DOPE: DOmain Protection Enforcement with PKS @ ACSAC 2023

Chrowned by an Extension: Abusing the Chrome DevTools Protocol through the Debugger API @ Euro S&P 2023

SoK: The Long Journey of Exploiting and Defending the Legacy of King Harald Bluetooth @ IEEE S&P 2024

Your Firmware Has Arrived: A Study of Firmware Update Vulnerabilities @ USENIX Security 2024

Optical Cryptanalysis: Recovering Cryptographic Keys from Power LED Light Fluctuations @ CCS 2023

Injection Attacks Against End-to-End Encrypted Applications @ IEEE S&P 2024

Passive SSH Key Compromise via Lattices @ CCS 2023

DeMistify: Identifying On-device Machine Learning Models Stealing and Reuse Vulnerabilities in Mobile Apps @ ICSE 2024

The Janus Interface: How Fine-Tuning in Large Language Models Amplifies the Privacy Risks