Profile Picture

Gabriele

Digregorio

also known as Io_no

I'm a Computer Engineer with a deep interest in cybersecurity and a PhD candidate at Politecnico di Milano. I actively play with the Tower of Hanoi and mhackeroni CTF teams, engaging in activities such as exploiting and reversing binaries, as well as evaluating the security of machine learning and deep learning systems. I am also a maintainer of the libdebug project.
Want to get in touch? Email me at gabriele.digregorio[at]polimi.it

CTFs

libdebug logo

Member of mhackeroni since 2022.
Winners of Hack-A-Sat 4, the world's first CTF in space by the Air Force Research Laboratory.
Participated in both the DEF CON 31 Finals and DEF CON 32 Finals.

libdebug logo

Member of Tower of Hanoi since 2021.
Team treasurer since 2024.

libdebug

libdebug logo

Maintainer of libdebug, an open-source Python library to debug binary executables, your own way.

Bug Hunting

When I'm bored and not doing research, not playing (or organizing) CTFs, and not working on libdebug, I occasionally hunt down unknown vulnerabilities in widely used software—just for fun.

So far, I've found vulnerabilities in Keras, Google Messages (on Wear OS), Android, skops, and Redis, which I reported through responsible disclosure to the respective vendors. Some were severe enough to earn bounties and get tracked as public CVE advisories.

Curious about my bug hunting? I've shared some of the reports I can make public on GitHub — click to dive in.

Writeups and Blog Posts

CVE-2025-1550 - Arbitrary Code Execution on Keras Don't Trust the Open Link Button in Android Notifications Black-magic - HKCERT Quals 2024 (rev): A .pyc challenge with a touch of non-determinism due to the use of __built­in_un­reach­able() in CPython implementation

Selected Publications

G. Digregorio, R. A. Bertolini, F. Panebianco, and M. Polino “Poster: Libdebug, build your own debugger for a better (hello) world,” in Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, ser. CCS '24, Salt Lake City, UT, USA: Association for Computing Machinery, 2024, pp. 4976-4978, isbn: 9798400706363. G. Digregorio, S. Maccarrone, M. D'Onghia, et al., “Tarallo: Evading behavioral malware detectors in the problem space,” in International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Springer, 2024, pp. 128-149. G. Digregorio, E. Cainazzo, S. Longari, M. Carminati, and S. Zanero, “Evaluating the impact of privacy-preserving federated learning on can intrusion detection,” in 2024 IEEE 99th Vehicular Technology Conference (VTC2024-Spring), IEEE, 2024, pp. 1-7.
CV