AppSec is the Applied Security Research Group (also known as ISIS ) at SBA Research. Our main research interests focus on the improvement of Systems, IoT and Hardware Security & Privacy.

If you are a Student at TU Wien or the University of Vienna and are interested to do a BSc, MSc or maybe even a PhD with us, take a look at our research topics and projects and feel free to contact us.
If CTFs are your thing, come and join us at We0wnY0u.
Watch out for news & stuff on our blog.
Check our publications page to get more infos on finished papers and student theses.

Interests

Research and other activities

Our work touches on several different topics, from software, through firmware down to hardware. We work on methods to help with the analysis and reverse engineering of software and firmware for the purpose of identifying bugs as well as analysing privacy implications. Furthermore, we are interested in Methods that can be used to extract information from hardware and allow deeper analysis. Analysing such systems provides deeper insights and helps with strengthening security and privacy for end users.

Apart from research activities, we are furthermore involved in teaching lectures at TU Wien and the University of Vienna and are active in CTFs.

See all

Blog & Stuff

Things we’d like to share

A round of Hacker Jeopardy

About 1 week ago TU Wien hosted an International Ethical Hacking Bootcamp for the participants of the European Cyber Security Challenge (ECSC). For the participants it was 3 days of interesting talks, tutorials and CTF challenge solving.

Georg Merzdovnik, Michael Pucher

Jun 17, 2024 Hacker Jeopardy

Ghidra Extension Development

As we didn’t want to use Eclipse for Ghidra extension development and Eclipse sometimes didn’t work out of the box either as we wanted it to, this blog post covers some of the things we tried that might be obvious to others, but haven’t been previously documented as such.

Michael Pucher

Jul 31, 2023 Reverse Engineering, Ghidra

IoT Firmware Emulation with Qemu

While working on a case study, we needed to emulate various firmware samples with their included web service. In this blog post, we are going to take a look at some of them. In addition, a primer on how to approach the analysis of such firmware samples is given.

Sebastian Dietz

Mar 15, 2022 Firmware, Qemu

Publications

Papers & Theses from us and our students

Concealed Honeypots: Developing a Tunneling System. Michael Mente (2024). University of Vienna. Master Thesis.

Fuzzing Embedded Protocols. Martin Szewieczek (2023). TU Wien. Master Thesis.

Malware Detection Evasion using IO Uring. Kondrashov Dmytro (2023). TU Wien. Bachelor Thesis.

GRIEviOS: Generating RandomInput Events for iOS app analysis. Hannes Hauer (2023). TU Wien. Bachelor Thesis.

Faulting RISC-V - Comparing the Fault Resilience of the RISC-V Instruction Set Architecture. Philipp Eichinger (2023). TU Wien. Bachelor Thesis.

See all publications