Daniel Weber

PhD Student

Hey, I am a PhD student researching in the field of microarchitectural attacks, such as side-channel and transient-execution attacks. I especially like to work on automated tools for the discovery of such vulnerabilities. In my free time, I participate in Capture the Flag competitions as part of the team saarsec.

CV

PhD Student

CISPA / Saarland University

2022 – today

PhD Preparation

Saarbrücken Graduate School of CS

2020 – 2022

Cybersecurity B.Sc.

Saarland University

2017 – 2020

System Administrator

kohlpharma

2017 – 2018

Publications

2026

StackWarp: Breaking AMD SEV-SNP Integrity via Deterministic Stack-Pointer Manipulation through the CPU’s Stack Engine

Ruiyi Zhang, Tristan Hornetz, Daniel Weber, Fabian Thomas, Michael Schwarz

USENIX Security Baltimore, MD, USA, August 12-14, 2026

PDF GITHUB INFO

2025

RISCover: Automatic Discovery of User-exploitable Architectural Security Vulnerabilities in Closed-Source RISC-V CPUs

Fabian Thomas, Eric García Arribas, Lorenz Hetterich, Daniel Weber, Lukas Gerlach, Ruiyi Zhang, Michael Schwarz

CCS Taipei, Taiwan, October 13-17, 2025

PDF GITHUB INFO

Styled to Steal: The Overlooked Attack Surface in Email Clients

Leon Trampert, Daniel Weber, Christian Rossow, Michael Schwarz

CCS Taipei, Taiwan, October 13-17, 2025

PDF GITHUB

SCASE: Automated Secret Recovery via Side-Channel-Assisted Symbolic Execution

Daniel Weber, Lukas Gerlach, Leon Trampert, Youheng Lue, Jo Van Bulck, Michael Schwarz

USENIX Security Seattle, Washington, USA, August 13-15, 2025

PDF GITHUB

Cascading Spy Sheets: Exploiting the Complexity of Modern CSS for Email and Browser Fingerprinting

Leon Trampert, Daniel Weber, Lukas Gerlach, Christian Rossow, Michael Schwarz

NDSS San Diego, California, USA, February 23-28, 2025

PDF GITHUB

2024

No Leakage Without State Change: Repurposing Configurable CPU Exceptions to Prevent Microarchitectural Attacks

Daniel Weber, Leonard Niemann, Lukas Gerlach, Jan Reineke, Michael Schwarz

ACSAC Waikiki, Hawaii, USA, December 9-13, 2024

PDF GITHUB

CacheWarp: Software-based Fault Injection using Selective State Reset

Ruiyi Zhang, Lukas Gerlach, Daniel Weber, Lorenz Hetterich, Youheng Lü, Andreas Kogler, Michael Schwarz

USENIX Security Philadelphia, PA, USA, August 14-16, 2024

PDF GITHUB INFO

2023

Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks

Daniel Weber, Fabian Thomas, Lukas Gerlach, Ruiyi Zhang, Michael Schwarz

ESORICS The Hague, The Netherlands, September 25-29, 2023

PDF GITHUB

Reviving Meltdown 3a

Daniel Weber, Fabian Thomas, Lukas Gerlach, Ruiyi Zhang, Michael Schwarz

ESORICS The Hague, The Netherlands, September 25-29, 2023

PDF GITHUB

(M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels

Ruiyi Zhang, Taehyun Kim, Daniel Weber, Michael Schwarz

USENIX Security Anaheim, California, USA, August 9-11, 2023

PDF

A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs

Lukas Gerlach, Daniel Weber, Ruiyi Zhang, Michael Schwarz

S&P San Francisco, California, USA, May 22-25, 2023

PDF GITHUB

2022

Finding and Exploiting CPU Features using MSR Templating

Andreas Kogler, Daniel Weber, Martin Haubenwallner, Moritz Lipp, Daniel Gruss, Michael Schwarz

S&P San Francisco, California, USA, May 23-26, 2022

PDF GITHUB

2021

Osiris: Automated Discovery of Microarchitectural Side Channels

Daniel Weber, Ahmad Ibrahim, Hamed Nemati, Michael Schwarz, Christian Rossow

USENIX Security Virtual, August 11-13, 2021

PDF GITHUB INFO

@misc{zhang2024cachewarp,
  title={StackWarp: Breaking AMD SEV-SNP Integrity via Deterministic Stack-Pointer Manipulation through the CPU’s Stack Engine},
  howpublished={USENIX Security},
  author={Ruiyi Zhang and Tristan Hornetz and Daniel Weber and Fabian Thomas and Michael Schwarz},
  year={2026}
}

@misc{thomas2025riscover,
  title={RISCover: Automatic Discovery of User-exploitable Architectural Security Vulnerabilities in Closed-Source RISC-V CPUs},
  howpublished={CCS},
  author={Fabian Thomas and Eric García Arribas and Lorenz Hetterich and Daniel Weber and Lukas Gerlach and Ruiyi Zhang and Michael Schwarz},
  year={2025}
}

@misc{trampert2025styled,
  title={Styled to Steal: The Overlooked Attack Surface in Email Clients},
  howpublished={CCS},
  author={Leon Trampert and Daniel Weber and Christian Rossow and Michael Schwarz},
  year={2025}
}

@misc{weber2025scase,
  title={SCASE: Automated Secret Recovery via Side-Channel-Assisted Symbolic Execution},
  howpublished={USENIX Security},
  author={Daniel Weber and Lukas Gerlach and Leon Trampert and Youheng Lue and Jo Van Bulck and Michael Schwarz},
  year={2025}
}

@misc{trampert2025cascadingspysheets,
  title={Cascading Spy Sheets: Exploiting the Complexity of Modern CSS for Email and Browser Fingerprinting},
  howpublished={NDSS},
  author={Leon Trampert and Daniel Weber and Lukas Gerlach and Christian Rossow and Michael Schwarz},
  year={2025}
}

@misc{weber2024irqguard,
  title={No Leakage Without State Change: Repurposing Configurable CPU Exceptions to Prevent Microarchitectural Attacks},
  howpublished={ACSAC},
  author={Daniel Weber and Leonard Niemann and Lukas Gerlach and Jan Reineke and Michael Schwarz},
  year={2024}
}

@misc{zhang2024cachewarp,
  title={CacheWarp: Software-based Fault Injection using Selective State Reset},
  howpublished={USENIX Security},
  author={Ruiyi Zhang and Lukas Gerlach and Daniel Weber and Lorenz Hetterich and Youheng Lü and Andreas Kogler and Michael Schwarz},
  year={2024}
}

@misc{weber2023masc,
  title={Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks},
  howpublished={ESORICS},
  author={Daniel Weber and Fabian Thomas and Lukas Gerlach and Ruiyi Zhang and Michael Schwarz},
  year={2023}
}

@misc{weber2023meltdown3a,
  title={Reviving Meltdown 3a},
  howpublished={ESORICS},
  author={Daniel Weber and Fabian Thomas and Lukas Gerlach and Ruiyi Zhang and Michael Schwarz},
  year={2023}
}

@misc{zhang2023mwait,
  title={(M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels},
  howpublished={USENIX Security},
  author={Ruiyi Zhang and Taehyun Kim and Daniel Weber and Michael Schwarz},
  year={2023}
}

@misc{gerlach2023riscv,
  title={A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs},
  howpublished={S\&P},
  author={Lukas Gerlach and Daniel Weber and Ruiyi Zhang and Michael Schwarz},
  year={2023}
}

@misc{kogler2022msrtemplate,
  title={Finding and Exploiting CPU Features using MSR Templating},
  howpublished={S\&P},
  author={Andreas Kogler and Daniel Weber and Martin Haubenwallner and Moritz Lipp and Daniel Gruss and Michael Schwarz},
  year={2022}
}

@misc{weber2021osiris,
  title={Osiris: Automated Discovery of Microarchitectural Side Channels},
  howpublished={USENIX Security},
  author={Daniel Weber and Ahmad Ibrahim and Hamed Nemati and Michael Schwarz and Christian Rossow},
  year={2021}
}

Talks

2026

Cascading Spy Sheets: The Privacy & Security Implications of CSS in Emails

Leon Trampert, Daniel Weber, Michael Schwarz

FOSDEM Brussels, Belgium, January 31, 2026

INFO

2025

Invisible Ink: Privacy Risks of CSS in Browsers and Emails

Leon Trampert, Daniel Weber

Black Hat Asia Singapore, April 3, 2025

INFO

Beauty at a Cost: Privacy Implications of CSS on the Web and in Emails

Leon Trampert, Daniel Weber

RuhrSec Bochum, Germany, February 21, 2025

INFO

2023

A Security RISC? The State of Microarchitectural Attacks on RISC-V

Lukas Gerlach, Daniel Weber, Michael Schwarz

Black Hat Europe London, United Kingdom, December 7, 2023

Rowhammer Revisited: From Exploration to Exploitation and Mitigation

Lukas Gerlach, Daniel Weber

m0leCon Torino, Italy, December 2, 2023

CPU Fuzzing: Automatic Discovery of Microarchitectural Attacks

Daniel Weber, Michael Schwarz

RuhrSec Bochum, Germany, May 11-12, 2023

INFO

2022

(M)Wait For It: Bridging the Gap Between Microarchitectural and Architectural Side Channels

Ruiyi Zhang, Daniel Weber

Black Hat MEA Riyadh, Saudi Arabia, November 17, 2022

INFO

CPU Fuzzing: Automatic Discovery of Microarchitectural Attacks

Daniel Weber, Moritz Lipp

Black Hat MEA Riyadh, Saudi Arabia, November 16, 2022

INFO

@misc{trampert2025spysheets,
  title={Cascading Spy Sheets: The Privacy & Security Implications of CSS in Emails},
  howpublished={FOSDEM},
  author={Leon Trampert and Daniel Weber and Michael Schwarz},
  year={2026}
}

@misc{trampert2025invisible,
  title={Invisible Ink: Privacy Risks of CSS in Browsers and Emails},
  howpublished={Black Hat Asia},
  author={Leon Trampert and Daniel Weber},
  year={2025}
}

@misc{trampert2025beauty,
  title={Beauty at a Cost: Privacy Implications of CSS on the Web and in Emails},
  howpublished={RuhrSec},
  author={Leon Trampert and Daniel Weber},
  year={2025}
}

@misc{gerlach2023security,
  title={A Security RISC? The State of Microarchitectural Attacks on RISC-V},
  howpublished={Black Hat Europe},
  author={Lukas Gerlach and Daniel Weber and Michael Schwarz},
  year={2023}
}

@misc{gerlach2023rowhammer,
  title={Rowhammer Revisited: From Exploration to Exploitation and Mitigation},
  howpublished={m0leCon},
  author={Lukas Gerlach and Daniel Weber},
  year={2023}
}

@misc{weber2023cpu,
  title={CPU Fuzzing: Automatic Discovery of Microarchitectural Attacks},
  howpublished={RuhrSec},
  author={Daniel Weber and Michael Schwarz},
  year={2023}
}

@misc{zhang2022m,
  title={(M)Wait For It: Bridging the Gap Between Microarchitectural and Architectural Side Channels},
  howpublished={Black Hat MEA},
  author={Ruiyi Zhang and Daniel Weber},
  year={2022}
}

@misc{weber2022cpu,
  title={CPU Fuzzing: Automatic Discovery of Microarchitectural Attacks},
  howpublished={Black Hat MEA},
  author={Daniel Weber and Moritz Lipp},
  year={2022}
}