Moritz Schloegel

Profile

I'm a security researcher and last year PhD student in Thorsten Holz' group at CISPA Helmholtz Center for Information Security. Before switching to CISPA in early 2023, I was located at Ruhr University Bochum.

My research interests focus on automating the pipeline of finding bugs in programs, understanding them, and exploiting them. Currently, I spend most of my time on improving fuzzing, such that we can find more bugs in less time.

Beyond working with bugs, I have a strong interest in (de-)obfuscation, especially focusing on automated deobfuscation attacks and how to break them. Recently, I've spoken at REcon'22 Montreal on "The Next Generation of Virtualization-based Obfuscators" together with Tim Blazytko.

Besides my research, I have helped shaping and teaching courses on Systems Security and Operating Systems Security at Ruhr University Bochum, where I also obtained my B.Sc. and M.Sc. in Computer Security from.

For questions, discussion or collaboration, feel free to reach out via Twitter or email.

Publications

2023

Fuzztruction: Using Fault Injection-based Fuzzing to Leverage Implicit Domain Knowledge
Nils Bars, Moritz Schloegel, Tobias Scharnowski, Nico Schiller, and Thorsten Holz
USENIX Security Symposium (USENIX)
[pdf] [website] [code]

Space Odyssey: An Experimental Software Security Analysis of Satellites
Johannes Willbold, Moritz Schloegel, Manuel Vögele, Maximilian Gerhardt, Thorsten Holz, and Ali Abbasi
IEEE Symposium on Security and Privacy (S&P)
Distinguished Paper Award
[pdf] [slides] [code]

Drone Security and the Mysterious Case of DJI's DroneID
Nico Schiller, Merlin Chlosta, Moritz Schloegel, Nils Bars, Thorsten Eisenhofer, Tobias Scharnowski, Felix Domke, Lea Schönherr, and Thorsten Holz
Network and Distributed System Security Symposium (NDSS)
[pdf] [website] [code]

2022

Jit-Picking: Differential Fuzzing of JavaScript Engines
Lukas Bernhard, Tobias Scharnowski, Moritz Schloegel, Tim Blazytko, and Thorsten Holz
ACM Conference on Computer and Communications Security (CCS)
[pdf] [website] [code]

Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing
Tobias Scharnowski, Nils Bars, Moritz Schloegel, Eric Gustafson, Marius Muench, Giovanni Vigna, Christopher Kruegel, Thorsten Holz, and Ali Abbasi
USENIX Security Symposium (USENIX)
Distinguished Artifact Award
[pdf] [website] [video] [code]

Loki: Hardening Code Obfuscation against Automated Attacks
Moritz Schloegel, Tim Blazytko, Moritz Contag, Cornelius Aschermann, Julius Basler, Thorsten Holz, and Ali Abbasi
USENIX Security Symposium (USENIX)
3rd place at CSAW Applied Research Competition 2022
[pdf] [website] [slides] [video] [code]

2021

Towards Automating Code-Reuse Attacks Using Synthesized Gadget Chains
Moritz Schloegel, Tim Blazytko, Julius Basler, Fabian Hemmer, and Thorsten Holz
European Symposium on Research in Computer Security (ESORICS)
[pdf] [website] [slides] [code]

2020

Aurora: Statistical Crash Analysis for Automated Root Cause Explanation
Tim Blazytko, Moritz Schloegel, Cornelius Aschermann, Ali Abbasi, Joel Frank, Simon Wörner, and Thorsten Holz
USENIX Security Symposium (USENIX)
[pdf] [website] [slides] [video] [code]

2019

Grimoire: Synthesizing Structure while Fuzzing
Tim Blazytko, Cornelius Aschermann, Moritz Schloegel, Ali Abbasi, Sergej Schumilo, Simon Wörner, and Thorsten Holz
USENIX Security Symposium (USENIX)
[pdf] [website] [slides] [video] [code]

2017

A Look at the Dark Side of Hardware Reverse Engineering -- A Case Study
Sebastian Wallat, Marc Fyrbiak, Moritz Schloegel, and Christof Paar
IEEE International Verification and Security Workshop (IVSW)
[pdf] [website]

Public Talks

2023

The Next Generation of Virtualization-based Obfuscators
HITBSecConf Amsterdam
[website] [slides]

2022

Loki: Hardening Code Obfuscation against Automated Attacks
USENIX Security Symposium (USENIX)
[website] [slides] [video]

The Next Generation of Virtualization-based Obfuscators
REcon Montreal
[website] [slides] [video]

2019

Grimoire: Synthesizing Structure while Fuzzing
USENIX Security Symposium (USENIX)
[website] [slides] [video]