Giancarlo Pellegrino
Giancarlo Pellegrino
Research
Research group
Publications
Scienceware
Funded Projects
Open Positions
Internships/Assistants/Theses
Teaching
Scienceware
YuraScanner
One of the first task-driven, autonomous LLM-powered web application scanner
PDF
Code
SURFER
A static analysis tool to find SSRF candidates in PHP CPGs.
PDF
Code
Arachnarium
Arachnarium is a plug-and-play benchmark framework for crawlers that can run experiments at scale against both local, standalone web applications and live websites.
PDF
Code
JAW (Javascript Analysis frameWork)
JAW is a scalable framework to analyze client-side JavaScript programs. JAW can be used to conduct interactive and exploratory analysis of JavaScript code.
Code
Black Widow
Black widow is a new data-driven web application scanner that combines three techniques: navigation modeling, graph traversing, and tracking inter-state dependencies.
Giancarlo Pellegrino
,
Andrei Sabelfeld
,
Benjamin Eriksson
PDF
Code
Video
Ad-Versarial
We released scripts, datasets, and trained YOLOv3 models of our work Ad-versarial: Defeating Perceptual Ad-Blocking.
Florian Tramè
,
Pascal Duprè
,
Gili Rusak
,
Giancarlo Pellegrino
,
Dan Boneh
PDF
Code
Video
Fidelius
Fidelius is a new architecture with trusted path for user I/O/ and Web Enclaves, to protect user secrets even if the entire underlying browser and OS are fully controlled by a malicious attacker.
PDF
Code
Video
Deemon
Deemon detects CSRF in PHP/SQL web applications by combining dynamic analysis with property graphs.
Giancarlo Pellegrino
,
Simon Koch
PDF
Code
Guenther
Guenther tests web applications against Server Side Request (SSR) abuse including Web Origin Laundering, Server Side Request Forgery (SSRF) and other abuses.
Giancarlo Pellegrino
PDF
Code
jÄk (yet Änother krawler, ja!)
jÄk [jAEk] is a crawler that uses function hooking and other dynamic analysis techniques to identify JavaScript event function registratio to explore the attack surface of web applications.
PDF
Code
Cite
×
