Offensive security enthusiast, graduated summa cum laude from a Master’s Degree in Information Security at the University of Milan, certified CCSAS (CREST Certified Simulated Attack Specialist), OSCP (Offensive Security Certified Professional), CCT Inf (CREST Certified Infrastructure Tester) and CEH (Certified Ethical Hacker).
I joined NCC Group, global expert in cyber security and risk mitigation, after 2 years of security consulting at KPMG as a Senior Consultant.
I have been involved in several engagements as cyber security advisor for a wide-range of companies, specialising in Adversary Simulation, Network Infrastructure and Application Security. This has allowed me to have a wide view on information security issues and solutions, developing both a technical and a management-oriented point of view.
In my leisure time I use to do several sports, such as motorbike, kickboxing, snowboarding and surfing.
A non exhaustive list of my private projects that have not been released yet:
- RATATT&CK - Adversary emulation RAT (remote access Trojan) based on ATT&CK project
- Malwcro - GUI tool for creating MS Word and Excel documents with various VBA macro payload.
- SpotPhish - Simple heuristic-based tool to detect a malicius MS Word and Excel documents.
- PSexfil - PowerShell tool for data exfiltration using multiple channels
- Social Media Security - Framework with the aim to protect the profile of Facebook and Twitter
- AIEA (ISACA) Torino chapter – Web (in)security: le principali criticità delle web application nel 2015 – Torino, 24 Sept 2015
- AIEA (ISACA) Milano chapter – Web (in)security: le principali criticità delle web application nel 2015 – Milano, 18 Sept 2015
- HackNet Europe – Pwn HTML5 2 Own internal network – Berlino, 30 May 2015
- LUG Filibusta – Sicurezza nel Social Networking: Sniffing del traffico HTTPS con Ettercap e SSL Strip – Crema, 21 May 2014
- E-Privacy – Frontiere future e futuribili della Social Media Security – Firenze, 4 Apr 2014
- Insider Threat: Tecniche di Exfiltration – ICT Security Magazine – 2018
- A brief introduction to Forensic Readiness – InfoSec Institute – 2016
- Purple Teaming: A Security-Testing Collaborative – InfoSec Institute – 2016
- Writing an Effective Penetration Testing Report – PenTest Magazine – 2016
- VoIP Call Modification – InfoSec Institute – 2016
- Attacking WPA2 Enterprise – InfoSec Institute – 2015
- Social media Security: introduzione teorica e possibile approccio – Ciberspazio e Diritto, n. 50, Mucchi Editore 2014