About me

This page is my online version of my CV, just with more details.

Skills

  • Network Penetration Testing
    • Confidence in performing infrastructural penetration tests and prividing deliverables on-time
    • I enumerate. A lot.
    • I understand that penetration testing is not just launching Nessus and calling it a day
  • Web Application Penetration Testing
    • Confidence in performing manual web application penetration tests
    • Proficiency with OWASP testing methodology v3
    • Aligned with OWASP Top 10 (2017)
  • Wireless Penetration Testing
    • Attacks against WEP, WPA, WPA2
    • Wifi Phishing
    • Captive portal bypasses
    • Attacks against WPA Enterprise (802.1x)
  • Software Engineering
    • Golang and python
    • Docker fanatic
  • (Basic) Exploit Development
  • (Basic) Machine Learning

Experience

  • Security Engineer & Penetration Tester - Florence Consulting s.r.l.
    Feb 2017 - Present

    • Performed professional penetration tests against enterprise customers targeting web applications, network infrastructure and wireless networks
    • Developed fuzzers for proprietary protocols
    • Deployed and managed thousands of installations of endpoint protection platforms like SentinelOne
    • Mentored peneteration testing live courses, teaching both network and web application penetration testing
  • Backend Engineer - Pimp It s.r.l
    Aug 2017 - Present

    • Wrote and deployed various microservices in production
    • Worked with Golang, Python, Docker, AWS and Git
    • Helped the team in mission-critical decisions

Certifications

  • OSCP
  • eCPPT
  • eMAPT
  • eWPT

Education

  • Bachelor of Science Degree - Università degli Studi di Firenze
  • Highschool degree - ITIS Alessandro Volta

Publications

  • CVE-2018-11309 Blind SQL Injection in MemberMouse
    plugin (05/2018)
    Blind SQL injection in couponcode in the MemberMouse plugin 2.2.8
    and prior for WordPress allows an unauthenticated attacker to dump the
    WordPress MySQL database via an admin-ajax.php request.

  • Università degli Studi di Firenze - Found multiple SQL
    Injections (05/2018 – Present)
    Identified several critical security issues that affected multiple web applications.