Publications
Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types
2021 - Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon Wörner, Thorsten Holz
USENIX Security Symposium, Vancouver, Canada, August 2021Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem
2021 - Christopher Lentzsch, Sheel Jayesh Shah, Benjamin Andow, Martin Degeling, Anupam Das, William Enck
Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 2021Reining in the Web's Inconsistencies with Site Policy
2021 - Stefano Calzavara, Tobias Urban, Dennis Tatang, Marius Steffens, Ben Stock
Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 2021 [PDF]Cupid: Automatic Fuzzer Selection for Collaborative Fuzzing
2020 - Emre Güler, Philipp Görz, Elia Geretto, Andrea Jemmett, Sebastian Österlund, Herbert Bos, Cristiano Giuffrida, Thorsten Holz
Annual Computer Security Applications Conference (ACSAC), Virtual, December 2020 [PDF]Imperio: Robust Over-the-Air Adversarial Examples for Automatic Speech Recognition Systems
2020 - Lea Schönherr, Thorsten Eisenhofer, Steffen Zeiler, Thorsten Holz, Dorothea Kolossa
Annual Computer Security Applications Conference (ACSAC), Virtual, December 2020 [arXiv Preprint] [PDF]Plenty of Phish in the Sea: Analyzing Potential Pre-Attack Surfaces
2020 - Tobias Urban, Matteo Große-Kampmann, Dennis Tatang, Thorsten Holz, Norbert Pohlmann
European Symposium on Research in Computer Security (ESORICS), Guildford, UK, September 2020 [PDF]Data Sharing in Mobile Apps — User Privacy Expectations in Europe
2020 - Nils Quermann, Martin Degeling
5th European Workshop on Usable Security (EuroUSEC 2020) [pdf]Aurora: Statistical Crash Analysis for Automated Root Cause Explanation
2020 - Tim Blazytko, Moritz Schlögel, Cornelius Aschermann, Ali Abbasi, Joel Frank, Simon Wörner, Thorsten Holz
USENIX Security Symposium, Boston, MA, USA, August 2020 [PDF]Call Me Maybe: Eavesdropping Encrypted LTE Calls With ReVoLTE
2020 - David Rupprecht, Katharina Kohls, Thorsten Holz, Christina Pöpper
USENIX Security Symposium, Boston, MA, USA, August 2020 [Website] [PDF]EthBMC: A Bounded Model Checker for Smart Contracts
2020 - Joel Frank, Cornelius Aschermann, Thorsten Holz
USENIX Security Symposium, Boston, MA, USA, August 2020 [PDF]HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation
2020 - Abraham A. Clements, Eric Gustafson, Tobias Scharnowski, Paul Grosen, David Fritz, Christopher Kruegel, Giovanni Vigna, Saurabh Bagchi, Mathias Payer
USENIX Security Symposium, Boston, MA, USA, August 2020 [PDF]Leveraging Frequency Analysis for Deep Fake Image Recognition
2020 - Joel Frank, Thorsten Eisenhofer, Lea Schönherr, Asja Fischer , Dorothea Kolossa, Thorsten Holz
International Conference on Machine Learning (ICML), July 2020 [arXiv Preprint] [PDF]Be the Phisher - Understanding Users’ Perception of Malicious Domains
2020 - Florian Quinkert, Martin Degeling, Jim Blythe, Thorsten Holz
ACM Asia Conference on Computer & Communications Security (ASIACCS), Taipei, Taiwan, June 2020 [PDF]CORSICA: Cross-Origin Web Service Identification
2020 - Christian Dresen, Fabian Ising, Damian Poddebniak, Tobias Kappert, Thorsten Holz, Sebastian Schinzel
ACM Asia Conference on Computer & Communications Security (ASIACCS), Taipei, Taiwan, June 2020 [PDF]Measuring the Impact of the GDPR on Data Sharing in Ad Networks
2020 - Tobias Urban, Dennis Tatang, Martin Degeling, Thorsten Holz, Norbert Pohlmann
ACM Asia Conference on Computer & Communications Security (ASIACCS), Taipei, Taiwan, June 2020 [PDF]IJON: Exploring Deep State Spaces via Fuzzing
2020 - Cornelius Aschermann, Sergej Schumilo, Ali Abbasi, Thorsten Holz
IEEE Symposium on Security and Privacy ("Oakland"), San Jose, CA, May 2020 [GitHub] [PDF]Beyond the Front Page: Measuring Third Party Dynamics in the Field
2020 - Tobias Urban, Martin Degeling, Thorsten Holz, Norbert Pohlmann
The Web Conferences (WWW), Taipei, Taiwan, April 2020 [arXiv] [PDF]Hyper-Cube: High-Dimensional Hypervisor Fuzzing
2020 - Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon Wörner, Thorsten Holz
Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 2020 [PDF]IMP4GT: IMPersonation Attacks in 4G NeTworks
2020 - David Rupprecht, Katharina Kohls, Thorsten Holz, Christina Pöpper
Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 2020 [PDF]On Using Application-Layer Middlebox Protocols for Peeking Behind NAT Gateways
2020 - Teemu Rytilahti, Thorsten Holz
Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 2020 [GitHub] [PDF] [Slides]"Your Hashed IP Address: Ubuntu": Perspectives on Transparency Tools for Online Advertising
2019 - Tobias Urban, Martin Degeling, Thorsten Holz, Norbert Pohlmann
Annual Computer Security Applications Conference (ACSAC), Puerto Rico, USA, December 2019 [PDF]VPS: Excavating High-Level C++ Constructs from Low-Level Binaries to Protect Dynamic Dispatching
2019 - Andre Pawlowski, Victor van der Veen, Dennis Andriesse, Erik van der Kouwe, Thorsten Holz, Cristiano Giuffrida, Herbert Bos
Annual Computer Security Applications Conference (ACSAC), Puerto Rico, USA, December 2019 [GitHub] [PDF]Below the Radar: Spotting DNS Tunnels in Newly Observed Hostnames in the Wild
2019 - Dennis Tatang, Florian Quinkert, Thorsten Holz
APWG Symposium on Electronic Crime Research (eCrime) 2019, Pittsburgh, PA, USA, November 2019 [PDF](Un)informed Consent: Studying GDPR Consent Notices in the Field
2019 - Christine Utz, Martin Degeling, Sascha Fahl, Florian Schaub, Thorsten Holz
ACM Conference on Computer and Communications Security (CCS 2019), November 2019, London, UK [Techcrunch Report] [GitHub] [PDF] [Slides]A Study on Subject Data Access in Online Advertising after the GDPR
2019 - Tobias Urban, Dennis Tatang, Martin Degeling, Thorsten Holz, Norbert Pohlmann
International Workshop on Data Privacy Management (DPM) 2019, co-located with ESORICS 2019 in Luxembourg, September 2019 [PDF]Study of DNS Rebinding Attacks on Smart Home Devices
2019 - Dennis Tatang, Tim Suurland, Thorsten Holz
International Workshop on Attacks and Defenses for Internet-of-Things (ADIoT) 2019, co-located with ESORICS 2019 in Luxembourg, September 2019 [PDF]Static Detection of Uninitialized Stack Variables in Binary Code
2019 - Behrad Garmany, Martin Stoffel, Robert Gawlik, Thorsten Holz
European Symposium on Research in Computer Security (ESORICS), Luxembourg, September 2019 [PDF]Towards Automated Application-Specific Software Stacks
2019 - Nicolai Davidsson, Andre Pawlowski, Thorsten Holz
European Symposium on Research in Computer Security (ESORICS), Luxembourg, September 2019 [Technical Report] [GitHub] [PDF]GDPiRated – Stealing Personal Information On-and Offline
2019 - Matteo Cagnazzo, Thorsten Holz, Norbert Pohlmann
European Symposium on Research in Computer Security (ESORICS), Luxembourg, September 2019 [PDF]AntiFuzz: Impeding Fuzzing Audits of Binary Executables
2019 - Emre Güler, Cornelius Aschermann, Ali Abbasi, Thorsten Holz
USENIX Security Symposium, Santa Clara, CA, USA, August 2019 [GitHub] [pdf]GRIMOIRE: Synthesizing Structure while Fuzzing
2019 - Tim Blazytko, Cornelius Aschermann, Moritz Schlögel, Ali Abbasi, Sergej Schumilo, Simon Wörner, Thorsten Holz
USENIX Security Symposium, Santa Clara, CA, USA, August 2019 [GitHub] [Pdf]Intervention and End-User Development
2019 - Thomas Herrmann, Christopher Lentzsch, Martin Degeling
International Symposium on End User Development (IS-EUD) 2019 [Conference Link] [Springer Link]Large-scale Analysis of Infrastructure-leaking DNS Servers
2019 - Dennis Tatang, Carl Schneider, Thorsten Holz
Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Gothenburg, Sweden, June 2019 [GitHub] [PDF]Challenges in Designing Exploit Mitigations for Deeply Embedded Systems
2019 - Ali Abbasi, Jos Wetzels, Thorsten Holz, Sandro Etalle
IEEE European Symposium on Security and Privacy (EuroS&P 2019), Stockholm, Sweden, June 2019 [PDF]Steroids for DOPed Applications: A Compiler for Automated Data-Oriented Programming
2019 - Jannik Pewny, Philipp Koppe, Thorsten Holz
IEEE European Symposium on Security and Privacy (EuroS&P 2019), Stockholm, Sweden, June 2019 [PDF]It's Not What It Looks Like: Measuring Attacks and Defensive Registrations of Homograph Domains
2019 - Florian Quinkert, Tobias Lauinger, William Robertson, Engin Kirda, Thorsten Holz
IEEE Conference on Communications and Network Security (CNS), Washington, D.C., USA, June 2019 [PDF]Breaking LTE on Layer Two
2019 - David Rupprecht, Katharina Kohls, Thorsten Holz, Christina Pöpper
IEEE Symposium on Security & Privacy (Oakland), May 2019 [Website] [PDF]POSTER: Application-Layer Routing Attacks on Tor
2019 - Katharina Kohls, Christina Pöpper
IEEE Symposium on Security & Privacy (Oakland), May 2019 [Proposal] [Poster]Lost Traffic Encryption: Fingerprinting LTE/4G Traffic on Layer Two
2019 - Katharina Kohls, David Rupprecht, Thorsten Holz, Christina Pöpper
Conference on Security and Privacy in Wireless and Mobile Networks (WiSec ’19), May 15–17, 2019, Miami, FL, USA, ACM [PDF]LTE Security Disabled — Misconfiguration in Commercial Networks
2019 - Merlin Chlosta, David Rupprecht, Thorsten Holz, Christina Pöpper
Conference on Security and Privacy in Wireless and Mobile Networks (WiSec ’19), May 15–17, 2019, Miami, FL, USA, ACM [PDF]Adversarial Attacks Against Automatic Speech Recognition Systems via Psychoacoustic Hiding
2019 - Lea Schönherr, Katharina Kohls, Steffen Zeiler, Thorsten Holz, Dorothea Kolossa
Network and Distributed System Security Symposium (NDSS 2019), San Diego, California, USA, February 2019 [Demo] [PDF]Nautilus: Fishing for Deep Bugs with Grammars
2019 - Cornelius Aschermann, Tommaso Frassetto, Thorsten Holz, Patrick Jauernig, Ahmad-Reza Sadeghi, Daniel Teuchert
Network and Distributed System Security Symposium (NDSS 2019), San Diego, California, USA, February 2019 [GitHub] [PDF]On the Challenges of Geographical Avoidance for Tor
2019 - Katharina Kohls, Kai Jansen, David Rupprecht, Thorsten Holz, Christina Pöpper
Network and Distributed System Security Symposium (NDSS 2019), San Diego, California, USA, February 2019 [PDF] [Slides]Redqueen: Fuzzing with Input-to-State Correspondence
2019 - Cornelius Aschermann, Sergej Schumilo, Tim Blazytko, Robert Gawlik, Thorsten Holz
Network and Distributed System Security Symposium (NDSS 2019), San Diego, California, USA, February 2019 [GitHub] [PDF]We Value Your Privacy - Now Take Some Cookies: Measuring the GDPR's Impact on Web Privacy
2019 - Martin Degeling, Christine Utz, Christopher Lentzsch, Henry Hosseini, Florian Schaub, Thorsten Holz
Network and Distributed System Security Symposium (NDSS 2019), San Diego, California, USA, February 2019 [GitHub] [PDF]DorkPot: A Honeypot-based Analysis of Google Dorks
2019 - Florian Quinkert, Eduard Leonhardt, Thorsten Holz
Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb), San Diego, California, USA, February 2019 - ** Best Paper Award ** [PDF]Towards Automated Generation of Exploitation Primitives for Web Browsers
2018 - Behrad Garmany, Martin Stoffel, Robert Gawlik, Philipp Koppe, Tim Blazytko, Thorsten Holz
Annual Computer Security Applications Conference (ACSAC), San Juan, Puerto Rico, USA, December 2018 [GitHub] [PDF]Profiling im Web. Von Liquiditat und Segmentierung
2018 - Martin Degeling
Vortrag bei der Jahrestagung der Gesellschaft für Wissenschafts- und Technikforschung 2018, Berlin. [website] [Slides]The Influence of Friends and Experts on Privacy Decision Making in IoT Scenarios
2018 - Pardis Emami-Naeini, Martin Degeling, Lujo Bauer, Richard Chow, Lorrie Cranor, Mohammad Reza Haghighat, Heather Patterson
ACM Conference on Computer-Supported Cooperative Work and Social Computing (CSCW) 2018 [pdf]An Exploratory Analysis of Microcode as a Building Block for System Defenses
2018 - Benjamin Kollenda, Philipp Koppe, Marc Fyrbiak, Christian Kison, Christof Paar, Thorsten Holz
ACM Conference on Computer and Communications Security (CCS), Toronto, October 2018 [GitHub] [PDF]