This is probably the 5th time I try to start a blog. For various reasons (mainly, lack of time), I’ve always failed. So I said to myself, let’s try something in between: not a blog-blog, but a blog-diary, where I can annotate stuff I want to highlight to the visitors, as well as longer posts when I feel like.

Let’s see how it goes this time.

June 14, 2018

Given the multiple releases around this topic and project, I’ve decided to put together a summary. So far, there is: a tool, a white paper, an academic paper, and (spoiler alert) another white paper coming soon.

#trendmicro #measurement #web #defacement

October 9, 2017

Many vulnerabilities in one shot, yet several pre-conditions for a target to be actually exploitable. Here’s simple flowchart to check whether your Dnsmasq deployments are vulnerable.

#trendmicro #measurement #vulnerability

August 16, 2017

CAN-based protocols are vulnerable to bit-flipping attacks at the link layer. In this collaborative research, Politecnico di Milano’s NECSTLab and Trend Micro’s FTR analyze the protocol in depth and demonstrate the vulnerability on a real car, with PoC and so on.

#cars #vulnerability #trendmicro #polimi #dimva17 #paper

May 03, 2017

Industrial routers play a very crucial role: a single vulnerability can grant the attacker access to an entire network of critical machines. In this research, I’ve looked at how easy it is for a hypothetical attacker to find and enumerate industrial routers, and the security posture of their vendors.

#vulnerability #trendmicro #iiot #routers #industry

January 18, 2017

Two Italian brothers have been arrested for planting and managing a long-running malware operation to spy on several high-profile politicians and businesspersons. In this post, I give my side of the investigation.

#malware #espionage #italy #trendmicro

December 08, 2016

I’ve started this project while advising a Master student who was interested in machine learning. As I’ve been using machine learning since around 2006, I was immediately hooked by the idea of using it to determine whether an Android app was trying to lock the target device as part of a ransomware scheme.

#android #mobile #ransomware #bheu16 #trendmicro

January 26, 2015

Sono stato invitato dal Garante per la Protezione dei Dati alla giornata europea della privacy, con richiesta di fare un po’ di chiarezza sul fenomeno IoT. Questo articolo è una versione “verbosa” del mio intervento, che si incentra sui tre fattori che, secondo me, hanno contribuito a dar vita a questo fenomeno: tecnologia accessibile a basso costo, moltitudine di scenari applicativi e media.

#iot #privacy #security #italian