Efficient and Flexible Discovery of PHP Application Vulnerabilities.
Michael Backes, Konrad Rieck, Malte Skoruppa, Ben Stock, and Fabian Yamaguchi
Proc. of IEEE European Symposium on Security and Privacy (Euro S&P), to appear April 2017
Twice the Bits, Twice the Trouble: Vulnerabilities Induced by Migrating to 64-bit Platforms.
Christian Wressnegger, Fabian Yamaguchi, Alwin Maier and Konrad Rieck.
23rd ACM Conference on Computer and Communications Security (CCS), to appear October 2016.
Die Condeanalyseplattform "Octopus".
Fabian Yamaguchi and Konrad Rieck
Datenschutz und Datensicherheit - DuD - Volume 40, Issue 11
Towards Vulnerability Discovery Using Staged Program Analysis.
Bhargava Shastry, Fabian Yamaguchi, Konrad Rieck and Jean-Pierre Seifert.
Proc. of 13th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), to appear July 2016.
Comprehensive Analysis and Detection of Flash-based Malware.
Christian Wressnegger, Fabian Yamaguchi, Daniel Arp and Konrad Rieck.
Proc. of 13th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), to appear July 2016.
Best Paper Award
Pattern-Based Vulnerability Discovery.
Fabian Yamaguchi
Dissertation, November 2015.
Pulsar: Stateful Black-Box Fuzzing of Proprietary Network Protocols.
Hugo Gascon, Christian Wressnegger, Fabian Yamaguchi, Daniel Arp and Konrad Rieck.
Proc. of 11th International Conference on Security and Privacy in Communication Networks (SECURECOMM), October 2015.
VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits.
Henning Perl, Daniel Arp, Sergej Dechand, Sascha Fahl, Yasemin Acar, Fabian Yamaguchi, Konrad Rieck and Matthew Smith.
Proc. of 22nd ACM Conference on Computer and Communications Security (CCS), October 2015.
De-anonymizing Programmers via Code Stylometry.
Aylin Caliskan-Islam, Richard Harang, Andrew Liu, Arvind Narayanan, Clare Voss, Fabian Yamaguchi and Rachel Greenstadt.
Proc. of 24th USENIX Security Symposium, 255–270, August 2015.
Automatic Inference of Search Patterns for Taint-Style Vulnerabilities.
Fabian Yamaguchi, Alwin Maier, Hugo Gascon and Konrad Rieck.
Proc. of 36th IEEE Symposium on Security and Privacy (S&P), May 2015.
Torben: A Practical Side-Channel Attack for Deanonymizing Tor Communication.
Daniel Arp, Fabian Yamaguchi and Konrad Rieck.
Proc. of 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS), April 2015.
Modeling and Discovering Vulnerabilities with Code Property Graphs.
Fabian Yamaguchi, Nico Golde, Daniel Arp and Konrad Rieck.
Proc. of 35th IEEE Symposium on Security and Privacy (S&P), May 2014.
Structural Detection of Android Malware using Embedded Call Graphs.
Hugo Gascon, Fabian Yamaguchi, Daniel Arp and Konrad Rieck.
Proc. of 6th ACM Workshop on Artificial Intelligence and Security (AISEC), 45–54, November 2013.
Chucky: Exposing Missing Checks in Source Code for Vulnerability Discovery.
Fabian Yamaguchi, Christian Wressnegger, Hugo Gascon and Konrad Rieck.
Proc. of 20th ACM Conference on Computer and Communications Security (CCS), 499–510, November 2013.
Generalized Vulnerability Extrapolation using Abstract Syntax Trees.
Fabian Yamaguchi, Markus Lottmann and Konrad Rieck.
Proc. of 28th Annual Computer Security Applications Conference (ACSAC), 359–368, December 2012.
Outstanding Paper Award
Vulnerability Extrapolation: Assisted Discovery of Vulnerabilities using Machine Learning.
Fabian Yamaguchi, Felix Lindner and Konrad Rieck.
Proc. of 5th USENIX Workshop on Offensive Technologies (WOOT), 118–127, August 2011.
Automated Extraction of API Usage Patterns from Source Code for Vulnerability Identification
Fabian Yamaguchi
Diploma Thesis, January 2011.