Marius Musch

Publications

U Can’t Debug This: Detecting JavaScript Anti-Debugging Techniques in the Wild 
Marius Musch and Martin Johns
Proc. of the 30th USENIX Security Symposium, August 2021 (to appear).

Who’s Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI
Marius Steffens, Marius Musch, Martin Johns, and Ben Stock
Network and Distributed System Security Symposium (NDSS),  2021.

Thieves in the Browser: Web-based Cryptojacking in the Wild  *Best Paper Award Runner-up*
Marius Musch, Christian Wressnegger, Martin Johns, and Konrad Rieck
Proc. of 14th Int. Conference on Availability, Reliability and Security (ARES), 2019.

ScriptProtect: Mitigating Unsafe Third-Party JavaScript Practices
Marius Musch, Marius Steffens, Sebastian Roth, Ben Stock, and Martin Johns
Proc. of 14th ACM Asia Conference on Computer and Communications Security (ASIACCS), 2019.

New Kid on the Web: A Study on the Prevalence of WebAssembly in the Wild  *Best Paper Award Runner-up*
Marius Musch, Christian Wressnegger, Martin Johns, and Konrad Rieck
Proc. of 16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2019.

Towards an Automatic Generation of Low-Interaction Web Application Honeypots
Marius Musch, Martin Härterich, and Martin Johns
Proc. of 13th Int. Conference on Availability, Reliability and Security (ARES), 2018.

Web-based Cryptojacking in the Wild
Marius Musch, Christian Wressnegger, Martin Johns, and Konrad Rieck
Technical report, arXiv:1808.09474, 2018.

Talks

ScriptProtect: Mitigating Unsafe Third-Party JavaScript Practices [Video, Slides]
OWASP Global AppSec, 27.09.2019, Amsterdam, The Netherlands

The Now and the Future of Malicious WebAssembly [Video, Slides]
OWASP Global AppSec, 26.09.2019, Amsterdam, The Netherlands

Web-based Cryptojacking in the Wild  [Video, Slides]
35C3, 29.12.2018, Leipzig, Germany 

Chameleon: Automatic Generation of Low-Interaction Web Honeypots
German OWASP Day, 14.11.2017, Essen, Germany