2016
Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software
Kurt Thomas, Juan A. Elices Crespo, Ryan Rasti, Jean-Michel Picod, Cait Phillips, Marc-Andre Decoste, Chris Sharp, Fabio Tirelo, Ali Tofigh, Marc-Antoine Courteau, Lucas Ballard, Robert Shield, Nav Jagpal, Moheeb Abu Rajab, Panayiotis Mavrommatis, Niels Provos, Elie Bursztein, and Damon McCoy
Proceedings of the USENIX Security Symposium, Austin, TX, August 2016.

You've Got Vulnerability: Exploring Effective Vulnerability Notifications
Frank Li, Zakir Durumeric, Jakub Czyz, Mohammad Karami, Michael Bailey, Damon McCoy, Stefan Savage, and Vern Paxson
Proceedings of the USENIX Security Symposium, Austin, TX, August 2016.

A Security Analysis of an In Vehicle Infotainment and App Platform
Sahar Mazloom, Mohammad Rezaeirad, Aaron Hunter, and Damon McCoy
10th USENIX Workshop on Offensive Technologies (WOOT), Austin, TX , August 2016.

Deterring Financially Motivated Cybercrime
Zachary K. Goldman and Damon McCoy
Journal of National Security Law and Policy, Vol. 8, No. 3, 2016.

Profiling Underground Merchants Based on Network Behavior
Srikanth Sundaresan, Damon McCoy, Sadia Afroz, and Vern Paxson
Proceedings of the IEEE Symposium on Electronic Crime Research (eCrime), Toronto, Canada, June 2016.

Stress Testing the Booters: Understanding and Undermining the Business of DDoS Services
Mohammad Karami, Youngsam Park and Damon McCoy
Proceedings of the World Wide Web Conference (WWW), Montreal, Canada, April 2016.

Characterizing Long-tail SEO Spam on Cloud Web Hosting Services
Xiaojing Liao, Chang Liu, Damon McCoy, Elaine Shi and Raheem Beyah
Proceedings of the World Wide Web Conference (WWW), Montreal, Canada, April 2016.

Understanding Craigslist Rental Scams
Youngsam Park, Damon McCoy and Elaine Shi
Proceedings of Financial Cryptography and Data Security Conference (FC), Barbados, February 2016.

Stressing Out: Bitcoin "Stress Testing"
Khaled Baqer, Danny Yuxing Huang, Damon McCoy and Nicholas Weaver
Workshop on Bitcoin and Blockchain Research (BITCOIN), Barbados, February 2016.

Do You See What I See: Differential Treatment of Anonymous Users
Sheharbano Khattak, David Fifield, Sadia Afroz, Mobin Javed, Srikanth Sundaresan, Vern Paxson, Steven J. Murdoch, and Damon McCoy
Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2016.

2015
Fuzzing E-mail Filters with Generative Grammars and N-Gram Analysis
Sean Palka and Damon McCoy
9th USENIX Workshop on Offensive Technologies (WOOT 15), Washington, D.C., August 2015

Framing Dependencies Introduced by Underground Commoditization
Kurt Thomas, Danny Huang, David Wang, Elie Bursztein, Chris Grier, Thomas J. Holt, Christopher Kruegel, Damon McCoy, Stefan Savage, Giovanni Vigna
Workshop on the Economics of Information Security, Amsterdam, NL, June 2015

Ad Injection at Scale: Assessing Deceptive Advertisement Modifications
Kurt Thomas, Elie Bursztein, Chris Grier, Grant Ho, Nav Jagpal, Alexandros Kapravelos, Damon McCoy, Antonio Nappa, Vern Paxson, Paul Pearce, Niels Provos, Moheeb Abu Rajab
IEEE Symposium on Security & Privacy (Oakland 2014), San Jose, CA, May 2015.

Dynamic Phishing Content Using Generative Grammars
Sean Palka and Damon Mccoy
Proceedings of the IEEE Workshop on Security TestingGraz, Austria, April 2015

"I Saw Images I Didn't Even Know I Had:" Understanding User Perceptions of Cloud Storage Privacy
Jason W. Clark, Peter Snyder, Damon McCoy, Chris Kanich
Proceedings of the ACM Conference on Computer-Human Interaction, Seoul, Korea, April 2015

2014
Dialing Back Abuse on Phone Verified Accounts
Kurt Thomas, Dima Iatskiv, Elie Bursztein, Tadek Pietraszek, Chris Grier, Damon McCoy
Proceedings of the ACM Conference on Computer and Communications Security, Scotsdale, Arizona, November 2014

Characterizing Large-Scale Click Fraud in ZeroAccess
Paul Pearce, Vacha Dave, Chris Grier, Kirill Levchenko, Saikat Guha, Damon McCoy, Vern Paxson, Stefan Savage, and Geoffrey M. Voelker
Proceedings of the ACM Conference on Computer and Communications Security, Scotsdale, Arizona, November 2014

Search + Seizure: The Effectiveness of Interventions on SEO Campaigns
David Wang, Matthew Der, Mohammad Karami, Lawrence Saul, Damon McCoy, Stefan Savage, and Geoffrey M. Voelker
Proceedings of the ACM Internet Measurement Conference, Vancouver, BC, Canada, November 2014

The Check is in the Mail: Monetization of Craigslist Buyer Scams
Jackie Jones and Damon McCoy
IEEE eCrime Research Summit, Birmingham, AL, September 2014
Empirically Characterizing Domain Abuse and the Revenue Impact of Blacklisting
Neha Chachra, Damon McCoy, Stefan Savage, and Geoffrey M. Voelker
Proceedings of the Workshop on the Economics of Information Security (WEIS), State College, PA, June 2014.

Doppelgänger Finder: Taking Stylometry To The Underground
Sadia Afroz, Aylin Caliskan Islam, Ariel Stolerman, Rachel Greenstadt, Damon McCoy
IEEE Symposium on Security & Privacy (Oakland 2014), San Jose, CA, May 2014.

Constructing and Analyzing Criminal Networks
Hamed Sarvari, Ehab Abozinadah, Alex Mbaziira, Damon McCoy
IEEE International Workshop on Cyber Crime (IWCC 2014), San Jose, CA, May 2014.

Botcoin: Monetizing Stolen Cycles
Danny Yuxing Huang, Hitesh Dharmdasani, Sarah Meiklejohn, Vacha Dave, Kirill Levchenko, Alex C. Snoeren, Stefan Savage, Nicholas Weaver, Chris Grier, and Damon McCoy
Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2014.

Scambaiter: Understanding Targeted Nigerian Scams on Craigslist
Youngsam Park, Jackie Jones, Damon McCoy, Elaine Shi and Markus Jakobsson
Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2014.

2013
Rent to Pwn: Analyzing Commodity Booter DDoS Services
Mohammad Karami and Damon McCoy
USENIX ;login:, Vol. 38, No. 6, December 2013.
A Fistful of Bitcoins: Characterizing Payments Among Men with No Names
Sarah Meiklejohn, Marjori Pomarole, Grant Jordan, Kirill Levchenko, Damon McCoy, Geoffrey M. Voelker, and Stefan Savage
USENIX ;login:, Vol. 38, No. 6, December 2013.
A Fistful of Bitcoins: Characterizing Payments Among Men with No Names
Sarah Meiklejohn, Marjori Pomarole, Grant Jordan, Kirill Levchenko, Damon McCoy, Geoffrey M. Voelker, and Stefan Savage
Proceedings of the ACM Internet Measurement Conference, Barcelona, Spain, October 2013.
Folex: An Analysis of an Herbal and Counterfeit Luxury Goods Affiliate Program
Mohammad Karami, Shiva Ghaemi and Damon Mccoy
IEEE eCrime Research Summit, San Francisco, CA September 2013
Honor among thieves: A common's analysis of cybercrime economies
Sadia Afroz, Vaibhav Garg, Damon McCoy, Rachel Greenstadt
IEEE eCrime Research Summit, San Francisco, CA September 2013
Trafficking Fraudulent Accounts: The Role of the Underground Market in Twitter Spam and Abuse
Kurt Thomas, Damon McCoy, Chris Grier, Alek Kolcz, and Vern Paxson
Proceedings of the USENIX Security Symposium, August 2013.
OCTANE (Open Car Testbed and Network Experiments): Bringing Cyber-Physical Security Research to Researchers and Students
Christopher E. Everett and Damon McCoy
Proceedings of the Workshop on Cyber Security Experimentation and Test, Washington D.C., August 2013.
There Are No Free iPads: An Analysis of Survey Scams as a Busines
Jason W. Clark and Damon McCoy
Proceedings of the USENIX Workshop on Large-Scale Exploits and Emergent Threats, Washington D.C., August 2013.
Understanding the Emerging Threat of DDoS-as-a-Service
Mohammad Karami and Damon McCoy
Proceedings of the USENIX Workshop on Large-Scale Exploits and Emergent Threats, Washington D.C., August 2013.
2012
Priceless: The Role of Payments in Abuse-advertised Goods
Damon McCoy, Hitesh Dharmdasani, Christian Kreibich, Geoffrey M. Voelker and Stefan Savage
Proceedings of the ACM Conference on Computer and Communications Security, Raleigh, NC, October 2012.
Browser Exploits as a Service: The Monetization of Driveby Downloads
Chris Grier, Lucas Ballard, Juan Caballero, Neha Chachra, Christian J. Dietrich, Kirill Levchenko, Panayiotis Mavrommatis, Damon McCoy, Antonio Nappa, Andreas Pitsillidis, Niels Provos, Zubair Rafique, Moheeb Abu Rajab, Christian Rossow, Kurt Thomas, Vern Paxson, Stefan Savage, and Geoffrey M. Voelker
Proceedings of the ACM Conference on Computer and Communications Security, Raleigh, NC, October 2012.
PharmaLeaks: Understanding the Business of Online Pharmaceutical Affiliate Programs
Damon McCoy, Andreas Pitsillidis, Grant Jordan, Nicholas Weaver, Christian Kreibich, Brian Krebs, Geoffrey M. Voelker, Stefan Savage, and Kirill Levchenko
Proceedings of the USENIX Security Symposium, Bellevue, WA, August 2012.
2011
An Analysis of Underground Forums
Marti Motoyama, Damon McCoy, Stefan Savage, and Geoffrey M. Voelker
Proceedings of the ACM Internet Measurement Conference, Berlin, CA, November 2011.
Comprehensive Experimental Analysis of Automototive Attack Surfaces
Stephen Checkoway, Damon McCoy, Danny Anderson, Brian Kantor, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, Tadayoshi Kohno
Proceedings of the USENIX Security Symposium, San Francisco, CA, August 2011.
[ New York Times ]
Dirty Jobs: The Role of Freelance Labor in Web Service Abuse
Marti Motoyama, Damon McCoy, Kirill Levchenko, Geoffrey M. Voelker, Stefan Savage
Proceedings of the USENIX Security Symposium, San Francisco, CA, August 2011.
Show Me the Money: Characterizing Spam-advertised Revenue
Chris Kanich, Nicholas Weaver, Damon McCoy, Tristan Halvorson, Christian Kreibich, Kirill Levchenko, Vern Paxson, Geoffrey M. Voelker, Stefan Savage
Proceedings of the USENIX Security Symposium, San Francisco, CA, August 2011.
No Plan Survives Contact: Experience with Cybercrime Measurement
Chris Kanich, Neha Chachra, Damon McCoy, Chris Grier, David Wang, Marti Motoyama, Kirill Levchenko, Stefan Savage, Geoffrey M. Veolker
Proceedings of Workshop on Cyber Security Experimentation and Test (CSET), August 2011.
ExperimenTor: A Testbed for Safe and Realistic Tor Experimentation
Kevin Bauer, Micah Sherr, Damon McCoy, Dirk Grunwald
To appear at 4th USENIX Workshop on Cyber Security Experimentation and Test (CSET) San Francisco, CA, August 2011
DefenestraTor: Throwing out Windows in Tor
Mashael AlSabah, Kevin Bauer, Ian Goldberg, Dirk Grunwald, Damon McCoy, Stefan Savage, Geoffrey M. Voelker
Privacy Enhancing Technologies Symposium, Waterloo, Canada, July 2011
Click Trajectories: End-to-End Analysis of the Spam Value Chain
Kirill Levchenko, Neha Chachra, Brandon Enright, Mark Felegyhazi, Chris Grier, Tristan Halvorson, Chris Kanich, Christian Kreibich, He Liu, Damon McCoy, Andreas Pitsillidis, Nicholas Weaver, Vern Paxson, Geoffrey M. Voelker, Stefan Savage
Proceedings of the IEEE Symposium and Security and Privacy, Oakland, CA, May 2011
[ The New York Times, CBS ]
Proximax: A Measurement Based System for Proxies Dissemination
Damon McCoy, Jose Andre Morales, Kirill Levchenko
Financial Cryptography and Data Security, St. Lucia, February 2011

2010
Practical Defenses for Evil Twin Attacks in 802.11
Harold Gonzales, Kevin Bauer, Janne Lindqvist, Damon McCoy, Douglas Sicker
IEEE Globecom Communications and Information Security Symposium, Miami, FL, December 2010
Wifi-Reports: Improving Wireless Network Selection with Collaboration
Jeffrey Pang, Ben Greenstein, Michael Kaminsky, Damon McCoy, Srinivasan Seshan
IEEE Transactions On Mobile Computing, Vol. 9 2010
[ Wifi-Scanner Tool, Crawdad Data Set ]
Re: CAPTCHAs -- Understanding CAPTCHA Solving from an Economic Context
Marti Motoyama, Kirill Levchenko, Chris Kanich, Damon McCoy, Geoffrey M. Voelker, Stefan Savage
Proceedings of the USENIX Security Symposium, Washington, D.C., August 2010.
[ NPR, MIT Technology Review ]
Experimental Security Analysis of a Modern Automobile
Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Tadayoshi Kohno, Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage
Proceedings of the IEEE Symposium and Security and Privacy, Oakland, CA, May 2010
[ Automotive Security Project Web Page ] [ The New York Times, PC World, Technology Review, Slashdot, Popular Science, BBC ]

2009
BitStalker: Accurately and Efficiently Monitoring BitTorrent Traffic
Kevin Bauer, Damon McCoy, Dirk Grunwald, Douglas Sicker
Proceedings of the 1st IEEE Workshop on Information Forensics and Security , London, United Kingdom, December, 2009
[Slashdot]
The Directional Attack on Wireless Localization - or - How to Spoof your Location with a Tin Can
Kevin Bauer, Damon McCoy, Eric Anderson, Markus Breitenbach, Greg Grudic, Dirk Grunwald, Douglas Sicker
Proceedings of the IEEE Globecom Communications and Information Security Symposium , Honolulu, HI, USA, November, 2009
[ Crawdad Data Set]
Physical Layer Attacks on Unlinkability in Wireless LANs
Kevin Bauer, Damon McCoy, Ben Greenstein, Dirk Grunwald, Douglas Sicker
Proceedings of the 9th Privacy Enhancing Technologies Symposium (PETS 2009) , Seattle, WA, USA, August, 2009
[ Crawdad Data Set]
Wifi-Reports: Improving Wireless Network Selection with Collaboration
Jeffrey Pang, Ben Greenstein, Michael Kaminsky, Damon McCoy, Srinivasan Seshan
MobiSys '09: 7th International Conference on Mobile Systems, Applications, and Services, 2009, Krakow, Poland
[ Wifi-Scanner Tool Crawdad Data Set]

2008
Mitigating Evil Twin Attacks in 802.11
Kevin Bauer, Harold Gonzales, Damon McCoy
Proceedings of 1st IEEE International Workshop on Information and Data Assurance (WIDA 2008) in conjunction with the 27th IEEE International Performance Computing and Communications Conference (IPCCC 2008) , Austin, TX, USA, December, 2008
BitBlender: Light-Weight Anonymity for BitTorrent
Kevin Bauer, Damon McCoy, Dirk Grunwald, Douglas Sicker
Proceedings of the Workshop on Applications of Private and Anonymous Communications (AlPACa 2008) in conjunction with SecureComm 2008 , Istanbul, Turkey, September, 2008
Shining Light in Dark Places: Understanding the Tor Network
Damon McCoy, Kevin Bauer, Dirk Grunwald, Tadayoshi Kohno, Douglas Sicker
Proceedings of the 8th Privacy Enhancing Technologies Symposium (PETS 2008) , Leuven, Belgium, July, 2008
Improving Wireless Privacy with an Identifier-Free Link Layer Protocol (Best Paper Award.)
Ben Greenstein, Damon McCoy, Jeffrey Pang, Tadayoshi Kohno, Srinivasan Seshan, David Wetherall
MobiSys '08: 6th International Conference on Mobile Systems, Application, and Services , Breckenridge, CO, USA, June, 2008
[ More information (including SlyFi code) ]

2007
Tryst: The Case for Confidential Service Discovery
Jeffrey Pang, Ben Greenstein, Damon McCoy, Srinivasan Seshan, David Wetherall
HotNets VI: The Sixth Workshop on Hot Topics in Networks , Atlanta, GA, USA, October, 2007
Low-Resource Routing Attacks Against Tor
Kevin Bauer, Damon McCoy, Dirk Grunwald, Tadayoshi Kohno, Douglas Sicker
Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2007) , Alexandria, VA, USA, October, 2007
[ Slashdot FAQ Technical Report ]
A Mechanism for Detecting and Responding to Misbehaving Nodes in Wireless Networks
Damon McCoy, Douglas Sicker, Dirk Grunwald
SDR Workshop, IEEE SECON , 2007

2006
Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting
Jason Franklin, Damon McCoy, Parisa Tabriz, Vicentiu Neagoe, Jamie Van Randwyk, Douglas Sicker
Proceedings of the 15th USENIX Security Symposium , Vancouver, BC, Canada, August, 2006
[Slashdot Sandia Labs CNBC (WMV Video)]