I am Mariano `emdel` Graziano and in this page I post my works related to memory forensics. yromem.re is a repository of ideas and efforts to improve the state of the art of this fascinating field. yromem.re tries to combine the memory forensics approach also for other tasks such as reversing engineering and malware analysis. yromem is the reverse text of memory and '.re' is for the reversing aspect.


  • 4th place at the Volatility plugin contest- 2016/12
  • C O D E

  • ROPMEMU [Github] - 4th place Volatility plugin contest 2016
  • ksfinder [Github] - 4th place Volatility plugin contest 2016
  • kstackps [Github] - PoC
  • winmaps [Github] - PoC
  • info_regs [Github] - PoC
  • Actaeon [Github] - 1st place Volatility plugin contest 2013
  • P U B L I C A T I O N S

  • Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks
    Stefano Cristalli, Mattia Pagnozzi, Mariano Graziano, Andrea Lanzi, Davide Balzarotti
    25th USENIX Security Symposium (USENIX Security), Austin, Texas, August 2016
  • ROPMEMU: A Framework for the Analysis of Complex Code-Reuse Attacks
    Mariano Graziano, Davide Balzarotti, Alain Zidouemba
    11th Asia Conference on Computer and Communications Security (ASIACCS), Xi'an, China, June 2016
  • Hypervisor Memory Forensics
    Mariano Graziano, Andrea Lanzi, Davide Balzarotti
    16th International Symposium on Research in Attacks, Intrusions and Defenses (RAID), St. Lucia, October 2013
  • T A L K S

  • Dissecting complex code-reuse attacks with ROPMEMU
    Mariano Graziano
    Zeronights 2016, Moscow (Russia), November 2016
  • Graffiti: the spraying attacks slayer
    Mariano Graziano
    Tensec 2016, Beijing (China), November 2016
  • Memory Forensics: A Volatility Primer
    Mariano Graziano
    Security Day 2015, Lille 1 University (France), January 2015
  • Under the Hood: How Actaeon Unveils Your Hypervisor
    Mariano Graziano, Andrea Lanzi
    Hack In The Box, Kuala Lumpur (Malaysia), October 2013
  • Hypervisors Memory Forensics
    Mariano Graziano, Davide Balzarotti
    SANS DFIR EU Summit, Prague (Czech Republic), October 2013
  • Beware of Hypervisor: Understanding ring -1
    Mariano Graziano
    MOCA 2012, Pescara (Italy), August 2012
  • T W I T T E R
    L I N K E D I N
    G I T H U B
    S C H O L A R