Thorsten Holz

Thorsten Holz

Institution: CISPA / CASA

Research Hub(s):

Hub B: Embedded Security
Hub C: Secure Systems
Hub D: Usability



The Evolution of DNS-based Email Authentication: Measuring Adoption and Finding Flaws xTag: Mitigating Use-After-Free Vulnerabilities via Software-Based Pointer Tagging on Intel x86-64 Towards Automating Code-Reuse Attacks Using Synthesized Gadget Chains SGXFuzz: Efficiently Synthesizing Nested Structures for SGX Enclave Fuzzing On the challenges of automata reconstruction in LTE networks Reproducibility and Replicability of Web Measurement Studies Dompteur: Taming Audio Adversarial Examples 5G SUCI-catchers: still catching them all? Efficient Calculation of Adversarial Examples for Bayesian Neural Networks Loki: Hardening Code Obfuscation Against Automated Attacks Jit-Picking: Differential Fuzzing of JavaScript Engines Towards the Detection of Diffusion Model Deepfakes FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities EF/CF: A High Performance Fuzzer for Ethereum Smart Contracts Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing Adversarial Attacks Against Automatic Speech Recognition Systems via Psychoacoustic Hiding GRIMOIRE: Synthesizing Structure while Fuzzing ANTIFUZZ: Impeding Fuzzing Audits of Binary Executables (Un)informed Con­sent: Studying GDPR Consent Notices in the Field VPS: Excavating High-Level C++ Constructs from Low-Level Binaries to Protect Dynamic Dispatching Static Detection of Uninitialized Stack Variables in Binary Code Towards Automated Application-Specific Software Stacks IJON: Exploring Deep State Spaces via Fuzzing HYPER-CUBE: High-Dimensional Hypervisor Fuzzing IMP4GT: IMPersonation Attacks in 4G NeTworks On Using Application-Layer Middlebox Protocols for Peeking Behind NAT Gateways Call Me Maybe: Eavesdropping Encrypted LTE Calls With REVOLTE AURORA: Statistical Crash Analysis for Automated Root Cause Explanation ETHBMC: A Bounded Model Checker for Smart Contracts Measuring the Impact of the GDPR on Data Sharing in Ad Networks CORSICA: Cross-Origin Web Service Identification Be the Phisher – Understanding Users’ Perception of Malicious Domains Imperio: Robust Over-the-Air Adversarial Examples for Automatic Speech Recognition Systems Leveraging Frequency Analysis for Deep Fake Image Recognition Cupid: Automatic Fuzzer Selection for Collaborative Fuzzing Plenty of Phish in the Sea: Analyzing Potential Pre-Attack Surfaces NYX: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types