Publications


    Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks.
    Christian Wressnegger, Kevin Freeman, Fabian Yamaguchi and Konrad Rieck.
    Proc. of ACM Asia Conference on Computer Computer and Communications Security (ASIA CCS), to appear April 2017.

    Efficient and Flexible Discovery of PHP Application Vulnerabilities.
    Michael Backes, Konrad Rieck, Malte Skoruppa, Ben Stock and Fabian Yamaguchi.
    Proc. of 2nd IEEE European Symposium on Security and Privacy (EuroS&P), to appear April 2017.

    Twice the Bits, Twice the Trouble: Vulnerabilities Induced by Migrating to 64-Bit Platforms.
    Christian Wressnegger, Fabian Yamaguchi, Alwin Maier and Konrad Rieck.
    Proc. of 23rd ACM Conference on Computer and Communications Security (CCS), October 2016.

    Towards Vulnerability Discovery Using Extended Compile-time Analysis
    Bhargava Shastry, Fabian Yamaguchi, Konrad Rieck and Jean-Pierre Seifert.
    Proc. of the 13th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), July 2016

    Comprehensive Analysis and Detection of Flash-based Malware
    Christian Wressnegger, Fabian Yamaguchi, Daniel Arp, and Konrad Rieck.
    Proc. of the 13th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), July 2016

    Pattern-Based Vulnerability Discovery.
    Fabian Yamaguchi. Dissertation,
    Georg-August-Universitaet Goettingen, November 2015.

    VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits.
    Henning Perl, Daniel Arp, Sergej Dechand, Sascha Fahl, Yasemin Acar, Fabian Yamaguchi, Konrad Rieck and Matthew Smith.
    Proc. of 22nd ACM Conference on Computer and Communications Security (CCS), October 2015.

    De-anonymizing Programmers via Code Stylometry
    Aylin Caliskan-Islam, Richard Harang, Andrew Liu, Arvind Narayanan, Clare Voss,
    Fabian Yamaguchi, Rachel Greenstadt
    Proc. of the 24th USENIX Security Symposium (USENIX SEC), August 2015
    
    Automatic Inference of Search Patterns for Taint-Style Vulnerabilities
    Fabian Yamaguchi, Alwin Maier, Hugo Gascon, and Konrad Rieck.
    Proc. of the 36th IEEE Symposium on Security and Privacy (Oakland), May 2015

    Pulsar: Stateful Black-Box Fuzzing of Proprietary Network Protocols.
    Hugo Gascon, Christian Wressnegger, Fabian Yamaguchi, Daniel Arp and Konrad Rieck.
    Proc. of 11th International Conference on Security and Privacy in Communication Networks (SECURECOMM), October 2015. 

    Torben: A Practical Side-Channel Attack for Deanonymizing Tor Communication. 
    Daniel Arp, Fabian Yamaguchi, and Konrad Rieck.
    Proc. of 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS), (to appear) April 2015

    Torben: Deanonymizing Tor communication using web page markers
    Daniel Arp, Fabian Yamaguchi, and Konrad Rieck.
    Technical Report IFI-TB-2014-01, University of Göttingen

    Modeling and Discovering Vulnerabilities with Code Property Graphs.
    Fabian Yamaguchi, Nico Golde, Daniel Arp, and Konrad Rieck.
    Proc. of the 35th IEEE Symposium on Security and Privacy (Oakland), May 2014

    Chucky: Exposing Missing Checks in Source Code for Vulnerability Discovery.
    Fabian Yamaguchi, Christian Wressnegger, Hugo Gascon, and Konrad Rieck.
    Proc. of the 20th ACM Conference on Computer and Communications Security (CCS), November 2013.

    Hugo Gascon, Fabian Yamaguchi, Daniel Arp, Konrad Rieck
    6th ACM Workshop on Security and Artificial Intelligence (AISEC), November 2013

    Generalized Vulnerability Extrapolation using Abstract Syntax Trees. 
    Fabian Yamaguchi, Markus Lottmann, and Konrad Rieck. 
    Proc. of the 28th Annual Computer Security Applications Conference (ACSAC), December 2012. Outstanding Paper Award

    Vulnerability Extrapolation: Assisted Discovery of Vulnerabilities using Machine Learning. 
    Fabian Yamaguchi, Felix Lindner, and Konrad Rieck.
    5th USENIX Workshop on Offensive Technologies (WOOT), August 2011.

     

    Theses

    Pattern-Based Vulnerability Discovery.
    Fabian Yamaguchi. Dissertation,
    Georg-August-Universitaet Goettingen, November 2015.


    Automated Extraction of API Usage Patterns from Source Code for Vulnerability Identification.
    Fabian Yamaguchi. Diplomarbeit,
    Technische Universitaet Berlin, January 2011.

    Presentations

    [B]joern: Towards Pattern-Based Vulnerability in Binary Code, ZonCon'16

    Automatic Inference of Search Patterns for Taint-Style Vulnerabilities, S&P'15

    Mining for Bugs with Graph Database Queries, Chaos Communication Congress (31c3)

    Modeling and Discovering Vulnerabilities with Code Property Graphs, S&P'14

    Hunting Vulns with Graph Databases, INBOT'14

    Chucky: Exposing Missing Checks in Source Code for Vulnerability Discovery, CCS'13

    Exposing Missing Checks in Source Code using Unsupervised Machine Learning Techniques, MyPhD'13

    Generalized Vulnerability Extrapolation, ACSAC 2012

    Machine Learning for Vulnerability Identification, Lecture, SS 2012

    "Give me more bugs like that", Blackhat Briefings 2011

    Code

    http://github.com/fabsx00