Mingming Zhang

Assistant Researcher in ZGC Lab

Network and Information Security Lab (NISL)

I am an Assistant Researcher at Zhongguancun Laboratory, Beijing. I received my Ph.D. from Network and Information Security Lab (NISL) at Tsinghua University (advised by Prof. Haixin Duan) in 2023.

My research focuses on measuring and enhancing the security of Internet infrastructure (DNS, Web PKI, CDN, etc.), uncovering significant vulnerabilities in core protocols (DNS, HTTP, TLS, etc.), and understanding emerging cyberspace security threats.

News:

[Jun. 2025] Paper about DNS centralization measurement accepted to DSN 2025 (Italy). Congrats to Qihang!

Interests

Network Security
Protocol Security
Web PKI
DNS

Education

Ph.D. in Network Security, 2023
Tsinghua University
B.E. in Information Security / LL.B. (Double Major), 2018
Nankai University

Publications

Posters & Publications

Qihang Peng, Mingming Zhang, Deliang Chang, Jia Zhang, Baojun Liu, Haixin Duan (2025). Decoding DNS Centralization: Measuring and Identifying NS Domains Across Hosting Providers. In DSN 2025.

PDF

Xiang Li, Mingming Zhang, Zuyao Xu, Fasheng Miao, Yuqi Qiu, Baojun Liu, Jia Zhang, Xiaofeng Zheng, Haixin Duan, Zheli Liu, Yunhai Zhang, Dunqiu Fan (2025). RebirthDay Attack: Reviving DNS Cache Poisoning with the Birthday Paradox. ACM CCS, 2025. To appear.

Pinji Chen, Jianjun Chen, Mingming Zhang, Qi Wang, Yiming Zhang, Mingwei Xu, Haixin Duan (2024). Cross-Origin Web Attacks via HTTP/2 Server Push and Signed HTTP Exchange. In NDSS 2025. San Diego, California, 24 February – 28 February, 2025..

PDF

Yunyi Zhang, Mingming Zhang, Baojun Liu, Zhan Liu, Jia Zhang, Haixin Duan, Min Zhang, Fan Shi, Chengxi Xu (2024). Cross the Zone: Toward a Covert Domain Hijacking via Shared DNS Infrastructure. In Usenix Security ‘23. Philadelphia, PA, USA, August 14-16, 2024. (Acceptance rate: 417/2276=18.32%).
* Presented in OARC 43 by Yunyi Zhang.

PDF Slides

Xiang Li, Wei Xu, Baojun Liu, Mingming Zhang, Zhou Li, Jia Zhang, Deliang Chang, Xiaofeng Zheng, Chuhan Wang, Jianjun Chen, Haixin Duan, Qi Li (2024). TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets. In Oakland S&P 2024. San Francisco, California, May 20–23, 2024. (Acceptance rate: 261/1,466=17.8%).

PDF Poster Slides Source Document

Chuhan Wang, YASUHIRO KURANAGA, Yihang Wang, Mingming Zhang, Linkai Zheng, lixiang, Jianjun Chen, Haixin Duan, Yanzhong Lin, Qingfeng Pan (2024). BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet. In NDSS ‘24. San Diego, California, 26 February – 1 March, 2024. (Acceptance rate: 104/694=15.0%, Acceptance rate in summer: 41/211=19.4%, Acceptance rate in fall: 63/483=13.0%).

PDF

Xiang Li, Baojun Liu, Xuesong Bai, Mingming Zhang, Qifan Zhang, Zhou Li, Haixin Duan, Qi Li (2023). Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation. In NDSS ‘23. San Diego, California, 27 February – 3 March, 2023. (Acceptance rate: 94/581=16.2%).
* Presented in OARC 39.
* Presented in ICANN DNS Symposium 2022.
* Presented in Black Hat Asia 2023.
* Referenced by RFC Draft: Delegation Revalidation by DNS Resolvers.

PDF Code Project Slides DOI

Mingming Zhang, Xiang Li, Baojun Liu, Jianyu Lu, Yiming Zhang, Jianjun Chen, Haixin Duan, Shuang Hao, Xiaofeng Zheng (2022). Detecting and Measuring Security Risks of Hosting-Based Dangling Domains. In SIGMETRICS ‘23. Orlando, Florida, June 19-23, 2023. (Acceptance rate: 55/342=16.1%, Acceptance rate in summer: 17/93=18.3%, Acceptance rate in fall: 26/119=21.9%, Acceptance rate in winter: 12/130=9.2%).
* Presented in OARC 40.
* Presented in APAC DNS Forum 2023 by Mr Alban KWAN.

PDF Code Project Slides

Chuhan Wang, Kaiwen Shen, Minglei Guo, Yuxuan Zhao, Mingming Zhang, Jianjun Chen, Baojun Liu, Xiaofeng Zheng, Haixin Duan, Yanzhong Lin, Qingfeng Pan (2022). A Large-scale and Longitudinal Measurement Study of DKIM Deployment. In Usenix Security 2022.

PDF

Yiming Zhang, Mingxuan Liu, Mingming Zhang, Chaoyi Lu, Haixin Duan (2022). Ethics in Security Research: Visions, Reality, and Paths Forward. In EthiCS 2022.

PDF

Kaiwen Shen, Jianyu Lu, Yaru Yang, Jianjun Chen, Mingming Zhang, Haixin Duan, Jia Zhang, Xiaofeng Zheng (2022). HDiff: A Semi-automatic Framework for Discovering Semantic Gap Attack in HTTP Implementations. In DSN 2022.

PDF

Mingming Zhang, Xiaofeng Zheng, Kaiwen Shen, Ziqiao Kong, Chaoyi Lu, Yu Wang, Haixin Duan, Shuang Hao, Baojun Liu, Min Yang (2020). Talking with Familiar Strangers: An Empirical Study on HTTPS Context Confusion Attacks. In CCS 2020.

PDF Slides

Chaoyi Lu, Baojun Liu, Zhou Li, Shuang Hao, Haixin Duan, Mingming Zhang, Chunying Leng, Ying Liu, Zaifeng Zhang, Jianping Wu (2020). An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come?. In IMC 2019.
* IRTF Applied Networking Research Prize (ANRP) 2020 Award Winner..

PDF Slides Video

Mingming Zhang, Baojun Liu, Chaoyi Lu, Jia Zhang, Shuang Hao, Haixin Duan (2020). Measuring Privacy Threats in China-Wide Mobile Networks. In FOCI 2018.

PDF Slides

Activities

Fallstreak Hole of Internet Clouds: Unraveling the Threat of Hosting-Based Domain Takeovers

Paper title：Detecting and Measuring Security Risks of Hosting-Based Dangling Domains （published by ACM SIGMETRICS 2023） Domain names, vital for tasks like digital certificate authentication, face growing vulnerabilities in our evolving digital landscape.

Mingming Zhang, Xiang Li, Baojun Liu, Jianyu Lu, Yiming Zhang, Jianjun Chen, Haiixn Duan, Shuang Hao, Xiaofeng Zheng

Last updated on Jul 8, 2025 5 min read Blog

Fallstreak Hole of Internet Clouds: Unraveling the Threat of Hosting-Based Domain Takeovers

Attend ACM SIGMETRICS 2023 and Present Our Research on Domain Takeover

In the SIGMETRICS 2023, I presented our paper “Detecting and Measuring Security Risks of Hosting-Based Dangling Domains” and met so many friend. Happy to be there!

Mingming Zhang

Last updated on Feb 27, 2024 1 min read Presentation

Attend ACM SIGMETRICS 2023 and Present Our Research on Domain Takeover

OARC 40 & NANOG 87 Workshop

In OARC 40 & NANOG 87 Workshop (hybrid in-person and online workshop), I presented a novel hosting-based domain takeover detection framework DareShark to the audiences.

lixiang

Last updated on Oct 8, 2023 1 min read Presentation

Won the Championship of GeekPwn2019

We successfully hijacked the QR code of the HTTPS website in the same local area network and hijacked the mailbox to obtain the mailbox password.

Mingming Zhang

Last updated on Nov 22, 2020 2 min read GeekPwn

Misc

🏅 Honors & Awards

Academia & Community

EthiCS'22 Best Student Paper, 2022
DSN'22 Best Paper Runner-up, 2022
IRTF Applied Networking Research Prize, 2020
ACM IMC Nominee of Distinguished Paper Award & Community Contribution Award, 2019

Education & Scholarship

Doctoral Dissertation Award of Tsinghua University, 2023
Qihang Award of Tsinghua University for Graduate Students, 2023
LongFor Academic Scholarship. 2023
2st-Class Scholarship of Tsinghua University for Graduate Students, 2020
Cyberspace Scholarship of China Internet Development Foundation, 2018
China National Scholarship, 2017

Competition

The 1st Prize in GeekPWN 2019

🔖 Patents

An Efficient Algorithm for Constructing Domain Deep Analysis Dependency Topology Based on Passive Domain Name Resolution Traffic. 2023. In applying.
A Domain Authorization Consistency Detection Method for DNS Resolvers. 2023. In checking.
A Novel Domain Name Generation Algorithm Based on the DNS Resolution Mechanism and Its Detection Method. 2023. In checking.
CN112311884A: Method, apparatus, electronic device and storage medium for recognizing network communication security. 2021.

Mingming Zhang

Assistant Researcher in ZGC Lab

Network and Information Security Lab (NISL)

Interests

Education

Publications

Activities

Fallstreak Hole of Internet Clouds: Unraveling the Threat of Hosting-Based Domain Takeovers

Attend ACM SIGMETRICS 2023 and Present Our Research on Domain Takeover

OARC 40 & NANOG 87 Workshop

Won the Championship of GeekPwn2019

Misc

🏅 Honors & Awards

Academia & Community

Education & Scholarship

Competition

🔖 Patents

👩‍💻 Academic Services

Conference TPC member

External Reviewer

Contact