Mario Raciti

PhD Student in Cybersecurity

tsumarios' blog

Cybersec and Research - A cool description might be something like:
"a place where I post about my research and share resources".

Featured Posts

You can find more articles in my Personal Blog.

Visual Cryptography Explained

Oct 21, 2022 • cryptography, dfir

An overview about Visual Cryptography and implementations of the main state-of-the-art techniques in the VCrytpure open source project.

Android Malware Analysis Lab

Sep 24, 2022 • android, malware-analysis

Some notes on how to set up an Android Malware Analysis Lab using state-of-the-art tools along with useful tips and tricks.

WebSocket (in)Security and Auth

Sep 23, 2022 • web, hardening

WebSocket security aspects and a simple PoC about adding a ticket-based authentication layer in a WebSocket server.

~$ whoami

PhD Student in Cybersecurity at IMT School for Advanced Studies Lucca - University of Catania.
Security Researcher at NaS.Inf.
Admin/Writer at Rev3rse Security.
Interests: CySec and Privacy Risk Assessment, Threat Modelling, DFIR, Cyber Threat Intelligence.

Short Bio

I am a PhD Student of the first National PhD in Cybersecurity at IMT School for Advanced Studies Lucca, assigned at the University of Catania, where I joined the Network and Security Informatics (NaS.Inf) research lab.
I hold a Master's degree in Computer Science (Network and Security Systems) from the University of Catania. My Master's thesis focused on cybersecurity risks in modern vehicles.
Before starting my doctorate programme, I worked as a Research Fellow at the Italian Institute for Astrophysics (INAF) for 2 years.
My research interests cover the Cybersecurity Risk Assessment, Privacy Threat Analysis, Digital Forensics and Incident Response fields.

Experience

Oct 2020–Nov 2022

Fellowship - INAF-OACT

Scrum (AGILE) software developer. In-kind collaboration within ASTRON for the LOFAR–TMSS projects.
System Administrator. System management of the PLEIADI cluster.
Mar 2020–May 2020

Internship - INAF-OACT

Trainee. REST-ful APIs and Web service implementation for the EOSC cloud as part of H2020 NEANIAS.
Feb 2019–ongoing

Community Collaboration - Rev3rse Security

Blog Writer - Admin. Technical ICT Security blogging on research, proof-of-concepts and tutorials.

Education

2022–ongoing

PhD Degree - IMT School for Advanced Studies Lucca, assigned at DMI.UNICT, Italy.

PhD-CySec - National PhD in Cybersecurity - Software, System, and Infrastructure Security, EQF 8
2018–2020

Master's Degree - DMI.UNICT, Italy.

LM-18 - 2nd level degree in Computer Science - Network and Security Systems, EQF 7
2015–2018

Bachelor's Degree - DMI.UNICT, Italy.

L-31 - 1st level degree in Computer Science, EQF 6

Publications

A full list is also available on my ORCID profile.

Raciti M. and Bella G. (In Press.) A Threat Model for Soft Privacy on Smart Cars.
In Proceedings of the Workshop on Automotive Cyber Security 2023 (ACSW23).
Raciti M. and Bella G. (Apr 2023) How to Model Privacy Threats in the Automotive Domain.
In Proceedings of the 9th International Conference on Vehicle Technology and Intelligent Transport Systems (VEHITS 2023).
Brienza M. et al. (Feb 2023) AGN feedback in an infant galaxy cluster: the LOFAR-Chandra view of the giant FRII radio galaxy J103025+052430 at z=1.7.
Astronomy and Astrophysics.
Bella G. et al. (Feb 2023) The AILA Methodology for Automated and Intelligent Likelihood Assignment in Risk Assessment.
In IEEE Access.
Cesare V. et al. (Oct 2022) The Gaia AVU–GSR parallel solver: Preliminary studies of a LSQR–based application in perspective of exascale systems.
Astronomy and Computing.
Bella G. et al. (Aug 2022) The AILA Methodology for Automated and Intelligent Likelihood Assignment.
In 6th International Conference on Cryptography, Security and Privacy (CSP).
Cesare V. et al. (Jul 2022) The Gaia AVU-GSR parallel solver: preliminary porting with OpenACC parallelization language of a LSQR-based application in perspective of exascale systems.
INAF Technical Reports.
Raciti M. (Jun 2022) The TMSS project for LOFAR 2.0 operations.
Poster in Forum della Ricerca Sperimentale e Tecnologica in INAF (2022).
Sciacca E. et al. (Jun 2022) Science Gateways in EOSC: The NEANIAS Visualisation Gateway.
In 14th International Workshop on Science Gateways (IWSG 2022).
Raciti M., Vitello F. R. (Mar 2022) WebSocket Integration in Django.
INAF Technical Reports.
Sciacca E. et al. (Mar 2022) Scientific Visualization on the Cloud: The NEANIAS Services towards EOSC Integration.
Journal of Grid Computing.
Riggi S. et al. (Oct 2021) Astronomical source finding services for the CIRASA visual analytic platform.
Astronomy and Computing.
Costa A. et al. (Jul 2021) The Monitoring, Logging, and Alarm system for the Cherenkov Telescope Array.
Proceedings of 37th International Cosmic Ray Conference - PoS (ICRC2021).
Sciacca E. et al. (Jul 2020) Towards Porting Astrophysics Visual Analytics Services in the European Open Science Cloud.
In: Arai K., Kapoor S., Bhatia R. (eds) Intelligent Computing. SAI 2020. Advances in Intelligent Systems and Computing, vol 1230. Springer, Cham.

Talks and Presentations

(Mar 2023) Subjectivity and Automation in Privacy Risk Assessment. Hardening Seven 2023 Edition (Workshop).
Slides are available here.
(Dec 2022) Risk assessement with AILA: Automated and Intelligent Likelihood Assignment. The 2022 Workshop on Security Frameworks "Security Testing" (Workshop).
Slides are available here.
(Jun 2022) The TMSS project for LOFAR 2.0 operations. Forum della Ricerca Sperimentale e Tecnologica in INAF (INAF Event).
Slides are available here.
(Jun 2022) Science Gateways in EOSC: The NEANIAS Visualisation Gateway. 14th International Workshop on Science Gateways (Workshop).
Slides are available here.
(May 2022) The advantages of Notebooks orbiting the Cloud. From Science Gateways to Papers (Workshop).
Slides are available here.
(Dec 2020) AUtomotive Risk Assessment. 3 anni di Rev3rse Security (YT Live).
Slides are available here.

Works

You can find full code and related docs on my Github profile.

アマヤラ Lab

アマヤラ (Android Malware Analysis YARA) Lab is a project that provides a ready-to-use Jupyter Lab environment to help out with Android malware analysis using YARA rules. It automatically analyses files with your YARA rules and stores the results in a JSON file. YARA rules are checked against both the APK file itself and its content (recursively). アマヤラ Lab also gathers some information about the file(s) that you want to analyse from the Virus Total and Malware Bazaar APIs, using your own API keys. Eventually, The results include a link to Pithus which is valid only if the file was already uploaded.

AURA

AURA (AUtomotive Risk Assessment) is the name of my Master's thesis. In this work we propose a Risk Assessment exercise applied to an automotive scenario, according to the MAGERIT methodology and with the support of the PILAR commercial tool, in order to seek whether both of them may prove to be useful in the automotive field, with specific attention paid to potential threats against personal data en route from/to connected vehicles. Moreover, we also provide a regression analysis study of the algorithm implemented in Pilar for the purposes of reverse engineering, to better understand the values calculated by the tool in the demo.

VCrypture

VCrypture is an online service that allows you to encrypt your secret images safely using visual cryptographic algorithms. VCrypture is composed of two mainly parts: VCrypture-API and VCrypture-Web. The latter is a web server which provides the front-end as well as forwarding users' requests to the API core, whilst the former aims to perform visual cryptographic operations on images. The user can choose between four visual cryptographic algorithms: Naor-Shamir, Taghaddos-Latif, Dhiman-Kasana EVCT(N, N) and Dhiman-Kasana EVCT(K, N).

DSR Bad

The Dynamic Source Routing (DSR) protocol is an example of reactive routing protocol for MANET networks. To work properly, DSR requires nodes to collaborate without maliciously inhibiting routing operations. In this scientific paper we present DSR Bad, a modification of the DSR module present in the ns-3 simulator, through which we aim to study and analyze two examples of non-cooperative scenarios that allow us to observe the impact suffered by the protocol and its reaction to situations not normally foreseen.

QueKey

QueKey is the name of my Bachelor's thesis. The project is a cloud system for IoT Smart Lock devices placed in hotels and B&Bs. Its aim is, on the one hand, to make easy the handling of rooms and builds for the hotel managers and, on the other side, to give to their guests an easy way to lock and unlock rooms. QueKey consts of a main cloud service and of two physical devices: a RaspberryPi 3 (also other little boards are compatible with the system) and a NodeMCU with ESP8266 WiFi module.

FIAR

FIAR (Four-In-A-Row) is an online multiplayer game, with a vaporwave futuristic design inspired. Developed using NodeJS (Express & Socket.IO with rooms handling) and p5.js library (Processing based). FIAR can be played on Desktops, Tablets and Smartphones, thanks to its responsive design. Indeed the canvas containing the game is created in order to fit most of the display sizes.

Get in touch!

Please feel free to contact me for any questions.
Don't forget to follow me on socials! I actively post cybersecurity news and resources.