Publications

Fuzzware: Scalable Embedded Systems Firmware Re-Hosting for Fuzzing

2022 - Tobias Scharnowski, Nils Bars, Moritz Schlögel, Eric Gustafson, Marius Muench, Giovanni Vigna, Christopher Kruegel, Thorsten Holz, Ali Abbasi

USE­NIX Se­cu­ri­ty Sym­po­si­um, Bos­ton, MA, USA, Au­gust 2022

FirmWire: Transparent Dynamic Analysis for Cellular Baseband Firmware

2022 - Grant Hernandez, Marius Muench, Dominik Maier, Alyssa Milburn, Shinjo Park, Tobias Scharnowski, Tyler Tucker, Patrick Traynor, Kevin Butler

The Network and Distributed System Security (NDSS) Symposium, San Diego, CA, USA, February 2022

The Evolution of DNS-based Email Authentication: Measuring Adoption and Finding Flaws

2021 - Dennis Tatang, Florian Zettl, Thorsten Holz

International Symposium on Research in Attacks, Intrusions and Defenses (RAID), Donostia / San Sebastian, Spain, October 2021 ** Distinguished Paper Award ** [PDF]

Towards Automating Code-Reuse Attacks Using Synthesized Gadget Chains

2021 - Moritz Schlögel, Tim Blazytko, Julius Basler, Fabian Hemmer, Thorsten Holz

European Symposium on Research in Computer Security (ESORICS), Online, October 2021 [PDF]

Dompteur: Taming Audio Adversarial Examples

2021 - Thorsten Eisenhofer, Lea Schönherr, Joel Frank, Lars Speckemeier, Do­ro­thea Kolossa, Thorsten Holz

USENIX Security Symposium, Virtual, August 2021 [GitHub] [PDF]

Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types

2021 - Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon Wör­ner, Thorsten Holz

USENIX Security Symposium, Virtual, August 2021 [PDF]

Datenübertragbarkeit – Zwischen Abwarten und Umsetzen

2021 - Özlem Karasoy, Gülcan Turgut, Martin Degeling

In: Friedewald et. al, Selbstbestimmung, Privatheit und Datenschutz (Juli, 2021) [pdf]

Spotlight on Phishing: A Longitudinal Study on Phishing Awareness Trainings

2021 - Florian Quinkert, Martin Degeling, Thorsten Holz

Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Virtual, July 2021 [PDF]

Digging Deeper: An Analysis of Domain Impersonation in the Lower DNS Hierarchy

2021 - Florian Quinkert, Dennis Tatang, Thorsten Holz

Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Virtual, July 2021 [PDF]

Extended Abstract: A First Large-scale Analysis on Usage of MTA-STS

2021 - Dennis Tatang, Robin Flume, Thorsten Holz

Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Virtual, July 2021 [PDF]

Unifying Privacy Policy Detection

2021 - Henry Hosseini, Martin Degeling, Christine Utz, Thomas Hupperich

The 21st Privacy Enhancing Technologies Symposium (PETS 2021), July 12–16, 2021, Virtual Conference

5G SUCI-Catchers: Still catching them all?

2021 - Merlin Chlosta, David Rupprecht, Christina Pöpper, Thorsten Holz

ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Virtual, June 2021 [PDF]

On the Challenges of Automata Reconstruction in LTE Networks

2021 - Merlin Chlosta, David Rupprecht, Thorsten Holz

ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Virtual, June 2021 [PDF]

Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2

2021 - Christof Beierle, Patrick Derbez, Gregor Leander, Getan Leurent, Havard Raddum, Yann Rotella, David Rupprecht, Lukas Stennes

[Paper]

Likes are not Likes - A Crowdworking Platform Analysis

2021 - Dennis Tatang, Philip Kreißel, Michael Sehring, Florian Quinkert, Martin Degeling, Thorsten Holz

CySoc Workshop at the 15th AAAI Conference on Web and Social Media [pdf]

Apps Against the Spread: Privacy Implications and User Acceptance of COVID-19-Related Smartphone Apps on Three Continents

2021 - Christine Utz, Steffen Becker, Theodor Schnitzler, Florian Farke, Franziska Herbert, Leonie Schaewitz, Martin Degeling, Markus Dürmuth

ACM CHI Conference on Human Factors in Computing Systems 2021 [arXiv Preprint] [ACM Digital Library] [HTML Version]

CollabFuzz: A Framework for Collaborative Fuzzing

2021 - Sebastian Österlund, Elia Geretto, Andrea Jemmett, Emre Güler, Philipp Görz, Thorsten Holz, Cristiano Giuffrida, Herbert Bos

European Workshop on Systems Security (EuroSec), Virtual, April 2021 [pdf]

We Built This Circuit: Exploring Threat Vectors in Circuit Establishment in Tor

2021 - Theodor Schnitzler, Christina Pöpper, Markus Dürmuth, Katharina Kohls

IEEE European Symposium on Security and Privacy (EuroS&P '21). Virtual Conference, September 6-10, 2021 [Paper]

Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem

2021 - Christopher Lentzsch, Sheel Jayesh Shah, Benjamin Andow, Martin Degeling, Anupam Das, William Enck

Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 2021 [Result Overvíew] [RUB News] [Media Report (Verge)] [pdf]

Reining in the Web's Inconsistencies with Site Policy

2021 - Stefano Calzavara, Tobias Urban, Dennis Tatang, Marius Steffens, Ben Stock

Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 2021 [PDF]
Page: