Daniel Weber profile picture

Daniel Weber

Hi, I’m Daniel, a PhD Student working on CPU Security and side-channel attacks. I do my research as part of Michael Schwarz’s group at CISPA Helmholtz Center for Information Security. While my research focuses on CPU Security, especially on automated vulnerability discovery, I’m generally interested in various low-level things, e.g., binary exploitation. Due to that, I also enjoy Capture-the-Flag competitions as part of the team saarsec.

My Interests

CPU Security
Low-Level Security
Side-Channel Attacks

Publications

2026

StackWarp: Breaking AMD SEV-SNP Integrity via Deterministic Stack-Pointer Manipulation through the CPU’s Stack Engine

Ruiyi Zhang, Tristan Hornetz, Daniel Weber, Fabian Thomas, Michael Schwarz

USENIX Security 2026

2025

RISCover: Automatic Discovery of User-exploitable Architectural Security Vulnerabilities in Closed-Source RISC-V CPUs

Fabian Thomas, Eric Garcia Arribas, Lorenz Hetterich, Daniel Weber, Lukas Gerlach, Ruiyi Zhang, Michael Schwarz

ACM CCS 2025

SCASE: Automated Secret Recovery via Side-Channel-Assisted Symbolic Execution

Daniel Weber, Lukas Gerlach, Leon Trampert, Youheng Lue, Jo Van Bulck, Michael Schwarz

USENIX Security 2025

Cascading Spy Sheets: Exploiting the Complexity of Modern CSS for Email and Browser Fingerprinting

Leon Trampert, Daniel Weber, Lukas Gerlach, Christian Rossow, Michael Schwarz

NDSS 2025

Styled to Steal: The Overlooked Attack Surface in Email Clients

Leon Trampert, Daniel Weber, Christian Rossow, Michael Schwarz

ACM CCS 2025

2024

CacheWarp: Software-based Fault Injection using Selective State Reset

Ruiyi Zhang, Lukas Gerlach, Daniel Weber, Lorenz Hetterich, Youheng Lue, Andreas Kogler, Michael Schwarz

USENIX Security 2024

No Leakage Without State Change: Repurposing Configurable CPU Exceptions to Prevent Microarchitectural Attacks

Daniel Weber, Leonard Niemann, Lukas Gerlach, Jan Reineke, Michael Schwarz

ACSAC 2024

2023

Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks

Daniel Weber, Fabian Thomas, Lukas Gerlach, Ruiyi Zhang, Michael Schwarz

ESORICS 2023

(M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels

Ruiyi Zhang, Taehyun Kim, Daniel Weber, Michael Schwarz

USENIX Security 2023

Reviving Meltdown 3a

Daniel Weber, Fabian Thomas, Lukas Gerlach, Ruiyi Zhang, Michael Schwarz

ESORICS 2023

A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs

Lukas Gerlach, Daniel Weber, Ruiyi Zhang, Michael Schwarz

IEEE S&P 2023

2022

Finding and Exploiting CPU Features using MSR Templating

Andreas Kogler, Daniel Weber, Martin Haubenwallner, Moritz Lipp, Daniel Gruss, Michael Schwarz

IEEE S&P 2022

2021

Osiris: Automated Discovery of Microarchitectural Side Channels

Daniel Weber, Ahmad Ibrahim, Hamed Nemati, Michael Schwarz, Christian Rossow

USENIX Security 2021

Talks

2026

Cascading Spy Sheets: The Privacy & Security Implications of CSS in Emails

Leon Trampert, Daniel Weber, Michael Schwarz

FOSDEM 2026

2025

Invisible Ink: Privacy Risks of CSS in Browsers and Emails

Leon Trampert, Daniel Weber

Black Hat Asia 2025

Leaking Kernel Secrets using Transient Execution

Tristan Hornetz, Daniel Weber, Michael Schwarz

MIC-SEC 2025

Beauty at a Cost: Privacy Implications of CSS on the Web and in Emails

Leon Trampert, Daniel Weber

RuhrSec 2025

2023

A Security RISC? The State of Microarchitectural Attacks on RISC-V

Lukas Gerlach, Daniel Weber

Black Hat Europe 2023

Rowhammer Revisited: From Exploration to Exploitation and Mitigation

Lukas Gerlach, Daniel Weber

m0leCon 2023

CPU Fuzzing: Automatic Discovery of Microarchitectural Attacks

Daniel Weber, Michael Schwarz

RuhrSec 2023

2022

CPU Fuzzing: Automatic Discovery of Microarchitectural Attacks

Daniel Weber, Moritz Lipp

Black Hat MEA 2022

(M)Wait For It: Bridging the Gap Between Microarchitectural and Architectural Side Channels

Ruiyi Zhang, Daniel Weber

Black Hat MEA 2022

Turning Timing Differences into Data Leakage

Michael Schwarz, Daniel Weber

MIC-SEC 2022