Prof. Dr. Thorsten Holz

  • Chair - Chair Systems Security
  • Member - Horst Görtz In­sti­tu­te for IT-Se­cu­ri­ty Horst Görtz Institute for IT-Security
Holz, Thorsten

Address

Ruhr-Uni­ver­si­ty Bo­chum
Chair for Systems Security
Uni­ver­si­täts­stras­se 150
44780 Bo­chum / Germany

Room
ID 2/441
Phone:
(+49)(0)234 / 32 - 27814
Fax:
(+49)(0)234 / 32 - 14956
Email:
thorsten.holz@rub.de PGP key
Website:
https://syssec.rub.de/~tho

Vita

Thorsten Holz is a professor in the Faculty of Electrical Engineering and Information Technology at Ruhr-University Bochum, Germany. His research interests include technical aspects of secure systems, with a specific focus on systems security. Currently, his work concentrates on reverse engineering, automated vulnerability detection, and studying latest attack vectors. He received the Dipl.-Inform. degree in Computer Science from RWTH Aachen, Germany (2005), and the Ph.D. degree from University of Mannheim (2009). Prior to joining Ruhr-University Bochum in April 2010, he was a postdoctoral researcher in the Automation Systems Group at the Technical University of Vienna, Austria. In 2011, Thorsten received the Heinz Maier-Leibnitz Prize from the German Research Foundation (DFG) and in 2014 an ERC Starting Grant. Furthermore, he is Co-Spokesperson of the Cluster of Excellence "CASA - Cyber Security in the Age of Large-Scale Adversaries" (with C. Paar and E. Kiltz).

Selected Professional Activities

  • IEEE Symposium on Security and Privacy, PC Co-Chair (2021/2022), PC Member (2011-2014, 2018-2020)
  • USENIX Security Symposium, PC Co-Chair (2016), Deputy PC Chair (2015), PC Member (2007, 2013-2020)
  • ACM Conference on Computer and Communications Security, PC Member (2012, 2013, 2015-2017, 2019, 2020)
  • Annual Network & Distributed System Security Symposium, PC Member (2010, 2011, 2014, 2016, 2019, 2020)

Research

  • Binary analysis & reverse engineering
  • Software security, with focus on fuzzing and automated vulnerability assessment
  • Security of embedded systems
  • Privacy, with focus on GDPR
  • Network and Internet security

Projects

More information about current projects can be found in the list of projects.

Courses

Publications

2020
Aurora: Statistical Crash Analysis for Automated Root Cause Explanation

Tim Blazytko, Moritz Schlögel, Cornelius Aschermann, Ali Abbasi, Joel Frank, Simon Wörner, Thorsten Holz - USENIX Security Symposium, Boston, MA, USA, August 2020

Call Me Maybe: Eavesdropping Encrypted LTE Calls With ReVoLTE

David Rupprecht, Katharina Kohls, Thorsten Holz, Christina Pöpper - USENIX Security Symposium, Boston, MA, USA, August 2020

EthBMC: A Bounded Model Checker for Smart Contracts

Joel Frank, Cornelius Aschermann, Thorsten Holz - USENIX Security Symposium, Boston, MA, USA, August 2020

Be the Phisher - Understanding Users’ Perception of Malicious Domains

Florian Quinkert, Martin Degeling, Jim Blythe, Thorsten Holz - ACM Asia Conference on Computer & Communications Security (ASIACCS), Taipei, Taiwan, June 2020

CORSICA: Cross-Origin Web Service Identification

Christian Dresen, Fabian Ising, Damian Poddebniak, Tobias Kappert, Thorsten Holz, Sebastian Schinzel - ACM Asia Conference on Computer & Communications Security (ASIACCS), Taipei, Taiwan, June 2020

Measuring the Impact of the GDPR on Data Sharing in Ad Networks

Tobias Urban, Dennis Tatang, Martin Degeling, Thorsten Holz, Norbert Pohlmann - ACM Asia Conference on Computer & Communications Security (ASIACCS), Taipei, Taiwan, June 2020

IJON: Exploring Deep State Spaces via Fuzzing

Cornelius Aschermann, Sergej Schumilo, Ali Abbasi, Thorsten Holz - IEEE Symposium on Security and Privacy ("Oakland"), San Jose, CA, May 2020

Beyond the Front Page: Measuring Third Party Dynamics in the Field

Tobias Urban, Martin Degeling, Thorsten Holz, Norbert Pohlmann - The Web Conferences (WWW), Tai­pei, Tai­wan, April 2020

Hyper-Cube: High-Dimensional Hypervisor Fuzzing

Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon Wörner, Thorsten Holz - Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 2020

IMP4GT: IMPersonation Attacks in 4G NeTworks

David Rupprecht, Katharina Kohls, Thorsten Holz, Christina Pöpper - Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 2020

On Using Application-Layer Middlebox Protocols for Peeking Behind NAT Gateways

Teemu Rytilahti, Thorsten Holz - Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 2020

2019
"Your Hashed IP Address: Ubuntu": Perspectives on Transparency Tools for Online Advertising

Tobias Urban, Martin Degeling, Thorsten Holz, Norbert Pohlmann - Annual Computer Security Applications Conference (ACSAC), Puerto Rico, USA, December 2019

VPS: Excavating High-Level C++ Constructs from Low-Level Binaries to Protect Dynamic Dispatching

Andre Pawlowski, Victor van der Veen, Dennis Andriesse, Erik van der Kouwe, Thorsten Holz, Cristiano Giuffrida, Herbert Bos - Annual Computer Security Applications Conference (ACSAC), Puerto Rico, USA, December 2019

Below the Radar: Spotting DNS Tunnels in Newly Observed Hostnames in the Wild

Dennis Tatang, Florian Quinkert, Thorsten Holz - APWG Symposium on Electronic Crime Research (eCrime) 2019, Pittsburgh, PA, USA, November 2019

(Un)informed Consent: Studying GDPR Consent Notices in the Field

Christine Utz, Martin Degeling, Sascha Fahl, Florian Schaub, Thorsten Holz - ACM Conference on Computer and Communications Security (CCS 2019), November 2019, London, UK

Die DSVGO als internationales Vorbild?

Christine Utz, Stephan Koloßa, Thorsten Holz, Pierre Thielbörger - Datenschutz und Datensicherheit (DuD) 11/2019, S. 700-705

A Study on Subject Data Access in Online Advertising after the GDPR

Tobias Urban, Dennis Tatang, Martin Degeling, Thorsten Holz, Norbert Pohlmann - International Workshop on Data Privacy Management (DPM) 2019, co-located with ESORICS 2019 in Luxembourg, September 2019

Study of DNS Rebinding Attacks on Smart Home Devices

Dennis Tatang, Tim Suurland, Thorsten Holz - International Workshop on Attacks and Defenses for Internet-of-Things (ADIoT) 2019, co-located with ESORICS 2019 in Luxembourg, September 2019

Static Detection of Uninitialized Stack Variables in Binary Code

Behrad Garmany, Martin Stoffel, Robert Gawlik, Thorsten Holz - European Symposium on Research in Computer Security (ESORICS), Luxembourg, September 2019

Towards Automated Application-Specific Software Stacks

Nicolai Davidsson, Andre Pawlowski, Thorsten Holz - European Symposium on Research in Computer Security (ESORICS), Luxembourg, September 2019

GDPiRated – Stealing Personal Information On-and Offline

Matteo Cagnazzo, Thorsten Holz, Norbert Pohlmann - European Symposium on Research in Computer Security (ESORICS), Luxembourg, September 2019

AntiFuzz: Impeding Fuzzing Audits of Binary Executables

Emre Güler, Cornelius Aschermann, Ali Abbasi, Thorsten Holz - USENIX Security Symposium, Santa Clara, CA, USA, August 2019

GRIMOIRE: Synthesizing Structure while Fuzzing

Tim Blazytko, Cornelius Aschermann, Moritz Schlögel, Ali Abbasi, Sergej Schumilo, Simon Wörner, Thorsten Holz - USENIX Security Symposium, Santa Clara, CA, USA, August 2019

Large-scale Analysis of Infrastructure-leaking DNS Servers

Dennis Tatang, Carl Schneider, Thorsten Holz - Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Gothenburg, Sweden, June 2019

Challenges in Designing Exploit Mitigations for Deeply Embedded Systems

Ali Abbasi, Jos Wetzels, Thorsten Holz, Sandro Etalle - IEEE European Symposium on Security and Privacy (EuroS&P 2019), Stockholm, Sweden, June 2019

Steroids for DOPed Applications: A Compiler for Automated Data-Oriented Programming

Jannik Pewny, Philipp Koppe, Thorsten Holz - IEEE European Symposium on Security and Privacy (EuroS&P 2019), Stockholm, Sweden, June 2019

Analyzing leakage of personal information by malware

Tobias Urban, Dennis Tatang, Thorsten Holz, Norbert Pohlmann - Journal of Computer Security, 2019

It's Not What It Looks Like: Measuring Attacks and Defensive Registrations of Homograph Domains

Florian Quinkert, Tobias Lauinger, William Robertson, Engin Kirda, Thorsten Holz - IEEE Conference on Communications and Network Security (CNS), Washington, D.C., USA, June 2019

Breaking LTE on Layer Two

David Rupprecht, Katharina Kohls, Thorsten Holz, Christina Pöpper - IEEE Symposium on Security & Privacy (Oakland), May 2019

Lost Traffic Encryption: Fingerprinting LTE/4G Traffic on Layer Two

Katharina Kohls, David Rupprecht, Thorsten Holz, Christina Pöpper - Conference on Security and Privacy in Wireless and Mobile Networks (WiSec ’19), May 15–17, 2019, Miami, FL, USA, ACM

LTE Security Disabled — Misconfiguration in Commercial Networks

Merlin Chlosta, David Rupprecht, Thorsten Holz, Christina Pöpper - Conference on Security and Privacy in Wireless and Mobile Networks (WiSec ’19), May 15–17, 2019, Miami, FL, USA, ACM

Adversarial Attacks Against Automatic Speech Recognition Systems via Psychoacoustic Hiding

Lea Schönherr, Katharina Kohls, Steffen Zeiler, Thorsten Holz, Do­ro­thea Kolossa - Network and Distributed System Security Symposium (NDSS 2019), San Diego, California, USA, February 2019

Nautilus: Fishing for Deep Bugs with Grammars

Cornelius Aschermann, Tommaso Frassetto, Thorsten Holz, Patrick Jauernig, Ahmad-Reza Sadeghi, Daniel Teuchert - Network and Distributed System Security Symposium (NDSS 2019), San Diego, California, USA, February 2019

On the Challenges of Geographical Avoidance for Tor

Katharina Kohls, Kai Jansen, David Rupprecht, Thorsten Holz, Christina Pöpper - Network and Distributed System Security Symposium (NDSS 2019), San Diego, California, USA, February 2019

Redqueen: Fuzzing with Input-to-State Correspondence

Cornelius Aschermann, Sergej Schumilo, Tim Blazytko, Robert Gawlik, Thorsten Holz - Network and Distributed System Security Symposium (NDSS 2019), San Diego, California, USA, February 2019

We Value Your Privacy - Now Take Some Cookies: Measuring the GDPR's Impact on Web Privacy

Martin Degeling, Christine Utz, Christopher Lentzsch, Henry Hosseini, Florian Schaub, Thorsten Holz - Network and Distributed System Security Symposium (NDSS 2019), San Diego, California, USA, February 2019

DorkPot: A Honeypot-based Analysis of Google Dorks

Florian Quinkert, Eduard Leonhardt, Thorsten Holz - Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb), San Diego, California, USA, February 2019 - ** Best Paper Award **

A Study of Newly Observed Hostnames and DNS Tunneling in the Wild

Dennis Tatang, Florian Quinkert, Nico Dolecki, Thorsten Holz - Technical Report, arXiv:1902.08454, February 2019

2018
Towards Automated Generation of Exploitation Primitives for Web Browsers

Behrad Garmany, Martin Stoffel, Robert Gawlik, Philipp Koppe, Tim Blazytko, Thorsten Holz - Annual Computer Security Applications Conference (ACSAC), San Juan, Puerto Rico, USA, December 2018

The Unwanted Sharing Economy: An Analysis of Cookie Syncing and User Transparency under GDPR

Tobias Urban, Dennis Tatang, Martin Degeling, Thorsten Holz, Norbert Pohlmann - Technical Report, arXiv:1811.08660, November 2018

An Exploratory Analysis of Microcode as a Building Block for System Defenses

Benjamin Kollenda, Philipp Koppe, Marc Fyrbiak, Christian Kison, Chris­tof Paar, Thorsten Holz - ACM Con­fe­rence on Com­pu­ter and Com­mu­ni­ca­ti­ons Se­cu­ri­ty (CCS), Toronto, October 2018

Towards Understanding Privacy Implications of Adware and Potentially Unwanted Programs

Tobias Urban, Dennis Tatang, Thorsten Holz, Norbert Pohlmann - European Symposium on Research in Computer Security (ESORICS), Barcelona, Spain, September 2018 - ** Best Paper Award **

Preventing Malicious SDN Applications From Hiding Adverse Network Manipulations

Christian Röpke, Thorsten Holz - ACM SIGCOMM Workshop on Security in Softwarized Networks: Prospects and Challenges (SecSoN 2018), Budapest, Hungary, 2018

SoK: Make JIT-Spray Great Again

Robert Gawlik, Thorsten Holz - USENIX Workshop on Offensive Technologies (WOOT), Baltimore, US, August 2018

On the Weaknesses of Function Table Randomization

Moritz Contag, Robert Gawlik, Andre Pawlowski, Thorsten Holz - Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Paris, France, June 2018

On Security Research Towards Future Mobile Network Generations

David Rupprecht, Adrian Dabrowski, Thorsten Holz, Edgar Weippl, Christina Pöpper - IEEE Communications Surveys and Tutorials, Volume: 20, Issue:3, 2018

Masters of Time: An Overview of the NTP Ecosystem

Teemu Rytilahti, Dennis Tatang, Janosch Köpper, Thorsten Holz - IEEE European Symposium on Security and Privacy (Euro S&P), London, United Kingdom, April 2018

Position-independent Code Reuse: On the Effectiveness of ASLR in the Absence of Information Disclosure

Enes Göktaş, Benjamin Kollenda, Philipp Koppe, Erik Bosman, Georgios Portokalidis, Thorsten Holz, Herbert Bos, Cristiano Giuffrida - IEEE European Symposium on Security and Privacy (Euro S&P), London, United Kingdom, April 2018

An Empirical Study on Online Price Differentiation

Thomas Hupperich, Dennis Tatang, Nicolai Wilkop, Thorsten Holz - ACM Conference on Data and Applications Security and Privacy (CODASPY 2018) Tempe, AZ, USA, March 2018

2017
Breaking and Fixing Destructive Code Read Defenses

Jannik Pewny, Philipp Koppe, Lucas Davi, Thorsten Holz - Annual Computer Security Applications Conference (ACSAC), Puerto Rico, USA, December 2017

ECFI: Asynchronous Control Flow Integrity for Programmable Logic Controllers

Ali Abbasi, Emmanuele Zambon, Sandro Etalle, Thorsten Holz - Annual Computer Security Applications Conference (ACSAC), Puerto Rico, USA, December 2017

An Empirical Study on Price Differentiation Based on System Fingerprints

Thomas Hupperich, Dennis Tatang, Nicolai Wilkop, Thorsten Holz - Technical Report, arXiv:1712.03031, December 2017

SDN-Guard: Protecting SDN Controllers Against SDN Rootkits

Dennis Tatang, Florian Quinkert, Joel Frank, Christian Röpke, Thorsten Holz - IEEE Workshop on Security in NFV-SDN (SN-2017), Berlin, November 2017

On Security Research towards Future Mobile Network Generations

David Rupprecht, Adrian Dabrowski, Thorsten Holz, Edgar Weippl, Christina Pöpper - arXiv:1710.08932, November 2017

kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels

Sergej Schumilo, Cornelius Aschermann, Robert Gawlik, Sebastian Schinzel, Thorsten Holz - USENIX Security Symposium, Vancouver, Canada, August 2017

Reverse Engineering x86 Processor Microcode

Philipp Koppe, Benjamin Kollenda, Marc Fyrbiak, Christian Kison, Robert Gawlik, Chris­tof Paar, Thorsten Holz - USENIX Security Symposium, Vancouver, Canada, August 2017

Syntia: Synthesizing the Semantics of Obfuscated Code

Tim Blazytko, Moritz Contag, Cornelius Aschermann, Thorsten Holz - USENIX Security Symposium, Vancouver, Canada, August 2017

Towards Automated Discovery of Crash-Resistant Primitives in Binaries

Benjamin Kollenda, Enes Goktas, Tim Blazytko, Philipp Koppe, Robert Gawlik, R.K. Konoth, Cristiano Giuffrida, Herbert Bo, Thorsten Holz - IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

How They Did It: An Analysis of Emission Defeat Devices in Modern Automobiles

Moritz Contag, Guo Li, Andre Pawlowski, Felix Domke, Kirill Levchenko, Thorsten Holz, Stefan Savage - IEEE Symposium on Security and Privacy ("Oakland"), San Jose, CA, May 2017

MARX: Uncovering Class Hierarchies in C++ Programs

Andre Pawlowski, Moritz Contag, Victor van der Veen, Chris Ouwehand, Thorsten Holz, Herbert Bos, Elias Athanasopoulos, Cristiano Giuffrida - Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 2017

Toward Improved Audio CAPTCHAs Based on Auditory Perception and Language Understanding

Hendrik Meutzner, Santosh Gupta, Viet-Hung Nguyen, Thorsten Holz, Do­ro­thea Kolossa - ACM Transactions on Privacy and Security (TOPS), Volume 19, Issue 4, February 2017

May the Force be with You: The Future of Force-Sensitive Authentication

Katharina Krombholz, Thomas Hupperich, Thorsten Holz - Journal of Internet Computing, Special Issue of Usable Security and Privacy, 2017

2016
EvilCoder: Automated Bug Insertion

Jannik Pewny, Thorsten Holz - Annual Computer Security Applications Conference (ACSAC), Los Angeles, California, USA, December 2016

Automated Multi-Architectural Discovery of CFI-Resistant Code Gadgets

Patrick Wollgast, Robert Gawlik, Behrad Garmany, Benjamin Kollenda, Thorsten Holz - European Symposium on Research in Computer Security (ESORICS), Heraklion, Greece, September 2016

On the Feasibility of TTL-based Filtering for DRDoS Mitigation

Michael Backes, Thorsten Holz, Christian Rossow, Teemu Rytilahti, Milivoj Simeonovski, Ben Stock - International Symposium on Research in Attacks, Intrusions and Defenses (RAID), Evry, France, September 2016

Sensor Captchas: On the Usability of Instrumenting Hardware Sensors to Prove Liveliness

Thomas Hupperich, Kromholz Katharina, Thorsten Holz - 9th International Conference on Trust & Trustworthy Computing (TRUST), Vienna, Austria, August 2016

Technical Report: Evaluating Analysis Tools for Android Apps: Status Quo and Robustness Against Obfuscation

Johannes Hoffmann, Teemu Rytilahti, Marcel Winandy, Giorgio Giacinto, Thorsten Holz - TR-HGI-2016-003, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), August 2016

Technical Report: Detile: Fine-Grained Information Leak Detection in Script Engines

Robert Gawlik, Philipp Koppe, Benjamin Kollenda, Andre Pawlowski, Behrad Garmany, Thorsten Holz - TR-HGI-2016-004, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), July 2016

Detile: Fine-Grained Information Leak Detection in Script Engines

Robert Gawlik, Philipp Koppe, Benjamin Kollenda, Andre Pawlowski, Behrad Garmany, Thorsten Holz - Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Donostia-San Sebastián, Spain, July 2016

Leveraging Sensor Fingerprinting for Mobile Device Authentication

Thomas Hupperich, Henry Hosseini, Thorsten Holz - Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Donostia-San Sebastián, Spain, July 2016

Probfuscation: An Obfuscation Approach using Probabilistic Control Flows

Andre Pawlowski, Moritz Contag, Thorsten Holz - Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Donostia-San Sebastián, Spain, July 2016

Technical Report: Probfuscation: An Obfuscation Approach using Probabilistic Control Flows

Andre Pawlowski, Moritz Contag, Thorsten Holz - TR-HGI-2016-002, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), July 2016

Use the Force: Evaluating Force-Sensitive Authentication for Mobile Devices

Katharina Krombholz, Thomas Hupperich, Thorsten Holz - Twelfth Symposium on Usable Privacy and Security (SOUPS 2016), Denver, USA, June 2016

Subversive-C: Abusing and Protecting Dynamic Message Dispatch

Julian Lettner, Benjamin Kollenda, Andrei Homescu, Per Larsen, Felix Schuster, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz, Michael Franz - 2016 USENIX Annual Technical Conference (USENIX ATC '16), Denver, USA, June 2016

SkypeLine: Robust Hidden Data Transmission for VoIP

Katharina Kohls, Thorsten Holz, Do­ro­thea Kolossa, Christina Pöpper - ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS), Xi'an, May 2016

A Tough call: Mitigating Advanced Code-Reuse Attacks At The Binary Level

Victor van der Veen, Enes Goktas, Moritz Contag, Andre Pawlowski, Xi Chen, Sanjay Rawat, Herbert Bos, Thorsten Holz, Elias Athanasopoulos, Cristiano Giuffrida - IEEE Symposium on Security and Privacy ("Oakland"), San Jose, CA, May 2016

No Honor Among Thieves: A Large-Scale Analysis of Malicious Web Shells

Oleksii Starov, Johannes Dahse, Syed Sharique Ahmad, Thorsten Holz, Nick Nikiforakis - 25th International World Wide Web Conference (WWW), Montreal, April 2016

Poster: The Curious Case of NTP Monlist

Teemu Rytilahti, Thorsten Holz - 1st IEEE European Symposium on Security and Privacy (Euro S&P 2016), Saarbrücken, Germany

How Secure is TextSecure?

Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Jörg Schwenk, Thorsten Holz - IEEE European Symposium on Security and Privacy (EuroS&P 2016)

Poster: Evaluating Analysis Tools for Android Apps: Status Quo and Robustness Against Obfuscation

Johannes Hoffmann, Teemu Rytilahti, Marcel Winandy, Giorgio Giacinto, Thorsten Holz - Pro­cee­dings of the ACM Con­fe­rence on Data and Ap­p­li­ca­ti­on Se­cu­ri­ty and Pri­va­cy (ACM CO­DAS­PY) 2016

Technical Report: SkypeLine Robust Hidden Data Transmission for VoIP

Katharina Kohls, Thorsten Holz, Do­ro­thea Kolossa, Christina Pöpper - TR-HGI-2016-001, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), February 2016

Enabling Client-Side Crash-Resistance to Overcome Diversification and Information Hiding

Robert Gawlik, Benjamin Kollenda, Philipp Koppe, Behrad Garmany, Thorsten Holz - An­nual Net­work & Di­stri­bu­ted Sys­tem Se­cu­ri­ty Sym­po­si­um (NDSS), San Diego, Fe­bru­ary 2016

On Network Operating System Security

Christian Röpke, Thorsten Holz - International Journal of Network Management (IJNM) - Special Issue on Software-Defined Networking and Network Function Virtualization for Flexible Network Management, 2016

2015
Technical Report: On the Effectiveness of Fingerprinting Mobile Devices

Thomas Hupperich, Marc Kührer, Thorsten Holz, Giorgio Giacinto - TR-HGI-2015-002, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), December 2015

On the Robustness of Mobile Device Fingerprinting

Thomas Hupperich, Marc Kührer, Thorsten Holz, Giorgio Giacinto - 31th Annual Computer Security Applications Conference (ACSAC), Los Angeles, USA, December 2015

Security Analysis of PHP Bytecode Protection Mechanisms

Dario Weißer, Johannes Dahse, Thorsten Holz - Research in Attacks, Intrusions and Defenses (RAID) Symposium, Kyoto, Japan, November 2015

SDN Rootkits: Subverting Network Operating Systems of Software-Defined Networks

Christian Röpke, Thorsten Holz - Research in Attacks, Intrusions and Defenses (RAID) Symposium, Kyoto, Japan, November 2015

Going Wild: Large-Scale Classification of Open DNS Resolvers

Marc Kührer, Thomas Hupperich, Jonas Bushart, Christian Rossow, Thorsten Holz - 15th ACM In­ter­net Me­a­su­re­ment Con­fe­rence (IMC), Tokyo, Japan, Oc­to­ber 2015

Multi-Layer Access Control for SDN-based Telco Clouds

Bernd Jäger, Christian Röpke, Iris Adam, Thorsten Holz - Nordic Conference on Secure IT System (NordSec), Stockholm, Sweden, October 2015

It's a TRAP: Table Randomization and Protection against Function Reuse Attacks

Stephen Crane, Stijn Volckaert, Felix Schuster, Christopher Liebchen, Per Larsen, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz, Bjorn De Sutter, Michael Franz - 22nd ACM Conference on Computer and Communications Security (CCS), Denver, October 2015

On Locational Privacy in the Absence of Anonymous Payments

Tilman Frosch, Sven Schäge, Martin Goll, Thorsten Holz - Gutwirth, S., Leenes R., P. De Hert and Y. Poullet, Data protection on the Move. Current Developments in ICT and Privacy/Data Protection. Springer (forthcoming, 2015), Dordrecht.

Revealing the Relationship Network Behind Link Spam

Apostolis Zarras, Antonis Papadogiannakis, Sotiris Ioannidis, Thorsten Holz - 13th Annual Conference on Privacy, Security and Trust (PST), Izmir, Turkey, July 2015

Experience Report: An Empirical Study of PHP Security Mechanism Usage

Johannes Dahse, Thorsten Holz - International Symposium on Software Testing and Analysis (ISSTA)

Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications

Felix Schuster, Thomas Tendyck, Christopher Liebchen, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz - 36th IEEE Symposium on Security and Privacy (Oakland), San Jose, May 2015

Cross-Architecture Bug Search in Binary Executables

Jannik Pewny, Behrad Garmany, Robert Gawlik, Christian Rossow, Thorsten Holz - 36th IEEE Symposium on Security and Privacy (Oakland), San Jose, May 2015

Retaining Control over SDN Network Services

Christian Röpke, Thorsten Holz - International Conference on Networked Systems (NetSys), 2015

Tactile One-Time Pad: Leakage-Resilient Authentication for Smartphones

Sebastian Uellenbeck, Thomas Hupperich, Christopher Wolf, Thorsten Holz - Financial Cryptography and Data Security 2015

2014
Technical Report: Towards Automated Integrity Protection of C++ Virtual Function Tables in Binary Programs

Robert Gawlik, Thorsten Holz - TR-HGI-2014-004, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), December 2014

Leveraging Semantic Signatures for Bug Search in Binary Programs

Jannik Pewny, Felix Schuster, Lukas Bernhard, Christian Rossow, Thorsten Holz - An­nual Com­pu­ter Se­cu­ri­ty Ap­p­li­ca­ti­ons Con­fe­rence (ACSAC), New Or­leans, USA, De­cem­ber 2014

Towards Automated Integrity Protection of C++ Virtual Function Tables in Binary Programs

Robert Gawlik, Thorsten Holz - An­nual Com­pu­ter Se­cu­ri­ty Ap­p­li­ca­ti­ons Con­fe­rence (ACSAC), New Or­leans, USA, De­cem­ber 2014

Using Automatic Speech Recognition for Attacking Acoustic CAPTCHAs: The Trade-off between Usability and Security

Hendrik Meutzner, Viet Hung Nguyen, Thorsten Holz, Do­ro­thea Kolossa - An­nual Com­pu­ter Se­cu­ri­ty Ap­p­li­ca­ti­ons Con­fe­rence (ACSAC), New Or­leans, USA, De­cem­ber 2014 - ** Outstanding Paper Award **

The Dark Alleys of Madison Avenue: Understanding Malicious Advertisements

Apostolis Zarras, Alexandros Kapravelos, Gianluca Stringhini, Thorsten Holz, Christopher Kruegel, Giovanni Vigna - 14th ACM SIGCOMM Internet Measurement Conference (IMC), Vancouver, Canada, November 2014

Code Reuse Attacks in PHP: Automated POP Chain Generation

Johannes Dahse, Nikolai Krein, Thorsten Holz - 21st ACM Conference on Computer and Communications Security (CCS), Scottsdale, Arizona, USA, November 2014 - ** Best Student Paper Award **

You Can Run but You Can’t Read: Preventing Disclosure Exploits in Executable Code

Michael Backes, Thorsten Holz, Benjamin Kollenda, Philipp Koppe, Stefan Nürnberger, Jannik Pewny - 21st ACM Conference on Computer and Communications Security (CCS), Scottsdale, Arizona, USA, November 2014

How Secure is TextSecure?

Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Jörg Schwenk, Thorsten Holz - Cryptology ePrint Archive, Report 2014/904, 31 Oct 2014

CloudSylla: Detecting Suspicious System Calls in the Cloud

Marc Kührer, Johannes Hoffmann, Thorsten Holz - 16th International Symposium on Stabilization, Safety, and Security of Distributed Systems (SSS), Paderborn, Germany, September 2014

Evaluating the Effectiveness of Current Anti-ROP Defenses

Felix Schuster, Thomas Tendyck, Jannik Pewny, Andreas Maaß, Martin Steegmanns, Moritz Contag, Thorsten Holz - Re­se­arch in At­tacks, In­tru­si­ons and De­fen­ses (RAID) Sym­po­si­um, Gothenburg, Sweden, September 2014

Paint it Black: Evaluating the Effectiveness of Malware Blacklists

Marc Kührer, Christian Rossow, Thorsten Holz - Re­se­arch in At­tacks, In­tru­si­ons and De­fen­ses (RAID) Sym­po­si­um, Gothenburg, Sweden, September 2014

Tac­tile One-Ti­me Pad. Smart­pho­ne Au­then­ti­fi­ca­ti­on. Resi­li­ent Against Shoul­der Sur­fing

Sebastian Uellenbeck, Thomas Hupperich, Christopher Wolf, Thorsten Holz - TR-HGI-2014-003, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), September 2014

Static Detection of Second-Order Vulnerabilities in Web Applications

Johannes Dahse, Thorsten Holz - 23rd USENIX Security Symposium, San Diego, CA, USA, August 2014 - ** Internet Defense Prize by Facebook **

Dynamic Hooks: Hiding Control Flow Changes within Non-Control Data

Sebastian Vogl, Robert Gawlik, Behrad Garmany, Thomas Kittel, Jonas Pfoh, Claudia Eckert, Thorsten Holz - 23rd USENIX Security Symposium, San Diego, CA, USA, August 2014

Exit from Hell? Reducing the Impact of Amplification DDoS Attacks

Marc Kührer, Thomas Hupperich, Christian Rossow, Thorsten Holz - 23rd USENIX Security Symposium, San Diego, CA, USA, August 2014

Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks

Marc Kührer, Thomas Hupperich, Christian Rossow, Thorsten Holz - 8th USENIX Workshop on Offensive Technologies (WOOT), San Diego, CA, USA, August 2014

Automated Generation of Models for Fast and Precise Detection of HTTP-Based Malware

Apostolis Zarras, Antonis Papadogiannakis, Robert Gawlik, Thorsten Holz - 12th Annual Conference on Privacy, Security and Trust (PST), Toronto, Canada, July 2014

Technical Report: Paint it Black: Evaluating the Effectiveness of Malware Blacklists

Marc Kührer, Christian Rossow, Thorsten Holz - TR-HGI-2014-002, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), June 2014

Technical Report: Evaluating the Effectiveness of Current Anti-ROP Defenses

Felix Schuster, Thomas Tendyck, Jannik Pewny, Andreas Maaß, Martin Steegmanns, Moritz Contag, Thorsten Holz - TR-HGI-2014-001, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), May 2014

Scriptless attacks: Stealing more pie without touching the sill

Mario Heiderich, Marcus Niemietz, Felix Schuster, Thorsten Holz, Jörg Schwenk - Journal of Computer Security, Volume 22, Number 4 / 2014, Web Application Security – Web @ 25

GraphNeighbors: Hampering Shoulder-Surfing Attacks on Smartphones

Irfan Altiok, Sebastian Uellenbeck, Thorsten Holz - GI Si­cher­heit - Schutz und Zu­ver­läs­sig­keit, Jah­res­ta­gung des Fach­be­reichs Si­cher­heit der Ge­sell­schaft für In­for­ma­tik, Vienna, Austria, March 2014

Simulation of Built-in PHP features for Precise Static Code Analysis

Johannes Dahse, Thorsten Holz - Annual Network & Distributed System Security Symposium (NDSS), San Diego, February 2014

2013
Control-Flow Restrictor: Compiler-based CFI for iOS

Jannik Pewny, Thorsten Holz - Annual Computer Security Applications Conference (ACSAC), New Orleans, USA, December 2013

k-subscription: Privacy-Preserving Microblogging Browsing through Obfuscation

Panagiotis Papadopoulos, Antonis Papadogiannakis, Michalis Polychronakis, Apostolis Zarras, Thorsten Holz, Evangelos P. Markatos - 29th Annual Computer Security Applications Conference (ACSAC), New Orleans, USA, December 2013

Towards Reducing the Attack Surface of Software Backdoors

Felix Schuster, Thorsten Holz - 20th ACM Conference on Computer and Communications Security (CCS), Berlin, November 2013

Quantifying the Security of Graphical Passwords: The Case of Android Unlock Patterns

Sebastian Uellenbeck, Markus Dürmuth, Christopher Wolf, Thorsten Holz - ACM Conference on Computer and Communications Security (CCS), Berlin, November 2013

An Experimental Security Analysis of Two Satphone Standards

Benedikt Driessen, Ralf Hund, Carsten Willems, Chris­tof Paar, Thorsten Holz - ACM Transactions on Information and System Security (TISSEC), Vol. 16, No. 3, Article 10, Publication date: November 2013

Mobile Malware Detection Based on Energy Fingerprints - A Dead End?

Johannes Hoffmann, Stephan Neumann, Thorsten Holz - Research in Attacks, Intrusions and Defenses (RAID) Symposium, St. Lucia, October 2013

Preventing Backdoors In Server Applications With A Separated Software Architecture (Short Paper)

Felix Schuster, Stefan Rüster, Thorsten Holz - 10th Con­fe­rence on De­tec­tion of In­tru­si­ons and Mal­wa­re & Vul­nerabi­li­ty As­sess­ment (DIMVA), Berlin, July 2013

Im­pro­ving Lo­ca­ti­on Pri­va­cy for the Elec­tric Ve­hi­cle Mas­ses

Tilman Frosch, Sven Schäge, Martin Goll, Thorsten Holz - TR-HGI-2013-001, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), June 2013

Practical Timing Side Channel Attacks Against Kernel Space ASLR

Ralf Hund, Carsten Willems, Thorsten Holz - IEEE Symposium on Security and Privacy ("Oakland"), San Francisco, CA, May 2013

PSiOS: Bring Your Own Privacy & Security to iOS Devices

Tim Werthmann, Ralf Hund, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz - ACM Symposium on Information, Computer and Communications Security (ASIACCS), Hangzhou, China, May 2013 - **Distinguished Paper Award**

A Security Layer for Smartphone-to-Vehicle Communication over Bluetooth

Andrea Dardanelli, Federico Maggi, Mara Tanelli, Stefano Zanero, Sergio M. Savaresi, Roman Kochanek, Thorsten Holz - IEEE Embedded Systems Letters, Volume: 5, Issue: 3

Slicing Droids: Program Slicing for Smali Code

Johannes Hoffmann, Martin Ussath, Michael Spreitzenbarth, Thorsten Holz - 28th In­ter­na­tio­nal ACM Sym­po­si­um on Ap­p­lied Com­pu­ting (SAC), Co­im­bra, Por­tu­gal, March 2013

Predentifier: Detecting Botnet C&C Domains From Passive DNS Data

Tilman Frosch, Marc Kührer, Thorsten Holz - Advances in IT Early Warning, Fraunhofer Verlag, February 2013. ISBN: 978-3-8396-0474-8

2012
Down to the Bare Metal: Using Processor Features for Binary Analysis

Carsten Willems, Ralf Hund, Amit Vasudevan, Andreas Fobian, Dennis Felsch, Thorsten Holz - Annual Computer Security Applications Conference (ACSAC), Orlando, FL, December 2012

Using Memory Management to Detect and Extract Illegitimate Code for Malware Analysis

Carsten Willems, Felix C. Freiling, Thorsten Holz - Annual Computer Security Applications Conference (ACSAC), Orlando, FL, December 2012

CXPInspector: Hypervisor-Based, Hardware-Assisted System Monitoring

Carsten Willems, Ralf Hund, Thorsten Holz - TR-HGI-2012-002, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), November 2012

Down to the Bare Metal: Using Processor Features for Binary Analysis

Carsten Willems, Ralf Hund, Dennis Felsch, Andreas Fobian, Thorsten Holz - TR-HGI-2012-001, Ruhr-Universität Bochum, Horst Görtz Institut für IT-Sicherheit (HGI), November 2012

Scriptless Attacks – Stealing the Pie Without Touching the Sill

Mario Heiderich, Marcus Niemietz, Felix Schuster, Thorsten Holz, Jörg Schwenk - 19th ACM Conference on Computer and Communications Security (CCS), Raleigh, NC, October 2012

B@bel: Leveraging Email Delivery for Spam Mitigation

Gianluca Stringhini, Manuel Egele, Apostolis Zarras, Thorsten Holz, Christopher Kruegel, Giovanni Vigna - 21st USENIX Security Symposium, Bellevue, WA, USA, August 2012

On the Fragility and Limitations of Current Browser-provided Clickjacking Protection Schemes

Sebastian Lekies, Mario Heiderich, Dennis Appelt, Thorsten Holz, Martin Johns - 6th USENIX Workshop on Offensive Technologies (WOOT), Bellevue, WA, August 2012

SmartProxy: Secure Smartphone-Assisted Login on Compromised Machines

Johannes Hoffmann, Sebastian Uellenbeck, Thorsten Holz - 9th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Heraklion, Greece, July 2012

Don’t Trust Satellite Phones: A Security Analysis of Two Satphone Standards

Benedikt Driessen, Ralf Hund, Carsten Willems, Chris­tof Paar, Thorsten Holz - IEEE Symposium on Security and Privacy ("Oakland"), San Francisco, CA, May 2012 - **Best Paper Award**

Tracking DDoS Attacks: Insights into the Business of Disrupting the Web

Armin Büscher, Thorsten Holz - 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), San Jose, CA, April 2012

An Empirical Analysis of Malware Blacklists

Marc Kührer, Thorsten Holz - PIK - Praxis der Informationsverarbeitung und Kommunikation. Volume 35, Issue 1, Pages 11–16, April 2012

MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones

Lucas Davi, Alexandra Dmitrienko, Manuel Egele, Thomas Fischer, Thorsten Holz, Ralf Hund, Stefan Nürnberger, Ahmad-Reza Sadeghi - Annual Network & Distributed System Security Symposium (NDSS), San Diego, February 2012

2011
Crouching Tiger - Hidden Payload: Security Risks of Scalable Vectors Graphics

Mario Heiderich, Tilman Frosch, Meiko Jensen, Thorsten Holz - 18th ACM Conference on Computer and Communications Security (CCS), Chicago, IL, October 2011

POSTER: Control-Flow Integrity for Smartphones.

Lucas Davi, Alexandra Dmitrienko, Manuel Egele, Thorsten Holz, Ralf Hund, Stefan Nürnberger, Ahmad-Reza Sadeghi, Thomas Fischer - 18th ACM Conference on Computer and Communications Security (CCS'11)

TrumanBox: Improving Dynamic Malware Analysis by Emulating the Internet

Christian Gorecki, Felix C. Freiling, Marc Kührer, Thorsten Holz - 13th International Symposium on Stabilization, Safety, and Security of Distributed Systems (SSS), Grenoble, France, October 2011

Automated Identification of Cryptographic Primitives in Binary Programs

Felix Gröbert, Carsten Willems, Thorsten Holz - 14th International Symposium on Recent Advances in Intrusion Detection (RAID), Menlo Park, CA, September 2011

IceShield: Detection and Mitigation of Malicious Websites with a Frozen DOM

Mario Heiderich, Tilman Frosch, Thorsten Holz - 14th International Symposium on Recent Advances in Intrusion Detection (RAID), Menlo Park, CA, September 2011

BotMagnifier: Locating Spambots on the Internet

Gianluca Stringhini, Thorsten Holz, Brett Stone-Gross, Christopher Kruegel, Giovanni Vigna - USENIX Security Symposium, San Francisco, CA, August 2011

Jackstraws: Picking Command and Control Connections from Bot Traffic

Gregoire Jacob, Ralf Hund, Christopher Kruegel, Thorsten Holz - USENIX Security Symposium, San Francisco, CA, August 2011

Proceedings of 8th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA)

Thorsten Holz, Herbert Bos - 8th Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), Amsterdam, Netherlands, July 2011

Automatic Analysis of Malware Behavior using Machine Learning

Konrad Rieck, Philipp Trinius, Carsten Willems, Thorsten Holz - Journal of Computer Security, Vol. 19, No. 4, pages 639-668, 2011

Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices

Michael Becher , Felix C. Freiling, Johannes Hoffmann, Thorsten Holz, Sebastian Uellenbeck, Christopher Wolf - IEEE Symposium on Security and Privacy ("Oakland"), Berkeley, CA, May 2011

Das Internet-Malware-Analyse-System (InMAS)

Markus Engelberth, Felix C. Freiling, Jan Goebel, Christian Gorecki, Thorsten Holz, Ralf Hund, Philipp Trinius, Carsten Willems - Datenschutz und Datensicherheit (DuD), Volume 35, Number 4, pp. 247-252

The Underground Economy of Spam: A Botmaster's Perspective of Coordinating Large-Scale Spam Campaigns

Brett Stone-Gross, Thorsten Holz, Gianluca Stringhini, Giovanni Vigna - USE­NIX Work­shop on Lar­ge-Sca­le Ex­ploits and Emer­gent Thre­ats (LEET), Boston, MA, March 2011

2010
A Malware Instruction Set for Behavior-Based Analysis

Philipp Trinius, Carsten Willems, Thorsten Holz, Konrad Rieck - GI Si­cher­heit - Schutz und Zu­ver­läs­sig­keit, Jah­res­ta­gung des Fach­be­reichs Si­cher­heit der Ge­sell­schaft für In­for­ma­tik, Ber­lin, Ger­ma­ny, Oc­to­ber 2010

Towards secure deletion on smartphones

Michael Spreitzenbarth, Thorsten Holz - GI Si­cher­heit - Schutz und Zu­ver­läs­sig­keit, Jah­res­ta­gung des Fach­be­reichs Si­cher­heit der Ge­sell­schaft für In­for­ma­tik, Berlin, Germany, October 2010

Abusing Social Networks for Automated User Profiling

Marco Balduzzi, Christian Platzer, Thorsten Holz, Engin Kirda, Davide Balzarotti, Christopher Kruegel - 13th International Symposium on Recent Advances in Intrusion Detection (RAID), Ottawa, Canada, September 2010

Is the Internet for Porn? An Insight Into the Online Adult Industry

Gilbert Wondracek, Thorsten Holz, Christian Platzer, Engin Kirda, Christopher Kruegel - Workshop on the Economics of Information Security (WEIS), Harvard University, USA, June 2010

A Practical Attack to De-Anonymize Social Network Users

Gilbert Wondracek, Thorsten Holz, Engin Kirda, Christopher Kruegel - IEEE Symposium on Security and Privacy ("Oakland"), Berkeley, CA, May 2010

Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries

Clemens Kolbitsch, Thorsten Holz, Christopher Kruegel, Engin Kirda - IEEE Symposium on Security and Privacy ("Oakland"), Berkeley, CA, May 2010

Verfolgen und Abschwächen von Malicious Remote Control Networks

Thorsten Holz - Ausgezeichnete Informatikdissertationen 2009. LNI D-10, pages 101-110, May 2010

ADSandbox: Sandboxing JavaScript to Fight Malicious Websites

Andreas Dewald, Thorsten Holz, Felix C. Freiling - ACM Symposium on Applied Computing (SAC), Sierre, Switzerland, March 2010

Botzilla: Detecting the "Phoning Home" of Malicious Software

Konrad Rieck, Guido Schwenk, Tobias Limmer, Thorsten Holz, Pavel Laskov - ACM Symposium on Applied Computing (SAC), Sierre, Switzerland, March 2010

The InMAS Approach

Markus Engelberth, Felix Freiling, Jan Goebel, Christian Gorecki, Thorsten Holz, Ralf Hund, Philipp Trinius, Carsten Willems - 1st European Workshop on Internet Early Warning and Network Intelligence (EWNI'10)

2009
A Malware Instruction Set for Behavior-Based Analysis

Philipp Trinius, Carsten Willems, Thorsten Holz, Konrad Rieck - Technical Report TR-2009-007, University of Mannheim, December 2009

Automatic Analysis of Malware Behavior using Machine Learning

Philipp Trinius, Carsten Willems, Thorsten Holz, Konrad Rieck - Berlin Institute of Technology, Technical Report 18-2009

Walowdac - Analysis of a Peer-to-Peer Botnet

Ben Stock, Jan Göbel, Markus Engelberth, Felix Freiling, Thorsten Holz - European Conference on Computer Network Defense (EC2ND), Milan, Italy, November 2009

Visual Analysis of Malware Behavior (Short paper)

Philipp Trinius, Thorsten Holz, Jan Göbel, Felix Freiling - Workshop on Visualization for Cyber Security (VizSec), Atlantic City, NJ, USA, October 2009

Automatically Generating Models for Botnet Detection

Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Göbel, Christopher Kruegel, Engin Kirda - Eu­ropean Sym­po­si­um on Re­se­arch in Com­pu­ter Se­cu­ri­ty (ESO­RICS), Saint Malo, France, September 2009

Learning More About the Underground Economy: A Case-Study of Keyloggers and Dropzones

Thorsten Holz, Markus Engelberth, Felix Freiling - Eu­ropean Sym­po­si­um on Re­se­arch in Com­pu­ter Se­cu­ri­ty (ESO­RICS), Saint Malo, France, September 2009

Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms

Ralf Hund, Thorsten Holz, Felix Freiling - USENIX Security Symposium, Montreal, Canada, August 2009

Towards Proactive Spam Filtering (Extended Abstract)

Jan Göbel, Thorsten Holz, Philipp Trinius - Con­fe­rence on De­tec­tion of In­tru­si­ons and Mal­wa­re & Vul­nerabi­li­ty As­sess­ment (DIMVA), Milan, Italy, July 2009

Frühe Warnung durch Beobachten und Verfolgen von bösartiger Software im Deutschen Internet: Das Internet-Malware-Analyse System (InMAS)

Markus Engelberth, Felix Freiling, Jan Goebel, Christian Gorecki, Thorsten Holz, Philipp Trinius, Carsten Willems - 11. Deutscher IT-Sicherheitskongress des Bundesamtes für Sicherheit in der Informationstechnik (BSI), Bonn, May 2009

Tracking and Mitigation of Malicious Remote Control Networks

Thorsten Holz - Universität Mannheim, pages 1-138, URN urn:nbn:de:bsz:180-madoc-23306, April 2009

MalOffice - Detecting malicious documents with combined static and dynamic analysis

Markus Engelberth, Carsten Willems, Thorsten Holz - Virus Bulletin Conference, Geneva, Switzerland, September 2009

2008
Towards Next-Generation Botnets

Ralf Hund, Matthias Hamann, Thorsten Holz - European Conference on Computer Network Defense (EC2ND), Dublin, Ireland, December 2008

As the Net Churns: Fast-Flux Botnet Observations

Jose Nazario, Thorsten Holz - International Conference on Malicious and Unwanted Software, October 2008

Reconstructing Peoples Lives: A Case Study in Teaching Forensic Computing

Felix Freiling, Thorsten Holz, Martin Mink - In­ter­na­tio­nal Con­fe­rence on IT Se­cu­ri­ty In­ci­dent Ma­nage­ment & IT Fo­ren­sics (IMF), Mannheim, Ger­ma­ny, September 2008

Learning and Classification of Malware Behavior

Konrad Rieck, Thorsten Holz, Carsten Willems, Patrick Düssel, Pavel Laskov - Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Paris, France, July 2008

Studying Malicious Websites and the Underground Economy on the Chinese Web

Jianwei Zhuge, Thorsten Holz, Chengyu Song, Jinpeng Guo, Xinhui Han, Wei Zou - Work­shop on the Eco­no­mics of In­for­ma­ti­on Se­cu­ri­ty (WEIS), Hanover, NH, USA, June 2008

Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm

Thorsten Holz, Moritz Steiner, Frederic Dahl, Ernst Biersack, Felix C. Freiling - USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), San Francisco, CA, April 2008

Monkey-Spider: Detecting Malicious Websites with Low-Interaction Honeyclients

Ali Ikinci, Thorsten Holz, Felix Freiling - GI Si­cher­heit - Schutz und Zu­ver­läs­sig­keit, Jah­res­ta­gung des Fach­be­reichs Si­cher­heit der Ge­sell­schaft für In­for­ma­tik, Saarbrücken, April 2008 - **Best Paper Award**

Rishi: Identifizierung von Bots durch Auswerten der IRC Nicknamen

Jan Göbel, Thorsten Holz - DFN-CERT Work­shop "Si­cher­heit in ver­netz­ten Sys­te­men", Ham­burg, February 2008

Measuring and Detecting Fast-Flux Service Networks

Thorsten Holz, Christian Gorecki, Konrad Rieck, Felix Freiling - Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2008

2007
Collecting Autonomous Spreading Malware Using High-Interaction Honeypots

Jianwei Zhuge, Thorsten Holz, Xinhui Han, Chengyu Song, Wei Zou - International Conference on Information and Communications Security (ICICS), LNCS 4861, Zhengzhou, China, December 2007

Virtual Honeypots - From Botnet Tracking to Intrusion Detection

Niels Provos, Thorsten Holz - Addison-Wesley Professional; 1. edition, 440 pages

Measurement and Analysis of Autonomous Spreading Malware in a University Environment

Thorsten Holz, Jan Goebel, Carsten Willems - Con­fe­rence on De­tec­tion of In­tru­si­ons and Mal­wa­re & Vul­nerabi­li­ty As­sess­ment (DIMVA), Lucerne, Switzerland, July 2007

Rishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation

Jan Göbel, Thorsten Holz - USENIX Workshop on Hot Topics in Understanding Botnets (HotBots), Cambridge, MA, April 2007

Toward Automated Dynamic Malware Analysis Using CWSandbox

Carsten Willems, Thorsten Holz, Felix C. Freiling - IEEE Security & Privacy, Volume 5, Number 2, Pages 32-39, March/April 2007

2006
Advanced Honeypot-based Intrusion Detection

Jan Göbel, Jens Hektor, Thorsten Holz - USE­NIX ;login:, Vo­lu­me 31, Issue 6, Pages 18-23, De­cem­ber 2006

A Comparative Study of Teaching Forensics at a University Degree Level

Philip Anderson, Maximillian Dornseif, Felix Freiling, Thorsten Holz, Alastair Irons, Christopher Laing, Martin Mink - International Conference on IT Security Incident Management & IT Forensics (IMF), Stuttgart, Germany, October 2006

The Nepenthes Platform: An Efficient Approach to Collect Malware

Paul Baecher, Markus Koetter, Thorsten Holz, Maximillian Dornseif, Felix Freiling - 9th International Symposium on Recent Advances in Intrusion Detection (RAID), Hamburg, Germany, September 2006

The Effect of Stock Spam on Financial Markets

Rainer Böhme, Thorsten Holz - Workshop on the Economics of Information Security (WEIS), University of Cambridge, June 2006

Design and Implementation of the Honey-DVD

Maximillian Dornseif, Felix Freiling, Nils Gedicke, Thorsten Holz - IEEE In­for­ma­ti­on As­suran­ce Work­shop (IAW), West Point, NY, June 2006

Safety, Liveness, and Information Flow: Dependability Revisited

Zinaida Benenson, Felix Freiling, Thorsten Holz, Dogan Kesdogan, Lucia Draque Penso - ARCS Workshop on Dependability and Fault-Tolerance, Frankfurt am Main, Germany, March 2006

Effektives Sammeln von Malware mit Honeypots

Thorsten Holz, Georg Wicherski - DFN-CERT Workshop "Sicherheit in vernetzten Systemen", Hamburg, March 2006

New Threats and Attacks on the World Wide Web

Thorsten Holz, Simon Marechal, Frédéric Raynal - IEEE Security & Privacy Volume 4, Issue 2, Pages 72-75, March 2006

Learning More About Attack Patterns With Honeypots

Thorsten Holz - GI Sicherheit - Schutz und Zuverlässigkeit, Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik, Magdeburg, February 2006

2005
Spying With Bots

Thorsten Holz - USENIX ;login:, Volume 30, Issue 6, Pages 18-23, December 2005

Security Measurements and Metrics for Networks

Thorsten Holz - Dependability Metrics (Lecture Notes in Computer Science 4909, Advanced Lectures), pages 157-165, 2005

Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks

Felix Freiling, Thorsten Holz, Georg Wicherski - European Symposium on Research in Computer Security (ESORICS), Milan, Italy, September 2005

A Pointillist Approach for Comparing Honeypots

Fabien Pouget, Thorsten Holz - Con­fe­rence on De­tec­tion of In­tru­si­ons and Mal­wa­re & Vul­nerabi­li­ty As­sess­ment (DIMVA), Vienna, Austria, July 2005

Detecting Honeypots and Other Suspicious Environments

Thorsten Holz, Frederic Raynal - IEEE In­for­ma­ti­on As­suran­ce Work­shop (IAW), West Point, NY, June 2005

A Short Visit to the Bot Zoo

Thorsten Holz - IEEE Security & Privacy, Volume 3, Issue 3, Pages 76-79, May 2005

2004
Vulnerability Assessment using Honeypots

Maximillian Dornseif, Felix C. Gärtner, Thorsten Holz - PIK - Praxis der Informationsverarbeitung und Kommunikation, Volume 27, Issue 4, Pages 195-201, December 2004

NoSEBrEaK - Attacking Honeynets

Maximillian Dornseif, Thorsten Holz, Christian N. Klein - IEEE Information Assurance Workshop (IAW), West Point, NY, June 2004

Ermittlung von Verwundbarkeiten mit elektronischen Ködern

Maximillian Dornseif, Felix C. Gärtner, Thorsten Holz - Con­fe­rence on De­tec­tion of In­tru­si­ons and Mal­wa­re & Vul­nerabi­li­ty As­sess­ment (DIMVA), Dortmund, Germany, July 2004