banner
LightNews
chwress.bsky.social
Christian Wressnegger
@chwress.bsky.social
150 followers 75 following 16 posts
Professor in Computer Security at Karlsruhe Institute of Technology (KIT) https://intellisec.de/chris
intellisec.de
Posts Media Videos Starter Packs
Reposted by Christian Wressnegger
kitcybersec.bsky.social
KIT Graduate School Cyber Security @kitcybersec.bsky.social · 1d
You are an Early Career Researcher in #cybersec? Here is an opportunity: The AEC chairs of @USENIXSecurity '26 are looking for (self)nominations for the Artifact Evaluation Committee. Deadline: October 17th, 2025, so sign up soon!
@chwress.bsky.social, @kumarde.bsky.social, @aurore-fass.bsky.social
9 5
Reposted by Christian Wressnegger
signal.org
Signal @signal.org · 8d
We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/ge...
signal.org
42 2.4K 3.9K
chwress.bsky.social
Christian Wressnegger @chwress.bsky.social · 8d
Vera Rimmer (DistriNet, KU Leuven) and I are chairing the selection. Please, reach out to us if you have any questions.

CC: @kastel-labs.bsky.social @kitinformatik.bsky.social @kit.edu #KITKarlsruhe
403 Forbidden
astel-labs.bsky.social
chwress.bsky.social
Christian Wressnegger @chwress.bsky.social · 8d
The call for workshops at EuroS&P 2026 is officially open!
EuroS&P is the premier, European forum for security & privacy research. The main conference is accompanied by a series of workshops. Be part of it! 😎

🌐 https://eurosp2026.ieee-security.org/cfw.html
⏱️ Deadline: Oct 24th AoE
📍Lisbon, PT
1 1 3
Reposted by Christian Wressnegger
kitcybersec.bsky.social
KIT Graduate School Cyber Security @kitcybersec.bsky.social · 10d
We are expanding our social media presence! Find us on LinkedIn, Instagram @kitcybersec and Mastodon @[email protected]. Stay tuned for regular updates on events and information on #CyberSec at #KITKarlsruhe. While you are here, have you checked out our website cybersec.kcist.kit.edu yet?
KIT - KIT Graduate School Cyber Security - CyberSec - Home
cybersec.kcist.kit.edu
2 1
Reposted by Christian Wressnegger
aurore-fass.bsky.social
Aurore Fass @aurore-fass.bsky.social · 29d
Congratulations to USENIX Security 2025 AE:
🏆 Distinguished Artifact Awards
🏆 Distinguished Reviewer Awards
⭐ Noteworthy Reviewer Recognition
🥷 Ninja Reviewer Recognition
secartifacts.github.io/usenixsec202...

And thank you all for your help!

CC @pvadrevu.bsky.social Tiago Heinrich
3 6
chwress.bsky.social
Christian Wressnegger @chwress.bsky.social · Aug 27
Max is currently in Hanoi, Vietnam and will present the paper today. Make sure not to miss it if you are at the conference.

🕚 August 27th 11:00 local time right after the break
📍 Session 2, Ballroom 2

(3/3)
chwress.bsky.social
Christian Wressnegger @chwress.bsky.social · Aug 27
Also this project started out as a Master's thesis @kit.edu @kitinformatik.bsky.social @kastel-labs.bsky.social
Karl did an amazing job 💪 He pushed super-hard for the best possible result, which eventually was accepted at AsiaCCS 2025. Congratz again 🥳🎉

(2/3)
1 1
chwress.bsky.social
Christian Wressnegger @chwress.bsky.social · Aug 27
LLM-powered code assistants might suggest vulnerable code to specific user groups. Old news? Well, in contrast to prior attacks of this kind, our "Generalized Adversarial Code Suggestions" (AsiaCCS 2025) impose no restrictions on the vulnerabilities.

🌐 https://intellisec.de/research/adv-code

(1/3)
1 1 1
Reposted by Christian Wressnegger
vanhoefm.bsky.social
Mathy Vanhoef @vanhoefm.bsky.social · Jul 12
Yikes. Turns out you can send a plaintext radio signal to cause any train in the USA to do an emergency break. The original 'security' was just a checksum, no encryption or authentication. Reporting this took them 12 years (!) because the vendor dismissed it initially www.cisa.gov/news-events/...
End-of-Train and Head-of-Train Remote Linking Protocol | CISA
www.cisa.gov
11 65 190
Reposted by Christian Wressnegger
bloody-tangerine.bsky.social
Clémentine Maurice @bloody-tangerine.bsky.social · May 14
Haven't seen this on Bluesky yet: S&P 2027 will take place in Montreal, Canada!
2 17 29
Reposted by Christian Wressnegger
daviddlevine.com
David D. Levine @daviddlevine.com · Apr 12
LLMs hallucinating nonexistent software packages with plausible names leads to a new malware vulnerability: "slopsquatting."
LLMs can't stop making up software dependencies and sabotaging everything
: Hallucinated package names fuel 'slopsquatting'
www.theregister.com
32 380 1.3K
Reposted by Christian Wressnegger
nicolaspapernot.bsky.social
Nicolas Papernot @nicolaspapernot.bsky.social · Mar 5
I will be giving a talk at the MPI-IS @maxplanckcampus.bsky.social in Tübingen next week (March 12 @ 11am). The talk will cover my group's overall approach to trust in ML, with a focus on our work on unlearning and how to obtain verifiable guarantees of trust.

Details: is.mpg.de/events/speci...
1 4 7
Reposted by Christian Wressnegger
kitcybersec.bsky.social
KIT Graduate School Cyber Security @kitcybersec.bsky.social · Mar 4
Next week Tuesday, March 11th 2025, we are going to have another Security & Privacy Lunch 🍔 We meet at 12:00 at Oxford Pub https://www.oxfordpub.de/

Everybody is welcome. See you there! 🤗
Oxford Pub | Bier & Burger
Oxford Pub | The Finest Selection of Beer
www.oxfordpub.de
1 2
chwress.bsky.social
Christian Wressnegger @chwress.bsky.social · Feb 27
💻 Code available at: github.com/two-heart/du...
GitHub - two-heart/dumpling-artifact-evaluation
Contribute to two-heart/dumpling-artifact-evaluation development by creating an account on GitHub.
github.com
1
chwress.bsky.social
Christian Wressnegger @chwress.bsky.social · Feb 27
Wow, this is massive! What started out as a Master's thesis @kit.edu @kastel-labs.bsky.social ended up with a distinguished paper award at #NDSS2025 🥳🎉

🗞️ intellisec.de/pubs/2025-nd...

Congrats Liam and Julian 💪🥟, and thank you @gannimo.bsky.social and @tregua.bsky.social for the collaboration!
intellisec.de
1 2 12
chwress.bsky.social
Christian Wressnegger @chwress.bsky.social · Feb 21
Qi is going to present our method, HARVEY, in Philadelphia at #AAAI2025 on Sunday March 2, 2pm. See you there! 😎 (5/5)

🌐 https://aaai.org/conference/aaai/aaai-25/program-overview/
aaai.org
chwress.bsky.social
Christian Wressnegger @chwress.bsky.social · Feb 21
In doing so, we not only excel in backdoor removal with a *worst case* remaining ASR of 0.48% (on Tiny-ImageNet with a ResNet34) but also in maintaining accuracy on the primary task of 56.65% (no defense) and 56.31% (HARVEY) *in the worst case* across different backdooring attacks. (4/5)
1
chwress.bsky.social
Christian Wressnegger @chwress.bsky.social · Feb 21
Our method refines this reference model thru a combination of splitting poisonous and benign samples, learning on poisonous and unlearning benign samples, and splitting the dataset again over multiple rounds. Eventually, we use the samples from the final split to train a perfectly benign model (3/5)
1
chwress.bsky.social
Christian Wressnegger @chwress.bsky.social · Feb 21
The idea is to remove poisonous samples that might introduce a backdoor during training. While learning a benign model is difficult in this setting, it is rather easy to learn a strongly backdoored model. This strongly backdoored model can serve as an oracle to find poisonous samples (2/5)
1
chwress.bsky.social
Christian Wressnegger @chwress.bsky.social · Feb 21
I'm happy to share that our paper "Learning the Backdoor to Remove the Backdoor" got accepted at #AAAI2025 as oral presentation (top 5%). Great job @qzhao903.bsky.social 💪 @kastel-labs.bsky.social @kit.edu (1/5)

🗞️ https://intellisec.de/pubs/2025-aaai.pdf
💻️ https://intellisec.de/research/harvey
1 4 5
Reposted by Christian Wressnegger
lcheylus.bsky.social
Laurent Cheylus @lcheylus.bsky.social · Feb 4
hyperfine: a command-line benchmarking Tool, written in Rust - Very useful to bench and compare performance of tools - Project by David Peter https://github.com/sharkdp/hyperfine
2 2
Reposted by Christian Wressnegger
ading.dev
ading.dev @ading.dev · Jan 31
I got Linux running in a PDF file using a RISC-V emulator.

PDFs support Javascript, so Emscripten is used to compile the TinyEMU emulator to asm.js, which runs in the PDF. It boots in about 30 seconds and emulates a riscv32 buildroot system.

linux.doompdf.dev/linux.pdf
github.com/ading2210/li...
12 130 310
Reposted by Christian Wressnegger
chwress.bsky.social
Christian Wressnegger @chwress.bsky.social · Jan 27
The additional "ess" is a typo, though, and the bsky account unrelated 🫠 However, fun fact: ESS is the acronym of the underlying Helmholtz topic of our beloved KASTEL Security Research Labs -> @kastel-labs.bsky.social 😎
2 2
chwress.bsky.social
Christian Wressnegger @chwress.bsky.social · Jan 27
The additional "ess" is a typo, though, and the bsky account unrelated 🫠 However, fun fact: ESS is the acronym of the underlying Helmholtz topic of our beloved KASTEL Security Research Labs -> @kastel-labs.bsky.social 😎
2 2