I am Yanick Fratantonio (aka @reyammer), a Senior Research Scientist at Google. Before this position, I have been an Assistant Professor at EURECOM, and a Senior Security Researcher at Cisco Talos. (Why did I leave academia? I wrote a long post about it.)

My research focuses on systems security and privacy, and it covers a wide range of aspects, such as mobile security, reverse engineering, malware analysis, binary analysis, and web security. My research has highlighted systemic flaws in many aspects of mobile devices and developed program analysis techniques to analyze Android, Windows, and Linux malware.

More recently, I have been working on security and deep learning. I'm the tech lead for Magika, an AI-powered file type detection tool. Magika is designed to be working at scale, fast even on a single CPU. Magika is available on GitHub , and it is fast and accurate enough to be used in critical production pipelines at Google, among other things, to scan Gmail, Drive, and Safe Browsing files.

Contact Information

E-mail:yanick (at) fratantonio (dot) me
Public Key:PGP key
Social Links:

Research

These days I work on security and deep learning, and I'm interested in research that is robust enough to go beyond academic prototypes. One my recent projects is Magika, an approach to detect a file's content type via a highly specialized deep learning model: Magika outperforms existing solutions, it is fast and accurate enough to be used in a number of critical production pipelines at Google (including Gmail, Drive, and Safe Browsing, scanning hundreds billions of samples every week), adopted by popular online services (e.g., VirusTotal, abuse.ch), and integrated with popular open source projects (e.g., Apache Tika, Microsoft's markitdown). Magika's python package has been already installed millions of times. Check out the Magika's GitHub repo and the associated ICSE'25 paper for more information.

My prior research has highlighted systemic flaws in many aspects of mobile devices, including Graphic User Interfaces (GUI deception, a11y attacks, phishing against password managers, and clickjacking), bootloaders, hardware memory modules, cryptography, dynamic code loading, authentication, and fingerprint API. I also worked on the detection and analysis of malicious logic bombs, native code components, Windows shellcode, and more recently Linux malware. Last, I research about privacy aspects, such as data leaks and emerging ultrasound-based cross-device tracking mechanisms.

Teaching

When I was teaching at EURECOM, I have created a new class on Mobile Security (MOBISEC), first taught in Fall 2018. This was designed to be an hands-on course, and it covers topics such as the mobile ecosystem, the design and architecture of mobile operating systems, application analysis, reverse engineering, malware detection, vulnerability assessment, automatic static and dynamic analysis, and exploitation and mitigation techniques. All the material/slides/recordings are available at mobisec.reyammer.io, and all the wargame-like challenges (featuring an APK analysis system!) are available at challs.reyammer.io.

Hacking

I am a big fan of Capture The Flag (CTF) competitions and wargames — that is how I and many friends got into security. I'm a founding member of the Order Of the Overflow (OOO) team, the current now-retired DEF CON CTF organizers. I am also a core member of the Shellphish hacking team with which I played many competitions and organized many editions of the UCSB iCTF. I was also involved with the NOPS team, the EURECOM's hacking team, acting as their hackademic advisor.

Professional Highlights