admin

Server Move

Sunday, August 30. 2009

During the weekend the blog moved to another server. I hoped the transition is now complete and everything is still working as expected. If you observe broken links or similar glitches, please let me know at thorsten.holz [at] gmail.com.

Posted by Thorsten Holz in admin at 09:09 | Comments (0) | Trackbacks (0)

Alive Again: CWSandbox.org and Me

Wednesday, July 8. 2009

In the last few weeks I did not have much time to blog, my real life kept me busy. In the meantime, I finished my Ph.D. studies at the Laboratory for Dependable Distributed Systems and prepared my move to Vienna: I joined the International Secure Systems Lab (http://www.iseclab.org/) where I now work as a postdoc researcher. For now I stay in academia, let's see what the future brings. Basically I will continue my work on bots/botnets, honeypots/honeynets, malware analysis, and underground economy. In the next couple of days I will blog about some recent papers that we published - this will serve as the foundations of my work in the next months.

The public interface to CWSandbox at http://cwsandbox.org/ was offline for several weeks due to some internal problems, but the service is now online again. The backend was completely revised and a new database layout provides better scalability.

Posted by Thorsten Holz in admin at 15:03 | Comments (0) | Trackbacks (0)

Blog of the FORWARD Project

Friday, March 20. 2009

One of the projects I am involved in is FORWARD:

FORWARD is an initiative by the European Commission to promote the collaboration and partnership between Academia and Industry in their common goal of protecting Information and Communication Technology (ICT) infrastructures. Communication networks and computers are under constant Cyber-threats from malicious users and organizations that use viruses, worms, spyware, botnets, spam, and phishing, to harm the European citizens and organizations.

The FORWARD initiative aims at identifying, networking, and coordinating the multiple research efforts that are underway in the area of Cyber-threats defenses, and leveraging these efforts with other activities to build secure and trusted ICT systems and infrastructures.

A complete overview of the FORWARD project is available at http://www.ict-forward.eu/. The project is funded as part of the European Community's Seventh Framework Programme. Since some time, the project also maintains a blog, which is located at http://blogs.ict-forward.eu/forward/. There you can find the latest updates and an overview of the current project activity. Check it out and comment on the project, we would love to get your feedback!

Posted by Thorsten Holz in admin at 17:45 | Comment (1) | Trackbacks (0)

CanSec / PWN2OWN contest

Thursday, March 19. 2009

It has been some time since my last blog entry, I've been busy with my thesis. My defense is at the end of next month - finally getting ready with everything :)

This week I am in Vancouver for CanSec, I taught a course about honeypots on Monday. Now I'm enjoying the conference, the agenda is pretty cool this year! The main focus of yesterday was on mobile phones, most of the presentations dealt with smartphones like the iPhone or the Android platform. Sniffing keystrokes via a laser microphone or a voltmeter is next, really looking forward to that presentation.

CanSec also has a new edition of the PWN2OWN contest. This year, the main focus of the contest is web browsers and mobile phones. On the first day, several browsers were 0wned, Nils even managed to exploit three different browsers. Below is a screenshot of the scoreboard taken in the afternoon - Julien then managed to compromise the machine and afterwards Nils scored for the third time:

Interestingly, nobody attacked the smartphones - perhaps we see some attacks during day 2 and 3.

Posted by Thorsten Holz in admin at 18:39 | Comments (0) | Trackback (1)

25C3: "Banking Malware 101"

Saturday, December 20. 2008

The 25th Chaos Communication Congress (25C3) will take place next week in Berlin, Germany. CCC is always fun and I'm really looking forward to the Congress. I will give a talk on banking malware at the second day (see the schedule for details). The talk can be summarized as:

In the recent years, we observed a growing sophistication how credentials are stolen from compromised machines: the attackers use sophisticated keyloggers to control the victim's machine and use different techniques to steal the actual credentials. In this talk, we present an overview of this threat and empirical measurement results.

Some aspects of this talk are covered by our recent technical report on banking malware, but I will go into some more technical details. If you also attend CCC, you can find me there and we can discuss questions :)

Posted by Thorsten Holz in admin, malware at 10:42 | Comments (2) | Trackbacks (0)