Filter by type:

. Composition Kills: A Case Study of Email Sender Authentication. In USENIX Security 2020. (To appear)

PDF Code

. CDN Judo : Breaking the CDN DoS Protection with Itself. In NDSS 2020.

PDF Slides

. We Still Don’t Have Secure Cross-Domain Requests: an Empirical Study of CORS. In USENIX Security 2018.

PDF Code Slides Video

. Abusing CDNs for Fun and Profit: Security Issues in CDNs’ Origin Validation. In SDRS 2018.


. Host of Troubles: Multiple Host Ambiguities in HTTP Implementations. In CCS 2016. (Best Paper Nominee)

PDF Slides Video

. Seeking Nonsense, Looking for Trouble: Efficient Promotional-Infection Detection through Semantic Inconsistency Search. In IEEE S&P 2016.


. Forwarding Loop Attacks in Content Delivery Networks. In NDSS 2016. (Distinguished Paper Award)

PDF Slides