Andrea Continella Postdoc @ UCSB / SecLab

About me

I am currently a Postdoc in the Computer Science Department at UC Santa Barbara working at the SecLab with Giovanni Vigna and Christopher Kruegel. I obtained a PhD cum laude in Computer Science and Engineering at Politecnico di Milano in Italy, where I worked at the NECST Laboratory, supervised by Stefano Zanero and Federico Maggi. During my PhD, I also took part in two research exchanges, working as visiting researcher at UCSB and at the School of IT of the University of Sydney, under the guidance of Ralph Holz.

My research activity focuses on different aspects of system security, such as malware analysis, mobile security, vulnerability discovery, and large-scale measurement of security issues. During my PhD, I worked on analysis and defense mechanisms against advanced threats, including for example the current generation of trojan horses, or the infamous ransomware families (check ShieldFS). I also developed Agrigento, a tool for detecting obfuscated privacy leaks in Android apps, and contributed to Arancino and crAVe, respectively for analyzing evasive malware and testing Antivirus engines.

I also love Capture The Flag (CTF) competitions, which I usually play with Tower of Hanoi, mHackeroni or Shellphish, (sometimes) ending up in Vegas to play DEFCON Finals.

More details can be found in my CV.

Publications

[10]

There's a Hole in that Bucket! A Large-scale Analysis of Misconfigured S3 Buckets
Andrea Continella, Mario Polino, Marcello Pogliani, Stefano Zanero.
To Appear In Proceedings of the Annual Computer Security Applications Conference (ACSAC), San Juan, Puerto Rico, December, 2018.
[PDF] [BibTex]

[9]

Toward Systematically Exploring Antivirus Engines (short paper)
Davide Quarta, Federico Salvioni, Andrea Continella, Stefano Zanero.
In Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), Paris, France, June, 2018.
[PDF] [BibTex] [GitHub]

[8]

Security Evaluation of a Banking Fraud Analysis System
Michele Carminati, Mario Polino, Andrea Continella, Andrea Lanzi, Federico Maggi, Stefano Zanero.
ACM Transactions on Privacy and Security (TOPS), January, 2018.
[PDF] [BibTex]

[7]

GroupDroid: Automatically Grouping Mobile Malware by Extracting Code Similarities
Niccolò Marastoni, Andrea Continella, Davide Quarta, Stefano Zanero, Mila Dalla Preda.
In Proceedings of the Software Security, Protection, and Reverse Engineering Workshop (SSPREW), Orlando, FL, December, 2017.
[PDF] [BibTex]

[6]

Measuring and Defeating Anti-Instrumentation-Equipped Malware
Mario Polino, Andrea Continella, Stefano D’Alessio, Lorenzo Fontana, Fabio Gritti, Sebastiano Mariani, Stefano Zanero.
In Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), Bonn, Germany, July, 2017.
[PDF] [BibTex] [GitHub]

[5]

Poster: Detecting WebInjects through Live Memory Inspection
Nicola Mariani, Andrea Continella, Marcello Pogliani, Michele Carminati, Federico Maggi, Stefano Zanero.
IEEE Symposium on Security and Privacy (S&P), San Jose, CA, May, 2017.
[PDF]

[4]

Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis
Andrea Continella, Yanick Fratantonio, Martina Lindorfer, Alessandro Puccetti, Ali Zand, Christopher Kruegel, Giovanni Vigna.
In Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS) , San Diego, CA, February, 2017.
[PDF] [BibTex] [Slides] [GitHub]

[3]

Prometheus: Analyzing WebInject-based information stealers
Andrea Continella, Michele Carminati, Mario Polino, Andrea Lanzi, Stefano Zanero, Federico Maggi.
Journal of Computer Security, February, 2017.
[PDF] [BibTex]

[2]

ShieldFS: A Self-healing, Ransomware-aware Filesystem
Andrea Continella, Alessandro Guagnelli, Giovanni Zingaro, Giulio De Pasquale, Alessandro Barenghi, Stefano Zanero, Federico Maggi.
In Proceedings of the Annual Computer Security Applications Conference (ACSAC), Los Angeles, CA, December, 2016.
[PDF] [BibTex] [Slides]

[1]

GASOLINE: a Cytoscape app for multiple local alignment of PPI networks
Giovanni Micale, Andrea Continella, Alfredo Ferro, Rosalba Giugno, Alfredo Pulvirenti.
F1000Research, 2014.
[PDF] [BibTex]

Dissertations

Defending from Financially-Motivated Software Abuses
Andrea Continella.
PhD Thesis, Politecnico di Milano, Italy, 2018.
[PDF]

Talks

Hiding Pin's Artifacts to Defeat Evasive Malware
Mario Polino, Andrea Continella, Stefano D’Alessio, Lorenzo Fontana, Fabio Gritti, Sebastiano Mariani, Stefano Zanero.
Black Hat Briefings Europe (Peer-reviewed Talk). London, UK. December 6, 2017.
[PDF]

ShieldFS: The Last Word In Ransomware Resilient Filesystems
Andrea Continella, Federico Maggi.
Black Hat Briefings USA (Peer-reviewed Talk). Las Vegas, NV. July 26, 2017.
[PDF] [Demo] [Talk]

In Your PC & In Your Pocket: Desktop and Mobile Ransomware Threat Landscape Overview
Andrea Continella, Federico Maggi.
Black Hat Webcast. July 21, 2016.
[PDF] [Recording]

Towards ransomware-resilient operating systems
Andrea Continella.
INFOSEK. Nova Gorica, Slovenia. November 19, 2015.
[PDF]

Prometheus: Analyzing WebInject-based Information Stealers
Andrea Continella.
INFOSEK. Nova Gorica, Slovenia. November 18, 2015.
[PDF]

Extracting WebInject Signatures from Information Stealers
Andrea Continella.
Microsoft Research. Mountain View, US. June 12, 2015.
[PDF]

Prometheus: A Web-Based Platform for Analyzing Banking Trojans
Andrea Braschi, Andrea Continella.
International Conference on Cyber Conflict (CyCon). Tallinn, Estonia. May 28, 2015.
[PDF]

Projects

crAVe [GitHub]
crAVe is a framework to automatically test and explore the capabilities of generic Antivirus engines.

RAMSES [Website]
RAMSES is a H2020 Europen Project that aims at building an Internet forensic platform for tracking the money flow of financially motivated malware.

Arancino [GitHub]
Arancino is a dynamic protection framework that defends Intel Pin against antiinstrumentation attacks.

Agrigento [GitHub]
Agrigento is a tool that identifies privacy leaks in Android apps by performing black-box differential analysis on the network traffic.

ShieldFS [Website]
ShieldFS is an add-on driver that makes the Windows native filesystem immune to ransomware attacks by detecting malicious activities and transparently reverting the effects of such attacks.

PoliCTF 2015 / PoliCTF 2017 [Website]
Capture The Flag (CTF) competition organized by the NECSTLab security group.

Contacts

The best way to contact me is via e-mail. Also, you can reach me via instant messaging (on Google Hangouts), Slack or IRC (mainly on Freenode), where I go by “conand”.

If you need to communicate with me privately, use my GPG public key. Its fingerprint is 69EF 7A63 813C 0B25 FB0B D169 DF58 64D2 8B59 ABB1.