1

ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing
在本文中,我们提出了一个全新的工具ResolverFuzz用来模糊测试解析器。
Qifan Zhang, Xuesong Bai, Xiang Li, Haixin Duan, Qi Li, Zhou Li
PDF 引用 代码 项目
ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing
Rethinking the Security Threats of Stale DNS Glue Records
在本文中,我们深入分析了DNS glue records的安全性。
Yunyi Zhang, Baojun Liu, Haixin Duan, Min Zhang, Xiang Li, Fan Shi, Chengxi Xu, Eihal Alowaisheq
PDF 引用 代码 项目
Rethinking the Security Threats of Stale DNS Glue Records
DNSBomb: A New Practical-and-Powerful Pulsing DoS Attack Exploiting DNS Queries-and-Responses
DNSBomb is a new practical and powerful pulsing DoS attack exploiting DNS queries and responses.
Xiang Li, Dashuai Wu, Haixin Duan, Qi Li
PDF 引用 代码 项目 海报 演示文稿
DNSBomb: A New Practical-and-Powerful Pulsing DoS Attack Exploiting DNS Queries-and-Responses
TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets
本论文提出了“突门攻击”,通过系统地探索并利用畸形数据包中DNS响应预处理的逻辑漏洞,导致DNS缓存投毒(1秒)、拒绝服务和资源消耗攻击。
Xiang Li, Wei Xu, Baojun Liu, Mingming Zhang, Zhou Li, Jia Zhang, Deliang Chang, Xiaofeng Zheng, Chuhan Wang, Jianjun Chen, Haixin Duan, Qi Li
PDF 引用 代码 项目 海报 演示文稿
TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets
BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet
本论文提出了一个名为BreakSPF的攻击框架:攻击者新发现的一种绕过SPF协议并发起电子邮件欺骗攻击的方法。
Chuhan Wang, YASUHIRO KURANAGA, Yihang Wang, Mingming Zhang, Linkai Zheng, Xiang Li, Jianjun Chen, Haixin Duan, Yanzhong Lin, Qingfeng Pan
PDF 引用 代码 项目
BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet
Poster: ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing
In this paper, we propose ResolverFuzz to fuzz the resolver.
Qifan Zhang, Xuesong Bai, Xiang Li, Haixin Duan, Qi Li, Zhou Li
PDF 引用 代码 项目
Poster: ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing
ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies with Differential Fuzzing
该文提出一种新的自动化模糊测试工具“ReqsMiner”来发现CDN转发请求的不一致。
Linkai Zheng, Xiang Li, Chuhan Wang, Run Guo, Haixin Duan, Jianjun Chen, Chao Zhang, Kaiwen Shen
PDF 引用
ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies with Differential Fuzzing
Understanding the Implementation and Security Implications of Protective DNS Services
本文分析了Protective DNS的生态系统及其安全问题。
Mingxuan Liu, Yiming Zhang, Xiang Li, Chaoyi Lu, Baojun Liu, Haixin Duan, Xiaofeng Zheng
PDF 引用 代码 项目
Understanding the Implementation and Security Implications of Protective DNS Services
TsuKing: Coordinating DNS Resolvers and Queries into Potent DoS Amplifiers
In this paper, we present the TsuKing attack.
Wei Xu, Xiang Li, Chaoyi Lu, Baojun Liu, Jia Zhang, Jianjun Chen, Tao Wan, Haixin Duan
PDF 引用 代码 项目
TsuKing: Coordinating DNS Resolvers and Queries into Potent DoS Amplifiers
Under the Dark: A Systematical Study of Stealthy Mining Pools (Ab)use in the Wild
In this paper, we present a stealthy mining pool detection system.
Zhenrui Zhang, Geng Hong, Xiang Li, Zhuoqun Fu, Jia Zhang, Mingxuan Liu, Chuhan Wang, Jianjun Chen, Baojun Liu, Haixin Duan, Chao Zhang, Min Yang
PDF 引用 代码 项目
Under the Dark: A Systematical Study of Stealthy Mining Pools (Ab)use in the Wild