Email: crazybyte [at] protonmail [dot] com
Mobile: (+39) 342 9988576
Linkedin - GitHub - Telegram
Computer fanatic. The trait I love most about myself is curiosity.
Thanks to this, from the age of eight I've experimented, first, and then studied everything I could about computer science.
Its incredible complexity never stops giving us ever-growing opportunity to understand how computers work.
It's obvious that I quickly became addicted to GNU/Linux and open source software:
I felt, and still do feel, the need to know exactly what happens inside my –and maybe your– computer.
A never-stop-learning attitude let me improve myself every day.
My grandfather used to say: "If at the end of the day you realize that you've learned something new,
even a simple thing that a day earlier you didn't know, then you didn't waste your day".
Since he's gone, I've been trying to put that into practice and never let a day pass by without having expanded my knowledge.
Hopefully, one day I'll turn into a man as great as he was.
SUSE Linux Security Team (R&D)
SUSE Linux CyberSecurity Team
Global Cyber Incident Response Team
Global Cyber Incident Response Team
Working in a huge environment like Accenture, I have the opportunity to: investigate a wide variety of incidents,
learn about the latest cyber threats every day, hone my forensic skills by analyzing post-mortem environments,
and as a threat hunter avoid future incidents by implementing pro-active methodologies.
Lately I've been focusing on red teaming operations: meaning after a successful exploitation the goal is to move laterally and gain persistence
in the target environment, once all the information of interest is collected and silently exfiltrated any traces of break-in is going to be deleted.
Moreover, I've gained the know-how needed to work in a big corporation where many responsibility groups and detailed policies are in place.
GIAC Certified Incident Handler
GCIH holders have demonstrated their ability to manage security incidents by understanding common attack techniques, vectors and tools as well as defending against and/or responding to such attacks when they occur. The GCIH certification focuses on methods used to detect, respond, and resolve computer security incidents. Professionals holding the GCIH are qualified for hands-on and leadership positions within incident handling teams.
GIAC Certified Penetration Tester
GPEN holders have demonstrated their ability to execute penetration-testing methodologies and properly conduct a penetration test, as well as best practice technical and non-technical techniques specific to conduct a penetration test. Professionals holding the GPEN are qualified for job duties involving assessing target networks and systems to find security vulnerabilities.
Bachelor's degree, Computer Science
Thesis:
MITM Attack with Patching Binaries on the Fly by Adding Shellcodes - pdf, slide
Winner of Innovating Information Security
My thesis shows how easy it is to achieve remote control of a personal computer, even if it runs Windows, GNU/Linux or macOS. This method aims to
intercept and parse traffic of one or more end systems, looking for executable codes. If found, the transparent proxy injects the malware before
it reaches the end system.
That means you can securely download a legitimate executable from a trusted server, and the backdoor will be added during transmission.
High School Diploma, Computer Science
The most ancient Industrial Technical Institute of Italy, founded in 1854 has been for me a cornerstone of my education. Proud to be a G. e M. Montani's alumnus.
The award "Innovating the Security of Information", issued by CLUSIT, reserved for the most innovative university theses in the field of computer security, aims to promote collaboration among subjects that deal with information security in Italy: companies, universities, and students. A point of exchange between production and the scientific world, including students and the labor force, powered directly by the individual participating entities bringing their own needs and experiences.
At Cybercop, a competition part of IISFA Forum, different teams play a simulated scenario where the first team to
catch the cybercriminal wins. The 2014 edition was about a victim who denounced an extorsion from an hacker who recorded a video together an accomplice who convinced the victim
to show himself naked via webcam. My team played against the Polpost (Cybercrime Police) of Genova and the Financial Police of Milano.
We took the second place.
The Hacklab is located in Ancona, I've founded it after I moved there to work for the National Research Council. At its highest peak it counted 84 members, most of them FOSS passionated. I left the association when I moved to Prague to join Accenture. Luckily, some members overtook responsibility roles and the group does still exist.
Camerino Linux User Group is a non-profit cultural association made by students for students, with the mission to share and sensibilize people to use free software. There is no hierarchy in CameLUG, each decision is reached by a majority consensus. We all believe in free culture and we're led by a passion to improve and share our skills in computer science. CameLUG is a place where ideas become real.
Linux User Group of Macerata (Italy) is a landmark for learning, exploring and developing the GNU/Linux operating system. If you think about GNU/Linux not only as an alternative to Windows, but as an innovative way to experience computers, if you want to learn or improve your know-how, or if you just want to install it or know anything else: this is the right place.
I was invited to give a lecture about my thesis at the Economics and Law department of the University of Macerata.
Students who participated were awarded ECTS credits.
I was invited to give a lecture about cryptocurrencies at the Economics and Law department of the University of Macerata.
Concretely, I explained Bitcoin internals.
Students who participated were awarded ECTS credits.
ITIS Aristide Merloni is a high school situated in Fabriano (Italy) where young people study computer science.
In October 2014 the school organized "Linux Day", a day where students can trade their lessons for talks about open source and free software.
I was invited by the school to give a lecture about asymmetric cryptography and how it is used in Off-The-Record messaging,
a protocol which lets users have a private end-to-end encrypted communication over a not secure channel.
The Computer Science department of the University of Camerino, invited me to talk about the TOR anonymous network.
After a general overview I focused on the server side, explaining how TOR ensures anonymity through hidden service protocol, rendevous point,
and hidden service directory to people who provide online services.