This page is my online version of my CV, just with more details.
Skills
- Network Penetration Testing
- Confidence in performing infrastructural penetration tests and providing deliverables on-time
- I enumerate. A lot.
- I understand that penetration testing is not just launching Nessus and calling it a day
- Web Application Penetration Testing
- Confidence in performing manual web application penetration tests
- Proficiency with OWASP testing methodology v3
- Aligned with OWASP Top 10 (2017)
- Wireless Penetration Testing
- Attacks against WEP, WPA, WPA2
- Wifi Phishing
- Captive portal bypasses
- Attacks against WPA Enterprise (802.1x)
- Software Engineering
- Golang and python
- Docker fanatic
- (Basic) Exploit Development
- (Basic) Machine Learning
Experience
-
Security Engineer & Penetration Tester - Florence Consulting s.r.l.
Feb 2017 - Present- Performed professional penetration tests against enterprise customers targeting web applications, network infrastructure and wireless networks
- Developed fuzzers for proprietary protocols
- Deployed and managed thousands of installations of endpoint protection platforms like SentinelOne
- Mentored peneteration testing live courses, teaching both network and web application penetration testing
-
Backend Engineer - Pimp It s.r.l
Aug 2017 - Present- Wrote and deployed various microservices in production
- Worked with Golang, Python, Docker, AWS and Git
- Helped the team in mission-critical decisions
Certifications
- OSCP
- eCPPT
- eMAPT
- eWPT
Education
- Bachelor of Science Degree - Università degli Studi di Firenze
- Highschool degree - ITIS Alessandro Volta
Publications
-
CVE-2018-11309 Blind SQL Injection in MemberMouse
plugin (05/2018)
Blind SQL injection in couponcode in the MemberMouse plugin 2.2.8
and prior for WordPress allows an unauthenticated attacker to dump the
WordPress MySQL database via an admin-ajax.php request. -
Università degli Studi di Firenze - Found multiple SQL
Injections (05/2018 – Present)
Identified several critical security issues that affected multiple web applications.