VMIGen: Utilizing Virtual Machine Introspection for Fuzzing Complex Closed-Source Targets
Florian Schweins, Moritz Schloegel, Moritz Bley, Nico Schiller, and Thorsten Holz
Annual Computer Security Applications Conference (ACSAC)
[pdf]
[code]
Profile
I'm a tenure-track faculty at CISPA Helmholtz Center for Information Security (and I'm hiring students / PhD students / postdocs - drop me an email!).
Broadly speaking, I'm working on software security with my research interests centering around automating the pipeline of finding bugs in programs, understanding them, and acting upon them (either exploiting or patching them). Currently, I spend most of my time on improving fuzzing, such that we can find more bugs in less time.
Beyond working with bugs, I'm interested in all sorts of program analysis problems. One example is (de-)obfuscation, with a focus on automated deobfuscation attacks and how to break them.
I also enjoy the meta-science of what makes computer security research science and how to ensure our foremost empirical evaluations are meaningful, robust, and reproducible.
Before joining CISPA, I was a postdoctoral researcher in the SEFCOM lab at Arizona State University (ASU) under Tiffany Bao. I completed my PhD in May 2024 at Ruhr University Bochum, supervised by Thorsten Holz.
Want to work with me or have any questions? Please drop me an email!
Publications
2025
Protocol-Aware Firmware Rehosting for Effective Fuzzing of Embedded Network Stacks
Moritz Bley, Tobias Scharnowski, Simon Wörner, Moritz Schloegel, and Thorsten Holz
ACM Conference on Computer and Communications Security (CCS)
[pdf] [code] [artifact]
Moritz Bley, Tobias Scharnowski, Simon Wörner, Moritz Schloegel, and Thorsten Holz
ACM Conference on Computer and Communications Security (CCS)
[pdf] [code] [artifact]
Empirical Security Analysis of Software-based Fault Isolation through Controlled Fault Injection
Nils Bars, Lukas Bernhard, Moritz Schloegel, and Thorsten Holz
ACM Conference on Computer and Communications Security (CCS)
Distinguished Paper Award
[pdf] [code] [artifact]
Nils Bars, Lukas Bernhard, Moritz Schloegel, and Thorsten Holz
ACM Conference on Computer and Communications Security (CCS)
Distinguished Paper Award
[pdf] [code] [artifact]
Confusing Value with Enumeration: Studying the Use of CVEs in Academia
Moritz Schloegel, Daniel Klischies, Simon Koch, David Klein, Lukas Gerlach, Malte Wessels, Leon Trampert, Martin Johns, Mathy Vanhoef, Michael Schwarz, Thorsten Holz, and Jo Van Bulck
USENIX Security Symposium (USENIX)
Distinguished Paper Award
[pdf] [website] [slides] [code] [artifact]
Moritz Schloegel, Daniel Klischies, Simon Koch, David Klein, Lukas Gerlach, Malte Wessels, Leon Trampert, Martin Johns, Mathy Vanhoef, Michael Schwarz, Thorsten Holz, and Jo Van Bulck
USENIX Security Symposium (USENIX)
Distinguished Paper Award
[pdf] [website] [slides] [code] [artifact]
Space RadSim: Binary-Agnostic Fault Injection to Evaluate Cosmic Radiation Impact on Exploit Mitigation Techniques in Space
Johannes Willbold, Tobias Cloosters, Simon Wörner, Felix Buchmann, Moritz Schloegel, Lucas Davi, and Thorsten Holz
IEEE Symposium on Security and Privacy (S&P)
[pdf] [website] [code]
Johannes Willbold, Tobias Cloosters, Simon Wörner, Felix Buchmann, Moritz Schloegel, Lucas Davi, and Thorsten Holz
IEEE Symposium on Security and Privacy (S&P)
[pdf] [website] [code]
Novelty Not Found: Adaptive Fuzzer Restarts to Improve Input Space Coverage
Nico Schiller, Xinyi Xu, Lukas Bernhard, Nils Bars, Moritz Schloegel, and Thorsten Holz
ACM Transactions on Software Engineering and Methodology
[pdf] [website] [code]
Nico Schiller, Xinyi Xu, Lukas Bernhard, Nils Bars, Moritz Schloegel, and Thorsten Holz
ACM Transactions on Software Engineering and Methodology
[pdf] [website] [code]
2024
DarthShader: Fuzzing WebGPU Shader Translators & Compilers
Lukas Bernhard, Nico Schiller, Moritz Schloegel, Nils Bars, and Thorsten Holz
ACM Conference on Computer and Communications Security (CCS)
Distinguished Artifact Award
[pdf] [website] [slides] [code] [artifact]
Lukas Bernhard, Nico Schiller, Moritz Schloegel, Nils Bars, and Thorsten Holz
ACM Conference on Computer and Communications Security (CCS)
Distinguished Artifact Award
[pdf] [website] [slides] [code] [artifact]
No Peer, no Cry: Network Application Fuzzing via Fault Injection
Nils Bars, Moritz Schloegel, Nico Schiller, Lukas Bernhard, and Thorsten Holz
ACM Conference on Computer and Communications Security (CCS)
[pdf] [website] [code] [artifact]
Nils Bars, Moritz Schloegel, Nico Schiller, Lukas Bernhard, and Thorsten Holz
ACM Conference on Computer and Communications Security (CCS)
[pdf] [website] [code] [artifact]
Minimum Requirements for Space System Cybersecurity-Ensuring Cyber Access to Space
Gregory Falco, Nicolo Boschetti, Arun Viswanathan, Brandon Bailey, Carsten Maple, Gunes Karabulut Kurt, Johannes Willbold, Jill Slay, Edward Birrane, David Logsdon, Shane Bennett, William Ferguson, James Curbo, Jacob Oakley, Moritz Schloegel, Stefan Hagen, Johan Sigholm, Cameron Mehlman, Rajiv Thummala, Matteo Calabrese, Yogita Shah, Anh Tuan Le, Kymie Tan, Erin Miller, Gregory Epiphaniou, Ugur Ilker Atmaca, Wayne C Henry, Gürkan Gür, Riccardo Vecellio Segate, and Olfa Ben Yahia
IEEE International Conference on Space Mission Challenges for Information Technology (SMC-IT)
[website]
Gregory Falco, Nicolo Boschetti, Arun Viswanathan, Brandon Bailey, Carsten Maple, Gunes Karabulut Kurt, Johannes Willbold, Jill Slay, Edward Birrane, David Logsdon, Shane Bennett, William Ferguson, James Curbo, Jacob Oakley, Moritz Schloegel, Stefan Hagen, Johan Sigholm, Cameron Mehlman, Rajiv Thummala, Matteo Calabrese, Yogita Shah, Anh Tuan Le, Kymie Tan, Erin Miller, Gregory Epiphaniou, Ugur Ilker Atmaca, Wayne C Henry, Gürkan Gür, Riccardo Vecellio Segate, and Olfa Ben Yahia
IEEE International Conference on Space Mission Challenges for Information Technology (SMC-IT)
[website]
Automated Program Analysis: Reproducibility, Flexibility Requirements, and Risks
Moritz Schloegel
Dissertation
[pdf] [website]
Moritz Schloegel
Dissertation
[pdf] [website]
SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing
Felix Weißberg, Jonas Möller, Tom Ganz, Erik Imgrund, Lukas Pirch, Lukas Seidel, Moritz Schloegel, Thorsten Eisenhofer, and Konrad Rieck
ACM ASIA Conference on Computer and Communications Security (AsiaCCS)
[pdf] [website] [code]
Felix Weißberg, Jonas Möller, Tom Ganz, Erik Imgrund, Lukas Pirch, Lukas Seidel, Moritz Schloegel, Thorsten Eisenhofer, and Konrad Rieck
ACM ASIA Conference on Computer and Communications Security (AsiaCCS)
[pdf] [website] [code]
VSAsTer: Uncovering Inherent Security Issues in Current VSAT System Practices
Johannes Willbold, Moritz Schloegel, Robin Bisping, Martin Strohmeier, Thorsten Holz, and Vincent Lenders
ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec)
[pdf] [website]
Johannes Willbold, Moritz Schloegel, Robin Bisping, Martin Strohmeier, Thorsten Holz, and Vincent Lenders
ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec)
[pdf] [website]
A Binary-level Thread Sanitizer or Why Sanitizing on the Binary Level is Hard
Joschua Schilling, Andreas Wendler, Philipp Görz, Nils Bars, Moritz Schloegel, and Thorsten Holz
USENIX Security Symposium (USENIX)
[pdf] [website] [code]
Joschua Schilling, Andreas Wendler, Philipp Görz, Nils Bars, Moritz Schloegel, and Thorsten Holz
USENIX Security Symposium (USENIX)
[pdf] [website] [code]
Atropos: Effective Fuzzing of Web Applications for Server-Side Vulnerabilities
Emre Güler, Sergej Schumilo, Moritz Schloegel, Nils Bars, Philipp Görz, Xinyi Xu, and Thorsten Holz
USENIX Security Symposium (USENIX)
[pdf] [website] [code]
Emre Güler, Sergej Schumilo, Moritz Schloegel, Nils Bars, Philipp Görz, Xinyi Xu, and Thorsten Holz
USENIX Security Symposium (USENIX)
[pdf] [website] [code]
SoK: Prudent Evaluation Practices for Fuzzing
Moritz Schloegel, Nils Bars, Nico Schiller, Lukas Bernhard, Tobias Scharnowski, Addison Crump, Arash Ale Ebrahim, Nicolai Bissantz, Marius Muench, and Thorsten Holz
IEEE Symposium on Security and Privacy (S&P)
Distinguished Paper Award
[pdf] [website] [slides] [video] [code]
Moritz Schloegel, Nils Bars, Nico Schiller, Lukas Bernhard, Tobias Scharnowski, Addison Crump, Arash Ale Ebrahim, Nicolai Bissantz, Marius Muench, and Thorsten Holz
IEEE Symposium on Security and Privacy (S&P)
Distinguished Paper Award
[pdf] [website] [slides] [video] [code]
Scaling Software Security Analysis to Satellites: Automated Fuzz Testing and Its Unique Challenges
Johannes Willbold, Moritz Schloegel, Florian Göhler, Tobias Scharnowski, Nils Bars, Simon Wörner, Nico Schiller, and Thorsten Holz
IEEE Aerospace Conference
[pdf] [website]
Johannes Willbold, Moritz Schloegel, Florian Göhler, Tobias Scharnowski, Nils Bars, Simon Wörner, Nico Schiller, and Thorsten Holz
IEEE Aerospace Conference
[pdf] [website]
2023
Instructions Unclear: Undefined Behavior in Cellular Network Specifications
Daniel Klischies, Moritz Schloegel, Tobias Scharnowski, Mikhail Bogodukhov, David Rupprecht, and Veelasha Moonsamy
USENIX Security Symposium (USENIX)
[pdf] [website] [data]
Daniel Klischies, Moritz Schloegel, Tobias Scharnowski, Mikhail Bogodukhov, David Rupprecht, and Veelasha Moonsamy
USENIX Security Symposium (USENIX)
[pdf] [website] [data]
Hoedur: Embedded Firmware Fuzzing using Multi-Stream Inputs
Tobias Scharnowski, Simon Wörner, Felix Buchmann, Nils Bars, Moritz Schloegel, and Thorsten Holz
USENIX Security Symposium (USENIX)
[pdf] [website] [teaser] [code] [experiments]
Tobias Scharnowski, Simon Wörner, Felix Buchmann, Nils Bars, Moritz Schloegel, and Thorsten Holz
USENIX Security Symposium (USENIX)
[pdf] [website] [teaser] [code] [experiments]
Fuzztruction: Using Fault Injection-based Fuzzing to Leverage Implicit Domain Knowledge
Nils Bars, Moritz Schloegel, Tobias Scharnowski, Nico Schiller, and Thorsten Holz
USENIX Security Symposium (USENIX)
Distinguished Paper Award
Internet Defense Prize Runner-up
[pdf] [website] [video] [code]
Nils Bars, Moritz Schloegel, Tobias Scharnowski, Nico Schiller, and Thorsten Holz
USENIX Security Symposium (USENIX)
Distinguished Paper Award
Internet Defense Prize Runner-up
[pdf] [website] [video] [code]
Novelty Not Found: Adaptive Fuzzer Restarts to Improve Input Space Coverage (Registered Report)
Nico Schiller, Xinyi Xu, Lukas Bernhard, Nils Bars, Moritz Schloegel, and Thorsten Holz
International Fuzzing Workshop (FUZZING)
[pdf] [website] [code]
Nico Schiller, Xinyi Xu, Lukas Bernhard, Nils Bars, Moritz Schloegel, and Thorsten Holz
International Fuzzing Workshop (FUZZING)
[pdf] [website] [code]
Space Odyssey: An Experimental Software Security Analysis of Satellites
Johannes Willbold, Moritz Schloegel, Manuel Vögele, Maximilian Gerhardt, Thorsten Holz, and Ali Abbasi
IEEE Symposium on Security and Privacy (S&P)
Distinguished Paper Award
[pdf] [website] [slides] [code]
Johannes Willbold, Moritz Schloegel, Manuel Vögele, Maximilian Gerhardt, Thorsten Holz, and Ali Abbasi
IEEE Symposium on Security and Privacy (S&P)
Distinguished Paper Award
[pdf] [website] [slides] [code]
Drone Security and the Mysterious Case of DJI's DroneID
Nico Schiller, Merlin Chlosta, Moritz Schloegel, Nils Bars, Thorsten Eisenhofer, Tobias Scharnowski, Felix Domke, Lea Schönherr, and Thorsten Holz
Network and Distributed System Security Symposium (NDSS)
[pdf] [website] [code]
Nico Schiller, Merlin Chlosta, Moritz Schloegel, Nils Bars, Thorsten Eisenhofer, Tobias Scharnowski, Felix Domke, Lea Schönherr, and Thorsten Holz
Network and Distributed System Security Symposium (NDSS)
[pdf] [website] [code]
2022
Jit-Picking: Differential Fuzzing of JavaScript Engines
Lukas Bernhard, Tobias Scharnowski, Moritz Schloegel, Tim Blazytko, and Thorsten Holz
ACM Conference on Computer and Communications Security (CCS)
[pdf] [website] [code]
Lukas Bernhard, Tobias Scharnowski, Moritz Schloegel, Tim Blazytko, and Thorsten Holz
ACM Conference on Computer and Communications Security (CCS)
[pdf] [website] [code]
Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing
Tobias Scharnowski, Nils Bars, Moritz Schloegel, Eric Gustafson, Marius Muench, Giovanni Vigna, Christopher Kruegel, Thorsten Holz, and Ali Abbasi
USENIX Security Symposium (USENIX)
Distinguished Artifact Award
[pdf] [website] [video] [code]
Tobias Scharnowski, Nils Bars, Moritz Schloegel, Eric Gustafson, Marius Muench, Giovanni Vigna, Christopher Kruegel, Thorsten Holz, and Ali Abbasi
USENIX Security Symposium (USENIX)
Distinguished Artifact Award
[pdf] [website] [video] [code]
2021
Towards Automating Code-Reuse Attacks Using Synthesized Gadget Chains
Moritz Schloegel, Tim Blazytko, Julius Basler, Fabian Hemmer, and Thorsten Holz
European Symposium on Research in Computer Security (ESORICS)
[pdf] [website] [slides] [code]
Moritz Schloegel, Tim Blazytko, Julius Basler, Fabian Hemmer, and Thorsten Holz
European Symposium on Research in Computer Security (ESORICS)
[pdf] [website] [slides] [code]
2020
2019
2017
A Look at the Dark Side of Hardware Reverse Engineering -- A Case Study
Sebastian Wallat, Marc Fyrbiak, Moritz Schloegel, and Christof Paar
IEEE International Verification and Security Workshop (IVSW)
[pdf] [website]
Sebastian Wallat, Marc Fyrbiak, Moritz Schloegel, and Christof Paar
IEEE International Verification and Security Workshop (IVSW)
[pdf] [website]
Public Talks
2025
Empirical Security Analysis of Software-based Fault Isolation through Controlled Fault Injection
ACM Conference on Computer and Communications Security (CCS)
ACM Conference on Computer and Communications Security (CCS)
Confusing Value with Enumeration: Studying the Use of CVEs in Academia
USENIX Security Symposium (USENIX)
[slides]
USENIX Security Symposium (USENIX)
[slides]
2024
DarthShader: Fuzzing WebGPU Shader Translators & Compilers
ACM Conference on Computer and Communications Security (CCS)
[slides]
ACM Conference on Computer and Communications Security (CCS)
[slides]
SoK: Prudent Evaluation Practices for Fuzzing
IEEE Symposium on Security and Privacy (S&P)
[slides] [video]
IEEE Symposium on Security and Privacy (S&P)
[slides] [video]
2023
The Next Generation of Virtualization-based Obfuscators
HITBSecConf Amsterdam
[website] [slides] [video]
HITBSecConf Amsterdam
[website] [slides] [video]
2022
Loki: Hardening Code Obfuscation against Automated Attacks
USENIX Security Symposium (USENIX)
[website] [slides] [video]
USENIX Security Symposium (USENIX)
[website] [slides] [video]
2019
Grimoire: Synthesizing Structure while Fuzzing
USENIX Security Symposium (USENIX)
[website] [slides] [video]
USENIX Security Symposium (USENIX)
[website] [slides] [video]