Hi, I am a PhD candidate at the chair Security in Telecommunications (SecT) at the Technische Universität Berlin, Germany. My research topics belong to network and software security with a strong focus on web security. As part of my research assistant position at the university, I also teach students and supervise theses or projects. If you are looking for a collaboration partner or a supervisor, feel free to contact me.
Further, I participate in CTFs as part of ENOFLAG and lead the student club AG Rechnersicherheit e.V.. I also do IT-Sec Freelance Work and give talks at various conferences.
Publications
Here is a list of academic publications I was involved with:
What All the PHUZZ Is About: A Coverage-guided Fuzzer for Finding Vulnerabilities in PHP Web Applications
AsiaCCS 2024
Publication (TBD)Bringing UFUs Back into the Air With FUEL: A Framework for Evaluating the Effectiveness of Unrestricted File Upload Vulnerability Scanners
DIMVA 2024
Publication (TBD)Oh SSH-it, What’s My Fingerprint? A Large-Scale Analysis of SSH Host Key Fingerprint Verification Records in the DNS
CANS 2022
Publication ⟶The Elephant in the Background: A Quantitative Approach to Empower Users Against Web Browser Fingerprinting
WPES 2021
Publication ⟶Teaching
Here is a list of courses that I was a lecturer or teaching assistant for:
International Information Security Contest
A project where students develop CTF-services for an international Attack-Defense CTF.
Course description ⟶Websecurity
A lecture on web security covering the well known vulnerability classes (OWASP TOP 10) from an attacker's and defender's perspective.
Course description ⟶International Information Security Contest
A project where students develop CTF-services for an international Attack-Defense CTF.
Course description ⟶Technical Foundations of Computer Science for Business-Computer Scientists
Students learn the technical foundations of computer science, i.e. computer architectures, number representations, operating systems, scheduling algorithms, paralleziation & locking, networking, etc.
Course description ⟶International Information Security Contest
A project where students develop CTF-services for an international Attack-Defense CTF.
Course description ⟶Internet Security
A lecture about internet security, i.e. protocols, firewalls, DDoS, XSS, etc.
Course description ⟶Technical Foundations of Computer Science for Business-Computer Scientists
Students learn the technical foundations of computer science, i.e. computer architectures, number representations, operating systems, scheduling algorithms, paralleziation & locking, networking, etc.
Course description ⟶Rescue Your Server Project (Computer Security Big Project)
A project where students develop new vulnerable services for the IT-Seclab Course.
Course description ⟶International Information Security Contest
A project where students develop CTF-services for an international Attack-Defense CTF.
Course description ⟶Theses & Projects
I am happy to supervise bachelor and master thesis that are related to my research interests. It's best if you can bring an idea, but feel free to ask if I have a topic available. Similarly, if you're looking for a bachelor's (6LP) or master's (9LP) project, do not hesitate to contact me as well.
Here is a list of theses and projects I have supervised:
Intrusion Detection at Scale: Designing, Implementing, and Evaluating Lightweight Honeypot Techniques for IoT Networks
Bachelor Thesis (Co-Supervisor)
A Security Analysis of FIDO2 Implementations and the Impact of Passkey Synchronization
Bachelor Thesis
Assessing Web Vulnerabilities: Exploring File Upload Vulnerabilities on PHP Servers and Conducting a Comparative Analysis of Testing Tools
Bachelor Thesis
Large Scale Analysis of Web Security Headers and Their Potential Data Transfer Overhead
Bachelor Thesis
Towards Effective Vulnerability Management: A Survey to Assess the Status Quo of Coordinated Vulnerability Disclosure in Germany
Bachelor Thesis
PressPot: Developing and Evaluating a Honeynet Framework Based on WordPress CMS
Bachelor Thesis
A Case Study of Building a Coverage-Guided Fuzzer with the Purpose of Finding Security Vulnerabilities in PHP Web Applications
Bachelor Thesis