Blog Posts


Cloud Storage Systems: From Bad Practice to Practical Attacks

4 minute read


We show that the cryptographic design of the cloud storage system MEGA does not protect its users against a malicious server and present five distinct attacks, which together allow for a full compromise of the confidentiality of user files.


ECSC Prague 2021

less than 1 minute read


The European Cyber Security Challenge 2021 in Prague is over! This is a yearly reoccuring event with around 20 (mostly) European countries. Every year, a different state hosts the onsite CTF competition. This year, we had two competition days with over 50 challenges in the categories crypto, reversing, web, forensics, misc, and hardware. Furthermore, there was an escape room and international team challenges.


Revisiting Microarchitectural Side-Channels

2 minute read


This project revisits cache side-channels on contemporary hardware and contributes CacheSC, a tool for L1 and L2 Prime+Probe attacks. Furthermore, we apply it to AES lookup tables, AES key scheduling, and acquire first insights on Argon2.


Applied Security Lab

1 minute read


In this course, our task was to implement a typical IT system based on a set of functional and security requirements in a team of four people. For this purpose, we needed to design a certificate authority for a fictional company while analyzing the security and take appropriate measures. Furthermore, we needed to introduce two backdoors in the system. In the middle of the semester, we switched to analyze another team’s system and assess their security. This, of course, included finding their backdoors as well as any other vulnerabilities.