WHO AM I?


Marco's headshot Dr. Marco Balduzzi
Marco's LinkedIn Marco's Twitter Marco's Github Marco's Mastodon

Welcome to my page! I am a team leader and principal researcher in computer and network security. I hold Ph.D. in system security from Télécom ParisTech and an M.Sc. in computer engineering from the University of Bergamo. My interests encompass all aspects of IT security, with a particular emphasis on real-world problems that affect systems and networks. Some topics that I specialize in are web security, code analysis, malware detection, cybercrime, online privacy, and ICS threats.

I have been involved in the security domain since 2002, with international experience in both industry and academia. With previous experience as a security engineer and a proven record of successful R&D projects, I am currently a technical research lead at Trend Micro.

With over 50 talks at major cybersecurity events such as RSA, Black Hat and Hack In The Box, I am considered a veteran speaker. I regularly engage with the research community and serve on the program committees of conferences and workshops. My work has been published in the proceedings of top peer-reviewed conferences such as NDSS, RAID, and ACSAC, and has been featured by distinguished media outlets such as BBC, CNN, Forbes, The Register, Slashdot, InfoWorld, and DarkReading.

As a free software sympathizer, I am involved in open-source projects and underground hacking communities. In my free time, I enjoy rock climbing, alpinism, and traveling.

A good summary of my skills includes: team leadership, project and people management, excellent technical writing and public speaking, principal researcher, software architect and developer, ethical hacker, passionate about computer and network security topics, naturally curious.

You can contact me via email (my_name.my_surname@madlab.it), LinkedIn or Twitter.


LATEST



EDUCATION



PROFESSIONAL ACTIVITIES



PUBLICATIONS


List of publications: DBLP, Google Scholar

"A Security Analysis of CNC Machines in Industry 4.0"
Marco Balduzzi, Francesco Sortino, Fabio Castello, Leandro Pierguidi
The 20th Conference on Detection of Intrusions and Malware & Vulnerability Assessment
DIMVA 2023, Hamburg, Germany, July 12-14 2023

[ abstract, pdf ]

"An Empirical Evaluation of CNC Machines in Industry 4.0 (short paper)"
Marco Balduzzi, Francesco Sortino, Fabio Castello, Leandro Pieguidi
The 17th International Conference on Critical Information Infrastructures Security
CRITIS 2022, Munich, Germany, September 14-16 2022

[ abstract, pdf, bib ]

"Smart Factory Security: A Case Study on a Modular Smart Manufacturing System"
Marcello Pogliani, Federico Maggi, Marco Balduzzi, Davide Quarta, Stefano Zanero, Giacomo Tavola, Walter Quadrini
The 2020 International Conference on Industry 4.0 and Smart Manufacturing
ISM 2020, Linz, Austria Virtual, 23-25 November 2020

[ abstract, pdf, bib ]

"Detecting Insecure Code Patterns in Industrial Robot Programs"
Marcello Pogliani, Federico Maggi, Marco Balduzzi, Davide Quarta, Stefano Zanero
The 15th ACM Asia Conference on Computer and Communications Security
AsiaCCS 2020, Taipei, Taiwan Virtual, October 5-9 2020

[ abstract, pdf, bib ]

"Good to Bad: When Industrial Protocol Translation Goes Wrong (technical report)"
Marco Balduzzi, Charles Perine, Philippe Lin, Ryan Flores, Rainer Vosseler, Luca Bongiorni
The 15th International Conference on Critical Information Infrastructures Security
CRITIS 2020, Bristol, UK Virtual, September 2-3 2020

[ abstract, pdf ]

"A Security Evaluation of Industrial Radio Remote Controllers"
Federico Maggi, Marco Balduzzi, Jonathan Andersson, Philippe Lin, Stephen Hilt, Akira Urano, Rainer Vosseler
The 16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment
DIMVA 2019, Götheborg, Sweden, June 19-20 2019

[ abstract, pdf, bib ]

"Investigating Web Defacement Campaigns at Large"
Federico Maggi, Marco Balduzzi, Ryan Flores, Lion Gu, Vincenzo Ciancaglini
The 13th ACM Asia Conference on Computer and Communications Security
AsiaCCS 2018, Incheon, Korea, June 4-7 2018

[ abstract, pdf, bib ]

"Exploring the Long Tail of (Malicious) Software Downloads"
Babak Rahbarinia, Marco Balduzzi, Roberto Perdisci
The 47th IEEE/IFIP International Conference on Dependable Systems and Networks
DSN 2017, Denver, Colorado, USA, June 26-29 2017

[ abstract, pdf, bib ]

"Attacks Landscape in the Dark Side of the Web" (Best Paper Award)
Onur Catakoglu, Marco Balduzzi, Davide Balzarotti
The 16th Edition of the Computer Security track at the 32th ACM Symposium on Applied Computing
SEC@SAC 2017, Marrakech, Morocco, April 3-7 2017

[ abstract, pdf, bib ]

"Real-Time Detection of Malware Downloads via Large-Scale URL->File->Machine Graph Mining"
Babak Rahbarinia, Marco Balduzzi, Roberto Perdisci
The 11th ACM Asia Conference on Computer and Communications Security
AsiaCCS 2016, Xi'an, China, May 30 - June 3 2016

[ abstract, pdf, bib, slides ]

"MobiPot: Understanding Mobile Telephony Threats with Honeycards"
Marco Balduzzi, Payas Gupta, Lion Gu, Debin Gao and Mustaque Ahamad
The 11th ACM Asia Conference on Computer and Communications Security
AsiaCCS 2016, Xi'an, China, May 30 - June 3 2016

[ abstract, pdf bib ]

"Automatic Extraction of Indicators of Compromise for Web Application"
Onur Catakoglu, Marco Balduzzi, Davide Balzarotti
The 25th International World Wide Web Conference
WWW 2016, Montreal, Canada, April 11-15 2016

[ abstract, pdf, bib, slides ]

"A Security Evaluation of AIS, Automated Identification System"
Marco Balduzzi, Alessandro Pasta, Kyle Wilhoit
The 30th Annual Computer Security Applications Conference
ACSAC 2014, New Orleans, Louisiana, USA, December 8-12 2014

[ abstract, pdf, bib, slides, sourcecode ]

"Soundsquatting: Uncovering the use of homophones in domain squatting" (Best Paper Award)
Nick Nikiforakis, Marco Balduzzi, Lieven Desmet, Frank Piessens, Wouter Joosen
The 17th Information Security Conference
ISC 2014, Hong Kong, October 12-14 2014

[ abstract, pdf, bib, slides ]

"Automated Measurements of Novel Internet Threats [Paperback]"
Dr. Marco Balduzzi
LAP LAMBERT Academic Publishing, ISBN 978-3-659-41582-1, 120 pages, July 20 2013
[ description, book, bib, cover ]

"Targeted Attacks Detection With SPuNge"
Marco Balduzzi, Vincenzo Ciangaglini, Robert McArdle
The 11th Annual Conference on Privacy, Security and Trust
PST 2013, Tarragona, Catalonia, July 10-12 2013

[ abstract, pdf, bib ]

"The Role of Phone Numbers in Understanding Cyber-Crime Schemes"
Andrei Costin, Jelena Isacenkova, Marco Balduzzi, Aurélien Francillon, Davide Balzarotti
The 11th Annual Conference on Privacy, Security and Trust
PST 2013, Tarragona, Catalonia, July 10-12 2013

[ abstract, pdf, bib ]

"The role of phone numbers in understanding cyber-crime (technical report)"
Andrei Costin, Jelena Isacenkova, Marco Balduzzi, Aurélien Francillon, Davide Balzarotti
EURECOM Research Report RR-13-277, February 2013
[ abstract, pdf, bib ]

"Web Application Security, Dagstuhl Seminar 12401 (conference report)"
Lieven Desmet, Martin Johns, Benjamin Livshits, Andrei Sabelfeld
Schloss Dagstuhl, 30/09/12 - 05/10/12
[ abstract, pdf, bib ]

"A Security Analysis of Amazon's Elastic Compute Cloud Service"
Marco Balduzzi, Jonas Zaddach, Davide Balzarotti, Engin Kirda, Sergio Loureiro
The 11th Edition of the Computer Security track at the 27th ACM Symposium on Applied Computing
SEC@SAC 2012, Trento, Italy, March 26-30 2012

[ abstract, pdf, bib, press (forbes| infoWorld| ZDNet) ]

"Reverse Social Engineering Attacks in Online Social Networks"
Danesh Irani, Marco Balduzzi, Davide Balzarotti, Engin Kirda, Calton Pu
The 8th Conference on Detection of Intrusions and Malware & Vulnerability Assessment
DIMVA 2011, Amsterdam, The Netherlands, July 7-8 2011

[ abstract, pdf, bib, slides ]

"Exposing the Lack of Privacy in File Hosting Services"
Nick Nikiforakis, Marco Balduzzi, Steven Van Acker, Wouter Joosen, Davide Balzarotti
The 4th Usenix Workshop on Large-Scale Exploits and Emergent Threats
LEET 2011, Boston, US, March 29 2011

[ abstract, pdf, bib, slides, press (the register| slashdot) ]

"Automated Discovery of Parameter Pollution Vulnerabilities in Web Applications" (Best Paper Award)
Marco Balduzzi, Carmen Torrano Gimenez, Davide Balzarotti, Engin Kirda
The 18th Annual Network and Distributed System Security Symposium
NDSS 2011, San Diego, US, February 6-9 2011

[ abstract, pdf, bib, code ]

"EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis"
Leyla Bilge, Engin Kirda, Christopher Kruegel, Marco Balduzzi
The 18th Annual Network and Distributed System Security Symposium
NDSS 2011, San Diego, US, February 6-9 2011

[ abstract, pdf, bib, slides ]

"A Summary of Two Practical Attacks against Social Networks (invited paper)"
Leyla Bilge, Marco Balduzzi, Davide Balzarotti, Engin Kirda
The 21st Tyrrhenian Workshop on Digital Communications: Trustworthy Internet
Island of Ponza, Italy, September 6-8 2010

[ abstract, bib ]

"Abusing Social Networks for Automated User Profiling"
Marco Balduzzi, Christian Platzer, Thorsten Holz, Engin Kirda, Davide Balzarotti and Christopher Kruegel
The 13th International Symposium on Recent Advances in Intrusion Detection
RAID 2010, Ottowa, Canada, September 15-17 2010

[ abstract, pdf, bib, slideshare ]

"Security by virtualization: A novel antivirus for personal computers [Paperback]"
Marco Balduzzi
VDM Verlag Dr. Müller e.K., ISBN 978-3-639-25624-6, Paperback, 104 pages, May 7 2010
[ description, book, bib, cover ]

"Take a Deep Breath: a Stealthy, Resilient and Cost-Effective Botnet Using Skype"
Antonio Nappa, Aristide Fattori, Marco Balduzzi, Matteo Dell'Amico and Lorenzo Cavallaro
The 7th Conference on Detection of Intrusions and Malware & Vulnerability Assessment
DIMVA 2010, Bonn, Germany, July 8-9 2010

[ abstract, pdf, bib, slides ]

"A Solution for the Automated Detection of Clickjacking Attacks"
Marco Balduzzi, Manuel Egele, Engin Kirda, Davide Balzarotti, Christopher Kruegel
The 5th ACM Symposium on Information, Computer and Communications Security
AsiaCCS 2010, Beijing, China, April 13-16 2010

[ abstract, pdf, bib ]


WHITE PAPERS AND TECHNICAL REPORTS



TALKS


Academic Conferences

  • DIMVA 2023, Hamburg, Germany
  • CRITIS 2022, Munich, Germany
  • ISM 2020, Linz, Austria Virtual
  • AsiaCCS 2020, Taipei, Taiwan Virtual
  • CRITIS 2020, Bristol, UK Virtual
  • DIMVA 2019, Götheborg, Sweden
  • AsiaCCS 2018, Incheon, Korea
  • DSN 2017, Denver, US
  • SEC@SAC 2017, Marrakech, Morocco
  • AsiaCCS 2016, Xi'an, China
  • WWW 2016, Montreal, Canada
  • ACSAC 2014, New Orleans, US
  • ISC 2014, Hong Kong
  • BTIA 2014, Summer School, Cagliari, Italy
  • PST 2013, Tarragona, Spain
  • Schloss Dagstuhl, Web Application Security Seminar 2012, Saarbrucken, Germany
  • SEC@SAC 2012, Trento, Italy
  • DIMVA 2011, Amsterdam, NL
  • LEET 2011, Boston, US
  • NDSS 2011, San Diego, US
  • RAID 2010, Ottawa, Canada
  • DIMVA 2010, Bonn, Germany
  • AsiaCCS 2010, Beijing, China

Hacking & Security Conferences (selected list only)

A Security Analysis of Computer Numerical Control Machines in Industry 4.0
* CONFidence 2023, Kracow, Poland - 06/06/2023 [ abstract ]
* Hack In The Box 2023 (HITB AMS), Amsterdam, Netherlands - 21/04/2023 [ abstract, video recording ]

Abusing CNC Technologies, Black Hat Europe 2022, London, UK - 5-8/12/2022
[ abstract, slides, video recording]

The Security Risks of 4.0 CNC Machines, ICS Cyber Security Conference 2022, Atlanta, USA - 27/10/2022
[ abstract ]

Ethical Hacker, TEDxBergamo, Italy - 25/09/2022
[ photos archive ]

The unfortunate journey of radio-protocol mistakes, CONFidence Legends, Virtual - 07/09/2021
[ abstract, slides ]

Capture the Signal: Running Wireless IoT CTFs Remotely!, Black Hat USA Arsenal 2021, Las Vegas, USA - 05/08/2021
[ abstract, slides ]

Lost in Translation: When Industrial Protocol Translation goes Wrong
* INSEC WORLD, Chengdu, China - 26/11/2020
* ICS Cyber Security Conference, Atlanta, USA Virtual - 19/10/2020 [ abstract]
* SECURE 2020, Warsaw, Poland, Virtual - 06/10/2020 [ abstract]
* CONFidence 2020, Krakow, Poland Virtual - 08/09/2020 [ abstract, slides (slideshare) ]

OTRazor: Static Code Analysis for Vulnerability Discovery in Industrial Automation Scripts, Black Hat USA 2020, Las Vegas, USA Virtual - 01-06/08/2020
[ abstract, slides ]

Industrial Protocol Gateways Under Analysis, Black Hat USA 2020, Las Vegas, USA Virtual - 01-06/08/2020
[ abstract, slides ]

Security Risk Assessment of Radio-Enabled Technologies, SCSD 2020, Fribourg, Switzerland - 13/02/2020 (invited talk)
[ abstract, slides (slideshare) ]

Attacking industrial remote controllers for fun and profit
* ISACA and OWASP Conference 2019, Venice, Italy - 03/10/2019 (invited talk)
* CONFidence 2019, Krakow, Poland - 03/06/2019 [ abstract, video recording ]
* Hack In The Box 2019 (HITB AMS), Amsterdam, Netherlands - 09/05/2019 [ abstract, slides (slideshare), video recording ]

Risk and Threats of the Healthcare Industry, Z-Cert European Conference, Amsterdam - 24/01/2019 (invited talk)

Using Machine-Learning to Investigate Web Campaigns at Large
* Hack In The Box 2018 (HITB PEK), Beijing, China - 02/11/2018 (invited talk) [ abstract ]
* 8.8 Infinity 2018, Santiago, Chile - 26/10/2018 (invited talk) [ abstract ]

Behind the scene of malware operators: insights and countermeasures, CONFidence 2018, Krakow, Poland - 04/06/2018
[ abstract, slides (slideshare) ]

Cyber-crime and Attacks in the Dark Side of the Web
* Code Motion 2018, Amsterdam, Netherlands - 08/05/2018 (invited talk) [ abstract, slides ]
* Code Motion 2017, Milan, Italy - 10/11/2017 (invited talk) [ abstract ]
* RSA Conference 2017, Abu Dhabi, UAE - 07-08/11/2017
* ISACA and OWASP Conference 2017, Venice, Italy - 06/10/2017 (invited talk) [ abstract ]

DefPloreX: A Machine-Learning Toolkit for Large-scale eCrime Forensics, Black Hat USA 2017 Arsenal, Las Vegas NV - 27/07/2017
[ abstract, slides, teaser video ]

Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem, APWG eCrime, Scottsdale, Arizona - 26/04/2017
[ agenda, slides (slideshare), blog, press (Dark Reading, Info Security, SC Magazine) ]

Mobile-Telephony Threats in Asia, Black Hat Asia 2017, Singapore - 31/03/2017
[ abstract, slides, blog, paper ]

Cyberdéfense et détection du hacking, Ecole Polytechnique, Paris - 01/12/2016 (invited talk)

Plead APT, EECTF Plenary Meeting, Rome - 22/11/2016 (invited talk)
[ slides (slideshare) ]

Black Hat Europe 2016, London, UK - 1-4/11/2016
- Traditional AV Is Dead? Real-Time Machine-Learning Detection of Modern Malware Downloads (sponsored talk) [ abstract, slides ]
- Machine-Learning Use and Validation of Indicators of Compromise for Early Detection (sponsored talk) [ abstract, slides ]

HackInBo, Bologna, Italy - 14-15/05/2016 (invited talk)
[ video recording ]

Automatic Extraction of Indicators of Compromise for Web Application. RuhrSec, Bochum (Germany) - 29/04/2016 (invited talk)
[ slides (slideshare), photos, video recording ]

Cybercrime In The DeepWeb:
- OWASP NL Chapter Event (invited talk)
- Black Hat Europe 2015, Amsterdam, Netherlands - 12/11/2015 [ abstract, slides (slideshare), video recording ]
- Hack In The Box 2015 (HITB GSEC), Singapore - 15/10/2015 [ abstract, video recording, press (Motherboard VICE) ]

Targeted attacks detection and investigations. ISACA and OWASP Conference, Mestre, Italy - 07/10/2015 (keynote talk) [abstract]
Security Summit, Milan, Italy - 17/03/2015 (invited talk)

AIS Exposed. New vulnerabilities and attacks. Hack In The Box 2014 (HITB AMS), Amsterdam, Netherlands - 28/05/2014
[ abstract, slides (slideshare), press (PCWorld | CHE FUTURO) ]

AIS Exposed. Understanding Vulnerabilities and Attacks 2.0, Black Hat Asia 2014, Singapore - 27/03/2014
[ abstract, video recording ]

ISACA and OWASP Conference, Venice, Italy - 03/10/2014 (invited talk)
The Vessel Tracking & Monitoring Conference, London, UK - 27/02/2014
Security Summit, Milan, Italy - 18/03/2014 (invited talk)

Hey Captain, Where’s Your Ship? Attacking Vessel Tracking Systems for Fun and Profit, Hack In The Box 2013 (HITB KUL), Kuala Lumpur, Malaysia - 16/10/2013
[ abstract, slides (slideshare), press (ABC News | Net Security | MIT Techology Review | Softpedia) ]

HTTP(S)-Based Clustering for Assisted Cybercrime Investigations
- OWASP AppSec Research Europe 2013, Hamburg, Germany - 22/08/2013 [ abstract, slides (slideshare), video recording ]
- OWASP Italy @ Security Summit 2014, Milan, Italy - 18/03/2014

Cutting-edge research in system security, OWASP Italy Day 2012, Rome, Italy - 23/11/2012 (invited talk)
[ slides ]

SatanCloud: Un Viaje por los Riesgos a la Privacidad y Seguridad del Cloud Computing
- SECURITY-ZONE 2012, Cali, Colombia - 06/12/2012 (invited talk) [abstract]
- 8dot8 Computer Security Conference 2012, Santiago, Chile - 18/10/2012 (invited talk) [abstract, press (El Mercurio)]

SatanCloud: A Journey Into the Privacy and Security Risks of Cloud Computing, Hack In The Box 2012 (HITB AMS), Amsterdam, Netherlands - 25/05/2012
[ abstract, slides (slideshare), video recording ]

A journey into the privacy and security risks of a cloud computing service, Black Hat Webcast Series, April 2012 - 19/04/2012 (invited talk)
[ abstract, slides ]

Detección Automática de vulnerabilidades HPP en aplicaciones Web
- SECURITY-ZONE 2011, Cali, Colombia - 28/11/2011 (invited talk) [ abstract ]
- 8dot8 Computer Security Conference, Santiago, Chile - 18/11/2011 [ abstract, press (yahoo!) ]

Attacking the Privacy of Social Network Users, Hack In The Box 2011 (HITB KUL), Kuala Lumpur, Malaysia - 11/10/2011
[ abstract, slides (slideshare), video recording, press ]

Automated Detection of HPP Vulnerabilities in Web Applications, Black Hat USA 2011, Las Vegas, NV - 04/08/2011
[ abstract, slides v.03 ]

The (in)security of File Hosting Services, OWASP Netherlands Chapter Meeting, Amsterdam - 06/07/2011 (invited talk)
[ abstract, slides (pdf) ]

Emerging Attacks on Social Networks, FORTINET, Sophia-Antipolis - 30/06/2011 (invited talk)

HPP v.02, Black Hat Webcast Series, May 2011 - 25/05/2011 (invited talk)
[ abstract + registration, slides v.02 ]

Building Large Scale Detectors for Web-based Malware (Cova, Canali), OWASP AppSec Europe 2011, Dublin, Ireland - 09/07/2011
[ Conference Page, slides (pdf) ]

HTTP Parameter Pollution, Swiss Cyber Storm 2011, Rapperswil, Switzerland - 12/05/2011
[ abstract, video recording ]

Security Info Session, SAP - 27/04/2011 (invited talk)

CSI Filter 3, Computer Security Institute - 07/04/2011 (invited talk)
[ program ]

HTTP Parameter Pollution Vulnerabilities in Web Applications, Black Hat Europe 2011, Barcelona, Spain - 17/03/2011
[ abstract, whitepaper, slides (pdf), slides (slideshare), press (forbes | la stampa) ]

Clickjacking, OWASP BeNeLux 2010, Eindhoven, Netherlands - 02/11/2010 (invited talk)
[ pdf, odp, html ]

New Insights into Clickjacking, OWASP AppSec Research Europe 2010, Stockholm, Sweden - 24/06/2010
[ pdf, odp, html, slideshare, video recordings (1, 2) ]

Security by Virtualization, Metro Olografix Hacking Party, Pescara, Italy - 19/05/2007
[ pdf ]

Network multimedia with GNU/Linux, LinuxDay @ School by BgLUG, Val Seriana, Italy - 04/03/2006
[ pdf sxi ]

Secure networking with GNU/Linux, LinuxDay 2005, Bergamo, Italy - 26/11/2005
[ pdf sxi html recording-mp3 ]

Introduction to software development in the GNU/Linux environment (particular references to C language), Version 0.2, LinuxDay 2004, Bergamo, Italy - 27/11/2004
[ pdf sxi html ]

Risks and insecurities of IT infrastructures, SatEXPO 2004, Vicenza, Italy - 30/09/2004
[ pdf sxi html ]

Techniques for prevention, protection and identification of IT attacks, SatEXPO 2004, Vicenza, Italy - 30/09/2004
[ pdf sxi html ]

Introduction to software development in the GNU/Linux environment (particular references to C language), MOCA 2004, Pescara, Italy - 21/05/2004
[ pdf sxi html ]

Network programming with libpcap and libnet, Webb.it 2004, Padova, Italy - 06/05/2004
[ pdf sxi html example-sources ]

Security analysis of routing protocols, Security Date 2004, Ancona, Italy - 29/04/2004
[ pdf sxi html ]

Intrusion Detection Systems (IDS): state of art and research, HackMeeting 2004, Genova, Italy - 02/04/2004
[ pdf html ]

Security of the GNU/Linux operating systems, Linuxday 2003, Bergamo, Italy - 29/11/2003
[ pdf ]

Low-level network programming with libpcap and libnet, HackMeeting 2003, Torino, Italy - 20/06/2003
[ pdf sxi html example-sources ]

Media (selected list only)

  • Privacy and security in the darkweb, Studio Aperto (Italian TV news) [ link ]
  • Hacking subculture and ethical hackers, TEDx Bergamo (Italian) [ link ]


INVOLVEMENTS



Program Committees and Review Boards

I served in the following program committees and review boards:

Conferences

  • WWW 2024 // The Web Conference (Security Track)
  • IoT-SCTI 2023 // ACSAC Workshop on IoT Security and Cyber Threat Intelligence
  • CSET 2023, 2024 // USENIX Workshop on Cyber Security Experimentation and Test
  • ACSAC 2022, 2023, 2024 // Annual Computer Security Applications Conference
  • DIMVA 2015, 2016, 2019, 2020, 2021, 2023 (PC Co-Chair of Industrial Track) // Conference on Detection of Intrusions and Malware & Vulnerability Assessment
  • eCrime 2014, 2017, 2018 // APWG Symposium on Electronic Crime Research, Academic Track
  • ITA-SEC 2017-2019 // Italian Conference on Cyber Security, Industrial and Demo Tracks
  • HITB 2014-2024 // Hack In The Box Conference
  • OWASP AppSec Global 2019 (Tel Aviv + Amsterdam)
  • OWASP AppSec Europe 2015, 2016 (PC Co-Chair), 2017 (PC Co-Chair), 2018
  • TrustCom 2019, 2020, 2021, 2023 // IEEE International Conference on Trust, Security and Privacy in Computing and Communications
  • CARDS 2019 // 11th EAI International Conference on Cyber Attacks Response and Defense (formerly ICDF2C)
  • IoTsm 2018 // International Conference on Industrial Internet of Things and Smart Manufacturing, Security Track
  • IBMSGS 2015 // International Summit on Bio-Metrics and Smart Government
  • CEEC 2014 // 6th Computer Science and Electronic Engineering Conference
  • WNM 2013 // 7th IEEE Workshop on Network Measurements

Journals

  • Computers & Security, 2024
  • MDPI Applied Science, 2022
  • ACM Transactions on Internet Technology, 2021
  • Journal of Marine Science and Engineering, 2021
  • Elsevier Computer & Security, 2019
  • ACM Transactions on Privacy and Security, 2018
  • Journal of Software: Practice and Experience, 2018
  • MDPI Sensors, 2017
  • ACM Journal of Data and Information Quality, JDIQ 2015
  • IEEE Transactions on Dependable and Secure Computing, TDSC 2014
  • User Community Discovery in the Web and the Social Web, Springer Book 2014
  • Journal of Computer Security, JCS 2012
  • Occasional Journal Writer for Hakin9, Software Press 2011

Organizations

  • Founder and co-organizer of No Hat, a yearly international conference in Italy (Twitter)
  • Co-founder and co-organizer of the Capture-the-Signal (CTS) initiative, a SDR-based CTF contest (Twitter)
  • President in charge of Berghem-in-the-Middle (BITM) association and hacklab
  • Maintainer of AIS BlackToolkit. A research-oriented framework for using GnuRadio with AIS.
  • Maintainer of PAPAS. A framework for testing HTTP Parameter Pollution vulnerabilities in web applications.

Supervised Students and Collaborations

  • 2023, Marcello Meschini, Data Forensics
  • 2022, Simone Tufariello, ICS Security
  • 2020, Marcello Pogliani, ICS Security - now with Secure Networks
  • 2015, Babak Rahbarinia, Malware Modeling and Detection - now with Facebook
  • 2014, Onur Catakoglu, Web Security - now with Dataiku
  • 2013, Maurizio Abba', Web Security - now with Cloudflare
  • 2012, Mariano Graziano, Malware Analysis - now with JPMorgan
  • 2011, Dario Ghilardi, Software Security - now with NablaFlow

OTHER



Awards

  • Nominated in the TOP50 major cyber-security influencers list (Italian) [ press ]
  • Awarded with Patent US10057279 "System and method for protecting computer against remote malware downloads" [ info ]
  • Best paper award at NDSS 2011, ISC 2014, SAC 2017

Code

Here's a list of "old school" material that I produced several years ago, during the free time of my studies ... :-)
  • Nast Packet sniffer and LAN analyzer based on Libnet and Libpcap. It can sniff in normal or in promiscuous mode the packets on a network interface and log them. It dumps packets's header and payload in ascii or ascii-hex formats. You can apply a filter. The sniffed data can be saved in a separated file. As analyzer tool, it has many features like to build LAN hosts list, to follow a TCP-DATA stream, to find LAN internet gateways, to discover promiscuous nodes, to reset an established connection, to perform a single and multi half-open port-scan, to find link type, to catch daemon banner of LAN nodes, to control arp answers for discover possible arp-spoofs, to byte-count, to apply optional filters and to write report logs. [ github ]
  • Gspoof Tool that makes easier and accurate the building and the sending of TCP/IP packets. It works from console (command line) and it has an easy-to-use graphical interface written in GTK+ too. You can add a payload, send multiple packets specifying delay and number, enable explicit congestion notification support and much more. [ github, homepage, screenshots ]
  • Vida A multi-datapipe handler, wrote in C with the ncurses library, for unix and unix-like OS. [ github, homepage ]
  • UmL Userspace logger that does not require r00t privileges. It works hijacking the libc functs, as described by halflife in "Shared Library Redirection" (Phrack 51). UmL logs read()/recv() output and intercepts open(), open64(), close(), socket(), connect(), exit(). There are many other important functions like recvfrom()/recvmsg(), fopen(), write(), etc... this code it's only a proof on concept ;-)
  • SS A simple stupid multi-server, very useless stuff :^) Written as training for script-kiddies, just a funny code :pP
  • IPGenerator An ip-listgenerator (/16 netmask) and an ip-parser for nmap -oG output.
  • The MCL suite: scanner, parser,translator to C-language and complier MCL language has been developed for the university project of "languages and compiler" (and the "M" stands for the initials of its developers!). MCL is a compact and syntactically clean language, for writing math expressions and procedures in simple and fast way. It supports functions, the while iteration, the if test, global and local variables, input and output, comments and other crazy features :-).
    The package contains a reference paper (in Italian), the parser (mcl.l) and the scanner (mcl.y), the scripts to build the translator to C-language and the compiler.
  • Linux VNC-4.1.1 evil client patch - BID 17978 Patch to exploit the VNC vulnerability 17978, which permits to log into the server with NULL authentication, although the password is required. Read my buqtraq post.

Old-School Resources

Underground Groups
  • 2600 The Hacker Quarterly: huge American Hacker movement.
  • Chaos Computer Club: famous German Hacker group that organizes periodically international meetings.
  • Phrack.org: a Hacker magazine by the community, for the community.
  • THC The Hacker's Choice: international group of experts that acts in the Information Security from 1995.
  • Softproject: Italian no-profit association involved in the Information Security. It publishes the BFi magazine.
Security Resources
  • BugTraq: full disclosure moderated mailing list for the detailed discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them.
  • Packet Storm: no-profit organization comprised of security professionals that offers an abundant resource of up-to-date and historical security tools, exploits, and advisories.
  • Security Focus: international website that offers a huge database of advisories and exploits.
Linux related resources:


© Copyrights Shield. All Rights Reserved

Created with Shield template by TemplateMag