I'm a PhD candidate in Computer Science at University of California, Santa Barbara, working in the Security Lab with professors Christopher Kruegel and Giovanni Vigna.

My research studies how to develop and apply program analysis techniques to secure the mobile platforms. My work currently focuses on the static analysis of Android applications, and it spans different research areas, such as malware detection, vulnerability analysis, and novel protection systems. See my publications for more details.

I enjoy building systems and making my research work available to the community: I'm involved in the development of Andrubis, a publicly-available system to analyze Android applications, and I'm the main developer and maintainer of Shellzer, the malicious shellcode analyzer used by Wepawet, a publicly-available system to analyze malicious web pages. I'm also the author of ShellNoob, an open-source toolkit that eases the development of shellcodes: despite its simplicity, it recently became quite popular and it's now part of the Kali Linux distribution! More info are in the tools page.

Finally, I'm a member of the Shellphish hacking team: other than playing as many Capture The Flag competitions as possible, every year we also organize our own, the International Capture The Flag (iCTF)! In my spare time, I play the piano and the guitar (currently not at the same time), and I enjoy playing poker and wasting my time solving usually-pointless puzzles.

More Information and Links
PDF (please email me for full version)
Google Scholar
Public profile
Public Key
PGP key
More Links
02/08/2016 - My paper "TriggerScope: Towards Detecting Logic Bombs in Android Apps" got accepted at IEEE S&P 2016!
12/16/2015 - The paper I contributed when working at Microsoft Research was accepted at ICSE'16!
10/27/2015 - Our paper on a large-scale study of how Android apps use native code has been accepted at NDSS'16!
08/11/2015 - Two of our papers on Android security got accepted at ACSAC'15!
05/29/2015 - I received the "2015 Outstanding Student Award" from the CS dept. at UCSB!
05/26/2015 - Our paper "CLAPP: Characterizing Loops in Android Applications" got accepted at FSE 2015!
02/08/2015 - Our paper "What the App is That? Deception and Countermeasures in the Android User Interface" got (conditionally) accepted at IEEE Security and Privacy 2015!
11/11/2015 - Our paper "EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework" got accepted at NDSS'15!
02/10/2014 - I'm excited to announce I'll join Microsoft Research for a summer internship!