News

2021

publications
Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks

USENIX Security 2021

Kaiwen Shen , Chuhan Wang , Minglei Guo , Xiaofeng Zheng , Chaoyi Lu , Baojun Liu , Yuxuan Zhao , Shuang Hao , Haixin Duan , Qinfeng Pan , Min Yang .

This work explored the vulnerabilities of the chain-based authentication structure in the email ecosystem. We conducted a large-scale analysis of 30 popular email services and 23 email clients.

2020

hacking
ByteCTF 2020 Final

December 12, 2020

Team: Redbud
Rank: 1
Core Players from NISL: Linkai Zhen , Minglei Guo , Siqi Wang , Chuhan Wang , Hao Wang , Zheming Li , Yuxuan Wang .

hacking
HITCTF 2020

December 05, 2020

Team: Redbud
Rank: 1
Core Players from NISL: Yuxuan Wang , Minglei Guo , Miao Yu , Siqi Wang , Linkai Zhen .

hacking
第二届“补天杯”破解大赛

November 27, 2020

Team: Redbud
Rank: 极客精神奖
Core Players from NISL: Miao Yu , Yuxuan Wang , Huikai Xu .

hacking
WCTF Campus 2020

November 20, 2020

Team: Redbud
Rank: 1
Core Players from NISL: Siqi Wang , Hao Wang , Minglei Guo , Linkai Zheng , Fenglu Zhang .

seminars
HVLearn: Automated Black-box Analysis of Hostname Veriﬁcation in SSL/TLS Implementations

15:10-16:10pm November 19, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Mingming Zhang .

Abstract:

seminars
Cupid: Automatic Fuzzer Selection for Collaborative Fuzzing

14:00-15:10pm November 19, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Sirui Mu .

Abstract:

Select the most complementary base fuzzers for EnFuzz through a simple probabilistic model

seminars
iDEA: Static Analysis on the Security of Apple Kernel Drivers

15:10-16:10pm November 12, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Ming Yuan .

Abstract:

seminars
Privacy Risks of General-Purpose Language Models

14:00-15:10pm November 12, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Mingxuan Liu .

Abstract:

Text embedding from the General Purpose Language Model captures a lot of sensitive information from plain text, which can be reverse-engineered to disclose sensitive information about the victim for further harassment.