Publications
Measuring the Impact of the GDPR on Data Sharing in Ad Networks
2020 - Tobias Urban, Dennis Tatang, Martin Degeling, Thorsten Holz, Norbert Pohlmann
ACM AsiaCCS 2020, Taipei, Taiwan, June 2020Hyper-Cube: High-Dimensional Hypervisor Fuzzing
2020 - Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon Wörner, Thorsten Holz
Network and Distributed System Security Symposium (NDSS 2020), San Diego, California, USA, February 2020"Your Hashed IP Address: Ubuntu": Perspectives on Transparency Tools for Online Advertising
2019 - Tobias Urban, Martin Degeling, Thorsten Holz, Norbert Pohlmann
Annual Computer Security Applications Conference (ACSAC), Puerto Rico, USA, December 2019 [PDF]VPS: Excavating High-Level C++ Constructs from Low-Level Binaries to Protect Dynamic Dispatching
2019 - Andre Pawlowski, Victor van der Veen, Dennis Andriesse, Erik van der Kouwe, Thorsten Holz, Cristiano Giuffrida, Herbert Bos
Annual Computer Security Applications Conference (ACSAC), Puerto Rico, USA, December 2019 [GitHub] [PDF]Below the Radar: Spotting DNS Tunnels in Newly Observed Hostnames in the Wild
2019 - Dennis Tatang, Florian Quinkert, Thorsten Holz
APWG Symposium on Electronic Crime Research (eCrime) 2019, Pittsburgh, PA, USA, November 2019 [PDF](Un)informed Consent: Studying GDPR Consent Notices in the Field
2019 - Christine Utz, Martin Degeling, Sascha Fahl, Florian Schaub, Thorsten Holz
ACM Conference on Computer and Communications Security (CCS 2019), November 2019, London, UK [Techcrunch Report] [GitHub] [PDF] [Slides]A Study on Subject Data Access in Online Advertising after the GDPR
2019 - Tobias Urban, Dennis Tatang, Martin Degeling, Thorsten Holz, Norbert Pohlmann
International Workshop on Data Privacy Management (DPM) 2019, co-located with ESORICS 2019 in Luxembourg, September 2019 [PDF]Study of DNS Rebinding Attacks on Smart Home Devices
2019 - Dennis Tatang, Tim Suurland, Thorsten Holz
International Workshop on Attacks and Defenses for Internet-of-Things (ADIoT) 2019, co-located with ESORICS 2019 in Luxembourg, September 2019 [PDF]Static Detection of Uninitialized Stack Variables in Binary Code
2019 - Behrad Garmany, Martin Stoffel, Robert Gawlik, Thorsten Holz
European Symposium on Research in Computer Security (ESORICS), Luxembourg, September 2019 [PDF]Towards Automated Application-Specific Software Stacks
2019 - Nicolai Davidsson, Andre Pawlowski, Thorsten Holz
European Symposium on Research in Computer Security (ESORICS), Luxembourg, September 2019 [Technical Report] [GitHub] [PDF]GDPiRated – Stealing Personal Information On-and Offline
2019 - Matteo Cagnazzo, Thorsten Holz, Norbert Pohlmann
European Symposium on Research in Computer Security (ESORICS), Luxembourg, September 2019 [PDF]AntiFuzz: Impeding Fuzzing Audits of Binary Executables
2019 - Emre Güler, Cornelius Aschermann, Ali Abbasi, Thorsten Holz
USENIX Security Symposium, Santa Clara, CA, USA, August 2019 [GitHub] [pdf]GRIMOIRE: Synthesizing Structure while Fuzzing
2019 - Tim Blazytko, Cornelius Aschermann, Moritz Schlögel, Ali Abbasi, Sergej Schumilo, Simon Wörner, Thorsten Holz
USENIX Security Symposium, Santa Clara, CA, USA, August 2019 [GitHub] [Pdf]Intervention and End-User Development
2019 - Thomas Herrmann, Christopher Lentzsch, Martin Degeling
International Symposium on End User Development (IS-EUD) 2019 [Conference Link] [Springer Link]Large-scale Analysis of Infrastructure-leaking DNS Servers
2019 - Dennis Tatang, Carl Schneider, Thorsten Holz
Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Gothenburg, Sweden, June 2019 [GitHub] [PDF]Challenges in Designing Exploit Mitigations for Deeply Embedded Systems
2019 - Ali Abbasi, Jos Wetzels, Thorsten Holz, Sandro Etalle
IEEE European Symposium on Security and Privacy (EuroS&P 2019), Stockholm, Sweden, June 2019 [PDF]Steroids for DOPed Applications: A Compiler for Automated Data-Oriented Programming
2019 - Jannik Pewny, Philipp Koppe, Thorsten Holz
IEEE European Symposium on Security and Privacy (EuroS&P 2019), Stockholm, Sweden, June 2019 [PDF]It's Not What It Looks Like: Measuring Attacks and Defensive Registrations of Homograph Domains
2019 - Florian Quinkert, Tobias Lauinger, William Robertson, Engin Kirda, Thorsten Holz
IEEE Conference on Communications and Network Security (CNS), Washington, D.C., USA, June 2019 [PDF]Breaking LTE on Layer Two
2019 - David Rupprecht, Katharina Kohls, Christina Pöpper, Thorsten Holz
IEEE Symposium on Security & Privacy (Oakland), May 2019 [Website] [PDF]POSTER: Application-Layer Routing Attacks on Tor
2019 - Katharina Kohls, Christina Pöpper
IEEE Symposium on Security & Privacy (Oakland), May 2019 [Proposal] [Poster]Lost Traffic Encryption: Fingerprinting LTE/4G Traffic on Layer Two
2019 - Katharina Kohls, David Rupprecht, Thorsten Holz, Christina Pöpper
Conference on Security and Privacy in Wireless and Mobile Networks (WiSec ’19), May 15–17, 2019, Miami, FL, USA, ACM [PDF]LTE Security Disabled — Misconfiguration in Commercial Networks
2019 - Merlin Chlosta, David Rupprecht, Thorsten Holz, Christina Pöpper
Conference on Security and Privacy in Wireless and Mobile Networks (WiSec ’19), May 15–17, 2019, Miami, FL, USA, ACM [PDF]Adversarial Attacks Against Automatic Speech Recognition Systems via Psychoacoustic Hiding
2019 - Lea Schönherr, Katharina Kohls, Steffen Zeiler, Thorsten Holz, Dorothea Kolossa
Network and Distributed System Security Symposium (NDSS 2019), San Diego, California, USA, February 2019 [Demo] [PDF]Nautilus: Fishing for Deep Bugs with Grammars
2019 - Cornelius Aschermann, Tommaso Frassetto, Thorsten Holz, Patrick Jauernig, Ahmad-Reza Sadeghi, Daniel Teuchert
Network and Distributed System Security Symposium (NDSS 2019), San Diego, California, USA, February 2019 [GitHub] [PDF]On the Challenges of Geographical Avoidance for Tor
2019 - Katharina Kohls, Kai Jansen, David Rupprecht, Thorsten Holz, Christina Pöpper
Network and Distributed System Security Symposium (NDSS 2019), San Diego, California, USA, February 2019 [PDF]Redqueen: Fuzzing with Input-to-State Correspondence
2019 - Cornelius Aschermann, Sergej Schumilo, Tim Blazytko, Robert Gawlik, Thorsten Holz
Network and Distributed System Security Symposium (NDSS 2019), San Diego, California, USA, February 2019 [GitHub] [PDF]We Value Your Privacy - Now Take Some Cookies: Measuring the GDPR's Impact on Web Privacy
2019 - Martin Degeling, Christine Utz, Christopher Lentzsch, Henry Hosseini, Florian Schaub, Thorsten Holz
Network and Distributed System Security Symposium (NDSS 2019), San Diego, California, USA, February 2019 [GitHub] [PDF]DorkPot: A Honeypot-based Analysis of Google Dorks
2019 - Florian Quinkert, Eduard Leonhardt, Thorsten Holz
Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb), San Diego, California, USA, February 2019 - ** Best Paper Award ** [PDF]Towards Automated Generation of Exploitation Primitives for Web Browsers
2018 - Behrad Garmany, Martin Stoffel, Robert Gawlik, Philipp Koppe, Tim Blazytko, Thorsten Holz
Annual Computer Security Applications Conference (ACSAC), San Juan, Puerto Rico, USA, December 2018 [PDF]Profiling im Web. Von Liquiditat und Segmentierung
2018 - Martin Degeling
Vortrag bei der Jahrestagung der Gesellschaft für Wissenschafts- und Technikforschung 2018, Berlin. [website] [Slides]The Influence of Friends and Experts on Privacy Decision Making in IoT Scenarios
2018 - Pardis Emami-Naeini, Martin Degeling, Lujo Bauer, Richard Chow, Lorrie Cranor, Mohammad Reza Haghighat, Heather Patterson
ACM Conference on Computer-Supported Cooperative Work and Social Computing (CSCW) 2018 [pdf]An Exploratory Analysis of Microcode as a Building Block for System Defenses
2018 - Benjamin Kollenda, Philipp Koppe, Marc Fyrbiak, Christian Kison, Christof Paar, Thorsten Holz
ACM Conference on Computer and Communications Security (CCS), Toronto, October 2018 [GitHub] [PDF]Tracking and Tricking a Profiler - Measuring and Influencing Bluekai’s Interest Profiling
2018 - Martin Degeling, Jan Nierhoff
Workshop on Privacy in the Electronic Society (WPES 2018) in conjunction with CCS 2018 [pdf (researchgate)]Towards Understanding Privacy Implications of Adware and Potentially Unwanted Programs
2018 - Tobias Urban, Dennis Tatang, Thorsten Holz, Norbert Pohlmann
European Symposium on Research in Computer Security (ESORICS), Barcelona, Spain, September 2018 - ** Best Paper Award ** [PDF]Preventing Malicious SDN Applications From Hiding Adverse Network Manipulations
2018 - Christian Röpke, Thorsten Holz
ACM SIGCOMM Workshop on Security in Softwarized Networks: Prospects and Challenges (SecSoN 2018), Budapest, Hungary, 2018 [PDF]POSTER: User Perception and Expectations on Deleting Instant Messages -or- "What Happens If I Press This Button?"
2018 - Theodor Schnitzler, Christine Utz, Florian Farke, Christina Pöpper, Markus Dürmuth
USENIX Symposium on Usable Privacy and Security 2018 (SOUPS '18). Baltimore, MD, USA, August 12-14, 2018SoK: Make JIT-Spray Great Again
2018 - Robert Gawlik, Thorsten Holz
USENIX Workshop on Offensive Technologies (WOOT), Baltimore, US, August 2018 [PDF]DigesTor: Comparing Passive Traffic Analysis Attacks on Tor
2018 - Katharina Kohls, Christina Pöpper
European Symposium on Research in Computer Security 2018 (ESORICS '18), Barcelona, Spain, September, 2018 [Website] [PDF] [Slides]On the Weaknesses of Function Table Randomization
2018 - Moritz Contag, Robert Gawlik, Andre Pawlowski, Thorsten Holz
Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Paris, France, June 2018 [GitHub] [PDF]From Interaction to Intervention: An Approach for Keeping Humans in Control in the Context of socio-technical Systems.
2018 - Thomas Herrmann, Albrecht Schmidt, Martin Degeling
STPIS Workshop at CAiSE 2018 [pdf]SDN Ro2tkits: A Case Study of Subverting A Closed Source SDN Controller
2018 - Christian Röpke
GI Sicherheit, Konstanz, Germany, 2018Masters of Time: An Overview of the NTP Ecosystem
2018 - Teemu Rytilahti, Dennis Tatang, Janosch Köpper, Thorsten Holz
IEEE European Symposium on Security and Privacy (Euro S&P), London, United Kingdom, April 2018 [GitHub] [PDF]Position-independent Code Reuse: On the Effectiveness of ASLR in the Absence of Information Disclosure
2018 - Enes Göktaş, Benjamin Kollenda, Philipp Koppe, Erik Bosman, Georgios Portokalidis, Thorsten Holz, Herbert Bos, Cristiano Giuffrida
IEEE European Symposium on Security and Privacy (Euro S&P), London, United Kingdom, April 2018 [PDF]User Perception and Expectations on Deleting Instant Messages -or- "What Happens If I Press This Button?"
2018 - Theodor Schnitzler, Christine Utz, Florian Farke, Christina Pöpper, Markus Dürmuth
European Workshop on Usable Security (EuroUSEC) 2018, London, England, 23 April 2018 [PDF] [Slides]Towards a Roadmap for Privacy Technologies and the General Data Protection Regulation: A transatlantic initiative
2018 - Stefan Schiffner, Bettina Berendt, Triin Siil, Martin Degeling, Robert Riemann, Florian Schaub, Kim Wuyts, Massimo Attoresi, Seda Gürses, Achim Klabunde, Jules Polonetsky, Norman Sadeh, Gabriela Zanfir-Fortuna
Proceedings of the Annual Privacy Forum 2018 [pdf]An Empirical Study on Online Price Differentiation
2018 - Thomas Hupperich, Dennis Tatang, Nicolai Wilkop, Thorsten Holz
ACM Conference on Data and Applications Security and Privacy (CODASPY 2018) Tempe, AZ, USA, March 2018 [ACM DL] [GitHub] [PDF]Breaking and Fixing Destructive Code Read Defenses
2017 - Jannik Pewny, Philipp Koppe, Lucas Davi, Thorsten Holz
Annual Computer Security Applications Conference (ACSAC), Puerto Rico, USA, December 2017 [PDF]ECFI: Asynchronous Control Flow Integrity for Programmable Logic Controllers
2017 - Ali Abbasi, Emmanuele Zambon, Sandro Etalle, Thorsten Holz
Annual Computer Security Applications Conference (ACSAC), Puerto Rico, USA, December 2017 [PDF]SDN-Guard: Protecting SDN Controllers Against SDN Rootkits
2017 - Dennis Tatang, Florian Quinkert, Joel Frank, Christian Röpke, Thorsten Holz
IEEE Workshop on Security in NFV-SDN (SN-2017), Berlin, November 2017 [PDF]On the Significance of Process Comprehension for Conducting Targeted ICS Attacks
2017 - Benjamin Green, Marina Krotofil, Ali Abbasi
3rd ACM Workshop on Cyber-Physical Systems Security and Privacy, November 2017, Dallas, USA. [PDF]