| Follow @lancinimarco

Conference Talks

Needle v1.0.0: new native agent and CI integration

Needle's progress was shown at Black Hat USA, with a live demo of its capabilities.
Conference:
       Black Hat Arsenal USA, Las Vegas, USA.
Media:
       MWR Event
       Arsenal Lineup (Tools Watch)

Mobile Security for Enterprises

Pushing the Jesus Phone through the eye of a needle, an introduction to MWR's iOS Security Testing Framework
Conference:
       MWR Briefing, London, UK

Needle

Needle's progress was shown at Black Hat EU, with a live demo of its capabilities.
Conference:
       Black Hat Arsenal EU, London, UK.
Media:
       MWR Event
       Arsenal Lineup (Tools Watch)
       Needle Used to Discover Issues Within iOS Applications (MWR - 05 October)

Needle: Finding Issues within iOS Applications

Needle's architecture, capabilities and roadmap have been presented at AppSec USA. During the talk it was also demonstrated how Needle can be used to find vulnerabilities in iOS applications from both a black-box and white-box perspective (with a demo of the tool in action).
Conference:
       OWASP AppSec USA, Washington DC, USA.
Media:
       MWR Event
       MWR LABS Publication

Needle

Needle has been publicly released Black Hat USA, with a live demo of its capabilities.
Conference:
       Black Hat Arsenal USA, Las Vegas, USA.
Media:
       MWR Event
       Arsenal Lineup (ToolsWatch)
       Black Hat Promotion, Twitter (Black Hat - 23 July)
       Black Hat Promotion, Facebook (Black Hat - 23 July)
       MWR to Unveil Needle iOS Security Testing Tool at Black Hat Arsenal (MWR - 28 July)
       Needle iOS security testing tool to be unveiled at Black Hat Arsenal (Help Net Security - 01 August)
       Black Hat USA Photo Gallery (Help Net Security - 04 August)
       MWR Launches Needle: An iOS Security Testing Framework (MWR - 11 August)
       A quick intro to Needle (MWR Labs - 17 August)

Enhancing Mobile Malware: an Android RAT Case Study

At BSides Vienna 2014, Roberto Puricelli and me delivered a talk based on Androrat++, a proof-of-concept mobile malware.
Conference:
       BSides Vienna, Vienna, Austria.

Social Authentication: Vulnerabilities, Mitigations, and Redesign

At DEEPSEC 2014 I delivered a talk based on my Master Thesis: "Social Authentication: Vulnerabilities, Mitigations, and Redesign". In addition, an excerpt of the work has been published by the Magdeburger Institut für Sicherheitsforschung in the volume "In Depth Security - Proceedings of the DeepSec Conferences" of the Magdeburger Journal zur Sicherheitsforschung.
Conference:
       DEEPSEC, Vienna, Austria

Social Authentication: Vulnerabilities, Mitigations, and Redesign (short version)

At CYCON 2014 I delivered a talk based on my Master Thesis, for which I won the NATO's Best Thesis Award as the best thesis published on cyber defence topics.
Conference:
       International Conference on Cyber Conflict (CyCon), by NATO CCDCOE (Cooperative Cyber Defence Centre of Excellence), Tallinn, Estonia
Session:
       Student Paper Session with Best Student Thesis Award

Workshops

Offensive iOS Exploitation

The first iteration of the "Offensive iOS Exploitation" workshop has been delivered at DEEPSEC 2016.
Conference:
       DEEPSEC, Vienna, Austria
Media:
       MWR Event
       DEEPSEC Promotion (DEEPSEC - 04 September)

Conference Papers

Social Authentication: Vulnerabilities, Mitigations, and Redesign

At DEEPSEC 2014 I delivered a talk based on my Master Thesis: "Social Authentication: Vulnerabilities, Mitigations, and Redesign". In addition, an excerpt of the work has been published by the Magdeburger Institut für Sicherheitsforschung in the volume "In Depth Security - Proceedings of the DeepSec Conferences" of the Magdeburger Journal zur Sicherheitsforschung.
Conference:
       DEEPSEC, Vienna, Austria

Faces in the Distorting Mirror: Revisiting Photo-based Social Authentication

Conference:
       Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS), Scottsdale, AZ. (acceptance: 19.4%)
Authors:
       Iasonas Polakis, Panagiotis Ilia, Federico Maggi, Marco Lancini, Georgios Kontaxis, Stefano Zanero, Sotiris Ioannidis, Angelos D. Keromytis

All Your Face Are Belong to Us: Breaking Facebook's Social Authentication

Conference:
       Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC), Orlando, FL. (acceptance: 19%)
Authors:
       Iasonas Polakis, Marco Lancini, Georgios Kontaxis, Federico Maggi, Sotiris Ioannidis, Angelos D. Keromytis and Stefano Zanero
Subsequent Talks:
       Hek.SI 2013 (Ljubljana, Slovenia)
       HackCon 2013 (Oslo, Norway)
       Also covered by ComputerWorld

Books

In Depth Security (Proceedings of the DeepSec Conferences)

The article I submitted and presented at DEEPSEC 2014 has been published in the "In Depth Security (Proceedings of the DeepSec Conferences)" book.