Page Not Found
Page not found. Your pixels are in another canvas.
Sitemap
A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.
Pages
About Me
About me
Page not in menu
This is a page not in th emain menu
Posts
First Blog Post
Published:
Hey, my personal site is alive! Better late than never!
portfolio
Branch Monitoring Framework
A Branch Monitor-based Monitoring Solution
Project Corvus
Malware sandbox and threat intelligence platform
publications
Enhancing Branch Monitoring for Security Purposes: From Control Flow Integrity to Malware Analysis and Debugging
Published in ACM Transactions on Privacy and Security (TOPS), 2018
My paper proposing a framework based on CPUs branch monitors.
Recommended citation: Botacin et al, Marcus. (2018). "Enhancing Branch Monitoring for Security Purposes: From Control Flow Integrity to Malware Analysis and Debugging." ACM TOPS. 1(1). http://doi.acm.org/10.1145/3152162
The other guys: automated analysis of marginalized malware
Published in Springer Journal of Computer Virology and Hacking Techniques (JCVHT), 2018
My paper about a Windows kernel-based sandbox.
Recommended citation: Botacin et al, Marcus. (2018). "The other guys: automated analysis of marginalized malware." Springer JCVHT. 1(1). https://link.springer.com/article/10.1007%2Fs11416-017-0292-8
Who Watches the Watchmen: A Security-focused Review on Current State-of-the-art Techniques, Tools, and Methods for Systems and Binary Analysis on Modern Platforms
Published in ACM Computing Surveys (CSUR), 2018
My paper about the state-of-the-art on hardware support for security applications.
Recommended citation: Botacin et al, Marcus. (2018). "Who Watches the Watchmen: A Security-focused Review on Current State-of-the-art Techniques, Tools, and Methods for Systems and Binary Analysis on Modern Platforms." ACM CSUR. 1(1). http://doi.acm.org/10.1145/3199673
The Internet Banking [in]Security Spiral: Past, Present, and Future of Online Banking Protection Mechanisms Based on a Brazilian Case Study
Published in International Conference on Availability, Reliability and Security (ARES), 2019
My paper about the nature of Mobile Banking Apps in Brazil.
Recommended citation: Botacin et al, Marcus. (2019). "The Internet Banking [in]Security Spiral: Past, Present, and Future of Online Banking Protection Mechanisms Based on a Brazilian Case Study." ACM ARES. 1(1). https://dl.acm.org/doi/10.1145/3339252.3340103
RevEngE is a Dish Served Cold: Debug-Oriented Malware Decompilation and Reassembly
Published in ACM Reversing and Offensive-Oriented Trends Symposium (ROOTS), 2019
My paper about how to decompile malware from debugging sessions
Recommended citation: Botacin et al, Marcus. (2019). "RevEngE is a Dish Served Cold: Debug-Oriented Malware Decompilation and Reassembly." ACM ROOTS. 1(1). https://dl.acm.org/doi/10.1145/3375894.3375895
Shallow Security: On the Creation of Adversarial Variants to Evade Machine Learning-Based Malware Detectors
Published in ACM Reversing and Offensive-Oriented Trends Symposium (ROOTS), 2019
Our second paper about how we won a malware evasion challenge using adversarial malware samples.
Recommended citation: Ceschin et al, Fabricio. (2019). "Shallow Security: On the Creation of Adversarial Variants to Evade Machine Learning-Based Malware Detectors." ACM ROOTS. 1(1). https://dl.acm.org/doi/10.1145/3375894.3375898
The AV says: Your hardware definitions were updated!
Published in International Symposium on Reconfigurable Communication-centric Systems-on-Chip (Recosoc), 2019
My paper about detecting malware via a ML classifier in an FPGA.
Recommended citation: Botacin et al, Marcus. (2019). "The AV says: Your hardware definitions were updated!." IEEE Recosoc. 1(1). https://ieeexplore.ieee.org/document/9034972
VANILLA malware: vanishing antiviruses by interleaving layers and layers of attacks
Published in Springer Journal of Computer Virology and Hacking Techniques (JCVHT), 2019
My paper about evading AVs via distributed malware payloads.
Recommended citation: Botacin et al, Marcus. (2019). "VANILLA malware: vanishing antiviruses by interleaving layers and layers of attacks." Springer JCVHT. 1(1). https://link.springer.com/article/10.1007%2Fs11416-019-00333-y
L(a)ying in (Test)Bed: How Biased Datasets Produce Impractical Results for Actual Malware Families’ Classification
Published in Information Security Conference (ISC), 2019
Our paper about detecting malware via image textures.
Recommended citation: Beppler et al, Tamy. (2019). "L(a)ying in (Test)Bed: How Biased Datasets Produce Impractical Results for Actual Malware Families’ Classification." Springer ISC. 1(1). https://link.springer.com/chapter/10.1007/978-3-030-30215-3_19
We Need to Talk About AntiViruses: Challenges & Pitfalls of AV Evaluations
Published in Elsevier Computers & Security, 2020
My paper about challenges to evaluate AV solutions.
Recommended citation: Botacin et al, Marcus. (2020). "We Need to Talk About AntiViruses: Challenges & Pitfalls of AV Evaluations." Elsevier Comp&Sec. 1(1). http://www.sciencedirect.com/science/article/pii/S0167404820301310
No Need to Teach New Tricks to Old Malware: Winning an Evasion Challenge with XOR-Based Adversarial Samples
Published in ACM Reversing and Offensive-Oriented Trends Symposium (ROOTS), 2020
Our second paper about how we won a malware evasion challenge using adversarial malware samples.
Recommended citation: Ceschin et al, Fabricio. (2020). "No Need to Teach New Tricks to Old Malware: Winning an Evasion Challenge with XOR-Based Adversarial Samples." ACM ROOTS. 1(1). https://dl.acm.org/doi/10.1145/3433667.3433669
Near-Memory & In-Memory Detection of Fileless Malware
Published in The International Symposium on Memory Systems (MEMSYS), 2020
My paper about detecting fileless malware via memory controller instrumentation.
Recommended citation: Botacin et al, Marcus. (2020). "Near-Memory & In-Memory Detection of Fileless Malware." ACM MEMSYS. 1(1). https://dl.acm.org/doi/10.1145/3422575.3422775
On the Security of Application Installers and Online Software Repositories Conference
Published in Springer (DIMVA), 2020
My paper about the security of application installers and software repositorires.
Recommended citation: Botacin et al, Marcus. (2020). "On the Security of Application Installers and Online Software Repositories Conference ." Springer DIMVA. 1(1). https://link.springer.com/chapter/10.1007/978-3-030-52683-2_10
Leveraging branch traces to understand kernel internals from within
Published in Springer Journal of Computer Virology and Hacking Techniques (JCVHT), 2020
My paper about tracing the kernel from within using CPUs branch monitors
Recommended citation: Botacin et al, Marcus. (2020). "Leveraging branch traces to understand kernel internals from within." Springer JCVHT. 1(1). https://link.springer.com/article/10.1007%2Fs11416-019-00343-w
The self modifying code (SMC)-aware processor (SAP): a security look on architectural impact and support
Published in Springer Journal of Computer Virology and Hacking Techniques (JCVHT), 2020
My paper about detecting SMC execution via CPU side-effects
Recommended citation: Botacin et al, Marcus. (2020). "The self modifying code (SMC)-aware processor (SAP): a security look on architectural impact and support." Springer JCVHT. 1(1). https://link.springer.com/article/10.1007%2Fs11416-020-00348-w
A Praise for Defensive Programming: Leveraging Uncertainty for Effective Malware Mitigation
Published in IEEE Transactions on Dependable and Secure Computing (TDSC), 2020
Our paper about detecting malware by adding OS uncertainty
Recommended citation: Sun et al, Ruimin. (2020). "A Praise for Defensive Programming: Leveraging Uncertainty for Effective Malware Mitigation." IEEE TDSC. 1(1). https://ieeexplore.ieee.org/document/9061034
AntiViruses under the Microscope: A Hands-On Perspective
Published in Elsevier Computeers & Security, 2021
My paper about analyzing the internals of AV solutions.
Recommended citation: Botacin et al, Marcus. (2021). "AntiViruses under the Microscope: A Hands-On Perspective." Elsevier Comp&Sec. 1(1). https://www.sciencedirect.com/science/article/pii/S0167404821003242
One Size Does Not Fit All: A Longitudinal Analysis of Brazilian Financial Malware
Published in ACM Transactions On Privacy and Security (TOPS), 2021
My paper about Brazilian Financial Malware describing desktop malware samples.
Recommended citation: Botacin et al, Marcus. (2021). "One Size Does Not Fit All: A Longitudinal Analysis of Brazilian Financial Malware." ACM TOPS. 1(1). https://dl.acm.org/doi/10.1145/3429741
Malware MultiVerse: From Automatic Logic Bomb Identification to Automatic Patching and Tracing
Published in Arxiv, 2021
My preprint paper about symbolic execution for malware analysis.
Recommended citation: Botacin et al, Marcus. (2021). "Malware MultiVerse: From Automatic Logic Bomb Identification to Automatic Patching and Tracing." Arxiv. 1(1). https://arxiv.org/abs/2109.06127
Challenges and Pitfalls in Malware Research
Published in Elsevier Computers & Security, 2021
My paper about challenges to conduct malware research.
Recommended citation: Botacin et al, Marcus. (2021). "Challenges and Pitfalls in Malware Research." Elsevier Comp&Sec. 1(1). https://www.sciencedirect.com/science/article/pii/S0167404821001115
Understanding uses and misuses of similarity hashing functions for malware detection and family clustering in actual scenarios
Published in Elsevier Digital Investigation, 2021
My paper about clustering malware using similarity hashing functions.
Recommended citation: Botacin et al, Marcus. (2021). "Understanding uses and misuses of similarity hashing functions for malware detection and family clustering in actual scenarios." Elsevier Digital Investigation. 1(1). https://www.sciencedirect.com/science/article/pii/S2666281721001281
Terminator: A Secure Coprocessor to Accelerate Real-Time AntiViruses Using Inspection Breakpoints
Published in ACM Transactions on Privacy and Security (TOPS), 2022
My paper proposing hardware breakpoints for AV scanning using a CPU coprocessor.
Recommended citation: Botacin et al, Marcus. (2022). " Terminator: A Secure Coprocessor to Accelerate Real-Time AntiViruses Using Inspection Breakpoints." ACM TOPS. 1(1). https://dl.acm.org/doi/10.1145/3494535
HEAVEN: A Hardware-Enhanced AntiVirus ENgine to accelerate real-time, signature-based malware detection
Published in Elsevier Expert Systems With Applications (ESWA), 2022
My paper proposing using branch patterns as inspection triggers for malware detection.
Recommended citation: Botacin et al, Marcus. (2022). " HEAVEN: A Hardware-Enhanced AntiVirus ENgine to accelerate real-time, signature-based malware detection." Elsevier ESWA. 1(1). https://www.sciencedirect.com/science/article/abs/pii/S0957417422004882
Fast & Furious: On the modelling of malware detection as an evolving data stream
Published in Elsevier Expert Systems With Applications (ESWA), 2022
Our paper discussing concept drift in Android malware detectors.
Recommended citation: Ceschin et al, Fabricio. (2022). " Fast & Furious: On the modelling of malware detection as an evolving data stream." Elsevier ESWA. 1(1). https://www.sciencedirect.com/science/article/abs/pii/S0957417422016463
Why we need a theory of maliciousness: Hardware Performance Counters in security
Published in Springer Information Security Conference (ISC), 2022
Our paper discussing the science of security of Hardware Performance Counters.
Recommended citation: Botacin et al, Marcus. (2022). " Why we need a theory of maliciousness: Hardware Performance Counters in security." Springer ISC. 1(1). https://link.springer.com/chapter/10.1007/978-3-031-22390-7_22
Dissecting Applications Uninstallers & Removers: Are they effective?
Published in Springer Information Security Conference (ISC), 2022
Our paper discussing the security of application uninstallers and removers.
Recommended citation: Botacin et al, Marcus. (2022). " Dissecting Applications Uninstallers & Removers: Are they effective?." Springer ISC. 1(1). https://link.springer.com/chapter/10.1007/978-3-031-22390-7_20
A Game-Based Framework to Compare Program Classifiers and Evaders
Published in ACM Conference on Code Generation and Optimization (CGO), 2023
Our paper discussing the use of histograms to cluster binaries compiled using different obfuscation strategies.
Recommended citation: Damasio et al, Thais. (2023). " A Game-Based Framework to Compare Program Classifiers and Evaders." ACM CGO. 1(1). https://dl.acm.org/doi/10.1145/3579990.3580012
GPThreats-3: Is Automatic Malware Generation a Threat?
Published in Workshop on Offensive Technologies (WOOT), 2023
My paper discussing the use of GPT-3 to automatically generate malware.
Recommended citation: Botacin, Marcus. (2023). "GPThreats-3: Is Automatic Malware Generation a Threat?" WOOT. 1(1). https://ieeexplore.ieee.org/document/10188649
Machine Learning (In) Security: A Stream of Problems
Published in ACM Digital Threats: Research and Practice (DTRAP), 2023
My co-authored paper discussing the use of Machine Learning (ML) for malware detection
Recommended citation: Ceschin et al. (2023). "Machine Learning (In) Security: A Stream of Problems" ACM DTRAP. 1(1). https://dl.acm.org/doi/10.1145/3617897
Detecting Memory Injections Using a Hardware Monitor
Published in Annual Computer Security Applications Conference (ACSAC), 2023
My co-authored paper discussing the concept of a hardware detector for memory injections
Recommended citation: Botacin et al. (2023). "Machine Learning (In) Security: A Stream of Problems" ACM DTRAP. 1(1). https://www.acsac.org/
talks
Malicious Linux Binaries: A Landscape
Published:
This is a talk about linux malware in a conference of the Brazilian open-source community. Video Here
Does Your Threat Model Consider Country and Culture? A Case Study of Brazilian Financial Malware to show that it Should!
Published:
This is my USENIX Enigma talk summarizing my research about Brazilian malware samples. Video Here
All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Competition and Make Malware Attacks Practical
Published:
This is a talk about our participation in the MLSec malware evasion competition. Slides
On the malware detection problem: Challenges & novel approaches
Published:
My PhD thesis defense. Video
Why Is Our Security Research Failing? Five Practices to Change!
Published:
This is my USENIX Enigma talk summarizing my findings about Challenges and Pitfalls in Security Research. Page Slides Video
All You Always Wanted to Know About Antiviruses
Published:
This is my HITB talk summarizing my findings about AV Internals. Page Slides Video
teaching
Reverse Engineering
Workshop, UNICAMP, UFPR, SBSEG, 2018
This is a short-course to introduce reverse engineering and malware analysis concepts to new students. I presented this short course at University of Campinas (UNICAMP), Federal University of Paraná (UFPR), and at the Brazilian Symposium on Information and Systems Security (SBSEG). Course Material Here
Machine Learning-Based CyberDefenses
Topics, TAMU, 2023
In this course, we will navigate through the applications of ML in the security field: the pros, the cons, and the future yet to come.