Publications / Talks

  1. Needle v1.0.0: new native agent and CI integration

    Needle's progress was shown at Black Hat USA, with a live demo of its capabilities.
    Conference:
      Black Hat Arsenal USA, Las Vegas, USA.
    Media:
      MWR Event
      Arsenal Lineup (Tools Watch)

  2. Mobile Security for Enterprises

    Pushing the Jesus Phone through the eye of a needle, an introduction to MWR's iOS Security Testing Framework
    Conference:
      MWR Briefing, London, UK

  3. Offensive iOS Exploitation

    The first iteration of the "Offensive iOS Exploitation" workshop has been delivered at DEEPSEC 2016.
    Conference:
      DEEPSEC, Vienna, Austria
    Media:
      MWR Event
      DEEPSEC Promotion (DEEPSEC - 04 September)

  4. Needle

    Needle's progress was shown at Black Hat EU, with a live demo of its capabilities.
    Conference:
      Black Hat Arsenal EU, London, UK.
    Media:
      MWR Event
      Arsenal Lineup (Tools Watch)
      Needle Used to Discover Issues Within iOS Applications (MWR - 05 October)

  5. Needle: Finding Issues within iOS Applications

    Needle's architecture, capabilities and roadmap have been presented at AppSec USA. During the talk it was also demonstrated how Needle can be used to find vulnerabilities in iOS applications from both a black-box and white-box perspective (with a demo of the tool in action).
    Conference:
      OWASP AppSec USA, Washington DC, USA.
    Media:
      MWR Event
      MWR LABS Publication

  6. Needle

    Needle has been publicly released Black Hat USA, with a live demo of its capabilities.
    Conference:
      Black Hat Arsenal USA, Las Vegas, USA.
    Media:
      MWR Event
      Arsenal Lineup (ToolsWatch)
      Black Hat Promotion, Twitter (Black Hat - 23 July)
      Black Hat Promotion, Facebook (Black Hat - 23 July)
      MWR to Unveil Needle iOS Security Testing Tool at Black Hat Arsenal (MWR - 28 July)
      Needle iOS security testing tool to be unveiled at Black Hat Arsenal (Help Net Security - 01 August)
      Black Hat USA Photo Gallery (Help Net Security - 04 August)
      MWR Launches Needle: An iOS Security Testing Framework (MWR - 11 August)
      A quick intro to Needle (MWR Labs - 17 August)

  7. In Depth Security (Proceedings of the DeepSec Conferences)

    The article I submitted and presented at DEEPSEC 2014 has been published in the "In Depth Security (Proceedings of the DeepSec Conferences)" book.

  8. Enhancing Mobile Malware: an Android RAT Case Study

    At BSides Vienna 2014, Roberto Puricelli and me delivered a talk based on Androrat++, a proof-of-concept mobile malware.
    Conference:
      BSides Vienna, Vienna, Austria.

  9. Social Authentication: Vulnerabilities, Mitigations, and Redesign

    At DEEPSEC 2014 I delivered a talk based on my Master Thesis: "Social Authentication: Vulnerabilities, Mitigations, and Redesign". In addition, an excerpt of the work has been published by the Magdeburger Institut für Sicherheitsforschung in the volume "In Depth Security - Proceedings of the DeepSec Conferences" of the Magdeburger Journal zur Sicherheitsforschung.
    Conference:
      DEEPSEC, Vienna, Austria

  10. Faces in the Distorting Mirror: Revisiting Photo-based Social Authentication

    Conference:
      Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS), Scottsdale, AZ. (acceptance: 19.4%)
    Authors:
      Iasonas Polakis, Panagiotis Ilia, Federico Maggi, Marco Lancini, Georgios Kontaxis, Stefano Zanero, Sotiris Ioannidis, Angelos D. Keromytis

  11. Social Authentication: Vulnerabilities, Mitigations, and Redesign (short version)

    At CYCON 2014 I delivered a talk based on my Master Thesis, for which I won the NATO's Best Thesis Award as the best thesis published on cyber defence topics.
    Conference:
      International Conference on Cyber Conflict (CyCon), by NATO CCDCOE (Cooperative Cyber Defence Centre of Excellence), Tallinn, Estonia
    Session:
      Student Paper Session with Best Student Thesis Award

  12. All Your Face Are Belong to Us: Breaking Facebook's Social Authentication

    Conference:
      Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC), Orlando, FL. (acceptance: 19%)
    Authors:
      Iasonas Polakis, Marco Lancini, Georgios Kontaxis, Federico Maggi, Sotiris Ioannidis, Angelos D. Keromytis and Stefano Zanero
    Subsequent Talks:
      Hek.SI 2013 (Ljubljana, Slovenia)
      HackCon 2013 (Oslo, Norway)
      Also covered by ComputerWorld