Posts

The DEF CON 33 Hackers’ Almanack just dropped. We would like to thank Paul Chang and their team for featuring CTRAPS in the Right to Repair section. Read and share the Almanack!

Marco and I talked about CTRAPS with Stephen Sims from Off By One Security about CTRAPS: CTAP Impersonation and API Confusion on FIDO2. Thank you Stephen and Randall for inviting us and keep up with the awesome content in your YouTube channel!

This week we presented at IEEE Euro S&P'25 CTRAPS: CTAP Impersonation and API Confusion on FIDO2, a paper about the security and privacy of FIDO2, a widespread standard used for single-factor and multi-factor authentication.

Mathy Vanhoef and I are co-chairing NDSS'26 Artifact Evaluation (AE). We are looking for motivated PhD and Postdocs to self-nominate themselves for the NDSS'26 Artifact Evaluation Committee (AEC). Joining it would offer them practical experience and may ease developing artifact submissions for their papers.

Alfred Menezes has published a fantastic online course on real-world cryptography called Crypto 101: Real-World Deployments. It is an honor to be featured in the Bluetooth Security Lecture (Lecture 4) which talks about the KNOB attack.

The call for papers for the 4th Workshop on Automotive Cyber Security (ACSW) co-located with IEEE EuroS&P 2025 is closing today, Feb 3rd AoE. Please submit your automotive security work!

We release the AttackDefense Framework (ADF), a threat modeling framework for IoT devices and their life cycles. The ADF employs a flexible and generic threat data structure called the AttackDefense (AD) object.

Modern websites use attribute-based browser fingerprinting to track us(ers) using our browser’s JavaScript API. They can track us without cookies, and regardless of what we click on websites’ consent banners.

Salut, Marco Casagrande will talk about E-Spoofer and I will talk about BLUFFS at the 2024 Toulouse Hacking Convention (THCON)! Both research works are funded by the ORSHIN Horizon Europe research grant.

YouTube Media CCC More here.