Xiang Li | 李想
Xiang Li | 李想
Home
Publications
Projects
Activities
Misc
Contact
Links
Light
Dark
Automatic
English
中文 (简体)
1
Temporal CDN-Convex Lens: A CDN-Assisted Practical Pulsing DDoS Attack
Temporal CDN-Convex Lens: A CDN-Assisted Practical Pulsing DDoS Attack.
Run Guo
,
Jianjun Chen
,
Yihang Wang
,
Keran Mu
,
Baojun Liu
,
Xiang Li
,
Chao Zhang
,
Haixin Duan
,
Jianping Wu
Cite
Temporal CDN-Convex Lens: A CDN-Assisted Practical Pulsing DDoS Attack
Temporal CDN-Convex Lens: A CDN-Assisted Practical Pulsing DDoS Attack.
Run Guo
,
Jianjun Chen
,
Yihang Wang
,
Keran Mu
,
Baojun Liu
,
Xiang Li
,
Chao Zhang
,
Haixin Duan
,
Jianping Wu
Aug 9, 2023
CDN
Cite
The Maginot Line: Attacking the Boundary of DNS Caching Protection
In this paper, we report
MaginotDNS
, a powerful cache poisoning attack against DNS servers that simultaneously act as recursive resolvers and forwarders (termed as
CDNS
).
Xiang Li
,
Chaoyi Lu
,
Baojun Liu
,
Qifan Zhang
,
Zhou Li
,
Haixin Duan
,
Qi Li
Cite
Code
Project
Source Document
The Maginot Line: Attacking the Boundary of DNS Caching Protection
In this paper, we report
MaginotDNS
, a powerful cache poisoning attack against DNS servers that simultaneously act as recursive resolvers and forwarders (termed as
CDNS
).
Xiang Li
,
Chaoyi Lu
,
Baojun Liu
,
Qifan Zhang
,
Zhou Li
,
Haixin Duan
,
Qi Li
Aug 9, 2023
DNS
Cite
Code
Project
Source Document
DareShark: Detecting and Measuring Security Risks of Hosting-Based Dangling Domains
In this paper, we present a novel framework,
HostingChecker
(
DareShark
), for detecting domain takeovers.
Mingming Zhang
,
Xiang Li
,
Baojun Liu
,
Jianyu Lu
,
Jianjun Chen
,
Yiming Zhang
,
Xiaofeng Zheng
,
Haixin Duan
,
Shuang Hao
PDF
Cite
DareShark: Detecting and Measuring Security Risks of Hosting-Based Dangling Domains
In this paper, we present a novel framework,
HostingChecker
(
DareShark
), for detecting domain takeovers.
Mingming Zhang
,
Xiang Li
,
Baojun Liu
,
Jianyu Lu
,
Jianjun Chen
,
Yiming Zhang
,
Xiaofeng Zheng
,
Haixin Duan
,
Shuang Hao
Jun 19, 2023
DNS
PDF
Cite
Demo: Ransom Vehicle through Charging Pile
Ransom attacks have attracted widespread attention from researchers, however, there have been relatively few researches on vehicles, especially for electric vehicles (EVs). Such attacks mainly accomplish their purpose by exploiting vulnerabilities of vehicle itself, but often have a narrow attack surface. In this demo with real EVs and public charging piles, we show a new approach, the Charging Pile Ransom Attack (CPRA), that can remotely ransom EVs through the charging connector between EVs and charging piles. Additionally, we design a physical plugin for charging connectors that can extend the EV models affected by the described ransom attack. In this case, the CPRA needs a preparing step to locally install the plugin on the connector.
Shangru Song
,
Hetian Shi
,
Ruoyu Lun
,
Yunchao Guan
,
Xiang Li
,
Jihu Zheng
,
Jianwei Zhuge
PDF
Cite
Poster
Slides
Demo: Ransom Vehicle through Charging Pile
Ransom attacks have attracted widespread attention from researchers, however, there have been relatively few researches on vehicles, especially for electric vehicles (EVs). Such attacks mainly accomplish their purpose by exploiting vulnerabilities of vehicle itself, but often have a narrow attack surface. In this demo with real EVs and public charging piles, we show a new approach, the Charging Pile Ransom Attack (CPRA), that can remotely ransom EVs through the charging connector between EVs and charging piles. Additionally, we design a physical plugin for charging connectors that can extend the EV models affected by the described ransom attack. In this case, the CPRA needs a preparing step to locally install the plugin on the connector.
Shangru Song
,
Hetian Shi
,
Ruoyu Lun
,
Yunchao Guan
,
Xiang Li
,
Jihu Zheng
,
Jianwei Zhuge
Feb 27, 2023
Vehicle
PDF
Cite
Poster
Slides
Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation
In this paper, we propose
Phoenix Domain
, a general and novel attack that allows adversaries to maintain the revoked malicious domain continuously resolvable at scale, which enables an old, mitigated attack, Ghost Domain.
Xiang Li
,
Baojun Liu
,
Xuesong Bai
,
Mingming Zhang
,
Qifan Zhang
,
Zhou Li
,
Haixin Duan
,
Qi Li
PDF
Cite
Code
Project
Slides
Source Document
DOI
Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation
In this paper, we propose
Phoenix Domain
, a general and novel attack that allows adversaries to maintain the revoked malicious domain continuously resolvable at scale, which enables an old, mitigated attack, Ghost Domain.
Xiang Li
,
Baojun Liu
,
Xuesong Bai
,
Mingming Zhang
,
Qifan Zhang
,
Zhou Li
,
Haixin Duan
,
Qi Li
Feb 27, 2023
DNS
PDF
Cite
Code
Project
Slides
Source Document
DOI
»
Cite
×