TUM Logo

Jonas Pfoh

Dr. Jonas Pfoh


now at FireEye

Research Interests

My research interests range quite a bit. I have been most active in the area of virtualization and virtual machine introspection. Particularly, I wrote my doctoral thesis on the subject of gathering information about a guest OS without any previous knowledge about the guest OS itself. This is especially interesting as it requires extensive use of the hardware itself. I have also begun to branch into the field of embedded application processors as ARM has introduced virtualization extensions in their Cortex A series of processors.

Further interests include administering a honeynet that we manage here at the lab, primarily for teaching purposes. This includes the management and administration aspect as well as analysis. Additionally, I have always had an interest in low-level programming and offer a rootkit programming course. Contrary to the initial impression, the goal is not teach malicous programming, but rather to understand a very complex software system (an OS kernel) by taking it apart and making it do what we want (even if the inital programmers never intended this :) ).

In my free time, I am also active in our department's CTF team.


2014 Code Validation for Modern OS Kernels
Dynamic Hooks: Hiding Control Flow Changes within Non-Control Data
Persistent Data-only Malware: Function Hooks without Code
2013 Leveraging String Kernels for Malware Detection
Leveraging Derivative Virtual Machine Introspection Methods for Security Applications
2012 Bridging the Semantic Gap Through Static Code Analysis
2011 Nitro: Hardware-based System Call Tracing for Virtual Machines
A Universal Semantic Bridge for Virtual Machine Introspection
2010 Exploiting the x86 Architecture to Derive Virtual Machine State Information
2009 A Formal Model for Virtual Machine Introspection