|
Nick Nikiforakis
|
Interno |
Passing Juice |
|
Lab
|
Interno |
Passing Juice |
|
Video Presentations
|
Interno |
Passing Juice |
|
Teaching
|
Interno |
Passing Juice |
|
News
|
Interno |
Passing Juice |
|
Publications
|
Interno |
Passing Juice |
|
Magazine Articles
|
Interno |
Passing Juice |
|
Service
|
Interno |
Passing Juice |
|
Blog
|
Interno |
Passing Juice |
|
CV
|
Interno |
Passing Juice |
|
Department of Computer Science
|
Externo |
Passing Juice |
|
Stony Brook University
|
Externo |
Passing Juice |
|
Ph.D.
|
Interno |
Passing Juice |
|
CSE 361, Web Security
|
Interno |
Passing Juice |
|
NSA Annual Best Scientific Cybersecurity paper award!
|
Externo |
Passing Juice |
|
malware sandbox evasion
|
Interno |
Passing Juice |
|
CSAW 2017
|
Externo |
Passing Juice |
|
wrote
|
Externo |
Passing Juice |
|
RAID 2017
|
Externo |
Passing Juice |
|
eCrime 2017
|
Externo |
Passing Juice |
|
Online Privacy and Web Transparency
|
Externo |
Passing Juice |
|
By Year
|
Interno |
Passing Juice |
|
By Subject
|
Interno |
Passing Juice |
|
Google Scholar
|
Externo |
Passing Juice |
|
Infrastructure as Compromise: Abusing Residual Trust in Infrastructure as Code Tools
|
Interno |
Passing Juice |
|
Uncontained Danger: Quantifying Remote Dependencies in Containerized Applications
|
Interno |
Passing Juice |
|
What Gets Measured Gets Managed: Mitigating Supply Chain Attacks with a Link Integrity Management System
|
Interno |
Passing Juice |
|
The Power to Never Be Wrong: Evasions and Anachronistic Attacks Against Web Archives
|
Interno |
Passing Juice |
|
A Decade-long Landscape of Advanced Persistent Threats: Longitudinal Analysis and Global Trends
|
Interno |
Passing Juice |
|
Time for Actions: A Longitudinal Study of the GitHub Actions Marketplace
|
Interno |
Passing Juice |
|
Doubly Dangerous: Evading Phishing Reporting Systems by Leveraging Email Tracking Techniques
|
Interno |
Passing Juice |
|
Lost in the Mists of Time: Expirations in DNS Footprints of Mobile Apps
|
Interno |
Passing Juice |
|
The Poorest Man in Babylon: A Longitudinal Study of Cryptocurrency Investment Scams
|
Interno |
Passing Juice |
|
Ready or Not, Here I Come: Characterizing the Security of Prematurely-public Web Applications
|
Interno |
Passing Juice |
|
Paper Artifacts
|
Externo |
Passing Juice |
|
Harnessing Multiplicity: Granular Browser Extension Fingerprinting through User Configurations
|
Interno |
Passing Juice |
|
Panning for gold.eth: Understanding and Analyzing ENS Domain Dropcatching
|
Interno |
Passing Juice |
|
Paper Artifacts
|
Externo |
Passing Juice |
|
Typosquatting 3.0: Characterizing Squatting in Blockchain Naming Systems
|
Externo |
Passing Juice |
|
Paper Artifacts
|
Externo |
Passing Juice |
|
Fast Company
|
Externo |
Passing Juice |
|
The Debrief
|
Externo |
Passing Juice |
|
CoinTrust
|
Externo |
Passing Juice |
|
SBU News
|
Externo |
Passing Juice |
|
Smudged Fingerprints: Characterizing and Improving the Performance of Web Application Fingerprinting
|
Interno |
Passing Juice |
|
Paper Artifacts
|
Externo |
Passing Juice |
|
Knocking on Admin's Door: Protecting Critical Web Applications with Deception
|
Interno |
Passing Juice |
|
Paper Artifacts
|
Externo |
Passing Juice |
|
Secrets are forever: Characterizing sensitive file leaks on IPFS
|
Interno |
Passing Juice |
|
Manufactured Narratives: On the Potential of Manipulating Social Media to Politicize World Events
|
Interno |
Passing Juice |
|
The Times They Are A-Changin': Characterizing Post-Publication Changes to Online News
|
Interno |
Passing Juice |
|
Paper artifacts
|
Externo |
Passing Juice |
|
Like, Comment, Get Scammed: Characterizing Comment Scams on Media Platforms
|
Interno |
Passing Juice |
|
Paper Artifacts
|
Externo |
Passing Juice |
|
AnimateDead: Debloating Web Applications Using Concolic Execution
|
Interno |
Passing Juice |
|
Paper artifacts
|
Externo |
Passing Juice |
|
Minimalist: Semi-automated Debloating of PHP Web Applications through Static Analysis
|
Interno |
Passing Juice |
|
Paper artifacts
|
Externo |
Passing Juice |
|
The More Things Change, the More They Stay the Same: Integrity of Modern JavaScript
|
Interno |
Passing Juice |
|
Paper artifacts
|
Externo |
Passing Juice |
|
Scan Me If You Can: Understanding and Detecting Unwanted Vulnerability Scanning
|
Interno |
Passing Juice |
|
Paper artifacts
|
Externo |
Passing Juice |
|
Role Models: Role-based Debloating for Web Applications
|
Interno |
Passing Juice |
|
Paper artifacts
|
Externo |
Passing Juice |
|
Double and Nothing: Understanding and Detecting Cryptocurrency Giveaway Scams
|
Interno |
Passing Juice |
|
Paper artifacts
|
Externo |
Passing Juice |
|
Navigating Murky Waters: Automated Browser Feature Testing for Uncovering Tracking Vectors
|
Interno |
Passing Juice |
|
Paper artifacts
|
Externo |
Passing Juice |
|
Escaping the Confines of Time: Continuous Browser Extension Fingerprinting Through Ephemeral Modifications
|
Interno |
Passing Juice |
|
Uninvited Guests: Analyzing the Identity and Behavior of Certificate Transparency Bots
|
Interno |
Passing Juice |
|
Paper artifacts
|
Externo |
Passing Juice |
|
The Dangers of Human Touch: Fingerprinting Browser Extensions through User Actions
|
Interno |
Passing Juice |
|
Verba Volant, Scripta Volant: Understanding Post-publication Title Changes in News Outlets
|
Interno |
Passing Juice |
|
Paper artifacts
|
Externo |
Passing Juice |
|
The Droid is in the Details: Environment-aware Evasion of Android Sandboxes
|
Interno |
Passing Juice |
|
Domains Do Change Their Spots: Quantifying Potential Abuse of Residual Trust
|
Interno |
Passing Juice |
|
Catching Transparent Phish: Analyzing and Detecting MITM Phishing Toolkits
|
Interno |
Passing Juice |
|
Paper artifacts
|
Externo |
Passing Juice |
|
The Hacker News
|
Externo |
Passing Juice |
|
Slashdot
|
Externo |
Passing Juice |
|
The Record
|
Externo |
Passing Juice |
|
Gizmodo
|
Externo |
Passing Juice |
|
CyberNews
|
Externo |
Passing Juice |
|
MalwareBytes
|
Externo |
Passing Juice |
|
Avast
|
Externo |
Passing Juice |
|
Good Bot, Bad Bot: Characterizing Automated Browsing Activity
|
Interno |
Passing Juice |
|
Click This, Not That: Extending Web Authentication with Deception
|
Interno |
Passing Juice |
|
Where are you taking me? Understanding Abusive Traffic Distribution Systems
|
Interno |
Passing Juice |
|
To Err.Is Human: Characterizing the Threat of Unintended URLs in Social Media
|
Interno |
Passing Juice |
|
Fingerprinting in Style: Detecting Browser Extensions via Injected Style Sheets
|
Interno |
Passing Juice |
|
Paper artifacts
|
Externo |
Passing Juice |
|
You've Changed: Detecting Malicious Browser Extensions through their Update Deltas
|
Interno |
Passing Juice |
|
Web Runner 2049: Evaluating Third-Party Anti-bot Services
|
Interno |
Passing Juice |
|
Taming The Shape Shifter: Detecting Anti-fingerprinting Browsers
|
Interno |
Passing Juice |
|
Need for Mobile Speed: A Historical Study of Mobile Web Performance
|
Interno |
Passing Juice |
|
Meddling Middlemen: Empirical Analysis of the Risks of Data-Saving Mobile Browsers
|
Interno |
Passing Juice |
|
Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies
|
Interno |
Passing Juice |
|
Now You See It, Now You Don't: A Large-scale Analysis of Early Domain Deletions
|
Interno |
Passing Juice |
|
Less is More: Quantifying the Security Benefits of Debloating Web Applications
|
Interno |
Passing Juice |
|
Paper artifacts
|
Externo |
Passing Juice |
|
Everyone is Different: Client-side Diversification for Defending Against Extension Fingerprinting
|
Interno |
Passing Juice |
|
Morellian Analysis for Browsers: Making Web Authentication Stronger With Canvas Fingerprinting
|
Interno |
Passing Juice |
|
Paper artifacts
|
Externo |
Passing Juice |
|
Purchased Fame: Exploring the Ecosystem of Private Blog Networks
|
Interno |
Passing Juice |
|
Unnecessarily Identifiable: Quantifying the fingerprintability of browser extensions due to bloat
|
Interno |
Passing Juice |
|
Time Does Not Heal All Wounds: A Longitudinal Analysis of Security-Mechanism Support in Mobile Browsers
|
Interno |
Passing Juice |
|
PrivacyMeter: Designing and Developing a Privacy-Preserving Browser Extension
|
Interno |
Passing Juice |
|
Panning for gold.com: Understanding the dynamics of domain dropcatching
|
Interno |
Passing Juice |
|
Betrayed by Your Dashboard: Discovering Malicious Campaigns via Web Analytics
|
Interno |
Passing Juice |
|
Exposing Search and Advertisement Abuse Tactics and Infrastructure of Technical Support Scammers
|
Interno |
Passing Juice |
|
Picky Attackers: Quantifying the Role of System Properties on Intruder Behavior
|
Interno |
Passing Juice |
|
Hindsight: Understanding the Evolution of UI Vulnerabilities in Mobile Browsers
|
Interno |
Passing Juice |
|
The Wolf of Name Street: Hijacking Domains Through Their Nameservers
|
Interno |
Passing Juice |
|
Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse
|
Interno |
Passing Juice |
|
XHOUND: Quantifying the Fingerprintability of
Browser Extensions
|
Interno |
Passing Juice |
|
Extended Tracking Powers: Measuring the Privacy Diffusion Enabled by Browser Extensions
|
Interno |
Passing Juice |
|
What's in a Name? Understanding Profile Name Reuse on Twitter
|
Interno |
Passing Juice |
|
Block Me If You Can: A Large-Scale Study of Tracker-Blocking Tools
|
Interno |
Passing Juice |
|
Dial One for Scam: A Large-Scale Analysis of Technical Support Scams
|
Interno |
Passing Juice |
|
Slashdot
|
Externo |
Passing Juice |
|
Sophos
|
Externo |
Passing Juice |
|
OnTheWire
|
Externo |
Passing Juice |
|
Why Allowing Profile Name Reuse Is A Bad Idea
|
Interno |
Passing Juice |
|
No Honor Among Thieves: A Large-Scale Analysis of Malicious Web Shells
|
Interno |
Passing Juice |
|
It's Free for a Reason: Exploring the Ecosystem of Free Live Streaming Services
|
Interno |
Passing Juice |
|
BBC
|
Externo |
Passing Juice |
|
Wired
|
Externo |
Passing Juice |
|
Fortune
|
Externo |
Passing Juice |
|
Phys
|
Externo |
Passing Juice |
|
HelpNetSecurity
|
Externo |
Passing Juice |
|
Financial Express
|
Externo |
Passing Juice |
|
International Business Times
|
Externo |
Passing Juice |
|
Washington Times
|
Externo |
Passing Juice |
|
Are You Sure You Want to Contact Us? Quantifying the Leakage of PII via Website Contact Forms
|
Interno |
Passing Juice |
|
The Clock is Still Ticking: Timing Attacks in the Modern Web
|
Interno |
Passing Juice |
|
Maneuvering Around
Clouds: Bypassing Cloud-based Security Providers
|
Interno |
Passing Juice |
|
TheRegister
|
Externo |
Passing Juice |
|
Akamai Blog
|
Externo |
Passing Juice |
|
Incapsula
|
Externo |
Passing Juice |
|
SCMagazine
|
Externo |
Passing Juice |
|
AT&T ThreatTraq
|
Externo |
Passing Juice |
|
TechRepublic
|
Externo |
Passing Juice |
|
Drops for Stuff: An Analysis of Reshipping Mule Scams
|
Interno |
Passing Juice |
|
KrebsOnSecurity.com
|
Externo |
Passing Juice |
|
Slashdot
|
Externo |
Passing Juice |
|
PriVaricator: Deceiving fingerprinters with Little White Lies
|
Interno |
Passing Juice |
|
Observer
|
Externo |
Passing Juice |
|
Parking Sensors: Analyzing and Detecting Parked Domains
|
Interno |
Passing Juice |
|
Seven Months' Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse
|
Interno |
Passing Juice |
|
TheRegister
|
Externo |
Passing Juice |
|
Net-Security
|
Externo |
Passing Juice |
|
Register.be
|
Externo |
Passing Juice |
|
World Trademark Review
|
Externo |
Passing Juice |
|
Soundsquatting: Uncovering the use of homophones in domain squatting
|
Interno |
Passing Juice |
|
World Trademark Review
|
Externo |
Passing Juice |
|
Clubbing Seals: Exploring the Ecosystem of Third-party Security Seals
|
Interno |
Passing Juice |
|
TheRegister
|
Externo |
Passing Juice |
|
Softpedia
|
Externo |
Passing Juice |
|
Ars Technica
|
Externo |
Passing Juice |
|
Security Analysis of the Chinese Web: How well is it protected?
|
Interno |
Passing Juice |
|
Crying Wolf? On the Price Discrimination of Online Airline Tickets
|
Interno |
Passing Juice |
|
Secure multi-execution of web scripts: Theory and practice
|
Interno |
Passing Juice |
|
Monkey-in-the-browser: Malware and vulnerabilities in augmented browsing script markets
|
Interno |
Passing Juice |
|
Stranger Danger: Exploring the Ecosystem of Ad-based URL Shortening Services
|
Interno |
Passing Juice |
|
A Dangerous Mix: Large-scale analysis of mixed-content websites
|
Interno |
Passing Juice |
|
FPDetective: Dusting the web for fingerprinters
|
Interno |
Passing Juice |
|
HeapSentry: Kernel-assisted Protection against Heap Overflows
|
Interno |
Passing Juice |
|
Bitsquatting: Exploiting bit-flips for fun, or profit?
|
Interno |
Passing Juice |
|
Cookieless Monster: Exploring the Ecosystem of Web-based Device Fingerprinting
|
Interno |
Passing Juice |
|
TabShots: Client-side detection of tabnabbing attacks
|
Interno |
Passing Juice |
|
You Are What You Include: Large-scale Evaluation of Remote JavaScript Inclusions
|
Interno |
Passing Juice |
|
FlowFox: a Web Browser with Flexible and Precise Information Flow Control
|
Interno |
Passing Juice |
|
There is Safety in Numbers: Preventing Control-Flow Hijacking by Duplication
|
Interno |
Passing Juice |
|
DEMACRO: Defense against Malicious Cross-domain Requests
|
Interno |
Passing Juice |
|
Serene: Self-Reliant Client-Side Protection against Session Fixation
|
Interno |
Passing Juice |
|
Exploring the Ecosystem of Referrer-Anonymizing Services
|
Interno |
Passing Juice |
|
Recent Developments in Low-Level Software Security
|
Interno |
Passing Juice |
|
FlashOver: Automated Discovery of Cross-site Scripting Vulnerabilities in Rich Internet Applications
|
Interno |
Passing Juice |
|
HyperForce: Hypervisor-enForced Execution of Security-Critical Code
|
Interno |
Passing Juice |
|
RIPE: Runtime Intrusion Prevention Evaluator
|
Interno |
Passing Juice |
|
Paper artifacts
|
Externo |
Passing Juice |
|
Hello rootKitty: A lightweight invariance-enforcing framework
|
Interno |
Passing Juice |
|
Paper artifacts
|
Externo |
Passing Juice |
|
Abusing Locality in Shared Web Hosting
|
Interno |
Passing Juice |
|
Exposing the Lack of Privacy in File Hosting Services
|
Interno |
Passing Juice |
|
TheRegister
|
Externo |
Passing Juice |
|
SlashDot
|
Externo |
Passing Juice |
|
ZDNet
|
Externo |
Passing Juice |
|
Net-Security
|
Externo |
Passing Juice |
|
Security Now - Episode 300
|
Externo |
Passing Juice |
|
Ere-Security
|
Externo |
Passing Juice |
|
SessionShield: Lightweight Protection against Session Hijacking
|
Interno |
Passing Juice |
|
ValueGuard: Protection of native applications against data-only buffer overflows
|
Interno |
Passing Juice |
|
HProxy: Client-side detection of SSL stripping attacks
|
Interno |
Passing Juice |
|
Monitoring three National Research Networks for Eight Weeks:
Observations and Implications
|
Interno |
Passing Juice |
|
Alice, what did you do last time? Fighting Phishing Using Past Activity Tests
|
Interno |
Passing Juice |
|
Protected Web Components: Hiding Sensitive Information in the Shadows
|
Externo |
Passing Juice |
|
Browse at your own risk
|
Externo |
Passing Juice |
|
Direct Object Reference or, How a Toddler can hack your Web application
|
Interno |
Passing Juice |
|
IPv6 Resiliency Study
|
Interno |
Passing Juice |
|
TheRegister
|
Externo |
Passing Juice |
|
2025
|
Externo |
Passing Juice |
|
2024
|
Externo |
Passing Juice |
|
2024
|
Externo |
Passing Juice |
|
2023
|
Externo |
Passing Juice |
|
2023
|
Externo |
Passing Juice |
|
2022
|
Externo |
Passing Juice |
|
2020
|
Externo |
Passing Juice |
|
2020
|
Externo |
Passing Juice |
|
2019
|
Externo |
Passing Juice |
|
2015
|
Externo |
Passing Juice |
|
2019
|
Externo |
Passing Juice |
|
2017
|
Externo |
Passing Juice |
|
2018
|
Externo |
Passing Juice |
|
2019
|
Externo |
Passing Juice |
|
2020
|
Externo |
Passing Juice |
|
2025
|
Externo |
Passing Juice |
|
2015
|
Externo |
Passing Juice |
|
2016
|
Externo |
Passing Juice |
|
2017
|
Externo |
Passing Juice |
|
2020
|
Externo |
Passing Juice |
|
2021
|
Externo |
Passing Juice |
|
2022
|
Externo |
Passing Juice |
|
2024
|
Externo |
Passing Juice |
|
2025
|
Externo |
Passing Juice |
|
2015
|
Externo |
Passing Juice |
|
2016
|
Externo |
Passing Juice |
|
2018
|
Externo |
Passing Juice |
|
2021
|
Externo |
Passing Juice |
|
2022
|
Externo |
Passing Juice |
|
2025
|
Externo |
Passing Juice |
|
2019
|
Externo |
Passing Juice |
|
2020
|
Externo |
Passing Juice |
|
2021
|
Externo |
Passing Juice |
|
2023
|
Externo |
Passing Juice |
|
2024
|
Externo |
Passing Juice |
|
2015
|
Externo |
Passing Juice |
|
2016
|
Externo |
Passing Juice |
|
2017
|
Externo |
Passing Juice |
|
2018
|
Externo |
Passing Juice |
|
2019
|
Externo |
Passing Juice |
|
2020
|
Externo |
Passing Juice |
|
2022
|
Externo |
Passing Juice |
|
2023
|
Externo |
Passing Juice |
|
2024
|
Externo |
Passing Juice |
|
2016
|
Externo |
Passing Juice |
|
2017
|
Externo |
Passing Juice |
|
2022
|
Externo |
Passing Juice |
|
2023
|
Externo |
Passing Juice |
|
2024
|
Externo |
Passing Juice |
|
2017
|
Externo |
Passing Juice |
|
2020
|
Externo |
Passing Juice |
|
2021
|
Externo |
Passing Juice |
|
2022
|
Externo |
Passing Juice |
|
2023
|
Externo |
Passing Juice |
|
2015
|
Externo |
Passing Juice |
|
2017
|
Externo |
Passing Juice |
|
2018
|
Externo |
Passing Juice |
|
2022
|
Externo |
Passing Juice |
|
2023
|
Externo |
Passing Juice |
|
2021
|
Externo |
Passing Juice |
|
2022
|
Externo |
Passing Juice |
|
2023
|
Externo |
Passing Juice |
|
2021
|
Externo |
Passing Juice |
|
2019
|
Externo |
Passing Juice |
|
2020
|
Externo |
Passing Juice |
|
2019
|
Externo |
Passing Juice |
|
2020
|
Externo |
Passing Juice |
|
2019
|
Externo |
Passing Juice |
|
2016
|
Externo |
Passing Juice |
|
2019
|
Externo |
Passing Juice |
|
2015
|
Externo |
Passing Juice |
|
2016
|
Externo |
Passing Juice |
|
2018
|
Externo |
Passing Juice |
|
2017
|
Externo |
Passing Juice |
|
2016
|
Externo |
Passing Juice |
|
2017
|
Externo |
Passing Juice |
|
2017
|
Externo |
Passing Juice |
|
2015
|
Externo |
Passing Juice |
|
2012
|
Externo |
Passing Juice |
|
2013
|
Externo |
Passing Juice |
|
2014
|
Externo |
Passing Juice |
|
2015
|
Externo |
Passing Juice |
|
2014
|
Externo |
Passing Juice |
|
2012
|
Externo |
Passing Juice |
|
2013
|
Externo |
Passing Juice |
|
2013
|
Externo |
Passing Juice |
|
2013
|
Externo |
Passing Juice |
|
2013
|
Externo |
Passing Juice |
|
Bootstrap
|
Externo |
Passing Juice |
|
@mdo
|
Externo |
Passing Juice |
|
Breaking!
|
Externo |
Passing Juice |
|
Read top-tier security news here
|
Externo |
Passing Juice |
