Thomas Sutter

Work at ZHAW

Position

Research Associate Information Security

Focus

• Computer Science
• Information Security

Teaching

• SATW TecDays
• Nebenbetreuer Bachelorarbeiten

Education and Continuing education

Education

• Master of Science UAS in Engineering / Computer Sciences
  Zurich University of Applied Sciences
  02 / 2018 - 03 / 2021
• Bachelor of Science UAS in Engineering / Computer Sciences
  Zurich University of Applied Sciences
  08 / 2014 - 07 / 2017

Continuing Education

• OffSec Certified Professional (OSCP)
  OffSec
  11 / 2022
• OffSec Wireless Professional (OSWP)
  OffSec
  11 / 2022

Network

Membership of networks

CYREN - Cyber Resilience Network for the Canton of Zurich

ORCID digital identifier

ORCID ID: 0000-0003-2649-3299

Social media

• Linkedin
• Twitter

Media presence

BlackHat Europe 2019: Simple Spyware: Androids Invisible Foreground Services and How to (Ab)use Them

Projects

• OCTOPUS: Observing Communication Traffic Of Pre-installed Userspace Software / Team member / ongoing
• Runtime Vulnerability Detection in Android Pre-installed Apps / Team member / ongoing
• Dynamic Security Analysis of Android Pre-installed Apps / Team member / completed
• Dynamic Analysis of Internal Android Systems / Team member / completed
• OptiPhish – Effective and Measurable Phishing Awareness Training / Project leader / completed
• HostDetective – Next Generation Active and Passive Web Server Rating System / Team member / completed
• SeCoSS: Secure Collaboration with SecureSafe / Team member / completed

Publications

Articles in scientific journal, peer-reviewed

• Sutter, T. et al. (2024) 'Dynamic security analysis on Android : a systematic literature review', IEEE Access, 12, pp. 57261–57287. doi: 10.1109/ACCESS.2024.3390612.
• Sutter, T. et al. (2022) 'Avoiding the hook : influential factors of phishing awareness training on click-rates and a data-driven approach to predict email difficulty perception', IEEE Access, 10, pp. 100540–100565. doi: 10.1109/ACCESS.2022.3207272.
• Jampen, D. et al. (2020) 'Don't click : towards an effective anti-phishing training. A comparative literature review', Human-centric Computing and Information Sciences, 10(33). doi: 10.1186/s13673-020-00237-7.

Written conference contributions, peer-reviewed

• Geppert, T. et al. (2025) 'How to successfully implement phishing awareness training in organizations : a technology adoption perspective', in Bui, T. X. (ed.) Proceedings of the 58th Hawaii International Conference on System Sciences. University of Hawaiʻi at Mānoa, p. 6156. doi: 10.24251/hicss.2025.737.
• Sutter, T. and Tellenbach, B. (2023) 'FirmwareDroid : towards automated static analysis of pre-installed android apps', in Klein, J. and Wei, L. (eds) 2023 IEEE/ACM 10th International Conference on Mobile Software Engineering and Systems (MOBILESoft). IEEE, pp. 12–22. doi: 10.1109/MOBILSoft59058.2023.00009.

Other publications

• Sutter, T., Trammell, A. and Kehrer, T. (2024) 'Uninstallable by design : the role of pre-installed apps in Android's security landscape', ERCIM News, (139), pp. 17–18. doi: 10.21256/zhaw-32445.
• Sutter, T. et al. (2021) Web content signing with service workers. ZHAW Zürcher Hochschule für Angewandte Wissenschaften. doi: 10.21256/zhaw-22514.

Oral conference contributions and abstracts

Sutter, T. and Tellenbach, B. (2019) 'Simple spyware : Androids invisible foreground services and how to (ab)use them', in Black Hat Europe, London, 2.-5. Dezemeber 2019.

go back