Research

My primary research interests include:

Previously I worked on dynamic analysis of Android applications. In the malware-lab of the FH Hagenberg Secure Informations Systems we started a project that provides a dynamic analysis platform for Android applications. This resulted in my first publication.

Later I also patched Taintdroid to contain taint sinks/sources/tags for cryptography APIs, which can result in insights how an application uses cryptography to protect user data.

I started a small project that does compile time function call instrumentation in LLVM. You could call it aspect oriented programming ;). It's focused on analysis though and does come with a significant overhead.

I did my master thesis at the IAIK Secure Systems groups, where I build upon the results of the Write Integrity Testing paper.

Publications

  • "ANANAS - A Framework For Analyzing Android Applications"
    Thomas Eder, Michael Rodler, Dieter Vymazal, Markus Zeilinger
    First International Workshop on Emerging Cyberthreats and Countermeasures (Regensburg, 2013), IEE.
    arxiv ieeexplore

Talks

  • "ROP CFI RAP XNR CPI WTF? – Navigating the Exploit Mitigation Jungle"
    at BsidesLjubljana 2017 (2017-03-10)
    slides
  • "A CTF Hackers Toolbox - Competitive hacking for fun and (non-)profit"
    with Stefan More
    at Grazer Linuxtage 2016 (2016-04-30)
    slides
  • "Weird Machines on Little Robots - Intro to binary exploitation on Android smartphones"
    at Hacking Night SS 2013 (2013-06-06)
    slides
  • "evil maid on droids"
    at Hacking Night WS 2012 (2012-12-06)
    slides
  • "Oh Noes, Another Android Malware Talk"
    with Thomas Eder
    at Insights Track at Security Forum 2012 (2012-04-18)
    slides
  • "Downgrade Attacks by Example"
    at BSidesVienna 2012 (2012-01-21)
    slides
  • "Downgrade Attacks: Compatibility Breaks Security"
    at Hacking Night WS 2011 (2011-12-14)
    slides
  • "Hackinggroup – Python Workshop"
    with Thomas Kastner
    at Hackinggroup Workshop (2010-12-07 and 2010-12-16)
    slides: part 1 part 2 sources
  • "Tatort Internet: Wer geht mit mir phishen?"
    with Sebastian Neuner
    at Hacking Night WS 2010 (2010-11-25)
    slides
  • "git for noobs"
    at Hackinggroup Workshop (2010-10-27)
    slides