Video Presentations


Nowadays, my students present the vast majority of our work at academic conferences. Links to these recordings can typically be found on the webpages of individual venues.

Below, you can find the recordings of selected invited lectures and presentations of our work to different audiences, such as CISOs, developers, etc.



Bots, Crawlers, and Spiders: Understanding How Automated Web Clients Find and Attack their Victims

Date April 2024
Topics web bots, fingerprinting, certificate transparency
Organizer Symposium on the Science of Security (HotSoS)
Based on:
  • Good Bot, Bad Bot: Characterizing Automated Browsing Activity, IEEE S&P 2021 (PDF, Citation)
  • Uninvited Guests: Analyzing the Identity and Behavior of Certificate Transparency Bots, USENIX Security 2022 (PDF, Citation)

Bridgespotting: How Web3 Attackers Target Web2 Cryptocurrency Users

Date October 2023
Topics cryptocurrency, social engineering
Organizer Criminal Investigations and Network Analysis (CINA) Center
Based on:
  • Like, Comment, Get Scammed: Characterizing Comment Scams on Media Platforms, NDSS 2024 (PDF, Citation )
  • Double and Nothing: Understanding and Detecting Cryptocurrency Giveaway Scams, NDSS 2023 (PDF, Citation)

Mitigating MITM Phishing Toolkit Attacks that Bypass MFA

Date June 2022
Topics phishing, network security, fingerprinting
Organizer Internet2
Based on: Catching Transparent Phish: Analyzing and Detecting MITM Phishing Toolkits, CCS 2021 (PDF, Citation)

Small and Different: Security and Privacy Risks of Mobile Browsers

Date February 2022
Topics mobile security, UI attacks, security mechanisms, proxies
Organizer UK Security and Privacy Seminar Series
Based on:
  • Meddling Middlemen: Empirical Analysis of the Risks of Data-Saving Mobile Browsers IEEE S&P 2020 (PDF, Citation)
  • Time Does Not Heal All Wounds: A Longitudinal Analysis of Security-Mechanism Support in Mobile Browsers, NDSS 2019 (PDF, Citation)

Good Bot, Bad Bot: Characterizing Automated Browsing Activity

Date September 2021
Topics bot detection, honeypots, fingerprinting, network security
Organizer OWASP
Based on: Good Bot, Bad Bot: Characterizing Automated Browsing Activity, IEEE S&P 2021 (PDF, Citation)

Everything You Always Wanted to Know About Fingerprinting Browser Extensions, But Were Afraid to Ask

Date September 2021
Topics browser fingerprinting, browser extensions, privacy
Organizer OWASP
Based on:
  • Fingerprinting in Style: Detecting Browser Extensions via Injected Style Sheets, USENIX Security 2021 (PDF, Citation)
  • Unnecessarily Identifiable: Quantifying the fingerprintability of browser extensions due to bloat, WWW 2019 (PDF, Citation)
  • XHOUND: Quantifying the Fingerprintability of Browser Extensions, IEEE S&P 2017 (PDF, Citation)

Dial One for Scam - A Large-Scale Analysis of Technical Support Scams

Date March 2017
Topics tech support scams, web security, large-scale detection, deception
Organizer CyLab, Carnegie Mellon University
Based on: Dial One for Scam: A Large-Scale Analysis of Technical Support Scams, NDSS 2017 (PDF, Citation)