Publications
Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types
2021 - Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon Wörner, Thorsten Holz
USENIX Security Symposium, Vancouver, Canada, August 2021Apps Against the Spread: Privacy Implications and User Acceptance of COVID-19-Related Smartphone Apps on Three Continents
2021 - Christine Utz, Steffen Becker, Theodor Schnitzler, Florian Farke, Franziska Herbert, Leonie Schaewitz, Martin Degeling, Markus Dürmuth
ACM CHI Conference on Human Factors in Computing Systems 2021 [arXiv Preprint]Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem
2021 - Christopher Lentzsch, Sheel Jayesh Shah, Benjamin Andow, Martin Degeling, Anupam Das, William Enck
Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 2021 [Result Overvíew] [pdf]Reining in the Web's Inconsistencies with Site Policy
2021 - Stefano Calzavara, Tobias Urban, Dennis Tatang, Marius Steffens, Ben Stock
Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 2021 [PDF]Cupid: Automatic Fuzzer Selection for Collaborative Fuzzing
2020 - Emre Güler, Philipp Görz, Elia Geretto, Andrea Jemmett, Sebastian Österlund, Herbert Bos, Cristiano Giuffrida, Thorsten Holz
Annual Computer Security Applications Conference (ACSAC), Virtual, December 2020 [PDF]Imperio: Robust Over-the-Air Adversarial Examples for Automatic Speech Recognition Systems
2020 - Lea Schönherr, Thorsten Eisenhofer, Steffen Zeiler, Thorsten Holz, Dorothea Kolossa
Annual Computer Security Applications Conference (ACSAC), Virtual, December 2020 [arXiv Preprint] [PDF]Effekte der DSGVO auf Webseiten und die Entwicklung der ePrivacy-Verordnung
2020 - Martin Degeling, Christine Utz, Tobias Urban
vorgänge. Zeitschrift für Bürgerrechte und Gesellschaftspolitik Nr. 231/232 [59(3-4)], S. 77-86. [pdf]Plenty of Phish in the Sea: Analyzing Potential Pre-Attack Surfaces
2020 - Tobias Urban, Matteo Große-Kampmann, Dennis Tatang, Thorsten Holz, Norbert Pohlmann
European Symposium on Research in Computer Security (ESORICS), Guildford, UK, September 2020 [PDF]Data Sharing in Mobile Apps — User Privacy Expectations in Europe
2020 - Nils Quermann, Martin Degeling
5th European Workshop on Usable Security (EuroUSEC 2020) [pdf]Aurora: Statistical Crash Analysis for Automated Root Cause Explanation
2020 - Tim Blazytko, Moritz Schlögel, Cornelius Aschermann, Ali Abbasi, Joel Frank, Simon Wörner, Thorsten Holz
USENIX Security Symposium, Boston, MA, USA, August 2020 [PDF]Call Me Maybe: Eavesdropping Encrypted LTE Calls With ReVoLTE
2020 - David Rupprecht, Katharina Kohls, Thorsten Holz, Christina Pöpper
USENIX Security Symposium, Boston, MA, USA, August 2020 [Website] [PDF]EthBMC: A Bounded Model Checker for Smart Contracts
2020 - Joel Frank, Cornelius Aschermann, Thorsten Holz
USENIX Security Symposium, Boston, MA, USA, August 2020 [PDF]HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation
2020 - Abraham A. Clements, Eric Gustafson, Tobias Scharnowski, Paul Grosen, David Fritz, Christopher Kruegel, Giovanni Vigna, Saurabh Bagchi, Mathias Payer
USENIX Security Symposium, Boston, MA, USA, August 2020 [PDF]Leveraging Frequency Analysis for Deep Fake Image Recognition
2020 - Joel Frank, Thorsten Eisenhofer, Lea Schönherr, Asja Fischer , Dorothea Kolossa, Thorsten Holz
International Conference on Machine Learning (ICML), July 2020 [arXiv Preprint] [PDF]Akzeptanz von Corona-Apps in Deutschland vor der Einführung der Corona-Warn-App
2020 - Steffen Becker, Martin Degeling, Markus Dürmuth, Florian Farke, Leonie Schaewitz, Theodor Schnitzler, Christine Utz
Vorabveröffentlichung (Preprint), Juni 2020 [PDF (Deutsch)]Be the Phisher - Understanding Users’ Perception of Malicious Domains
2020 - Florian Quinkert, Martin Degeling, Jim Blythe, Thorsten Holz
ACM Asia Conference on Computer & Communications Security (ASIACCS), Taipei, Taiwan, June 2020 [PDF]CORSICA: Cross-Origin Web Service Identification
2020 - Christian Dresen, Fabian Ising, Damian Poddebniak, Tobias Kappert, Thorsten Holz, Sebastian Schinzel
ACM Asia Conference on Computer & Communications Security (ASIACCS), Taipei, Taiwan, June 2020 [PDF]Measuring the Impact of the GDPR on Data Sharing in Ad Networks
2020 - Tobias Urban, Dennis Tatang, Martin Degeling, Thorsten Holz, Norbert Pohlmann
ACM Asia Conference on Computer & Communications Security (ASIACCS), Taipei, Taiwan, June 2020 [PDF]IJON: Exploring Deep State Spaces via Fuzzing
2020 - Cornelius Aschermann, Sergej Schumilo, Ali Abbasi, Thorsten Holz
IEEE Symposium on Security and Privacy ("Oakland"), San Jose, CA, May 2020 [GitHub] [PDF]Beyond the Front Page: Measuring Third Party Dynamics in the Field
2020 - Tobias Urban, Martin Degeling, Thorsten Holz, Norbert Pohlmann
The Web Conferences (WWW), Taipei, Taiwan, April 2020 [arXiv] [PDF]Hyper-Cube: High-Dimensional Hypervisor Fuzzing
2020 - Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon Wörner, Thorsten Holz
Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 2020 [PDF]IMP4GT: IMPersonation Attacks in 4G NeTworks
2020 - David Rupprecht, Katharina Kohls, Thorsten Holz, Christina Pöpper
Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 2020 [PDF]On Using Application-Layer Middlebox Protocols for Peeking Behind NAT Gateways
2020 - Teemu Rytilahti, Thorsten Holz
Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 2020 [GitHub] [PDF] [Slides]Exploring User Perceptions of Deletion in Mobile Instant Messaging Applications
2020 - Theodor Schnitzler, Christine Utz, Florian Farke, Christina Pöpper, Markus Dürmuth
Journal of Cybersecurity, Volume 6, Issue 1, January 30, 2020 [DOI]"Your Hashed IP Address: Ubuntu": Perspectives on Transparency Tools for Online Advertising
2019 - Tobias Urban, Martin Degeling, Thorsten Holz, Norbert Pohlmann
Annual Computer Security Applications Conference (ACSAC), Puerto Rico, USA, December 2019 [PDF]VPS: Excavating High-Level C++ Constructs from Low-Level Binaries to Protect Dynamic Dispatching
2019 - Andre Pawlowski, Victor van der Veen, Dennis Andriesse, Erik van der Kouwe, Thorsten Holz, Cristiano Giuffrida, Herbert Bos
Annual Computer Security Applications Conference (ACSAC), Puerto Rico, USA, December 2019 [GitHub] [PDF]Below the Radar: Spotting DNS Tunnels in Newly Observed Hostnames in the Wild
2019 - Dennis Tatang, Florian Quinkert, Thorsten Holz
APWG Symposium on Electronic Crime Research (eCrime) 2019, Pittsburgh, PA, USA, November 2019 [PDF](Un)informed Consent: Studying GDPR Consent Notices in the Field
2019 - Christine Utz, Martin Degeling, Sascha Fahl, Florian Schaub, Thorsten Holz
ACM Conference on Computer and Communications Security (CCS 2019), November 2019, London, UK [Techcrunch Report] [GitHub] [PDF] [Slides]Die DSVGO als internationales Vorbild?
2019 - Christine Utz, Stephan Koloßa, Thorsten Holz, Pierre Thielbörger
Datenschutz und Datensicherheit (DuD) 11/2019, S. 700-705 [DOI] [PDF]A Study on Subject Data Access in Online Advertising after the GDPR
2019 - Tobias Urban, Dennis Tatang, Martin Degeling, Thorsten Holz, Norbert Pohlmann
International Workshop on Data Privacy Management (DPM) 2019, co-located with ESORICS 2019 in Luxembourg, September 2019 [PDF]Study of DNS Rebinding Attacks on Smart Home Devices
2019 - Dennis Tatang, Tim Suurland, Thorsten Holz
International Workshop on Attacks and Defenses for Internet-of-Things (ADIoT) 2019, co-located with ESORICS 2019 in Luxembourg, September 2019 [PDF]Static Detection of Uninitialized Stack Variables in Binary Code
2019 - Behrad Garmany, Martin Stoffel, Robert Gawlik, Thorsten Holz
European Symposium on Research in Computer Security (ESORICS), Luxembourg, September 2019 [PDF]Towards Automated Application-Specific Software Stacks
2019 - Nicolai Davidsson, Andre Pawlowski, Thorsten Holz
European Symposium on Research in Computer Security (ESORICS), Luxembourg, September 2019 [Technical Report] [GitHub] [PDF]GDPiRated – Stealing Personal Information On-and Offline
2019 - Matteo Cagnazzo, Thorsten Holz, Norbert Pohlmann
European Symposium on Research in Computer Security (ESORICS), Luxembourg, September 2019 [PDF]Was bedeutet Process Mining für Datenschutz und Mitbestimmung im Unternehmen?
2019 - Martin Degeling
Informatik Spektrum, August 2019 [PDF]AntiFuzz: Impeding Fuzzing Audits of Binary Executables
2019 - Emre Güler, Cornelius Aschermann, Ali Abbasi, Thorsten Holz
USENIX Security Symposium, Santa Clara, CA, USA, August 2019 [GitHub] [pdf]GRIMOIRE: Synthesizing Structure while Fuzzing
2019 - Tim Blazytko, Cornelius Aschermann, Moritz Schlögel, Ali Abbasi, Sergej Schumilo, Simon Wörner, Thorsten Holz
USENIX Security Symposium, Santa Clara, CA, USA, August 2019 [GitHub] [Pdf]Intervention and End-User Development
2019 - Thomas Herrmann, Christopher Lentzsch, Martin Degeling
International Symposium on End User Development (IS-EUD) 2019 [Conference Link] [Springer Link]Large-scale Analysis of Infrastructure-leaking DNS Servers
2019 - Dennis Tatang, Carl Schneider, Thorsten Holz
Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Gothenburg, Sweden, June 2019 [GitHub] [PDF]Challenges in Designing Exploit Mitigations for Deeply Embedded Systems
2019 - Ali Abbasi, Jos Wetzels, Thorsten Holz, Sandro Etalle
IEEE European Symposium on Security and Privacy (EuroS&P 2019), Stockholm, Sweden, June 2019 [PDF]Steroids for DOPed Applications: A Compiler for Automated Data-Oriented Programming
2019 - Jannik Pewny, Philipp Koppe, Thorsten Holz
IEEE European Symposium on Security and Privacy (EuroS&P 2019), Stockholm, Sweden, June 2019 [PDF]Analyzing leakage of personal information by malware
2019 - Tobias Urban, Dennis Tatang, Thorsten Holz, Norbert Pohlmann
Journal of Computer Security, 2019It's Not What It Looks Like: Measuring Attacks and Defensive Registrations of Homograph Domains
2019 - Florian Quinkert, Tobias Lauinger, William Robertson, Engin Kirda, Thorsten Holz
IEEE Conference on Communications and Network Security (CNS), Washington, D.C., USA, June 2019 [PDF]Breaking LTE on Layer Two
2019 - David Rupprecht, Katharina Kohls, Thorsten Holz, Christina Pöpper
IEEE Symposium on Security & Privacy (Oakland), May 2019 [Website] [PDF]POSTER: Application-Layer Routing Attacks on Tor
2019 - Katharina Kohls, Christina Pöpper
IEEE Symposium on Security & Privacy (Oakland), May 2019 [Proposal] [Poster]Lost Traffic Encryption: Fingerprinting LTE/4G Traffic on Layer Two
2019 - Katharina Kohls, David Rupprecht, Thorsten Holz, Christina Pöpper
Conference on Security and Privacy in Wireless and Mobile Networks (WiSec ’19), May 15–17, 2019, Miami, FL, USA, ACM [PDF]LTE Security Disabled — Misconfiguration in Commercial Networks
2019 - Merlin Chlosta, David Rupprecht, Thorsten Holz, Christina Pöpper
Conference on Security and Privacy in Wireless and Mobile Networks (WiSec ’19), May 15–17, 2019, Miami, FL, USA, ACM [PDF]Adversarial Attacks Against Automatic Speech Recognition Systems via Psychoacoustic Hiding
2019 - Lea Schönherr, Katharina Kohls, Steffen Zeiler, Thorsten Holz, Dorothea Kolossa
Network and Distributed System Security Symposium (NDSS 2019), San Diego, California, USA, February 2019 [Demo] [PDF]Nautilus: Fishing for Deep Bugs with Grammars
2019 - Cornelius Aschermann, Tommaso Frassetto, Thorsten Holz, Patrick Jauernig, Ahmad-Reza Sadeghi, Daniel Teuchert
Network and Distributed System Security Symposium (NDSS 2019), San Diego, California, USA, February 2019 [GitHub] [PDF]On the Challenges of Geographical Avoidance for Tor
2019 - Katharina Kohls, Kai Jansen, David Rupprecht, Thorsten Holz, Christina Pöpper
Network and Distributed System Security Symposium (NDSS 2019), San Diego, California, USA, February 2019 [PDF] [Slides]