Duy Phuc Pham

My main interests: malware reverse-engineering, intelligence threats hunting, side-channel information with deep learning analysis.

Malware researcher at Advanced Research Center (ARC) - Trellix
PhD graduate at EMSEC team, IRISA & INRIA under supervision of Annelie Heuser, Olivier Zendra, Pierre-Alain Fouque, and Jean-Louis Lanet.
MSc of cyber-security at University of Twente and University of Trento
BA of Business Administration at Hanoi University of Science and Technology
Engineering degree of Mechatronics at Institut polytechnique de Hanoï
Founder of CTF team BabyPhD

Awards

1st winner of Airbus security challenge, CYBER IN Toulouse 2021.
1st prize award of SILM Security of Software & Hardware Interfaces CTF 2019
Mandiant’s Fire Eye- Advanced Reverse Engineering 1,2,3,5,6,9 : Winning award. 2022, 2019, 2018, 2016, 2015, 2014
Batterii: Web penetration testing - Bug Bounty award. Oct. 2016
BlackHat Europe Conference: Student Scholarship. Aug. 2016
KTH Royal Institute of Technology, Sweden: EIT Digital’s summer school Future Cloud. Jul. 2016
EIT ICT School: Excellent nomination scholarship of €30.000 in Security&Privacy. Apr. 2015
BKAV’s Whitehat contest 08: 1st prize award on behalf of BabyPhD team. Feb. 2015
Hanoi University of Science and Technology Young Scientific Research : 1st prize award. Jul. 2013

I am/was a member of the following:

USENIX Security 2022 Artifact Evaluation Committee 2022
CHES Artifact Evaluation PC 2021
International Symposium on Information and Communication Technology PC 2022
Quarterly security livestreaming roundtable of BabyTalk from 2020- 3 2 1

news

Nov 12, 2023	My talk record: The Wolf in Sheep’s Clothing: How Cybercriminals Leverage OneNote for Stealthy Malware Delivery at code.talks Hamburg 2023 has been published.
Jun 23, 2022	Our paper “ULTRA: Ultimate Rootkit Detection over the Air” has been accepted in RAID 2022 .
Aug 28, 2021	Our paper “Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification” has been accepted in ACSAC 2021.

selected publications

ULTRA: Ultimate Rootkit Detection over the Air

Pham, Duy-Phuc, Marion, Damien, and Heuser, Annelie

In 25th International Symposium on Research in Attacks, Intrusions and Defenses 2022

Abs PDF Code

Rootkits are the most challenging malware threats against server and desktop systems. They are created by highly skilled actors and are deployed in advanced persistent threat attacks. Lately and even in the future, rootkits will become a real threat to billions of IoT devices. Existing malware detection techniques based on static or dynamic analysis face major shortcomings, which become more apparent when it is necessary to detect threats on IoT devices. In this paper, we propose the ULTRA framework, which can detect rootkits effectively and efficiently by operating outside of the “box” (literary device) with no resource requirement on the target device. ULTRA baits the rootkit to provoke activity, measures electromagnetic emanation with a software-defined radio, preprocesses signals, then detects and classifies rootkit behavior using machine/deep learning techniques. As use cases, we target two IoT devices with MIPS and ARM architectures. The proposed approach achieved promising results with high accuracy for detecting both known and unknown rootkits during the offline learning phase. Our experimental study involves classification of rootkit families and distinct variants, obfuscated rootkits, probe dislocation, benign noise (kernel) activities, and comparison with software-based solutions.
Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification

Pham, Duy-Phuc, Marion, Damien, Mastio, Mathieu, and Heuser, Annelie

In Annual Computer Security Applications Conference 2021

HTML PDF Code
Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques

Pham, Duy-Phuc, Vu, Duc Ly, and Massacci, Fabio

J. Comput. Virol. Hacking Tech. 2019

HTML Code