Dr. rer. nat. Thomas Barabosch

Alumnus/Alumna

Contact
Email:
Homepage:
 

Research Interests


  • Software vulnerability research
  • Reverse engineering automation
  • Malware analysis
  • Botnet mitigation
  • Network security

Publications


Thomas Barabosch and Maxime Villard
KLEAK: Practical Kernel Memory Disclosure Detection
Whitepaper, December 2018
pdf
pdf (mirror)

Thomas Barabosch
Formalization and Detection of Host-Based Code Injection Attacks in the Context of Malware
Doctoral Thesis, University of Bonn, Germany, October 2018
pdf

Thomas Barabosch, Niklas Bergmann, Adrian Dombeck, Elmar Padilla
Quincy: Detecting Host-Based Code Injection Attacks in Memory Dumps
DIMVA, Bonn, Germany, July 2017
pdf
proceedings @ Springer
code
complementary material

Thomas Barabosch and Elmar Gerhards-Padilla
Behavior-Driven Development in Malware Analysis
Botconf 2015, Paris, France, December 2015
proceedings
slides
complementary material

Thomas Barabosch, Adrian Dombeck, Khaled Yakdan, Elmar Gerhards-Padilla
BotWatcher: Transparent and Generic Botnet Tracking
RAID 2015, Kyoto, Japan, November 2015
proceedings
slides
complementary material

Thomas Barabosch, Adrian Dombeck, Elmar Gerhards-Padilla
ParasiteEx: Disinfecting Parasitic Malware Platform-Independently
10th Future Security, Berlin, Germany, September 2015
slides

Thomas Barabosch and Elmar Gerhards-Padilla
Host-Based Code Injection Attacks: A Popular Technique Used By Malware
9th International Conference on Malicious and Unwanted Software (MALCON), Fajardo, Puerto Rico, October 2014
pdf
proceedings @ IEEE Xplore

Thomas Barabosch, Sebastian Eschweiler and Elmar Gerhards-Padilla
Bee Master: Detecting Host-Based Code Injection Attacks
DIMVA, Egham, UK, July 2014
sample list
pdf
proceedings @ Springer

Thomas Barabosch, Andre Wichmann, Felix Leder and Elmar Gerhards-Padilla
Automatic Extraction of Domain Name Generation Algorithms from Current Malware
NATO Symposium IST-111 on Information Assurance and Cyber Defence, Koblenz, Germany, September 2012
pdf



Presentations


Nils-Edvin Enkelmann and Thomas Barabosch
cwe_checker: Hunting Binary Code Vulnerabilities Across CPU Architectures
Arsenal Presentation
Black Hat USA, Las Vegas, USA, August 2019

Thomas Barabosch and Nils-Edvin Enkelmann
cwe_checker: Hunting Binary Code Vulnerabilities Across CPU Architectures
Pass the SALT 2019, Lille, France, July 2019

Thomas Barabosch
Firmware – ein wunder Punkt der Cybersicherheit
Future Security 2019, Berlin, Germany, March 2019

Thomas Barabosch
KLEAK - Practical Kernel Memory Disclosure Detection
FOSDEM 2019, Brussels, Belgium, February 2019

Thomas Barabosch
Lucky CAT: A Distributed Fuzzing Management Framework
Arsenal Presentation
Black Hat Europe 2018, London, England, December 2018
slides

Thomas Barabosch
Formalization and Detection of Host-Based Code Injection Attacks in the Context of Malware
Promotionskolloquium at University of Bonn, Germany, September 2018

Thomas Barabosch
Operation Avalanche: Not your average botnet take down
Dagstuhl Seminar 17281, Schloss Dagstuhl, Germany, July 2017
seminar
report

Thomas Barabosch
Behavior-Driven Development in Malware Analysis: Can it Improve the Malware Analysis Process?
SPRING 10, Neubiberg, Germany, July 2015
proceedings
slides

Thomas Barabosch
Detecting Host-Based Code Injection Attacks
SPRING 9, Bochum, Germany, July 2014
proceedings
slides

Thomas Barabosch, Sebastian Eschweiler, Mohammad Qasem, Daniel Panteleit, Daniel Plohmann and Elmar Gerhards-Padilla
A General-purpose Laboratory for Large-scale Botnet Experiments
Botconf 2013, Nantes, France, December 2013
slides



Public Service




Bug Hunting


Some interesting bugs that I've found so far are:


Furthermore, I found some minor non-security as well as security bugs in and submitted patches to several open source projects including NetBSD, Illumos, and Emacs. For my BSD-related security research, please refer to the commits listed at FreshBSD.

Teaching


  • Winter Term 2018/2019
    • Master Thesis Advisor: File system fuzzing applied to the BSD operating system family
    • Seminar (Master): Selected Topics in IT Security
    • Lab (Master): IT Security
    • Project Group (Bachelor): Codeabdeckung-basierter Datei-Fuzzer
    • Project Group (Bachelor): Visualisierung von Fuzzing-Live-Daten
  • Summer Term 2018
    • Bachelor Thesis Advisor: Plattform-unabhängige Typrekonstruktion
  • Winter Term 2017/2018
    • Seminar (Master): Selected Topics in IT Security
    • Lab (Master): IT Security
  • Summer Term 2017
    • Project Group (Bachelor/Master): Malware Boot Camp
  • Winter Term 2015/2016
    • Master Thesis Advisor: Clustering malware based on header data and statistical features
  • Winter Term 2014/2015
    • Seminar (Master): Selected Topics in IT Security
    • Lab (Master): Malware Analysis
  • Summer Term 2014
    • Tutor/Assistant Lecture (Master): Network Security
    • Bachelor Thesis Advisor: Live-Beobachtung von Botnetzen mittels Memorydump-Analyse
    • Bachelor Thesis Advisor: Platformübergreifende Erkennung von Kernel-Rootkits in Memorydumps
  • Winter Term 2013/2014
    • Bachelor Thesis Advisor: Heuristische Detektion von Code-Injektionen in Speicherabbildern
    • Bachelor Thesis Advisor: Erkennung von Code-Injektions-Angrifen durch Differenzierung von Speicherabbildern
  • Summer Term 2013
    • Seminar (Master): Selected Topics in Communication Management
    • Project Group (Bachelor/Master): Malware Boot Camp
  • Winter Term 2012/2013
    • Seminar (Master): Selected Topics in Communication Management