Dr. rer. nat. Thomas Barabosch
Alumnus/Alumna
|
||||||||
Research Interests
- Software vulnerability research
- Reverse engineering automation
- Malware analysis
- Botnet mitigation
- Network security
Publications
Thomas Barabosch and Maxime Villard
KLEAK: Practical Kernel Memory Disclosure Detection
Whitepaper, December 2018
pdf (mirror)
Thomas Barabosch
Formalization and Detection of Host-Based Code Injection Attacks in the Context of Malware
Doctoral Thesis, University of Bonn, Germany, October 2018
Thomas Barabosch, Niklas Bergmann, Adrian Dombeck, Elmar Padilla
Quincy: Detecting Host-Based Code Injection Attacks in Memory Dumps
DIMVA, Bonn, Germany, July 2017
proceedings @ Springer
code
complementary material
Thomas Barabosch and Elmar Gerhards-Padilla
Behavior-Driven Development in Malware Analysis
Botconf 2015, Paris, France, December 2015
proceedings
slides
complementary material
Thomas Barabosch, Adrian Dombeck, Khaled Yakdan, Elmar Gerhards-Padilla
BotWatcher: Transparent and Generic Botnet Tracking
RAID 2015, Kyoto, Japan, November 2015
proceedings
slides
complementary material
Thomas Barabosch, Adrian Dombeck, Elmar Gerhards-Padilla
ParasiteEx: Disinfecting Parasitic Malware Platform-Independently
10th Future Security, Berlin, Germany, September 2015
slides
Thomas Barabosch and Elmar Gerhards-Padilla
Host-Based Code Injection Attacks: A Popular Technique Used By Malware
9th International Conference on Malicious and Unwanted Software (MALCON), Fajardo, Puerto Rico, October 2014
proceedings @ IEEE Xplore
Thomas Barabosch, Sebastian Eschweiler and Elmar Gerhards-Padilla
Bee Master: Detecting Host-Based Code Injection Attacks
DIMVA, Egham, UK, July 2014
sample list
proceedings @ Springer
Thomas Barabosch, Andre Wichmann, Felix Leder and Elmar Gerhards-Padilla
Automatic Extraction of Domain Name Generation Algorithms from Current Malware
NATO Symposium IST-111 on Information Assurance and Cyber Defence, Koblenz, Germany, September 2012
Presentations
Nils-Edvin Enkelmann and Thomas Barabosch
cwe_checker: Hunting Binary Code Vulnerabilities Across CPU Architectures
Arsenal Presentation
Black Hat USA, Las Vegas, USA, August 2019
Thomas Barabosch and Nils-Edvin Enkelmann
cwe_checker: Hunting Binary Code Vulnerabilities Across CPU Architectures
Pass the SALT 2019, Lille, France, July 2019
Thomas Barabosch
Firmware – ein wunder Punkt der Cybersicherheit
Future Security 2019, Berlin, Germany, March 2019
Thomas Barabosch
KLEAK - Practical Kernel Memory Disclosure Detection
FOSDEM 2019, Brussels, Belgium, February 2019
Thomas Barabosch
Lucky CAT: A Distributed Fuzzing Management Framework
Arsenal Presentation
Black Hat Europe 2018, London, England, December 2018
slides
Thomas Barabosch
Formalization and Detection of Host-Based Code Injection Attacks in the Context of Malware
Promotionskolloquium at University of Bonn, Germany, September 2018
Thomas Barabosch
Operation Avalanche: Not your average botnet take down
Dagstuhl Seminar 17281, Schloss Dagstuhl, Germany, July 2017
seminar
report
Thomas Barabosch
Behavior-Driven Development in Malware Analysis: Can it Improve the Malware Analysis Process?
SPRING 10, Neubiberg, Germany, July 2015
proceedings
slides
Thomas Barabosch
Detecting Host-Based Code Injection Attacks
SPRING 9, Bochum, Germany, July 2014
proceedings
slides
Thomas Barabosch, Sebastian Eschweiler, Mohammad Qasem, Daniel Panteleit, Daniel Plohmann and Elmar Gerhards-Padilla
A General-purpose Laboratory for Large-scale Botnet Experiments
Botconf 2013, Nantes, France, December 2013
slides
Public Service
- Additional Reviewer LCN 2016
Bug Hunting
Some interesting bugs that I've found so far are:
- 2019
- NetBSD 8.0/7.2/7.1/7.0: NetBSD-SA2019-001: 14 Kernel Memory Disclosures (attribution)
- 2018
- Oracle VirtualBox 5.2.16: CVE-2018-3005 (attribution)
- OpenBSD 6.3/6.2: CVE-2018-14775 / OpenBSD 6.3 errata 015 / OpenBSD 6.2 errata 020 (attribution)
- FreeBSD 11.2/11.1/10.4: CVE-2018-6924 (attribution)
- FreeBSD 11.2/11.1: CVE-2018-17154 (attribution)
- FreeBSD 11.2/11.1: CVE-2018-17155 (attribution)
- OpenBSD 6.3/6.2: OpenBSD 6.3 errata 012 / OpenBSD 6.2 errata 018 (attribution)
- AVM FRITZ!OS 6.93: Non-Disclosed Security Vulnerabilities (attribution)
Furthermore, I found some minor non-security as well as security bugs in and submitted patches to several open source projects including NetBSD, Illumos, and Emacs. For my BSD-related security research, please refer to the commits listed at FreshBSD.
Teaching
- Winter Term 2018/2019
- Master Thesis Advisor: File system fuzzing applied to the BSD operating system family
- Seminar (Master): Selected Topics in IT Security
- Lab (Master): IT Security
- Project Group (Bachelor): Codeabdeckung-basierter Datei-Fuzzer
- Project Group (Bachelor): Visualisierung von Fuzzing-Live-Daten
- Summer Term 2018
- Bachelor Thesis Advisor: Plattform-unabhängige Typrekonstruktion
- Winter Term 2017/2018
- Seminar (Master): Selected Topics in IT Security
- Lab (Master): IT Security
- Summer Term 2017
- Project Group (Bachelor/Master): Malware Boot Camp
- Winter Term 2015/2016
- Master Thesis Advisor: Clustering malware based on header data and statistical features
- Winter Term 2014/2015
- Seminar (Master): Selected Topics in IT Security
- Lab (Master): Malware Analysis
- Summer Term 2014
- Tutor/Assistant Lecture (Master): Network Security
- Bachelor Thesis Advisor: Live-Beobachtung von Botnetzen mittels Memorydump-Analyse
- Bachelor Thesis Advisor: Platformübergreifende Erkennung von Kernel-Rootkits in Memorydumps
- Winter Term 2013/2014
- Bachelor Thesis Advisor: Heuristische Detektion von Code-Injektionen in Speicherabbildern
- Bachelor Thesis Advisor: Erkennung von Code-Injektions-Angrifen durch Differenzierung von Speicherabbildern
- Summer Term 2013
- Seminar (Master): Selected Topics in Communication Management
- Project Group (Bachelor/Master): Malware Boot Camp
- Winter Term 2012/2013
- Seminar (Master): Selected Topics in Communication Management