PhD student at the UCSB's SecLab
My research studies how to develop and apply program analysis techniques to secure the mobile platforms. My work currently focuses on the static analysis of Android applications, and it spans different research areas, such as malware detection, vulnerability analysis, and novel protection systems. See my publications for more details.
I enjoy building systems and making my research work available to the community: I'm involved in the development of Andrubis, a publicly-available system to analyze Android applications, and I'm the main developer and maintainer of Shellzer, the malicious shellcode analyzer used by Wepawet, a publicly-available system to analyze malicious web pages. I'm also the author of ShellNoob, an open-source toolkit that eases the development of shellcodes: despite its simplicity, it recently became quite popular and it's now part of the Kali Linux distribution! More info are in the tools page.
Finally, I'm a member of the Shellphish hacking team: other than playing as many Capture The Flag competitions as possible, every year we also organize our own, the International Capture The Flag (iCTF)! In my spare time, I play the piano and the guitar (currently not at the same time), and I enjoy playing poker and wasting my time solving usually-pointless puzzles.
07/23/2016 - Our paper "Drammer: Deterministic Rowhammer Attacks on Mobile Platforms" was accepted at CCS'16!
03/04/2016 - My paper "CLAPP: Characterizing Loops in Android Applications" received the Best Paper Award at GSWC'16!
02/08/2016 - My paper "TriggerScope: Towards Detecting Logic Bombs in Android Apps" got accepted at IEEE S&P 2016!
12/16/2015 - The paper I contributed when working at Microsoft Research was accepted at ICSE'16!
05/29/2015 - I received the "2015 Outstanding Student Award" from the CS dept. at UCSB!