@inproceedings{dam_large-scale_2019, address = {Canterbury, United Kingdom}, title = {Large-{Scale} {Analysis} of {Pop}-{Up} {Scam} on {Typosquatting} {URLs}}, doi = {10/gh378k}, booktitle = {Proceedings of the 14th {International} {Conference} on {Availability}, {Reliability} and {Security}}, publisher = {ACM}, author = {Dam, Tobias and Klausner, Lukas Daniel and Buhov, Damjan and Schrittwieser, Sebastian}, year = {2019}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Konferenz-Paper, SP IT Sec System \& Application Security, Vortrag, Wiss. Beitrag, peer-reviewed}, pages = {53:1--53:9}, } @article{buhov_flash_2018, title = {{FLASH}: {Is} the 20th {Century} {Hero} {Really} {Gone}? {Large}-{Scale} {Evaluation} on {Flash} {Usage} \& {Its} {Security} and {Privacy} {Implications}}, volume = {9}, doi = {10/gh375m}, abstract = {Although the Adobe Flash browser plugin steadily lost popularity throughout the last few years, Flash content still regularly appears when browsing the web. Known for its infamous security track record, Flash remains a challenge in making web browsing more secure. In this paper, we present a largescale measurement of the current uses of Flash, based on a crawl of the top 1 million websites. The different types of measurements result in most detailed classification of Flash uses to date. In particular, special attention is payed to Flash usage related to user tracking, as well as to malicious Flash files used by malvertising or exploit kits. We present Garrick, a novel crawling framework, which is based on a full-fledged Mozilla Firefox browser. Garrick is able to mimic any browser, plugin and operating system configuration so that fingerprinting scripts can be tricked to deliver malicious Flash files. Our measurements show that Flash is still used by approximately 7.5\% of the top 1 million websites, with 62\% of the Flash content coming from third-parties such as ad networks. In general, on popular websites Flash usage is higher compared to less prominent websites and a bigger share of Flash content on these sites comes from third-parties. From a security perspective, malicious Flash files served by highly targeted malvertising campaigns are an ongoing challenge.}, language = {en}, number = {4}, journal = {Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA)}, author = {Buhov, Damjan and Rauchberger, Julian and Schrittwieser, Sebastian}, month = dec, year = {2018}, keywords = {FH SP Cyber Security, Institut für IT Sicherheitsforschung, SP IT Sec System \& Application Security, peer-reviewed}, pages = {15}, } @inproceedings{buhov_network_2015, title = {Network {Security} {Challenges} in {Android} {Applications}}, doi = {10/gh375f}, booktitle = {Availability, {Reliability} and {Security} ({ARES}), 2015 10th {International} {Conference}}, author = {Buhov, Damjan and Huber, Markus and Merzdovnik, Georg and Weippl, Edgar and Dimitrova, Vesna}, year = {2015}, note = {Projekt: upribox2}, keywords = {Department Technologie, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation}, } @inproceedings{buhov_pin_2016, title = {Pin it! {Improving} {Android} network security at runtime}, doi = {10/gh375d}, publisher = {IEEE}, author = {Buhov, Damjan and Huber, Markus and Merzdovnik, Georg and Weippl, Edgar}, year = {2016}, note = {Projekt: upribox2}, keywords = {Department Technologie, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, peer-reviewed}, } @inproceedings{merzdovnik_block_2017, title = {Block {Me} {If} {You} {Can}: {A} {Large}-{Scale} {Study} of {Tracker}-{Blocking} {Tools}}, doi = {10/gh3749}, publisher = {IEEE}, author = {Merzdovnik, Georg and Huber, Markus and Buhov, Damjan and Nikiforakis, N and Neuner, Sebastian and Weippl, Edgar}, year = {2017}, note = {PriSAd}, keywords = {Department Technologie, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, peer-reviewed}, } @inproceedings{rauchberger_other_2018, address = {Hamburg, Deutschland}, title = {The {Other} {Side} of the {Coin}: {A} {Framework} for {Detecting} and {Analyzing} {Web}-based {Cryptocurrency} {Mining} {Campaigns}}, doi = {10/gh373c}, booktitle = {Proceedings of the 13th {International} {Conference} on {Availability}, {Reliability} and {Security}}, publisher = {ACM}, author = {Rauchberger, Julian and Schrittwieser, Sebastian and Dam, Tobias and Luh, Robert and Buhov, Damjan and Pötzelsberger, Gehard and Kim, Hyoungshick}, year = {2018}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, SP IT Sec System \& Application Security, best, peer-reviewed}, } @inproceedings{buhov_catch_2016, title = {Catch {Me} {If} {You} {Can}! {Transparent} {Detection} {Of} {Shellcode}}, doi = {10/gh3725}, publisher = {IEEE}, author = {Buhov, Damjan and Thron, Richard and Schrittwieser, Sebastian}, year = {2016}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed}, } @misc{schrittwieser_coineater:_2019, address = {Wiener Neustadt, Österreich}, title = {Coineater: {Automatisierte} {Erkennung} {Von} {Krypto}-{Mining} {Im} {Webbrowser}}, author = {Schrittwieser, Sebastian and Rauchberger, Julian and Dam, Tobias and Buhov, Damjan}, month = apr, year = {2019}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Poster, SP IT Sec System \& Application Security, peer-reviewed}, }