@misc{zhang2024cachewarp,
  title={StackWarp: Breaking AMD SEV-SNP Integrity via Deterministic Stack-Pointer Manipulation through the CPU’s Stack Engine},
  howpublished={USENIX Security},
  author={Ruiyi Zhang and Tristan Hornetz and Daniel Weber and Fabian Thomas and Michael Schwarz},
  year={2026}
}

@misc{hetterich2026instrsem,
  title={InstrSem: Automatically and Generically Inferring Semantics of (Undocumented) CPU Instructions},
  howpublished={USENIX Security},
  author={Lorenz Hetterich and Fabian Thomas and Tristan Hornetz and Michael Schwarz},
  year={2026}
}

@misc{thomas2025exfilstate,
  title={ExfilState: Automated Discovery of Timer-Free Cache Side Channels on ARM CPUs},
  howpublished={CCS},
  author={Fabian Thomas and Michael Torres and Daniel Moghimi and Michael Schwarz},
  year={2025}
}

@misc{thomas2025riscover,
  title={RISCover: Automatic Discovery of User-exploitable Architectural Security Vulnerabilities in Closed-Source RISC-V CPUs},
  howpublished={CCS},
  author={Fabian Thomas and Eric García Arribas and Lorenz Hetterich and Daniel Weber and Lukas Gerlach and Ruiyi Zhang and Michael Schwarz},
  year={2025}
}

@misc{rainer2025rapid,
  title={Rapid Reversing of Non-Linear CPU Cache Slice Functions: Unlocking Physical Address Leakage},
  howpublished={S\&P},
  author={Mikka Rainer and Lorenz Hetterich and Fabian Thomas and Tristan Hornetz and Leon Trampert and Lukas Gerlach and Michael Schwarz},
  year={2025}
}

@misc{hetterich2025shadowload,
  title={ShadowLoad: Injecting State into Hardware Prefetchers},
  howpublished={ASPLOS},
  author={Lorenz Hetterich and Fabian Thomas and Lukas Gerlach and Ruiyi Zhang and Nils Bernsdorf and Eduard Ebert and Michael Schwarz},
  year={2025}
}

@misc{gerlach2023blacksmithrepro,
  title={A Rowhammer Reproduction Study Using the Blacksmith Fuzzer},
  howpublished={ESORICS},
  author={Lukas Gerlach and Fabian Thomas and Robert Pietsch and Michael Schwarz},
  year={2023}
}

@misc{weber2023masc,
  title={Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks},
  howpublished={ESORICS},
  author={Daniel Weber and Fabian Thomas and Lukas Gerlach and Ruiyi Zhang and Michael Schwarz},
  year={2023}
}

@misc{weber2023meltdown3a,
  title={Reviving Meltdown 3a},
  howpublished={ESORICS},
  author={Daniel Weber and Fabian Thomas and Lukas Gerlach and Ruiyi Zhang and Michael Schwarz},
  year={2023}
}

@misc{thomas2023hammulator,
  title={Hammulator: Simulate Now - Exploit Later},
  howpublished={DRAMSec},
  author={Fabian Thomas and Lukas Gerlach and Michael Schwarz},
  year={2023}
}

@misc{thomas2026notime,
  title={No Time To Leak: Exposing Timer-Free Cache-State Leaks on ARM CPUs},
  howpublished={uASC},
  author={Fabian Thomas},
  year={2026}
}

@misc{thomas2026secure,
  title={How Secure Are Commercial RISC-V CPUs?},
  howpublished={FOSDEM},
  author={Lukas Gerlach and Fabian Thomas},
  year={2026}
}

@misc{thomas2025noclock,
  title={No Clock, No Problem: Discovering Timer-Free Cache-State Side Channels},
  howpublished={MIC-SEC},
  author={Fabian Thomas},
  year={2025}
}

@misc{thomas2025timers,
  title={When Timers Fail: Discovering Hidden Cache State Leaks on ARM CPUs},
  howpublished={hardwear.io NL},
  author={Fabian Thomas},
  year={2025}
}

@misc{thomas2024advanced,
  title={From Rowhammer to GhostWrite: Advanced Exploitation and Discovery of Hardware Bugs},
  howpublished={hardwear.io NL},
  author={Fabian Thomas},
  year={2024}
}

@misc{thomas2024arbitrary,
  title={Arbitrary Data Manipulation and Leakage with CPU Zero-Day Bugs on RISC-V},
  howpublished={Black Hat USA},
  author={Fabian Thomas and Lorenz Hetterich},
  year={2024}
}