WHO AM I?


MB's picture

Dr. Marco Balduzzi holds a Ph.D. in applied IT security from Télécom ParisTech and a M.Sc. in computer engineering from the University of Bergamo. His interests concern all aspect of computer security, with particular emphasis on real problems that affect systems and networks. Some topics of interest are web and browser security, vulnerabilities detection, code analysis, cybercrime in general, privacy in social networks, threats related to new technologies, and finally botnets and malware detection.

Marco been involved in IT security since 2002 with international experiences in both industry and academia. He previously worked as consultant and engineer for different global companies before joining Trend Micro as senior research scientist. He published in important peer-reviewed academic conferences and gave talks in all the major security conferences in the industry. His work in applied security is often recognized and published by important media world-wide.

Over the last years, he served in the review committee of conferences, workshops and journals. Being a Free Software sympathizer, he has been involved in open-source projects and underground hacking communities, mainly during his studies. Nowadays he's more into climbing, and research, of course :)

* You can contact me via email at name.surname<at>this_domain, LinkedIn or Twitter.


LATEST



EDUCATION



ACTIVITIES



PUBLICATIONS


List of publications: DBLP, Google Scholar

"Exploring the Long Tail of (Malicious) Software Downloads"
Babak Rahbarinia, Marco Balduzzi, Roberto Perdisci
The 47th IEEE/IFIP International Conference on Dependable Systems and Networks
DSN 2017, Denver, Colorado, USA, June 26-29, 2017

[ abstract, pdf ]

"Attacks Landscape in the Dark Side of the Web" (Best Paper Award)
Onur Catakoglu, Marco Balduzzi, Davide Balzarotti
The 16th Edition of the Computer Security track at the 32th ACM Symposium on Applied Computing
SEC@SAC 2017, Marrakech, Morocco, April 3-7 2017

[ abstract, pdf, bib ]

"Real-Time Detection of Malware Downloads via Large-Scale URL->File->Machine Graph Mining"
Babak Rahbarinia, Marco Balduzzi, Roberto Perdisci
The 11th ACM Asia Conference on Computer and Communications Security
AsiaCCS 2016, Xi'an, China, May 30 - June 3 2016

[ abstract, pdf, bib, slides ]

"MobiPot: Understanding Mobile Telephony Threats with Honeycards"
Marco Balduzzi, Payas Gupta, Lion Gu, Debin Gao and Mustaque Ahamad
The 11th ACM Asia Conference on Computer and Communications Security
AsiaCCS 2016, Xi'an, China, May 30 - June 3 2016

[ abstract, pdf bib ]

"Automatic Extraction of Indicators of Compromise for Web Application"
Onur Catakoglu, Marco Balduzzi, Davide Balzarotti
The 25th International World Wide Web Conference
WWW 2016, Montreal, Canada, April 11-15 2016

[ abstract, pdf, bib, slides ]

"A Security Evaluation of AIS, Automated Identification System"
Marco Balduzzi, Alessandro Pasta, Kyle Wilhoit
The 30th Annual Computer Security Applications Conference
ACSAC 2014, New Orleans, Louisiana, USA, December 8-12 2014

[ abstract, pdf, bib, slides, sourcecode ]

"Soundsquatting: Uncovering the use of homophones in domain squatting" (Best Paper Award)
Nick Nikiforakis, Marco Balduzzi, Lieven Desmet, Frank Piessens, Wouter Joosen
The 17th Information Security Conference
ISC 2014, Hong Kong, October 12-14 2014

[ abstract, pdf, bib, slides ]

"Automated Measurements of Novel Internet Threats [Paperback]"
Dr. Marco Balduzzi
LAP LAMBERT Academic Publishing, ISBN 978-3-659-41582-1, 120 pages, July 20 2013
[ description, book, bib, cover ]

"Targeted Attacks Detection With SPuNge"
Marco Balduzzi, Vincenzo Ciangaglini, Robert McArdle
The 11th Annual Conference on Privacy, Security and Trust
PST 2013, Tarragona, Catalonia, July 10-12 2013

[ abstract, pdf, bib ]

"The Role of Phone Numbers in Understanding Cyber-Crime Schemes"
Andrei Costin, Jelena Isacenkova, Marco Balduzzi, Aurélien Francillon, Davide Balzarotti
The 11th Annual Conference on Privacy, Security and Trust
PST 2013, Tarragona, Catalonia, July 10-12 2013

[ abstract, pdf, bib ]

"The role of phone numbers in understanding cyber-crime (technical report)"
Andrei Costin, Jelena Isacenkova, Marco Balduzzi, Aurélien Francillon, Davide Balzarotti
EURECOM Research Report RR-13-277, February 2013
[ abstract, pdf, bib ]

"Web Application Security, Dagstuhl Seminar 12401 (conference report)"
Lieven Desmet, Martin Johns, Benjamin Livshits, Andrei Sabelfeld
Schloss Dagstuhl, 30/09/12 - 05/10/12
[ abstract, pdf, bib ]

"A Security Analysis of Amazon's Elastic Compute Cloud Service"
Marco Balduzzi, Jonas Zaddach, Davide Balzarotti, Engin Kirda, Sergio Loureiro
The 11th Edition of the Computer Security track at the 27th ACM Symposium on Applied Computing
SEC@SAC 2012, Trento, Italy, March 26-30 2012

[ abstract, pdf, bib, press (forbes| infoWorld| ZDNet) ]

"Reverse Social Engineering Attacks in Online Social Networks"
Danesh Irani, Marco Balduzzi, Davide Balzarotti, Engin Kirda, Calton Pu
The 8th Conference on Detection of Intrusions and Malware & Vulnerability Assessment
DIMVA 2011, Amsterdam, The Netherlands, July 7-8 2011

[ abstract, pdf, bib, slides ]

"Exposing the Lack of Privacy in File Hosting Services"
Nick Nikiforakis, Marco Balduzzi, Steven Van Acker, Wouter Joosen, Davide Balzarotti
The 4th Usenix Workshop on Large-Scale Exploits and Emergent Threats
LEET 2011, Boston, US, March 29 2011

[ abstract, pdf, bib, slides, press (the register| slashdot) ]

"Automated Discovery of Parameter Pollution Vulnerabilities in Web Applications" (Best Paper Award)
Marco Balduzzi, Carmen Torrano Gimenez, Davide Balzarotti, Engin Kirda
The 18th Annual Network and Distributed System Security Symposium
NDSS 2011, San Diego, US, February 6-9 2011

[ abstract, pdf, bib ]

"EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis"
Leyla Bilge, Engin Kirda, Christopher Kruegel, Marco Balduzzi
The 18th Annual Network and Distributed System Security Symposium
NDSS 2011, San Diego, US, February 6-9 2011

[ abstract, pdf, bib, slides ]

"A Summary of Two Practical Attacks against Social Networks (invited paper)"
Leyla Bilge, Marco Balduzzi, Davide Balzarotti, Engin Kirda
The 21st Tyrrhenian Workshop on Digital Communications: Trustworthy Internet
Island of Ponza, Italy, September 6-8 2010

[ abstract, bib ]

"Abusing Social Networks for Automated User Profiling"
Marco Balduzzi, Christian Platzer, Thorsten Holz, Engin Kirda, Davide Balzarotti and Christopher Kruegel
The 13th International Symposium on Recent Advances in Intrusion Detection
RAID 2010, Ottowa, Canada, September 15-17 2010

[ abstract, pdf, bib, slideshare ]

"Security by virtualization: A novel antivirus for personal computers [Paperback]"
Marco Balduzzi
VDM Verlag Dr. Müller e.K., ISBN 978-3-639-25624-6, Paperback, 104 pages, May 7 2010
[ description, book, bib, cover ]

"Take a Deep Breath: a Stealthy, Resilient and Cost-Effective Botnet Using Skype"
Antonio Nappa, Aristide Fattori, Marco Balduzzi, Matteo Dell'Amico and Lorenzo Cavallaro
The 7th Conference on Detection of Intrusions and Malware & Vulnerability Assessment
DIMVA 2010, Bonn, Germany, July 8-9 2010

[ abstract, pdf, bib, slides ]

"A Solution for the Automated Detection of Clickjacking Attacks"
Marco Balduzzi, Manuel Egele, Engin Kirda, Davide Balzarotti, Christopher Kruegel
The 5th ACM Symposium on Information, Computer and Communications Security
AsiaCCS 2010, Beijing, China, April 13-16 2010

[ abstract, pdf, bib ]


TALKS


Academic Conferences

Hacking Conferences

Cyber-crime and Attacks in the Dark Side of the Web (upcoming)
* RSA Conference 2017, Abu Dhabi, UAE - 07-08/11/2017
* Code Motion 2017, Milan, Italy - 10/11/2017 (invited talk) [ abstract ]
* ISACA and OWASP Conference 2017, Venice, Italy - 06/10/2014 (invited talk) [ abstract ]

DefPloreX: A Machine-Learning Toolkit for Large-scale eCrime Forensics, Black Hat USA 2017 Arsenal, Las Vegas NV - 27/07/2017
[ abstract, slides, teaser video ]

Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem, APWG eCrime, Scottsdale, Arizona - 26/04/2017
[ agenda, slides (slideshare), blog, press (Dark Reading, Info Security, SC Magazine) ]

Mobile-Telephony Threats in Asia, Black Hat Asia 2017, Singapore - 31/03/2017
[ abstract, slides, blog ]

Cyberdéfense et détection du hacking, Ecole Polytechnique, Paris - 01/12/2016 (invited talk)

Plead APT, EECTF Plenary Meeting, Rome - 22/11/2016 (invited talk) [ slides (slideshare) ]

Black Hat Europe 2016, London, UK - 1-4/11/2016
- Traditional AV Is Dead? Real-Time Machine-Learning Detection of Modern Malware Downloads (sponsored talk) [ abstract, slides ]
- Machine-Learning Use and Validation of Indicators of Compromise for Early Detection (sponsored talk) [ abstract, slides ]

HackInBo, Bologna, Italy - 14-15/05/2016 (invited talk) [ video recording ]

Automatic Extraction of Indicators of Compromise for Web Application. RuhrSec, Bochum (Germany) - 29/04/2016 (invited talk)
[ slides (slideshare), photos, video recording ]

Cybercrime In The DeepWeb:
- OWASP NL Chapter Event (invited talk)
- Black Hat Europe 2015, Amsterdam, Netherlands - 12/11/2015 [ abstract, slides (slideshare), video recording ]
- Hack In The Box 2015 (HITB GSEC), Singapore - 15/10/2015 [ abstract, video recording, press (Motherboard VICE) ]

Targeted attacks detection and investigations. ISACA and OWASP Conference, Mestre, Italy - 07/10/2015 (keynote talk) [abstract]
Security Summit, Milan, Italy - 17/03/2015 (invited talk)

AIS Exposed. New vulnerabilities and attacks. Hack In The Box 2014 (HITB AMS), Amsterdam, Netherlands - 28/05/2014
[ abstract, slides (slideshare), press (PCWorld | CHE FUTURO) ]

AIS Exposed. Understanding Vulnerabilities and Attacks 2.0, Black Hat Asia 2014, Singapore - 27/03/2014
[ abstract, video recording ]

ISACA and OWASP Conference, Venice, Italy - 03/10/2014 (invited talk)
The Vessel Tracking & Monitoring Conference, London, UK - 27/02/2014
Security Summit, Milan, Italy - 18/03/2014 (invited talk)

Hey Captain, Where’s Your Ship? Attacking Vessel Tracking Systems for Fun and Profit, Hack In The Box 2013 (HITB KUL), Kuala Lumpur, Malaysia - 16/10/2013
[ abstract, slides (slideshare), press (ABC News | Net Security | MIT Techology Review | Softpedia) ]

HTTP(S)-Based Clustering for Assisted Cybercrime Investigations
- OWASP AppSec Research Europe 2013, Hamburg, Germany - 22/08/2013 [ abstract, slides (slideshare), video recording ]
- OWASP Italy @ Security Summit 2014, Milan, Italy - 18/03/2014

Cutting-edge research in system security, OWASP Italy Day 2012, Rome, Italy - 23/11/2012 (invited talk)
[ slides ]

SatanCloud: Un Viaje por los Riesgos a la Privacidad y Seguridad del Cloud Computing
- SECURITY-ZONE 2012, Cali, Colombia - 06/12/2012 (invited talk) [abstract]
- 8dot8 Computer Security Conference 2012, Santiago, Chile - 18/10/2012 (invited talk) [abstract, press (El Mercurio)]

SatanCloud: A Journey Into the Privacy and Security Risks of Cloud Computing, Hack In The Box 2012 (HITB AMS), Amsterdam, Netherlands - 25/05/2012
[ abstract, slides (slideshare), video recording ]

A journey into the privacy and security risks of a cloud computing service, Black Hat Webcast Series, April 2012 - 19/04/2012 (invited talk)
[ abstract, slides ]

Detección Automática de vulnerabilidades HPP en aplicaciones Web
- SECURITY-ZONE 2011, Cali, Colombia - 28/11/2011 (invited talk) [ abstract ]
- 8dot8 Computer Security Conference, Santiago, Chile - 18/11/2011 [ abstract, press (yahoo!) ]

Attacking the Privacy of Social Network Users, Hack In The Box 2011 (HITB KUL), Kuala Lumpur, Malaysia - 11/10/2011
[ abstract, slides (slideshare), video recording, press ]

Automated Detection of HPP Vulnerabilities in Web Applications, Black Hat USA 2011, Las Vegas, NV - 04/08/2011
[ abstract, slides v.03 ]

The (in)security of File Hosting Services, OWASP Netherlands Chapter Meeting, Amsterdam - 06/07/2011 (invited talk)
[ abstract, slides (pdf) ]

Emerging Attacks on Social Networks, FORTINET, Sophia-Antipolis - 30/06/2011 (invited talk)

HPP v.02, Black Hat Webcast Series, May 2011 - 25/05/2011 (invited talk)
[ abstract + registration, slides v.02 ]

Building Large Scale Detectors for Web-based Malware (Cova, Canali), OWASP AppSec Europe 2011, Dublin, Ireland - 09/07/2011
[ Conference Page, slides (pdf) ]

HTTP Parameter Pollution, Swiss Cyber Storm 2011, Rapperswil, Switzerland - 12/05/2011
[ abstract, video recording ]

Security Info Session, SAP - 27/04/2011 (invited talk)

CSI Filter 3, Computer Security Institute - 07/04/2011 (invited talk)
[ program ]

HTTP Parameter Pollution Vulnerabilities in Web Applications, Black Hat Europe 2011, Barcelona, Spain - 17/03/2011
[ abstract, whitepaper, slides (pdf), slides (slideshare), press (forbes | la stampa) ]

Clickjacking, OWASP BeNeLux 2010, Eindhoven, Netherlands - 02/11/2010 (invited talk)
[ pdf, odp, html ]

New Insights into Clickjacking, OWASP AppSec Research Europe 2010, Stockholm, Sweden - 24/06/2010
[ pdf, odp, html, slideshare, video recordings (1, 2) ]

Security by Virtualization, Metro Olografix Hacking Party, Pescara, Italy - 19/05/2007
[ pdf ]

Network multimedia with GNU/Linux, LinuxDay @ School by BgLUG, Val Seriana, Italy - 04/03/2006
[ pdf sxi ]

Secure networking with GNU/Linux, LinuxDay 2005, Bergamo, Italy - 26/11/2005
[ pdf sxi html recording-mp3 ]

Introduction to software development in the GNU/Linux environment (particular references to C language), Version 0.2, LinuxDay 2004, Bergamo, Italy - 27/11/2004
[ pdf sxi html ]

Risks and insecurities of IT infrastructures, SatEXPO 2004, Vicenza, Italy - 30/09/2004
[ pdf sxi html ]

Techniques for prevention, protection and identification of IT attacks, SatEXPO 2004, Vicenza, Italy - 30/09/2004
[ pdf sxi html ]

Introduction to software development in the GNU/Linux environment (particular references to C language), MOCA 2004, Pescara, Italy - 21/05/2004
[ pdf sxi html ]

Network programming with libpcap and libnet, Webb.it 2004, Padova, Italy - 06/05/2004
[ pdf sxi html example-sources ]

Security analysis of routing protocols, Security Date 2004, Ancona, Italy - 29/04/2004
[ pdf sxi html ]

Intrusion Detection Systems (IDS): state of art and research, HackMeeting 2004, Genova, Italy - 02/04/2004
[ pdf html ]

Security of the GNU/Linux operating systems, Linuxday 2003, Bergamo, Italy - 29/11/2003
[ pdf ]

Low-level network programming with libpcap and libnet, HackMeeting 2003, Torino, Italy - 20/06/2003
[ pdf sxi html example-sources ]


MORE



Supervised students and collaborations

White-Papers and Additional


OLD SCHOOL



Here's a list of "old school" material that I produced several years ago, during the free time of my studies ... :-) Underground Groups Security Resources Linux related resources: