About
I have a PhD in Computer Security and currently work as a Senior Security Researcher at Roku, after spending some time at Apple and making the jump from academia to industry. I still keep a foot in the academic world, having served on various conference committees and staying involved with research whenever I can. My main interests include reverse engineering, automated program analysis, obfuscation techniques, and automated exploit generation research - anything low-level works! I’m also big on reproducibility — both in research and in software — and am a fan of Nix and declarative, reproducible environments. I enjoy fiddling around with open-source software and am a strong advocate of self-hosted solutions. I play(ed) Capture the Flag (CTF) competitions whenever I can and have had the pleasure to be part of mHACKeroni, Tower of Hanoi, and Shellphish. As part of mHACKeroni, we were able to rank 5th at DEFCON CTF 27 in 2019! I also co-founded Phish ‘n’ Chips, King’s College London’s CTF team. Music plays an important role in my life: I am a keen fan of Subsonica, I play the drums (since ~2009), and I have recently started learning how to play the bass, guitar, and keyboards. Most importantly, I _love_ Doom. When I'm not playing it for the n-th time, it’s possible to find me online playing Rocket League, competitive FPS games (mainly Counter Strike), and, when nostalgia hits hard, even World of Warcraft.
Publications
2024

Authors: Giulio De Pasquale, Ilya Grishchenko, Riccardo Iesari, Gabriel Pizarro, Lorenzo Cavallaro, Christopher Kruegel, Giovanni Vigna

Published in: 33rd USENIX Security Symposium (USENIX Security 24), 2024

Abstract: ChainReactor is a research project that leverages AI planning to discover exploitation chains for privilege escalation on Unix systems. The project models the problem as a sequence of actions to achieve privilege escalation from initial access to a target system. Awarded the Distinguished Artifact Award.

Download PDF
2023

Authors: Giulio De Pasquale, Fukutomo Nakanishi, Daniele Ferla, Lorenzo Cavallaro

Published in: IEEE Security and Privacy Workshops (SPW), 2023

Abstract: Based on Return‑Oriented Programming (ROP), ROPFuscator is a compiler‑driven software obfuscation pass, developed to protect intellectual property in software from sophisticated man‑at‑the‑end (MATE) attacks and reverse engineering attempts.

Download PDF
2021

Authors: Nilo Redini, Andrea Continella, Dipanjan Das, Giulio De Pasquale, Noah Spahn, Aravind Machiry, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna

Published in: IEEE Symposium on Security and Privacy (SP), 2021

Abstract: DIANE is a tool that combines static and dynamic analysis to find fuzzing triggers and uses them to fuzz IoT devices automatically

Download PDF
2016

Authors: Andrea Continella, Alessandro Guagnelli, Giovanni Zingaro, Giulio De Pasquale, Alessandro Barenghi, Stefano Zanero, Federico Maggi

Published in: Proceedings of the 32nd Annual Conference on Computer Security Applications (ACSAC), 2016

Abstract: ShieldFS proposes a solution to fight ransomware attacks. It automatically creates detection models that distinguish ransomware from benign processes at runtime on the base of the filesystem activity. ShieldFS adapts these models to the filesystem usage habits observed on the protected system.

Download PDF
Projects
Work history
Roku logo

Roku

Senior Security Researcher
June 2025 - PRESENT
Apple logo

Apple

Security Researcher
October 2023 - June 2025
University of California, Santa Barbara logo

University of California, Santa Barbara

Visiting Graduate Researcher
January 2018 - July 2018
Apple logo

Apple

Research Intern
May 2022 - June 2022
Tweag I/O logo

Tweag I/O

Research Intern
June 2021 - September 2021
Microsoft Research logo

Microsoft Research

Research Intern ‑ NExT Special Projects
June 2019 - September 2019
University of California, Santa Barbara logo

University of California, Santa Barbara

Visiting Graduate Researcher
January 2018 - July 2018
© 2025 Giulio De Pasquale. All rights reserved.