Chuhan Wang | 王楚涵
Chuhan Wang | 王楚涵
Home
Publications
Projects
Activities
Misc
Contact
Links
Light
Dark
Automatic
1
TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets
This paper proposes the TuDoor Attack, by systematically exploring and exploiting logic vulnerabilities in DNS response pre-processing with malformed packets, leading to DNS cache poisoning (1s), denial-of-service, and resource consuming attacks.
Xiang Li
,
Wei Xu
,
Baojun Liu
,
Mingming Zhang
,
Zhou Li
,
Jia Zhang
,
Deliang Chang
,
Xiaofeng Zheng
,
Chuhan Wang
,
Jianjun Chen
,
Haixin Duan
,
Qi Li
Cite
ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies and DoS Attacks with Grammar-based Fuzzing
This work proposes a new semi-automated fuzzing framework “ReqsMiner” to discover CDN forwarding request inconsistencies.
Linkai Zheng
,
Xiang Li
,
Chuhan Wang
,
Run Guo
,
Haixin Duan
,
Jianjun Chen
,
Chao Zhang
,
Kaiwen Shen
PDF
Cite
BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet
This work proposes a BreakSPF attack framework, a newly discovered method for attackers to bypass the SPF protocol and launch email spoofing attacks.
Chuhan Wang
,
Yasuhiro Kuranaga
,
Yihang Wang
,
Mingming Zhang
,
Linkai Zheng
,
Xiang Li
,
Jianjun Chen
,
Haixin Duan
,
Yanzhong Lin
,
Qingfeng Pan
PDF
Cite
Under the Dark: A Systematical Study of Stealthy Mining Pools (Ab)use in the Wild
In this paper, we present a stealthy mining pool detection system. More details coming soon.
Zhenrui Zhang
,
Geng Hong
,
Xiang Li
,
Zhuoqun Fu
,
Jia Zhang
,
Mingxuan Liu
,
Chuhan Wang
,
Jianjun Chen
,
Baojun Liu
,
Haixin Duan
,
Chao Zhang
,
Min Yang
Cite
A Large-scale and Longitudinal Measurement Study of DKIM Deployment
In this paper, we provide a large-scale and longitudinal measurement study on how well DKIM is deployed and managed. Our measurement results show that 28.1% of Alexa Top 1 million domains have enabled DKIM, of which 2.9% are misconfigured. We demonstrate that the issues of DKIM key management and DKIM signatures are prevalent in the real world, even for well-known email providers (e.g., Gmail and Mail.ru).
Chuhan Wang
,
Kaiwen Shen
,
Minglei Guo
,
Yuxuan Zhao
,
Mingming Zhang
,
Jianjun Chen
,
Baojun Liu
,
Xiaofeng Zheng
,
Haixin Duan
,
Yanzhong Lin
,
Qingfeng Pan
PDF
Cite
Slides
Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks
This paper systematically analyzes the transmission of an email and identifies a series of new attacks capable of bypassing SPF, DKIM, DMARC and user-interface protections. We conduct a largescale experiment on 30 popular email services and 23 email clients, and find that all of them are vulnerable to certain types of new attacks.
Kaiwen Shen
,
Chuhan Wang
,
Minglei Guo
,
Xiaofeng Zheng
,
Chaoyi Lu
,
Baojun Liu
,
Yuxuan Zhao
,
Shuang Hao
,
Haixin Duan
,
Qingfeng Pan
,
Min Yang
PDF
Cite
Slides
Cite
×