About me

This page is my online version of my CV, just with more details.

Network Penetration Testing
- Confidence in performing infrastructural penetration tests and prividing deliverables on-time
- I enumerate. A lot.
- I understand that penetration testing is not just launching Nessus and calling it a day
Web Application Penetration Testing
- Confidence in performing manual web application penetration tests
- Proficiency with OWASP testing methodology v3
- Aligned with OWASP Top 10 (2017)
Wireless Penetration Testing
- Attacks against WEP, WPA, WPA2
- Wifi Phishing
- Captive portal bypasses
- Attacks against WPA Enterprise (802.1x)
Software Engineering
- Golang and python
- Docker fanatic
(Basic) Exploit Development
(Basic) Machine Learning

Security Engineer & Penetration Tester - Florence Consulting s.r.l.
Feb 2017 - Present
- Performed professional penetration tests against enterprise customers targeting web applications, network infrastructure and wireless networks
- Developed fuzzers for proprietary protocols
- Deployed and managed thousands of installations of endpoint protection platforms like SentinelOne
- Mentored peneteration testing live courses, teaching both network and web application penetration testing
Backend Engineer - Pimp It s.r.l
Aug 2017 - Present
- Wrote and deployed various microservices in production
- Worked with Golang, Python, Docker, AWS and Git
- Helped the team in mission-critical decisions

CVE-2018-11309 Blind SQL Injection in MemberMouse
plugin (05/2018)
Blind SQL injection in couponcode in the MemberMouse plugin 2.2.8
and prior for WordPress allows an unauthenticated attacker to dump the
WordPress MySQL database via an admin-ajax.php request.
Università degli Studi di Firenze - Found multiple SQL
Injections (05/2018 – Present)
Identified several critical security issues that affected multiple web applications.