Silvia Sebastián

Silvia Sebastián

Cybersecurity Researcher

IMDEA Software Institute

Biography

I hold a Ph.D. in Cybersecurity and seven years of experience in Attribution, Web Security, and Threat Intelligence. I am a Cybersecurity Researcher who specializes in building automatic frameworks for cybersecurity analysts who want to carry out tasks such as tracking malware campaigns in mobile markets, labeling massive malware datasets, attributing domains, or identifying impersonation. By pioneering these automatic frameworks, my fellow malware analysts have experienced significant productivity gains while avoiding manual tedious tasks.

Interests
  • Attribution
  • Cyber Intelligence
  • Web Security
  • Privacy
  • Software Development
Education
  • PhD in Software, Systems, and Computing, 2023

    Universidad Politécnica de Madrid

  • Master in Cybersecurity, 2018

    Universidad Carlos III de Madrid

  • BSc in Computer Engineering, 2017

    Universidad Politécnica de Madrid

Skills

Programming Languages

Python, Java, Assembly, SQL, MongoDB, Docker

Threat Intelligence

OSINT, IOC extraction and correlation, Malware Labeling, Data Science, NLP, Clustering, Machine Learning

Web Security

Privacy, Tracker Attribution, Phishing Analysis

Projects

WhoseDomain
Python command line tool to attribute domains and websites, i.e., to identify the entity that owns the domain or website. Given a domain name, if the WHOIS record does not identify a valid owner, then it tries to identify websites hosted on the domain and analyzes their infrastructure and web content to identify the identity of the owner.
WhoseDomain
IOC Searcher
Python tool to extract indicators of compromise (IOCs), also known as cyber observables, from HTML, PDF, and text files. It can identify both defanged (e.g., URL hxxp://example[DOT]com) and unmodified IOCs (e.g., URL http://example.com).
Retriever
A cross-platform and cross-market attribution framework to identify developer accounts in mobile markets that belong to an operation. This approach automatically applies OSINT expansions to build an attribution graph that captures the indicators and how they were discovered, preserving the chain of inferences. Retriever finds more accounts than AV vendors (that use conventional methods) for 94% of the cases.
AVClass
Malware labeling tool that extracts tags from malware samples, enabling rich searches. It is open source and greatly used by the community with more than 500 references and 400 stars on GitHub.

Work Experience

 
 
 
 
 
IMDEA Software Institute
Predoctoral Researcher
November 2018 – Present Madrid, Spain
  • PhD candidate under the supervision of Juan Caballero at IMDEA Software Institute.
  • Gained extensive knowledge and expertise in Cybersecurity. More specifically in Attribution, Web Security and Cyber Intelligence.
  • Published my research findings in three major conferences within my field.
  • Developed 4 tools to automatize manual process carried out by cybersecurity analysts.

ACHIEVEMENTS:

  • 2018 FPU Grant
  • 2022 JNIC Best Work in Progress
 
 
 
 
 
Eurecom | Norton Research Group
Predoctoral Stay
October 2021 – December 2021 Sophia Antipolis, France
  • Industry collaboration (Norton Research Group).
  • Web Security and Online Privacy project.
  • Analyzed the intricate web of trackers.
  • Developed WhoseDomain, an automatic tool to automatically attribute domains (and it’s is publicly available).
  • Research findings are published in the paper “Domain and Website Attribution Beyond Whois” presented at ACSAC 2023.
 
 
 
 
 
Universidad Politécnica de Madrid
Teaching Assistance
September 2019 – August 2021 Madrid, Spain
  • Taught “Concurrency” and “Algorithms and Data Structures” subjects at BSc. in Computer Engineering.
  • In charge of laboratory sessions.
  • Project Design and Evaluation for laboratories.
  • Tutorships.
  • Code Review.
 
 
 
 
 
IMDEA Software Institute
Cybersecurity Internship
September 2016 – June 2017 Madrid, Spain
  • Research first contact. It shaped the foundation for my Ph.D. thesis.
  • Working with Telefonica’s application crawler, Tacyt.
  • Deepened in skills such as clustering, API development, and database querying.
  • First approach to peer-review.

ACHIEVEMENTS:

  • The project was recognized as “Best Final Term Project” by Siemens Gamesa and ETSI Informáticos UPM.
 
 
 
 
 
Ontology Engineering Group, Universidad Politécnica de Madrid
Ontology Internship
April 2016 – September 2017 Madrid, Spain
  • Ontology background.
  • ReTeLe Project: Linguistic Linked Open Data for the official languages in Spain.

Publications

(2023). Domain and Website Attribution beyond WHOIS. ACSAC'23.

Cite Code Project

(2023). The Rise of GoodFATR: A Novel Accuracy Comparison Methodology for Indicator Extraction Tools. FGCS.

PDF Cite Code Project DOI

Recent & Upcoming Talks

Contact

If you want to know more about me or exchange ideas, do not hesitate in contacting me.