2024

  1. SoK: SSO-MONITOR — The Current State and Future Research Directions in Single Sign-On Security Measurements
    Louis Jannett, Maximilian Westers, Tobias Wich, Christian Mainka, Andreas Mayer, and Vladislav Mladenov
    In European Symposium on Security and Privacy (Euro S&P), Vienna, Austria, accepted papers: 45/208 = 22%, Jul 2024
  2. IJSE
    Examining the Impact of Video Production Quality and Presenter Identity in Science Communication on Knowledge Acquisition and Attitude Change
    Valentina Nachtigall, Maximilian Krug, Frédéric Kracht, Christian Mainka, Fatih Özcan, Sven Reichenberger, Gerrit Renner, and Daniel Siegmund
    Oct 2024

2023

  1. CCS
    Finding All Cross-Site Needles in the DOM Stack: A Comprehensive Methodology for the Automatic XS-Leak Detection in Web Browsers
    Dominik Noß, Lukas Knittel, Christian Mainka, Marcus Niemietz, and Jörg Schwenk
    In ACM SIGSAC Conference on Computer and Communications Security, Copenhagen, Denmark, accepted papers: 234/1222 = 19%, Nov 2023
  2. Every Signature Is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures
    Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Daniel Hirschberger, and Jörg Schwenk
    In USENIX Security Symposium, Anaheim, CA, USA, accepted papers: 419/1444 = 29%, Aug 2023
  3. DuD
    Die Financial-grade API (FAPI): PSD2-konforme Absicherung von APIs im Finanzsektor
    Johanna Schenkel, and Christian Mainka
    Mar 2023
  4. arXiv
    SSO-Monitor: Fully-Automatic Large-Scale Landscape, Security, and Privacy Analyses of Single Sign-On in the Wild
    Maximilian Westers, Tobias Wich, Louis Jannett, Vladislav Mladenov, Christian Mainka, and Andreas Mayer
    Feb 2023

2022

  1. CCS
    DISTINCT: Identity Theft Using In-Browser Communications in Dual-Window Single Sign-On
    Louis Jannett, Vladislav Mladenov, Christian Mainka, and Jörg Schwenk
    In ACM SIGSAC Conference on Computer and Communications Security, Los Angeles, CA, USA, accepted papers: 218/971 = 22%, Nov 2022
  2. Oops... Code Execution and Content Spoofing: The First Comprehensive Analysis of OpenDocument Signatures
    Simon Rohlmann, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
    In USENIX Security Symposium, Boston, MA, USA, accepted papers: 256/1492 = 17%, Aug 2022

2021

  1. CCS
    2021_xsinator.png
    XSinator.Com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers
    Lukas Knittel, Christian Mainka, Marcus Niemietz, Dominik Noß, and Jörg Schwenk
    In ACM SIGSAC Conference on Computer and Communications Security, Seoul, South Korea (Virtual Conference), accepted papers: 196/879 = 22%, Nov 2021
  2. Shadow Attacks: Hiding and Replacing Content in Signed PDFs
    Christian Mainka, Vladislav Mladenov, and Simon Rohlmann
    In Network and Distributed System Security Symposium, Virtual Conference, accepted papers: 87/573 = 15%, Feb 2021
  3. Processing Dangerous Paths - On Security and Privacy of the Portable Document Format
    Jens Müller, Dominik Noß, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
    In Network and Distributed System Security Symposium, Virtual Conference, accepted papers: 87/573 = 15%, Feb 2021
  4. arXiv
    Over 100 Bugs in a Row: Security Analysis of the Top-Rated Joomla Extensions
    Marcus Niemietz, Mario Korth, Christian Mainka, and Juraj Somorovsky
    Feb 2021
  5. S&P
    Breaking the Specification: PDF Certification
    Simon Rohlmann, Vladislav Mladenov, Christian Mainka, and Jörg Schwenk
    In IEEE Symposium on Security and Privacy (S&P), Virtual Conference, accepted papers: 115/952 = 12%, May 2021

2020

  1. WOOT
    Office Document Security and Privacy
    Jens Müller, Fabian Ising, Christian Mainka, Vladislav Mladenov, and Sebastian Schinzel
    In USENIX Workshop on Offensive Technologies (WOOT), Virtual Conference, accepted papers: 12/36 = 33%, May 2020

2019

  1. CCS
    2019_csaw.jpg
    1 Trillion Dollar Refund: How To Spoof PDF Signatures
    Vladislav Mladenov, Christian Mainka,  Karsten Meyer zu Selhausen, Martin Grothe, and Jörg Schwenk
    In ACM SIGSAC Conference on Computer and Communications Security, London, United Kingdom, accepted papers: 149/933 = 16%, Nov 2019
  2. CCS
    Practical Decryption exFiltration: Breaking PDF Encryption
    Jens Müller, Fabian Ising, Vladislav Mladenov, Christian Mainka, Sebastian Schinzel, and Jörg Schwenk
    In ACM SIGSAC Conference on Computer and Communications Security, London, United Kingdom, accepted papers: 149/933 = 16%, Nov 2019

2018

  1. More Is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema
    Paul Rösler, Christian Mainka, and Jörg Schwenk
    In European Symposium on Security and Privacy (Euro S&P), London, United Kingdom, accepted papers: 33/144 = 23%, Nov 2018

2017

  1. ROOTS
    On the (in-)Security of JavaScript Object Signing and Encryption
    Dennis Detering, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
    In ROOTS: Proceedings of the 1st Reversing and Offensive-Oriented Trends Symposium, accepted papers: 8/13 = 62%, Nov 2017
  2. SECRET: On the Feasibility of a Secure, Efficient, and Collaborative Real-Time Web Editor
    Dennis Felsch, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
    In ACM Asia Conference on Computer and Communications Security (ASIACCS), Abu Dhabi, UAE, accepted papers: 71/359 = 20%, Apr 2017
  3. SoK: Single Sign-On Security – An Evaluation of OpenID Connect
    Christian Mainka, Vladislav Mladenov, Tobias Wich, and Jörg Schwenk
    In European Symposium on Security and Privacy (Euro S&P), Parice, France, accepted papers: 38/194 = 20%, Apr 2017
  4. ePrint
    More Is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema
    Paul Rösler, Christian Mainka, and Jörg Schwenk
    Apr 2017
  5. Same-Origin Policy: Evaluation in Modern Browsers
    Jörg Schwenk, Marcus Niemietz, and Christian Mainka
    In USENIX Security Symposium, Vancouver, BC, Canada, accepted papers: 85/572 = 15%, Apr 2017

2016

  1. How Secure Is TextSecure?
    Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Jörg Schwenk, and Thorsten Holz
    In European Symposium on Security and Privacy (Euro S&P), Saarbrücken, Germany, accepted papers: 29/169 = 17%, Mar 2016
  2. WOOT
    How to Break Microsoft Rights Management Services
    Martin Grothe, Christian Mainka, Paul Rösler, and Jörg Schwenk
    In USENIX Workshop on Offensive Technologies (WOOT), Austin, TX, USA, accepted papers: 21/44 = 47%, Aug 2016
  3. Your Cloud in My Company: Modern Rights Management Services Revisited
    Martin Grothe, Paul Rösler, Johanna Jupke, Jan Kaiser, Christian Mainka, and Jörg Schwenk
    In International Conference on Availability, Reliability and Security (ARES), Salzburg, Austria, accepted papers: 21/85 = 25%, Aug 2016
  4. Do Not Trust Me: Using Malicious IdPs for Analyzing and Attacking Single Sign-On
    Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
    In European Symposium on Security and Privacy (Euro S&P), Saarbrücken, Germany, accepted papers: 29/169 = 17%, Aug 2016
  5. arXiv
    On the Security of Modern Single Sign-On Protocols: Second-Order Vulnerabilities in OpenID Connect
    Vladislav Mladenov, Christian Mainka, and Jörg Schwenk
    Jan 2016
  6. WOOT
    SoK: XML Parser Vulnerabilities
    Christopher Späth, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
    In USENIX Workshop on Offensive Technologies (WOOT), Austin, TX, USA, accepted papers: 21/44 = 47%, Aug 2016
  7. PhD Thesis
    On Message-Level Security
    Christian Mainka
    Dec 2016

2015

  1. QASA
    AdIDoS – Adaptive and Intelligent Fully-Automatic Detection of Denial-of-Service Weaknesses in Web Services
    Christian Altmeier, Christian Mainka, Juraj Somorovsky, and Jörg Schwenk
    In International Workshop on Quantitative Aspects of Security Assurance (QASA), Vienna, Austria, Sep 2015
  2. WOOT
    How to Break XML Encryption – Automatically
    Dennis Kupser, Christian Mainka, Juraj Somorovsky, and Jörg Schwenk
    In USENIX Workshop on Offensive Technologies (WOOT), Washington, D.C., USA, accepted papers: 20/57 = 35%, Aug 2015
  3. OIS
    Automatic Recognition, Processing and Attacking of Single Sign-on Protocols with Burp Suite
    Christian Mainka, Vladislav Mladenov, Tim Guenther, and Jörg Schwenk
    In Open Identity Summit, Nov 2015
  4. SIOT
    Not so Smart: On Smart TV Apps
    Marcus Niemietz, Juraj Somorovsky, Christian Mainka, and Jörg Schwenk
    In International Workshop on Secure Internet of Things (SIoT), Vienna, Austria, Nov 2015

2014

  1. ePrint
    How Secure Is TextSecure?
    Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Joerg Schwenk, and Thorsten Holz
    Nov 2014
  2. arXiv
    Do Not Trust Me: Using Malicious IdPs for Analyzing and Attacking Single Sign-On
    Christian Mainka, Vladislav Mladenov, and Jörg Schwenk
    Dec 2014
  3. CCSW
    Your Software at My Service: Security Analysis of SaaS Single Sign-on Solutions in the Cloud
    Christian Mainka, Vladislav Mladenov, Florian Feldmann, Julian Krautwald, and Jörg Schwenk
    In Proceedings of the 6th Edition of the ACM Workshop on Cloud Computing Security, Scottsdale, Arizona, USA, Oct 2014

2013

  1. ZEUS
    A New Approach for WS-Policy Intersection Using Partial Ordered Sets
    Abeer Elsafie, Christian Mainka, and Jörg Schwenk
    In Services and Their Composition (ZEUS), Rostock, Germany, Feb 2013
  2. A New Approach towards DoS Penetration Testing on Web Services
    Andreas Falkenberg, Christian Mainka, Juraj Somorovsky, and Jörg Schwenk
    In International Conference on Web Services (ICWS), Santa Clara, CA, USA, accepted papers: 91/479 = 19%, Jun 2013
  3. PenTestMag
    Current Threats to Web Services and Other XML-based Services
    Christian Mainka, and Vladislav Mladenov
    Mar 2013
  4. ESSoS
    Penetration Test Tool for XML-based Web Services
    Christian Mainka, Vladislav Mladenov, Juraj Somorovsky, and Jörg Schwenk
    In ESSoS Doctoral Symposium, Feb 2013
  5. Bachelor
    Developing a Security Analysis Tool for OpenID-based Single Sign-on Systems
    Christian Mainka
    Nov 2013

2012

  1. DuD
    XML Signature Wrapping Angriffe wirksam unterbinden
    Meiko Jensen, Holger Junker, Luigi Lo Iacono, Christian Mainka, and Jörg Schwenk
    Apr 2012
  2. Penetration Testing Tool for Web Services Security
    Christian Mainka, Juraj Somorovsky, and Jörg Schwenk
    In World Congress on Services (SERVICES), Honolulu, HI, USA, Jun 2012
  3. CLOSER
    XSpRES: Robust and Effective XML Signatures for Web Services
    Christian Mainka, Meiko Jensen, Luigi Lo Iacono, and Jörg Schwenk
    In International Conference on Cloud Computing and Services Science (CLOSER), Porto, Portugal, accepted papers: 15/145 = 10%, Apr 2012
  4. Master
    Automatic Penetration Test Tool for Detection of XML Signature Wrapping Attacks in Web Services
    Christian Mainka
    May 2012

2010

  1. Bachelor
    Implementing a Modular Framework for Web Services Penetration Testing
    Christian Mainka
    Nov 2010