Biography

Xiang Li is a 5th-year Ph.D. candidate at the Institute of Network Science and Cyberspace, Tsinghua University, advised by Professors Qi Li and Haixin Duan. He belongs to the Network and Information Security Lab (NISL). He was a visiting scholar at UC Irvine as a project specialist, working with Professor Zhou Li. He is also working as a security research intern at Qi-An-Xin Technology Company. Additionally, he is the author of the fast IPv6 network device scanner XMap, open-sourced on GitHub (265+ stars). His research interests include network security, protocol security, IPv6 security, DNS security, Internet measurement, network & protocol fuzzing, network vulnerability discovery & attack, and underground economy with 12 research papers. As the first author, he has published many research papers at all top-tier security conferences, including Oakland S&P, USENIX Security, CCS, NDSS, and other conferences like DSN. As the corresponding author and co-author, he also published multiple papers in top conferences like USENIX Security, CCS, NDSS, SIGMETRICS, and IMC. He also gets his presentations accepted by top industry security conferences like Black Hat (Asia and USA). He likes to attend talks and workshops like IDS, OARC, and VehicleSec to share his research. He has obtained over 180 CVE/CNVD vulnerability numbers for a variety of influential IPv6 and DNS vulnerabilities, which have impacted over 20 home router vendors and all DNS implementations and resolver vendors. He received acknowledgements and more than $11,600 rewards from those vendors, like Google, Microsoft, Cloudflare, and Akamai; an Austria government CERT daily report; A Sweden government CERT weekly news; A Bournemouth University (BU) CERT news; 60+ news coverage by media such as BleepingComputer. He is working for the improvement of network protocols (related work has been referenced in RFC). He got multiple prizes, such as 1st prize of IPv6 Technology Application Innovation Competition, Tsinghua Outstanding Scholarship, and LongFor Excellent Scholarship.

Recent News

  • [09/2023](Activity) Done 2023 the opening ceremony for Institute of Network Science and Cyberspace as a senior student speaker.
  • [09/2023](Paper) Two minor revision to accepted by NDSS ‘24 Fall. Congrats, Gengen and Linkai!
  • [09/2023](Prize) Got LongFor Excellent Scholarship.
  • [09/2023](Activity) Done TA training as a TA for two classes.
  • [09/2023](Presentation) Done SHUZIHUANYU live talk.
  • [09/2023](Activity) Done 2023 NISL Teacher’s Day celebration with MSF.
  • [09/2023](Presentation) TsuKing Attack presented by Fenglu at DNS OARC 41, cause I couldn’t make it there.
  • [08/2023](Activity) Done 2nd AEGIS workshop talk.
  • [08/2023](Paper) One paper got accepted by USENIX Security ‘24. Congrats, Qifan!
  • [08/2023](Paper) One paper got conditionally accepted by IMC ‘23. Congrats, Fenglu!
  • [08/2023](Activity) Invited to attend 21th BlueHat 2023.
  • [08/2023](Paper) My first Oakland paper got approved by the shepherd.
  • [07/2023](Paper) Minor revision to accepted by NDSS ‘24 Summer. Congrats, Chuhan!
  • [07/2023](Presentation) TsuKing Attack accepted by DNS OARC 41.
  • [07/2023](Activity) Done USENIX Security ‘23 and Black Hat USA 2023 slides. I’ll attend USENIX Security ‘23 in person and couldn’t make it to Black Hat USA 2023 in person. Let’s talk!
  • [07/2023](Paper) My paper got accepted with shepherding by Oakland ‘24 Spring.
  • [07/2023](Paper) One paper got minor revision by NDSS ‘24 Summer. Congrats, Chuhan!
  • [07/2023](Activity) Invited to attend Microsoft’s Security Researcher Celebration Event at Black Hat USA 2023.
  • [07/2023](Activity) 4-5 July, invited to attend APAC DNS Forum 2023 with Mingming, but not make it there.
  • [06/2023](Activity) Got CVE-2023-32020 from Microsoft.
  • [06/2023](Presentation) MaginotDNS Attack accepted by Black Hat USA 2023.
  • [05/2023](Paper) Two papers accepted by CCS ‘23. Congrats, Wei and Zhenrui!
  • [05/2023](Activity) I’ll attend Black Hat Asia 2023 in person. Let’s talk!
  • [04/2023](Activity) Back to THU.
Interests
  • Network Security
  • Protocol Security
  • IPv6 Security
  • DNS Security
  • Internet Measurement
  • Network & Protocol Fuzzing
  • Network Vulnerability Discovery & Attack
  • Underground Economy
Education
  • Ph.D. in Cyberspace Security

    2019 -- Present, Tsinghua University

  • TA for Class "Internet Architecture and Its Security Fundamentals"

    09/2023 -- 01/2024, Tsinghua University

  • TA for Class "Network Protocol Security Design and Analysis"

    09/2023 -- 01/2024, Tsinghua University

  • Visiting Scholar

    11/2022 -- 04/2023, University of California, Irvine

  • B.E. in Information Security / LL.B. (Double Major)

    2015 -- 2019, Nankai University

Publications

📑 Publications

  • Publications in total: 12

  • Publications at top-tier security venues (8): S&P (‘24), NDSS (‘23, ‘24), USENIX Security (‘23a, ‘23b, ‘24), CCS (‘23a, ‘23b)

  • Publications at other computer science venues (4): DSN (‘21), VehicleSec (‘23), SIGMETRICS (‘23), IMC (‘23)

  • Publications as the 1st author (5): S&P (‘24), NDSS (‘23), USENIX Security (‘23), CCS (‘23), DSN (‘21)

  • Publications as the corresponding author (1): USENIX Security (‘24)


(2024). ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing. In Proceedings of the 33rd USENIX Security Symposium. Philadelphia, Pennsylvania, August 14–16, 2024. (Acceptance rate: ??%, Acceptance rate in summer: ??%, Acceptance rate in fall: ??%, Acceptance rate in winter: ??%).
* ✉ Both are corresponding authors.

Cite Code Project

(2024). TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets. In Oakland S&P ‘24. San Francisco, California, May 20–23, 2024. (Acceptance rate: ??%, Acceptance rate in first cycle: ??%, Acceptance rate in second cycle: ??%, Acceptance rate in third cycle: ??%).

Cite Project

(2024). BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet. In NDSS ‘24. San Diego, California, 26 February – 1 March, 2024. (Acceptance rate: ??%, Acceptance rate in summer: 41/211=19.4%, Acceptance rate in fall: ??%).

Cite Project

(2023). TsuKing: Coordinating DNS Resolvers and Queries into Potent DoS Amplifiers. In CCS ‘23. Copenhagen, Denmark, November 26–30, 2023. (Acceptance rate: ??%, Acceptance rate in first round: ??%, Acceptance rate in second round: ??%).
* ⓘ Both are first authors.
* Presented in OARC 41.

Cite Project

(2023). Under the Dark: A Systematical Study of Stealthy Mining Pools (Ab)use in the Wild. In CCS ‘23. Copenhagen, Denmark, November 26–30, 2023. (Acceptance rate: ??%, Acceptance rate in first round: ??%, Acceptance rate in second round: ??%).

Cite Project

(2023). Wolf in Sheep's Clothing: Evaluating the Security Risks of the Undelegated Record on DNS Hosting Services. In IMC ‘23. Montréal, Canada on October 24 - 26, 2023. (Acceptance rate: ??%).

Cite

(2023). Temporal CDN-Convex Lens: A CDN-Assisted Practical Pulsing DDoS Attack. In USENIX Security ‘23. Anaheim, California, August 9–11, 2023. (Acceptance rate: 422/1,444=29.2%, Acceptance rate in summer: 91/388=23.5%, Acceptance rate in fall: 155/531=29.2%, Acceptance rate in winter: 176/525=33.5%).

PDF Cite Slides

(2023). The Maginot Line: Attacking the Boundary of DNS Caching Protection. In USENIX Security ‘23. Anaheim, California, August 9–11, 2023. (Acceptance rate: 422/1,444=29.2%, Acceptance rate in summer: 91/388=23.5%, Acceptance rate in fall: 155/531=29.2%, Acceptance rate in winter: 176/525=33.5%).
* Presented in Black Hat USA 2023.
* 60+ news coverage by media such as BleepingComputer.
* An Austria government CERT daily report.
* A Sweden government CERT weekly news.
* A Bournemouth University (BU) CERT news.

PDF Cite Code Project Slides Source Document

(2023). DareShark: Detecting and Measuring Security Risks of Hosting-Based Dangling Domains. In SIGMETRICS ‘23. Orlando, Florida, June 19-23, 2023. (Acceptance rate: 55/342=16.1%, Acceptance rate in summer: 17/93=18.3%, Acceptance rate in fall: 26/119=21.9%, Acceptance rate in winter: 12/130=9.2%).
* Presented in OARC 40.
* Presented in APAC DNS Forum 2023 by Mr Alban KWAN.

PDF Cite Slides

(2023). Demo: Ransom Vehicle through Charging Pile. In VehicleSec 2023. San Diego, California, Feburary 27, 2023. (Acceptance rate: 32/83=36.0% (overall), 20/49=40.8% (regular), 2/6=33.3% (short), 6/16=37.5% (wpi), and 4/12=33.3% (demos/posters)).

PDF Cite Poster Slides

(2023). Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation. In NDSS ‘23. San Diego, California, 27 February – 3 March, 2023. (Acceptance rate: 94/581=16.2%, Acceptance rate in summer: 36/183=19.7%, Acceptance rate in fall: 58/398=14.6%).
* Presented in OARC 39.
* Presented in ICANN DNS Symposium 2022.
* Presented in Black Hat Asia 2023.
* Referenced by RFC Draft: Delegation Revalidation by DNS Resolvers.

PDF Cite Code Project Slides Source Document DOI

(2021). Fast IPv6 Network Periphery Discovery and Security Implications. In DSN ‘21. Taipei, Taiwan, June 21-24, 2021 (Virtually). (Acceptance rate: 48/279=17.2%).

PDF Cite Code Project Slides Video

Projects

Projects and Codes

*
XMap: The Internet Scanner
XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning.

Activities

🎡 Part of Activities

  • Academic Conferences: DSN (‘21), CCS (‘22), VehicleSec (‘23), NDSS (‘23), USENIX Security (‘23), AEGIS (2nd)

  • Industrial Conferences: ICANN DNS Symposium (IDS ‘21, ‘22), DNS-OARC (39, 40, 41), Black Hat (Asia ‘23, USA ‘23)


SHUZIHUANYU Dajia Talk 2023
SHUZIHUANYU Dajia Talk 2023

In SHUZIHUANYU Dajia Talk 2023 (online class), I presented my MaginotDNS attack.

OARC 41 & ICANN DNS Symposium 2023
OARC 41 & ICANN DNS Symposium 2023

In OARC 41 & ICANN DNS Symposium 2023 (hybrid in-person and online workshop), Fenglu presented our novel TsuKing attack on behalf of me cause I couldn’t make it there.

2nd AEGIS Workshop
2nd AEGIS Workshop

In the 2nd AEGIS Workshop (online workshop), I presented a novel Ghost Domain attack named Phoenix Domain to the audiences.

OARC 40 & NANOG 87 Workshop
OARC 40 & NANOG 87 Workshop

In OARC 40 & NANOG 87 Workshop (hybrid in-person and online workshop), I presented a novel hosting-based domain takeover detection framework DareShark to the audiences.

ICANN DNS Symposium | November 2022
ICANN DNS Symposium | November 2022

In the 5th ICANN DNS Symposium (IDS 2022), I presented my NDSS ‘23 paper Phoenix Domain to the audiences. Discussed with so many enthusiastic question askers.

OARC 39 & 47th CENTR Technical Workshop
OARC 39 & 47th CENTR Technical Workshop

In OARC 39 & 47th CENTR Technical Workshop (hybrid in-person and online workshop), I presented a novel Ghost Domain attack named Phoenix Domain to the audiences.

The Tool Box | XMap
The Tool Box | XMap

In @Pentester Academy TV, I presented the IPv6 network scanner XMap with @DamianGoh13. Watch the video at here. New features are coming.

ICANN DNS Symposium | May 2021
ICANN DNS Symposium | May 2021

In the 4th ICANN DNS Symposium (IDS 2021, virtually), I presented a novel DNS cache poisoning attack (introduced by Xiaofeng Zheng from our lab) to the audiences.

Misc

🏅 Awards

  • LongFor Excellent Scholarship. 2023.
  • The 3rd Prize in National IPv6 Technology Application Innovation Competition. 2023.
  • The 1st Prize in IPv6 Technology Application Innovation Competition. 2022.
  • The 3rd Prize in IPv6 Technology Application Innovation Competition. 2022.
  • Tsinghua Outstanding 2rd Scholarship. 2022.
  • Outstanding Undergraduate. 2019.
  • The 3rd Prize in Nankai “Dream+” Innovation and Entrepreneurship Competition, 2018.
  • Nankai Gongneng 1st Scholarship. 2018.
  • Cyber Security Scholarship of China Internet Development Foundation. 2018.
  • The 2nd Prize in National College Student Information Security Contest. 2018.
  • Recognition Award in “Qiang Wang Cup” National Network Security Challenge Online Contest. 2018.
  • The 3rd Prize in National Cryptography Contest, 2017.
  • The Leading Academic Student Researcher of School of Computer and Control Engineering, Nankai University, 2017.
  • China National Scholarship. 2017.
  • Nankai Excellent Student. 2017
  • China National Scholarship. 2016.
  • Nankai Excellent Student. 2016
  • Top scorer in science in the college entrance examination of Fang Cheng County. 2015

🔖 Patents

  • An Efficient Algorithm for Constructing Domain Deep Analysis Dependency Topology Based on Passive Domain Name Resolution Traffic. 2023. In applying.
  • An Accurate Identification Method for Conditional DNS Resolvers. 2023. In checking.
  • A Domain Cache Injection Technique and Detection Method for Conditional DNS Resolvers. 2023. In checking.
  • A Domain Authorization Consistency Detection Method for DNS Resolvers. 2023. In checking.
  • A Novel Domain Name Generation Algorithm Based on the DNS Resolution Mechanism and Its Detection Method. 2023. In checking.
  • A Fast IPv4 and IPv6 Network Space Probing System Based on Asynchronous Decoupling and Address Randomization Techniques. 2023. In checking.
  • A Combined Passive and Active Approach for Mining Behavior Detection. 2023. In checking.
  • CN202110502369.2: A Fast IPv6 Network Periphery Device Discovery Technique. 2023.

🐞 CNVD/CNNVD/CVE

🙋‍♂️ Reviewers

  • ICICS ‘23
  • TDSC ‘23
  • DTRAP ‘23 * 2
  • SCN ‘22

🙋‍♂️ External Reviewers

  • AsiaCCS ‘23
  • ESF Proposal ‘22
  • NDSS ‘22
  • ICDCS ‘21
  • ESORICS ‘20
  • ICPDAS ‘19

Contact