Thomas Sutter
Thomas Sutter
ZHAW
School of Engineering
Forschungsschwerpunkt Information Security
Steinberggasse 13
8400 Winterthur
Arbeit an der ZHAW
Tätigkeit
Wissenschaftlicher Mitarbeiter Information Security
Arbeits- und Forschungsschwerpunkte
Lehrtätigkeit
Aus- und Weiterbildung
Ausbildung
- Master of Science ZFH in Engineering / Informatik
Zürcher Hochschule für Angewandte Wissenschaften
02 / 2018 - 03 / 2021 - Bachelor of Science ZFH in Engineering / Informatik
Zürcher Hochschule für Angewandte Wissenschaften
08 / 2014 - 07 / 2017
Weiterbildung
- OffSec Certified Professional (OSCP)
OffSec
11 / 2022 - OffSec Wireless Professional (OSWP)
OffSec
11 / 2022
Netzwerk
Mitglied in Netzwerken
CYREN - Cyber Resilience Network for the Canton of Zurich
ORCID digital identifier
Social Media
Medienpräsenz
BlackHat Europe 2019: Simple Spyware: Androids Invisible Foreground Services and How to (Ab)use Them
Projekte
- OCTOPUS: Observing Communication Traffic Of Pre-installed Userspace Software / Teammitglied / laufend
- Runtime Vulnerability Detection in Android Pre-installed Apps / Teammitglied / laufend
- Dynamic Security Analysis of Android Pre-installed Apps / Teammitglied / abgeschlossen
- Dynamic Analysis of Internal Android Systems / Teammitglied / abgeschlossen
- OptiPhish – Effective and Measurable Phishing Awareness Training / Projektleiter:in / abgeschlossen
- HostDetective – Next Generation Active and Passive Web Server Rating System / Teammitglied / abgeschlossen
- SeCoSS: Secure Collaboration with SecureSafe / Teammitglied / abgeschlossen
Publikationen
Beiträge in wissenschaftlicher Zeitschrift, peer-reviewed
- Sutter, T. et al. (2024) 'Dynamic security analysis on Android : a systematic literature review', IEEE Access, 12, pp. 57261–57287. doi: 10.1109/ACCESS.2024.3390612.
- Sutter, T. et al. (2022) 'Avoiding the hook : influential factors of phishing awareness training on click-rates and a data-driven approach to predict email difficulty perception', IEEE Access, 10, pp. 100540–100565. doi: 10.1109/ACCESS.2022.3207272.
- Jampen, D. et al. (2020) 'Don't click : towards an effective anti-phishing training. A comparative literature review', Human-centric Computing and Information Sciences, 10(33). doi: 10.1186/s13673-020-00237-7.
Schriftliche Konferenzbeiträge, peer-reviewed
- Geppert, T. et al. (2025) 'How to successfully implement phishing awareness training in organizations : a technology adoption perspective', in Bui, T. X. (ed.) Proceedings of the 58th Hawaii International Conference on System Sciences. University of Hawaiʻi at Mānoa, p. 6156. doi: 10.24251/hicss.2025.737.
- Sutter, T. and Tellenbach, B. (2023) 'FirmwareDroid : towards automated static analysis of pre-installed android apps', in Klein, J. and Wei, L. (eds) 2023 IEEE/ACM 10th International Conference on Mobile Software Engineering and Systems (MOBILESoft). IEEE, pp. 12–22. doi: 10.1109/MOBILSoft59058.2023.00009.
Weitere Publikationen
- Sutter, T., Trammell, A. and Kehrer, T. (2024) 'Uninstallable by design : the role of pre-installed apps in Android's security landscape', ERCIM News, (139), pp. 17–18. doi: 10.21256/zhaw-32445.
- Sutter, T. et al. (2021) Web content signing with service workers. ZHAW Zürcher Hochschule für Angewandte Wissenschaften. doi: 10.21256/zhaw-22514.
Mündliche Konferenzbeiträge und Abstracts
Sutter, T. and Tellenbach, B. (2019) 'Simple spyware : Androids invisible foreground services and how to (ab)use them', in Black Hat Europe, London, 2.-5. Dezemeber 2019.