Matthias Neugschwandtner

was senior researcher at SBA Research.Matthias Neugschwandtner

Research Interest

The main focus of his research lies on low-level system security. This encompasses malware analysis, vulnerability detection and system hardening.

Bio

Matthias Neugschwandtner received his D.Sc. degree from the TU Wien in 2014, where he worked at the Secure Systems Lab from 2010 to 2014. He joined the system and network security group at the Vrije Universiteit Amsterdam as a visiting researcher in 2011, and the Northeastern University Systems Security Lab in Boston in 2013.

  • Take a Bite - Finding the Worm in the Apple (2013)
    • INPROCEEDINGS--
    • Martina Lindorfer and Bernhard Miller and Matthias Neugschwandtner and Christian Platzer
    • Proceedings of the 9th International Conference on Information, Communications and Signal Processing (ICICS)
    @INPROCEEDINGS{Lindorfer2013Take,
       author = {Martina Lindorfer and Bernhard Miller and Matthias Neugschwandtner and Christian Platzer},
       title = {Take a Bite - Finding the Worm in the Apple},
       booktitle = {Proceedings of the 9th International Conference on Information,
       Communications and Signal Processing (ICICS)},
       year = {2013},
       month = {12},
       pdf = {http://iseclab.org/people/mlindorfer/macmal_icics13.pdf},
    }
  • AndRadar: Fast Discovery of Android Applications in Alternative Markets (2014)
    • INPROCEEDINGS--
    • Martina Lindorfer and Stamatis Volanis and Alessandro Sisto and Matthias Neugschwandtner and Elias Athanasopoulos and Federico Maggi and Christian Platzer and Stefano Zanero and Sotiris Ioannidis
    • DetectionProceedings of the 11th Conference on of Intrusions and Malware & Vulnerability Assessment (DIMVA)
    @INPROCEEDINGS{Lindorfer2014AndRadar,
       author = {Martina Lindorfer and Stamatis Volanis and Alessandro Sisto and Matthias Neugschwandtner and Elias Athanasopoulos and Federico Maggi and Christian Platzer and Stefano Zanero and Sotiris Ioannidis},
       title = {AndRadar: Fast Discovery of Android Applications in Alternative Markets},
       booktitle = {DetectionProceedings of the 11th Conference on of Intrusions and Malware & Vulnerability Assessment (DIMVA)},
       year = {2014},
       month = {7},
       pdf = {http://iseclab.org/papers/andradar_dimva14.pdf},
    }
  • Andrubis - 1,000,000 Apps Later: A View on Current Android Malware Behaviors (2014)
    • INPROCEEDINGS--
    • Martina Lindorfer and Matthias Neugschwandtner and Lukas Weichselbaum and Yanick Fratantonio and Victor Van der Veen and Christian Platzer
    • Proceedings of the 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS)
    @INPROCEEDINGS{Lindorfer2014Andrubis,
       author = {Martina Lindorfer and Matthias Neugschwandtner and Lukas Weichselbaum and Yanick Fratantonio and Victor {Van der Veen} and Christian Platzer},
       title = {Andrubis - 1,
      000,
      000 Apps Later: A View on Current Android Malware Behaviors},
       booktitle = {Proceedings of the 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS)},
       year = {2014},
       month = {9},
       pdf = {http://iseclab.org/papers/andrubis_badgers14.pdf},
    }
  • Marvin: Efficient and Comprehensive Mobile App Classification Through Static and Dynamic Analysis (2015)
    • INPROCEEDINGS--
    • Martina Lindorfer and Matthias Neugschwandtner and Christian Platzer
    • Proceedings of the 39th Annual International Computers, Software and Applications Conference (COMPSAC)
    @INPROCEEDINGS{Lindorfer2015Marvin,
       author = {Martina Lindorfer and Matthias Neugschwandtner and Christian Platzer},
       title = {Marvin: Efficient and Comprehensive Mobile App Classification Through Static and Dynamic Analysis},
       booktitle = {Proceedings of the 39th Annual International Computers,
       Software and Applications Conference (COMPSAC)},
       year = {2015},
       month = {7},
       pdf = {http://iseclab.org/papers/marvin_compsac15.pdf},
    }
  • A View To A Kill: WebView Exploitation (2013)
    • INPROCEEDINGStrue-
    • Matthias Neugschwandtner and Martina Lindorfer and Christian Platzer
    • 6th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET)
    @INPROCEEDINGS{Neugschwandtner2013View,
       author = {Matthias Neugschwandtner and Martina Lindorfer and Christian Platzer},
       sbahotlist = {true},
       title = {A View To A Kill: WebView Exploitation},
       booktitle = {6th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET)},
       year = {2013},
       month = {8},
    }
  • The BORG: Nanoprobing Binaries for Buffer Overreads (2015)
    • INPROCEEDINGS--
    • Matthias Neugschwandtner and Paolo Milani Comparetti and Istvan Haller and Herbert Bos
    • ACM Conference on Data and Application Security and Privacy (CODASPY)
    @INPROCEEDINGS{Neugschwandtner2015BORG,
       author = {Matthias Neugschwandtner and Paolo Milani Comparetti and Istvan Haller and Herbert Bos},
       title = {The BORG: Nanoprobing Binaries for Buffer Overreads},
       booktitle = {ACM Conference on Data and Application Security and Privacy (CODASPY)},
       year = {2015},
       month = {3},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/Neugschwandtner borg.pdf},
    }
  • dAnubis (Dynamic Device Driver Analysis Based on Virtual Machine Introspection) (2010)
    • INPROCEEDINGS--
    • Matthias Neugschwandtner and Christian Platzer and Paolo Milani Comparetti and Ulrich Bayer
    • Seventh Conference on Detection of Intrusions and Malware & Vulnerability Assessment DIMVA
    @INPROCEEDINGS{Neugschwandtner_dAnubis_Dynamic_Device_Driver__null,
       author = {Matthias Neugschwandtner and Christian Platzer and Paolo Milani Comparetti and Ulrich Bayer},
       title = {dAnubis (Dynamic Device Driver Analysis Based on Virtual Machine Introspection)},
       booktitle = {Seventh Conference on Detection of Intrusions and Malware & Vulnerability Assessment DIMVA},
       year = {2010},
       month = {7},
       abstract = {In the escalating arms race between malicious code and secu- rity tools designed to analyze it,
       detect it or mitigate its impact,
       malicious code running inside the operating system kernel provides an extremely powerful tool. Kernel-level code can introduce hard to detect backdoors,
       provide stealth by hiding fies,
       processes or other resources and in general tamper with operating system code and data in arbitrary ways. Under Windows,
       kernel-level malicious code typically takes the form of a device driver. In this work,
       we present dAnubis,
       a system for the real- time,
       dynamic analysis of malicious Windows device drivers. dAnubis can automatically provide a high-level,
       human-readable report of a driver's behavior on the system. We applied our system to a dataset of over 400 malware samples. The results of this analysis shed some light on the behavior of kernel-level malicious code that is in the wild today.},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/dimva2010-dAnubis.pdf},
    }
    In the escalating arms race between malicious code and secu- rity tools designed to analyze it, detect it or mitigate its impact, malicious code running inside the operating system kernel provides an extremely powerful tool. Kernel-level code can introduce hard to detect backdoors, provide stealth by hiding fies, processes or other resources and in general tamper with operating system code and data in arbitrary ways. Under Windows, kernel-level malicious code typically takes the form of a device driver. In this work, we present dAnubis, a system for the real- time, dynamic analysis of malicious Windows device drivers. dAnubis can automatically provide a high-level, human-readable report of a driver's behavior on the system. We applied our system to a dataset of over 400 malware samples. The results of this analysis shed some light on the behavior of kernel-level malicious code that is in the wild today.
  • Andrubis: Android Malware Under The Magnifying Glass (2014)
    • TECHREPORT--
    • Lukas Weichselbaum and Matthias Neugschwandtner and Martina Lindorfer and Yanick Fratantonio and Victor Van der Veen and Christian Platzer
    • -
    @TECHREPORT{Weichselbaum2014Andrubis,
       author = {Lukas Weichselbaum and Matthias Neugschwandtner and Martina Lindorfer and Yanick Fratantonio and Victor {Van der Veen} and Christian Platzer},
       title = {Andrubis: Android Malware Under The Magnifying Glass},
       booktitle = {Technical Report},
       year = {2014},
       month = {7},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/iseclab.org/papers/andrubis_techreport.pdf},
    }

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close