This pages summarizes some of the projects my students and I['m currently|had been] working on. All of our work is free software, thus patches and comments are appreciated.

PwIN -- Pwning Intel pIN

Last update: 2018-06-15

PwIN is a collection of attacks against the de-facto standard Dynamic Binary Instrumentation engine Intel PIN. Precisely, we show that it is possible for malicious programs to evade instrumentation hooks, break out of the PIN VM, and that otherwise hard-to-exploit bugs become easy to exploit because of the way in which PIN's JIT engine operates.


Last update: 2017-12-14

Wiedergaenger is an attack against glibc-based software systems on Linux that demonstrates how specific out-of-bounds-array-accesses can be escalated to full code execution while bypassing ASLR using constant payload.


Last update: 2017-10-08

The demovfuscator is a deobfuscator for binaries that were compiled using Christopher Domas' famous M/o/Vfuscator. The current release is able to reconstruct the CFG of the original program and partially re-substitutes the mov instructions by their equivalent high-level ASM opcodes. Note that the demovfuscator is work in progress software, i.e. patches and comments are very welcome!

TCP Stealth

Last update: 2014-12-13 | Newest supported kernel: 3.18

TCP_Stealth is an RFC draft and an extension for the Linux kernel providing a modern version of port knocking for TCP sockets. Unlike other approaches, TCP_Stealth is safe against active MitM attacks, is able to ensure the integrity of the first TCP segment sent after the handshake, and requires only minimal changes to existing applications (setsockopt).