Prof. Dr. Christian J. Dietrich
Prof. Dr. Christian J. Dietrich
Home
Talks
Teaching
Publications
Posts
Contact
Posts
Silexbot bricks IoT devices - A detailed look at its distribution
Botnets targeting Internet-of-Things devices have diversified over the last few years. In 2016, the prevalent Mirai IoT botnet has shown that impactful Distributed Denial-of-Service attacks can be conducted even from a bot population purely of low-resourced devices.
Jun 26, 2019
8 min read
Homograph Github Domain spreads Neon Wallet Trojan
Technical report, 2019-03-15. English translation of an article initially published in German at internet-sicherheit.de. In March 2019, Jan-Hendrik Frintrop and me, we became aware of the newly registered domain giṭhub[.]com (xn--gihub-ns1b[.
Mar 15, 2019
8 min read
Venezuela Aid Live -- Typosquatting Domains surrounding Venezuela Aid
Due to political and economic turbulences, Venezuela is getting a lot of public attention recently. While working with my students on methods to identify typosquatting domains, we found likely spoofed websites that attempt to mislead donations intended for Venezuelan charity.
Feb 27, 2019
3 min read
Virut Resurrects -- Musings on long-term sinkholing
Virut is a botnet malware family which has initially been observed 13 years ago, in 2006. Traditionally, it spreads as a file-infecting virus, and has monetized pay-per-install schemes and information theft.
Nov 30, 2018
8 min read
Blurring of Commodity and Targeted Attack Malware
The following blog was written while working for CrowdStrike. It is available at https://www.crowdstrike.com/blog/blurring-of-commodity-and-targeted-attack-malware/. As malware and its authors continue to evolve, deciphering the purpose of specific malware-driven attacks has become more challenging.
Oct 16, 2015
1 min read
CVE-2014-1761 -- The Alley of Compromise
The following blog was written while working for CrowdStrike. It deals with the developments and the propagation of exploits surrounding CVE-2014-1761, a code execution vulnerability in Microsoft Word that was also leveraged in targeted attacks.
Oct 29, 2014
1 min read
Through the Window: Creative Code Invocation
The following blog was written while working for CrowdStrike. It deals with a characteristic code invocation technique on 32-bit Windows that was discovered while analyzing malware linked to a targeted intrusion attributed to the VENOMOUS BEAR/Turla actor.
Feb 5, 2014
1 min read
Performance Profiling Analysis using perf
While most of the stuff we analyze is Windows malware, when it comes to implementing detection or analysis approaches, we surely turn to GNU/Linux. One of the best tools I stumbled upon when it comes to profiling, i.
Apr 8, 2013
2 min read
Tracking the Command and Control Activity of Botnets
As part of our research on botnets, we developed recognition techniques for botnet command and control flows, such as CoCoSpot. Obviously, we use these techniques to track C&C channels and their activities.
Feb 13, 2013
5 min read
Exploiting Visual Appearance to Cluster and Detect Rogue Software
While malware comes in many different flavors, e.g., spam bots, banking trojans or denial-of-service bots, one important monetization technique of recent years is rogue software, such as fake antivirus software (Fake A/V).
Dec 7, 2012
3 min read
»
Cite
×