Diary

Industrial routers play a very crucial role: a single vulnerability can grant the attacker access to an entire network of critical machines. In this research, I’ve looked at how easy it is for a hypothetical attacker to find and enumerate industrial routers, and the security posture of their vendors.

The day before the EyePyramid case exploded, I received a confidential email with a PDF. It was the scanned copy of the court order for the law enforcement to proceed and arrest the Occhionero brothers. In a few minutes, I noticed that this leaked document was also circulating on various private mailing lists and chat groups I’m part of. At some point, I received a non-redacted copy.

I’ve started this project while advising a Master student who was interested in machine learning. As I’ve been using machine learning since around 2006, I was immediately hooked by the idea of using it to determine whether an Android app was trying to lock the target device as part of a ransomware scheme.

We started this project because we wanted to analyze banking and credit-card transactions and, with as little knowledge as possible, predict whether new ones are fraudulent or not (e.g., due to a banking trojan working on the victim’s computer, made by a cyber criminal with stolen credentials).

We wanted to create a malware tracker similar to ZeusTracker, but for mobile bankers. So we built a tool, DroydSeuss, which uses static analysis to extract relevant C&C endpoints (e.g., phone number, web URLs) and monitors them by running each sample in a sandbox on a daily basis.

A simple and effective Java Library that you can easily add to your Android projects to perform secure dynamic class loading operations.

Sono stato invitato dal Garante per la Protezione dei Dati alla giornata europea della privacy, con richiesta di fare un po’ di chiarezza sul fenomeno IoT. Questo articolo è una versione “verbosa” del mio intervento, che si incentra sui tre fattori che, secondo me, hanno contribuito a dar vita a questo fenomeno: tecnologia accessibile a basso costo, moltitudine di scenari applicativi e media.

The main goal of this project is to provide a dashboard to analyze and monitor the spreading of Android malware in marketplaces. AndRadar uses lightweight fingerprints to lookup malware samples without the need to download them from the markets.

Spying on a person is an easy and effective method to obtain sensitive information, even when the victim is well protected against common digital attacks. Modern mobile devices allow people to perform some information sensitive actions in unsafe places, where anyone could easily observe the victim while typing.