I am Mariano `emdel` Graziano and I am currently a malware researcher at JPMorgan Chase. Before this role, I was a technical leader at Cisco Talos.

I obtained my Ph.D. from Telecom ParisTech/Eurecom (Sophia Antipolis - France) and during my doctoral studies I worked in the Software and Systems Security group (S3) advised by Davide Balzarotti.


  • Paper accepted at Usenix Security 2022 - 2022/03
  • Paper accepted at BlackHat Europe - 2021/09
  • Paper accepted at RAID - 2021/06
  • Paper accepted at S&P - 2021/04
  • Paper accepted at ACNS - 2020/11
  • W H A T

    Mariano is interested in security researches related to memory forensics, automated malware analysis, virtualization and exploitation techniques.

    P U B L I C A T I O N S

  • From Attachments to SEO: Click Here to Learn More about Clickbait PDFs!
    Giada Stivala, Sahar Abdelnabi, Andrea Mengascini, Mariano Graziano, Mario Fritz, Giancarlo Pellegrino
    39th Annual Computer Security Applications Conference (ACSAC), Austin, Texas, December 2023
  • How Machine Learning Is Solving the Binary Function Similarity Problem
    Andrea Marcelli, Mariano Graziano, Xabier Ugarte-Pedrero, Yanick Fratantonio, Mohamad Mansouri, Davide Balzarotti
    31st USENIX Security Symposium (USENIX Security 2022), Boston, MA, USA, August 2022
  • The evidence beyond the wall: Memory forensics in SGX environments
    Flavio Toffalini, Andrea Oliveri, Mariano Graziano, Jianying Zhou, Davide Balzarotti
    Forensic Science International: Digital Investigation
  • Lost in the Loader: The Many Faces of the Windows PE File Format
    Dario Nisi, Mariano Graziano, Yanick Fratantonio, Davide Balzarotti
    24th International Symposium on Research in Attacks, Intrusions and Defenses (RAID), San Sebastian, Spain, October 2021
  • Survivalism: Systematic Analysis of Windows Malware Living-Off-The-Land
    Frederick Barr-Smith, Xabier Ugarte-Pedrero, Mariano Graziano, Riccardo Spolaor, Ivan Martinovic
    42nd IEEE Symposium on Security and Privacy, San Francisco, CA, May 2021
  • SnakeGX: a sneaky attack against SGX Enclaves
    Flavio Toffalini, Mariano Graziano, Mauro Conti and Jianying Zhou
    19th Conference on Applied Cryptography and Network Security (ACNS), Kamakura, Japan, June 2021
  • A Close Look at a Daily Dataset of Malware Samples
    Xabier Ugarte-Pedrero, Mariano Graziano, Davide Balzarotti
    ACM Transactions on Privacy and Security (TOPS), January 2019
  • Understanding Linux Malware
    Emanuele Cozzi, Mariano Graziano, Yanick Fratantonio, Davide Balzarotti
    39th IEEE Symposium on Security & Privacy , San Francisco, CA, May 2018
  • Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks
    Stefano Cristalli, Mattia Pagnozzi, Mariano Graziano, Andrea Lanzi, Davide Balzarotti
    25th USENIX Security Symposium (USENIX Security), Austin, Texas, August 2016
  • Subverting Operating System Properties through Evolutionary DKOM Attacks
    Mariano Graziano, Lorenzo Flore, Andrea Lanzi, Davide Balzarotti
    13th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), San Sebastian, Spain, July 2016
  • Measuring the Role of Greylisting and Nolisting in Fighting Spam
    Fabio Pagani, Matteo De Astis, Mariano Graziano, Andrea Lanzi, Davide Balzarotti
    46th Annual International Conference on Dependable Systems and Networks (DSN), Toulouse, France, June 2016
  • ROPMEMU: A Framework for the Analysis of Complex Code-Reuse Attacks
    Mariano Graziano, Davide Balzarotti, Alain Zidouemba
    11th Asia Conference on Computer and Communications Security (ASIACCS), Xi'an, China, June 2016
  • Needles in a Haystack: Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence
    Mariano Graziano, Davide Canali, Leyla Bilge, Andrea Lanzi, Davide Balzarotti
    24th USENIX Security Symposium (USENIX Security), Washington DC, August 2015
  • Through the Looking-Glass, and What Eve Found There
    Luca Bruno, Mariano Graziano, Davide Balzarotti, Aurelien Francillon
    8th USENIX Workshop on Offensive Technologies (WOOT), San Diego, California, August 2014
  • Hypervisor Memory Forensics
    Mariano Graziano, Andrea Lanzi, Davide Balzarotti
    16th International Symposium on Research in Attacks, Intrusions and Defenses (RAID), St. Lucia, October 2013
  • Towards Network Containment in Malware Analysis Systems
    Mariano Graziano, Corrado Leita, Davide Balzarotti
    28th Annual Computer Security Applications Conference (ACSAC), Orlando, Florida, December 2012
  • R E V I E W E R

  • ROOTS [2019 | 2020 | 2021 | 2022]
  • DIMVA [2020 | 2021 | 2022]
  • EuroSec [2020 | 2021 | 2022]
  • USENIX Workshop on Offensive Technologies (WOOT) [2019 | 2020 | 2021]
  • Workshop on Binary Analysis Research (BAR) [2021]
  • CARDS [2019]
  • T A L K S

  • Fishing phishing attempts
    Mariano Graziano
    VII Venice AppSec Conference, Venice (Italy), October 2019
  • Catch of the day
    Xabier Ugarte-Pedrero, Mariano Graziano
    CARO 2019, Copenhagen (Denmark), May 2019
  • Modern Linux Malware Exposed
    Emanuele Cozzi, Mariano Graziano
    Recon 2018, Montreal (Canada), June 2018
  • Resistenza digitale: consigli per la privacy
    Mariano Graziano
    Linux day 2017, Palermo (Italy), October 2017
  • BASS Automated Signature Synthesizer
    Mariano Graziano, Jonas Zaddach
    Recon 2017, Montreal (Canada), June 2017
  • Dissecting complex code-reuse attacks with ROPMEMU
    Mariano Graziano
    Zeronights 2016, Moscow (Russia), November 2016
  • Graffiti: the spraying attacks slayer
    Mariano Graziano
    Tensec 2016, Beijing (China), November 2016
  • Make DKOM attacks great again
    Mariano Graziano
    HackInBo 2016, Bologna (Italy), October 2016
  • Memory Forensics: A Volatility Primer
    Mariano Graziano
    Security Day 2015, Lille 1 University (France), January 2015
  • Through the Looking-Glass, and What Eve Found There
    Mariano Graziano, Luca Bruno
    DEF CON 22, Las Vegas (USA), August 2014
  • Under the Hood: How Actaeon Unveils Your Hypervisor
    Mariano Graziano, Andrea Lanzi
    Hack In The Box, Kuala Lumpur (Malaysia), October 2013
  • Hypervisors Memory Forensics
    Mariano Graziano, Davide Balzarotti
    SANS DFIR EU Summit, Prague (Czech Republic), October 2013
  • Beware of Hypervisor: Understanding ring -1
    Mariano Graziano
    MOCA 2012, Pescara (Italy), August 2012
  • M I S C

  • eng Mozzie: a normalization environment for malware execution Slides presented for my graduation at the Politecnico di Torino about my final project for the Master of Science in Computer and Communication Networks. Mozzie has been developed at the Network and Security Department of Institut Eurecom (iSecLab).
  • eng Smashing the stack in 2010 Report for the Computer Security exam at the Politecnico di Torino. It deals with buffer overflows in modern Linux and Windows systems considering also all the countermeasures introduced by software companies. Notice that I have performed the analysis on Windows while my classmate Andrea Cugliari on Linux. Happy hacking!
  • ita Malicious Softwares: conosciamoli meglio... Slide portare a SMAU 09 - 23/10/2009 Fiera Milano city, divulgative sul mondo dei malwares, i suoi trends ed il cybercrime.
  • eng E-Doctor Project presented to the Imagine Cup, a Microsoft international student competition, by me Dino, Manuel and Giampiero, my schoolfriends at Politecnico di Torino. In this paper we discuss about E-Doctor. E-DOCTOR is a low cost device focused on the disease prevention and support to facilitate medical screening in disadvantaged areas.
  • ita Malware: know your enemies Slides portate al DIGITAL SECURITY day 2008, 12/12/2008 Universita' di Crema, insieme a Roberto Sponchioni relative ai malwares, alla loro classificazione, comportamento ed analisi. Nell'archivio e' anche presente la demo di DLL injection con il relativo sorgente.
  • C O N T A C T

  • graziano {at] eurecom [dot) fr
  • @emd3l
  • T W I T T E R
    L I N K E D I N
    G I T H U B
    S C H O L A R