Hello, I am Chuhan Wang, a 5th year Ph.D. student at the Network and Information Security Lab (NISL) of Tsinghua University, advised by Prof. Haixin Duan and Assistant Prof. Jianjun Chen. Now, I am a visiting scholar at University of Illinois at Urbana-Champaign, working with Prof. Gang Wang. My research interests include Web Security, Network Security, and Internet Measurement. Currently, I focus on email-related security research. I have published 6 papers at all top-tier academic conferences on network security, including Oakland S&P, USENIX Security, CCS, NDSS. My research results have helped Google, Apple, Yandex, Tencent, Shopee and other well-known Internet companies to fix vulnerabilities. As a member of Redbud, a CTF team belonging to Tsinghua University, I have won the ByteCTF 2020 championship and other CTF awards.

Recent News

  • [02/2024] It’s my pleasure to present our work about SPF vulnerabilities at NDSS 2024, in San Diego.
  • [01/2024] I am a visiting scholar at UIUC now! Let’s meet at UIUC!
  • [11/2023] Our paper about discovering CDN forwarding request inconsistencies got accepted by NDSS 2024. Congrats to Linkai.
  • [10/2023] I was invited to be a Session Chair at Securecomm 2023. Let’s meet in Hong Kong.
  • [8/2023] My paper on bypassing SPF attacks got accepted by NDSS 2024.
  • Email Security
  • Network Security
  • Internet Measurement
  • Web Security
  • Visiting Scholar

    01/2024 -- present, University of Illinois at Urbana-Champaign

  • Ph.D. Candidate in Cyberspace Security

    2019 -- present, Tsinghua University

  • B.E. in Computer Science

    2015 -- 2019, Beijing Jiaotong University


(2024). TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets. In Oakland S&P ‘24. San Francisco, California, May 20–23, 2024. (Acceptance rate: ??).


(2024). ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies and DoS Attacks with Grammar-based Fuzzing. In NDSS ‘24. San Diego, California, 26 February – 1 March, 2024. (Acceptance rate: 140/694=20.2%, Acceptance rate in summer: 41/211=19.4%, Acceptance rate in fall: 99/483=20.5%).

PDF Cite

(2024). BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet. In NDSS ‘24. San Diego, California, 26 February – 1 March, 2024. (Acceptance rate: 140/694=20.2%, Acceptance rate in summer: 41/211=19.4%, Acceptance rate in fall: 99/483=20.5%).

PDF Cite

(2023). Under the Dark: A Systematical Study of Stealthy Mining Pools (Ab)use in the Wild. In CCS ‘23. Copenhagen, Denmark. November 26-30, 2023 (Acceptance rate: 234/1222=19.1%, Acceptance rate in first round: 76/427=17.8%, Acceptance rate in second round: 158/795=19.8%).


(2022). A Large-scale and Longitudinal Measurement Study of DKIM Deployment. In USENIX Security ‘22. BOSTON, MA, USA. August 10–12, 2022. (Acceptance rate: 256/1492=17.2%).

PDF Cite Slides

(2021). Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks. In USENIX Security ‘21. Vancouver, BC, Canada. August 11-13, 2021 (Acceptance rate: 246/1316=18.7%).
ⓘ Both are first authors.

PDF Cite Slides


Projects and Codes

NoSpoofing is a Chrome Extension. It is a UI notification scheme which can alert users that the emails they receive may be spoofing.


🏅 Awards


  • Short-term Visiting Scholarship, Tsinghua University, 2023
  • The 1st Class Outstanding Scholarship, Tsinghua University (2022, 2023)
  • Excellent Undergraduate Award, Beijing Municipal Commission of Education, 2019
  • The 1st Class Scholarship, Beijing Jiaotong University (2016, 2017, 2018)
  • China National Scholarship, 2016


  • The 3rd prize, Hongminggu CTF, 2023
  • The 3rd place, Aliyun CTF, 2023
  • The 2nd place, *CTF, 2021
  • The 2nd place, L3HCTF, 2021
  • 🏆 Champion, The 3rd ByteDance ByteCTF Finals (2020)

🔖 Patents

📝 Services

  • Session Chair of Securecomm, Hong Kong, 2023
  • TA for Class “Network Security Engineering and Practice”, Tsinghua University, 2022
  • TA for Class “Network Security Attack and Defense Practice”, Tsinghua University, 2023
  • TA for Class “Network Protocol Security Design and Analysis”, Tsinghua University, 2023
  • Lecturer for Datacon Summer Camp, 2022,2023

🙋‍♂️ Reviewers

  • Securecomm ‘23

🙋‍♂️ External Reviewers

  • EuroS&P ‘23