张明明

张明明

助理研究员

中关村实验室

网络与信息安全实验室 (NISL)

中关村实验室助理研究员,目前主要研究方向为网络基础设施安全(DNS、PKI、CDN等)、网络协议安全(TLS、HTTP、DNS等)。2023年6月,博士毕业于清华大学网络科学与网络空间研究院(网络和信息安全实验室),导师段海新教授。

近期动态:

  • 2025年6月:关于注册局域名管理实践安全脆弱性的研究发表在Usenix Security 2025!
  • 2025年6月:新提出的Web跨域攻击研究被邀请至BlackHat 2025报告分享。
  • 2025年6月:关于DNS集中化问题的测量研究发表在DSN 2025,恭喜启航!
  • 2025年6月:关于DNS解析器请求聚合脆弱性的安全研究发表在ACM CCS 2025,恭喜李想!

兴趣爱好

  • 网络安全
  • 互联网测量
  • 网络协议安全
  • 公钥基础设施安全

教育经历

  • 网络空间安全 博士学位, 2023

    清华大学

  • 信息安全与法学双学位, 2018

    南开大学

论文

Qihang Peng, Mingming Zhang, Deliang Chang, Jia Zhang, Baojun Liu, Haixin Duan (2025). Decoding DNS Centralization: Measuring and Identifying NS Domains Across Hosting Providers. In DSN 2025.

PDF

Xiang Li, Mingming Zhang, Zuyao Xu, Fasheng Miao, Yuqi Qiu, Baojun Liu, Jia Zhang, Xiaofeng Zheng, Haixin Duan, Zheli Liu, Yunhai Zhang, Dunqiu Fan (2025). RebirthDay Attack: Reviving DNS Cache Poisoning with the Birthday Paradox. ACM CCS, 2025.

PDF 演示文稿

Pinji Chen, Jianjun Chen, Mingming Zhang, Qi Wang, Yiming Zhang, Mingwei Xu, Haixin Duan (2024). Cross-Origin Web Attacks via HTTP/2 Server Push and Signed HTTP Exchange. In NDSS 2025. San Diego, California, 24 February – 28 February, 2025..

PDF

Yunyi Zhang, Mingming Zhang, Baojun Liu, Zhan Liu, Jia Zhang, Haixin Duan, Min Zhang, Fan Shi, Chengxi Xu (2024). Cross the Zone: Toward a Covert Domain Hijacking via Shared DNS Infrastructure. In Usenix Security ‘23. Philadelphia, PA, USA, August 14-16, 2024. (Acceptance rate: 417/2276=18.32%).
* Presented in OARC 43 by Yunyi Zhang.

PDF 演示文稿

Xiang Li, Wei Xu, Baojun Liu, Mingming Zhang, Zhou Li, Jia Zhang, Deliang Chang, Xiaofeng Zheng, Chuhan Wang, Jianjun Chen, Haixin Duan, Qi Li (2024). TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets. In Oakland S&P 2024. San Francisco, California, May 20–23, 2024. (Acceptance rate: 261/1,466=17.8%).

PDF 海报 演示文稿 源文档

Chuhan Wang, YASUHIRO KURANAGA, Yihang Wang, Mingming Zhang, Linkai Zheng, lixiang, Jianjun Chen, Haixin Duan, Yanzhong Lin, Qingfeng Pan (2024). BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet. In NDSS ‘24. San Diego, California, 26 February – 1 March, 2024. (Acceptance rate: 104/694=15.0%, Acceptance rate in summer: 41/211=19.4%, Acceptance rate in fall: 63/483=13.0%).

PDF

Xiang Li, Baojun Liu, Xuesong Bai, Mingming Zhang, Qifan Zhang, Zhou Li, Haixin Duan, Qi Li (2023). Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation. In NDSS ‘23. San Diego, California, 27 February – 3 March, 2023. (Acceptance rate: 94/581=16.2%).
* Presented in OARC 39.
* Presented in ICANN DNS Symposium 2022.
* Presented in Black Hat Asia 2023.
* Referenced by RFC Draft: Delegation Revalidation by DNS Resolvers.

PDF 代码 项目 演示文稿 DOI

Mingming Zhang, Xiang Li, Baojun Liu, Jianyu Lu, Yiming Zhang, Jianjun Chen, Haixin Duan, Shuang Hao, Xiaofeng Zheng (2022). Detecting and Measuring Security Risks of Hosting-Based Dangling Domains. In SIGMETRICS ‘23. Orlando, Florida, June 19-23, 2023. (Acceptance rate: 55/342=16.1%, Acceptance rate in summer: 17/93=18.3%, Acceptance rate in fall: 26/119=21.9%, Acceptance rate in winter: 12/130=9.2%).
* Presented in OARC 40.
* Presented in APAC DNS Forum 2023 by Mr Alban KWAN.

PDF 代码 项目 演示文稿

Chuhan Wang, Kaiwen Shen, Minglei Guo, Yuxuan Zhao, Mingming Zhang, Jianjun Chen, Baojun Liu, Xiaofeng Zheng, Haixin Duan, Yanzhong Lin, Qingfeng Pan (2022). A Large-scale and Longitudinal Measurement Study of DKIM Deployment. In Usenix Security 2022.

PDF

Yiming Zhang, Mingxuan Liu, Mingming Zhang, Chaoyi Lu, Haixin Duan (2022). Ethics in Security Research: Visions, Reality, and Paths Forward. In EthiCS 2022.

PDF

Kaiwen Shen, Jianyu Lu, Yaru Yang, Jianjun Chen, Mingming Zhang, Haixin Duan, Jia Zhang, Xiaofeng Zheng (2022). HDiff: A Semi-automatic Framework for Discovering Semantic Gap Attack in HTTP Implementations. In DSN 2022.

PDF

Mingming Zhang, Xiaofeng Zheng, Kaiwen Shen, Ziqiao Kong, Chaoyi Lu, Yu Wang, Haixin Duan, Shuang Hao, Baojun Liu, Min Yang (2020). Talking with Familiar Strangers: An Empirical Study on HTTPS Context Confusion Attacks. In CCS 2020.

PDF 演示文稿

Chaoyi Lu, Baojun Liu, Zhou Li, Shuang Hao, Haixin Duan, Mingming Zhang, Chunying Leng, Ying Liu, Zaifeng Zhang, Jianping Wu (2020). An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come?. In IMC 2019.
* IRTF Applied Networking Research Prize (ANRP) 2020 Award Winner..

PDF 演示文稿 视频

Mingming Zhang, Baojun Liu, Chaoyi Lu, Jia Zhang, Shuang Hao, Haixin Duan (2020). Measuring Privacy Threats in China-Wide Mobile Networks. In FOCI 2018.

PDF 演示文稿

动态

互联网云的雨幡洞:云中域名接管风险大规模检测与分析

论文题目:Detecting and Measuring Security Risks of Hosting-Based Dangling Domains (本文为ACM SIGMETRICS
张明明, Xiang Li, Baojun Liu, Jianyu Lu, Yiming Zhang, Jianjun Chen, Haiixn Duan, Shuang Hao, Xiaofeng Zheng
最近更新于 Jan 16, 2024 25 分钟阅读时长 Blog
互联网云的雨幡洞:云中域名接管风险大规模检测与分析

Inforsec网络空间安全宣传周系列活动:《和最熟悉的陌生人交谈-针对Https上下文的混淆攻击的一种实证研究》

视频链接:https://www.bilibili.com/
张明明
最近更新于 Dec 7, 2021 1 分钟阅读时长 talk

我们斩获GeekPwn2019大赛冠军,并入选2019年极棒名人堂

在“最熟悉的陌生人:一种新型的HTTPS劫持技术”项目上,我们成功将同一局域网内的 HTTPS 网站二维码劫持,并劫持邮箱获取邮箱密码。
张明明
最近更新于 Nov 16, 2020 1 分钟阅读时长 GeekPwn
我们斩获GeekPwn2019大赛冠军,并入选2019年极棒名人堂

其他

竞赛经历

  • 2019年10月,GeekPwn 国际安全极客大赛,漏洞挑战赛,第一名;

荣誉与奖励

  • 2023年,清华大学优秀博士学位论文
  • 2023年,清华大学“启航奖”金奖
  • 2022年,清华大学龙湖学术新星奖学金
  • 2022年,EthiCS会议最佳学生论文奖
  • 2022年,DSN会议最佳论文奖提名
  • 2020年,国际互联网研究工作组应用网络研究奖(IRTF ANRP)
  • 2019年,IMC会议最佳论文奖提名、社区贡献奖提名
  • 2018年,中国互联网发展基金会网络安全奖学金
  • 2017年,国家奖学金

外部审稿人

  • NDSS 2022
  • EthiCS 2022
  • NDSS 2021
  • ACSAC 2021
  • ESORICS 2020
  • CCS 2019

联系方式