curriculum vitae

portrait

I am currently a postdoctoral researcher at the Center for IT-Security, Privacy and Accountability (CISPA) at Saarland University in the group of Michael Backes. Previously, I was a PhD student and research fellow at the Security Research Group of the University Erlangen-Nuremberg, supervised by Felix Freiling. During that time, I was fortunate enough to join Ben Livshits and Ben Zorn at Microsoft Research in Redmond for an internship.

My research interests lie within Web Security, Network Security, and Malware Analysis. In addition, I enjoy the challenges provided in Capture the Flag competitions and am always trying to get more students involved in them.

Work experience

Publications

  • Backes, Michael; Rieck, Konrad; Skoruppa, Malte; Stock, Ben; Yamaguchi, Fabian: Efficient and Flexible Discovery of PHP Application Vulnerabilities in 2nd European Symposium on Security & Privacy (EuroS&P 2017) (to appear)
  • Backes, Michael; Holz, Thorsten; Rossow, Christian; Rytilahti, Teemu; Simeonovski, Milivoj; Stock, BenOn the Feasibility of TTL-based Filtering for DRDoS Mitigation in 19th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2016) (PDF / BibTeX)
  • Stock, Ben; Pellegrino, Giancarlo; Rossow, Christian; Johns, Martin; Backes, Michael – Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification in 25th USENIX Security Symposium (PDF / BibTeX)
  • Stock, Ben; Kaiser, Bernd; Pfistner, Stephan; Lekies, Sebastian; Johns, Martin – From Facepalm to Brain Bender: Exploring Client-Side Cross-Site Scripting, Talk at OWASP AppSec EU 2016 (Slides)
  • Stock, Ben; Livshits, Benjamin; Zorn, Benjamin – Kizzle: A Signature Compiler for Exploit Kits in 46th Annual DSN, June 2016 (PDF / Slides / BibTeX)
  • Stock, Ben; Johns, Martin; Lekies, Sebastian – Your Scripts in My Page – What Could Possibly Go Wrong? (Talk at Blackhat EU 2015), November 2015
  • Stock, Ben; Kaiser, Bernd; Pfistner, Stephan; Lekies, Sebastian; Johns, Martin – From Facepalm to Brain Bender: Exploring Client-Side Cross-Site Scripting in ACM CCS 2015 (PDF / BibTeX)
  • Lekies, Sebastian; Stock, Ben; Wentzel, Martin; Johns, Martin – The Unexpected Dangers of Dynamic JavaScript in 24th USENIX Security Symposium (PDF)
  • Stock, Ben; Lekies, Sebastian; Johns, Martin – Client-Side Protection Against DOM-based XSS Done Right ™, (Talk at Blackhat Asia 2015), March 2015 (Slides)
  • Johns, Martin; Stock, Ben; Lekies, Sebastian – Session Identifier are for now, Passwords are forever – XSS-based abuse of browser password managers, (Talk at Blackhat EU 2014), October 2014 (Slides)
  • Stock, Ben; Lekies, Sebastian; Müller, Tobias; Spiegel, Patrick; Johns, Martin – Precise Client-side Protection against DOM-based Cross-Site Scripting in 23rd USENIX Security Symposium (USENIX Security ’14), August 2014 (PDF / Slides / BibTeX)
  • Johns, Martin; Stock, Ben; Lekies, Sebastian – Call to arms: a tale of the weaknesses of current client-side xss filtering, (Talk at Blackhat USA 2014), August 2014 (PDF / Slides)
  • Stock, Ben; Johns, Martin – Protecting Users Against XSS-based Password Manager Abuse in  9th ACM Symposium on Information, Computer and Communications Security (AsiaCCS ’14), June 2014 (PDF / Slides / BibTeX)
  • Stock, Ben; Lekies, Sebastian; Johns, Martin – DOM-basiertes Cross-Site Scripting im Web: Reise in ein unerforschtes Land in Proceedings of GI Sicherheit 2014, March 2014 (german) (PDF / BibTeX)
  • Lekies, Sebastian; Stock, Ben; Johns, Martin – 25 Million Flows Later – Large-scale Detection of DOM-based XSS in 20th ACM Conference on Computer and Communications Security (CCS’13), November 2013 (PDF / Slides / BibTeX)
  • Johns, Martin; Lekies, Sebastian; Stock, Ben –  Eradicating DNS Rebinding with the Extended Same-Origin Policy, in 22nd USENIX Security Symposium (USENIX Security ’13), August 2013 (PDF / BibTeX)
  • Stock, Ben; Goebel, Jan; Engelberth, Markus; Freiling, Felix; Holz, Thorsten – Walowdac – Analysis of a Peer-to-Peer Botnet in European Conference on Computer Network Defense (EC2ND), November 2009 (PDF)
  • Goebel, Jan; Stock, Ben; Trinius, Philipp; Freiling, Felix – Blacklisting Malicious Websites using Peer-to-Peer Technology as Technical Report TR-2010-002, March 2010 (PDF)

Find these also at Google Scholar

Professional activities

  • Reviewer for 26th USENIX Security Symposium
  • Publications Chair for 2nd European Symposium on Security & Privacy
  • Reviewer for 38th Symposium on Security & Privacy
  • Reviewer for 25th USENIX Security Symposium
  • Publications Chair for 1st European Symposium on Security & Privacy
  • Reviewer for 2016 Network and Distributed System Security Symposium
  • Reviewer for IEEE Transactions on Reliability
  • Reviewer for 10th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2013)
  • Reviewer for 15th International Conference on Information & Communications Security (ICICS 2013)
  • Reviewer for Eighth Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2011)

Academic career

  • Doktor Ingenieur (PhD), Friedrich-Alexander-Universität Erlangen-Nürnberg (2015) – Thesis “Untangling the Web of Client-Side Cross-Site Scripting” (PDF)
  • Master of Science in IT Security, Technische Universität Darmstadt (2013) – Thesis “Implementing low-level browser-based security functionality” (PDF)
  • Bachelor of Science in Internet and Software Technology, University of Mannheim (2010) – Thesis “P2P-Botnetz-Analyse — Waledac” (german) (PDF)

Other activities

  • Since 2006: Founding member of the hacking team squareroots at the University of Mannheim
    Participation in several CTF competitions
    Winner of the ruCTFe in 2009
    Lecturer at CTF Workshops held at the University of Mannheim
  • October 2005 to January 2013: Member of the student council at the University of Mannheim
    Chairman of the council April 2007 to April 2008
    Event manager January 2009 to April 2012
    Server administrator January 2006 to January 2013