Andrea Continella PhD Student @ Polimi / NECSTLab

About me

I am a PhD student in Computer Science and Engineering at Dipartimento di Elettronica, Informazione e Bioingegneria (DEIB), Politecnico di Milano in Italy, working at the NECST Laboratory, supervised by Stefano Zanero and Federico Maggi.

My research activity is mainly focused on computer security and in particular on threat analysis. I have been working on analysis and defense mechanisms against advanced malware, including for example the current generation of trojan horses, or the infamous ransomware families (check ShieldFS).

Currently, I am a Visiting Researcher at the School of IT of the University of Sydney, working on a project funded by the Sydney Policy Lab, which aims at understanding and setting the standard for consumer data sharing practices of health apps, with a focus on how mobile health apps handle users' sensitive data.

During my PhD, I spent six months at UC Santa Barbara working at the SecLab, under the guidance of Giovanni Vigna and Christopher Kruegel. During my internship at UCSB, I have worked on detection of obfuscated privacy leaks in Android applications, developing Agrigento.

I also love Capture The Flag (CTF) competitions, which I usually play with Tower of Hanoi and (sometimes) with Shellphish (with whom I played DEFCON Finals in 2016), the Politecnico di Milano and UCSB hacking teams. Other than playing CTFs, we (Tower of Hanoi) also organize trainings, workshops, and our own PoliCTF!

More details can be found in my CV.



GroupDroid: Automatically Grouping Mobile Malware by Extracting Code Similarities
Niccolò Marastoni, Andrea Continella, Davide Quarta, Stefano Zanero, Mila Dalla Preda.
In Proceedings of the Software Security, Protection, and Reverse Engineering Workshop (SSPREW), Orlando, FL, December, 2017.
[PDF] [BibTex]


Measuring and Defeating Anti-Instrumentation-Equipped Malware
Mario Polino, Andrea Continella, Stefano D’Alessio, Lorenzo Fontana, Fabio Gritti, Sebastiano Mariani, Stefano Zanero.
In Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), Bonn, Germany, July, 2017.
[PDF] [BibTex] [GitHub]


Poster: Detecting WebInjects through Live Memory Inspection
Nicola Mariani, Andrea Continella, Marcello Pogliani, Michele Carminati, Federico Maggi, Stefano Zanero.
IEEE Symposium on Security and Privacy (S&P), San Jose, CA, May, 2017.


Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis
Andrea Continella, Yanick Fratantonio, Martina Lindorfer, Alessandro Puccetti, Ali Zand, Christopher Kruegel, Giovanni Vigna.
In Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS) , San Diego, CA, February, 2017.
[PDF] [BibTex] [Slides] [GitHub]


Prometheus: Analyzing WebInject-based information stealers
Andrea Continella, Michele Carminati, Mario Polino, Andrea Lanzi, Stefano Zanero, Federico Maggi.
Journal of Computer Security, February, 2017.
[PDF] [BibTex]


ShieldFS: A Self-healing, Ransomware-aware Filesystem
Andrea Continella, Alessandro Guagnelli, Giovanni Zingaro, Giulio De Pasquale, Alessandro Barenghi, Stefano Zanero, Federico Maggi.
In Proceedings of the Annual Computer Security Applications Conference (ACSAC), Los Angeles, CA, December, 2016.
[PDF] [BibTex] [Slides]


GASOLINE: a Cytoscape app for multiple local alignment of PPI networks
Giovanni Micale, Andrea Continella, Alfredo Ferro, Rosalba Giugno, Alfredo Pulvirenti.
F1000Research, 2014.
[PDF] [BibTex]


ShieldFS: The Last Word In Ransomware Resilient Filesystems
Andrea Continella, Federico Maggi.
Black Hat Briefings USA (Peer-reviewed Talk). Las Vegas, NV. July 26, 2017.
[PDF] [Demo]

In Your PC & In Your Pocket: Desktop and Mobile Ransomware Threat Landscape Overview
Andrea Continella, Federico Maggi.
Black Hat Webcast. July 21, 2016.
[PDF] [Recording]

Towards ransomware-resilient operating systems
Andrea Continella.
INFOSEK. Nova Gorica, Slovenia. November 19, 2015.

Prometheus: Analyzing WebInject-based Information Stealers
Andrea Continella.
INFOSEK. Nova Gorica, Slovenia. November 18, 2015.

Extracting WebInject Signatures from Information Stealers
Andrea Continella.
Microsoft Research. Mountain View, US. June 12, 2015.

Prometheus: A Web-Based Platform for Analyzing Banking Trojans
Andrea Braschi, Andrea Continella.
International Conference on Cyber Conflict (CyCon). Tallinn, Estonia. May 28, 2015.


I am currently involved in a H2020 Europen Project that aims at building an Internet forensic platform for tracking the money flow of financially motivated malware.

ShieldFS: A Self-healing, Ransomware-aware Filesystem
ShieldFS is an add-on driver that makes the Windows native filesystem immune to ransomware attacks by detecting malicious activities and transparently reverting the effects of such attacks.

PoliCTF 2015 / PoliCTF 2017 (upcoming)
Capture The Flag (CTF) competition organized by the NECSTLab security group.

Design and build within a time window of two months a low-budged toy robot for kids between 7-12.

GASOLINE Cytoscape App
A Cytoscape App for multiple local alignment of protein-protein interaction (PPI) networks.


The best way to contact me is via e-mail. Also, you can reach me via instant messaging (on Google Hangouts), Slack or IRC (mainly on Freenode), where I go by “conand”.

If you need to communicate with me privately, use my GPG public key. Its fingerprint is 69EF 7A63 813C 0B25 FB0B D169 DF58 64D2 8B59 ABB1.