• Stars
    star
    8
  • Rank 2,099,232 (Top 42 %)
  • Language
    Python
  • Created over 3 years ago
  • Updated about 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Code for our paper: "Share First, Ask Later (or Never?) - Studying Violations of GDPR's Explicit Consent in Android Apps"

More Repositories

1

GhostWrite

Proof-of-concept for the GhostWrite CPU bug.
C
100
star
2

CacheWarp

Proof-of-concept implementation for the paper "CacheWarp: Software-based Fault Injection using Selective State Reset" (USENIX Security 2024)
C
58
star
3

Security-RISC

Proof-of-concept implementation for the paper "A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs" (IEEE S&P 2023)
C
53
star
4

osiris

Proof-of-concept implementation for the paper "Osiris: Automated Discovery of Microarchitectural Side Channels" (USENIX Security'21)
C++
52
star
5

browser-cpu-fingerprinting

This repository contains the code for our paper "Browser-based CPU Fingerprinting".
Jupyter Notebook
35
star
6

loop-DoS

Repository for application-layer loop DoS
Python
28
star
7

persistent-clientside-xss

Exploit generator and Taint Engine to find persistent (and reflected) client-side XSS
Python
26
star
8

BranchDifferent

Implementation for the DIMVA'22 paper "Branch Different - Spectre Attacks on Apple Silicon"
C
26
star
9

Microarchitectural-Hash-Function-Recovery

Proof-of-concept implementation for the paper "Efficient and Generic Microarchitectural Hash-Function Recovery" (IEEE S&P 2024)
C++
25
star
10

mwait

Proof-of-concept implementation for the paper "(M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels" (USENIX Security'23)
C
20
star
11

indirect-meltdown

Proof-of-concept implementation for the paper "Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks" (ESORICS 2023)
C
20
star
12

full-domain-functional-bootstrap

C++
14
star
13

xs-observations

Code for our 2023 IEEE S&P Paper "The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web"
Jupyter Notebook
12
star
14

ampfuzz

Fuzzer for Amplification Vulnerabilities (USENIX '22, Krupp et al)
C++
11
star
15

hammulator

Proof-of-concept implementation for the paper "Hammulator: Simulate Now - Exploit Later" (DRAMSec 2023)
C
11
star
16

regcheck

Proof-of-concept implementation for the paper "Reviving Meltdown 3a" (ESORICS 2023)
C
11
star
17

Switchpoline

Proof-of-concept implementation for the paper "Switchpoline: A Software Mitigation for Spectre-BTB and Spectre-BHB on ARMv8" (AsiaCCS 2024)
C++
9
star
18

http-conformance

Code for our 2024 ACM AsiaCCS Paper "Who's Breaking the Rules? Studying Conformance to the HTTP Specifications and its Security Impact"
Python
9
star
19

login-security-landscape

Code for our 2024 IEEE S&P Paper "To Auth or Not To Auth? A Comparative Analysis of the Pre- and Post-Login Security Landscape"
TypeScript
8
star
20

micsec-training

The material for the hands-on session "Turning Timing Differences into Data Leakage" at Mic-Sec 2022
C
3
star
21

IRQGuard

C
3
star
22

cascading-spy-sheets

This repository contains the artifact for our paper "Cascading Spy Sheets: Exploiting the Complexity of Modern CSS for Email and Browser Fingerprinting" published at NDSS 2025.
HTML
2
star
23

framing-control-proxy

A server-side proxy to convert X-Frame-Options into CSP frame-ancestors and vice versa.
Python
2
star
24

the-security-lottery

This repository contains our code for the data collection and analysis. It is a product of our work published at the 31st USENIX Security Symposium 2022.
Python
2
star
25

bitahoy

Python
2
star
26

artist

1
star
27

framing-control-analytics

Analysis Library used for the paper "A Tale of Two Headers: A Formal Analysis of Inconsistent Click-Jacking Protection on the Web"
Python
1
star
28

12-angry-developers-web-applications

This repository contains our code for each version (programming language) for the Coding Task. It is a product of our work published at the 28th ACM Conference on Computer and Communications Security (CCS) in 2021.
HTML
1
star
29

consent-notices

Python
1
star
30

DNS-Applayer-DDoS-Protection

Code and datasets for protecting DNS infrastructures against application-layer DDoS attacks (EuroS&P '23 paper)
Rust
1
star