Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS

2016 - Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky, Philipp Jovanovic

WOOT 2016 [Blackhat stuff] [paper]

SoK: XML Parser Vulnerabilities

2016 - Christopher Späth, Christian Mainka, Vladislav Mladenov, Jörg Schwenk

10th USENIX Workshop on Offensive Technologies (WOOT '16) [Paper PDF]

How to Break Microsoft Rights Management Services

2016 - Martin Grothe, Christian Mainka, Paul Rösler, Jörg Schwenk

10th USENIX Workshop on Offensive Technologies (WOOT '16) [Paper PDF]

Your Cloud in my Company: Modern Rights Management Services Revisited

2016 - Martin Grothe, Paul Rösler, Johanna Jupke, Jan Kaiser, Christian Mainka, Jörg Schwenk

11th International Conference on Availability, Reliability and Security (ARES 2016) [pdf]

Do not trust me: Using malicious IdPs for analyzing and attacking Single Sign-On

2016 - Christian Mainka, Vladislav Mladenov, Jörg Schwenk

IEEE Eu­ropean Sym­po­si­um on Se­cu­ri­ty and Pri­va­cy (EuroS&P 2016) [Paper PDF]

How Secure is TextSecure?

2016 - Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Jörg Schwenk, Thorsten Holz

IEEE European Symposium on Security and Privacy (EuroS&P 2016) [PDF]

Attacks on OpenID Connect

2016 - Vladislav Mladenov, Christian Mainka


Automatic Recognition, Processing and Attacking of Single Sign-On Protocols with Burp Suite

2015 - Christian Mainka, Vladislav Mladenov, Tim Guenther, Jörg Schwenk

Open Identity Summit 2015 [Paper PDF]

How Private is Your Private Cloud?: Security Analysis of Cloud Control Interfaces

2015 - Dennis Felsch, Mario Heiderich, Frederic Schulz, Jörg Schwenk

ACM CCSW 2015 in conjunction with the ACM Conference on Computer and Communications Security (CCS) October 16, 2015, The Denver Marriot City Center, Denver, Colorado, USA. [paper]