Protocol-Security

Cross-Origin Web Attacks via HTTP/2 Server Push and Signed HTTP Exchange
In this paper, we investigate the security implications of HTTP/2 server push and signed HTTP exchange (SXG) on the Same-Origin Policy …
Pinji Chen, Jianjun Chen, Mingming Zhang, 汪琦 (Eki), Yiming Zhang, Mingwei Xu, Haixin Duan
PDF
Inbox Invasion: Exploiting MIME Ambiguities to Evade Email Attachment Detectors
Email attachments have become a favored delivery vector for malware campaigns. In response, email attachment detectors are widely …
Jiahe Zhang, Jianjun Chen, 汪琦 (Eki), Hangyu Zhang, Chuhan Wang, Jianwei Zhuge, Haixin Duan
PDF 引用 DOI Blackhat ASIA 2025
Break the Wall from bottom: Automated Discovery of Protocol-Level Evasion Vulnerabilities in Web Application Firewalls
Web Application Firewalls (WAFs) are a crucial line of defense against web-based attacks. However, an emerging threat comes from …
汪琦 (Eki), Jianjun Chen, Zheyu Jiang, Run Guo, Ximeng Liu, Chao Zhang, Haixin Duan
PDF 引用 DOI