Publications

Fuzzware: Scalable Embedded Systems Firmware Re-Hosting for Fuzzing

2022 - Tobias Scharnowski, Nils Bars, Moritz Schlögel, Eric Gustafson, Marius Muench, Giovanni Vigna, Christopher Kruegel, Thorsten Holz, Ali Abbasi

USE­NIX Se­cu­ri­ty Sym­po­si­um, Bos­ton, MA, USA, Au­gust 2022 [PDF]

FirmWire: Transparent Dynamic Analysis for Cellular Baseband Firmware

2022 - Grant Hernandez, Marius Muench, Dominik Maier, Alyssa Milburn, Shinjo Park, Tobias Scharnowski, Tyler Tucker, Patrick Traynor, Kevin Butler

The Network and Distributed System Security (NDSS) Symposium, San Diego, CA, USA, February 2022

The Evolution of DNS-based Email Authentication: Measuring Adoption and Finding Flaws

2021 - Dennis Tatang, Florian Zettl, Thorsten Holz

International Symposium on Research in Attacks, Intrusions and Defenses (RAID), Donostia / San Sebastian, Spain, October 2021 ** Distinguished Paper Award ** [PDF]

Towards Automating Code-Reuse Attacks Using Synthesized Gadget Chains

2021 - Moritz Schlögel, Tim Blazytko, Julius Basler, Fabian Hemmer, Thorsten Holz

European Symposium on Research in Computer Security (ESORICS), Online, October 2021 [PDF]

Dompteur: Taming Audio Adversarial Examples

2021 - Thorsten Eisenhofer, Lea Schönherr, Joel Frank, Lars Speckemeier, Do­ro­thea Kolossa, Thorsten Holz

USENIX Security Symposium, Virtual, August 2021 [GitHub] [PDF]

Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types

2021 - Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon Wör­ner, Thorsten Holz

USENIX Security Symposium, Virtual, August 2021 [PDF]

Spotlight on Phishing: A Longitudinal Study on Phishing Awareness Trainings

2021 - Florian Quinkert, Martin Degeling, Thorsten Holz

Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Virtual, July 2021 [PDF]

Digging Deeper: An Analysis of Domain Impersonation in the Lower DNS Hierarchy

2021 - Florian Quinkert, Dennis Tatang, Thorsten Holz

Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Virtual, July 2021 [PDF]

Extended Abstract: A First Large-scale Analysis on Usage of MTA-STS

2021 - Dennis Tatang, Robin Flume, Thorsten Holz

Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Virtual, July 2021 [PDF]

Unifying Privacy Policy Detection

2021 - Henry Hosseini, Martin Degeling, Christine Utz, Thomas Hupperich

The 21st Privacy Enhancing Technologies Symposium (PETS 2021), July 12–16, 2021, Virtual Conference

5G SUCI-Catchers: Still catching them all?

2021 - Merlin Chlosta, David Rupprecht, Christina Pöpper, Thorsten Holz

ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Virtual, June 2021 [PDF]

On the Challenges of Automata Reconstruction in LTE Networks

2021 - Merlin Chlosta, David Rupprecht, Thorsten Holz

ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Virtual, June 2021 [PDF]

Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2

2021 - Christof Beierle, Patrick Derbez, Gregor Leander, Getan Leurent, Havard Raddum, Yann Rotella, David Rupprecht, Lukas Stennes

[Paper]

Likes are not Likes - A Crowdworking Platform Analysis

2021 - Dennis Tatang, Philip Kreißel, Michael Sehring, Florian Quinkert, Martin Degeling, Thorsten Holz

CySoc Workshop at the 15th AAAI Conference on Web and Social Media [pdf]

CollabFuzz: A Framework for Collaborative Fuzzing

2021 - Sebastian Österlund, Elia Geretto, Andrea Jemmett, Emre Güler, Philipp Görz, Thorsten Holz, Cristiano Giuffrida, Herbert Bos

European Workshop on Systems Security (EuroSec), Virtual, April 2021 [pdf]

We Built This Circuit: Exploring Threat Vectors in Circuit Establishment in Tor

2021 - Theodor Schnitzler, Christina Pöpper, Markus Dürmuth, Katharina Kohls

IEEE European Symposium on Security and Privacy (EuroS&P '21). Virtual Conference, September 6-10, 2021 [Paper]

Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem

2021 - Christopher Lentzsch, Sheel Jayesh Shah, Benjamin Andow, Martin Degeling, Anupam Das, William Enck

Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 2021 [Result Overvíew] [RUB News] [Media Report (Verge)] [pdf]

Reining in the Web's Inconsistencies with Site Policy

2021 - Stefano Calzavara, Tobias Urban, Dennis Tatang, Marius Steffens, Ben Stock

Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 2021 [PDF]

Cupid: Automatic Fuzzer Selection for Collaborative Fuzzing

2020 - Emre Güler, Philipp Görz, Elia Geretto, Andrea Jemmett, Sebastian Österlund, Herbert Bos, Cristiano Giuffrida, Thorsten Holz

Annual Computer Security Applications Conference (ACSAC), Virtual, December 2020 [PDF]

Imperio: Robust Over-the-Air Adversarial Examples for Automatic Speech Recognition Systems

2020 - Lea Schönherr, Thorsten Eisenhofer, Steffen Zeiler, Thorsten Holz, Do­ro­thea Kolossa

Annual Computer Security Applications Conference (ACSAC), Virtual, December 2020 [arXiv Preprint] [PDF]

Plenty of Phish in the Sea: Analyzing Potential Pre-Attack Surfaces

2020 - Tobias Urban, Matteo Große-Kampmann, Dennis Tatang, Thorsten Holz, Norbert Pohlmann

European Symposium on Research in Computer Security (ESORICS), Guildford, UK, September 2020 [PDF]

Data Sharing in Mobile Apps — User Privacy Expectations in Europe

2020 - Nils Quermann, Martin Degeling

5th European Workshop on Usable Security (EuroUSEC 2020) [pdf]

Aurora: Statistical Crash Analysis for Automated Root Cause Explanation

2020 - Tim Blazytko, Moritz Schlögel, Cornelius Aschermann, Ali Abbasi, Joel Frank, Simon Wörner, Thorsten Holz

USENIX Security Symposium, Boston, MA, USA, August 2020 [PDF]

Call Me Maybe: Eavesdropping Encrypted LTE Calls With ReVoLTE

2020 - David Rupprecht, Katharina Kohls, Thorsten Holz, Christina Pöpper

USENIX Security Symposium, Boston, MA, USA, August 2020 [Website] [PDF]

EthBMC: A Bounded Model Checker for Smart Contracts

2020 - Joel Frank, Cornelius Aschermann, Thorsten Holz

USENIX Security Symposium, Boston, MA, USA, August 2020 [PDF]

HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation

2020 - Abraham A. Clements, Eric Gustafson, Tobias Scharnowski, Paul Grosen, David Fritz, Christopher Kruegel, Giovanni Vigna, Saurabh Bagchi, Mathias Payer

USE­NIX Se­cu­ri­ty Sym­po­si­um, Bos­ton, MA, USA, Au­gust 2020 [PDF]

Leveraging Frequency Analysis for Deep Fake Image Recognition

2020 - Joel Frank, Thorsten Eisenhofer, Lea Schönherr, Asja Fischer , Do­ro­thea Kolossa, Thorsten Holz

International Conference on Machine Learning (ICML), July 2020 [arXiv Preprint] [PDF]

Be the Phisher - Understanding Users’ Perception of Malicious Domains

2020 - Florian Quinkert, Martin Degeling, Jim Blythe, Thorsten Holz

ACM Asia Conference on Computer & Communications Security (ASIACCS), Taipei, Taiwan, June 2020 [PDF]

CORSICA: Cross-Origin Web Service Identification

2020 - Christian Dresen, Fabian Ising, Damian Poddebniak, Tobias Kappert, Thorsten Holz, Sebastian Schinzel

ACM Asia Conference on Computer & Communications Security (ASIACCS), Taipei, Taiwan, June 2020 [PDF]

Measuring the Impact of the GDPR on Data Sharing in Ad Networks

2020 - Tobias Urban, Dennis Tatang, Martin Degeling, Thorsten Holz, Norbert Pohlmann

ACM Asia Conference on Computer & Communications Security (ASIACCS), Taipei, Taiwan, June 2020 [PDF]

IJON: Exploring Deep State Spaces via Fuzzing

2020 - Cornelius Aschermann, Sergej Schumilo, Ali Abbasi, Thorsten Holz

IEEE Symposium on Security and Privacy ("Oakland"), San Jose, CA, May 2020 [GitHub] [PDF]

Beyond the Front Page: Measuring Third Party Dynamics in the Field

2020 - Tobias Urban, Martin Degeling, Thorsten Holz, Norbert Pohlmann

The Web Conferences (WWW), Tai­pei, Tai­wan, April 2020 [arXiv] [PDF]

Hyper-Cube: High-Dimensional Hypervisor Fuzzing

2020 - Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon Wörner, Thorsten Holz

Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 2020 [PDF]

IMP4GT: IMPersonation Attacks in 4G NeTworks

2020 - David Rupprecht, Katharina Kohls, Thorsten Holz, Christina Pöpper

Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 2020 [PDF]

On Using Application-Layer Middlebox Protocols for Peeking Behind NAT Gateways

2020 - Teemu Rytilahti, Thorsten Holz

Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 2020 [GitHub] [PDF] [Slides]

"Your Hashed IP Address: Ubuntu": Perspectives on Transparency Tools for Online Advertising

2019 - Tobias Urban, Martin Degeling, Thorsten Holz, Norbert Pohlmann

Annual Computer Security Applications Conference (ACSAC), Puerto Rico, USA, December 2019 [PDF]

VPS: Excavating High-Level C++ Constructs from Low-Level Binaries to Protect Dynamic Dispatching

2019 - Andre Pawlowski, Victor van der Veen, Dennis Andriesse, Erik van der Kouwe, Thorsten Holz, Cristiano Giuffrida, Herbert Bos

Annual Computer Security Applications Conference (ACSAC), Puerto Rico, USA, December 2019 [GitHub] [PDF]

Below the Radar: Spotting DNS Tunnels in Newly Observed Hostnames in the Wild

2019 - Dennis Tatang, Florian Quinkert, Thorsten Holz

APWG Symposium on Electronic Crime Research (eCrime) 2019, Pittsburgh, PA, USA, November 2019 [PDF]

(Un)informed Consent: Studying GDPR Consent Notices in the Field

2019 - Christine Utz, Martin Degeling, Sascha Fahl, Florian Schaub, Thorsten Holz

ACM Conference on Computer and Communications Security (CCS 2019), November 2019, London, UK [Techcrunch Report] [GitHub] [PDF] [Slides]

A Study on Subject Data Access in Online Advertising after the GDPR

2019 - Tobias Urban, Dennis Tatang, Martin Degeling, Thorsten Holz, Norbert Pohlmann

International Workshop on Data Privacy Management (DPM) 2019, co-located with ESORICS 2019 in Luxembourg, September 2019 [PDF]

Study of DNS Rebinding Attacks on Smart Home Devices

2019 - Dennis Tatang, Tim Suurland, Thorsten Holz

International Workshop on Attacks and Defenses for Internet-of-Things (ADIoT) 2019, co-located with ESORICS 2019 in Luxembourg, September 2019 [PDF]

Static Detection of Uninitialized Stack Variables in Binary Code

2019 - Behrad Garmany, Martin Stoffel, Robert Gawlik, Thorsten Holz

European Symposium on Research in Computer Security (ESORICS), Luxembourg, September 2019 [PDF]

Towards Automated Application-Specific Software Stacks

2019 - Nicolai Davidsson, Andre Pawlowski, Thorsten Holz

European Symposium on Research in Computer Security (ESORICS), Luxembourg, September 2019 [Technical Report] [GitHub] [PDF]

GDPiRated – Stealing Personal Information On-and Offline

2019 - Matteo Cagnazzo, Thorsten Holz, Norbert Pohlmann

European Symposium on Research in Computer Security (ESORICS), Luxembourg, September 2019 [PDF]

AntiFuzz: Impeding Fuzzing Audits of Binary Executables

2019 - Emre Güler, Cornelius Aschermann, Ali Abbasi, Thorsten Holz

USENIX Security Symposium, Santa Clara, CA, USA, August 2019 [GitHub] [pdf]

GRIMOIRE: Synthesizing Structure while Fuzzing

2019 - Tim Blazytko, Cornelius Aschermann, Moritz Schlögel, Ali Abbasi, Sergej Schumilo, Simon Wörner, Thorsten Holz

USENIX Security Symposium, Santa Clara, CA, USA, August 2019 [GitHub] [Pdf]

Intervention and End-User Development

2019 - Thomas Herrmann, Christopher Lentzsch, Martin Degeling

International Symposium on End User Development (IS-EUD) 2019 [Conference Link] [Springer Link]

Large-scale Analysis of Infrastructure-leaking DNS Servers

2019 - Dennis Tatang, Carl Schneider, Thorsten Holz

Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Gothenburg, Sweden, June 2019 [GitHub] [PDF]

Challenges in Designing Exploit Mitigations for Deeply Embedded Systems

2019 - Ali Abbasi, Jos Wetzels, Thorsten Holz, Sandro Etalle

IEEE European Symposium on Security and Privacy (EuroS&P 2019), Stockholm, Sweden, June 2019 [PDF]

Steroids for DOPed Applications: A Compiler for Automated Data-Oriented Programming

2019 - Jannik Pewny, Philipp Koppe, Thorsten Holz

IEEE European Symposium on Security and Privacy (EuroS&P 2019), Stockholm, Sweden, June 2019 [PDF]
Page: