Abstract
A new 0-day vulnerability can be exploited to perform the most powerful-ever pulsing DoS attack, which is resulted from the DNS protocol design.
In GeekCon 2023, I presented our 0-day vulnerability to conduct pulsing DoS attack with Dashuai. We got the 2nd prize of GeekCon 2023 DAF (Defense & Attack Force) Contest. Our colleagues got two Winner prizes and the 1st prize of AVSS contest.
Moments
Xiang Li
Ph.D. Candidate in Cyberspace Security (Tsinghua University)
Xiang Li is a 5th-year Ph.D. candidate at the Institute of Network Science and Cyberspace, Tsinghua University, advised by Professors Qi Li and Haixin Duan. His research interests include network security, protocol security, IPv6 security, DNS security, Internet measurement, network & protocol fuzzing, network vulnerability discovery & attack, and underground economy with 17 research papers. As the first author, he has published many research papers at all top-tier security conferences, including Oakland S&P, USENIX Security, CCS, NDSS, and Black Hat (Asia, USA, and Europe). He has obtained over 190 CVE/CNVD vulnerability numbers, more than $11,600 rewards, 306+ GitHub stars, multiple CERT reports, 60+ news coverage, and RFC acknowledgement. He got multiple prizes, such as 1st prize of IPv6 Technology Application Innovation Competition, 2nd prize of GeekCon 2023 DAF Contest, National Scholarship, Wang Dazhong Scholarship, and Tsinghua Outstanding Scholarship.