Items where Author is "Rossow, Christian"

Conference or Workshop Item (A Paper)

(2023) ResolFuzz: Differential Fuzzing of DNS Resolvers.

(2023) Anomaly-based Filtering of Application-Layer DDoS Against DNS Authoritatives. (Submitted)

(2023) FetchBench: Systematic Identification and Characterization of Proprietary Prefetchers.

(2022) TyPro: Forward CFI for C-Style Indirect Function Calls Using Type Propagation. (In Press)

(2022) FeIDo: Recoverable FIDO2 Tokens Using Electronic IDs. (In Press)

(2022) Browser-based CPU Fingerprinting. (In Press)

(2022) AmpFuzz: Fuzzing for Amplification DDoS Vulnerabilities.

(2022) Microarchitectural Leakage Templates and Their Application to Cache-Based Side Channels.

(2021) ANYway: Measuring the Amplification DDoS Potential of Domains.

(2021) BGPeek-a-Boo: Active BGP-based Traceback for Amplification DDoS Attacks.

(2021) YarIx: Scalable YARA-based Malware Intelligence.

(2021) Osiris: Automated Discovery of Microarchitectural Side Channels. (In Press)

(2021) Cali: Compiler Assisted Library Isolation. (In Press)

(2021) NoVT: Eliminating C++ Virtual Calls to Mitigate Vtable Hijacking. (In Press)

(2020) DPIFuzz: A Differential Fuzzing Frameworkto Detect DPI Elusion Strategies for QUIC.

(2020) xOSSig: Leveraging OS Diversity to Automatically Extract Malware Code Signatures.

(2020) On the Origin of Scanning: The Impact of Location on Internet-Wide Scans.

(2020) Padding Ain’t Enough: Assessing the Privacy Guarantees of Encrypted DNS.

(2020) SENG, the SGX-Enforcing Network Gateway: Authorizing Communication from Shielded Clients.

(2020) Slitheen++: Stealth TLS-based Decoy Routing.

(2019) Don’t Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild.

(2019) MALPITY: Automatic Identification and Exploitation of Tarpit Vulnerabilities in Malware. (In Press)

(2018) teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts.

(2018) Ret2Spec: Speculative Execution Using Return Stack Buffers.

(2018) Evasive Malware via Identifier Implanting.

(2018) DNS Unchained: Amplified Application-Layer DoS Attacks Against DNS Authoritatives.

(2018) Didn’t You Hear Me? — Towards More Successful Web Vulnerability Notifications.

(2018) Identifying Key Leakage of Bitcoin Users. (In Press)

(2018) MemScrimper: Time- and Space-Efficient Storage of Malware Sandbox Memory Dumps.

(2018) The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators.

(2017) Linking Amplification DDoS Attacks to Booter Services.

(2017) Who Controls the Internet? Analyzing Global Threats using Property Graph Traversals.

(2017) Dachshund: Digging for and Securing (Non-)Blinded Constants in JIT Code.

(2017) Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs.

(2017) Millions of Targets Under Attack: A Macroscopic Characterization of the DoS Ecosystem.

(2016) Identifying the Scan and Attack Infrastructures behind Amplification DDoS attacks.

(2016) On the Feasibility of TTL-based Filtering for DRDoS Mitigation.

(2016) Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification.

(2016) What Cannot be Read, Cannot be Leveraged? Revisiting Assumptions of JIT-ROP Defenses.

(2016) VatiCAN - Vetted, Authenticated CAN Bus.

(2016) Detecting Hardware-Assisted Virtualization.

(2016) SandPrint: Fingerprinting Malware Sandboxes to Provide Intelligence for Sandbox Evasion.

(2016) Uses and Abuses of Server-Side Requests.

(2016) POSTER: Mapping the Landscape of Large-Scale Vulnerability Notifications.

(2015) AmpPot: Monitoring and Defending Against Amplification DDoS Attacks.

(2015) POSTER: In the Net of the Spider - Measuring the Anonymity-Impact of Network-level Adversaries Against Tor.

(2015) Cross-Architecture Bug Search in Binary Executables.

(2015) Cashing Out the Great Cannon? On Browser-Based DDoS Attacks and Economics.

(2015) Going Wild: Large-Scale Classification of Open DNS Resolvers.

(2015) IoTPOT: Analysing the Rise of IoT Compromises.

(2015) Reliable Recon in Adversarial Peer-to-Peer Botnets.

(2015) Zeus Milker: Circumventing the P2P Zeus Neighbor List Restriction Mechanism.

(2015) jÄk: Using Dynamic Analysis to Crawl and Test Modern Web Applications.

(2014) Exit from Hell? Reducing the Impact of Amplification DDoS Attacks.

(2014) Amplification Hell: Revisiting Network Protocols for DDoS Abuse.

(2014) Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks.

(2014) Leveraging semantic signatures for bug search in binary programs.

(2014) On Advanced Monitoring in Resilient and Unstructured P2P Botnets.

(2014) On Measuring the Impact of DDoS Botnets.

(2014) On the (In)Security of Mobile Two-Factor Authentication.

(2014) Paint it Black: Evaluating the Effectiveness of Malware Blacklists.

(2013) Exploiting visual appearance to cluster and detect rogue software.

(2013) Highly resilient peer-to-peer botnets are here: An analysis of Gameover Zeus.

(2013) SoK: P2PWNED - Modeling and Evaluating the Resilience of Peer-to-Peer Botnets.

(2012) Manufacturing compromise: the emergence of exploit-as-a-service.

(2012) Prudent Practices for Designing Malware Experiments: Status Quo and Outlook.

(2011) On Botnets That Use DNS for Command and Control.

Article

(2018) Speculose: Analyzing the Security Implications of Speculative Execution in CPUs.

(2016) Angreiferjagd im "Internet der Dinge".

(2016) IoTPOT: A Novel Honeypot for Revealing Current IoT Threats.

(2015) Amplification and DRDoS Attack Defense - A Survey and New Perspectives.

(2013) CoCoSpot: Clustering and recognizing botnet command and control channels using traffic analysis.

Monograph

(2023) FeIDo: Recoverable FIDO2 Tokens Using Electronic IDs (Extended Version).