Intimate knowledge of low-level details enables adversaries to infiltrate and abuse whole systems with ever more sophisticated attacks. As defenders it’s integral that we can meet that knowledge with similar expertise to protect against them.

By thinking like adversaries and performing our own exploitation development, we’re able to stay one step ahead and develop defences against new attacks before they’re discovered and exploited by bad actors.

On the other side of the same coin, new techniques in vulnerability discovery and analysis can prevent bugs and secure existing systems to mitigate potential attack vectors. To do so at a large scale, we can make use of automated techniques such as program analysis which allow for systematic, repeatable software assessments.

As one of our core research streams, output from this area heavily informs our other efforts, providing a toolkit for a wide array of useful techniques such as code obfuscation, automated software transplantation, and binary analysis.

Related Publications

BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviews
Claudio Rizzo, Lorenzo Cavallaro, and Johannes Kinder
RAID · 21st International Symposium on Research in Attacks, Intrusions and Defenses, 2018
@inproceedings{DBLP:conf/raid/RizzoCK18,
author = {Claudio Rizzo and Lorenzo Cavallaro and Johannes Kinder},
title = {BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviews},
booktitle = {{RAID}},
series = {Lecture Notes in Computer Science},
volume = {11050},
pages = {25--46},
publisher = {Springer},
year = {2018}
}
POTUS: Probing Off-The-Shelf USB Drivers with Symbolic Fault Injection
James Patrick-Evans, Lorenzo Cavallaro, and Johannes Kinder
USENIX Sec-WOOT · 11th USENIX Workshop on Offensive Technologies, 2017 · Best Paper Award
@inproceedings{woot2017,
author = {James Patrick-Evans and Lorenzo Cavallaro and Johannes Kinder},
title = {{POTUS}: Probing Off-The-Shelf {USB} Drivers with Symbolic Fault Injection},
booktitle = {11th USENIX Workshop on Offensive Technologies (WOOT)},
note = {USENIX WOOT Best Paper Award},
year = 2017,
}
Understanding Android App Piggybacking: A Systematic Study of Malicious Code Grafting
Li Li, Daoyuan Li, Tegawende F. Bissyande, Jacques Klein, Yves Le Traon, David Lo, and Lorenzo Cavallaro
IEEE T-IFS · IEEE Trans. Information Forensics and Security, 2017
@article{DBLP:journals/tifs/0029LBKTLC17,
author = {Li Li and Daoyuan Li and Tegawende F. Bissyande and Jacques Klein and Yves Le Traon and David Lo and Lorenzo Cavallaro},
title = {{Understanding Android App Piggybacking: A Systematic Study of Malicious Code Grafting}},
journal = {{IEEE Trans. Information Forensics and Security}},
volume = {12},
number = {6},
pages = {1269--1284},
year = {2017},
url = {https://doi.org/10.1109/TIFS.2017.2656460},
doi = {10.1109/TIFS.2017.2656460},
timestamp = {Sun, 28 May 2017 13:17:25 +0200},
biburl = {http://dblp.uni-trier.de/rec/bib/journals/tifs/0029LBKTLC17},
bibsource = {dblp computer science bibliography, http://dblp.org},
note = {IEEE TIFS}
}
Modular Synthesis of Heap Exploits
Dusan Repel, Johannes Kinder, and Lorenzo Cavallaro
ACM CCS-PLAS · ACM SIGSAC Workshop on Programming Languages and Analysis for Security, 2017
@inproceedings{plas2017,
author = {Dusan Repel and Johannes Kinder and Lorenzo Cavallaro},
title = {Modular Synthesis of Heap Exploits},
booktitle = {Proc. ACM SIGSAC Workshop on Programming Languages and Analysis for Security (PLAS 2017)},
year = 2017,
note = {ACM CCS-PLAS}
}
Stack Object Protection with Low Fat Pointers
Gregory Duck, Roland Yap, and Lorenzo Cavallaro
NDSS · 24th Annual Network and Distributed System Security Symposium, 2017
@InProceedings{lowfatstack-ndss2017,
author = {Gregory Duck and Roland Yap and Lorenzo Cavallaro},
title = {{Stack Object Protection with Low Fat Pointers}},
booktitle = {24th Annual Network and Distributed System Security Symposium, San Diego, California, USA},
year = 2017,
month = {February},
note = {NDSS}
}
The Evolution of Android Malware and Android Analysis Techniques
Kimberly Tam, Ali Feizollah, Badrul Nor Anuar, Rosli Salleh, and Lorenzo Cavallaro
ACM CSUR · ACM Computing Surveys, 2017
@article{Tam:2017:EAM:3022634.3017427,
author = {Kimberly Tam and Ali Feizollah and Badrul Nor Anuar and Rosli Salleh and Lorenzo Cavallaro},
title = {{The Evolution of Android Malware and Android Analysis Techniques}},
journal = {ACM Compututing Surveys},
issue_date = {February 2017},
volume = {49},
number = {4},
month = {January},
year = {2017},
issn = {0360-0300},
pages = {76:1--76:41},
articleno = {76},
numpages = {41},
url = {http://doi.acm.org/10.1145/3017427},
doi = {10.1145/3017427},
acmid = {3017427},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {Android, classification, detection, dynamic analysis, malware, static analysis},
note = {ACM CSUR}
}
CopperDroid: Automatic Reconstruction of Android Malware Behaviors
Kimberly Tam, Salahuddin J. Khan, Aristide Fattori, and Lorenzo Cavallaro
NDSS · 22nd Annual Network and Distributed System Security Symposium, 2015
@InProceedings{copperdroid-ndss2015,
author = {Kimberly Tam, Salahuddin J. Khan, Aristide Fattori, and Lorenzo Cavallaro},
title = {{CopperDroid: Automatic Reconstruction of Android Malware Behaviors}},
booktitle = {22nd Annual Network and Distributed System Security Symposium, San Diego, California, USA},
year = 2015,
month = {February},
note = {NDSS}
}
PuppetDroid: A User-Centric UI Exerciser for Automatic Dynamic Analysis of Similar Android Applications
Andrea Gianazza, Federico Maggi, Aristide Fattori, Lorenzo Cavallaro, and Stefano Zanero
CoRR · arXiv CoRR, 2014
@article{DBLP:journals/corr/GianazzaMFCZ14,
author = {Andrea Gianazza and Federico Maggi and Aristide Fattori and Lorenzo Cavallaro and Stefano Zanero},
title = {{PuppetDroid: A User-Centric UI Exerciser for Automatic Dynamic Analysis of Similar Android Applications}},
journal = {arXiv CoRR},
year = {2014},
volume = {abs/1402.4826},
url = {http://arxiv.org/abs/1402.4826},
timestamp = {Wed, 10 Sep 2014 17:05:02 +0200},
biburl = {http://dblp.uni-trier.de/rec/bib/journals/corr/GianazzaMFCZ14},
bibsource = {dblp computer science bibliography, http://dblp.org},
note = {arXiv CoRR}
}