Contact | Privacy | DE / EN
Hackmanit Logo


Scientific Publications

  • Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels. USENIX Security 2018 (DL)
  • More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema (DL)
  • Same-Origin Policy: Evaluation in Modern Browsers. USENIX Security 2017 (DL)
  • Do not trust me: Using malicious IdPs for analyzing and attacking Single Sign-On. EuroS&P 2016 (DL)
  • How Secure is TextSecure?. EuroS&P 2016
  • How to Break XML Encryption - Automatically. WOOT 2015 (DL)
  • Automatic Recognition, Processing and Attacking of Single Sign-On Protocols with Burp Suite. Open Identity Summit 2015 (DL)
  • AdIDoS - Adaptive and Intelligent Fully-Automatic Detection of Denial-of-Service Weaknesses in Web Services. QASA 2015 (DL)
  • Practical Invalid Curve Attacks on TLS-ECDH. ESORICS 2015 (DL)
  • Not so Smart: On Smart TV Apps. SIoT 2015. (DL)
  • Owning Your Home Network: Router Security Revisited, W2SP 2015 (DL)
  • Guardians of the Clouds. CCSW 2014: The ACM Cloud Computing Security Workshop
  • Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks. USENIX 2014
  • Scriptless attacks: Stealing more pie without touching the sill. Journal of Computer Security 2014 (DL)
  • On the Insecurity of XML Security. Dissertation. Juraj Somorovsky, 2013 (DL)
  • A new Approach towards DoS Penetration Testing on Web Services. ICWS 2013 (DL)
  • One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography. NDSS 2013 (DL)
  • Bleichenbacher’s Attack Strikes Again: Breaking PKCS#1 v1.5 in XML Encryption. ESORICS 2012 (DL)
  • On Breaking SAML: Be Whoever You Want to Be. USENIX 2012 (DL)
  • Penetration Testing Tool for Web Services Security. SERVICES Workshop 2012 (DL)
  • Technical Analysis of Countermeasures against Attack on XML Encryption - or - Just Another Motivation for Authenticated Encryption. SERVICES Workshop 2012 (DL)
  • UI Re­dressing Attacks on Android Devices. Black Hat Abu Dhabi 2012 (DL)
  • Scriptless Attacks – Stealing the Pie Without Touching the Sill. ACM CCS 2012 (DL)
  • The Bug that made me Pre­si­dent: A Browser and Web-Security Case Study on Helios Voting. VoteID 2011 (Amazon)
  • All Your Clouds are Belong to us - Security Analysis of Cloud Management Interfaces. CCSW 2011 (DL)
  • How to Break XML Encryption. CCS 2011 (DL)



  • Identitätsdiebstahl und Identitätsmissbrauch im Internet, Rechtliche und technische Aspekte, Schwenk et al., Springer (Springer)
  • Daten- und Identitätsschutz in Cloud Computing, E-Government und E-Commerce, Schwenk et al., Springer (Springer)
  • Clickjacking und UI-Redressing – Vom Klick-Betrug zum Datenklau. Ein Leitfaden für Sicherheitsexperten und Webentwickler, Marcus Niemietz, dpunkt.verlag (dpunkt.verlag)
  • Sicherheit und Kryptographie im Internet: Von Sicherer E-Mail bis zu IP-Verschlüsselung, Jörg Schwenk, Springer (Springer)
  • Moderne Verfahren der Kryptographie: Von RSA zu Zero-Knowledge, Jörg Schwenk et al., Springer (Springer)


Public Studies

  • Sichere Implementierung einer allgemeinen Kryptobibliothek (PDF)
  • Quellcode-basierte Untersuchung von kryptographisch relevanten Aspekten der OpenSSL-Bibliothek, Bundesamtes für Sicherheit in der Informationstechnik (German, PDF)