Projects

  1. Offensive iOS Exploitation

    The Offensive iOS Exploitation workshop is an exercise-driven training course that uses detailed tutorials to guide the attendees through all the steps necessary to exploit a real iOS application, and in the process, provide them an understanding of the modern attacker's mind-set and capabilities. The course cover iOS hacking, from the basics of vulnerability hunting on the platform to advanced exploitation techniques. In addition, this workshop use MWR's newly released "Needle" to identify and exploit all the common mobile application security flaws, over and above the OWASP Mobile Top Ten.
    At its conclusion, it will have imparted the information necessary to develop secure and robust applications. Other take-aways will include how to develop secure mobile applications that can withstand advanced attacks, how hackers attack mobile applications and iOS devices, and the most up to date and effective secure coding practices.
    Workshops:
      DEEPSEC 2016

  2. Needle

    The iOS Security Testing Framework. Needle is the MWR's iOS Security Testing Framework, released at Black Hat USA in August 2016. It is an open source modular framework which aims to streamline the entire process of conducting security assessments of iOS applications, and acts as a central point from which to do so. Needle is intended to be useful not only for security professionals, but also for developers looking to secure their code. A few examples of testing areas covered by Needle include: data storage, inter-process communication, network communications, static code analysis, hooking and binary protections.‚Äč
    The release of version 1.0.0 provided a major overhaul of its core and the introduction of a new native agent, written entirely in Objective-C. The new NeedleAgent is an open source iOS app complementary to Needle, that allows to programmatically perform tasks natively on the device, eliminating the need for third party tools.
    Needle has been presented at and used by workshops in various international conferences like Black Hat USA/EU, OWASP AppSec and DEEPSEC. It was also included by ToolsWatch in the shortlist for the Top Security Tools of 2016, and it is featured in the OWASP Mobile Testing Guide.
    Talks:
      BlackHat Arsenal USA 2016
      OWASP AppSec USA 2016
      BlackHat Arsenal EU 2016
      BlackHat Arsenal USA 2017
    Workshops:
      DEEPSEC 2016

  3. 500 Lines or Less

    Technical Reviewer of the security-related chapters of the "500 Lines or Less" book.
    Media:
      Release Warning (AOSABOOK - 09 July, 2016)
      Book Release (AOSABOOK - 12 July, 2016)
      500 Lines or Less Release (AOSABOOK - 12 July, 2016)

  4. IEEE Technical Reviewer

    Technical Reviewer in the peer review process of some IEEE Journals (i.e., 'Transactions on Emerging Topics in Computing (TETCSI)').

  5. AndroRAT++

    AndroRAT++ is a proof-of-concept mobile malware, embedded in a legitimate application, that enhances the features of a well-know RAT application (AndroRAT). The RAT, once installed, allows the attacker to control the phone remotely, obtaining access to certain sensitive information, and using the device for malicious purposes. The attacker can also attempt to escalate his privileges in order to gain complete access to the device's resources. An exploit kit has been embedded in the source code of AndroRAT++: the attacker can then silently obtain root privileges and, therefore, complete access to the device.
    Talks:
      BSides Vienna 2014

  6. OWASP Top 10 2013

    As first contribution to the OWASP Project, I was assigned to team responsible for the translation of the Top 10 2013 in Italian.

  7. Social Authentication: Vulnerabilities, Mitigations, and Redesign [MSc Thesis]

    We pointed out the security weaknesses of using Social Authentication (SA) as part of a two-factor authentication scheme, focusing on Facebook's deployment. We have designed an automated attack able to break the SA, to demonstrate the feasibility of carrying out large-scale attacks against social authentication with minimal effort on behalf of an attacker. We then revisited the SA concept and proposed reSA, a two-factor authentication scheme that can be easily solved by humans but is robust against face-recognition software.
    Awards:
      NATO CCDCOE Best Student Thesis Award, as the best thesis published on cyber defence topics. Awarded during the International Conference on Cyber Conflict (CyCon 2014), Tallinn
      'Innovation in Information Security' Thesis Award (Premio Tesi Clusit: 'Innovare la sicurezza delle informazioni'), as the 2nd best thesis published in Italy in 2013. Awarded during the Security Summit 2014, Milan
    Papers:
      All Your Face Are Belong to Us: Breaking Facebook's Social Authentication (ACSAC 2012)
      Faces in the Distorting Mirror: Revisiting Photo-based Social Authentication (CCS 2014)
      Social Authentication: Vulnerabilities, Mitigations, and Redesign (DEEPSEC 2014)
    Talks:
      CyCon 2014
      DEEPSEC 2014