Mattia Reggiani

Flying under the radar


Offensive security enthusiast, graduated summa cum laude from a Master’s Degree in Information Security at the University of Milan, certified OSCP (Offensive Security Certified Professional), CCT Inf (CREST Certified Infrastructure Tester) and CEH (Certified Ethical Hacker).

I joined NCC Group, global expert in cyber security and risk mitigation, after 2 years of security consulting at KPMG as a Senior Consultant.
I have been involved in several engagements as cyber security advisor for a wide-range of companies, specialising in Adversary Simulation, Network Infrastructure and Application Security. This has allowed me to have a wide view on information security issues and solutions, developing both a technical and a management-oriented point of view.

In my leisure time I use to do several sports, such as motorbike, kickboxing, snowboarding and surfing.



A non exhaustive list of my private projects that have not been released yet:

  • RATATT&CK - Adversary emulation RAT (remote access Trojan) based on ATT&CK project
  • Malwcro - GUI tool for creating MS Word and Excel documents with various VBA macro payload.
  • SpotPhish - Simple heuristic-based tool to detect a malicius MS Word and Excel documents.
  • PSexfil - PowerShell tool for data exfiltration using multiple channels
  • Social Media Security - Framework with the aim to protect the profile of Facebook and Twitter



  • AIEA (ISACA) Torino chapter – Web (in)security: le principali criticità delle web application nel 2015 – Torino, 24 Sept 2015
  • AIEA (ISACA) Milano chapter – Web (in)security: le principali criticità delle web application nel 2015 – Milano, 18 Sept 2015
  • HackNet Europe – Pwn HTML5 2 Own internal network – Berlino, 30 May 2015
  • LUG Filibusta – Sicurezza nel Social Networking: Sniffing del traffico HTTPS con Ettercap e SSL Strip – Crema, 21 May 2014
  • E-Privacy – Frontiere future e futuribili della Social Media Security – Firenze, 4 Apr 2014


  • Insider Threat: Tecniche di Exfiltration – ICT Security Magazine – 2018
  • A brief introduction to Forensic Readiness – InfoSec Institute – 2016
  • Purple Teaming: A Security-Testing Collaborative – InfoSec Institute – 2016
  • Writing an Effective Penetration Testing Report – PenTest Magazine – 2016
  • VoIP Call Modification – InfoSec Institute – 2016
  • Attacking WPA2 Enterprise – InfoSec Institute – 2015
  • Social media Security: introduzione teorica e possibile approccio – Ciberspazio e Diritto, n. 50, Mucchi Editore 2014

Contact Me