Code

Here is a list of prototypes/tools developed in my research activities.

Fidelius

Fidelius a new architecture with trusted path for user I/O/ and Web Enclaves, to protect user secrets even if the entire underlying browser and OS are fully controlled by a malicious attacker.

Home page @Stanford GitHub Paper


Deemon logo

Deemon detects CSRF in PHP/SQL web applications by combining dynamic analysis with property graphs.

GitHub Paper


Guenter logo

Günter tests web applications against Server Side Request (SSR) abuse including Web Origin Laundering, Server Side Request Forgery (SSRF) and other abuses.

GitHub Paper


jAEk Logo

jÄk (jAEk) (yet Änother krawler, ja!) is a crawler that uses function hooking and other dynamic analysis techniques to identify JavaScript event function registratio to explore the attack surface of web applications.

GitHub Paper