Hi, I am a PhD candidate at the chair Security in Telecommunications (SecT) at the Technische Universität Berlin, Germany. My research topics belong to network and software security with a strong focus on web security. As part of my research assistant position at the university, I also teach students and supervise theses or projects. If you are looking for a collaboration partner or a supervisor, feel free to contact me.

Further, I participate in CTFs as part of ENOFLAG and lead the student club AG Rechnersicherheit e.V.. I also do IT-Sec Freelance Work and give talks at various conferences.

Web Security Network Security Software Security Bugbounty CTF Penetration Tests IT-Consulting Freelance Work

Publications

Here is a list of academic publications I was involved with:

2024

What All the PHUZZ Is About: A Coverage-guided Fuzzer for Finding Vulnerabilities in PHP Web Applications

with Lorenz Kleissner and Jean-Pierre Seifert

AsiaCCS 2024; Paper award: 1st place @ CSAW 2024 Applied Research Competition

Publication ⟶
2024

Bringing UFUs Back into the Air With FUEL: A Framework for Evaluating the Effectiveness of Unrestricted File Upload Vulnerability Scanners

with Maath Oudeh

DIMVA 2024

Publication ⟶
2023

A review of the security role of ISP mandated ONUs and ONTs in GPONs

with Max Franke

Arxiv

Publication ⟶
2022

Oh SSH-it, What’s My Fingerprint? A Large-Scale Analysis of SSH Host Key Fingerprint Verification Records in the DNS

with Nils Wisiol

CANS 2022

Publication ⟶
2021

The Elephant in the Background: A Quantitative Approach to Empower Users Against Web Browser Fingerprinting

with Julian Fietkau, Kashyap Thimmaraju, Felix Kybranz, and Jean-Pierre Seifert

WPES 2021

Publication ⟶

Teaching

Here is a list of courses that I was a lecturer or teaching assistant for:

Winter '24/25

Websecurity

A lecture on web security covering the well known vulnerability classes (OWASP TOP 10) from an attacker's and defender's perspective.

Course description ⟶
Summer '24

International Information Security Contest

A project where students develop CTF-services for an international Attack-Defense CTF.

Course description ⟶
Winter '23/24

Websecurity

A lecture on web security covering the well known vulnerability classes (OWASP TOP 10) from an attacker's and defender's perspective.

Course description ⟶
Summer '23

International Information Security Contest

A project where students develop CTF-services for an international Attack-Defense CTF.

Course description ⟶
Winter '22/23

Technical Foundations of Computer Science for Business-Computer Scientists

Students learn the technical foundations of computer science, i.e. computer architectures, number representations, operating systems, scheduling algorithms, paralleziation & locking, networking, etc.

Course description ⟶
Summer '22

International Information Security Contest

A project where students develop CTF-services for an international Attack-Defense CTF.

Course description ⟶
Summer '22

Internet Security

A lecture about internet security, i.e. protocols, firewalls, DDoS, XSS, etc.

Course description ⟶
Winter '21/22

Technical Foundations of Computer Science for Business-Computer Scientists

Students learn the technical foundations of computer science, i.e. computer architectures, number representations, operating systems, scheduling algorithms, paralleziation & locking, networking, etc.

Course description ⟶
Winter '21/22

Rescue Your Server Project (Computer Security Big Project)

A project where students develop new vulnerable services for the IT-Seclab Course.

Course description ⟶
Summer '21

International Information Security Contest

A project where students develop CTF-services for an international Attack-Defense CTF.

Course description ⟶

Theses & Projects

I am happy to supervise bachelor and master thesis that are related to my research interests. It's best if you can bring an idea, but feel free to ask if I have a topic available. Similarly, if you're looking for a bachelor's (6LP) or master's (9LP) project, do not hesitate to contact me as well.

Here is a list of theses and projects I have supervised:

2024

Analysis of the HTTP Security Response Headers of the Top 1 Million Domains

Computer Security Big Project

2024

Assessing DNS Security Resource Record Adoption: The Hosters’ Influence

Bachelor Thesis

2024

Analyzing Query Limits Of Open DNS-Resolvers To Facilitate More Reliable Internet Scanning

Bachelor Thesis

2024

Intrusion Detection at Scale: Designing, Implementing, and Evaluating Lightweight Honeypot Techniques for IoT Networks

Bachelor Thesis (Co-Supervisor)

2024

A Security Analysis of FIDO2 Implementations and the Impact of Passkey Synchronization

Bachelor Thesis

2024

Assessing Web Vulnerabilities: Exploring File Upload Vulnerabilities on PHP Servers and Conducting a Comparative Analysis of Testing Tools

Bachelor Thesis

2024

Large Scale Analysis of Web Security Headers and Their Potential Data Transfer Overhead

Bachelor Thesis

2023

Towards Effective Vulnerability Management: A Survey to Assess the Status Quo of Coordinated Vulnerability Disclosure in Germany

Bachelor Thesis

2023

PressPot: Developing and Evaluating a Honeynet Framework Based on WordPress CMS

Bachelor Thesis

2022

A Case Study of Building a Coverage-Guided Fuzzer with the Purpose of Finding Security Vulnerabilities in PHP Web Applications

Bachelor Thesis

Awards, Certificates, Presentations, Projects & News

A selected list of highlights about my academic work.

2024, November

1st place @ CSAW'24 Applied Research Competition, Valence, France

The PHUZZ publication was awarded with the 1st place @ CSAW's Applied Research Competition.

CSAW ⟶
2024, October

Invited Guest Talk @ KIT SECUSO Research Seminar, Karlsruhe, Germany

A presentation about my publications and research to foster new ideas and collaborations. Thanks for having me!

KIT Research Seminar ⟶
2024, July

Paper presentation @ DIMVA 2024, Lausanne, Switzerland

The publication "Bringing UFUs Back into the Air With FUEL: A Framework for Evaluating the Effectiveness of Unrestricted File Upload Vulnerability Scanners" was presented at DIMVA 2024.

DIMVA Program ⟶
2024, July

Paper presentation @ AsiaCCS 2024, Singapore, Singapore

The publication "What All the PHUZZ Is About: A Coverage-guided Fuzzer for Finding Vulnerabilities in PHP Web Applications" was presented at AsiaCCS 2024.

AsiaCCS Program ⟶
2024, May

Bugbounty Workshop @ GPN 2024, Karlsruhe, Germany

I gave a workshop on bugbounty programs and legal hacking at GPN 22.

GPN 22 Workshop ⟶
2024, May

Presentation @ GPN 2024, Karlsruhe, Germany

The upcoming FUEL publication was presented at GPN 22 as Help Us Identify UFUs: (Em)Powering Vulnerability Scanners with FUEL.

GPN 22 Presentation ⟶
2023, September

Presentation @ Nullcon Goa 2024, Goa, India

The SSHFP publication was presented at Nullcon Goa 2023 as (In)Secure Host Key Verification - Are SSHFP DNS Records The 'Next Big Thing'?.

Nullcon Program ⟶
2023, March

Presentation @ Security Nights Berlin, Berlin, Germany

The SSHFP publication was presented at SNB 2023 as Oh SSH-it, I didn't know about SSHFP RRs in the DNS!.

Security Nights Berlin ⟶
2022, November

Paper presentation @ CANS 2022, Abu Dhabi, United Arab Emirates

The publication Oh SSH-it, what's my fingerprint? A Large-Scale Analysis of SSH Host Key Fingerprint Verification Records in the DNS was presented at CANS 2022.

CANS Program ⟶
2022, October

Presentation @ DNS-OARC 39, Belgrade, Serbia

The SSHFP publication was presented at DNS-OARC 39 as Analysis of SSHFP records in the DNS.

DNS-OARC 39 Program ⟶
2022, September

Moderated session @ TechCamp 2022, Hamburg, Germany

A moderated session with the title Lets talk about vulnerabilities, responsible disclosure and bug bounties. at TechCamp Hamburg 2022.

TechCamp Program ⟶
2022, September

Presentation @ TechCamp 2022, Hamburg, Germany

A presentation about our SSHFP research with the title SSH host key verification fingerprints in the DNS.

TechCamp Program ⟶
2022, September

Panel Discussion @ CodeTalks 2022, Hamburg, Germany

One of the panelists on the discussion about How attacks have changed between the recent 2 decades at CodeTalks 2022.

CodeTalks Program ⟶
2022, September

Presentation @ CodeTalks 2022, Hamburg, Germany

Presentation about the Master's thesis publication on browser fingerprinting as Fingerprinting the Fingerprinters at CodeTalks 2022.

CodeTalks Program ⟶

Contact

If you wish to contact me, feel free to do so! I check my emails multiple times a day, the other channels less frequently.