Projects

Following a small prject list where I am or I’ve been involved over the past years. I’d like to keep them in this page for personal memories.

MalwareStats

MalwareStats. The continued growth in number and in complexity of malware is a well established fact. Malwares are no longer simple pieces of code that rely on unsuspecting users to spread and thrive. They can change, adapt and hide themselves from analysts, using very sophisticated techniques. Static analysis is complex and time consuming, and it could be difficult to deduce every possible malicious behaviour, yet it is often very effective because it hinders the capability of malware to detect the analysis environment. The purpose of this work is to provide valuable assistance to the phase of static analysis, supporting analysts in their exploration of code features, by letting them make more focused, statistically motivated and structured decisions.

Malcontrol

Gathering open data from malware analysis websites is the main target of Malware Control Monitor project. Visualize such a data by synthesize statistics highlighting where threats happen and what their impact is, could be useful to identify malware propagation. A backround node scrapes websites to grab malware informations and fills up a mongod database. An API node serves API useful to frontend layer. Public API are available, please read doc/index.html for a full list of API. If you are interested on developing a website scraper take as example one of the scrapers available into the scrapers folder. Each scraper must be a function ‘goScraper’ ending-up saving scraped data to db using the functionsaveMalwareToDB respecting the db schema placed into schemas. Find more on this post and on GitHub Repo.

SecExt

SecExt. This project proposes a solution to a class of attacks, well exemplified by HTTPS stripping and CLickJacking, which leverage a combination of weak configuration choices to trick users into providing sensitive data through hijacked connections. Our solution is based on a browser extension that helps web users to detect this kind of integrity and authenticity breaches, by extracting relevant features from the browsed pages and comparing them to reference values coming from different sorts of trusted sources. The rationale behind the extension is discussed and its effectiveness is demonstrated with some quantitative results, gathered on the prototype that has been implemented for Mozilla Firefox. Get code here. More details on this page.

MouseGlove

MouseGlove is an open source project for a new generation of mouse. The goal of this project is to provide an open source hardware and software stimulating new developers to improve the usability of computers through new interfaces. MouseGlove is a new kind of interface born for helping people affected by disabilities who cannot use common interfaces such as mouse and keyboard. MouseGlobe offers a natural way to move the screen pointer, click and drag objects. Each action is natural as using your hands to keep, move and touch real objects on a desktop. I encourage every developer to grab my source code and electronics and build an improved version of MouseGlove, keeping alive the next generation of computer mouse interfaces.

RoboAdmin

RoboAdmin Remote system’s administration is usually performed according to the standard client-server model. A service runs on the target system, either providing a remote view of the locally available administration tools (e.g: remote terminal, remote desktop), or implementing a back-end for the execution of complex commands received through a corresponding front-end (e.g.: web-based administration interfaces). The service usually exposes a single access point, which is the obvious target of attacks like, for instance: DoS or brute-force authentication attempts. Limiting the impact of these attacks is very difÞcult; usually one or more reactive or proactive techniques are exploited, as brießy summarized hereinafter. Access limitation solutions, like for example account lock-out and connection throttling, react to sus- pect activity (in terms of failed login attempts or exceedingly high trafÞc) that could be the symptom of an ongoing attack. In this way, however, they expose the legitimate administrator as well as the attacker to the same risk of being cut out of the server. Pre-authentication protocols, as port-knocking and Cryptographically Constantly Changing Port Opening (C3PO), tackle instead the problem of hiding the administration port to everyone but the legitimate administrator; the server recognizes a sequence of specially crafted packets sent by the administrator, and subsequently allows the originating address to access the administration port. The sequence is based on a shared secret, and usually involves sending several packets to the correct TCP or UDP ports within a time-frame. This approach also suffers from various drawbacks: Þrst, temporary lock-out can again be triggered by any malicious or fortuitous event that lets the server receive a wrong sequence; second, a special client is required to execute the protocol; third, trafÞc directed to unusual ports could be blocked before it reaches the server. Host- and network-based intrusion detection systems can help thwarting the attacks before they suc- ceed, but can not guarantee security against the vastly distributed attacks that are presently possible, especially considering the value of the target (that is full control of an Internet host). However, there is a signiÞcant difference between the administration service and the others usually provided by the same host. While the latter must typically be fairly visible to a varied audience, the former is intended solely for the legitimate system administrator. This peculiarity can be leveraged to protect the sensitive administration service from malicious exploitation attempts, by completely changing the access model. The goal of this research is to devise an unconventional model of communication between the system administrator and the remote administration interface. In the proposed solution, previously outlined in, the intrinsic vulnerability of the traditional scheme is addressed by reversing the client-server relation; an administration engine replaces the classical service, originating connections to an intermediate system rather then listening for connections. The immediate advantage arising from this design choice is that there is nothing to attack on the remote host. On the other hand, the introduction of an additional system in the security chain must be carefully evaluated, to avoid introducing unexpected attack paths, and eventually making the system less robust than it originally was. We claim that, if properly modeled and implemented, a platform based on the meeting of the server and its administrator on an intermediate system is expedient in terms of security, availability, usability and opportunity for future extension.

IENA

IENA. During the last decade, the Information Society experienced an exponential growth of Internet-based distributed services, such as web access, e-mail and many other on-line applications dealing with communications, business administration, entertainment, education, commerce, banking, government, to name a few. The current scenario, with hundreds of millions of hosts connected to the network and an ever increasing number of customers and services available, brings the need for securing information exchange and storage as well as the systems and networks involved in this process, to prevent any misuse from unauthorized and malicious users. As a consequence, computer network security has become one of the major concerns both within the scientific community, as a hot research topic, and among system and network administrators, as a good practice in everyday work. It also presents several legal aspects which are not negligible at all. Distributed information and communication systems are constantly under attack by malicious Internet users who want to gain access to or corrupt sensible data, take control of hosts and network devices or simply compromise specific service availability. To perpetrate this illegitimate behaviors, a number of techniques are used by the so-called hackers, such as information gathering, port scanning, vulnerability exploitation, brute force attack, manin- the-middle attack, remote escalation, (distributed) denial of service and many more [1]. Another very popular technique to compromise network security is through the spreading of malicious software such as worms, viruses, trojans, which are able to expose Internet users and services to an extremely serious threat [2]. For these reasons, a number of system and network security tools such as antivirus and firewall software, intrusion detection systems (IDS), network IDS (NIDS), intrusion prevention systems (IPS) and many more have been developed in the past. The model assumed by the deployment of such tools is oriented to the adoption of a strategy based on closed policies, like strong information and communication encryption, limited and strictly controlled access to resources, thorough selection of essential services, constantly up-to-date knowledge of service vulnerabilities and related countermeasures, and so on. The intent of this work is to revise the common logic of the attack/defense paradigm in todayÕs network security and propose a different scheme using a distributed open approach to prevent network services exploitation that, combined with traditional security techniques, can improve the security level in networked environments.

SpamPig

SpamPig. This Project born for research target. One of our target was “touch” tuProlog Limit, in fact with this intelligence antispam system we work with tens of Mega Byte prolog theory. As all sould know, Prolog has much goals but if you use it with a very big theory, the computational time of prolog engine is very hight ! In this particular case SpamPIG is very optimized so common user could kill his spam with this. In this version you could controll only a single mail box but in future we would like open this project to unlimited mail box. What you’ll find in this version: Swing Interface : Friendly Grafic User Interface. Prolog Engine: Powerful Prolog Engine to calculate spam probability. Auto Knowledge: Intelligint module that learn on your existing mail. Upadte Black List: Powerful but very slow tecnicque to create an automatic prolog theory (it takes 5 hours, it translate about 6MB of data) View Therory: Simple but efficient Theory viewer ( about 20 minutes ) View Mail: Simple but efficient Mail viewer ( very fast :-) )

RSSecReader

RSSecReader RSSecReader is a freeware “out of App-store” application made for people who want to be always up to date in security news. As written on the landing page this is a freeware and buggy application made in one night and let it available only because I thought it would be useful to security engineers who are traveling a lot. Please keep it as it is. I might update it as I might not. To learn more go here.



FronteRetro Camera

FronteRetro Camera. is an innovative application for photographers ! This revolutionizes the way to see pictures and to make them ! Why only the subject of the picture is included in the picture ? Why not the photographer ? After all the photographer is the artist who made the picture ! FronteRetro makes this possible. In one picture FronteRetro puts the subject of the picture and the image of the photographer !! No anonymous pictures anymore ! Use the Built-in buttons to share your pictures on FaceBook, Twitter, Tumblr and to send them directly to emails ! FronteRetro gives a signature to your photos ! The signature is the face of the artist !

iAlarME

iAlarMEis another very simple application which helps you in protecting your device and/or your home from thieves. Assuming that the thief is in your property and that he sees your iPhone/iPAD and assuming that he will steal it, iAlarME sets your device like a bait. The thief will grab it and the device will start to ring ! The main assumption behind this project is to make a cult object (like an iPhone) a bait for thieves.


VespaUtility

VespaUtility is a very simple application made for everybody loves the famous Italian Scooter “Vespa”. Through this simple app the user can check frame numbers, engines numbers, original colors, original components and can easily evaluate different kinds of vespas. For each different type of Vespa the application shows pictures and technical details. To know more about this application and to download it please go in the app store site here.