Dr. rer. nat. Daniel Plohmann

Wissenschaftlicher Mitarbeiter bei Fraunhofer FKIE

Kontakt
Telefon:	+49 228 50212-600
Fax:	+49 228 50212-688
E-Mail:	plohmann@REMOVETHISPART.cs.uni-bonn.de
Öffentlicher Schlüssel:	0x41D41A44

Adresse
	Fraunhofer FKIE Zanderstraße 5 D-53177 Bonn Germany
Raum:	2.24 - Zanderstr. 5

Research Interests

Reverse Engineering
Malware Analysis
Advanced simulation methods and techniques

Publications

2023
- Daniel Plohmann, Manuel Blatt, Daniel Enders
  MCRIT: The MinHash-based Code Relationship & Investigation Toolkit
  In: The Journal on Cybercrime & Digital Investigations, [S.l.], v. 8, n. 1, p. 1-13, April 2023. ISSN 2494-2715.
2022
- Daniel Plohmann
  Classification, Characterization, and Contextualization of Windows Malware using Static Behavior and Similarity Analysis
  Doctoral Thesis, University of Bonn, Germany, July 2022.
2019
- Felix Bilstein, Daniel Plohmann
  YARA-Signator: Automated Generation of Code-based YARA Rules
  In: The Journal on Cybercrime & Digital Investigations, [S.l.], v. 5, n. 1, p. 1-13, December 2019. ISSN 2494-2715.
2018
- Daniel Plohmann, Steffen Enders, Elmar Padilla
  ApiScout: Robust Windows API Usage Recovery for Malware Characterization and Similarity Analysis
  In: The Journal on Cybercrime & Digital Investigations, [S.l.], v. 4, n. 1, p. 1-16, December 2018. ISSN 2494-2715.
2017
- Daniel Plohmann, Martin Clauß, Steffen Enders, Elmar Padilla
  Malpedia: A Collaborative Effort to Inventorize the Malware Landscape
  In: The Journal on Cybercrime & Digital Investigations, v. 3, n. 1, p. 1-19, December 2017. ISSN 2494-2715.
- Jan-Niclas Hilgert, Martin Lambertz, Daniel Plohmann
  Extending The Sleuth Kit and its underlying model for pooled storage file system forensic analysis
  Best Paper Award
  In: Digital Investigation: The International Journal of Digital Forensics & Incident Response 22. (2017): p. 76-85.
2016
- Daniel Plohmann, Khaled Yakdan, Michael Klatt, Johannes Bader, Elmar Gerhards-Padilla
  A Comprehensive Measurement Study of Domain Generating Malware
  In: Proeceedings of the 25th USENIX Security Symposium, Austin TX, USA, August 2016.
2015
- Daniel Plohmann
  DGArchive: A deep dive into domain generation
  Presentation at 3rd Botconf, Paris, France, December 2015.
2014
- Laura Guevara, Daniel Plohmann
  Semantic Exploration of Binaries
  In: Proceedings of 2nd Botconf, Nancy, France, December 2014.
2013
- Dennis Andriesse, Christian Rossow, Brett Stone-Gross, Daniel Plohmann, Herbert Bos
  Highly Resilient Peer-to-Peer Botnets Are Here: An Analysis of Gameover Zeus
  In: Proceedings of the 8th International Conference on Malicious and Unwanted Software (Malware 2013), Fajardo, USA, October 2013.
- Daniel Plohmann
  http://www.isotf.org/isoi12.html#agendaPicking Stones from Castles - Citadel Data Mining
  Presentation at ISOI 12, Copenhagen, Denmark, September 2013.
- Daniel Plohmann, Sebastian Eschweiler, Elmar Gerhards-Padilla
  Patterns of a Cooperative Malware Analysis Workflow
  In: Proceedings of the 5th International Conference on Cyber Conflict (CyCon'2013), Tallinn, Estonia, June 2013.
- Christian Rossow, Dennis Andriesse, Tillmann Werner, Brett Stone-Gross, Daniel Plohmann, Christian J. Dietrich, Herbert Bos
  P2PWNED -- Modeling and Evaluating the Resilience of Peer-to-Peer Botnets
  In: Proceedings of the 34th IEEE Symposium on Security and Privacy (S&P 2013), San Francisco, USA, May 2013.
2012
- Daniel Plohmann and Christopher Kannen
  AntiRE - An Executable Collection of Anti-Reversing Techniques
  In: Collin Mulliner, Patrick Stewin, editors, Proceedings of the Seventh GI SIG SIDAR Graduate Workshop on Reactive Security (SPRING). Technical Report SR-2012-01. GI FG SIGAR, Berlin, July 2012.
- Daniel Plohmann, Elmar Gerhards-Padilla
  Malware and Botnet Analysis Methodology
  ERCIM-News, Vol. 2012, No. 90, July 2012, p. 22
  ercim-news.ercim.eu/en90/special/malware-and-botnet-analysis-methodology
- Daniel Plohmann, Elmar Gerhards-Padilla
  A Case Study on the Miner Botnet
  In: Proceedings of the 4th International Conference on Cyber Conflict (CyCon'2012), Tallinn, Estonia, June 2012.
- Daniel Plohmann, Elmar Gerhards-Padilla
  Aktuelles aus der Welt der Botnetze
  IT-Report, Mittler Report Verlag GmbH, Bonn, Germany, Mai 2012
- Daniel Plohmann, Elmar Gerhards-Padilla
  Das schwächste Glied - Wie sich Unternehmen und Behörden vor Cyber-Attacken schützen können
  Sicherheitstechnischer Report, Vol. 2012, Mittler Report Verlag GmbH, Bonn, Germany, April 2012
2011
- Daniel Plohmann, Elmar Gerhards-Padilla, Felix Leder, Jan Gassen, André Wichmann, Sebastian Eschweiler
  Botnets: Detection, Measurement and Defense
  In: Proceedings of the 6th Future Security, Security Research Conference, Berlin, Germany, September 2011.
- Daniel Plohmann, Elmar Gerhards-Padilla, Felix Leder
  Botnets: Detection, Measurement, Disinfection & Defence
  Technical Report published by the European Network and Information Security Agency (ENISA). Editor: Giles Hogben. Heraklion, Greece, March 2011
- Daniel Plohmann, Elmar Gerhards-Padilla, Felix Leder
  Botnets: 10 Tough Questions
  Report published by the European Network and Information Security Agency (ENISA). Editor: Giles Hogben. Heraklion, Greece, March 2011
2010
- Felix Leder and Daniel Plohmann
  PyBox - A Python approach to sandboxing
  In: Sebastian Schmerl, Simon Hunke, editors, Proceedings of the Fifth GI SIG SIDAR Graduate Workshop on Reactive Security (SPRING). Technical Report SR-2010-01, page 4. GI FG SIGAR, Bonn, July 2010.
2009
- Daniel Plohmann
  Parallele Simulation von drahtlosen Mesh-Netzen
  Diploma Thesis, University of Bonn, October 2009
Other
- Daniel Plohmann
  x86 Opcode Structure and Instruction Overview
- Felix Leder and Daniel Plohmann
  PyBox - A user-level framework for rootkit-like monitoring of processes

Teaching

Lectures, Labs, and Seminars

WS 2015
- Seminar: Seminar Selected Topics in Malware Analysis and Computer/Network Security
- Lab: Malware Analysis
SS 2015
- Project Group: "Malware Bootcamp"
SS 2014
- Lab: Malware Analysis
SS 2012
- Exercises to "Network Security" (lecture by Prof. Dr. Peter Martini, Dr. Jens Tölle and Wolfgang Moll)
- Project Group: "Malware Bootcamp"
- Seminar: Seminar Selected Topics in Malware Analysis and Computer/Network Security
- Lab: Communication and Communicating Devices
WS 2011/12
- Project Group: "Malware Bootcamp"
- Seminar: Seminar Selected Topics in Malware Analysis and Computer/Network Security
SS 2011
- Guest lecture with topic: "Malware Analysis and Reverse Engineering" as part of "Systemnahe Informatik" (lecture by Prof. Dr. Peter Martini)
- Exercises to "Network Security" (lecture by Prof. Dr. Peter Martini, Dr. Jens Tölle and Wolfgang Moll)
- Project Group: "Malware Bootcamp"
WS 2010/11

Project Group: "Malware Bootcamp"

SS 2010
- Exercises to "Systemnahe Informatik" (lecture by Prof. Dr. Peter Martini)
- Exercises to "Network Security" (lecture by Prof. Dr. Peter Martini, Dr. Jens Tölle and Wolfgang Moll)
- Project Group: "Malware Bootcamp"

Supervised Work

"Study of how Malware has Evolved in recent Years from a forensics Perspective and how to keep Pace with this Trends". Störmer, Ronny; Master Thesis, 2023.
"Dynamic Malware Analysis using the .NET Profiling API". Khouei, Sina; Lab Report, 2023.
"Analysis of Statically-Linked Code in Malware using Methods of Code Similarity". Enders, Daniel; Master Thesis, 2022.
"Verfahren zur automatisierten Identifikation bekannter Funktionen in Disassemblern". Wüstenberg, Thilo; Bachelor Thesis, 2021.
"Capability Analysis on Malicious Software". Bilstein, Felix; Master Thesis, 2021.
"Analysis of Code Reuse and Obfuscation in .NET Malware". Blatt, Manuel; Master Thesis, 2021.
"An Overview of .NET Bytecode and (De-)Obfuscation". Blatt, Manuel; Seminar Report, 2020.
"Konsistenz- und Ähnlichkeitsanalyse von Rich Headern in Malware". Enders, Daniel; Bachelor Thesis, 2020.
"Automation Convenience through Shellcode Injection in Hypervisor-based Malware Analysis". Blatt, Manuel; Lab Report, 2020.
"Prototyping a recursive ARM Disassembler for Memory Dumps". Bilstein, Felix; Lab Report, 2019.
"Challenges of Recovering Binary Disassembly". Bilstein, Felix; Seminar Report, 2019.
"Authorship Attribution on Executable x86/x64 Binary Code". Enders, Steffen; Master Thesis, 2019.
"Improving YARA-Signator for effective Generation of code-based YARA-Signatures". Bilstein, Felix; Lab Report, 2019.
"Qualitative analysis of YARA pattern-matching". Hofstetter, Max; Lab Report, 2018.
"Automatic Generation of code-based YARA-Signatures". Bilstein, Felix; Bachelor Thesis, 2018.
"Compiler-Fingerprinting on x86/x64 Binaries". Enders, Steffen; Bachelor Thesis, 2017.
"Memory visualization and diffing". Denno, Mohamad and Ali; Lab Report, 2017.
"Robust Malware Unpacking". Jenke, Thorsten; Master Thesis, 2016.
"A Malware Classification System Based On Structural Static Analysis". Hordiienko, Paul; Master Thesis, 2016.
"Command & Control Server Mimicry through Analysis and Replay of Network Capture Data". Buhl, Lennart; Bachelor Thesis, 2016.
"A survey of executables matching techniques". Hordiienko, Paul; Seminar Report, 2016.
"Flow-based Network Intrusion Detection". Herzog, Marco; Seminar Report, 2015.
"Malware Classification". Jenke, Thorsten; Seminar Report, 2015.
"Domain Generation Algorithm Recognition". Fischer, Sören; Lab Report, 2015.
"Ein rekursiver Disassembler". Heiler, Lorenz; Lab Report, 2015.
"Deobfuscation of Andromeda API Calls". Frieß, Jens; Lab Report, 2015.
"Dumping Malware for Fun and Profit". Bilstein, Felix; Lab Report, 2015.
"The many Faces of Malware - Clustering Icons from Malware". Buhl, Lennart; Lab Report, 2014.
"Semantic Exploration of Binaries". Guevara, Laura; Master Thesis, 2014.
"Clustering von Citadel Packer". Jenke, Thorsten; Bachelor Thesis, 2014.
"Asynchronous Tracking of Peer-to-Peer Botnets". Dammann, Julian; Diploma Thesis, 2012.
"Code Protection in Android". Schulz, Patrick; Lab Report, 2012.
"What the Fuzz?! Fuzzing - Automated software vulnerability discovery". Koch, Jonathan; Seminar Report, 2011.
"Heuristiken in Unpacking-Frameworks". Schulz, Patrick; Bachelor Thesis, 2011.