My research focuses on vulnerability analysis, web security, malware analysis, and artificial intelligence.
I am the director of the NSF AI Institute for Agent-based Cyber Threat Intelligence and Operation (ACTION) at UCSB and the co-director of the Security Lab, which is part of the iSeclab group.
I am the founder of the Shellphish hacker group, under the nicknames "zanardi" (see Andrea Pazienza's comic character by the same name), and "z4n4rd1". Shellphish is the team that participated in more DEF CON CTF competitions (arguably the world's championship of hacking) than any other team in the world.
I was one of the co-founders and the CTO of Lastline, Inc., a company that developed innovative solutions to detect and mitigate advanced malware and targeted threats. Lastline has been acquired by VMware in June 2020, and then VMware was acquired by Broadcom. Since then, I lead the Threat Analysis Unit in the NSA division.
Every year, I organize the International Capture The Flag (iCTF), one of the world's largest attack-defense hacking competitions.
My class on hacking (vulnerability analysis) is available on YouTube.