1

Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks

As a fundamental communicative service, email is playing an important role in both individual and corporate communications, which also makes it one of the most frequently attack vectors. An email’s authenticity is based on an authentication chain …

Talking with Familiar Strangers: An Empirical Study on HTTPS Context Confusion Attacks

We discovered a new HTTPS hijacking attack method and won the GeekPwn International Championship

CDN Backfired: Amplification Attacks Based on HTTP Range Requests

Content Delivery Networks (CDNs) aim to improve network performance and protect against web attack traffic for their hosting websites. And the HTTP range request mechanism is majorly designed to reduce unnecessary network transmission. However, we …

CDN judo: Breaking the cdn dos protection with itself

Content Delivery Network (CDN) improves the websites' accessing performance and availability with its globally distributed network infrastructures, which contributes to the flourish of CDN-powered websites on the Internet. As CDN-powered websites are …