Sitemap

A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.

Pages

NISL 主页

Homepage of NISL

Posts

Collection: hacking

HITCON CTF 2019 Final

December 15, 2019

hacking @ Taipei New Horizon. No.88, Yanchang Rd., Xinyi Dist., Taipei City 110, Taiwan, China

Team: Tea-Deliverers
Rank: 1, 成功获取 DEFCON CTF 2020 决赛资格。
Core Players from NISL: Baozheng Liu , Kaiwen Shen , Yu Wang , Xingman Chen .

Collection: people

李冠成 (Atum)

Atum 腾讯安全玄武实验室 高级研究员
北京市 海淀区 腾讯北京总部大厦
lgcpku#gmail.com https://github.com/A7um

Guancheng Li (李冠成)

Atum
Senior reseacher, Tencent Security Xuanwu Lab, Tencent Inc.
Tencent Beijing headquarters building, Haidian District, Beijing
lgcpku#gmail.com
https://github.com/A7um

刘煜堃 (Yukun Liu)

阿里巴巴 云智能安全 高级安全工程师
浙江省 杭州市 西湖区 阿里巴巴-飞天园区
eadom666 # gmail#com

Yukun Liu (刘煜堃)

Security Engineer II, Cloud Computing Security Department, Alibaba Inc.
Apsara Park, Xihu District, Hangzhou, Zhejiang
eadom666 # gmail#com

裴中煜 (Zhongyu Pei)

阿里巴巴 猎户座实验室 安全研究员
北京市 朝阳区 阿里中心-望京A座
brieflyx # gmail.com

Zhongyu Pei (裴中煜)

Security reseacher, Orion Security Lab, Alibaba Inc.
Building 9, Block 4, Wangjing East Park, Chaoyang District, Beijing
brieflyx # gmail.com

王琰 (Yan Wang)

华为 未然实验室 安全研究员
北京市 海淀区 实创科技示范园-Q21
wangy0129 # gmail

Yan Wang (王琰)

Security reseacher, WeiRan Lab, Huawei Inc.
Building 21, No.156 Beiqing Road, Haidian District, Beijing
wangy0129 # gmail

Haochen Zeng (曾皓辰)

PhD student, University of California, Riverside.
465 Winston Chung Hall, Department of Computer Science and Engineering, University of California, Riverside
haochen.zeng10 # gmail.com
https://www.linkedin.com/in/haochen-z-a8109439
https://github.com/sgzeng

Evilhex (张少杰)

Security reseacher, Orion Security Lab, Alibaba Inc.
Haidian District, Beijing
zsjevilhex # gmail.com

Chao Zhang (张超)

清华大学 网络研究院 副教授
清华大学FIT楼3-209
chaoz # tsinghua.edu.cn

Chao Zhang (张超)

Associate Professor
FIT 3-209 Tsinghua University, Beijing, China 100084
chaoz # tsinghua.edu.cn

Jia Zhang (张甲)

助理研究员
北京市海淀区清华大学FIT楼4-204,邮编:100084
zhangjia # cernet.edu.cn

Jia Zhang (张甲)

Assistant Resaerch Professor
FIT 4-204 Tsinghua University, Beijing, China 100084
zhangjia # cernet.edu.cn

Baozheng Liu (刘保证)

Third-year master since 2017.
FIT 1-213 Tsinghua University, Beijing, China 100084
uromise # gmail.com

Wende Tan

清华大学 计算机科学与技术系 硕士研究生
北京市清华大学信息科学技术大楼(FIT楼)1-213
twd2 $ 163.com

Wende Tan

Department of Computer Science and Technology, Tsinghua University
FIT 1-213 Tsinghua University, Beijing, China 100084
twd2 $ 163.com

倪远东 (Yuandong Ni)

清华大学 清华大学网络与信息安全实验室 17级硕士研究生
清华大学FIT楼4-204
nyd17#mails.tsinghua.edu.cn

Yuandong Ni (倪远东)

2017 master student of Tsinghua University
FIT 4-204 Tsinghua University, Beijing, China 100084
nyd17 # mails.tsinghua.edu.cn

岳力 (Li Yue)

清华大学 清华大学网络与信息安全实验室 18级硕士研究生
清华大学FIT楼4-206
sscoutxx#gmail.com

Li Yue (岳力)

2018 master student of Tsinghua University
FIT 4-206 Tsinghua University, Beijing, China 100084
sscoutxx#gmail.com

Kun Du

清华大学网络与信息安全实验室,2015级博士研究生
清华大学 FIT楼1-213

Kun Du

Network and Information Security Lab, Tsinghua University, Beijing

Run Guo

清华大学网络与信息安全实验室,2015级博士研究生
清华大学 FIT楼1-213

Run Guo

Network and Information Security Lab, Tsinghua University, Beijing

Kaiwen Shen (沈凯文)

Tsinghua University, Network and Information Security Lab, Ph.D.17, PhD candidate
Tsinghua University FIT Building 1-213
[email protected]
Network and Information Security Lab (NISL)
Institute for Network Science and Cyberspace
CTFer in #Redbud#, #Bluelotus# and #Tea Deliverers#

卢树强 (Roy Lou)

清华大学 清华大学网络与信息安全实验室 18级博士研究生
清华大学FIT楼 1-213

Roy Lou (卢树强)

Tsinghua University
Tsinghua University, Network and Information Security Lab, Ph.D.18, PhD candidate
Tsinghua University FIT Building 1-213

Qi Li (李琦)

副教授
qli01 # tsinghua dot edu dot cn
清华大学FIT大楼1-213

Qi Li (李琦)

Associate Professor
FIT 1-213 Tsinghua University, Beijing, China 100084
qli01 # tsinghua dot edu dot cn

管云超 (Yunchao Guan)

北京邮电大学 网络空间安全学院 2017级本科生
Tea Deliverers 成员 / Nu1L 建立者之一
misty#bupt.edu.cn

Jianwei Zhuge (诸葛建伟)

博士, 副研究员
FIT 4-204, 清华大学, 北京市海淀区, 100084
zhugejw [at] tsinghua -dot- edu -dot- cn
zhugejw [at] cernet -dot- edu -dot- cn

Jianwei Zhuge (诸葛建伟)

Associate Research Professor, Master/Ph.D. Advisor
FIT 4-204, Tsinghua University, Beijing, China 100084
zhugejw [at] tsinghua -dot- edu -dot- cn
zhugejw [at] cernet -dot- edu -dot- cn

Collection: publications

Collection: seminars

对抗文本研究综述

14:00-15:00pm March 05, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Mingxuan Liu .

Abstract:

对抗文本研究综述。

Adversarial Text Generation

14:00-15:00pm March 05, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Mingxuan Liu .

Abstract:

A survey on existing adversarial text generation solutions and defense solutions.

Breaking LTE on Layer Two (Oakland’19)

15:10-16:10pm March 12, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Hui Gao .

Abstract:

分析了LTE协议栈数据链路层存在的漏洞,描述了3种攻击方式。

Breaking LTE on Layer Two (Oakland’19)

15:10-16:10pm March 12, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Hui Gao .

Abstract:

The paper analyzes LTE layer-two security and presents three attacks.

The Broken Broker - MQTT

14:00-15:00pm March 26, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Yue Liu .

Abstract:

Security research on MQTT.

基于搜索引擎的漏洞分布测量

15:10-16:10pm April 09, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Yixiong Wu .

Abstract:

近年关于借助搜索引擎实现网络空间已知漏洞评估的相关研究综述。

NativeX: Native Executioner Freezes Android (ASIACCS’20)

15:10-16:10pm April 16, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Qinsheng Hou .

Abstract:

Android native process can exhaustively monopolize the system resources or the device computing resources in an unconfined manner.

差分隐私简介和研究综述

14:00-15:00pm April 16, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Deliang Chang .

Abstract:

关于差分隐私的简单介绍和相关研究的介绍。

Survey on Differential Privacy

14:00-15:00pm April 16, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Deliang Chang .

Abstract:

Brief introduction to differential privacy and related research.

FuzzGen: Automatic Fuzzer Generation (USENIX’20)

15:10-16:10pm May 07, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Sirui Mu .

Abstract:

本论文提出了一个自动化地为library生成fuzzer,且能够满足library function之间的依赖关系的方案。

FuzzGen: Automatic Fuzzer Generation (USENIX’20)

15:10-16:10pm May 07, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Sirui Mu .

Abstract:

This paper proposes a tool for automatically synthesising fuzzers for complex libraries in a given environment.

IPv6地址发现相关研究

14:00-15:00pm May 07, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Tianyu Gan, Xiang Li .

Abstract:

IPv6地址发现相关安全问题介绍及研究。

基于深度学习的恶意流量检测

15:30-16:30pm May 14, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Shuqiang Lu, Ennan Zheng .

Abstract:

基于深度学习的恶意流量检测综述。

Research on DDoS Attacks

14:00-15:00pm May 21, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Run Guo, Weizhong Li .

Abstract:

Introduction to DDoS Attacks.

Collection: talks

Security Protocols: Model Checking Standards

10:00-11:00am January 15, 2020

academic talk @ FIT Building, Room 3-225, Tsinghua University, Beijing

Speaker: Prof. David Basin, ETH Zurich

Abstract:

The design of security protocols is typically approached as an art, rather than a science, and often with disastrous consequences. But this need not be so! I have been working for ca. 20 years on foundations, methods, and tools, both for developing protocols that are correct by construction and for the post-hoc verification of existing designs. In this talk I will introduce my work in this area and describe my experience analyzing, improving, and contributing to different industry standards, both existing and upcoming.

Security Protocols: Model Checking Standards

10:00-11:00am January 15, 2020

academic talk @ FIT Building, Room 3-225, Tsinghua University, Beijing

Speaker: Prof. David Basin, ETH Zurich

Abstract:

The design of security protocols is typically approached as an art, rather than a science, and often with disastrous consequences. But this need not be so! I have been working for ca. 20 years on foundations, methods, and tools, both for developing protocols that are correct by construction and for the post-hoc verification of existing designs. In this talk I will introduce my work in this area and describe my experience analyzing, improving, and contributing to different industry standards, both existing and upcoming.

Security Risks in Zero Knowledge Proof Cryptocurrencies

14:00-15:00pm April 09, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 彭峙酿,360高级安全专家

Abstract:

零知识证明技术目前被广泛应用于包括以太坊、门罗币、Zcash等多个区块链项目中。但其在实际应用中的安全和隐私隐患并不被大众所熟知。本议题主要通过对门罗币、Zcash上一些安全事件和漏洞的分析,和分享我们发现的一些零知识证明具体实现中的漏洞和隐患,来介绍零知识证明技术在区块链应用中存在的一些安全和隐私问题。

Bio:

彭峙酿博士是360核心安全事业部的高级安全专家。其主要研究方向为应用密码学、软件安全及威胁追踪。博士期间主要研究方向为后量子密码,设计和攻破的多个密码方案。同时彭博士拥有十多年的网络攻防经验,曾发现多个重要系统高危软件安全漏洞;设计并研发了多款数据安全产品。

Security Risks in Zero Knowledge Proof Cryptocurrencies

14:00-15:00pm April 09, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: Zhiniang Peng, Qihoo 360 Core Security

Abstract:

Zero knowledge proof (ZKP) is a security mechanism widely used in blockchains, e.g., Ethereum, Monero and Zcash. However, few attentions have been paid on its security and privacy issues. In this talk, the speaker will share some recent incidents and vulnerabilities in ZKP implementations.

Bio:

Dr. Zhiniang Peng is a senior security researcher at Qihoo 360 Core Security. His research focus lies in crypto, software security and threat analysis. He has found dozens of critical security vulnerabilities in modern systems, and developed several products for protecting data security.

Thoughts on Applying Machine Learning in Security

14:00-15:00pm April 23, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 王思丁,360网络安全研究院

Abstract:

机器学习学科融合了数学中的多个领域,包括统计学、概率论、以及线性代数。机器学习能够深入挖掘大数据价值,被广泛用于电影推荐、饮食及产品购买推荐等各方面。众多大型互联网公司也运用机器学习来改进其产品及服务。将机器学习应用到网络安全已成为近年来安全领域的研究热点,为人们在决策制定、任务执行方面提供建议对策与技术支持,将专业分析人员从复杂度高且耗时巨大的工作中释放。但是,安全领域具有自己独特的数据,场景和应用特征,本次分享主要介绍机器学习在网络安全中的实际应用以及应用过程中我们需要注意的问题。

Bio:

王思丁博士毕业于中国科学院大学,博士期间的主要研究方向是时间序列检验和非参数统计建模。目前是360网络安全研究院的数据分析研究员,主要从事于运用统计学和机器学习对安全领域数据进行建模与分析。

Attack XNU via Userspace Library Hijacking

14:00-15:30pm May 14, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 周智,蚂蚁金服

Abstract:

内存破坏时至今日仍然是漏洞利用的主流战场,而操作系统为了提升安全性也引入了随机化等缓解措施来提高利用门槛。本议题另辟蹊径,仅靠用户态代码劫持的逻辑漏洞,完全避开通用缓解措施,在 macOS High Sierra 上实现 100% 稳定内核提权。更为有趣的是,系统重要的安全机制 sandbox 在这里变成了漏洞利用至关重要的帮凶。

iOS/macOS 漏洞挖掘经验谈之温故知新

14:00-15:30pm June 11, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 王铁磊,盘古

Abstract:

iOS/macOS系统的漏洞挖掘是当前业界的热点。这个议题里我将分享自己在iOS/macOS 安全研究工作中的一些经验和心得,回顾我们在公开报告中埋藏过的一些彩蛋,希望对刚刚进入iOS/macOS系统漏洞挖掘领域的同学有所帮助和启发。

Collection: teaching