I am a Vulnerability Research Lead at Binarly, where I work at the intersection of static and dynamic analysis techniques to help secure the UEFI ecosystem.
Previously, I was a postdoctoral researcher working with Giovanni Vigna and Christopher Kruegel in the SecLab at UC Santa Barbara. During my time at the SecLab, I focused on several aspects of systems security: automated vulnerability discovery, human-assisted cyber reasoning systems, and malware analysis.
I earned a Ph.D at EURECOM, where I was advised by Davide Balzarotti. Among other things, we investigated how non-atomic acquisitions impact the consistency of memory dumps, how to discover and to assess the quality of memory forensics heuristics, and how to automatically generate profiles for memory forensics.
I love playing Capture the Flag (CTF) competitions with Shellphish. In the past I played with NOPS which, by the way, was once defined “probably a top team” by one of the greatest hackers of our time (if you think this is a mere PR stunt, contact me and you will receive proof that this actually happened - for real!).
When I am away from keyboard, I enjoy hiking, rock climbing, surfing, and playing chess.
Our research PKfail: Supply-Chain Failures in Secure Boot Key Management was accepted to LABScon 2024
LogoFAIL won the LangSec Hardest to Fix Parser Bug of the Year
Our research LogoFAIL: Security Implications of Image Parsing During System Boot was accepted to BlackHat Europe 2023
I am now working at Binarly on firmware security (UEFI)
Our paper Let Me Unwind That For You: Exceptions to Backward-Edge Protection was accepted to NDSS ‘23
Our paper Toss a Fault to Your Witcher: Applying Grey-box Coverage-Guided Mutational Fuzzing to Detect SQL and Command Injection Vulnerabilities was accepted to IEEE Security and Privacy ‘23
2024 |
LABScon 2024
|
2023 |
BlackHat EU 2023
|
Hackers 2 Hackers Conference (H2HC) - Virtual Presentation
|
|
Hackers 2 Hackers Conference (H2HC)
|
|
2021 |
BlackHat USA 2021
|
2019 |
SANS DFIR Europe Summit
|
PhD Thesis
|
2023 |
Proceedings of the 2023 IEEE Symposium on Security and Privacy (SP)
|
Symposium on Network and Distributed System Security (NDSS)
|
|
2022 |
Proceedings of the 31st USENIX Security Symposium (USENIX Security 22)
|
Proceedings of the 31st USENIX Security Symposium (USENIX Security 22)
|
|
Proceedings of the 2022 IEEE Symposium on Security and Privacy (SP)
|
|
Proceedings of the 2022 IEEE Symposium on Security and Privacy (SP)
|
|
ACM Transactions on Privacy and Security (TOPS)
|
|
2020 |
Proceedings of the IEEE Conference on Communications and Network Security (CNS)
|
2019 |
ACM Transactions on Privacy and Security (TOPS)
|
Proceedings of the 28th USENIX Security Symposium (USENIX Security)
|
|
2018 |
Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy (CODASPY)
|
2016 |
Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
|
Proceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses (RAID)
|
|
2012 |
Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC)
|
PC member at USENIX Security 2024
PC member at IEEE S&P 2023
PC member at WOOT 2023
PC member at DIMVA 2023
PC member at DIMVA 2022
PC member at DFRWS USA 2022
PC member at WOOT 2022
PC member at BAR 2022
PC member at DIMVA 2021 - Distinguished Reviewer Award
Journal reviewer for Computers & Security (COSE)
Theme inspired by orderedlist