PhD candidate at the UCSB Security Lab
I'm on the job market for faculty positions!
My research work spans various aspects of mobile security, such as malware detection, vulnerability analysis, emerging threats, and novel protection mechanisms. See my publication list for more details.
I enjoy building systems and making my research work available to the community: I'm involved in the development of Andrubis, a publicly-available system to analyze Android applications. In the past, I also developed and maintained Shellzer, the malicious shellcode analyzer used by Wepawet, a publicly-available system to analyze malicious web pages. I'm also the author of ShellNoob, an open-source toolkit that eases the development of shellcodes: despite its simplicity, it recently became quite popular and it's now part of the Kali Linux distribution! More info are in the tools page.
Finally, I'm a member of the Shellphish hacking team: other than playing as many Capture The Flag competitions as possible, every year we also organize our own, the International Capture The Flag (iCTF)! In my spare time, I play the piano and the guitar (currently not at the same time), and I enjoy playing poker and wasting my time solving usually-pointless puzzles.
08/24/2016 - Our work on ultrasonic cross-device tracking got accepted at Black Hat EU!
08/18/2016 - I am honored to serve on the USENIX Enigma'17 Program Committee!
07/23/2016 - Our paper "Drammer: Deterministic Rowhammer Attacks on Mobile Platforms" was accepted at CCS'16!
03/04/2016 - My paper "CLAPP: Characterizing Loops in Android Applications" received the Best Paper Award at GSWC'16!
02/08/2016 - My paper "TriggerScope: Towards Detecting Logic Bombs in Android Apps" got accepted at IEEE S&P 2016!
12/16/2015 - The paper I contributed when working at Microsoft Research was accepted at ICSE'16!
05/29/2015 - I received the "2015 Outstanding Student Award" from the CS dept. at UCSB!