W H O

I am Mariano `emdel` Graziano and I am currently a researcher at Cisco in the Talos group.

I obtained my Ph.D. from Telecom ParisTech/Eurecom (Sophia Antipolis - France) and during my doctoral studies I worked in the Software and Systems Security group (S3) under the supervision of Davide Balzarotti.

I earned a Master of Science in Computer and Communication Networks from Politecnico di Torino (Italy).

N E W S

  • Talk accepted at Recon - 2017/06
  • 4th place at the Volatility plugin contest- 2016/12
  • Talk accepted at Zeronights - 2016/11
  • Talk accepted at TenSec - 2016/11
  • Talk accepted at HackInBo - 2016/10

    • W H A T

    Mariano is interested in security researches related to memory forensics, automated malware analysis, virtualization and exploitation techniques.

    P U B L I C A T I O N S

  • Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks
    Stefano Cristalli, Mattia Pagnozzi, Mariano Graziano, Andrea Lanzi, Davide Balzarotti
    25th USENIX Security Symposium (USENIX Security), Austin, Texas, August 2016
  • Subverting Operating System Properties through Evolutionary DKOM Attacks
    Mariano Graziano, Lorenzo Flore, Andrea Lanzi, Davide Balzarotti
    13th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), San Sebastian, Spain, July 2016
  • Measuring the Role of Greylisting and Nolisting in Fighting Spam
    Fabio Pagani, Matteo De Astis, Mariano Graziano, Andrea Lanzi, Davide Balzarotti
    46th Annual International Conference on Dependable Systems and Networks (DSN), Toulouse, France, June 2016
  • ROPMEMU: A Framework for the Analysis of Complex Code-Reuse Attacks
    Mariano Graziano, Davide Balzarotti, Alain Zidouemba
    11th Asia Conference on Computer and Communications Security (ASIACCS), Xi'an, China, June 2016
  • Needles in a Haystack: Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence
    Mariano Graziano, Davide Canali, Leyla Bilge, Andrea Lanzi, Davide Balzarotti
    24th USENIX Security Symposium (USENIX Security), Washington DC, August 2015
  • Through the Looking-Glass, and What Eve Found There
    Luca Bruno, Mariano Graziano, Davide Balzarotti, Aurelien Francillon
    8th USENIX Workshop on Offensive Technologies (WOOT), San Diego, California, August 2014
  • Hypervisor Memory Forensics
    Mariano Graziano, Andrea Lanzi, Davide Balzarotti
    16th International Symposium on Research in Attacks, Intrusions and Defenses (RAID), St. Lucia, October 2013
  • Towards Network Containment in Malware Analysis Systems
    Mariano Graziano, Corrado Leita, Davide Balzarotti
    28th Annual Computer Security Applications Conference (ACSAC), Orlando, Florida, December 2012

    • T A L K S

  • BASS Automated Signature Synthesizer
    Mariano Graziano, Jonas Zaddach
    Recon 2017, Montreal (Canada), June 2017
  • Dissecting complex code-reuse attacks with ROPMEMU
    Mariano Graziano
    Zeronights 2016, Moscow (Russia), November 2016
  • Graffiti: the spraying attacks slayer
    Mariano Graziano
    Tensec 2016, Beijing (China), November 2016
  • Make DKOM attacks great again
    Mariano Graziano
    HackInBo 2016, Bologna (Italy), October 2016
  • Memory Forensics: A Volatility Primer
    Mariano Graziano
    Security Day 2015, Lille 1 University (France), January 2015
  • Through the Looking-Glass, and What Eve Found There
    Mariano Graziano, Luca Bruno
    DEF CON 22, Las Vegas (USA), August 2014
  • Under the Hood: How Actaeon Unveils Your Hypervisor
    Mariano Graziano, Andrea Lanzi
    Hack In The Box, Kuala Lumpur (Malaysia), October 2013
  • Hypervisors Memory Forensics
    Mariano Graziano, Davide Balzarotti
    SANS DFIR EU Summit, Prague (Czech Republic), October 2013
  • Beware of Hypervisor: Understanding ring -1
    Mariano Graziano
    MOCA 2012, Pescara (Italy), August 2012

    • M I S C

  • eng Mozzie: a normalization environment for malware execution Slides presented for my graduation at the Politecnico di Torino about my final project for the Master of Science in Computer and Communication Networks. Mozzie has been developed at the Network and Security Department of Institut Eurecom (iSecLab).
  • eng Smashing the stack in 2010 Report for the Computer Security exam at the Politecnico di Torino. It deals with buffer overflows in modern Linux and Windows systems considering also all the countermeasures introduced by software companies. Notice that I have performed the analysis on Windows while my classmate Andrea Cugliari on Linux. Happy hacking!
  • ita Malicious Softwares: conosciamoli meglio... Slide portare a SMAU 09 - 23/10/2009 Fiera Milano city, divulgative sul mondo dei malwares, i suoi trends ed il cybercrime.
  • eng E-Doctor Project presented to the Imagine Cup, a Microsoft international student competition, by me Dino, Manuel and Giampiero, my schoolfriends at Politecnico di Torino. In this paper we discuss about E-Doctor. E-DOCTOR is a low cost device focused on the disease prevention and support to facilitate medical screening in disadvantaged areas.
  • ita Malware: know your enemies Slides portate al DIGITAL SECURITY day 2008, 12/12/2008 Universita' di Crema, insieme a Roberto Sponchioni relative ai malwares, alla loro classificazione, comportamento ed analisi. Nell'archivio e' anche presente la demo di DLL injection con il relativo sorgente.

    • C O N T A C T

  • graziano {at] eurecom [dot) fr
  • python -c "print 'em%s%splayhack%s' % ('del', '@', '.net')"
  • My public key = 0x6E40AB3C
  • Key Fingerprint: 6DDA AD10 27AA D620 43B1 4BDB 85EC B102 6E40 AB3C
    • T W I T T E R
    L I N K E D I N
    G I T H U B
    S C H O L A R