Dominik Maier

• Dr.-Ing.
• PhD at Technische Universität Berlin

This report describes the artifacts of the “Dissecting American Fuzzy Lop – A FuzzBench Evaluation” paper. The artifacts are available online at https://github.com/eurecom-s3/dissecting_afl and archived at https://doi.org/10.6084/m9.figshare.21401280 and consists in the produced code, the setup to run the experiments in FuzzBench and the generated...

AFL is one of the most used and extended fuzzer, adopted by industry and academic researchers alike. While the community agrees on AFL’s effectiveness at discovering new vulnerabilities and at its outstanding usability, many of its internal design choices remain untested to date. Security practitioners often clone the project “as-is” and use it as...

AFL is one of the most used and extended fuzzer, adopted by industry and academic researchers alike. While the community agrees on AFL's effectiveness at discovering new vulnerabilities and at its outstanding usability, many of its internal design choices remain untested to date. Security practitioners often clone the project "as-is" and use it as...

AFL is one of the most used and extended fuzzing projects, adopted by industry and academic researchers alike. While the community agrees on AFL's effectiveness at discovering new vulnerabilities and at its outstanding usability, many of its internal design choices remain untested to date. Security practitioners often clone the project "as-is" and...

Zusammenfassung Eine etablierte Methode der Sicherheitsforschung zur Feststellung von Schwachstellen in Software ist Reverse Engineering. Verstößt eine solche Analyse von Programmen gegen das Urheberrecht? Mehrere deutsche Forscherteams erhielten nach der Veröffentlichung von gefundenen Schwachstellen Unterlassungserklärungen sowie Anträge auf eins...

In this paper, we present AFL ++ , a community-driven open-source tool that incorporates state-of-the-art fuzzing research, to make the research comparable, reproducible, combinable and-most importantly-useable. It offers a variety of novel features, for example its Custom Mutator API, able to extend the fuzzing process at many stages. With it, mut...

Rogue base stations are an effective attack vector. Cellular basebands represent a critical part of the smartphone's security: they parse large amounts of data even before authentication. They can, therefore, grant an attacker a very stealthy way to gather information about calls placed and even to escalate to the main operating system, over-the-ai...

The continued popularity of smartphones has led companies from all business sectors to use them for security-sensitive tasks like two-factor authentication. Android, however, suffers from a fragmented landscape of devices and versions, which leaves many devices unpatched by their manufacturers. This security gap has created a vital market of commer...

This paper looks at N26, a pan-European banking startup and the poster child for young FinTech companies. We assess how security is treated by startups that provide disruptive technologies in the financial sector. In an area that has been committed to security, we find that FinTech companies have modern designs and outstanding user experience as th...

In the work at hand, we first demonstrate that Android malware can bypass current automated analysis systems, including AV solutions, mobile sandboxes, and the Google Bouncer. A tool called Sand-Finger allowed us to fingerprint Android-based analysis systems. By analyzing the fingerprints of ten unique analysis environments from different vendors,...

In this paper, we demonstrate that Android mal-ware can bypass all automated analysis systems, including AV solutions, mobile sandboxes, and the Google Bouncer. We propose a tool called Sand-Finger for the fingerprinting of Android-based analysis systems. By analyzing the fingerprints of ten unique analysis environments from different vendors, we w...