1

This paper proposes the TuDoor Attack, by systematically exploring and exploiting logic vulnerabilities in DNS response pre-processing with malformed packets, leading to DNS cache poisoning (1s), denial-of-service, and resource consuming attacks.

This work proposes a new semi-automated fuzzing framework “ReqsMiner” to discover CDN forwarding request inconsistencies.

This work proposes a BreakSPF attack framework, a newly discovered method for attackers to bypass the SPF protocol and launch email spoofing attacks.

In this paper, we report MaginotDNS, a powerful cache poisoning attack against DNS servers that simultaneously act as recursive resolvers and forwarders (termed as CDNS).

In this paper, we present a stealthy mining pool detection system. More details coming soon.

In this paper, we propose Phoenix Domain, a general and novel attack that allows adversaries to maintain the revoked malicious domain continuously resolvable at scale, which enables an old, mitigated attack, Ghost Domain.

In this paper, we provide a large-scale and longitudinal measurement study on how well DKIM is deployed and managed. Our measurement results show that 28.1% of Alexa Top 1 million domains have enabled DKIM, of which 2.9% are misconfigured. We demonstrate that the issues of DKIM key management and DKIM signatures are prevalent in the real world, even for well-known email providers (e.g., Gmail and Mail.ru).

This paper systematically analyzes the transmission of an email and identifies a series of new attacks capable of bypassing SPF, DKIM, DMARC and user-interface protections. We conduct a largescale experiment on 30 popular email services and 23 email clients, and find that all of them are vulnerable to certain types of new attacks.

本工作从全新的扫描角度出发，提出了一种新型的IPv6网络扫描技术，用于发现位于网络拓扑中重要位置的IPv6网络边界设备，同时设计并实现了全新的IPv6网络扫描器：XMap，可被用来进行大规模的扫描探测工作。通过利用XMap，本工作在若干个运营商的网络环境下发现了数以千万计的IPv6网络边界设备，并对其暴露的关键网络服务进行了深入的安全分析。此外，利用XMap，本工作发现了一个普遍存在的通用型路由循环漏洞（影响数十家路由器厂商），申请到了多于109个漏洞编号，并向厂商提供了合理的披露和有效的修复方案。