Talks

2020

OTRazor: Static Code Analysis for Vulnerability Discovery in Industrial Automation Scripts

In this talk, we delve into industrial robot programming, focusing on the security issues arising from the design and implementation …

2019

Hey Operator, Where’s Your Crane? Attacking Industrial Remote Controllers

Radio-frequency (RF) remote controllers are widely used in multiple industrial applications like manufacturing, construction and …

RFQuack: The RF-Analysis Tool That Quacks

RFQuack is the versatile RF-analysis tool that quacks! It’s a library firmware that allows you to sniff, manipulate, and transmit …

Machine-to-Machine Protocol Security: The Case of MQTT and CoAP

MQTT and CoAP provide data connectivity for practically any kind of “machines”. This talk will cover the results of our …

2018

When Machines Can't Talk: Security and Privacy Issues of Machine-to-Machine Data Protocols

Two popular machine-to-machine (M2M) protocols—MQTT & CoAP—are slowly forming the backbone of many IoT infrastructures, including …

Using Machine-Learning to Investigate Web Campaigns at Large

Web defacement is the practice of altering a website after its compromise. The altered pages, called defaced pages, can negatively …

The impact of legacy machines on future manufacturing cybersecurity

Despite the focus on future-generation equipment, legacy industrial machines will continue to exist. In terms of cybersecurity risks, …

2017

ShieldFS: The Last Word in Ransomware-resilient File Systems

Preventive and reactive security measures can only partially mitigate the damage caused by modern ransomware attacks. The remarkable …

DefPloreX: A Machine Learning Toolkit for Large-scale e-Crime Forensics

The security industry as a whole—including operation centers, providers and telcos—loves collecting data. Researchers are …

Breaking the Laws of Robotics: Attacking Industrial Robots

Industrial robots are complex cyber-physical systems used for manufacturing, and a critical component of any modern factory. These …

2016

Talking Behind Your Back: Attacks and Countermeasures of Ultrasonic Cross-Device Tracking

Cross-device tracking (XDT) technologies are currently the ``Holy Grail’’ for marketers because they allow to track the …

Pocket-sized Badness: Why Ransomware Comes as a Plot Twist in the Cat-Mouse Game

While we have grown accustomed to stealthy malware, specifically written to gain and maintain control of the victim machines to abuse …

Fast and Transparent Online Banking Fraud Detection and Investigation

2015

Malware on Mobile: The What, The Why, and The How

A walk through the construction of the first mobile malware tracker

Mobile Ransomware

From Cybercrime to Threat Analysis

From Cybercrime to Threat Analysis

2014

Current and Future Cybercrime Tactics

Come to the Dark Side: We have Apps!

Static Analysis of Android Applications

Virtualization

Tracking and Characterizing Botnets Using Automatically Generated Domains

Modern botnets rely on domain-generation algorithms (DGAs) to build resilient command-and-control infrastructures. Recent works focus …

Phoenix & Cerberus: Botnet Tracking via Precise DGA Characterization

Malicious Android Apps: Overview, Status and Dilemmas

2013

Modern Botnets and the Rise of Automatically Generated Domains

AndroTotal: A Scalable Framework for Android Antivirus Testing

AndroTotal: A Scalable Framework for Android Antimalware Testing

Although there are controversial opinions regarding how large the mobile malware phenomenon is in terms of absolute numbers, hype …

AndroTotal: A Scalable Framework for Android Antimalware Testing

Although there are controversial opinions regarding how large the mobile malware phenomenon is in terms of absolute numbers, hype …

Our Face are Belong to us: Breaking Facebook's Social Authentication

Two-factor authentication is widely used by high-value services to prevent adversaries from compromising accounts using stolen …

2012

The Long Story of Short URLs

I gave a talk based on these slides for the first time at Royal Holloway University of London, in April 2012. This talk discusses the …

2011

iSnoop: How to Steal Secrets From Touchscreen Devices

Spying on a person is an easy and effective method to obtain sensitive informations, even when the victim is well protected against …

2010

Detecting Anomalous Behaviors in Computer Infrastructures

Just-in-Time Training of Anomaly Detectors