This page is my online version of my CV, just with more details.
- Network Penetration Testing
- Confidence in performing infrastructural penetration tests and prividing deliverables on-time
- I enumerate. A lot.
- I understand that penetration testing is not just launching Nessus and calling it a day
- Web Application Penetration Testing
- Confidence in performing manual web application penetration tests
- Proficiency with OWASP testing methodology v3
- Aligned with OWASP Top 10 (2017)
- Wireless Penetration Testing
- Attacks against WEP, WPA, WPA2
- Wifi Phishing
- Captive portal bypasses
- Attacks against WPA Enterprise (802.1x)
- Software Engineering
- Golang and python
- Docker fanatic
- (Basic) Exploit Development
- (Basic) Machine Learning
Security Engineer & Penetration Tester - Florence Consulting s.r.l.
Feb 2017 - Present
- Performed professional penetration tests against enterprise customers targeting web applications, network infrastructure and wireless networks
- Developed fuzzers for proprietary protocols
- Deployed and managed thousands of installations of endpoint protection platforms like SentinelOne
- Mentored peneteration testing live courses, teaching both network and web application penetration testing
Backend Engineer - Pimp It s.r.l
Aug 2017 - Present
- Wrote and deployed various microservices in production
- Worked with Golang, Python, Docker, AWS and Git
- Helped the team in mission-critical decisions
- Bachelor of Science Degree - Università degli Studi di Firenze
- Highschool degree - ITIS Alessandro Volta
CVE-2018-11309 Blind SQL Injection in MemberMouse
Blind SQL injection in couponcode in the MemberMouse plugin 2.2.8
and prior for WordPress allows an unauthenticated attacker to dump the
WordPress MySQL database via an admin-ajax.php request.
Università degli Studi di Firenze - Found multiple SQL
Injections (05/2018 – Present)
Identified several critical security issues that affected multiple web applications.