News

publications
ROLoad: Securing Sensitive Operations with Pointee Integrity

DAC 2021

Wende Tan , Yuan Li , Chao Zhang , Xingman Chen , Songtao Yang , Ying Liu , Jianping Wu .

Protect sensitive operations with hardware support.

publications
VScape: Assessing and Escaping Virtual Call Protections

USENIX Security 2021

Kaixiang Chen , Chao Zhang , Tingting Yin , Xingman Chen , Lei Zhao .

Bypass virtual protections towards AEG.

publications
Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems

USENIX Security 2021

Libo Chen , Yanhao Wang , Quanpu Cai , Yunfan Zhan , Hong Hu , Jiaqi Linghu , Qinsheng Hou , Chao Zhang , Haixin Duan , Zhi Xue .

Finding vulnerabilities in embedded systems

publications
MAZE: Towards Automated Heap Feng Shui

USENIX Security 2021

Yan Wang , Chao Zhang , Zixuan Zhao , Bolun Zhang , Xiaorui Gong , Wei Zou .

Manipulate heap layouts automatically.

publications
Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks

USENIX Security 2021

Kaiwen Shen , Chuhan Wang , Minglei Guo , Xiaofeng Zheng , Chaoyi Lu , Baojun Liu , Yuxuan Zhao , Shuang Hao , Haixin Duan , Qinfeng Pan , Min Yang .

This work explored the vulnerabilities of the chain-based authentication structure in the email ecosystem. We conducted a large-scale analysis of 30 popular email services and 23 email clients.

publications
Code is the (F)Law: Demystifying and Mitigating Blockchain Inconsistency AttacksCaused by Software Bugs

INFOCOM 2021

Guorui Yu , Shibin Zhao , Chao Zhang , Zhiniang Peng , Yuandong Ni , Xinhui Han .

Exploit vulnerabilities in blockchains

publications
POP and PUSH: Demystifying and Defending against (Mach) Port-Oriented Programming

NDSS 2021

Min Zheng , Xiaolong Bai , Yajin Zhou , Chao Zhang , Fuping Qu .

Mitigate port-oriented programming attacks for macOS

publications
Argot: Generating Adversarial Readable Chinese Texts

IJCAI 2021 , download

Zihan Zhang , Mingxuan Liu , Chao Zhang , Yiming Zhang , Zhou Li , Qi Li , Haixin Duan , Donghong Sun .

Generate adversarial Chinese texts with Glyph and Pinyin mutation.

hacking
ByteCTF 2020 Final

December 12, 2020

Team: Redbud
Rank: 1
Core Players from NISL: Linkai Zheng , Minglei Guo , Siqi Wang , Chuhan Wang , Hao Wang , Zheming Li , Yuxuan Wang .

hacking
HITCTF 2020

December 05, 2020

Team: Redbud
Rank: 1
Core Players from NISL: Yuxuan Wang , Minglei Guo , Miao Yu , Siqi Wang , Linkai Zheng .

hacking
第二届“补天杯”破解大赛

November 27, 2020

Team: Redbud
Rank: 极客精神奖
Core Players from NISL: Miao Yu , Yuxuan Wang , Huikai Xu .

hacking
WCTF Campus 2020

November 20, 2020

Team: Redbud
Rank: 1
Core Players from NISL: Siqi Wang , Hao Wang , Minglei Guo , Linkai Zheng , Fenglu Zhang .

seminars
HVLearn: Automated Black-box Analysis of Hostname Verification in SSL/TLS Implementations

15:10-16:10pm November 19, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Mingming Zhang .

Abstract:

seminars
Cupid: Automatic Fuzzer Selection for Collaborative Fuzzing

14:00-15:10pm November 19, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Sirui Mu .

Abstract:

seminars
iDEA: Static Analysis on the Security of Apple Kernel Drivers

15:10-16:10pm November 12, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Ming Yuan .

Abstract: