PhD student at the UCSB's SecLab
I'm a third year PhD student in Computer Science at University of California, Santa Barbara, working in the Computer Security Group under the supervision of professors Christopher Kruegel and Giovanni Vigna. In the previous years, I have earned a Bachelor and a Master degree in Computer Engineering at Politecnico di Milano, Italy, and a Master Degree in Computer Science at the University of Illinois at Chicago. I'm a member of the EpicFail and Shellphish hacking groups.
My recent research interests focus on the security of mobile systems. In particular, I work on many aspects related to the security of the Android platform, such as static and dynamic analysis of Android applications. I'm a contributor to the Androguard open source tool, and I'm involved in the development of Andrubis, a publicly-available service to analyze Android applications.
In the past, I did research on malware, in particular related to the shellcode detection and analysis. I'm the author and maintainer of Shellzer, a shellcode analyzer that I developed for my Master thesis. Starting from November 2011, Shellzer is used by Wepawet to process the shellcode samples detected during its analysis. You can find more information in the RAID'11 paper and in these two blog posts: this and that. More recently, I presented at Black Hat USA Arsenal 2013 ShellNoob, a shellcode writing toolkit. ShellNoob is fully open-source (hosted on GitHub), and is now part of the Kali Linux distribution.
In my spare time, I play the piano and the guitar (currently not at the same time), and I enjoy playing poker, too. I love to participate in CTF competitions and, more in general, to waste time in solving every kind of mind-hack-oriented puzzles. I also help organizing the International Capture The Flag (iCTF), the world's largest education hacking competition. Here there are some challenges I wrote: check them out!
10/07/2013 - ShellNoob will be included in the next Kali Linux release!
07/19/2013 - Our paper entitled "An Empirical Study of Cryptographic Misuse in Android Applications" got accepted at ACM CCS 2013!
07/18/2013 - I recevied a USENIX student travel grant!
06/16/2013 - We qualified for DEFCON 21 CTF Finals with the Shellphish team.
06/02/2013 - ShellNoob got accepted at Black Hat Arsenal!
04/29/2013 - First blog post: ShellNoob - a shellcode writing toolkit