Hi, I am a PhD candidate at the chair Security in Telecommunications (SecT) at the Technische Universität Berlin, Germany. My research topics belong to network and software security with a strong focus on web security. As part of my research assistant position at the university, I also teach students and supervise theses or projects. If you are looking for a collaboration partner or a supervisor, feel free to contact me.
Further, I participate in CTFs as part of ENOFLAG and lead the student club AG Rechnersicherheit e.V.. I also do IT-Sec Freelance Work and give talks at various conferences.
Publications
Here is a list of academic publications I was involved with:
What All the PHUZZ Is About: A Coverage-guided Fuzzer for Finding Vulnerabilities in PHP Web Applications
AsiaCCS 2024; Paper award: 1st place @ CSAW 2024 Applied Research Competition
Publication ⟶Bringing UFUs Back into the Air With FUEL: A Framework for Evaluating the Effectiveness of Unrestricted File Upload Vulnerability Scanners
DIMVA 2024
Publication ⟶Oh SSH-it, What’s My Fingerprint? A Large-Scale Analysis of SSH Host Key Fingerprint Verification Records in the DNS
CANS 2022
Publication ⟶The Elephant in the Background: A Quantitative Approach to Empower Users Against Web Browser Fingerprinting
WPES 2021
Publication ⟶Teaching
Here is a list of courses that I was a lecturer or teaching assistant for:
Websecurity
A lecture on web security covering the well known vulnerability classes (OWASP TOP 10) from an attacker's and defender's perspective.
Course description ⟶International Information Security Contest
A project where students develop CTF-services for an international Attack-Defense CTF.
Course description ⟶Websecurity
A lecture on web security covering the well known vulnerability classes (OWASP TOP 10) from an attacker's and defender's perspective.
Course description ⟶International Information Security Contest
A project where students develop CTF-services for an international Attack-Defense CTF.
Course description ⟶Technical Foundations of Computer Science for Business-Computer Scientists
Students learn the technical foundations of computer science, i.e. computer architectures, number representations, operating systems, scheduling algorithms, paralleziation & locking, networking, etc.
Course description ⟶International Information Security Contest
A project where students develop CTF-services for an international Attack-Defense CTF.
Course description ⟶Internet Security
A lecture about internet security, i.e. protocols, firewalls, DDoS, XSS, etc.
Course description ⟶Technical Foundations of Computer Science for Business-Computer Scientists
Students learn the technical foundations of computer science, i.e. computer architectures, number representations, operating systems, scheduling algorithms, paralleziation & locking, networking, etc.
Course description ⟶Rescue Your Server Project (Computer Security Big Project)
A project where students develop new vulnerable services for the IT-Seclab Course.
Course description ⟶International Information Security Contest
A project where students develop CTF-services for an international Attack-Defense CTF.
Course description ⟶Theses & Projects
I am happy to supervise bachelor and master thesis that are related to my research interests. It's best if you can bring an idea, but feel free to ask if I have a topic available. Similarly, if you're looking for a bachelor's (6LP) or master's (9LP) project, do not hesitate to contact me as well.
Here is a list of theses and projects I have supervised:
Analysis of the HTTP Security Response Headers of the Top 1 Million Domains
Computer Security Big Project
Assessing DNS Security Resource Record Adoption: The Hosters’ Influence
Bachelor Thesis
Analyzing Query Limits Of Open DNS-Resolvers To Facilitate More Reliable Internet Scanning
Bachelor Thesis
Intrusion Detection at Scale: Designing, Implementing, and Evaluating Lightweight Honeypot Techniques for IoT Networks
Bachelor Thesis (Co-Supervisor)
A Security Analysis of FIDO2 Implementations and the Impact of Passkey Synchronization
Bachelor Thesis
Assessing Web Vulnerabilities: Exploring File Upload Vulnerabilities on PHP Servers and Conducting a Comparative Analysis of Testing Tools
Bachelor Thesis
Large Scale Analysis of Web Security Headers and Their Potential Data Transfer Overhead
Bachelor Thesis
Towards Effective Vulnerability Management: A Survey to Assess the Status Quo of Coordinated Vulnerability Disclosure in Germany
Bachelor Thesis
PressPot: Developing and Evaluating a Honeynet Framework Based on WordPress CMS
Bachelor Thesis
A Case Study of Building a Coverage-Guided Fuzzer with the Purpose of Finding Security Vulnerabilities in PHP Web Applications
Bachelor Thesis
Awards, Certificates, Presentations, Projects & News
A selected list of highlights about my academic work.
1st place @ CSAW'24 Applied Research Competition, Valence, France
The PHUZZ publication was awarded with the 1st place @ CSAW's Applied Research Competition.
CSAW ⟶Invited Guest Talk @ KIT SECUSO Research Seminar, Karlsruhe, Germany
A presentation about my publications and research to foster new ideas and collaborations. Thanks for having me!
KIT Research Seminar ⟶Paper presentation @ DIMVA 2024, Lausanne, Switzerland
The publication "Bringing UFUs Back into the Air With FUEL: A Framework for Evaluating the Effectiveness of Unrestricted File Upload Vulnerability Scanners" was presented at DIMVA 2024.
DIMVA Program ⟶Paper presentation @ AsiaCCS 2024, Singapore, Singapore
The publication "What All the PHUZZ Is About: A Coverage-guided Fuzzer for Finding Vulnerabilities in PHP Web Applications" was presented at AsiaCCS 2024.
AsiaCCS Program ⟶Bugbounty Workshop @ GPN 2024, Karlsruhe, Germany
I gave a workshop on bugbounty programs and legal hacking at GPN 22.
GPN 22 Workshop ⟶Presentation @ GPN 2024, Karlsruhe, Germany
The upcoming FUEL publication was presented at GPN 22 as Help Us Identify UFUs: (Em)Powering Vulnerability Scanners with FUEL.
GPN 22 Presentation ⟶Presentation @ Nullcon Goa 2024, Goa, India
The SSHFP publication was presented at Nullcon Goa 2023 as (In)Secure Host Key Verification - Are SSHFP DNS Records The 'Next Big Thing'?.
Nullcon Program ⟶Presentation @ Security Nights Berlin, Berlin, Germany
The SSHFP publication was presented at SNB 2023 as Oh SSH-it, I didn't know about SSHFP RRs in the DNS!.
Security Nights Berlin ⟶Paper presentation @ CANS 2022, Abu Dhabi, United Arab Emirates
The publication Oh SSH-it, what's my fingerprint? A Large-Scale Analysis of SSH Host Key Fingerprint Verification Records in the DNS was presented at CANS 2022.
CANS Program ⟶Presentation @ DNS-OARC 39, Belgrade, Serbia
The SSHFP publication was presented at DNS-OARC 39 as Analysis of SSHFP records in the DNS.
DNS-OARC 39 Program ⟶Moderated session @ TechCamp 2022, Hamburg, Germany
A moderated session with the title Lets talk about vulnerabilities, responsible disclosure and bug bounties. at TechCamp Hamburg 2022.
TechCamp Program ⟶Presentation @ TechCamp 2022, Hamburg, Germany
A presentation about our SSHFP research with the title SSH host key verification fingerprints in the DNS.
TechCamp Program ⟶Panel Discussion @ CodeTalks 2022, Hamburg, Germany
One of the panelists on the discussion about How attacks have changed between the recent 2 decades at CodeTalks 2022.
CodeTalks Program ⟶Presentation @ CodeTalks 2022, Hamburg, Germany
Presentation about the Master's thesis publication on browser fingerprinting as Fingerprinting the Fingerprinters at CodeTalks 2022.
CodeTalks Program ⟶