Stefan GastI have just presented our paper on Zero Click SnailLoad at ESORICS 2025 in Toulouse. Thank you to all who attended my talk, also for the nice discussion!
Also thanks to @c1t for taking the picture!
Florian A.I am trying to register for #ESORICS2025, a scientific security conference. The password length is limited to 20 characters! I really hope they are hashing the passwords. 🧐
In our new paper (accepted at ESORICS 2025), we explore how attackers can mount automated SnailLoad attacks without requiring the user to explicitly click a link to the attacker's server.
For this, we exploit the automatic handling of external references in messenger and email applications, as well as responses from home routers to TCP SYNs targeting closed ports.
The full paper is available here: https://stefangast.eu/papers/zeroclicksnailload.pdf
Thank you to Nora Puntigam, @silent_bits, @vmcall, @lavados and Johanna Ullrich for the fantastic collaboration!