

See all publications

Projects

Projects and Codes

*
All IPv6 Other
XMap: The Internet Scanner
XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning.
Code Follow Twitter
XMap: The Internet Scanner

Activities

🎡 Part of Activities

  • Academic Conferences: DSN (‘21), CCS (‘22, ‘25), VehicleSec (‘23), NDSS (‘23), USENIX Security (‘23), AEGIS (‘23), IEEE S&P (‘24a, ‘24b)

  • Industrial Conferences: ICANN DNS Symposium (IDS ‘21, ‘22), DNS-OARC (39, 40, 41, 42a, 42b), Black Hat (Asia ‘23, USA ‘23, Europe ‘23, USA ‘24, Europe ‘25), GeekCon (‘23, ‘24.Intl., ‘25), Kanxue SDC (‘23)

Xiang Li
May 25, 2024 9:00 AM — May 26, 2024 9:00 PM OCBC Arena @Singapore Sports Hub
GeekCon International 2024
GeekCon International 2024

In GeekCon International 2024, Prof. Duan and me presented the TuDoor attack and showed a live demo. We got the Extraordinary Hacker honor.

Follow Twitter
See all events

Misc

🏅 Awards

  • The 1st Place (2nd Prize) of GeekCon 2025 DAF Contest. 2023
  • National Typical Examples of IPv6 Address Applications. 2025
  • ACM SIG CHINA Wonderful Keynote Talk. 2025
  • Outstanding Reviewer of Journal of Network and Information Security. 2025
  • ACM SIGSAC China Excellent Doctoral Dissertation Award (1st). 2024
  • Pwnie Award Nominations for Most Innovative Research. 2024
  • Outstanding Graduate of Beijing. 2024
  • Outstanding Ph.D. Graduate of Tsinghua University. 2024
  • Outstanding Graduate of the Institute of Network Science and Cyberspace, Tsinghua University. 2024
  • Outstanding Doctoral Dissertation of Tsinghua University. 2024
  • Tsinghua Graduate “Qihang” Third Prize. 2024
  • Extraordinary Hacker of GeekCon International 2024. 2024
  • Wang Dazhong Scholarship. 2023
  • The 2nd Place (2nd Prize) of GeekCon 2023 DAF Contest. 2023
  • China National Scholarship for Graduate Students. 2023.
  • LongFor Excellent Scholarship. 2023.
  • The 3rd Prize in National IPv6 Technology Application Innovation Competition. 2023.
  • The 1st Prize in IPv6 Technology Application Innovation Competition. 2022.
  • The 3rd Prize in IPv6 Technology Application Innovation Competition. 2022.
  • Tsinghua Outstanding 2rd Scholarship. 2022.
  • Tsinghua Graduate “129” Star. 2020.
  • Outstanding Undergraduate (Tianjin City and Nankai University). 2019.
  • The 3rd Prize in Nankai “Dream+” Innovation and Entrepreneurship Competition, 2018.
  • Nankai Gongneng 1st Scholarship. 2018.
  • Cyber Security Scholarship of China Internet Development Foundation. 2018.
  • The 2nd Prize in National College Student Information Security Contest. 2018.
  • Recognition Award in “Qiang Wang Cup” National Network Security Challenge Online Contest. 2018.
  • The 3rd Prize in National Cryptography Contest, 2017.
  • The Leading Academic Student Researcher of School of Computer and Control Engineering, Nankai University, 2017.
  • China National Scholarship. 2017.
  • Nankai Excellent Student. 2017
  • China National Scholarship. 2016.
  • Nankai Excellent Student. 2016
  • Top scorer in science in the college entrance examination of Fang Cheng County. 2015

🏅 Awards as the Advisor or Competition Leader

🔖 Patents

  • An Efficient Algorithm for Constructing Domain Deep Analysis Dependency Topology Based on Passive Domain Name Resolution Traffic. 2024. In checking.
  • A Method and System for Tracing IPv6 Honeypot Attacks Based on Multi-Prefix Orchestrable Protocol Responses. 2023. In checking.
  • A Technology and Method for Classification Detection and Handling of Unknown Threats in IPv6 Networks Adapting to Layered Attribute Data. 2023. In checking.
  • An Accurate Identification Method for Conditional DNS Resolvers. 2023. In checking.
  • A Domain Cache Injection Technique and Detection Method for Conditional DNS Resolvers. 2023. In checking.
  • A Domain Authorization Consistency Detection Method for DNS Resolvers. 2023. In checking.
  • A Novel Domain Name Generation Algorithm Based on the DNS Resolution Mechanism and Its Detection Method. 2023. In checking.
  • A Fast IPv4 and IPv6 Network Space Probing System Based on Asynchronous Decoupling and Address Randomization Techniques. 2023. In checking.
  • A Combined Passive and Active Approach for Mining Behavior Detection. 2023. In checking.
  • CN202311756105.5: A Method for Rapid Exploration of Large IPv6 Network Assets Combining Active and Passive Approaches. 2025.
  • CN202010547692.7: API Security Detection Methods. 2023.
  • CN202110502369.2: A Fast IPv6 Network Periphery Device Discovery Technique. 2022.

🐞 CNVD/CNNVD/CVE

🙋‍♂️ Reviewers

  • USENIX WOOT ‘26
  • IEEE/IFIP NOMS ‘26
  • ACM SAC ‘26
  • ACM WiSec ‘26
  • ACM CCS ‘26
  • ACM IMC ‘26
  • ACNS ‘26
  • WCNC ‘26
  • TDSC ‘25
  • ACM CCS AE ‘25
  • USENIX Security AE ‘25
  • TIFS ‘25
  • Journal of Computer Sciences and Infomatics ‘25
  • GLOBECOM ‘25
  • ACSAC ‘25
  • RAID ‘25
  • USENIX WOOT ‘25
  • AsiaCCS ‘25
  • ACM IMC ‘25
  • ICICS ‘23
  • TDSC ‘23
  • DTRAP ‘23 * 3
  • SCN ‘22

🙋‍♂️ External Reviewers

  • IwQoS ‘25
  • AsiaCCS ‘23
  • ESF Proposal ‘22
  • NDSS ‘22
  • ICDCS ‘21
  • ESORICS ‘20
  • ICPDAS ‘19

🙋‍♂️ Services

  • Journal of Network and Information Security Editorial Board Member
  • SecureComm ‘25 Publication Chair
  • AEGIS ‘24 Program Co-Chair (3rd AEGIS Symposium on Cyber Security)
  • SecureComm ‘23 Session Chair (couldn’t make it there)
  • ACM member, CCF member, CIC member
  • Member of the CCF Computer Security Professional Committee
  • Member of the Professional Committee on Information Security for Power Industrial Control Systems, China Electrotechnical Society

Contact

Links

For you

💁‍♂️ Chuhan Wang

💁‍♂️ Yuxuan Wang

💁‍♂️ Zili Meng

💁‍♂️ Phoenix Domain

💁‍♂️ MaginotDNS

💁‍ Mingming Zhang

💁‍♂️ Linkai Zheng

💁‍ Qinge Xie

💁‍ Yue Qin

💁‍♂️ TsuKing

💁‍♂️ TuDoor

💁‍♂️ DNSBomb