⌚Breaking into fitness tracking ecosystem! 💡In this talk Marco Casagrande & Daniele Antonioli Daniele Antonioli will introduce 💻BreakMI tool to automate reverse engineering process & attacks on #Xioami's fitness ecosystem Find out more➡️bit.ly/3o1twKB #hw_ioUSA2023

Announcement! @eurecom is opening an assistant professor position in systems security! In particular, on the topic of vulnerability detection, analysis, exploitation, and/or remediation. See the full offer here: eurecom.fr/en/job/digital… Feel free to ask me for any questions!

Reminder: The call for papers/talks for the 2nd ACM SCORED workshop on SW Supply Chain security is open until June 30! Security-in-practice talks and short research papers welcome! Call for papers/talks: scored.dev/call_for_paper… Submission site: scored2023.hotcrp.com

[Tool] Ghidralligator: Emulate and fuzz code running on various CPU architectures (ARM, MIPS, PPC, x86, Apple Silicon M1/M2...) Based on #GHIDRA (libsla C++). #AFLplusplus, snapshot fuzzing, code coverage, ASAN cyber.airbus.com/17300/ github.com/airbus-cyber/g… GuillaumeOrlando

I've just presented "Humans vs. Machines in Malware Classification" at USENIX Security Hope to see you for a beer, folks! usenix.org/conference/use…

Looking for Vulnerability Research Intern to join our h hardware pentest lab at Qualcomm. If you're interested in pwning embedded systems and performing RE on HW&FW, please reach out to me. More details on the internship : careers.qualcomm.com/careers/job/44…

PhD thesis submitted, defense in December, officially on the job market

Yesterday I have defended my PhD thesis at La Com EURECOM having a great time in s3eurecom lab under the supervision of Davide Balzarotti!! Thanks a lot to the team! Can't wait to continue our projects in the team as PostDoc in November!

I am proud to present you the pre-print of our paper on GWP-ASan. 5+ years of work by four companies, spanning Server, Desktop, and Mobile, running on billions of devices. Finding and fixing thousands of bugs and potential vulnerabilities. arxiv.org/abs/2311.09394

Qualcomm's Product Security (QPSI) is looking for interns for the summer of 2024 to work on AI model security against malicious attacks. Mail [email protected]. DM me with any questions you have. #AIModelSecurity

I had a blast presenting #LogoFAIL at @BlackHat EU this morning. The 150+ days embargo ends today, so stay tuned for a blogpost with all the details of this BINARLY🔬 REsearch🔥

I turned a workshop on fuzzing with LibAFL into a blog post for you all, check it out: atredis.com/blog/2023/12/4…

New paper with Pietro Borrello Daniele Cono D'Elia Davide Balzarotti Leonardo Querzoni Cristiano Giuffrida! "Predictive Context-sensitive Fuzzing" introduces compile time context sensitivity to fuzzing w/ selective prioritization using dataflow diversity. Will appear at NDSS24, get it at download.vusec.net/papers/pcsfuzz…

🔒 Lock in your chance to showcase your groundbreaking research in cybersecurity! 🚀 The RAID 2024 Call for Papers is out (raid2024.github.io)! Submit your paper by April, 9 and join us in Padua!

Interested in low-level hacking, embedded systems, and trusted execution environments? We currently have a PhD opening, feel free to reach out for more information! Application deadline: April 1st 2024.

🚨 Security folks, don't let RAID'24 deadline sneak up on you! Only 1.5 weeks to submit your best work, our PC can't wait to see what you've got! #RAID24

We hear you! If you are still in the process of polishing your paper, RAID’24 deadline has been extended to April 15th, 2024!

It’s been fun to join this round of IEEE S&P , plenty of interesting insights (loved the discussions/papers about Rust), old friends and new ones!

In a few minutes I will present our work on Android evasive malware to AsiaCCS [1]. What better occasion to reveal that DroidDungeon, the sandbox developed for this work, has evolved into a commercial product? Join the beta -> tnemesis.com

I’m super excited about this blogpost. The approach is so counterintuitive, and yet the results are so much better than anything else that we’ve tried for memory safety. We finally understand why. security.googleblog.com/2024/09/elimin…