Fuzztruction: Using Fault Injection-based Fuzzing to Leverage Implicit Domain Knowledge
Nils Bars, Moritz Schloegel, Tobias Scharnowski, Nico Schiller, and Thorsten Holz
USENIX Security Symposium (USENIX)
[pdf]
[website]
[code]
Moritz Schloegel
Profile
I'm a security researcher and last year PhD student in Thorsten Holz' group at CISPA Helmholtz Center for Information Security. Before switching to CISPA in early 2023, I was located at Ruhr University Bochum.
My research interests focus on automating the pipeline of finding bugs in programs, understanding them, and exploiting them. Currently, I spend most of my time on improving fuzzing, such that we can find more bugs in less time.
Beyond working with bugs, I have a strong interest in (de-)obfuscation, especially focusing on automated deobfuscation attacks and how to break them. Recently, I've spoken at REcon'22 Montreal on "The Next Generation of Virtualization-based Obfuscators" together with Tim Blazytko.
Besides my research, I have helped shaping and teaching courses on Systems Security and Operating Systems Security at Ruhr University Bochum, where I also obtained my B.Sc. and M.Sc. in Computer Security from.
For questions, discussion or collaboration, feel free to reach out via Twitter or email.
Publications
2023
Drone Security and the Mysterious Case of DJI's DroneID
Nico Schiller, Merlin Chlosta, Moritz Schloegel, Nils Bars, Thorsten Eisenhofer, Tobias Scharnowski, Felix Domke, Lea Schönherr, and Thorsten Holz
Network and Distributed System Security Symposium (NDSS)
[pdf] [website] [code]
Nico Schiller, Merlin Chlosta, Moritz Schloegel, Nils Bars, Thorsten Eisenhofer, Tobias Scharnowski, Felix Domke, Lea Schönherr, and Thorsten Holz
Network and Distributed System Security Symposium (NDSS)
[pdf] [website] [code]
2022
Jit-Picking: Differential Fuzzing of JavaScript Engines
Lukas Bernhard, Tobias Scharnowski, Moritz Schloegel, Tim Blazytko, and Thorsten Holz
ACM Conference on Computer and Communications Security (CCS)
[pdf] [website] [code]
Lukas Bernhard, Tobias Scharnowski, Moritz Schloegel, Tim Blazytko, and Thorsten Holz
ACM Conference on Computer and Communications Security (CCS)
[pdf] [website] [code]
Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing
Tobias Scharnowski, Nils Bars, Moritz Schloegel, Eric Gustafson, Marius Muench, Giovanni Vigna, Christopher Kruegel, Thorsten Holz, and Ali Abbasi
USENIX Security Symposium (USENIX)
[pdf] [website] [video] [code]
Tobias Scharnowski, Nils Bars, Moritz Schloegel, Eric Gustafson, Marius Muench, Giovanni Vigna, Christopher Kruegel, Thorsten Holz, and Ali Abbasi
USENIX Security Symposium (USENIX)
[pdf] [website] [video] [code]
2021
Towards Automating Code-Reuse Attacks Using Synthesized Gadget Chains
Moritz Schloegel, Tim Blazytko, Julius Basler, Fabian Hemmer, and Thorsten Holz
European Symposium on Research in Computer Security (ESORICS)
[pdf] [website] [slides] [code]
Moritz Schloegel, Tim Blazytko, Julius Basler, Fabian Hemmer, and Thorsten Holz
European Symposium on Research in Computer Security (ESORICS)
[pdf] [website] [slides] [code]
2020
2019
2017
A Look at the Dark Side of Hardware Reverse Engineering -- A Case Study
Sebastian Wallat, Marc Fyrbiak, Moritz Schloegel, and Christof Paar
IEEE International Verification and Security Workshop (IVSW)
[pdf] [website]
Sebastian Wallat, Marc Fyrbiak, Moritz Schloegel, and Christof Paar
IEEE International Verification and Security Workshop (IVSW)
[pdf] [website]
Public Talks
2022
Loki: Hardening Code Obfuscation against Automated Attacks
USENIX Security Symposium (USENIX)
[website] [slides] [video]
USENIX Security Symposium (USENIX)
[website] [slides] [video]
2019
Grimoire: Synthesizing Structure while Fuzzing
USENIX Security Symposium (USENIX)
[website] [slides] [video]
USENIX Security Symposium (USENIX)
[website] [slides] [video]