I am a Visiting Assistant Professor of Computer Science at Stanford University, in the Empirical Security Research Group, led by Zakir Durumeric. My research broadly focuses on Web security and privacy, Web measurements, and machine learning. Specifically, I design practical approaches to protect the security and privacy of Web users. I build systems to proactively detect malicious JavaScript code and suspicious browser extensions. I analyze data to understand how people spend time on the Web, and I want to use the resulting perspective to prioritize defense strategies.

In 2021, I was a postdoctoral researcher at CISPA Helmholtz Center for Information Security. Prior to that, I was a PhD student at CISPA (2017-2020), in the Secure Web Applications Group, jointly supervised by Ben Stock and Michael Backes. My PhD thesis revolves around studying JavaScript security through static analysis.

Before joining CISPA, I was a master student at the French Grande Ecole TELECOM Nancy, where I had the honor to give the valedictorian speech (2017). In particular, I wrote my master thesis at the German Federal Office for Information Security (BSI) under the supervision of Isabelle Chrisment and Robert Krawczyk.

What’s New?

• Nov 2022: Stoked and grateful to have received a Top Reviewer Award at ACM CCS 2022!
• Sep 2022: The Web is going MAD again! Super excited to co-chair the 5th MADWeb workshop (co-located with NDSS 2023) with Zubair Shafiq!
• Aug 2022: Our paper “A World Wide View of Browsing the World Wide Web” got accepted at IMC 2022!
• Oct 2021: Starting as a Visiting Assistant Professor at Stanford University today! Excited to join the lab of Zakir Durumeric!
• Sep 2021: Our paper DoubleX: Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale got accepted at CCS 2021! Wanna check extensions for vulnerable data flows? Our source code is online.
• May 2021: Thrilled to have defended my dissertation!
• Oct 2020: Thrilled to have handed in my dissertation Studying JavaScript Security Through Static Analysis!
• May 2020: Interested in HideNoSeek? Check out the recording of my talk at RuhrSec 2020 #StayAtHome Edition!
• Mar 2020: Just released the clone detector part of HideNoSeek on GitHub. Have fun!
• Feb 2020: HideNoSeek ACM CCS recording is now available for download!
• Feb 2020: Just released an update of JStap on GitHub. Have fun!
• Dec 2019: Very excited to be part of RuhrSec 2020 to present HideNoSeek! See you in May in Bochum.
• Nov 2019: The source code of HideNoSeek is now partially online. Have fun and see you on 14-nov-19 in London!
  In the meantime, have a look at our 1 minute video, also available in French and German.
• Nov 2019: Delighted to be part of Saarland University’s program of excellence! Looking forward to networking, coaching, and mentoring.
• Sep 2019: The source code of JStap is now online with the ACSAC “Artifacts Evaluated – Reusable” badge. Have fun!
• Aug 2019: Our paper “JStap: A Static Pre-Filter for Malicious JavaScript Detection” got accepted at ACSAC 2019! See you in December in San Juan.
• Jun 2019: Our paper “HideNoSeek: Camouflaging Malicious JavaScript in Benign ASTs” got accepted at CCS 2019! See you in November in London.