Sep 2022 – Present · 3 yrs 8 mos · Italy · Remote

• As a pentester at Cobalt, I specialize in identifying, exploiting, and reporting vulnerabilities to strengthen the security posture of our clients. My duties involve conducting in-depth security assessments, including web application testing, network penetration testing, and social engineering engagements.

Dec 2021 – Present · 4 yrs 5 mos · Rome, Latium, Italy

• As a member of SynackRT, I am taking part in a number of Bug Hunting programs that help businesses find and fix high-risk security holes.

Jan 2019 – Present · 7 yrs 4 mos · Rome, Latium, Italy · Remote

• Author of Open Source projects and tools, ranging from offensive security to automation. Official maintainer of the following projects:
• Inceptor: Template-Driven AV/EDR Evasion Framework
• Chameleon: PowerShell obfuscator
• Vortex: VPN Portals Attacking Toolset
• SysWhispers3: EDR bypass framework via direct syscalls
• DriverJack: Loading vulnerable drivers leveraging emulated RO filesystems and NTFS
• StackMoonwalking: Leveraging SETFPREG frames with ROP to spoof the callstack at runtime

Sep 2018 – Dec 2024 · 6 yrs 3 mos · Rome, Latium, Italy

• As a member of BSI's penetration testing team, I worked on a wide range of services that targeted all areas of an organization's security, including infrastructure, web applications, social engineering, and, of course, mobile across a multitude of industry sectors and regions.

Oct 2016 – Aug 2018 · 1 yr 10 mos · Roma, Italia

• My main role with the delivery team at DGS S.p.A. was to deliver varying types of security services, including penetration testing and vulnerability assessments, secure architecture design, configuration of security solutions and integration of security platforms, and even the implementation of custom security application for clients.
• Interesting projects:
• Built a closed source TNS dissector for packet-beat
• Reverse engineered the undocumented HSM Luna EFT communication protocol and built a client to interface with it
• Built a tool to integrate Rapid7 Nexpose with SkyBox Security Suite, also automating branded report genaration

Dec 2011 – Oct 2016 · 4 yrs 10 mos · Roma

• I was a member of the cyber security team at Techub S.p.A with a responsibility to deliver a large number of assessments both in the PA and commercial sectors for major customers (Poste Italiane SpA, Leonardo SpA, Autostrade SpA, Enel SpA) following a large number of security standards (OWASP, OSSTMM, ISO/IEC 27002, PCI-DSS, ISA-99, NIST, NERC). I was also responsible to lead a team of security analysts working in a H24 SOC environment with the responsibility to ensure the security of many thousands of servers and to deliver security analysis, proactive monitoring, incident response, procedure creation and security tools development activities.
• Interesting projects followed:
• Built a web based application to control perimetral routers, firewalls and IDS/IPS, automating report generation
• Built an ML Classifier for new CheckPoint IPS Signatures, to automate response
• Built a supervised system to classify and automatically analyse common load-based network attacks

Sep 2010 – Dec 2011 · 1 yr 3 mos · Rome, Latium, Italy

• I was working as a freelance consultant for private or enterprise. Working as a freelancer, I could expose myself to multiple environments and technologies, also gaining a very useful knowledge about IT companies internal policies and processes.
• I've worked on many projects for different contractors, but the most interesting ones were the following:
• Developed an Android mobile application for electric motorcycles, based on standard protocol OBD-II / ELM327 translation
• Collaborating to the development of an AI system for pro-active frauds identification through e-commerce automated monitoring