Thorsten Holz

Thorsten Holz

Institution: CISPA / CASA

Research Hub(s):

Hub B: Eingebettete Sicherheit
Hub C: Sichere Systeme
Hub D: Benutzerfreundlichkeit

E-Mail: Thorsten.​Holz@​rub.​de


NYX: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types 5G SUCI-catchers: still catching them all? Efficient Calculation of Adversarial Examples for Bayesian Neural Networks Reproducibility and Replicability of Web Measurement Studies The Evolution of DNS-based Email Authentication: Measuring Adoption and Finding Flaws Plenty of Phish in the Sea: Analyzing Potential Pre-Attack Surfaces Cupid: Automatic Fuzzer Selection for Collaborative Fuzzing Leveraging Frequency Analysis for Deep Fake Image Recognition Imperio: Robust Over-the-Air Adversarial Examples for Automatic Speech Recognition Systems Towards Automating Code-Reuse Attacks Using Synthesized Gadget Chains Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing Jit-Picking: Differential Fuzzing of JavaScript Engines Loki: Hardening Code Obfuscation Against Automated Attacks xTag: Mitigating Use-After-Free Vulnerabilities via Software-Based Pointer Tagging on Intel x86-64 SGXFuzz: Efficiently Synthesizing Nested Structures for SGX Enclave Fuzzing On the challenges of automata reconstruction in LTE networks Dompteur: Taming Audio Adversarial Examples VPS: Excavating High-Level C++ Constructs from Low-Level Binaries to Protect Dynamic Dispatching HYPER-CUBE: High-Dimensional Hypervisor Fuzzing IJON: Exploring Deep State Spaces via Fuzzing Towards Automated Application-Specific Software Stacks Static Detection of Uninitialized Stack Variables in Binary Code (Un)informed Con­sent: Studying GDPR Consent Notices in the Field ANTIFUZZ: Impeding Fuzzing Audits of Binary Executables GRIMOIRE: Synthesizing Structure while Fuzzing Adversarial Attacks Against Automatic Speech Recognition Systems via Psychoacoustic Hiding AURORA: Statistical Crash Analysis for Automated Root Cause Explanation Be the Phisher – Understanding Users’ Perception of Malicious Domains CORSICA: Cross-Origin Web Service Identification Measuring the Impact of the GDPR on Data Sharing in Ad Networks ETHBMC: A Bounded Model Checker for Smart Contracts Call Me Maybe: Eavesdropping Encrypted LTE Calls With REVOLTE On Using Application-Layer Middlebox Protocols for Peeking Behind NAT Gateways IMP4GT: IMPersonation Attacks in 4G NeTworks