| Follow @lancinimarco

Conference Talks

Needle's progress was shown at Black Hat USA, with a live demo of its capabilities.
Conference:
       Black Hat Arsenal USA, Las Vegas, USA.
Media:
       Arsenal Lineup (Tools Watch)
Pushing the Jesus Phone through the eye of a needle, an introduction to MWR's iOS Security Testing Framework
Conference:
       MWR Briefing, London, UK
Needle's progress was shown at Black Hat EU, with a live demo of its capabilities.
Conference:
       Black Hat Arsenal EU, London, UK.
Media:
       Arsenal Lineup (Tools Watch)
Needle's architecture, capabilities and roadmap have been presented at AppSec USA. During the talk it was also demonstrated how Needle can be used to find vulnerabilities in iOS applications from both a black-box and white-box perspective (with a demo of the tool in action).
Conference:
       OWASP AppSec USA, Washington DC, USA.
Media:
       MWR LABS Publication
Needle has been publicly released Black Hat USA, with a live demo of its capabilities.
Conference:
       Black Hat Arsenal USA, Las Vegas, USA.
Media:
       Arsenal Lineup (ToolsWatch)
       Black Hat Promotion, Twitter (Black Hat - 23 July)
       Black Hat Promotion, Facebook (Black Hat - 23 July)
       Needle iOS security testing tool to be unveiled at Black Hat Arsenal (Help Net Security - 01 August)
       Black Hat USA Photo Gallery (Help Net Security - 04 August)
       A quick intro to Needle (MWR Labs - 17 August)
At BSides Vienna 2014, Roberto Puricelli and me delivered a talk based on Androrat++, a proof-of-concept mobile malware.
Conference:
       BSides Vienna, Vienna, Austria.
At DEEPSEC 2014 I delivered a talk based on my Master Thesis: "Social Authentication: Vulnerabilities, Mitigations, and Redesign". In addition, an excerpt of the work has been published by the Magdeburger Institut für Sicherheitsforschung in the volume "In Depth Security - Proceedings of the DeepSec Conferences" of the Magdeburger Journal zur Sicherheitsforschung.
Conference:
       DEEPSEC, Vienna, Austria
At CYCON 2014 I delivered a talk based on my Master Thesis, for which I won the NATO's Best Thesis Award as the best thesis published on cyber defence topics.
Conference:
       International Conference on Cyber Conflict (CyCon), by NATO CCDCOE (Cooperative Cyber Defence Centre of Excellence), Tallinn, Estonia
Session:
       Student Paper Session with Best Student Thesis Award

Workshops

The first iteration of the "Offensive iOS Exploitation" workshop has been delivered at DEEPSEC 2016.
Conference:
       DEEPSEC, Vienna, Austria
Media:
       Syllabus
       DEEPSEC Promotion (DEEPSEC - 04 September)

Conference Papers

At DEEPSEC 2014 I delivered a talk based on my Master Thesis: "Social Authentication: Vulnerabilities, Mitigations, and Redesign". In addition, an excerpt of the work has been published by the Magdeburger Institut für Sicherheitsforschung in the volume "In Depth Security - Proceedings of the DeepSec Conferences" of the Magdeburger Journal zur Sicherheitsforschung.
Conference:
       DEEPSEC, Vienna, Austria
Conference:
       Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS), Scottsdale, AZ. (acceptance: 19.4%)
Authors:
       Iasonas Polakis, Panagiotis Ilia, Federico Maggi, Marco Lancini, Georgios Kontaxis, Stefano Zanero, Sotiris Ioannidis, Angelos D. Keromytis
Conference:
       Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC), Orlando, FL. (acceptance: 19%)
Authors:
       Iasonas Polakis, Marco Lancini, Georgios Kontaxis, Federico Maggi, Sotiris Ioannidis, Angelos D. Keromytis and Stefano Zanero
Subsequent Talks:
       Hek.SI 2013 (Ljubljana, Slovenia)
       HackCon 2013 (Oslo, Norway)
       Also covered by ComputerWorld

Books

The article I submitted and presented at DEEPSEC 2014 has been published in the "In Depth Security (Proceedings of the DeepSec Conferences)" book.