Joined August 2017
- Tweets 328
- Following 1,036
- Followers 672
- Likes 597
24 Photos and videos
Pinned Tweet
Feb 27
Breaking news from NDSS26: it seems that we have won a Distinguished Paper Award for "Decompiling the Synergy: An Empirical Study of Human-LLM Teaming in Software Reverse Engineering"
A giant thank you to my amazing co-authors and everyone who participated in the experiment!
1
5
32
1,129
Apr 28
(1/n) New research on Windows malware, to appear at ACM ASIA CCS 2026 [1]:
"SoK: Systematization, Detection, and Hunting of Windows Malware Persistence Techniques" [2]
This work is a collaboration between EURECOM and the University of Twente.
1
5
11
494
Apr 28
(3/n)
- Only ~55% of malware is persistent, challenging common assumptions
- Discovery of a new persistence technique and 2 evasion strategies
- Interactive website with all techniques and details [3]
- 60 new detection rules merged into the Mandiant's CAPA [4]
1
1
96
Apr 28
(4/n) Refs
[1] asiaccs2026.cse.iitkgp.ac.in…
[2] s3.eurecom.fr/docs/asiaccs26…
[3] utwente-scs.github.io/Sok-Wi…
[4] mandiant.github.io/capa/
1
67
Mar 19
I was watching a presentation [1] on @REverseConf 2026 and I learned an anti-emulation trick that uses x87 FPU quirks. It is used by an anti-cheat engine (as part of an MBA).
Here you go, it detects Unicorn: github.com/packmad/fprem-ant…
[1] youtube.com/watch?v=3LtwqJM3…
1
6
263
Mar 9
[1/4] "Trust Under Siege: Label Spoofing Attacks Against ML for Android Malware Detection" has been accepted at IEEE TIFS.
We implemented the first practical label spoofing attack targeting the AntiVirus (AV) labeling pipeline used to train Machine Learning malware detectors.
1
2
5
328
Mar 9
[3/4] This attack works because many pipelines blindly trust AV labels.
⚠️ 1% poisoned samples → performance drops by up to ~15%
🎯 0.015% → targeted false positives
Smallest payloads we used: 22 and 55 bytes.
Yes, you can poison with something smaller than this sentence.
1
2
51
Mar 9
[4/4]
Authors:
Tianwei Lan, @zangobot , Farid Nait-Abdesselam , Yufei Han, @packm4d
Links:
ieeexplore.ieee.org/document…
s3.eurecom.fr/docs/tifs26_la…
1
3
110
Feb 24
I'm in San Diego for NDSS26. We got these two papers accepted:
[1] "Unveiling BYOVD Threats: Malware's Use and Abuse of Kernel Drivers"
[2] "Decompiling the Synergy: An Empirical Study of Human-LLM Teaming in Software Reverse Engineering"
Come by, let's have a drink 🍻
2
8
114
Feb 24
2
100
Simone Aonzo retweeted
Jan 22
Binary obfuscation in 2026:
Just put ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FA... into your program 😎
27
338
3,780
649,992
Jan 21
Congratulations to @DIMVAConf on its well-deserved rank up (C -> B).
Kudos to the organizing committee and the broader DIMVA community 👏
portal.core.edu.au/conf-rank…
2
116
Jan 21
DNS requests on my home network over the last 24 hours (no one was using the network).
The red spikes at regular intervals are blocked DNS requests (global[.]telemetry[.]insights[.]video[.]a2z[.]com) of the Amazon Fire Stick.
Heartfelt thanks to the pi-hole.net/ team❤️
1
2
343
Simone Aonzo retweeted
17 Dec 2025
Do LLMs actually help hackers reverse engineer and understand the software they want to exploit?
We ran the first fine-grained human study of LLMs reverse engineering.
To appear at NDSS 2026.
Interested? Some quick findings in 🧵👇
Paper: zionbasque.com/files/papers/…
4
72
237
25,899
28 Oct 2025
Wolfenstein 3D (1992) by id Software didn’t need DRM. It had threats.
Even if the "aggressive" protection mechanism was a joke… it definitely made you think twice. 😅
5
193
13 Oct 2025
🚨 New research from EURECOM & Univ. of Milan!
[1/3] “Unveiling BYOVD Threats: Malware’s Use and Abuse of Kernel Drivers” (to appear at NDSS’26) reveals how malware exploits signed drivers to gain kernel privileges. This work led to the discovery of 7 unknown weaponized drivers💣
1
13
24
6,805
13 Oct 2025
[2/3] You can find all relevant links in our blog post:
s3.eurecom.fr/post/2025/10/1…
1
4
313
13 Oct 2025
1
4
357