Publications
-
ππ CONFUSUM CONTRACTUM: Confused Deputy Vulnerabilities in Ethereum Smart Contracts
Fabio Gritti, Nicola Ruaro, Robert McLaughlin, Priyanka Bose, Dipanjan Das, Ilya Grishchenko, Christopher Kruegel, and Giovanni Vigna
Proceedings of the 32nd USENIX Security Symposium. -
ππ HEAPSTER: Analyzing the Security of Dynamic Allocators for Monolithic Firmware Images
Fabio Gritti, Fabio Pagani, Ilya Grishchenko, Lukas Dresel, Nilo Redini, Christopher Kruegel, And Giovanni Vigna.
Proceedings of the IEEE Symposium on Security and Privacy, San Francisco, USA, May 2022. -
ππ SYMBION: Interleaving Symbolic with Concrete Execution
Fabio Gritti, Lorenzo Fontana, Eric Gustafson, Fabio Pagani, Andrea Continella, Christopher Kruegel, And Giovanni Vigna.
Proceedings of the IEEE Conference on Communications and Network Security (CNS), Avignon, France, June 2020. -
ππ A History of Greed: Practical Symbolic Execution for Ethereum Smart Contracts
Nicola Ruaro, Fabio Gritti, Robert McLaughlin, Dongyu Meng, Ilya Grishchenko, Christopher Kruegel, Giovanni Vigna
International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, 2025. -
ππ Approve Once, Regret Forever: On the Exploitation of Ethereum's {Approve-TransferFrom} Ecosystem
Nicola Ruaro, Fabio Gritti, Dongyu Meng, Robert McLaughlin, Ilya Grishchenko, Christopher Kruegel, and Giovanni Vigna
Proceedings of the 34th USENIX Security Symposium. -
ππ Not your Type! Detecting Storage Collision Vulnerabilities in Ethereum Smart Contracts
Nicola Ruaro, Fabio Gritti, Robert McLaughlin, Ilya Grishchenko, Christopher Kruegel, and Giovanni Vigna
Proceedings of Symposium on Network and Distributed System Security (NDSS), San Diego, USA, February 2024. -
ππ When Malware is Packinβ Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features
Hojjat Aghakhani, Fabio Gritti, Francesco Mecca, Martina Lindorfer, Stefano Ortolani, Davide Balzarotti, Giovanni Vigna And Christopher Kruegel.
Proceedings of Symposium on Network and Distributed System Security (NDSS), San Diego, USA, February 2020. -
ππ Measuring and defeating anti-instrumentation-equipped malware
Mario Polino, Andrea Continella, Sebastiano Mariani, Stefano DβAlessio, Lorenzo Fontana, Fabio Gritti, Stefano Zanero.
Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA) , Bonn, Germany, 2017 -
ππ© Arancino: Hiding PINβs Artifacts to Defeat Evasive Malware
Mario Polino, Andrea Continella, Sebastiano Mariani, Stefano Dβalessio, Lorenzo Fontana, Fabio Gritti, Stefano Zanero.
Black Hat Europe, London, 2017 -
ππ© PinDemonium: a DBI-based generic unpacker for Windows executables
Sebastiano Mariani, Lorenzo Fontana, Fabio Gritti.
Black Hat USA, Las Vegas, 2016