Dr. rer. nat. Daniel Plohmann

Researcher at Fraunhofer FKIE

Contact Phone: +49 228 50212-600 Fax: +49 228 50212-688 Email: plohmann@REMOVETHISPART.cs.uni-bonn.de Public key: 0x41D41A44     Address   Fraunhofer FKIE Zanderstraße 5 D-53177 Bonn Germany Room: 2.24 - Zanderstr. 5

Research Interests

• Reverse Engineering
• Malware Analysis
• Advanced simulation methods and techniques 

Publications

• 2023

  • Daniel Plohmann, Manuel Blatt, Daniel Enders
    MCRIT: The MinHash-based Code Relationship & Investigation Toolkit
    In: The Journal on Cybercrime & Digital Investigations, [S.l.], v. 8, n. 1, p. 1-13, April 2023. ISSN 2494-2715.

• 2022

  • Daniel Plohmann
    Classification, Characterization, and Contextualization of Windows Malware using Static Behavior and Similarity Analysis
    Doctoral Thesis, University of Bonn, Germany, July 2022.

• 2019

  • Felix Bilstein, Daniel Plohmann
    YARA-Signator: Automated Generation of Code-based YARA Rules
    In: The Journal on Cybercrime & Digital Investigations, [S.l.], v. 5, n. 1, p. 1-13, December 2019. ISSN 2494-2715.
    

• 2018

  • Daniel Plohmann, Steffen Enders, Elmar Padilla
    ApiScout: Robust Windows API Usage Recovery for Malware Characterization and Similarity Analysis
    In: The Journal on Cybercrime & Digital Investigations, [S.l.], v. 4, n. 1, p. 1-16, December 2018. ISSN 2494-2715.
    

• 2017

  • Daniel Plohmann, Martin Clauß, Steffen Enders, Elmar Padilla
    Malpedia: A Collaborative Effort to Inventorize the Malware Landscape
    In: The Journal on Cybercrime & Digital Investigations, v. 3, n. 1, p. 1-19, December 2017. ISSN 2494-2715.
    
  • Jan-Niclas Hilgert, Martin Lambertz, Daniel Plohmann
    Extending The Sleuth Kit and its underlying model for pooled storage file system forensic analysis
    Best Paper Award
    In: Digital Investigation: The International Journal of Digital Forensics & Incident Response 22. (2017): p. 76-85.
    

• 2016

  • Daniel Plohmann, Khaled Yakdan, Michael Klatt, Johannes Bader, Elmar Gerhards-Padilla
    A Comprehensive Measurement Study of Domain Generating Malware
    In: Proeceedings of the 25th USENIX Security Symposium, Austin TX, USA, August 2016.
    

• 2015

  • Daniel Plohmann
    DGArchive: A deep dive into domain generation
    Presentation at 3rd Botconf, Paris, France, December 2015.
    

• 2014

  • Laura Guevara, Daniel Plohmann
    Semantic Exploration of Binaries
    In: Proceedings of 2nd Botconf, Nancy, France, December 2014.
    

• 2013

  • Dennis Andriesse, Christian Rossow, Brett Stone-Gross, Daniel Plohmann, Herbert Bos
    Highly Resilient Peer-to-Peer Botnets Are Here: An Analysis of Gameover Zeus
    In: Proceedings of the 8th International Conference on Malicious and Unwanted Software (Malware 2013), Fajardo, USA, October 2013.
  • Daniel Plohmann
    http://www.isotf.org/isoi12.html#agendaPicking Stones from Castles - Citadel Data Mining
    Presentation at ISOI 12, Copenhagen, Denmark, September 2013.
    
  • Daniel Plohmann, Sebastian Eschweiler, Elmar Gerhards-Padilla
    Patterns of a Cooperative Malware Analysis Workflow
    In: Proceedings of the 5th International Conference on Cyber Conflict (CyCon'2013), Tallinn, Estonia, June 2013.
  • Christian Rossow, Dennis Andriesse, Tillmann Werner, Brett Stone-Gross, Daniel Plohmann, Christian J. Dietrich, Herbert Bos
    P2PWNED -- Modeling and Evaluating the Resilience of Peer-to-Peer Botnets
    In: Proceedings of the 34th IEEE Symposium on Security and Privacy (S&P 2013), San Francisco, USA, May 2013.

• 2012

  • Daniel Plohmann and Christopher Kannen
    AntiRE - An Executable Collection of Anti-Reversing Techniques
    In: Collin Mulliner, Patrick Stewin, editors, Proceedings of the Seventh GI SIG SIDAR Graduate Workshop on Reactive Security (SPRING). Technical Report SR-2012-01. GI FG SIGAR, Berlin, July 2012.
  • Daniel Plohmann, Elmar Gerhards-Padilla
    Malware and Botnet Analysis Methodology
    ERCIM-News, Vol. 2012, No. 90, July 2012, p. 22
    ercim-news.ercim.eu/en90/special/malware-and-botnet-analysis-methodology
  • Daniel Plohmann, Elmar Gerhards-Padilla
    A Case Study on the Miner Botnet
    In: Proceedings of the 4th International Conference on Cyber Conflict (CyCon'2012), Tallinn, Estonia, June 2012.
  • Daniel Plohmann, Elmar Gerhards-Padilla
    Aktuelles aus der Welt der Botnetze
    IT-Report, Mittler Report Verlag GmbH, Bonn, Germany, Mai 2012
  • Daniel Plohmann, Elmar Gerhards-Padilla
    Das schwächste Glied - Wie sich Unternehmen und Behörden vor Cyber-Attacken schützen können
    Sicherheitstechnischer Report, Vol. 2012, Mittler Report Verlag GmbH, Bonn, Germany, April 2012

• 2011

  • Daniel Plohmann, Elmar Gerhards-Padilla, Felix Leder, Jan Gassen, André Wichmann, Sebastian Eschweiler
    Botnets: Detection, Measurement and Defense
    In: Proceedings of the 6th Future Security, Security Research Conference, Berlin, Germany, September 2011.
  • Daniel Plohmann, Elmar Gerhards-Padilla, Felix Leder
    Botnets: Detection, Measurement, Disinfection & Defence
    Technical Report published by the European Network and Information Security Agency (ENISA). Editor: Giles Hogben. Heraklion, Greece, March 2011
  • Daniel Plohmann, Elmar Gerhards-Padilla, Felix Leder
    Botnets: 10 Tough Questions
    Report published by the European Network and Information Security Agency (ENISA). Editor: Giles Hogben. Heraklion, Greece, March 2011

• 2010

  • Felix Leder and Daniel Plohmann
    PyBox - A Python approach to sandboxing
    In: Sebastian Schmerl, Simon Hunke, editors, Proceedings of the Fifth GI SIG SIDAR Graduate Workshop on Reactive Security (SPRING). Technical Report SR-2010-01, page 4. GI FG SIGAR, Bonn, July 2010. 

• 2009

  • Daniel Plohmann
    Parallele Simulation von drahtlosen Mesh-Netzen
    Diploma Thesis, University of Bonn, October 2009

• Other

  • Daniel Plohmann
    x86 Opcode Structure and Instruction Overview
  • Felix Leder and Daniel Plohmann
    PyBox - A user-level framework for rootkit-like monitoring of processes

Presentations

Presentations without published slides.

• 2016

  • Daniel Plohmann
    The 3 Ghosts of Malware Reversing (Keynote)
    Presentation at Malware and Reverse Engineering Workshop (MRE-2016), Melbourne, Australia, July 2016.
  • Daniel Plohmann
    A Field Report on Botnet Investigations
    Presentation at Malware and Reverse Engineering Workshop (MRE-2016), Melbourne, Australia, July 2016.

• 2015

  • Daniel Plohmann
    MASFAD: Military multi-Agent System For APT Detection
    Presentation at Cyber Defense Conference, Bonn, Germany, November 2015.
    

• 2014
  

  • Daniel Plohmann
    CTF Knowledge Exchange - ROP exploitation
    Presentation at University of Bonn, March 2014.

• 2013
  

  • Daniel Plohmann
    Picking Stones from Castles - Citadel Data Mining
    Presentation at ISOI 12, Copenhagen, Denmark, September 2013.

• 2012
  

  • Daniel Plohmann
    Data-Mining P2P Botnets
    Presentation at INBOT'12, Aachen, Germany, March 2012.

• 2011
  

  • Daniel Plohmann
    Introduction to P2P Botnets
    University Colloquium, Bonn, Germany, December 2011.

Public Service

Program Committee

• ENISA Workshop on Botnet Detection, Measurement, Disinfection & Defence

Reviewer for

• IEEE Security & Privacy Magazine
• 11th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'14), London, GB, 2014.
• 37th IEEE Conference on Local Computer Networks (LCN 2012), Florida, USA, 2012.
• "it - Information Technology: Special Issue on Reactive Security", Eds.: Molitor, P., Rothermel, K., Flegel, U. To be published, Oldenbourg Wissenschaftsverlag Munich, 2012.
• 13th International Conference on Distributed Computing and Networking (ICDCN 2012), Hong Kong Polytechnic University, Hong Kong, China.

Teaching

Lectures, Labs, and Seminars

• WS 2015
  

  • Seminar: Seminar Selected Topics in Malware Analysis and Computer/Network Security
  • Lab: Malware Analysis

• SS 2015
  

  • Project Group: "Malware Bootcamp"

• SS 2014

  • Lab: Malware Analysis

• SS 2012

  • Exercises to "Network Security" (lecture by Prof. Dr. Peter Martini, Dr. Jens Tölle and Wolfgang Moll)
  • Project Group: "Malware Bootcamp"
  • Seminar: Seminar Selected Topics in Malware Analysis and Computer/Network Security
  • Lab: Communication and Communicating Devices

• WS 2011/12

  • Project Group: "Malware Bootcamp"
  • Seminar: Seminar Selected Topics in Malware Analysis and Computer/Network Security

• SS 2011

  • Guest lecture with topic: "Malware Analysis and Reverse Engineering" as part of "Systemnahe Informatik" (lecture by Prof. Dr. Peter Martini)
  • Exercises to "Network Security" (lecture by Prof. Dr. Peter Martini, Dr. Jens Tölle and Wolfgang Moll)
  • Project Group: "Malware Bootcamp"

• WS 2010/11

• Project Group: "Malware Bootcamp"

• SS 2010

  • Exercises to "Systemnahe Informatik" (lecture by Prof. Dr. Peter Martini)
  • Exercises to "Network Security" (lecture by Prof. Dr. Peter Martini, Dr. Jens Tölle and Wolfgang Moll)
  • Project Group: "Malware Bootcamp"

Supervised Work

• "Verfahren zur automatisierten Identifikation bekannter Funktionen in Disassemblern". Wüstenberg, Thilo; Bachelor Thesis, 2021.
• "Capability Analysis on Malicious Software". Bilstein, Felix; Master Thesis, 2021.
• "Analysis of Code Reuse and Obfuscation in .NET Malware". Blatt, Manuel; Master Thesis, 2021.
• "An Overview of .NET Bytecode and (De-)Obfuscation". Blatt, Manuel; Seminar Report, 2020.
• "Konsistenz- und Ähnlichkeitsanalyse von Rich Headern in Malware". Enders, Daniel; Bachelor Thesis, 2020.
• "Automation Convenience through Shellcode Injection in Hypervisor-based Malware Analysis". Blatt, Manuel; Lab Report, 2020.
• "Prototyping a recursive ARM Disassembler for Memory Dumps". Bilstein, Felix; Lab Report, 2019.
• "Challenges of Recovering Binary Disassembly". Bilstein, Felix; Seminar Report, 2019.
• "Authorship Attribution on Executable x86/x64 Binary Code". Enders, Steffen; Master Thesis, 2019.
• "Improving YARA-Signator for effective Generation of code-based YARA-Signatures". Bilstein, Felix; Lab Report, 2019.
• "Qualitative analysis of YARA pattern-matching". Hofstetter, Max; Lab Report, 2018.
• "Automatic Generation of code-based YARA-Signatures". Bilstein, Felix; Bachelor Thesis, 2018.
• "Compiler-Fingerprinting on x86/x64 Binaries". Enders, Steffen; Bachelor Thesis, 2017.
• "Memory visualization and diffing". Denno, Mohamad and Ali; Lab Report, 2017.
• "Robust Malware Unpacking". Jenke, Thorsten; Master Thesis, 2016.
• "A Malware Classification System Based On Structural Static Analysis". Hordiienko, Paul; Master Thesis, 2016.
• "Command & Control Server Mimicry through Analysis and Replay of Network Capture Data". Buhl, Lennart; Bachelor Thesis, 2016.
• "A survey of executables matching techniques". Hordiienko, Paul; Seminar Report, 2016.
• "Flow-based Network Intrusion Detection". Herzog, Marco; Seminar Report, 2015.
• "Malware Classification". Jenke, Thorsten; Seminar Report, 2015.
• "Domain Generation Algorithm Recognition". Fischer, Sören; Lab Report, 2015.
• "Ein rekursiver Disassembler". Heiler, Lorenz; Lab Report, 2015.
• "Deobfuscation of Andromeda API Calls". Frieß, Jens; Lab Report, 2015.
• "Dumping Malware for Fun and Profit". Bilstein, Felix; Lab Report, 2015.
• "The many Faces of Malware - Clustering Icons from Malware". Buhl, Lennart; Lab Report, 2014.
• "Semantic Exploration of Binaries". Guevara, Laura; Master Thesis, 2014.
• "Clustering von Citadel Packer". Jenke, Thorsten; Bachelor Thesis, 2014.
• "Asynchronous Tracking of Peer-to-Peer Botnets". Dammann, Julian; Diploma Thesis, 2012.
• "Code Protection in Android". Schulz, Patrick; Lab Report, 2012.
• "What the Fuzz?! Fuzzing - Automated software vulnerability discovery". Koch, Jonathan; Seminar Report, 2011.
• "Heuristiken in Unpacking-Frameworks". Schulz, Patrick; Bachelor Thesis, 2011.