Who am I?

My name is Alexandros Kapravelos and I'm a fifth year PhD candidate at the University of California, Santa Barbara. My advisors are Giovanni Vigna and Christopher Kruegel. I'm a member of the Computer Security Group at UCSB and the Shellphish hacking team.

Research Interests

I'm interested in systems and software security and my current focus is on web security and in particular finding new ways to detect if a web page is malicious or not. I'm the lead developer of Wepawet's development and improvement. My latest project is tracking the evolution of malicious JavaScript with Revolver.

Last Blog Post

My last blog post is "Attacking home routers via JavaScript" where I explain an attack I found in the wild that targets the victim's local router via JavaScript.

last blog post


  1. Ad Injection at Scale: Assessing Deceptive Advertisement Modifications
    Kurt Thomas, Elie Bursztein, Chris Grier, Grant Ho, Nav Jagpal, Alexandros Kapravelos, Damon McCoy, Antonio Nappa, Vern Paxson, Paul Pearce, Niels Provos, Moheeb Abu Rajab
    IEEE Symposium on Security and Privacy, 2015
    [ PDF ]
  2. The Dark Alleys of Madison Avenue: Understanding Malicious Advertisements
    Apostolis Zarras, Alexandros Kapravelos, Gianluca Stringhini, Thorsten Holz, Christopher Kruegel, Giovanni Vigna
    IMC, 2014 (short paper)
    [ PDF ]
  3. Hulk: Eliciting Malicious Behavior in Browser Extensions
    Alexandros Kapravelos, Chris Grier, Neha Chachra, Chris Kruegel, Giovanni Vigna, and Vern Paxson
    USENIX Security, 2014
    [ PDF ]
  4. PExy: The other side of Exploit Kits
    Giancarlo De Maio, Alexandros Kapravelos, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna
    Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), 2014
    [ PDF ]
  5. Revolver: An Automated Approach to the Detection of Evasive Web-based Malware
    Alexandros Kapravelos, Yan Shoshitaishvili, Marco Cova, Christopher Kruegel, and Giovanni Vigna
    USENIX Security, 2013
    [ PDF ] [ presentation ] [ Revolver's website ]
  6. Cookieless Monster: Exploring the Ecosystem of Web-based Device Fingerprinting
    Nick Nikiforakis, Alexandros Kapravelos, Wouter Joosen, Christopher Kruegel, Frank Piessens, and Giovanni Vigna
    IEEE Symposium on Security and Privacy (S&P), 2013
    [ PDF ]
  7. You Are What You Include: Large-scale Evaluation of Remote JavaScript Inclusions
    Nick Nikiforakis, Luca Invernizzi, Alexandros Kapravelos, Steven Van Acker, Wouter Joosen, Christopher Kruegel, Frank Piessens, and Giovanni Vigna
    19th ACM Conference on Computer and Communications Security (CCS), ACM Press. USA, 2012.
    [ PDF ]
  8. Escape from Monkey Island: Evading High-Interaction Honeyclients
    Alexandros Kapravelos, Marco Cova, Christopher Kruegel, and Giovanni Vigna
    8th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2011
    [ PDF ]
  9. D(e|i)aling with VoIP: Robust Prevention of Dial Attacks
    Alexandros Kapravelos, Iasonas Polakis, Ilias Athanasopoulos, Sotiris Ioannidis, and Evangelos Markatos
    European Symposium on Research in Computer Security (ESORICS), 2010
    [ PDF ]
  10. Realistic Passive Packet Loss Measurement for High-Speed Networks
    Ales Friedl, Sven Ubik, Alexandros Kapravelos, Michalis Polychronakis, and Evangelos Markatos
    1st International Workshop on Traffic Monitoring and Analysis (TMA), 2009
    [ PDF ]
  11. Flexconf: A flexible conference assistant using context-aware notification services
    Nikos Armenatzoglou, Yannis Marketakis, Lito Kriara, Elias Apostolopoulos, Vicky Papavasiliou, Dimitris Kampas, Alexandros Kapravelos, Eythimis Kartsonakis, Giorgos Linardakis, Sofia Nikitaki,Antonis Bikakis, and Grigoris Antoniou
    On the Move to Meaningful Internet Systems: OTM Workshops, 2009
    [ PDF ]
  12. Passive end-to-end packet loss estimation for grid traffic monitoring
    Antonis Papadogiannakis, Alexandros Kapravelos, Michalis Polychronakis, Evangelos Markatos, and Augusto Ciuffoletti
    Proceedings of the CoreGRID Integration Workshop, 2006
    [ PDF ]


Alexandros Kapravelos
Computer Security Lab
Department of Computer Science
University of California, Santa Barbara

Santa Barbara, CA, 93106
kapravel [WAAAT] cs.ucsb.edu