Xiang Li is a 5th-year Ph.D. candidate at the Institute of Network Science and Cyberspace, Tsinghua University, advised by Professors Qi Li and Haixin Duan. He belongs to the Network and Information Security Lab (NISL). He was a visiting scholar at UC Irvine as a project specialist, working with Professor Zhou Li. He is also working as a security research intern at Qi-An-Xin Technology Company. Additionally, he is the author of the fast IPv6 network device scanner XMap, open-sourced on GitHub (290+ stars). His research interests include network security, protocol security, IPv6 security, DNS security, Internet measurement, network & protocol fuzzing, network vulnerability discovery & attack, and underground economy with 15 research papers. As the first author, he has published many research papers at all top-tier security conferences, including Oakland S&P (2), USENIX Security (1), CCS (1), NDSS (1), and other conferences like DSN. As the corresponding author and co-author, he also published multiple papers in top conferences like USENIX Security, CCS, NDSS, SIGMETRICS, and IMC. He also gets his presentations accepted by top industry security conferences like Black Hat (Asia, USA, and Europe). He likes to attend talks and workshops like IDS, OARC, and VehicleSec to share his research. He has obtained over 180 CVE/CNVD vulnerability numbers for a variety of influential IPv6 and DNS vulnerabilities, which have impacted over 20 home router vendors and all DNS implementations and resolver vendors. He received acknowledgements and more than $11,600 rewards from those vendors, like Google, Microsoft, Cloudflare, and Akamai; an Austria government CERT daily report; A Sweden government CERT weekly news; A Bournemouth University (BU) CERT news; 60+ news coverage by media such as BleepingComputer. He is working for the improvement of network protocols (related work has been referenced in RFC). He got multiple prizes, such as 1st prize of IPv6 Technology Application Innovation Competition, Tsinghua Outstanding Scholarship, LongFor Excellent Scholarship, National Scholarship, and 2nd prize of GeekCon 2023 DAF Contest.

Recent News

• [10/2023](Paper) My second Oakland paper got accepted with shepherding.
• [10/2023](Paper) One paper got accepted by NDSS ‘24 Fall. Congrats, Linkai!
• [10/2023](Presentation) Qifan shared our ResolverFuzzing work in SHUZIHUANYU.
• [10/2023](Competition) Our Zero-day vulnerability got the 2nd prize of GEEKCON 2023 DAF Contest! I showed this attack there with Dashuai.
• [10/2023](Presentation) Prof. Duan shared our MaginotDNS attack in KANXUE 2023 SDC.
• [10/2023](Activity) Invited to be the SecureComm ‘23 session chair, but couldn’t make it there due to GEEKCON 2023.
• [10/2023](Paper) One paper got accepted by NDSS ‘24 Fall. Congrats, Gengen!
• [09/2023](Presentation) TsuKing Attack accepted by Black Hat Europe 2023.
• [09/2023](Competition) Our Zero-day vulnerability got accepted by GEEKCON 2023. Hope to see u there!
• [09/2023](Activity) Done 2023 the opening ceremony for Institute of Network Science and Cyberspace as a senior student speaker.
• [09/2023](Paper) Two minor revision to accepted by NDSS ‘24 Fall. Congrats, Gengen and Linkai!
• [09/2023](Prize) Got LongFor Excellent Scholarship.
• [09/2023](Activity) Done TA training as a TA for two classes.
• [09/2023](Presentation) Done SHUZIHUANYU live talk.
• [09/2023](Activity) Done 2023 NISL Teacher’s Day celebration with MSF.
• [09/2023](Presentation) TsuKing Attack presented by Fenglu at DNS OARC 41, cause I couldn’t make it there.