1. NDSS
    PHYjacking: Physical Input Hijacking for Zero-Permission Authorization Attacks on Android
    Xianbo Wang, Shangcheng Shi, Yikang Chen, and 1 more author
    Proceedings Network and Distributed System Security Symposium, 2022


    Scalable Detection of Promotional Website Defacements in Black Hat {SEO} Campaigns
    Ronghai Yang*, Xianbo Wang*, Cheng Chi, and 4 more authors
    * indicates equal contribution
    In 30th USENIX Security Symposium (USENIX Security 21), 2021
  2. ACNS
    Breaking and Fixing Third-Party Payment Service for Mobile Apps
    Shangcheng Shi, Xianbo Wang, and Wing Cheong Lau
    In International Conference on Applied Cryptography and Network Security, 2021
  3. SecureComm
    An Empirical Study on Mobile Payment Credential Leaks and Their Exploits
    Shangcheng Shi, Xianbo Wang, Kyle Zeng, and 2 more authors
    In International Conference on Security and Privacy in Communication Systems, 2021
  4. Black Hat
    Mining and Exploiting (Mobile) Payment Credential Leaks in the Wild
    Shangcheng Shi, Xianbo Wang, and Wing Cheong Lau
    Black Hat Asia Briefings, 2021


  1. Evading Web Application Firewalls with Reinforcement Learning
    Xianbo Wang, and Han Hu
    Technical Report, 2020
  2. Black Hat
    Fingerprint-Jacking: Practical Fingerprint Authorization Hijacking in Android Apps
    Xianbo Wang, Yikang Chen, Ronghai Yang, and 2 more authors
    Black Hat Europe Briefings, 2020


  1. AsiaCCS
    MoSSOT: An automated blackbox tester for single sign-on vulnerabilities in mobile applications
    Shangcheng Shi, Xianbo Wang, and Wing Cheong Lau
    In Proceedings of the ACM Asia Conference on Computer and Communications Security, 2019
  2. Black Hat
    Make Redirection Evil Again: URL Parser Issues in OAuth
    Xianbo Wang, Shangcheng Shi, Ronghai Yang, and 1 more author
    Black Hat Asia Briefings, 2019