Hello! It's me Mario

I am an Assistant Professor (RTDa) at Politecnico di Milano, affiliated with the NECSTLab, where my primary research focus is in the field of Computer Security. Specifically, I am deeply engaged in various aspects of Computer Security and Computer Science, with my current research centered around Malware and Binary Analysis.

I love CTF (Capture the Flag), I am the co-founder and captain of the mhackeroni CTF team (usually ending up in Vegas to play DEFCON Finals). I play with Tower of Hanoi and I coach Team Italy and Team Europe

Contacts

mario.polino [a t] polimi.it

(+39) 02-2399-3564 (NecstLab)

NECSTLab, Building 20
DEIB, Politecnico di Milano
Via Ponzio 34/5, Milano, Italy

PGP Key

SSH Pub Key

CV

Publications

# Fraud Detection Under Siege: Practical Poisoning Attacks and Defense Strategies
T. Paladini, F. Monti, Mario Polino, M. Carminati, S. Zanero,
ACM Transactions on Privacy and Security (TOPS) , 2023
[PDF]

# Untangle: Aiding Global Function Pointer Hijacking for Post-CET Binary Exploitation
A. Bertani, M. Bonelli, L. Binosi, M. Carminati, S. Zanero, Mario Polino,
Detection of Intrusions and Malware, and Vulnerability Assessment , 2023
[Code] [PDF]

# BINO: Automatic Recognition of Inline Binary Functions from Template Classes
L. Binosi, Mario Polino, M. Carminati, S. Zanero,
Computers & Security , 2023
[Code] [PDF]

# CyFence: Securing Cyber-physical Controllers Via Trusted Execution Environment
S. Longari, A. Pozone, J. Leoni, Mario Polino, M. Carminati, M. Tanelli, S. Zanero,
IEEE Transactions on Emerging Topics in Computing , 2023
[PDF]

# CANflict: Exploiting Peripheral Conflicts for Data-Link Layer Attacks on Automotive Networks
A. Faveri Tron, S. Longari, M. Carminati, Mario Polino, S. Zanero,
Proceedings of ACM Conference on Computer and Communications Security (CCS 2022) , 2022
[PDF]

# Apìcula: Static Detection of API Calls in Generic Streams of Bytes
M. D’Onghia, M. Salvadore, B. Nespoli, M. Carminati, Mario Polino, S. Zanero,
Computers & Security , 2022
[PDF]

# Amaretto: An Active Learning Framework for Money Laundering Detection
D. Labanca, L. Primerano, M. Markland-Montgomery, Mario Polino, M. Carminati, S. Zanero,
IEEE Access , 2022
[PDF]

# A Systematical and Longitudinal Study of Evasive Behaviors in Windows Malware
N. Galloro, Mario Polino, M. Carminati, A. Continella, S. Zanero,
Computers & Security , 2022
[PDF]

# SyML: Guiding Symbolic Execution Toward Vulnerable States Through Pattern Learning
N. Ruaro, K. Zeng, L. Dresel, Mario Polino, T. Bao, A. Continella, S. Zanero, C. Kruegel, G. Vigna,
24th International Symposium on Research in Attacks, Intrusions and Defenses , 2021
[Code] [PDF]

# NoSQL Breakdown: A Large-scale Analysis of Misconfigured NoSQL Services
D. Ferrari, M. Carminati, Mario Polino, S. Zanero,
Proceedings of 36th Annual Computer Security Applications Conference (ACSAC 2020) , 2020
[PDF]

# Evasion Attacks against Banking Fraud Detection Systems
M. Carminati, L. Santini, Mario Polino, S. Zanero,
Proceedings of 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020) , 2020
[PDF]

# Security of controlled manufacturing systems in the connected factory: the case of industrial robots
M. Pogliani, D. Quarta, Mario Polino, M. Vittone, F. Maggi, S. Zanero,
Journal of Computer Virology and Hacking Techniques , 2019
[PDF]

# ELISA: ELiciting ISA of raw binaries for fine-grained code and data separation
P. De Nicolao, M. Pogliani, Mario Polino, M. Carminati, D. Quarta, S. Zanero,
Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA) , Paris, France, 2018
[PDF]

# There's a Hole in that Bucket! A Large-scale Analysis of Misconfigured S3 Buckets
A. Continella, Mario Polino, M. Pogliani, S. Zanero,
Proceedings of the Annual Computer Security Applications Conference (ACSAC) , San Juan, Puerto Rico, Usa, 2018
[BucketSec] [PDF]

# Security Evaluation of a Banking Fraud Analysis System
M. Carminati, Mario Polino, A. Continella, A. Lanzi, F. Maggi, S. Zanero,
ACM Transactions on Privacy and Security (TOPS) , 2018

# SysTaint: Assisting Reversing of Malicious Network Communications
G. Viglianisi, M. Carminati, Mario Polino, A. Continella, S. Zanero,
8th Software Security, Protection, and Reverse Engineering Workshop , 2018

# Measuring and Defeating Anti-Instrumentation-Equipped Malware
Mario Polino, A. Continella, S. Mariani, S. D’Alessio, L. Fontana, F. Gritti, S. Zanero,
Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA) , Bonn, Germany, 2017
[Code] [PDF]

# An Experimental Security Analysis of an Industrial Robot Controller
D. Quarta, M. Pogliani, Mario Polino, F. Maggi, A. Zanchettin, S. Zanero,
2017 IEEE Symposium on Security and Privacy (SP) , 2017
[PDF] [Site]

# Prometheus: Analyzing WebInject-based information stealers
A. Continella, M. Carminati, Mario Polino, A. Lanzi, S. Zanero, F. Maggi,
Journal of Computer Security , 2017
[PDF]

# Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing Policy
V. Afonso, A. Bianchi, Y. Fratantonio, A. Doupè, Mario Polino, P. Geus, C. Kruegel, G. Vigna,
Proceedings of the Symposium on Network and Distributed System Security (NDSS) , 2016
[PDF]

# SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis
Y. Shoshitaishvili, R. Wang, C. Salls, N. Stephens, Mario Polino, A. Dutcher, J. Grosen, S. Feng, C. Hauser, C. Kruegel, G. Vigna,
2016 IEEE Symposium on Security and Privacy (SP) , 2016
[PDF]

# Jackdaw: Towards Automatic Reverse Engineering of Large Datasets of Binaries
Mario Polino, A. Scorti, F. Maggi, S. Zanero,
Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA) , 2015
[PDF]