TUM Logo

Jonas Pfoh

Dr. Jonas Pfoh


now at FireEye

Research Interests

My research interests range quite a bit. I have been most active in the area of virtualization and virtual machine introspection. Particularly, I wrote my doctoral thesis on the subject of gathering information about a guest OS without any previous knowledge about the guest OS itself. This is especially interesting as it requires extensive use of the hardware itself. I have also begun to branch into the field of embedded application processors as ARM has introduced virtualization extensions in their Cortex A series of processors.

Further interests include administering a honeynet that we manage here at the lab, primarily for teaching purposes. This includes the management and administration aspect as well as analysis. Additionally, I have always had an interest in low-level programming and offer a rootkit programming course. Contrary to the initial impression, the goal is not teach malicous programming, but rather to understand a very complex software system (an OS kernel) by taking it apart and making it do what we want (even if the inital programmers never intended this :) ).

In my free time, I am also active in our department's CTF team.


2014 Code Validation for Modern OS Kernels
Dynamic Hooks: Hiding Control Flow Changes within Non-Control Data
Persistent Data-only Malware: Function Hooks without Code
2013 Leveraging String Kernels for Malware Detection
2012 Bridging the Semantic Gap Through Static Code Analysis
2011 Nitro: Hardware-based System Call Tracing for Virtual Machines
A Universal Semantic Bridge for Virtual Machine Introspection
2010 Exploiting the x86 Architecture to Derive Virtual Machine State Information
2009 A Formal Model for Virtual Machine Introspection