Damon's Photo

Damon McCoy


Assistant Professor
Computer Science and Engineering Department
Tandon School of Engineering
New York University

E-Mail: mccoy@nyu.edu
Office: 10.082 2 Metro Tech
Mail: 2 Metro Tech, Brooklyn, NY 11201 USA

NYU

My research focuses on empirically measuring the security and privacy of technology systems and their intersections with society. Some of my current projects explore the socio-economics of e-crime, censorship evasion, anonymous communication, cyber-physical systems. More generally, I am interested in exploring and improving the security and privacy of large-scale systems.

Recent Publications
Peeling the Onion's User Experience Layer: Examining Naturalistic Use of the Tor Browser
Kevin Gallagher, Sameer Patil, Brendan Dolan-Gavitt, Damon McCoy, Nasir Memon
ACM SIGSAC Conference on Computer and Communications Security (CCS), Toronto, Canada, October 2018

Schrodinger's RAT: Profiling the Stakeholders in the Remote Access Trojan Ecosystem
Mohammad Rezaeirad, Brown Farinholt, Hitesh Dharmdasani, Paul Pearce, Kirill Levchenko, and Damon McCoy
USENIX Security, Baltimore, MD, August 2018

Tracking Ransomware End-to-end
Danny Yuxing Huang, Maxwell Matthaios Aliapoulios, Vector Guo Li, Luca Invernizzi, Kylie McRoberts, Elie Bursztein, Jonathan Levin, Kirill Levchenko, Alex C. Snoeren, Damon McCoy
IEEE Symposium on Security & Privacy (Oakland), San Francisco, CA, May 2018

The Spyware Used in Intimate Partner Violence
Rahul Chatterjee, Periwinkle Doerfler, Hadas Orgad, Sam Havron, Jackeline Palmer, Diana Freed, Karen Levy, Nicola Dell, Damon McCoy, and Thomas Ristenpart
IEEE Symposium on Security & Privacy (Oakland), San Francisco, CA, May 2018

Bullet-Proof Payment Processors
Hongwei Tian, Stephen M. Gaffigan, D. Sean West, and Damon McCoy
IEEE APWG Symposium on Electronic Crime Research (eCrime), San Diego, CA, May 2018

Fifteen Minutes of Unwanted Fame: Detecting and Characterizing Doxing
Peter Snyder Periwinkle Doerfler Chris Kanich Damon McCoy
Proceedings of the ACM Internet Measurement Conference (IMC), 2017

Identifying Products in Online Cybercrime Marketplaces: A Dataset for Fine-grained Domain Adaptation
Greg Durrett, Jonathan K. Kummerfeld, Taylor Berg-Kirkpatrick, Rebecca S. Portnoff, Sadia Afroz, Damon McCoy, Kirill Levchenko and Vern Paxson
Conference on Empirical Methods on Natural Language Processing (EMNLP), 2017

Linking Amplification DDoS Attacks to Booter Services
Johannes Krupp, Mohammad Karami, Christian Rossow, Damon McCoy and Michael Backes
International Symposium on Research in Attacks, Intrusions and Defenses (RAID), Atlanta, GA, September 2017

Measuring the Effectiveness of Embedded Phishing Exercises
Hossein Siadati, Sean Palka, Avi Siegel and Damon McCoy
Proceedings of Workshop on Cyber Security Experimentation and Test (CSET), August 2017.

Backpage and Bitcoin: Uncovering Human Traffickers
Rebecca S. Portnoff, Danny Yuxing Huang, Periwinkle Doerfler, Sadia Afroz and Damon McCoy
Proceedings of the ACM SIGKDD Conference, Halifax, Nova Scotia, Canada, August 2017

Booted: An Analysis of a Payment Intervention on a DDoS-for-Hire Service
Ryan Brunt, Prakhar Pandey and Damon McCoy
Workshop on the Economics of Information Security, San Diego, CA, June 2017

Under the Shadow of Sunshine: Understanding and Detecting Bulletproof Hosting on Legitimate Service Provider Networks
Sumayah Alrwais, Xiaojing Liao, Xianghang Mi, Peng Wang, XiaoFeng Wang, Feng Qian, Raheem Beyah, and Damon McCoy
IEEE Symposium on Security & Privacy (Oakland), San Jose, CA, May 2017.

To Catch a Ratter: Monitoring the Behavior of Amateur DarkComet RAT Operators in the Wild
Brown Farinholt, Mohammad Rezaeirad, Paul Pearce, Hitesh Dharmdasani, Haikuo Yin, Stevens Le Blond, Damon McCoy, and Kirill Levchenko
IEEE Symposium on Security & Privacy (Oakland), San Jose, CA, May 2017.

Automated Analysis of Cybercriminal Markets
Rebecca S Portnoff, Sadia Afroz, Greg Durrett, Jonathan K Kummerfeld, Taylor Berg-Kirkpatrick, Damon McCoy, Kirill Levchenko and Vern Paxson
Proceedings of the World Wide Web Conference (WWW), Perth, Australia, April 2017.

Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software
Kurt Thomas, Juan A. Elices Crespo, Ryan Rasti, Jean-Michel Picod, Cait Phillips, Marc-Andre Decoste, Chris Sharp, Fabio Tirelo, Ali Tofigh, Marc-Antoine Courteau, Lucas Ballard, Robert Shield, Nav Jagpal, Moheeb Abu Rajab, Panayiotis Mavrommatis, Niels Provos, Elie Bursztein, and Damon McCoy
Proceedings of the USENIX Security Symposium, Austin, TX, August 2016.

You've Got Vulnerability: Exploring Effective Vulnerability Notifications
Frank Li, Zakir Durumeric, Jakub Czyz, Mohammad Karami, Michael Bailey, Damon McCoy, Stefan Savage, and Vern Paxson
Proceedings of the USENIX Security Symposium, Austin, TX, August 2016.

A Security Analysis of an In Vehicle Infotainment and App Platform
Sahar Mazloom, Mohammad Rezaeirad, Aaron Hunter, and Damon McCoy
10th USENIX Workshop on Offensive Technologies (WOOT), Austin, TX , August 2016.

Deterring Financially Motivated Cybercrime
Zachary K. Goldman and Damon McCoy
Journal of National Security Law and Policy, Vol. 8, No. 3, 2016.

Profiling Underground Merchants Based on Network Behavior
Srikanth Sundaresan, Damon McCoy, Sadia Afroz, and Vern Paxson
Proceedings of the IEEE Symposium on Electronic Crime Research (eCrime), Toronto, Canada, June 2016.

Stress Testing the Booters: Understanding and Undermining the Business of DDoS Services
Mohammad Karami, Youngsam Park and Damon McCoy
Proceedings of the World Wide Web Conference (WWW), Montreal, Canada, April 2016.

Characterizing Long-tail SEO Spam on Cloud Web Hosting Services
Xiaojing Liao, Chang Liu, Damon McCoy, Elaine Shi and Raheem Beyah
Proceedings of the World Wide Web Conference (WWW), Montreal, Canada, April 2016.

Understanding Craigslist Rental Scams
Youngsam Park, Damon McCoy and Elaine Shi
Proceedings of Financial Cryptography and Data Security Conference (FC), Barbados, February 2016.

Stressing Out: Bitcoin "Stress Testing"
Khaled Baqer, Danny Yuxing Huang, Damon McCoy and Nicholas Weaver
Workshop on Bitcoin and Blockchain Research (BITCOIN), Barbados, February 2016.

Do You See What I See: Differential Treatment of Anonymous Users
Sheharbano Khattak, David Fifield, Sadia Afroz, Mobin Javed, Srikanth Sundaresan, Vern Paxson, Steven J. Murdoch, and Damon McCoy
Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2016.

Full Publication List
Students
PhD
Maxwell Aliapoulios
Rasika Bhalerao
Ryan Brunt
Periwinkle Doerfler
Laura Edelson
Paz Grimberg
Mohammad Rezaeirad

Graduated
Mohammad Karami (PhD 2016) Google
Sean Palka (PhD 2015) Booz Allen Hamilton
Jason Clark (PhD 2014) CMU SEI
Hitesh Dharmdasani (MS 2013) FireEye -> Informant Networks
Teaching
CS 468 (Secure Programming and Systems) Spring 2014 (GMU)
ISA 656 (Network Security) Fall 2013 (GMU)
ISA 656 (Network Security) Spring 2013 (GMU)
CS 795-004/ISA 797-002 (Cyber Crime) Fall 2012
ISA 656 (Network Security) Spring 2012