PhD student at the UCSB's SecLab
I'm a fourth-year PhD student in Computer Science at University of California, Santa Barbara, working in the Computer Security Group under the supervision of professors Christopher Kruegel and Giovanni Vigna. In the previous years, I have earned a Bachelor and a Master degree in Computer Engineering at Politecnico di Milano, Italy, and a Master Degree in Computer Science at the University of Illinois at Chicago. I'm a member of the EpicFail and Shellphish hacking groups.
My recent research interests focus on the security of mobile systems. In particular, I work on many aspects related to the security of the Android platform, such as static and dynamic analysis of Android applications. I'm a contributor to the Androguard open source tool, and I'm involved in the development of Andrubis, a publicly-available service to analyze Android applications.
In the past, I did research on malware, in particular related to the shellcode detection and analysis. I'm the author and maintainer of Shellzer, a shellcode analyzer that I developed for my Master thesis. Starting from November 2011, Shellzer is used by Wepawet to process the shellcode samples detected during its analysis. You can find more information in the RAID'11 paper and in these two blog posts: this and that. More recently, I presented at Black Hat USA Arsenal 2013 ShellNoob, a shellcode writing toolkit. ShellNoob is fully open-source (hosted on GitHub), and is now part of the Kali Linux distribution.
In my spare time, I play the piano and the guitar (currently not at the same time), and I enjoy playing poker, too. I love to participate in CTF competitions and, more in general, to waste time in solving every kind of mind-hack-oriented puzzles. I also help organizing the International Capture The Flag (iCTF), the world's largest education hacking competition. Here there are some challenges I wrote: check them out!
05/29/2015 - I received the "2015 Outstanding Student Award" from the CS dept. at UCSB!
05/26/2015 - Our paper "CLAPP: Characterizing Loops in Android Applications" got accepted at FSE 2015!
02/08/2015 - Our paper "What the App is That? Deception and Countermeasures in the Android User Interface" got (conditionally) accepted at IEEE Security and Privacy 2015!
11/11/2015 - Our paper "EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework" got accepted at NDSS'15!
02/10/2014 - I'm excited to announce I'll join Microsoft Research for a summer internship!
11/18/2013 - Our paper on Remote Code Execution on Android got accepted at NDSS 2014!
10/07/2013 - ShellNoob will be included in the next Kali Linux release!
06/02/2013 - ShellNoob got accepted at Black Hat Arsenal!
04/29/2013 - First blog post: ShellNoob - a shellcode writing toolkit