I'm an Associate Professor in the Department of Computer Science at North Carolina State University, a member of the Wolfpack Security and Privacy Research (WSPR) Lab and the faculty mentor of HackPack. Together with The Order of the Overflow team we organized DEF CON CTF during 2018-2021.
I'm looking for excited and motivated students to work with. PhD applications at NCSU are due in December (link). If you are interested to visit our group for an internship, take a look here.
Research Interests
My research interests span the areas of web security & privacy, software supply chain security, and AI security. I am in particular interested in the security and privacy problems that arise from the evolution of the web, the software supply chain and the latest advancements in AI.
News
May 2024 | SecWeb 2024 Keynote |
March 2024 | NDSS 2024 Distinguished Paper Award |
August 2022 | NSF Frontier proposal funded |
May 2021 | IEEE S&P 2021 Best Student Paper Award |
April 2020 | HackPack CTF 2020 |
February 2019 | Paper accepted at WWW'19 |
July 2018 | Paper accepted at CCS'18 |
May 2018 | Two new PhD students will join our group |
April 2018 | HackPack CTF 2018 |
January 2018 | We are the Order of the Overflow |
Publications
- An Empirical Study on Reproducible Packaging in Open-Source Ecosystems
Giacomo Benedetti, Oreofe Solarin, Courtney Miller, Greg Tystahl, William Enck, Christian Kästner, Alexandros Kapravelos, Alessio Merlo, Luca Verderame
Proceedings of the International Conference on Software Engineering (ICSE), 2025
[to appear] [Bibtex] - ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions
Siddharth Muralee, Igibek Koishybayev, Aleksandr Nahapetyan, Greg Tystahl, Brad Reaves, Antonio Bianchi, William Enck, Alexandros Kapravelos, Aravind Machiry
Proceedings of the USENIX Security Symposium, 2023
CSAW 2023 Applied Research Finalist
[PDF] [Bibtex] [website] [code] [news] - CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing
Penghui Zhang, Adam Oest, Haehyun Cho, Zhibo Sun, RC Johnson, Brad Wardman, Shaown Sarker, Alexandros Kapravelos, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupe, Gail-Joon Ahn
Proceedings of the IEEE Symposium on Security and Privacy, 2021
Best Student Paper Award
[PDF] [Bibtex] - Favocado: Fuzzing Binding Code of JavaScript Engines Using Semantically Correct Test Cases
Sung Ta Dinh, Haehyun Cho, Kyle Martin, Adam Oest, Yihui Zeng, Alexandros Kapravelos, Tiffany Bao, Ruoyu "Fish" Wang, Yan Shoshitaishvili, Adam Doupe, Gail-Joon Ahn
Proceedings of the Network and Distributed System Security Symposium (NDSS), 2021
[PDF] [Bibtex] - Ad Injection at Scale: Assessing Deceptive Advertisement Modifications
Kurt Thomas, Elie Bursztein, Chris Grier, Grant Go, Nav Jagpal, Alexandros Kapravelos, Damon Mccoy, Antonio Nappa, Vern Paxson, Paul Pearce, Niels Provos, Moheeb Abu Rajab
Proceedings of the IEEE Symposium on Security and Privacy, 2015
Distinguished Practical Paper Award
[PDF] [Bibtex] - You Are What You Include: Large-scale Evaluation of Remote JavaScript Inclusions
Nick Nikiforakis, Luca Invernizzi, Alexandros Kapravelos, Steven Van Acker, Wouter Joosen, Chris Kruegel, Frank Piessens, Giovanni Vigna
Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2012
[PDF] [Bibtex] - FleXConf: A Flexible Conference Assistant Using Context-Aware Notification Services
Nikos Armenatzoglou, Yannis Marketakis, Lito Kriara, Elias Apostolopoulos, Vicky Papavasiliou, Dimitris Kampas, Alexandros Kapravelos, Eythimis Kartsonakis, Giorgos Linardakis, Sofia Nikitaki, Antonis Bikakis, Grigoris Antoniou
Proceedings of the IEEE Workshop on Context Aware Mobile Systems (CAMS), 2009
[PDF] [Bibtex]
Contact
Alexandros KapravelosOffice: 2240K Engineering Building II
Address: 890 Oval Dr., Raleigh, NC 27695-8206, USA
Email: akaprav at ncsu.edu