Sitemap

A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.

Pages

Posts

Collection: hacking

HITCON CTF 2019 Final

December 15, 2019

hacking @ Taipei New Horizon. No.88, Yanchang Rd., Xinyi Dist., Taipei City 110, Taiwan, China

Team: Tea-Deliverers
Rank: 1, 成功获取 DEFCON CTF 2020 决赛资格。
Core Players from NISL: Baozheng Liu , Kaiwen Shen , Yu Wang , Xingman Chen .

2021 Tianfu Cup

October 16, 2021

Team: Redbud
Rank: Winner's Prize
Core Players from NISL: Junbao Zhou , Hetian Shi , Yuxuan Wang .

L3HCTF 2021

November 13, 2021

Team: Redbud
Rank: 2
Core Players from NISL: 郭明磊 , 王皓 , 王宇轩 , 王思齐 , 郑林楷 , 穆柯橪 , 雷凯翔 , 王楚涵 , 杨雅儒 .

D^3CTF 2022

March 06, 2022

Team: Redbud
Rank: 3
Core Players from NISL: 张一钊 , 杨乾澜 , 穆柯橪 , 郑林楷 , 杨雅儒 , 许哲楠 , 朱舸 , 程佳文 .

D^3CTF 2022

March 06, 2022

Team: Redbud
Rank: 3
Core Players from NISL: 张一钊 , 杨乾澜 , 穆柯橪 , 郑林楷 , 杨雅儒 , 许哲楠 , 朱舸 , 程佳文 .

Hufu CTF 2022

July 22, 2022

Team: Redbud
Rank: 4
Core Players from NISL: 王皓 , 王宇轩 , 王思齐 , 郑林楷 .

AutoDrivingCTF@DEF CON 2022

August 13, 2022

Team: Redbud
Rank: 3
Core Players from NISL: 岳力 , 王皓 , 高子聪 , 张清杰 , 高泽豫 , 王准 .

AutoDrivingCTF@DEF CON 2022

August 13, 2022

Team: Redbud
Rank: 3
Core Players from NISL: 岳力 , 王皓 , 高子聪 , 张清杰 , 高泽豫 , 王准 .

第六届“强网杯”全国网络安全挑战赛

August 21, 2022

Team: Redbud
Rank: 5
Core Players from NISL: 穆柯橪 , 郑林楷 , 任乐图 , 杨雅儒 , 王宇轩 , 郭明磊 , 王皓 , 王思齐 , 高泽豫 , 汪子涵 , 李义申 , 李岩 , 梁越嘉 , 于明杨 .

QWB CTF 2022

August 21, 2022

Team: Redbud
Rank: 5
Core Players from NISL: 穆柯橪 , 郑林楷 , 任乐图 , 杨雅儒 , 王宇轩 , 郭明磊 , 王皓 , 王思齐 , 高泽豫 , 汪子涵 , 李义申 , 李岩 , 梁越嘉 , 于明杨 .

GeekPwn 2022

October 31, 2022

Team: NISL IoT安全研究小组
Rank: 7,卓越极客奖
Core Players from NISL: 伦若愚 , 石贺天 , 管云超 , 宋尚儒 .

GeekPwn 2022

October 31, 2022

Team: NISL IoT安全研究小组
Rank: 7,卓越极客奖
Core Players from NISL: 伦若愚 , 石贺天 , 管云超 , 宋尚儒 .

GeekPwn 2022

November 01, 2022

Team: Redbud
Rank: 6,卓越极客奖
Core Players from NISL: 杨雅儒 , 郑林楷 .

GeekPwn 2022

November 01, 2022

Team: Redbud
Rank: 6,卓越极客奖
Core Players from NISL: 杨雅儒 , 郑林楷 .

DASCTF2022

March 19, 2023

Team: Redbud
Rank: 10,The Third Prize
Core Players from NISL: Yishen Li , Keran Mu , Zihan Wang , Zenan Xu .

Ali Cloud CTF 2023(阿里云CTF 2023)

April 23, 2023

Team: Redbud
Rank: 3,季军
Core Players from NISL: 郑林楷 , 杨雅儒 , 李义申 , 汪乐平 , 汪子涵 , 王宇轩 , 郭明磊 , 穆柯橪 , 王楚涵 , 许哲楠 , 于新雨 .

GreatWall Cup 2023

September 15, 2023

Team: Redbud
Rank: 1,The First Prize
Core Players from NISL: Yishen Li , Leping Wang , Zihan Wang .

Collection: people

Baozheng Liu (刘保证)

Third-year master since 2017.
FIT 1-213 Tsinghua University, Beijing, China 100084
uromise # gmail.com

Kun Du

清华大学网络与信息安全实验室,2015级博士研究生
清华大学 FIT楼1-213

Kun Du

Network and Information Security Lab
Institute for Network Science and Cyberspace, Tsinghua University, Beijing
FIT 1-213 Tsinghua University, Beijing, China 100084

Kaiwen Shen (沈凯文)

Tsinghua University, Network and Information Security Lab, Ph.D.17, PhD candidate
Tsinghua University FIT Building 1-213
[email protected]
Network and Information Security Lab (NISL)
Institute for Network Science and Cyberspace
CTFer in #Redbud#, #Bluelotus# and #Tea Deliverers#

李冠成 (Atum)

Atum 腾讯安全玄武实验室 高级研究员
北京市 海淀区 腾讯北京总部大厦
lgcpku#gmail.com https://github.com/A7um

Guancheng Li (李冠成)

Atum
Senior reseacher, Tencent Security Xuanwu Lab, Tencent Inc.
Tencent Beijing headquarters building, Haidian District, Beijing
lgcpku#gmail.com
https://github.com/A7um

刘煜堃 (Yukun Liu)

阿里巴巴 云智能安全 高级安全工程师
浙江省 杭州市 西湖区 阿里巴巴-飞天园区
eadom666 # gmail#com

Yukun Liu (刘煜堃)

Security Engineer II, Cloud Computing Security Department, Alibaba Inc.
Apsara Park, Xihu District, Hangzhou, Zhejiang
eadom666 # gmail#com

裴中煜 (Zhongyu Pei)

阿里巴巴 猎户座实验室 安全研究员
北京市 朝阳区 阿里中心-望京A座
brieflyx # gmail.com

Zhongyu Pei (裴中煜)

Security reseacher, Orion Security Lab, Alibaba Inc.
Building 9, Block 4, Wangjing East Park, Chaoyang District, Beijing
brieflyx # gmail.com

王琰 (Yan Wang)

华为 未然实验室 安全研究员
北京市 海淀区 实创科技示范园-Q21
wangy0129 # gmail

Yan Wang (王琰)

Security reseacher, WeiRan Lab, Huawei Inc.
Building 21, No.156 Beiqing Road, Haidian District, Beijing
wangy0129 # gmail

Haochen Zeng (曾皓辰)

PhD student, University of California, Riverside.
465 Winston Chung Hall, Department of Computer Science and Engineering, University of California, Riverside
haochen.zeng10 # gmail.com
https://www.linkedin.com/in/haochen-z-a8109439
https://github.com/sgzeng

Evilhex (张少杰)

Security reseacher, Orion Security Lab, Alibaba Inc.
Haidian District, Beijing
zsjevilhex # gmail.com

Baojun Liu (刘保君)

清华大学 网络研究院 助理教授 博士生导师
国家级高层次青年人才,重点研发计划青年科学家项目负责人
清华大学 FIT楼 4-204室
lbj [at] tsinghua -dot- edu -dot- cn

Baojun Liu (刘保君)

Assistant Professor
FIT 4-204, Tsinghua University, Beijing, China 100084
(+86) 130~5153~7959
lbj [at] tsinghua -dot- edu -dot- cn

Chao Zhang (张超)

清华大学 网络研究院副院长 长聘副教授/博导
清华大学 华为冠名副教授,CCF杰出会员
清华大学FIT楼3-209
chaoz # tsinghua.edu.cn

Chao Zhang (张超)

Tenured Associate Professor
Huawei Endowed Professor
FIT 3-209 Tsinghua University, Beijing, China 100084
chaoz # tsinghua.edu.cn

Haixin Duan (段海新)

Professor of the Institute for Network Sciences and Cyberspace, Tsinghua University.
Email: duanhx [AT] tsinghua dot edu dot cn
Office: FIT Building, Room 3-211, Tsinghua University.

Jianjun Chen ( 陈建军)

Assistant Professor, Tsinghua University
FIT 1-213 Tsinghua University, Beijing, China 100084
jianjun [AT] tsinghua.edu.cn

Jia Zhang (张甲)

副研究员
北京市海淀区清华大学FIT楼4-204,邮编:100084
zhangjia # cernet.edu.cn

Jia Zhang (张甲)

Associate Research Professor
FIT 4-204 Tsinghua University, Beijing, China 100084
zhangjia # cernet.edu.cn

Kanghong Cangyong (仓永康弘)

Master(2022), Network and Information Security Lab, Tsinghua University
Room 1-213, FIT Building, Tsinghua University
cykh22 @ mails.tsinghua.edu.cn

邓楚云 (Chuyun Deng)

清华大学 网络与信息安全实验室;硕士研究生(2020级)
清华大学 FIT楼 1-213
dengcy20 # mails.tsinghua.edu.cn

Chuyun Deng (邓楚云)

Master (2020); Network and Information Security Lab, Tsinghua University
1-213 Room, FIT Building, Tsinghua University
dengcy20 # mails.tsinghua.edu.cn

梁越嘉 (Yuejia Liang)

清华大学 网络与信息安全实验室;硕士研究生(2021级)
清华大学 FIT楼 4-204
liangyj21 # mails.tsinghua.edu.cn

Yuejia Liang (梁越嘉)

Master(2021), Network and Information Security Lab, Tsinghua University
Room 4-204, FIT Building, Tsinghua University
liangyj21 # mails.tsinghua.edu.cn

李岩 (Yan Li)

清华大学 网络与信息安全实验室;硕士研究生(2021级)
清华大学 FIT楼 4-206
li-yan21 # mails.tsinghua.edu.cn

Yan Li (李岩)

Master (2021); Network and Information Security Lab, Tsinghua University
4-206 Room, FIT Building, Tsinghua University
li-yan21 # mails.tsinghua.edu.cn

Wende Tan

清华大学 计算机科学与技术系 硕士研究生
北京市清华大学信息科学技术大楼(FIT楼)1-213
twd2 $ 163.com

Wende Tan

Department of Computer Science and Technology, Tsinghua University
FIT 1-213 Tsinghua University, Beijing, China 100084
twd2 $ 163.com

薛镇青 (Zhenqing Xue)

清华大学 网络与信息安全实验室;硕士研究生(2022级)
清华大学 FIT楼 1-213
xuezq22 # mails.tsinghua.edu.cn

Zhenqing Xue (薛镇青)

Master(2022), Network and Information Security Lab, Tsinghua University
Room 1-213, FIT Building, Tsinghua University
xuezq22 # mails.tsinghua.edu.cn

许威 (Wei Xu)

清华大学 网络与信息安全实验室;硕士研究生(2021级)
清华大学 FIT楼 4-206
xu-w21 # mails.tsinghua.edu.cn

Wei Xu (许威)

Master(2021), Network and Information Security Lab, Tsinghua University
Room 4-206, FIT Building, Tsinghua University
xu-w21 # mails.tsinghua.edu.cn

倪远东 (Yuandong Ni)

清华大学 清华大学网络与信息安全实验室 17级硕士研究生
清华大学FIT楼4-204
nyd17#mails.tsinghua.edu.cn

Yuandong Ni (倪远东)

2017 master student of Tsinghua University
FIT 4-204 Tsinghua University, Beijing, China 100084
nyd17 # mails.tsinghua.edu.cn

郑林楷 (Linkai Zheng)

  • 清华大学 网络与信息安全实验室 21 级硕士研究生
  • 清华大学 FIT 楼 1-213
  • zhenglj21 # mails.tsinghua.edu.cn
  • Redbud / Tea Deliverers / Water Paddler 成员

Linkai Zheng (郑林楷)

  • Tsinghua University, Network and Information Security Lab, Master candidate. 2021
  • Tsinghua University FIT Building 1-213
  • zhenglj21 # mails.tsinghua.edu.cn
  • CTFer in Redbud / Tea Deliverers / Water Paddler

郭润

清华大学网络与信息安全实验室,2015级博士研究生
导师 吴建平院士/段海新教授
清华大学 FIT楼1-213
[email protected]

Run Guo

Network and Information Security Lab Institute for Network Science and Cyberspace, Tsinghua University, Beijing 2015 PHD candidate student of Tsinghua University supervised by Prof. Jianpin Wu and Prof. Haixin Duan FIT 1-213 Tsinghua University, Beijing, China 100084

靳子豪 (Zihao Jin)

清华大学计算机科学与技术系 博士研究生
北京市 海淀区 清华大学

郎峙煜 (Zhiyu Lang)

清华大学 网络与信息安全实验室;硕士研究生(2022级)
清华大学 FIT楼 1-213
langsy22 # mails.tsinghua.edu.cn

Zhiyu Lang (郎峙煜)

Master(2022), Network and Information Security Lab, Tsinghua University
Room 1-213, FIT Building, Tsinghua University
langsy22 # mails.tsinghua.edu.cn

陆超逸 (Chaoyi Lu)

清华大学 网络科学与网络空间研究院 博士后
北京市 海淀区 清华大学 FIT楼4-204室
个人主页:https://chaoyi.lu
邮箱:luchaoyi [at] tsinghua.edu.cn

刘明烜 (Mingxuan Liu)

清华大学网络科学与网络空间研究院,网络与信息安全实验室,2018级博士研究生
北京市 海淀区 清华大学 FIT楼4-206
liumx18 # mails.tsinghua.edu.cn
[个人主页](https://www.liumx.net/)

Mingxuan Liu (刘明烜)

Ph.D student, Institute for Network Sciences and Cyberspace, Network and Information Security Lab, Tsinghua University.
FIT 4-206, Tsinghua University, Beijing 100084, P.R.China
liumx18 # mails.tsinghua.edu.cn
[Personal Homepage](https://www.liumx.net/)

王楚涵 (Chuhan Wang)

清华大学 清华大学网络与信息安全实验室 19级博士研究生
北京市 海淀区 清华大学 FIT楼1-213
wch22 [AT] mails.tsinghua.edu.cn
CTF战队Redbud 成员

Chuhan Wang (王楚涵)

2019 Ph.D. Candidate, Network and Information Security Lab, Tsinghua University.
FIT 1-213, Tsinghua University, Beijing 100084, P.R.China
wch22 [AT] mails.tsinghua.edu.cn
CTFer in Redbud

王一航 (Yihang Wang)

清华大学 网络与信息安全实验室 22级博士研究生
北京市 海淀区 双清路 30 号 清华大学 FIT 楼 1-213 室

张丰露 (Fenglu Zhang)

清华大学 网络科学与网络空间研究院 20级博士研究生
清华大学 FIT 楼 1-204
zfl20[At]tsinghua.org.cn
Redbud/Bluelotus/Tea-Devliverers 成员

Fenglu Zhang (张丰露)

Tsinghua University, PhD. candidate in 2020
Tsinghua University FIT Building 1-204
zfl20[At]tsinghua.org.cn
Institute for Network Science and Cyberspace
CTFer in Redbud, Bluelotus and Tea Deliverers

李哲铭 (Li Zheming)

清华大学 清华大学网络与信息安全实验室 20级博士研究生
清华大学FIT楼1-213
lizm20 #at mails.tsinghua.edu.cn

Li Zheming (李哲铭)

2020 Ph.D candidate of Tsinghua University
FIT 2-204 Tsinghua University, Beijing, China 100084
lizm20 #at mails.tsinghua.edu.cn

张一铭 (Yiming Zhang)

清华大学 网络研究院 博士后
北京市 海淀区 清华大学 FIT楼4-204
zhangyiming # tsinghua.edu.cn

Yiming Zhang (张一铭)

Postdoc, Institute for Network Sciences and Cyberspace, Tsinghua University
FIT 4-204, Tsinghua University, Beijing 100084, P.R.China
zhangyiming # tsinghua.edu.cn

Qi Li (李琦)

Associate Professor, Tsinghua University
FIT 1-213 Tsinghua University, Beijing, China 100084

Jianwei Zhuge (诸葛建伟)

博士, 副研究员, CCF杰出会员
FIT 4-204, 清华大学, 北京市海淀区, 100084
zhugejw [at] tsinghua -dot- edu -dot- cn

Collection: projects

XMap: The Internet Scanner

Published:

Abstract

XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning.

教育网挖矿木马安全态势监测

Published:

摘要

教育网挖矿木马安全态势监测,基于CERNET国内互联节点采集的Netflow流量,对教育网环境内的挖矿木马活跃态势进行监测,对其影响与分布进行可视化。 页面功能主要包括:教育网内每日矿池通信连接规模变化,各高校挖矿行为态势统计以及全球矿池地理位置分布等。 我们将长期关注挖矿木马的安全态势,持续更新此页面,为维护教育网的安全积极贡献力量。

Mining Trojan Monitoring of CERNET

Published:

Abstract

Mining Trojan Monitoring of CERNET, by analyzing NetFlow data from CERNET network node, we managed to monitor the network traffic of mining trojans in CERNET, and build a visual monitoring system that can track the distribution of mining behaviors in CERNET. This system provides the geographical distribution of global mining pool addresses, the daily monitoring of mining traffic and the statistics of the mining behaviors of schools and institutions in CERNET. We will pay close attention and continue to update this page for a long time, and actively contribute to the maintenance of the network security of the education network.

Collection: publications

Collection: seminars

Adversarial Text Generation

14:00-15:00pm March 05, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Mingxuan Liu .

Abstract:

A survey on existing adversarial text generation solutions and defense solutions.

The Broken Broker - MQTT

14:00-15:00pm March 26, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Yue Liu .

Abstract:

Security research on MQTT.

基于搜索引擎的漏洞分布测量

15:10-16:10pm April 09, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Yixiong Wu .

Abstract:

近年关于借助搜索引擎实现网络空间已知漏洞评估的相关研究综述。

NativeX: Native Executioner Freezes Android (ASIACCS’20)

15:10-16:10pm April 16, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Qinsheng Hou .

Abstract:

Android native process can exhaustively monopolize the system resources or the device computing resources in an unconfined manner.

差分隐私简介和研究综述

14:00-15:00pm April 16, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Deliang Chang .

Abstract:

关于差分隐私的简单介绍和相关研究的介绍。

Survey on Differential Privacy

14:00-15:00pm April 16, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Deliang Chang .

Abstract:

Brief introduction to differential privacy and related research.

FuzzGen: Automatic Fuzzer Generation (USENIX’20)

15:10-16:10pm May 07, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Sirui Mu .

Abstract:

本论文提出了一个自动化地为library生成fuzzer,且能够满足library function之间的依赖关系的方案。

FuzzGen: Automatic Fuzzer Generation (USENIX’20)

15:10-16:10pm May 07, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Sirui Mu .

Abstract:

This paper proposes a tool for automatically synthesising fuzzers for complex libraries in a given environment.

IPv6地址发现相关研究

14:00-15:00pm May 07, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Tianyu Gan, Xiang Li .

Abstract:

IPv6地址发现相关安全问题介绍及研究。

基于深度学习的恶意流量检测

15:30-16:30pm May 14, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Shuqiang Lu, Ennan Zheng .

Abstract:

基于深度学习的恶意流量检测综述。

Research on DDoS Attacks

14:00-15:00pm May 21, 2020

seminar @ zoom, Tsinghua University, Beijing

Presenters: Run Guo, Weizhong Li .

Abstract:

Introduction to DDoS Attacks.

Machine Unlearning

15:10-16:10pm September 24, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Wenyu Zhu .

Abstract:

提出了针对深度神经网络的遗忘训练方法

Machine Unlearning

15:10-16:10pm September 24, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Wenyu Zhu .

Abstract:

SISA training, a framework designed to achieve the largest improvements for stateful algorithms like stochastic gradient descent for deep neural networks, reduces the computational overhead associated with unlearning.

IMP4GT: IMPersonation Attacks in 4G NeTworks

14:00-15:00pm October 08, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Xiang Li .

Abstract:

利用LTE网络中用户层面流量未被完整性保护的缺陷,可以任意伪造用户设备或者LTE网络进行通信

IMP4GT: IMPersonation Attacks in 4G NeTworks

14:00-15:00pm October 08, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Xiang Li .

Abstract:

A novel IMP4GT attack that completely breaks the mutual authentication of LTE network aim on the user plane.

Rust: Security and Efficiency

15:10-16:10pm October 15, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Sirui Mu .

Abstract:

对 Rust 编程语言的特点、使用场景、基本语言设计以及其实现编译期内存安全和线程安全的方法进行介绍

Rust: Security and Efficiency

15:10-16:10pm October 15, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Sirui Mu .

Abstract:

Introduction to Rust programming language

Topic: Automata Learning

14:00-15:10pm November 05, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Kaiwen Shen .

Abstract:

分享一些利用模型学习对网络协议形式化分析的方法

Topic: Automata Learning

14:00-15:10pm November 05, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Kaiwen Shen .

Abstract:

To simply share an overview of model learning on protocol state fuzzing

英文论文写作技巧

14:00-15:10pm November 12, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Chaoyi Lu .

Abstract:

介绍一些个人常用的英文论文写作技巧

Privacy Risks of General-Purpose Language Models

14:00-15:10pm November 12, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Mingxuan Liu .

Abstract:

通用语言模型中的文本嵌入从纯文本中捕获了大量的敏感信息,可以通过逆向工程来披露受害者的敏感信息,以便进一步骚扰。

Privacy Risks of General-Purpose Language Models

14:00-15:10pm November 12, 2020

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Mingxuan Liu .

Abstract:

Text embedding from the General Purpose Language Model captures a lot of sensitive information from plain text, which can be reverse-engineered to disclose sensitive information about the victim for further harassment.

域名流行度相关论文综述

14:00-15:10pm March 04, 2021

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Qinge Xie .

Abstract:

对域名流行度排名的研究工作进行综述

域名流行度相关论文综述

14:00-15:10pm March 04, 2021

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Qinge Xie .

Abstract:

An overview of domain popularity ranking studies.

NXNSAttack: Recursive DNS Inefficiencies and Vulnerabilities

14:00-15:10pm March 25, 2021

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Xiang Li .

Abstract:

作者提出了一种新型的 DNS DoS 漏洞及对应的攻击,NXNSAttack,即不存在的 NS 记录,比已有的 NXDomain 攻击(Negative cache)危害更大。攻击者通过控制一个 authority,回复不存在 glue 记录的 NS referral 包,将 referral 指向受害者域名,利用 resolver 发起众多的查询来造成放大攻击。

Detecting Probe-resistant Proxies

14:00-15:10pm April 01, 2021

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Tianyu Gao .

Abstract:

对隐蔽代理进行探测与测量

Detecting Probe-resistant Proxies

14:00-15:10pm April 01, 2021

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Tianyu Gao .

Abstract:

Detecting Probe-resistant Proxies

Fuzzing Hardware Like Software

15:10-16:10pm April 01, 2021

seminar @ Tencent Meeting, Tsinghua University, Beijing

Presenters: Zheming Li .

Abstract:

Translate RTL hardware to a software model and fuzz that model

Collection: talks

Security Protocols: Model Checking Standards

10:00-11:00am January 15, 2020

academic talk @ FIT Building, Room 3-225, Tsinghua University, Beijing

Speaker: Prof. David Basin, ETH Zurich

Abstract:

The design of security protocols is typically approached as an art, rather than a science, and often with disastrous consequences. But this need not be so! I have been working for ca. 20 years on foundations, methods, and tools, both for developing protocols that are correct by construction and for the post-hoc verification of existing designs. In this talk I will introduce my work in this area and describe my experience analyzing, improving, and contributing to different industry standards, both existing and upcoming.

Security Risks in Zero Knowledge Proof Cryptocurrencies

14:00-15:00pm April 09, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 彭峙酿,360高级安全专家

Abstract:

零知识证明技术目前被广泛应用于包括以太坊、门罗币、Zcash等多个区块链项目中。但其在实际应用中的安全和隐私隐患并不被大众所熟知。本议题主要通过对门罗币、Zcash上一些安全事件和漏洞的分析,和分享我们发现的一些零知识证明具体实现中的漏洞和隐患,来介绍零知识证明技术在区块链应用中存在的一些安全和隐私问题。

Thoughts on Applying Machine Learning in Security

14:00-15:00pm April 23, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 王思丁,360网络安全研究院

Abstract:

机器学习学科融合了数学中的多个领域,包括统计学、概率论、以及线性代数。机器学习能够深入挖掘大数据价值,被广泛用于电影推荐、饮食及产品购买推荐等各方面。众多大型互联网公司也运用机器学习来改进其产品及服务。将机器学习应用到网络安全已成为近年来安全领域的研究热点,为人们在决策制定、任务执行方面提供建议对策与技术支持,将专业分析人员从复杂度高且耗时巨大的工作中释放。但是,安全领域具有自己独特的数据,场景和应用特征,本次分享主要介绍机器学习在网络安全中的实际应用以及应用过程中我们需要注意的问题。

Attack XNU via Userspace Library Hijacking

14:00-15:30pm May 14, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 周智,蚂蚁金服

Abstract:

内存破坏时至今日仍然是漏洞利用的主流战场,而操作系统为了提升安全性也引入了随机化等缓解措施来提高利用门槛。本议题另辟蹊径,仅靠用户态代码劫持的逻辑漏洞,完全避开通用缓解措施,在 macOS High Sierra 上实现 100% 稳定内核提权。更为有趣的是,系统重要的安全机制 sandbox 在这里变成了漏洞利用至关重要的帮凶。

iOS/macOS 漏洞挖掘经验谈之温故知新

14:00-15:30pm June 11, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 王铁磊,盘古

Abstract:

iOS/macOS系统的漏洞挖掘是当前业界的热点。这个议题里我将分享自己在iOS/macOS 安全研究工作中的一些经验和心得,回顾我们在公开报告中埋藏过的一些彩蛋,希望对刚刚进入iOS/macOS系统漏洞挖掘领域的同学有所帮助和启发。

Revisited AI Security: From Adversarial Attacks to Application and Foundation

14:00-15:30pm July 09, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 纪守领,浙江大学

Abstract:

Recently, AI security has drawn significant attention from the academia and industry. Various kinds of adversarial attacks and defenses spring up like bamboo shoots. Now, considering more and more AI systems have been deployed and are being deployed, it is the time to comprehensively understand what is the performance of the attacks against real world systems? Furthermore, in security-critical applications, in addition to empirical evaluation, how to understand/quantify the security space of deep models is also important. In this talk, based on our previous research, I will introduce some AI security projects, as well as some recent interesting results from the adversarial example transferability and robustness quantification perspectives.

软件漏洞挖掘方法探索

10:00-11:30am August 22, 2020

academic talk @ tencent, Tsinghua University, Beijing

Speaker: 张超,清华大学

Download slides

Abstract:

模糊测试近年来成为安全研究人员的必备的漏洞挖掘工具。实践中最有效的模糊测试工具通常包含种子测试例生成、选择、变异、测试、评估、反馈等多个环节,每个环节都可以被优化改进以提升漏洞挖掘效率。我们通过改进经典模糊测试方案,提出了多个新的漏洞挖掘方案,在四大安全会议发表多篇论文,取得了不错的效果。本次报告中,演讲者将与大家分享其部分研究成果。

PeX: A Permission Check Analysis Framework for Linux Kernel

14:00-15:30pm October 08, 2020

academic talk @ zoom, Tsinghua University, Beijing

Speaker: 申文博,浙江大学

Abstract:

Permission checks play an essential role in operating system security by providing access control to privileged functionalities. However, it is particularly challenging for kernel developers to correctly apply new permission checks and to scalably verify the soundness of existing checks due to the large code base and complexity of the kernel. In fact, Linux kernel contains millions of lines of code with hundreds of permission checks, and even worse its complexity is fast-growing.

On Manually Reverse Engineering Communication Protocols of Linux Based IoT Systems

14:00-15:30pm December 10, 2020

academic talk @ tencent, Tsinghua University, Beijing

Speaker: 凌振(东南大学)

Abstract:

IoT security and privacy has raised grave concerns. Efforts have been made to design tools to identify and understand vulnerabilities of IoT systems. Most of the existing protocol security analysis techniques rely on a well understanding of the underlying communication protocols. In this talk, we systematically present the first manual reverse engineering framework for discovering communication protocols of embedded Linux based IoT systems. We have successfully applied our framework to reverse engineer a number of IoT systems. The discovered protocols expose severe design flaws that allow attackers to control or deny the service of victim IoT devices. Our manual reverse engineering framework is generic and can be applied to both read-only and writable Embedded Linux filesystems.

软件供应链视角下的漏洞攻防

14:00-15:30pm May 13, 2021

academic talk @ 腾讯会议, Tsinghua University, Beijing

Speaker: 张源(复旦大学)

Abstract:

漏洞攻防是软件安全领域的经典研究主题。然而,随着软件行业的飞速发展,软件的研发过程已经演进为上下游紧密依赖的软件供应链模式。在软件供应链生态中,下游软件系统的漏洞管理和防护非常重要,但是却存在诸多挑战。本次报告将从漏洞的修复评估方法出发,系统性的介绍软件供应链视角下漏洞攻防研究面临的若干困难并分享目前已取得的一些初步进展。

软硬协同的系统隔离机制

14:00-15:30pm May 20, 2021

academic talk @ 腾讯会议, Tsinghua University, Beijing

Speaker: 夏虞斌(上海交通大学)

Abstract:

CPU厂商不断推出新的硬件安全与隔离的特性,Intel在最近6年发布的相关特性数量已经超过了之前的总和,利用好这些特性需要软硬件协同的设计。本次报告首先介绍了系统隔离机制作为信息产业基础设施,在云端、移动端等场景下对故障隔离和数据保护的基础性作用,然后介绍底层相关软硬件的发展现状、面临的挑战与机遇,最后介绍我们应对这些挑战所作的一些研究工作,包括已开源的RISC-V平台Enclave系统——“蓬莱”等。

实用型可搜索加密被动式攻击方法

14:00-15:30pm June 10, 2021

academic talk @ tencent, Tsinghua University, Beijing

Speaker: 宁建廷(福建师范大学)

Abstract:

实用型可搜索加密在允许一定信息泄露的前提下实现了对存储在云端密态数据的高效搜索。当前实用型密态数据搜索应用系统(如ShadowCrypt等)的构建主要基于一种名为“efficiently deployable, efficiently searchable encryption”(EDESE)的可搜索加密方案。针对EDESE方案所泄露的信息,本报告将介绍一种针对此类信息泄露的新型被动式攻击方法,进一步揭露了实用型可搜索加密信息泄露的危害。

Collection: teaching