Dr Marius Muench PhD

Dr Marius Muench

School of Computer Science
Assistant Professor

Contact details

Email
m.muench@bham.ac.uk
View my research portal
Address
School of Computer Science
University of Birmingham
Edgbaston
Birmingham
B15 2TT
UK

Dr Marius Muench is an Assistant Professor at University of Birmingham. His main research area is computer security with a special focus on embedded systems, fuzzing, binary analysis, and mobile network security.

Additional information can be found on Dr Marius Muench’s personal webpage.

Qualifications

  • PhD in Computer Science, EURECOM &  Sorbonne University, 2019
  • MSc in Telematics, Norwegian University of Science and Technology, 2014

Biography

Marius Muench obtained his PhD from Sorbonne University in cooperation with EURECOM and worked as a postdoctoral researcher at the Vrije Universiteit Amsterdam, before joining University of Birmingham. He developed avatar2, a framework for analyzing embedded systems firmware, and FirmWire, an emulation and fuzzing platform for cellular basebands.

His research led to the discovery and mitigation of security vulnerabilities affecting millions of devices across various computation devices. This includes cellular basebands in smartphones, modern CPUs, state-of-the-art microcontrollers, and commercial cloud environments.

Outside of his research activites, Marius is passionate about Capture-The-Flag (CTF) competitions. At  University of Birmingham, Marius assists AFNOM, the university's ethical hacking club.

Throughout his career, Marius has publicly shared his findings, including at high-profile cyber security venues such as Black Hat, DEFCON, Reverse.io, REcon, or Hardwear.io. He further provides bespoke training on reverse engineering and fuzzing.

Teaching

Current

Undergraduate

  • Security of Realworld Systems

Former

Postgraduate

  • Secure Software & Hardware Systems
  • Network Security & Cryptography
  • Forensics, Malware & Penetration Testing

Postgraduate supervision

Dr Meunch supervises PhD students interested in all areas of low-level security.

Research

Current research areas cover the following topics

  • Security of cellular baseband firmware
  • Rehosting & fuzzing for embedded systems
  • Automation in reverse engineering
  • Security of anti-cheat systems in video games
  • Side-channel attacks and fault injection on microcontrollers
  • Microarchitectural security

Publications

Recent publications

Conference contribution

Lisowski, T, Covic, K & Muench, M 2026, CATana: On the Dangers of SIM-Originating AT Commands. in CATana: On the Dangers of SIM-Originating AT Commands. USENIX Association. <https://www.usenix.org/conference/woot26/presentation/lisowski>

Collins, S, Phanish, A, Modi, D, Mayne, J, Tabraham, M, Barson, T, Radiukov, V, Hegazy, Y, Fang, Y, Arnaboldi, L, Muench, M & Ambridge, TW 2026, HackRoom: A Pop Up Cyber Security Escape Room for Interactive Learning. in P Legg, N Coull, C Clarke, H Lallie & H Atlam (eds), Advances in Teaching and Learning for Cyber Security Education: Proceedings of the Cyber Security Education 2025 CSE Connect Annual Conference. 1 edn, Lecture Notes in Networks and Systems, vol. 1791 LNNS, Springer, pp. 1-33, 5th Annual Conference in Advances in Cyber Security Education, CSE Connect 2025, Warwick, United Kingdom, 22/07/25. https://doi.org/10.1007/978-3-032-15105-6_1

Brinza, C, Liu, P, van Nielen, J, Prinsze, D, Muench, M & Continella, A 2026, HESTIA: Automated Application Code Identification in RTOS Firmware. in Detection of Intrusions and Malware, and Vulnerability Assessment: 23rd International Conference, DIMVA 2026, Chania, Greece, July 1-3, 2026, Proceedings. Lecture Notes in Computer Science, Springer, 23rd Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Chania, Greece, 1/07/26.

Klischies, D, Goos, D, Hirsch, D, Milburn, A, Muench, M & Moonsamy, V 2025, BaseBridge: Bridging the Gap Between Over-the-Air and Emulation Testing for Cellular Baseband Firmware. in 2025 IEEE Symposium on Security and Privacy (SP)., 11023426, Proceedings of the IEEE Symposium on Security and Privacy, IEEE, pp. 1101-1119, 2025 IEEE Symposium on Security and Privacy (SP), 12/05/25. https://doi.org/10.1109/SP61157.2025.00142

Scharnowski, T, Hoffman, S, Bley, M, Wörner, S, Klischies, D, Buchmann, F, Tippenhauer, NO, Holz, T & Muench, M 2025, GDMA: Fully Automated DMA Rehosting via Iterative Type Overlays. in Proceedings of the 34th USENIX Security Symposium. USENIX Conference Proceedings, USENIX Association, pp. 1827-1845, 34th USENIX Security Symposium, Seattle, Washington, United States, 13/08/25. <https://www.usenix.org/conference/usenixsecurity25/presentation/scharnowski>

Hertogh, M, Quakkelaar, D, Raymakers, T, Sarma, MH, Muench, M, Bos, H & van der Kouwe, E 2025, Rain: Transiently Leaking Data from Public Clouds Using Old Vulnerabilities. in 2026 IEEE Symposium on Security and Privacy (SP). IEEE Symposium on Security and Privacy, IEEE, pp. 1316-1332,
47th IEEE Symposium on Security and Privacy, San Fracisco, California, United States, 18/05/26.

Muench, M, Cullen, A, Courdesses, K, Roth, T & Zonenberg, A 2025, Security through Transparency: Tales from the RP2350 Hacking Challenge. in Proceedings of the 19th USENIX WOOT Conference on Offensive Technologies (WOOT ’25). USENIX Conference Proceedings, USENIX Association, pp. 1-18, 19th USENIX WOOT Conference on Offensive Technologies, Seattle, Washington, United States, 11/08/25. <https://www.usenix.org/conference/woot25/presentation/muench>

Henes, J, Muench, M, Oswald, D & Ragab, H 2025, Talk: Transient-execution attacks on the CHERI Morello platform. in 2025: Proceedings of the Microarchitecture Security Conference (uASC '25). Proceedings of the Microarchitecture Security Conference, vol. 1, Ruhr University Bochum, Bochum, 1st Microarchitecture Security Conference, Bochum, North Rhine-Westphalia, Germany, 19/02/25. https://doi.org/10.46586/uasc.2025.104

Lisowski, T, Chlosta, M, Wang, J & Muench, M 2024, SIMurai: Slicing Through the Complexity of SIM Card Security Research. in SEC '24: Proceedings of the 33rd USENIX Conference on Security Symposium., 251, USENIX Conference Proceedings, USENIX Association, pp. 4481-4498, 33rd USENIX Conference on Security Symposium, Philadelphia, Pennsylvania, United States, 14/08/24. https://doi.org/10.5555/3698900.3699151

Schloegel, M, Bars, N, Schiller, N, Bernhard, L, Scharnowski, T, Crump, A, Ale-Ebrahim, A, Bissantz, N, Muench, M & Holz, T 2024, SoK: Prudent Evaluation Practices for Fuzzing. in 2024 IEEE Symposium on Security and Privacy (SP). Proceedings of the IEEE Symposium on Security and Privacy, IEEE, Los Alamitos, CA, USA, 2024 IEEE Symposium on Security and Privacy (SP), San Francisco, California, United States, 19/05/24. https://doi.org/10.1109/SP54263.2024.00137

Seidel, L, Maier, D & Muench, M 2023, Forming Faster Firmware Fuzzers. in Proceedings of the 32nd USENIX Security Symposium. USENIX Conference Proceedings, USENIX Association, pp. 2903-2920, 32nd USENIX Security Symposium, Anaheim, California, United States, 9/08/23. <https://www.usenix.org/conference/usenixsecurity23/presentation/seidel>

Duta, V, Freyer, F, Pagani, F, Muench, M & Giuffrida, C 2023, Let Me Unwind That For You: Exceptions to Backward-Edge Protection. in NDSS Symposium 2023 Accepted Papers., s295, The Internet Society, pp. 1-18, Network and Distributed System Security (NDSS) Symposium 2023, San Diego, California, United States, 27/02/23. https://doi.org/10.14722/ndss.2023.232295

Hertogh, M, Wiesinger, M, Österlund, S, Muench, M, Amit, N, Bos, H & Giuffrida, C 2023, Quarantine: Mitigating Transient Execution Attacks with Physical Domain Isolation. in RAID '23: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses. RAID: Research in Attacks, Intrusions and Defenses, Association for Computing Machinery (ACM), pp. 207–221, RAID 2023, Hong Kong, Hong Kong, 16/10/23. https://doi.org/10.1145/3607199.3607248

Barberis, E, Frigo, P, Muench, M, Bos, H & Giuffrida, C 2022, Branch History Injection: On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks. in Proceedings of the 31st USENIX Security Symposium. USENIX Association, pp. 971-988, 31st USENIX Security Symposium, Boston, Massachusetts, United States, 10/08/22. <https://www.usenix.org/conference/usenixsecurity22/presentation/barberis>

Paper

Olivier, PLR, Muench, M & Francillon, A 2024, '0x41414141: Avatar2 Artifacts, Advances & Analysis', Paper presented at 2024 Annual Computer Security Applications Conference (ACSAC), Waikiki, United States, 9/12/24 - 13/12/24.

View all publications in research portal