李想 | Xiang Li
李想 | Xiang Li
主页
论文
项目
动态
其他
联系
友链
浅色
深色
自动
中文 (简体)
English
1
ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing
在本文中,我们提出了一个全新的工具
ResolverFuzz
用来模糊测试解析器。
Qifan Zhang
,
Xuesong Bai
,
Xiang Li
,
Haixin Duan
,
Qi Li
,
Zhou Li
,
✉ Corresponding authors
引用
代码
项目
TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets
本论文提出了“TuDoor攻击”,通过系统地探索并利用畸形数据包中DNS响应预处理的逻辑漏洞,导致DNS缓存投毒(1秒)、拒绝服务和资源消耗攻击。
Xiang Li
,
Wei Xu
,
Baojun Liu
,
Mingming Zhang
,
Zhou Li
,
Jia Zhang
,
Deliang Chang
,
Xiaofeng Zheng
,
Chuhan Wang
,
Jianjun Chen
,
Haixin Duan
,
Qi Li
引用
项目
BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet
本论文提出了一个名为BreakSPF的攻击框架:攻击者新发现的一种绕过SPF协议并发起电子邮件欺骗攻击的方法。
Chuhan Wang
,
YASUHIRO KURANAGA
,
Yihang Wang
,
Mingming Zhang
,
Linkai Zheng
,
Xiang Li
,
Jianjun Chen
,
Haixin Duan
,
Yanzhong Lin
,
Qingfeng Pan
引用
项目
TsuKing: Coordinating DNS Resolvers and Queries into Potent DoS Amplifiers
In this paper, we present the
TsuKing
attack.
Wei Xu
,
Xiang Li
,
Chaoyi Lu
,
Baojun Liu
,
Jia Zhang
,
Jianjun Chen
,
Tao Wan
,
Haixin Duan
引用
项目
Under the Dark: A Systematical Study of Stealthy Mining Pools (Ab)use in the Wild
In this paper, we present a stealthy mining pool detection system.
Zhenrui Zhang
,
Geng Hong
,
Xiang Li
,
Zhuoqun Fu
,
Jia Zhang
,
Mingxuan Liu
,
Chuhan Wang
,
Jianjun Chen
,
Baojun Liu
,
Haixin Duan
,
Chao Zhang
,
Min Yang
引用
项目
Wolf in Sheep's Clothing: Evaluating the Security Risks of the Undelegated Record on DNS Hosting Services
本文对未授权的DNS记录的普遍性进行了全面的测量。
Fenglu Zhang
,
Yunyi Zhang
,
Baojun Liu
,
Eihal Alowaisheq
,
Lingyun Ying
,
Xiang Li
,
Zaifeng Zhang
,
Ying Liu
,
Haixin Duan
,
Min Zhang
引用
Temporal CDN-Convex Lens: A CDN-Assisted Practical Pulsing DDoS Attack
Temporal CDN-Convex Lens: A CDN-Assisted Practical Pulsing DDoS Attack.
Run Guo
,
Jianjun Chen
,
Yihang Wang
,
Keran Mu
,
Baojun Liu
,
Xiang Li
,
Chao Zhang
,
Haixin Duan
,
Jianping Wu
PDF
引用
项目
The Maginot Line: Attacking the Boundary of DNS Caching Protection
在本文中,我们报告了
MaginotDNS
,这是针对同时充当递归解析器和转发器(称为
CDNS
)的DNS服务器的强大缓存投毒攻击。
Xiang Li
,
Chaoyi Lu
,
Baojun Liu
,
Qifan Zhang
,
Zhou Li
,
Haixin Duan
,
Qi Li
PDF
引用
代码
项目
演示文稿
源文档
DareShark: Detecting and Measuring Security Risks of Hosting-Based Dangling Domains
In this paper, we present a novel framework,
HostingChecker
(
DareShark
), for detecting domain takeovers.
Mingming Zhang
,
Xiang Li
,
Baojun Liu
,
Jianyu Lu
,
Jianjun Chen
,
Yiming Zhang
,
Xiaofeng Zheng
,
Haixin Duan
,
Shuang Hao
PDF
引用
演示文稿
Demo: Ransom Vehicle through Charging Pile
Ransom attacks have attracted widespread attention from researchers, however, there have been relatively few researches on vehicles, especially for electric vehicles (EVs). Such attacks mainly accomplish their purpose by exploiting vulnerabilities of vehicle itself, but often have a narrow attack surface. In this demo with real EVs and public charging piles, we show a new approach, the Charging Pile Ransom Attack (CPRA), that can remotely ransom EVs through the charging connector between EVs and charging piles. Additionally, we design a physical plugin for charging connectors that can extend the EV models affected by the described ransom attack. In this case, the CPRA needs a preparing step to locally install the plugin on the connector.
Shangru Song
,
Hetian Shi
,
Ruoyu Lun
,
Yunchao Guan
,
Xiang Li
,
Jihu Zheng
,
Jianwei Zhuge
PDF
引用
海报
演示文稿
»
引用
×