Tom Ganz

Latest Post

Apr 19, 2024

Backdooring Linux with Linker Envs the right way

The xz backdoor I think everyone heard from the very recent xz library backdoor. In short, malicious code has been silently introduced in the official repository of this compression library. It then uses rtld-audit to add an audit hook and listen to dynamic linking events. In particular, OpenSSH on some distributions use xz for compression purposes and, as a result, loads xz. Please refer to 1 for more information about the backdoor. Read more

About

My name is Tom Ganz and I am currently living in London. I am pursuing my PhD in computer security and machine learning. Feel free to send me an E-Mail using my PGP key.

Academical Merits

Currently: Network Security Engineer @ Amazon UK and PhD Candidate @ TU Berlin
Msc. Computer Science @University of Applied Sciences Karlsruhe
Bsc. Applied Computer Science @Corporate State University Karlsruhe

Publications

Felix Weißberg, Jonas Möller, Tom Ganz, Erik Imgrund, Lukas Pirch, Lukas Seidel, Moritz Schloegel, Thorsten Eisenhofer and Konrad Rieck: SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing (ASIACCS 2024)
Tom Ganz, Erik Imgrund, Martin Härterich, Konrad Rieck: PAVUDI: Patch-based Vulnerability Discovery using Machine Learning (ACSAC 2023)
Erik Imgrund, Tom Ganz, Martin Härterich, Lukas Pirch, Niklas Risse, Konrad Rieck: Broken Promises: Measuring Confounding Effects in Learning-based Vulnerability Discovery (CCS AISec 2023)
Tom Ganz, Erik Imgrund, Martin Härterich, Konrad Rieck: CodeGraphSMOTE - Data Augmentation for Vulnerability Discovery (DBSEC 2023)
Tom Ganz, Philipp Rall, Martin Härterich, Konrad Rieck: Hunting for Truth: Analyzing Explanation Methods in Learning-based Vulnerability Discovery (Euro S&P 2023)
Tom Ganz, Inaam Ashraf, Martin Härterich, Konrad Rieck: Detecting Backdoors in Collaboration Graphs of Software Repositories (CODASPY 2023)
Tom Ganz, Martin Härterich, Alexander Warnecke, Konrad Rieck: Explaining Graph Neural Networks for Vulnerability Discovery (CCS AISec 2021)

Academic Services

Reviews for IEEE Access
Subreviews for S&P
Reviews for CCS AISec

Other Stuff

Awards

AISec CCS Best Paper Award 2021

Invited Talks

Cooperate State University Karlsruhe 2022: Lecturer for Compiler Engineering
SAP Conference on Machine Learning 2022: Explainable Fuzzing
SAP Conference on Machine Learning 2022: Graph Autoencoders - on the Hunt for Malicious Commits
SAP Development Kick-Off Meeting: Automated Analysis of Source Code Repositories using Machine Learning
SAP Conference on Machine Learning 2021: Intelligently Protect the Enterprise - What machines may learn about graphs in your software
SAP Security Expert Summit 2021: Intelligently Protect the Enterprise - What machines may learn about graphs in your software

Check out my LinkedIn to see my current CV.

Introduction theme for Hugo. Made with and by open source contributors.

Hi, I’m Tom