Marius Steffens

105 posts

Marius Steffens

@steffens_marius

Web security guy turned Information Security Engineer @Google. Graduate from @Saar_Uni and @CISPA. Opinions are my own.

Zurich, Switzerland Katılım Ağustos 2017

127 Takip Edilen252 Takipçiler

Sabitlenmiş Tweet

Marius Steffens@steffens_marius·30 Mar

Today I submitted my dissertation "Understanding Emerging Client-Side Web Vulnerabilities using Dynamic Program Analysis". Even though it feels like the end of a journey, I am very excited for the next one waiting just around the corner!

English

Marius Steffens@steffens_marius·16 May

Ben’s group is THE place to be. Go apply and once you are done with academia let me show you how to have fun at Google these days :)

Ben Stock@kcotsneb

Among the alumni of my group, @AuroreFass recently joined CISPA as a faculty, @s3br0th is currently at postdoc at TU Wien, and @steffens_marius is having fun at Google these days. Want to follow in all of their footsteps? Then go ahead and visit swag.cispa.saarland/jobs.html!

English

298

Marius Steffens@steffens_marius·19 Mar

Want to help us to keep OSS infra a tad more secure? It even has the AI/ML label attached, so jump aboard the hype train and contribute some detectors to the Tsunami network scanner.

Google VRP (Google Bug Hunters)@GoogleVRP

Are you passionate about expanding the capabilities of the Tsunami network scanner, and would like to help keep AI infrastructure secure? See our blog post for details on getting involved and how your efforts will be rewarded 💸! bughunters.google.com/blog/569189023… bughunters.google.com/blog/569189023…

English

317

Marius Steffens retweetledi

Marco Squarcina@blueminimal·19 Şub

OMG, our "Cookie Crumbles" paper got into the Top-10 Web Hacking Techniques of 2023 by @PortSwiggerRes! Have a look at the paper if you haven't yet usenix.org/conference/use… and check the other outstanding finalists! Thank you ❤️

PortSwigger Research@PortSwiggerRes

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2023! portswigger.net/research/top-1…

English

6.3K

Marius Steffens retweetledi

Aurore Fass@AuroreFass·28 Eyl

The Web is going MAD again! Join us for the 6th #MADWeb (Measurements, Attacks, and Defenses for the Web) workshop @NDSSSymposium on March 1, 2024! Please, help us spread the words. Paper submission deadline: Jan 10 AoE CfP: madweb.work CC @yzcao

English

3.9K

Marius Steffens retweetledi

Carl Smith@cffsmith·11 Ağu

I am happy and very excited to be presenting V8 Security’s latest fuzzing work at HITCON!

HITCON@HacksInTaiwan

HITCON Community 2023 - 議程宣傳第二彈 ✨ Day2 的 Keynote 10:10！Tag: Red、Exploit Development、Fuzzing 🚀#2「Advancements in JavaScript Engine Fuzzing 」瀏覽器作為一般人接觸網路最直接的入口，其安全性非常重要，瀏覽器的漏洞影響不容小覷。而JavaScript 的複雜性，已然成為瀏覽器漏洞的主要成因之一。在這場議程中，將著重介紹如何系統化的找出 JavaScript 的漏洞。講者將分享如何設計及優化他們的 JavaScript Engine Fuzzer，以及他們挖掘到的漏洞。值得特別關注的是，他們的使用的 fuzzilli 是開源的，大家都可以拿來使用進行實驗。 🎙️講師資訊： Google V8 Security Team 的 Carl Smith，曾在 Exodus Intelligence 及 Google Project Zero 實習，在世界許多資安會議都有發表過他們的研究。這場議程，也是頂尖資安會議 OffensiveCon 的精彩議程。 hitcon.org/2023/CMT/agend… #HITCONCommunity2023 #HITCONCMT2023 #HITCON

English

16.7K

Marius Steffens@steffens_marius·28 Nis

@kcotsneb @s3br0th @matteo_maffei Congrats @s3br0th, it was a real pleasure having shared journeys with you for so long and I will forever have “All night long” burned into the back of my brain.

English

216

Ben Stock@kcotsneb·28 Nis

Congratulations to my former PhD student and recent graduate Dr. @s3br0th! It has been a pleasure to accompany you on your way. Best of luck with the next career step with @matteo_maffei

English

4.1K

Marius Steffens@steffens_marius·12 Kas

@AuroreFass @acm_ccs @CISPA Well deserved Aurore :) Be the change that you wish to see in the (academic) world!

English

Aurore Fass@AuroreFass·11 Kas

Stoked and grateful to have received a Top Reviewer Award @acm_ccs! Delighted to know that my (hopefully) constructive reviews are appreciated :) CC @CISPA

English

123

Marius Steffens@steffens_marius·26 Eyl

Oh man, time really does fly. I still remember attending this MAD workshop in 2019, go crazy and submit your Web Security research!

Aurore Fass@AuroreFass

The Web is going MAD again! Join us for the 5th #MADWeb workshop @NDSSSymposium 2023! Please consider submitting your awesome Web Security & Privacy research (deadline: Dec 9 AoE), and help us spread the words! CFP: madweb.work @zubair_shafiq

English

Marius Steffens@steffens_marius·5 May

@kcotsneb @CISPA @ruhrsec Ah damn, I remember talking about wanting to go but then I totally forgot :( Enjoy Ruhrsec and hopefully see y’all again soon :)

English

Ben Stock@kcotsneb·5 May

(Academic) family reunion of ⁦@CISPA’s SWAG⁩ at ⁦@ruhrsec⁩. ⁦@steffens_marius⁩, you are missing ;)

English

Marius Steffens retweetledi

Sebastian Lekies@slekies·22 Mar

My team @google is hiring software engineers with a security background in the bay area. We are developing various security scanning tools with a focus on quality and scale. Many of our tools are open source. PM me for details and please RT.

English

182

Marius Steffens retweetledi

Johannes Krupp@JohKrupp·22 Ara

Apparently I have a hat now!

Christian Rossow (@[email protected])@chrossow

Congrats to my student @JohKrupp, who successfully defended his PhD thesis titled `Using Honeypots to Trace Back Amplification DDoS Attacks`! He should be your go-to person for amplification #DDoS attacks. The thesis answers 3 exciting questions (+ one I cannot yet share): 🧵1/3

English

Marius Steffens@steffens_marius·3 Ara

Well deserved, Ben! I could not have wished for a better academic mentor/advisor. I saw that swag.cispa.saarland/jobs.html features some new pointers for prospective PhD students. This is an excellent place to be for Web research, don't miss out on the opportunity folks.

Ben Stock@kcotsneb

Today, I can officially announce that I have been awarded tenure at @CISPA. It has been a fascinating journey to get here and I want to thank some folks. First, @thorstenholz and Felix Freiling who sparked my interest in IT security early in my studies.

English

Marius Steffens retweetledi

Ben Stock@kcotsneb·26 Kas

Super excited to see a student I supervised win a price for his Bachelor Thesis! Moritz Wilhelm, a student in my group and now Master student at @SIC_Saar @Saar_Uni won the CAST price for best bachelor thesis (cispa.de/en/news-and-ev…)

English

Marius Steffens@steffens_marius·13 Kas

Out of 7 trips with @DB_Bahn between my hometown and Zurich, not a single trip concluded without major delays. In today’s episode: train starts 35 minutes late. Ah btw the next train to Zurich has high demand so good luck with that seat reservation.

English

Marius Steffens retweetledi

Code Intelligence@CI_Fuzz·24 Eyl

Well-designed content security policies (CSP) should be able to prevent cross-site scripting attacks. But do they actually keep your application secure? Or do they fail in practice? Let's find out, at #FuzzConEurope fuzzcon.eu/2021/session/l…

English

Marius Steffens retweetledi

Ben Stock@kcotsneb·17 Eyl

Together with @yazz_acar, I am workshop's co-chair for @NDSSSymposium 2022. Get your proposals in until October 3! All details available at ndss-symposium.org/call-for-works…. We particularly encourage proposals that involve junior members in the reviewing process! Spread the word :-)

English

Marius Steffens@steffens_marius·10 Eyl

@AuroreFass @acm_ccs @kcotsneb @dolierefsome @CISPA Way to go Aurore, congrats!🥳

English

Aurore Fass@AuroreFass·9 Eyl

Excited to announce that our paper DoubleX, which statically detects vulnerable data flows in browser extensions, got accepted at @acm_ccs 2021! Preprint available at swag.cispa.saarland/papers/fass202… and source code at github.com/Aurore54F/Doub…. CC @kcotsneb @dolierefsome @CISPA

English

Marius Steffens@steffens_marius·10 Eyl

Great work by a bunch of awesome researchers! If you ever wondered how deploying a CSP works (or does not work) for folks that have not read the CSP standard cover to cover, look no further.

Sebastian Roth@s3br0th

Ever wondered why so many CSPs in the wild are trivially bypassable? In our new @acm_ccs 2021 paper we conducted a study to uncover the root causes behind those omnipresent misconfigurations. Read it here: swag.cispa.saarland/papers/roth202… CC: @_lgroeber @cathykxx @kcotsneb @CISPA

English

Marius Steffens@steffens_marius·2 Tem

@_tobiasu Thanks a lot Tobias!

English

Tobias Urban@_tobiasu·1 Tem

@steffens_marius Congratulations and all the best for the future!

English

Marius Steffens@steffens_marius·29 Haz

Yesterday I successfully defended my PhD thesis :D I want to use this opportunity to thank everyone that was part of this journey(be it family, friends, colleagues, or peers in our field). You all contributed to making this a wonderful experience. Thank you so much!

Ben Stock@kcotsneb

Happy to announce my second PhD, @steffens_marius defended his PhD thesis today with distinction. Super happy and proud to have seen him grow over the last years. Thanks also to @asabelfeld and @CasCremers for being part of the committee.

English

Keşfet

@PortSwiggerRes @NDSSSymposium @yzcao @kcotsneb @s3br0th @matteo_maffei @AuroreFass @acm_ccs