A PhD student and open source enthusiast with an interest in security and usability. My research focusses on supply chain security and my open source work is all over the place.
On this page you can read about my Experience & Education, Projects, and Open Source work. Besides this website, you can find me and my work on: GitHub, GitLab, LinkedIn, and StackOverflow.
A research internship focussed on web security.
Researching Supply Chain Security as part of the CHAINS project.
Worked in the integration teams as a full-stack developer working with React in JavaScript and Spring in Kotlin.
Collaborated with C. Brzuska and K. Kohbrok on a research paper titled Security Analysis of the MLS Key Derivation and presented our work at the 43rd IEEE Symposium on Security and Privacy.
Studied Security and Cloud Computing (SECCLO) learning about information security, web and cloud security, mobile security and development, cryptography, blockchains, as well as data mining and platforms.
Full-time internship where I performed Protocol Analysis using the Burp suite, Mobile Penetration testing, and PCI auditing.
Studied Computer Science learning about software engineering, algorithms and data structures, complexity theory, networking, operating systems, as well as calculus, linear algebra, and statistics. Included a minor at the KTH Royal Institute of Technology focussing on security and human-computer interaction.
Full-time internship where we, in a group of 4 Bachelor students, built a data analytics tool using Python 3 to analyze terabytes of disjoint sets of log data in near real-time.
Freelance remote junior full stack developer using NodeJS, PostgreSQL, and Heroku on the back-end and VueJS, JQuery, and Bootstrap on the front-end.
At 33rd USENIX Security Symposium in 2024 by E. Cornelissen, M. Shcherbakov, and M. Balliu. See the paper and presentation and artifact for more details.
At IEEE Symposium on Security and Privacy in 2022 by C. Brzuska, E. Cornelissen, and K. Kohbrok. See the paper and presentation for more details.
These are software projects I'm at least somewhat actively working on - in alphabetical order.
A simple tool to find dangerous uses of GitHub Actions Workflow expressions.
An asdf plugin for yamllint.
Manage npm deprecations.
Disallow side effects at the top level of files through ESLint.
Checksums for GitHub Actions.
A collection of static analysis tool to analyze functions in Go.
A static analyzer to scan JavaScript code for problematic regular expressions.
Prototype pollution gadgets in the JavaScript runtime based on the ECMAScript specification.
A testing utility library to help write tests related to prototype pollution.
Insight into the reproducibility of GitHub Actions
A CLI like the GNU version of rm(1) but more modern and designed for humans.
Simple shell escape library for JavaScript.
A GitHub Action to automatically update the tools in your .tool-versions file.
These are software projects I worked on in the past but am not actively working on anymore - in alphabetical order.
A simple supervised learning dictionary to correct texts implemented in Python.
Action for validating Codecov configuration files.
Control flow as expression for JavaScript.
A multi-threaded Python CLI tool to created a controlled vocabulary.
GitHub Actions Action to get git tag annotations.
A plugin for Gulp to stage files in the object stream for git.
A small webapp to calculate what you'll weigh on other planets.
Jekyll plugin that automatically downloads your webfont from Fontello.
A package for the Atom text editor that allows you to pin tabs.
A UDF to create a callback loop for a certain function in your Au3 project.
An experiment in TDD inspired by the Numberphile video "Why 7 is Weird".
Automatically run SVGO with GitHub Actions.
A small CLI tool to replace instances of words with other words in plaintext.
Projects started or run by others that I've (co-)maintained for a some amount of time.
A non-exhaustive list of open source projects I've contributed to in the past.