cispa/12-angry-developers-web-applications cispa/12-angry-developers-web-applications

  • Stars
    star
    1
  • Language
    HTML
  • License
    GNU Affero Genera...
  • Created about 3 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
cispa/12-angry-developers-web-applications
github

cispa

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

This repository contains our code for each version (programming language) for the Coding Task. It is a product of our work published at the 28th ACM Conference on Computer and Communications Security (CCS) in 2021.

More Repositories

1

GhostWrite

Proof-of-concept for the GhostWrite CPU bug.
C
100
star
2

CacheWarp

Proof-of-concept implementation for the paper "CacheWarp: Software-based Fault Injection using Selective State Reset" (USENIX Security 2024)
C
58
star
3

Security-RISC

Proof-of-concept implementation for the paper "A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs" (IEEE S&P 2023)
C
53
star
4

osiris

Proof-of-concept implementation for the paper "Osiris: Automated Discovery of Microarchitectural Side Channels" (USENIX Security'21)
C++
52
star
5

browser-cpu-fingerprinting

This repository contains the code for our paper "Browser-based CPU Fingerprinting".
Jupyter Notebook
35
star
6

loop-DoS

Repository for application-layer loop DoS
Python
28
star
7

persistent-clientside-xss

Exploit generator and Taint Engine to find persistent (and reflected) client-side XSS
Python
26
star
8

BranchDifferent

Implementation for the DIMVA'22 paper "Branch Different - Spectre Attacks on Apple Silicon"
C
26
star
9

Microarchitectural-Hash-Function-Recovery

Proof-of-concept implementation for the paper "Efficient and Generic Microarchitectural Hash-Function Recovery" (IEEE S&P 2024)
C++
25
star
10

mwait

Proof-of-concept implementation for the paper "(M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels" (USENIX Security'23)
C
20
star
11

indirect-meltdown

Proof-of-concept implementation for the paper "Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks" (ESORICS 2023)
C
20
star
12

full-domain-functional-bootstrap

C++
14
star
13

xs-observations

Code for our 2023 IEEE S&P Paper "The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web"
Jupyter Notebook
12
star
14

ampfuzz

Fuzzer for Amplification Vulnerabilities (USENIX '22, Krupp et al)
C++
11
star
15

hammulator

Proof-of-concept implementation for the paper "Hammulator: Simulate Now - Exploit Later" (DRAMSec 2023)
C
11
star
16

regcheck

Proof-of-concept implementation for the paper "Reviving Meltdown 3a" (ESORICS 2023)
C
11
star
17

Switchpoline

Proof-of-concept implementation for the paper "Switchpoline: A Software Mitigation for Spectre-BTB and Spectre-BHB on ARMv8" (AsiaCCS 2024)
C++
9
star
18

http-conformance

Code for our 2024 ACM AsiaCCS Paper "Who's Breaking the Rules? Studying Conformance to the HTTP Specifications and its Security Impact"
Python
9
star
19

gdpr-consent

Code for our paper: "Share First, Ask Later (or Never?) - Studying Violations of GDPR's Explicit Consent in Android Apps"
Python
8
star
20

login-security-landscape

Code for our 2024 IEEE S&P Paper "To Auth or Not To Auth? A Comparative Analysis of the Pre- and Post-Login Security Landscape"
TypeScript
8
star
21

micsec-training

The material for the hands-on session "Turning Timing Differences into Data Leakage" at Mic-Sec 2022
C
3
star
22

IRQGuard

C
3
star
23

cascading-spy-sheets

This repository contains the artifact for our paper "Cascading Spy Sheets: Exploiting the Complexity of Modern CSS for Email and Browser Fingerprinting" published at NDSS 2025.
HTML
2
star
24

framing-control-proxy

A server-side proxy to convert X-Frame-Options into CSP frame-ancestors and vice versa.
Python
2
star
25

the-security-lottery

This repository contains our code for the data collection and analysis. It is a product of our work published at the 31st USENIX Security Symposium 2022.
Python
2
star
26

bitahoy

Python
2
star
27

artist

1
star
28

framing-control-analytics

Analysis Library used for the paper "A Tale of Two Headers: A Formal Analysis of Inconsistent Click-Jacking Protection on the Web"
Python
1
star
29

consent-notices

Python
1
star
30

DNS-Applayer-DDoS-Protection

Code and datasets for protecting DNS infrastructures against application-layer DDoS attacks (EuroS&P '23 paper)
Rust
1
star