Talks

2021

The Data Distribution Service (DDS) Protocol is Critical: Let's Use it Securely!

We discovered and disclosed vulnerabilities in most of the OMG Data Distribution Service (DDS) implementations. DDS enables crucial …
Nov 8, 2021 12:00 AM London, UK
Ta-Lun Yen, Federico Maggi, Erik Boasson

Small Wonder: Uncovering Planned Obsolescence Practices in Robotics and What This Means for Cybersecurity

Security in robotics is nothing really new if one considers modern OT and IT approaches, and most security practices translate directly …
Jul 31, 2021 12:00 AM Las Vegas, US
Víctor Mayoral-Vilches, Federico Maggi

2020

Hidden Attack Surfaces of Modern Industrial Automation Systems

Last year we performed a security analysis on a testbed smart manufacturing system using a variety of “unconventional” …
Oct 21, 2020 12:00 AM Stocholm, Sweden
Federico Maggi

Guarding the Factory Floor: Catching Insecure Industrial Robot Programs

What if a perfectly patched industrial manufacturing machine can still harbor for vulnerabilities where no one is looking? What if the …
Sep 12, 2020 12:00 AM Taiwan
Federico Maggi, Marcello Pogliani, Davide Quarta, Stefano Zanero, Marco Balduzzi
PDF Video

OTRazor: Static Code Analysis for Vulnerability Discovery in Industrial Automation Scripts

In this talk, we delve into industrial robot programming, focusing on the security issues arising from the design and implementation …
Aug 5, 2020 12:00 AM Las Vegas, US
Federico Maggi, Marcello Pogliani, Davide Quarta, Stefano Zanero, Marco Balduzzi
PDF Video

2019

Hey Operator, Where’s Your Crane? Attacking Industrial Remote Controllers

Radio-frequency (RF) remote controllers are widely used in multiple industrial applications like manufacturing, construction and …
May 10, 2019 12:00 AM Amsterdam, The Netherlands
Marco Balduzzi, Federico Maggi
PDF Video

RFQuack: The RF-Analysis Tool That Quacks

RFQuack is the versatile RF-analysis tool that quacks! It’s a library firmware that allows you to sniff, manipulate, and transmit …
May 9, 2019 12:00 AM Amsterdam, The Netherlands
Federico Maggi
PDF

Machine-to-Machine Protocol Security: The Case of MQTT and CoAP

MQTT and CoAP provide data connectivity for practically any kind of “machines”. This talk will cover the results of our …
Apr 4, 2019 12:00 AM Hannover, Germany
Federico Maggi

2018

When Machines Can't Talk: Security and Privacy Issues of Machine-to-Machine Data Protocols

Two popular machine-to-machine (M2M) protocols—MQTT & CoAP—are slowly forming the backbone of many IoT infrastructures, including …
Dec 6, 2018 12:00 AM London, UK
Federico Maggi, Davide Quarta
PDF Video

Using Machine-Learning to Investigate Web Campaigns at Large

Web defacement is the practice of altering a website after its compromise. The altered pages, called defaced pages, can negatively …
Nov 28, 2018 12:00 AM Dubai, United Arab Emirates
Federico Maggi
PDF Video

Safety Risks and Threats in Industrial Automation Systems: The Case of Industrial Radio Remote Controllers

Nov 16, 2018 12:00 AM Tokyo, JP
Federico Maggi
PDF

The impact of legacy machines on future manufacturing cybersecurity

Despite the focus on future-generation equipment, legacy industrial machines will continue to exist. In terms of cybersecurity risks, …
Apr 9, 2018 12:00 AM Hannover, Germany
Federico Maggi

2017

ShieldFS: The Last Word in Ransomware-resilient File Systems

Preventive and reactive security measures can only partially mitigate the damage caused by modern ransomware attacks. The remarkable …
Jul 27, 2017 12:00 AM Las Vegas, US
Andrea Continella, Alessandro Guagnelli, Giovanni Zingaro, Giulio De Pasquale, Alessandro Barenghi, Stefano Zanero, Federico Maggi
PDF Video

DefPloreX: A Machine Learning Toolkit for Large-scale e-Crime Forensics

The security industry as a whole—including operation centers, providers and telcos—loves collecting data. Researchers are …
Jul 27, 2017 12:00 AM Las Vegas, US
Marco Balduzzi, Federico Maggi, Vincenzo Ciancaglini, Ryan Flores, Lion Gu
PDF Video

Breaking the Laws of Robotics: Attacking Industrial Robots

Industrial robots are complex cyber-physical systems used for manufacturing, and a critical component of any modern factory. These …
Jul 27, 2017 12:00 AM Las Vegas, US
Davide Quarta, Marcello Pogliani, Mario Polino, Federico Maggi, Zanero Stefano
PDF Video

2016

Talking Behind Your Back: Attacks and Countermeasures of Ultrasonic Cross-Device Tracking

Cross-device tracking (XDT) technologies are currently the ``Holy Grail’’ for marketers because they allow to track the …
Nov 3, 2016 12:00 AM London, UK
Vasilios Mavroudis, Shuang Hao, Yanick Fratantonio, Federico Maggi, Giovanni Vigna, Christopher Kruegel
PDF Video

Pocket-sized Badness: Why Ransomware Comes as a Plot Twist in the Cat-Mouse Game

While we have grown accustomed to stealthy malware, specifically written to gain and maintain control of the victim machines to abuse …
Nov 3, 2016 12:00 AM London, UK
Federico Maggi, Stefano Zanero
PDF Video

Fast and Transparent Online Banking Fraud Detection and Investigation

Apr 15, 2016 12:00 AM Ljubljana, Slovenia
Federico Maggi
PDF

2015

Malware on Mobile: The What, The Why, and The How

Nov 11, 2015 12:00 AM Santa Barbara, CA
Federico Maggi, Yanick Fratantonio

A walk through the construction of the first mobile malware tracker

Sep 11, 2015 12:00 AM Vienna, Austria
Federico Maggi

Mobile Ransomware

Jun 3, 2015 12:00 AM Milano, Italy
Federico Maggi

From Cybercrime to Threat Analysis

Apr 20, 2015 12:00 AM Università degli Studi di Trento
Federico Maggi

From Cybercrime to Threat Analysis

Mar 18, 2015 12:00 AM
Federico Maggi

2014

Current and Future Cybercrime Tactics

Oct 13, 2014 12:00 AM Milano, Italy
Federico Maggi

Come to the Dark Side: We have Apps!

Oct 11, 2014 12:00 AM Bologna, Italy
Federico Maggi

Static Analysis of Android Applications

Sep 25, 2014 12:00 AM Amsterdam, The Netherlands
Federico Maggi
PDF

Virtualization

Jul 27, 2014 12:00 AM Verona, Italy
Federico Maggi
PDF

Tracking and Characterizing Botnets Using Automatically Generated Domains

Modern botnets rely on domain-generation algorithms (DGAs) to build resilient command-and-control infrastructures. Recent works focus …
May 14, 2014 12:00 AM Warsaw, Poland
Federico Maggi
PDF

Phoenix & Cerberus: Botnet Tracking via Precise DGA Characterization

May 1, 2014 12:00 AM Google, Mountain View, CA, USA
Federico Maggi
PDF

Malicious Android Apps: Overview, Status and Dilemmas

Jan 3, 2014 12:00 AM Qualcomm, San Diego, USA
Federico Maggi
PDF

2013

Modern Botnets and the Rise of Automatically Generated Domains

Nov 20, 2013 12:00 AM Nova Gorica, Slovenia
Federico Maggi
PDF

AndroTotal: A Scalable Framework for Android Antivirus Testing

Nov 20, 2013 12:00 AM Nova Gorica, Slovenia
Federico Maggi
PDF

AndroTotal: A Scalable Framework for Android Antimalware Testing

Although there are controversial opinions regarding how large the mobile malware phenomenon is in terms of absolute numbers, hype …
Oct 9, 2013 12:00 AM Warsaw, Poland
Federico Maggi
PDF

AndroTotal: A Scalable Framework for Android Antimalware Testing

Although there are controversial opinions regarding how large the mobile malware phenomenon is in terms of absolute numbers, hype …
May 1, 2013 12:00 AM MIT, Boston, Massachussets, USA
Federico Maggi
PDF

Our Face are Belong to us: Breaking Facebook's Social Authentication

Two-factor authentication is widely used by high-value services to prevent adversaries from compromising accounts using stolen …
Apr 1, 2013 12:00 AM Ljubljana, Slovenia
Federico Maggi
PDF

2012

The Long Story of Short URLs

I gave a talk based on these slides for the first time at Royal Holloway University of London, in April 2012. This talk discusses the …
May 1, 2012 12:00 AM Royal Holloway University of London
Federico Maggi
PDF

2011

iSnoop: How to Steal Secrets From Touchscreen Devices

Spying on a person is an easy and effective method to obtain sensitive informations, even when the victim is well protected against …
Dec 1, 2011 12:00 AM Abu Dhabi
Federico Maggi, Alberto Volpatto, Stefano Zanero
PDF

2010

Detecting Anomalous Behaviors in Computer Infrastructures

Feb 25, 2010 12:00 AM Fondazione Bruno Kessler, Trento
Federico Maggi
PDF

Just-in-Time Training of Anomaly Detectors

Jan 21, 2010 12:00 AM Vrije Universiteit, Amsterdam
Federico Maggi
PDF