Simone Aonzo

(4/n) Refs [1] https://t.co/pxNITTAeVd [2] https://t.co/PtL36wM6Gf [3] https://t.co/Ni0bOMeGu0 [4] https://t.co/t4n8di0G6P

(1/n) New research on Windows malware, to appear at ACM ASIA CCS 2026 [1]: "SoK: Systematization, Detection, and Hunting of Windows Malware Persistence Techniques" [2] This work is a collaboration between EURECOM and the University of Twente.

(3/n) - Only ~55% of malware is persistent, challenging common assumptions - Discovery of a new persistence technique and 2 evasion strategies - Interactive website with all techniques and details [3] - 60+ new detection rules merged into the Mandiant's CAPA [4]

[1/4] "Trust Under Siege: Label Spoofing Attacks Against ML for Android Malware Detection" has been accepted at IEEE TIFS. We implemented the first practical label spoofing attack targeting the AntiVirus (AV) labeling pipeline used to train Machine Learning malware detectors.

[3/4] This attack works because many pipelines blindly trust AV labels. ⚠️ 1% poisoned samples → performance drops by up to ~15% 🎯 0.015% → targeted false positives Smallest payloads we used: 22 and 55 bytes. Yes, you can poison with something smaller than this sentence.

I'm in San Diego for NDSS26. We got these two papers accepted: [1] "Unveiling BYOVD Threats: Malware's Use and Abuse of Kernel Drivers" [2] "Decompiling the Synergy: An Empirical Study of Human-LLM Teaming in Software Reverse Engineering" Come by, let's have a drink 🍻

[1] https://t.co/6yNHkjxhfy [2] https://t.co/7kf3fqLL3R