CYBER-DEFENCE FELLOWSHIPS: Andrea Lepori

• How did you find out about the CYD Fellowships and what motivated you to apply?

A friend of mine that also did his thesis at CYD told me of the great experience he had. Knowing my interest in security topics he suggested I look it up. After contacting Daniel Hulliger, who later became my advisor, we agreed that it would be a great opportunity to work together as we had similar research interests. He later also suggested that I should try to apply for the Fellowship.

• What was your CYD Fellowship project about?

My project was about finding a novel, automatic way to obfuscate malware to avoid detection by Endpoint Detection and Response (EDR) software. The idea is to find a new robust and general method that will stand the test of time, rather than specific strategies that are only valid a short time after discovery. This will help redteamers in engagements with blueteams as they will be able to bypass automated detection systems more quickly and invest more energy on the blueteam defenses. Additionally it will create a new challenge for EDR vendors as previous discoveries were easy to counter by simply creating new detection rules. My method relies on automatic mutation which creates possibly infinite behaviors which cannot be easily matched with static rules, as was previously done.

• What were the advantages of conducting your master thesis project at the CYD Campus?

The biggest advantage is the knowledge provided by the people there: they have extensive experience in particular with the current state-of-the-art of the industry plus hands-on experience. Another big help is the connections that they have with different entities and people in industry. In particular with my work it was very beneficial as I could get access to EDR software which is normally not available to the public.

• Did you as a child dream of working in cyber-defence?

Since I was young I have been very fascinated by computers. I think if you ask most kids they will say that hackers are “very cool”. But I always saw that more as an hobby and didn’t expect that it could be a real job.

• What is driving you to pursue research in cyber-defence?

Other than the importance of the topic, especially nowadays, I think it is a very interesting field. I like to work on complex systems and solve challenging problems. Both things are present in cyber-defence. I especially enjoy understanding the inner-workings of systems, like disassembling things to check-out how they are made inside.

• What is the most important lesson you have learned in your scientific career so far?

That you never stop learning. People are eager to share their research and they almost always contain interesting results. Talk with people and learn from them.

• What are you most proud of in your career to date?

One of my proudest achievements was being able to publish as first author on the ACM Transactions on Architecture and Code Optimization journal. As my previous background was in High-Performance Computing I worked together with the Scalable Programming Computing Laboratory (SPCL) at ETH Zurich to expand some ideas from my BSc thesis. One of those had the potential to be scientifically relevant and hence became a scientific article.

• Outside the lab, what do you enjoy doing most?

I enjoy staying outdoors and doing various activities. Since I was a child my aunt would take me climbing outside. I now continue to go bouldering indoors when I have the time.

As a child I joined my regional scout section; now I’m now the section leader managing it. I enjoy sleeping in the woods and teaching others the outdoor knowledge that had been previously passed to me.

• What were your expectations about the CYD Fellowships?

I expected to work on something more applied than what I’m used to (since ETH is known to be mostly theoretical). This is also one of the reasons I wanted to do a thesis in industry.

• Could you share some tips with future applicants who are considering applying for the CYD Fellowships?

First of all to try to apply no matter what. I hear from a lot of students that “they are not good enough”. It might seem scary as the process to apply seems a bit complex but it is overall very simple and you should not self-reject before even trying.

A more practical tip is to arrive with some ideas. It’s very important for the success of your fellowship to have a good idea that you are comfortable with. Don’t worry if you are unsure about the feasibility or importance; your mentor will help you with those aspects.