Publications

Down to the Bare Metal: Using Processor Features for Binary Analysis

2012 - Carsten Willems, Ralf Hund, Dennis Felsch, Andreas Fobian, Thorsten Holz

TR-HGI-2012-001, Ruhr-Universität Bochum, Horst Görtz Institut für IT-Sicherheit (HGI), November 2012 [pdf]

Using Memory Management to Detect and Extract Illegitimate Code for Malware Analysis

2012 - Carsten Willems, Felix, Freiling

Technical Reports CS-2012,1 University of Erlangen, Department Informatik, February 2012 [OPUS Link]

Using Memory Management to Detect and Extract Illegitimate Code for Malware Analysis

2011 - Carsten Willems, Felix Freiling

Technical Report TR-2011-002, University of Mannheim, Department of Computer Science, May 2011 [MADOC Link]

Internals of Windows Memory Management (not only) for Malware Analysis

2011 - Carsten Willems

Technical Report TR-2011-001, University of Mannheim, Department of Computer Science, April 2011 [MADOC Link]

Return-Oriented Programming without Returns on ARM

2010 - Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Marcel Winandy

Tech­ni­cal Re­port HGI-TR-2010-002 [PDF]

ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks

2010 - Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy

Technical Report HGI-TR-2010-001 [PDF]

A Malware Instruction Set for Behavior-Based Analysis

2009 - Philipp Trinius, Carsten Willems, Thorsten Holz, Konrad Rieck

Technical Report TR-2009-007, University of Mannheim, December 2009 [MADOC Link] [PDF]

Automatic Analysis of Malware Behavior using Machine Learning

2009 - Philipp Trinius, Carsten Willems, Thorsten Holz, Konrad Rieck

Berlin Institute of Technology, Technical Report 18-2009 [PDF]

Kernel-Level Interception and Applications on Mobile Devices

2008 - Michael Becher, Ralf Hund

Technical Report TR-2008-003, Universität Mannheim, May 2008 [PDF]

Property-Based TPM Virtualization

2008 - Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy

Technical Report HGI-TR-2008-001, Horst Görtz Institute for IT-Security, Ruhr-University Bochum, 2008. [PDF]
Page: