Offensive security enthusiast, graduated summa cum laude from a Master’s Degree in Information Security at the University of Milan, certified OSCP (Offensive Security Certified Professional), CCT Inf (CREST Certified Infrastructure Tester) and CEH (Certified Ethical Hacker).
I joined NCC Group, global expert in cyber security and risk mitigation, after 2 years of security consulting at KPMG as a Senior Consultant.
I have been involved in several engagements as cyber security advisor for a wide-range of companies, specialising in Adversary Simulation, Network Infrastructure and Application Security. This has allowed me to have a wide view on information security issues and solutions, developing both a technical and a management-oriented point of view.
In my leisure time I use to do several sports, such as motorbike, kickboxing, snowboarding and surfing.
A non exhaustive list of my private projects that have not been released yet:
- RATATT&CK - Adversary emulation RAT (remote access Trojan) based on ATT&CK project
- Malwcro - GUI tool for creating MS Word and Excel documents with various VBA macro payload.
- SpotPhish - Simple heuristic-based tool to detect a malicius MS Word and Excel documents.
- PSexfil - PowerShell tool for data exfiltration using multiple channels
- Social Media Security - Framework with the aim to protect the profile of Facebook and Twitter
- AIEA (ISACA) Torino chapter – Web (in)security: le principali criticità delle web application nel 2015 – Torino, 24 Sept 2015
- AIEA (ISACA) Milano chapter – Web (in)security: le principali criticità delle web application nel 2015 – Milano, 18 Sept 2015
- HackNet Europe – Pwn HTML5 2 Own internal network – Berlino, 30 May 2015
- LUG Filibusta – Sicurezza nel Social Networking: Sniffing del traffico HTTPS con Ettercap e SSL Strip – Crema, 21 May 2014
- E-Privacy – Frontiere future e futuribili della Social Media Security – Firenze, 4 Apr 2014
- Insider Threat: Tecniche di Exfiltration – ICT Security Magazine – 2018
- A brief introduction to Forensic Readiness – InfoSec Institute – 2016
- Purple Teaming: A Security-Testing Collaborative – InfoSec Institute – 2016
- Writing an Effective Penetration Testing Report – PenTest Magazine – 2016
- VoIP Call Modification – InfoSec Institute – 2016
- Attacking WPA2 Enterprise – InfoSec Institute – 2015
- Social media Security: introduzione teorica e possibile approccio – Ciberspazio e Diritto, n. 50, Mucchi Editore 2014