Thorsten Holz

According to our database1, Thorsten Holz authored at least 177 papers between 2004 and 2019.

Collaborative distances:

Timeline

Legend:

Book 
In proceedings 
Article 
PhD thesis 
Other 

Links

Homepages:

On csauthors.net:

Bibliography

2019
Analyzing leakage of personal information by malware.
Journal of Computer Security, 2019

Die DSGVO als internationales Vorbild?
Datenschutz und Datensicherheit, 2019

Reverse Engineering x86 Processor Microcode.
CoRR, 2019

(Un)informed Consent: Studying GDPR Consent Notices in the Field.
CoRR, 2019

Robust Over-the-Air Adversarial Examples Against Automatic Speech Recognition Systems.
CoRR, 2019

Towards Automated Application-Specific Software Stacks.
CoRR, 2019

A Study of Newly Observed Hostnames and DNS Tunneling in the Wild.
CoRR, 2019

Lost traffic encryption: fingerprinting LTE/4G traffic on layer two.
Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks, 2019

LTE security disabled: misconfiguration in commercial networks.
Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks, 2019

AntiFuzz: Impeding Fuzzing Audits of Binary Executables.
Proceedings of the 28th USENIX Security Symposium, 2019

GRIMOIRE: Synthesizing Structure while Fuzzing.
Proceedings of the 28th USENIX Security Symposium, 2019

Breaking LTE on Layer Two.
Proceedings of the 2019 IEEE Symposium on Security and Privacy, 2019

On the Challenges of Geographical Avoidance for Tor.
Proceedings of the 26th Annual Network and Distributed System Security Symposium, 2019

REDQUEEN: Fuzzing with Input-to-State Correspondence.
Proceedings of the 26th Annual Network and Distributed System Security Symposium, 2019

NAUTILUS: Fishing for Deep Bugs with Grammars.
Proceedings of the 26th Annual Network and Distributed System Security Symposium, 2019

STEROIDS for DOPed Applications: A Compiler for Automated Data-Oriented Programming.
Proceedings of the IEEE European Symposium on Security and Privacy, 2019

Challenges in Designing Exploit Mitigations for Deeply Embedded Systems.
Proceedings of the IEEE European Symposium on Security and Privacy, 2019

A Study on Subject Data Access in Online Advertising After the GDPR.
Proceedings of the Data Privacy Management, Cryptocurrencies and Blockchain Technology, 2019

Static Detection of Uninitialized Stack Variables in Binary Code.
Proceedings of the Computer Security - ESORICS 2019, 2019

GDPiRated - Stealing Personal Information On- and Offline.
Proceedings of the Computer Security - ESORICS 2019, 2019

Sustainable Security & Safety: Challenges and Opportunities.
Proceedings of the 4th International Workshop on Security and Dependability of Critical Embedded Real-Time Systems, 2019

Large-Scale Analysis of Infrastructure-Leaking DNS Servers.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2019

It's Not what It Looks Like: Measuring Attacks and Defensive Registrations of Homograph Domains.
Proceedings of the 7th IEEE Conference on Communications and Network Security, 2019

"Your hashed IP address: Ubuntu.": perspectives on transparency tools for online advertising.
Proceedings of the 35th Annual Computer Security Applications Conference, 2019

VPS: excavating high-level C++ constructs from low-level binaries to protect dynamic dispatching.
Proceedings of the 35th Annual Computer Security Applications Conference, 2019

2018
The Unwanted Sharing Economy: An Analysis of Cookie Syncing and User Transparency under GDPR.
CoRR, 2018

Adversarial Attacks Against Automatic Speech Recognition Systems via Psychoacoustic Hiding.
CoRR, 2018

We Value Your Privacy ... Now Take Some Cookies: Measuring the GDPR's Impact on Web Privacy.
CoRR, 2018

RAPTOR: Ransomware Attack PredicTOR.
CoRR, 2018

On Security Research Towards Future Mobile Network Generations.
IEEE Communications Surveys and Tutorials, 2018

SoK: Make JIT-Spray Great Again.
Proceedings of the 12th USENIX Workshop on Offensive Technologies, 2018

Threat modeling for mobile health systems.
Proceedings of the 2018 IEEE Wireless Communications and Networking Conference Workshops, 2018

Preventing Malicious SDN Applications From Hiding Adverse Network Manipulations.
Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges, 2018

Masters of Time: An Overview of the NTP Ecosystem.
Proceedings of the 2018 IEEE European Symposium on Security and Privacy, 2018

Position-Independent Code Reuse: On the Effectiveness of ASLR in the Absence of Information Disclosure.
Proceedings of the 2018 IEEE European Symposium on Security and Privacy, 2018

Towards Understanding Privacy Implications of Adware and Potentially Unwanted Programs.
Proceedings of the Computer Security, 2018

On the Weaknesses of Function Table Randomization.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2018

An Empirical Study on Online Price Differentiation.
Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, 2018

An Exploratory Analysis of Microcode as a Building Block for System Defenses.
Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018

Towards Automated Generation of Exploitation Primitives for Web Browsers.
Proceedings of the 34th Annual Computer Security Applications Conference, 2018

Attacking dynamic code.
Proceedings of the Continuing Arms Race: Code-Reuse Attacks and Defenses, 2018

2017
Toward Improved Audio CAPTCHAs Based on Auditory Perception and Language Understanding.
ACM Trans. Priv. Secur., 2017

Cross-architecture bug search in binary executables.
it - Information Technology, 2017

May the Force Be with You: The Future of Force-Sensitive Authentication.
IEEE Internet Computing, 2017

An Empirical Study on Price Differentiation Based on System Fingerprints.
CoRR, 2017

kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels.
Proceedings of the 26th USENIX Security Symposium, 2017

Syntia: Synthesizing the Semantics of Obfuscated Code.
Proceedings of the 26th USENIX Security Symposium, 2017

How They Did It: An Analysis of Emission Defeat Devices in Modern Automobiles.
Proceedings of the 2017 IEEE Symposium on Security and Privacy, 2017

SDN-Guard: Protecting SDN controllers against SDN rootkits.
Proceedings of the 2017 IEEE Conference on Network Function Virtualization and Software Defined Networks, 2017

MARX: Uncovering Class Hierarchies in C++ Programs.
Proceedings of the 24th Annual Network and Distributed System Security Symposium, 2017

Towards Automated Discovery of Crash-Resistant Primitives in Binary Executables.
Proceedings of the 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 2017

Breaking and Fixing Destructive Code Read Defenses.
Proceedings of the 33rd Annual Computer Security Applications Conference, 2017

ECFI: Asynchronous Control Flow Integrity for Programmable Logic Controllers.
Proceedings of the 33rd Annual Computer Security Applications Conference, 2017

2016
On network operating system security.
Int. Journal of Network Management, 2016

No Honor Among Thieves: A Large-Scale Analysis of Malicious Web Shells.
Proceedings of the 25th International Conference on World Wide Web, 2016

Subversive-C: Abusing and Protecting Dynamic Message Dispatch.
Proceedings of the 2016 USENIX Annual Technical Conference, 2016

Sensor Captchas: On the Usability of Instrumenting Hardware Sensors to Prove Liveliness.
Proceedings of the Trust and Trustworthy Computing - 9th International Conference, 2016

A Tough Call: Mitigating Advanced Code-Reuse Attacks at the Binary Level.
Proceedings of the IEEE Symposium on Security and Privacy, 2016

Use the Force: Evaluating Force-Sensitive Authentication for Mobile Devices.
Proceedings of the Twelfth Symposium on Usable Privacy and Security, 2016

On the Feasibility of TTL-Based Filtering for DRDoS Mitigation.
Proceedings of the Research in Attacks, Intrusions, and Defenses, 2016

Enabling Client-Side Crash-Resistance to Overcome Diversification and Information Hiding.
Proceedings of the 23rd Annual Network and Distributed System Security Symposium, 2016

Automated Multi-architectural Discovery of CFI-Resistant Code Gadgets.
Proceedings of the Computer Security - ESORICS 2016, 2016

Probfuscation: An Obfuscation Approach Using Probabilistic Control Flows.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2016

Leveraging Sensor Fingerprinting for Mobile Device Authentication.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2016

Detile: Fine-Grained Information Leak Detection in Script Engines.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2016

Evaluating Analysis Tools for Android Apps: Status Quo and Robustness Against Obfuscation.
Proceedings of the Sixth ACM on Conference on Data and Application Security and Privacy, 2016

SkypeLine: Robust Hidden Data Transmission for VoIP.
Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, 2016

EvilCoder: automated bug insertion.
Proceedings of the 32nd Annual Conference on Computer Security Applications, 2016

2015
Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications.
Proceedings of the 2015 IEEE Symposium on Security and Privacy, 2015

Security Analysis of PHP Bytecode Protection Mechanisms.
Proceedings of the Research in Attacks, Intrusions, and Defenses, 2015

SDN Rootkits: Subverting Network Operating Systems of Software-Defined Networks.
Proceedings of the Research in Attacks, Intrusions, and Defenses, 2015

Revealing the relationship network behind link spam.
Proceedings of the 13th Annual Conference on Privacy, Security and Trust, 2015

Multi-layer Access Control for SDN-Based Telco Clouds.
Proceedings of the Secure IT Systems, 20th Nordic Conference, 2015

Retaining control over SDN network services.
Proceedings of the 2015 International Conference and Workshops on Networked Systems, 2015

Experience report: an empirical study of PHP security mechanism usage.
Proceedings of the 2015 International Symposium on Software Testing and Analysis, 2015

Going Wild: Large-Scale Classification of Open DNS Resolvers.
Proceedings of the 2015 ACM Internet Measurement Conference, 2015

Tactile One-Time Pad: Leakage-Resilient Authentication for Smartphones.
Proceedings of the Financial Cryptography and Data Security, 2015

It's a TRaP: Table Randomization and Protection against Function-Reuse Attacks.
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015

On the Robustness of Mobile Device Fingerprinting: Can Mobile Users Escape Modern Web-Tracking Mechanisms?
Proceedings of the 31st Annual Computer Security Applications Conference, 2015

2014
Scriptless attacks: Stealing more pie without touching the sill.
Journal of Computer Security, 2014

How Secure is TextSecure?
IACR Cryptology ePrint Archive, 2014

Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks.
Proceedings of the 8th USENIX Workshop on Offensive Technologies, 2014

Dynamic Hooks: Hiding Control Flow Changes within Non-Control Data.
Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014., 2014

Exit from Hell? Reducing the Impact of Amplification DDoS Attacks.
Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014., 2014

Static Detection of Second-Order Vulnerabilities in Web Applications.
Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014., 2014

CloudSylla: Detecting Suspicious System Calls in the Cloud.
Proceedings of the Stabilization, Safety, and Security of Distributed Systems, 2014

GraphNeighbors: Hampering Shoulder-Surfing Attacks on Smartphones.
Proceedings of the Sicherheit 2014: Sicherheit, 2014

Evaluating the Effectiveness of Current Anti-ROP Defenses.
Proceedings of the Research in Attacks, Intrusions and Defenses, 2014

Paint It Black: Evaluating the Effectiveness of Malware Blacklists.
Proceedings of the Research in Attacks, Intrusions and Defenses, 2014

Automated generation of models for fast and precise detection of HTTP-based malware.
Proceedings of the 2014 Twelfth Annual International Conference on Privacy, 2014

Simulation of Built-in PHP Features for Precise Static Code Analysis.
Proceedings of the 21st Annual Network and Distributed System Security Symposium, 2014

The Dark Alleys of Madison Avenue: Understanding Malicious Advertisements.
Proceedings of the 2014 Internet Measurement Conference, 2014

Code Reuse Attacks in PHP: Automated POP Chain Generation.
Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014

You Can Run but You Can't Read: Preventing Disclosure Exploits in Executable Code.
Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014

Leveraging semantic signatures for bug search in binary programs.
Proceedings of the 30th Annual Computer Security Applications Conference, 2014

Using automatic speech recognition for attacking acoustic CAPTCHAs: the trade-off between usability and security.
Proceedings of the 30th Annual Computer Security Applications Conference, 2014

Towards automated integrity protection of C++ virtual function tables in binary programs.
Proceedings of the 30th Annual Computer Security Applications Conference, 2014

2013
An experimental security analysis of two satphone standards.
ACM Trans. Inf. Syst. Secur., 2013

A Security Layer for Smartphone-to-Vehicle Communication Over Bluetooth.
Embedded Systems Letters, 2013

Slicing droids: program slicing for smali code.
Proceedings of the 28th Annual ACM Symposium on Applied Computing, 2013

Mobile Malware Detection Based on Energy Fingerprints - A Dead End?
Proceedings of the Research in Attacks, Intrusions, and Defenses, 2013

Practical Timing Side Channel Attacks Against Kernel Space ASLR.
Proceedings of the 20th Annual Network and Distributed System Security Symposium, 2013

Preventing Backdoors in Server Applications with a Separated Software Architecture - (Short Paper).
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2013

PSiOS: bring your own privacy & security to iOS devices.
Proceedings of the 8th ACM Symposium on Information, Computer and Communications Security, 2013

Quantifying the security of graphical passwords: the case of android unlock patterns.
Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, 2013

Towards reducing the attack surface of software backdoors.
Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, 2013

Control-flow restrictor: compiler-based CFI for iOS.
Proceedings of the Annual Computer Security Applications Conference, 2013

k-subscription: privacy-preserving microblogging browsing through obfuscation.
Proceedings of the Annual Computer Security Applications Conference, 2013

2012
An Empirical Analysis of Malware Blacklists.
Praxis der Informationsverarbeitung und Kommunikation, 2012

B@bel: Leveraging Email Delivery for Spam Mitigation.
Proceedings of the 21th USENIX Security Symposium, Bellevue, WA, USA, August 8-10, 2012, 2012

Don't Trust Satellite Phones: A Security Analysis of Two Satphone Standards.
Proceedings of the IEEE Symposium on Security and Privacy, 2012

MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones.
Proceedings of the 19th Annual Network and Distributed System Security Symposium, 2012

Tracking DDoS Attacks: Insights into the Business of Disrupting the Web.
Proceedings of the 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats, 2012

SmartProxy: Secure Smartphone-Assisted Login on Compromised Machines.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2012

Scriptless attacks: stealing the pie without touching the sill.
Proceedings of the ACM Conference on Computer and Communications Security, 2012

Down to the bare metal: using processor features for binary analysis.
Proceedings of the 28th Annual Computer Security Applications Conference, 2012

Using memory management to detect and extract illegitimate code for malware analysis.
Proceedings of the 28th Annual Computer Security Applications Conference, 2012

2011
Automatic analysis of malware behavior using machine learning.
Journal of Computer Security, 2011

Das Internet-Malware-Analyse-System (InMAS) - Ein System zur großflächigen Sammlung und Analyse von Schadsoftware im Internet.
Datenschutz und Datensicherheit, 2011

BOTMAGNIFIER: Locating Spambots on the Internet.
Proceedings of the 20th USENIX Security Symposium, 2011

JACKSTRAWS: Picking Command and Control Connections from Bot Traffic.
Proceedings of the 20th USENIX Security Symposium, 2011

TrumanBox: Improving Dynamic Malware Analysis by Emulating the Internet.
Proceedings of the Stabilization, Safety, and Security of Distributed Systems, 2011

Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices.
Proceedings of the 32nd IEEE Symposium on Security and Privacy, 2011

IceShield: Detection and Mitigation of Malicious Websites with a Frozen DOM.
Proceedings of the Recent Advances in Intrusion Detection - 14th International Symposium, 2011

Automated Identification of Cryptographic Primitives in Binary Programs.
Proceedings of the Recent Advances in Intrusion Detection - 14th International Symposium, 2011

The Underground Economy of Spam: A Botmaster's Perspective of Coordinating Large-Scale Spam Campaigns.
Proceedings of the 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats, 2011

Systems Security Research at Ruhr-University Bochum.
Proceedings of the First SysSec Workshop 2011, 2011

Crouching tiger - hidden payload: security risks of scalable vectors graphics.
Proceedings of the 18th ACM Conference on Computer and Communications Security, 2011

Poster: control-flow integrity for smartphones.
Proceedings of the 18th ACM Conference on Computer and Communications Security, 2011

2010
Is the Internet for Porn? An Insight Into the Online Adult Industry.
Proceedings of the 9th Annual Workshop on the Economics of Information Security, 2010

A Practical Attack to De-anonymize Social Network Users.
Proceedings of the 31st IEEE Symposium on Security and Privacy, 2010

Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries.
Proceedings of the 31st IEEE Symposium on Security and Privacy, 2010

A Malware Instruction Set for Behavior-Based Analysis.
Proceedings of the Sicherheit 2010: Sicherheit, 2010

Towards Secure Deletion on Smartphones.
Proceedings of the Sicherheit 2010: Sicherheit, 2010

Botzilla: detecting the "phoning home" of malicious software.
Proceedings of the 2010 ACM Symposium on Applied Computing (SAC), 2010

ADSandbox: sandboxing JavaScript to fight malicious websites.
Proceedings of the 2010 ACM Symposium on Applied Computing (SAC), 2010

Abusing Social Networks for Automated User Profiling.
Proceedings of the Recent Advances in Intrusion Detection, 13th International Symposium, 2010

A Small Leak will Sink a Great Ship: An Empirical Study of DLP Solutions.
Proceedings of the ISSE 2010, 2010

2009
Visual analysis of malware behavior using treemaps and thread graphs.
Proceedings of the 6th International Workshop on Visualization for Cyber Security 2009, 2009

Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms.
Proceedings of the 18th USENIX Security Symposium, 2009

Eine Analyse von 33 Gigabyte gestohlener Keylogger-Daten.
Proceedings of the Informatik 2009: Im Focus das Leben, 2009

Verfolgen und Abschwächen von Malicious Remote Control Networks.
Proceedings of the Ausgezeichnete Informatikdissertationen 2009, 2009

Automatically Generating Models for Botnet Detection.
Proceedings of the Computer Security, 2009

Learning More about the Underground Economy: A Case-Study of Keyloggers and Dropzones.
Proceedings of the Computer Security, 2009

Towards Proactive Spam Filtering (Extended Abstract).
Proceedings of the Detection of Intrusions and Malware, 2009

Studying Malicious Websites and the Underground Economy on the Chinese Web.
Proceedings of the Managing Information Risk and the Economics of Security, 2009

Tracking and Mitigation of Malicious Remote Control Networks.
PhD thesis, 2009

2008
Monkey-Spider: Detecting Malicious Websites with Low-Interaction Honeyclients.
Proceedings of the Sicherheit 2008: Sicherheit, 2008

Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm.
Proceedings of the First USENIX Workshop on Large-Scale Exploits and Emergent Threats, 2008

Measuring and Detecting Fast-Flux Service Networks.
Proceedings of the Network and Distributed System Security Symposium, 2008

As the net churns: Fast-flux botnet observations.
Proceedings of the 3rd International Conference on Malicious and Unwanted Software, 2008

Reconstructing People's Lives: A Case Study in Teaching Forensic Computing.
Proceedings of the IT-Incidents Management & IT-Forensics, 2008

Learning and Classification of Malware Behavior.
Proceedings of the Detection of Intrusions and Malware, 2008

8102 Working Group -- Attack Taxonomy.
Proceedings of the Perspectives Workshop: Network Attack Detection and Defense, 2.3., 2008

08102 Working Group -- Requirements for Network Monitoring from an IDS Perspective.
Proceedings of the Perspectives Workshop: Network Attack Detection and Defense, 2.3., 2008

Virtual Honeypots - From Botnet Tracking to Intrusion Detection.
Addison-Wesley, ISBN: 978-0-321-33632-3, 2008

2007
Toward Automated Dynamic Malware Analysis Using CWSandbox.
IEEE Security & Privacy, 2007

Rishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation.
Proceedings of the First Workshop on Hot Topics in Understanding Botnets, 2007

Collecting Autonomous Spreading Malware Using High-Interaction Honeypots.
Proceedings of the Information and Communications Security, 9th International Conference, 2007

Measurement and Analysis of Autonomous Spreading Malware in a University Environment.
Proceedings of the Detection of Intrusions and Malware, 2007

2006
Advanced Honeypot-Based Intrusion Detection.
;login:, 2006

New Threats and Attacks on the World Wide Web.
IEEE Security & Privacy, 2006

The Effect of Stock Spam on Financial Markets.
Proceedings of the 5th Annual Workshop on the Economics of Information Security, 2006

Learning More About Attack Patterns With Honeypots.
Proceedings of the Sicherheit 2006: Sicherheit, 2006

The Nepenthes Platform: An Efficient Approach to Collect Malware.
Proceedings of the Recent Advances in Intrusion Detection, 9th International Symposium, 2006

A Comparative Study of Teaching Forensics at a University Degree Level.
Proceedings of the IT-Incidents Management & IT-Forensics, 2006

Safety, Liveness, and Information Flow: Dependability Revisited.
Proceedings of the ARCS 2006, 2006

2005
Spying with Bots.
;login:, 2005

A Short Visit to the Bot Zoo.
IEEE Security & Privacy, 2005

Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks.
Proceedings of the Computer Security, 2005

A Pointillist Approach for Comparing Honeypots.
Proceedings of the Detection of Intrusions and Malware, 2005

Honeypots and Limitations of Deception.
Proceedings of the "Heute schon das Morgen sehen", 2005

Security Measurements and Metrics for Networks.
Proceedings of the Dependability Metrics: Advanced Lectures [result from a Dagstuhl seminar, October 30, 2005

2004
Vulnerability Assessment using Honeypots.
Praxis der Informationsverarbeitung und Kommunikation, 2004

Ermittlung von Verwundbarkeiten mit elektronischen Koedern
CoRR, 2004

NoSEBrEaK - Attacking Honeynets
CoRR, 2004

Ermittlung von Verwundbarkeiten mit elektronischen Ködern.
Proceedings of the Detection of Intrusions and Malware & Vulnerability Assessment, 2004


  Loading...