Gianluca Gabrielli

SUSE – Italy, January 2021 - Present

Software Security Engineer

SUSE Linux Security Team (R&D)

SUSE – Prague, April 2020 - December 2020

Cybersecurity Design & Engineering

SUSE Linux CyberSecurity Team

Accenture – Prague, June 2019 - March 2020

Forensic Investigator Specialist

Global Cyber Incident Response Team

Accenture – Prague, Feb 2017 - May 2019

Senior Forensic Investigator

Global Cyber Incident Response Team

Working in a huge environment like Accenture, I have the opportunity to: investigate a wide variety of incidents, learn about the latest cyber threats every day, hone my forensic skills by analyzing post-mortem environments, and as a threat hunter avoid future incidents by implementing pro-active methodologies.
Lately I've been focusing on red teaming operations: meaning after a successful exploitation the goal is to move laterally and gain persistence in the target environment, once all the information of interest is collected and silently exfiltrated any traces of break-in is going to be deleted.
Moreover, I've gained the know-how needed to work in a big corporation where many responsibility groups and detailed policies are in place.

National Research Council – Ancona, May 2015 - Jan 2017

Software Engineer

• Developed software for biological analysis with Django
• Developed software for ecosound data processing and deployed it on ENI's oil platforms
• Modelling and management of relational databases with PostgreSQL and PostGIS
• Collected sensors data on InfluxDB and charted it with Grafana

GCIH - badge6 June 2019

GIAC Certified Incident Handler

GCIH holders have demonstrated their ability to manage security incidents by understanding common attack techniques, vectors and tools as well as defending against and/or responding to such attacks when they occur. The GCIH certification focuses on methods used to detect, respond, and resolve computer security incidents. Professionals holding the GCIH are qualified for hands-on and leadership positions within incident handling teams.

GPEN - badge21 December 2018

GIAC Certified Penetration Tester

GPEN holders have demonstrated their ability to execute penetration-testing methodologies and properly conduct a penetration test, as well as best practice technical and non-technical techniques specific to conduct a penetration test. Professionals holding the GPEN are qualified for job duties involving assessing target networks and systems to find security vulnerabilities.

University of CamerinoCamerino, Oct 2011 - Apr 2015

Bachelor's degree, Computer Science

Thesis:
MITM Attack with Patching Binaries on the Fly by Adding Shellcodes - pdf, slide
Winner of Innovating Information Security

My thesis shows how easy it is to achieve remote control of a personal computer, even if it runs Windows, GNU/Linux or macOS. This method aims to intercept and parse traffic of one or more end systems, looking for executable codes. If found, the transparent proxy injects the malware before it reaches the end system.
That means you can securely download a legitimate executable from a trusted server, and the backdoor will be added during transmission.

ITIS "G. e M. Montani"Fermo, Sep 2005 - Jul 2008

High School Diploma, Computer Science

The most ancient Industrial Technical Institute of Italy, founded in 1854 has been for me a cornerstone of my education. Proud to be a G. e M. Montani's alumnus.

Innovating Information SecurityMilano, Italy 2015

The award "Innovating the Security of Information", issued by CLUSIT, reserved for the most innovative university theses in the field of computer security, aims to promote collaboration among subjects that deal with information security in Italy: companies, universities, and students. A point of exchange between production and the scientific world, including students and the labor force, powered directly by the individual participating entities bringing their own needs and experiences.

CybercopGenova, Italy 23-24 May 2014

At Cybercop, a competition part of IISFA Forum, different teams play a simulated scenario where the first team to catch the cybercriminal wins. The 2014 edition was about a victim who denounced an extorsion from an hacker who recorded a video together an accomplice who convinced the victim to show himself naked via webcam. My team played against the Polpost (Cybercrime Police) of Genova and the Financial Police of Milano.
We took the second place.

HackLab Ancona - siteFounder – Ancona, Italy 2016

The Hacklab is located in Ancona, I've founded it after I moved there to work for the National Research Council. At its highest peak it counted 84 members, most of them FOSS passionated. I left the association when I moved to Prague to join Accenture. Luckily, some members overtook responsibility roles and the group does still exist.

CameLUG - siteFounder – Camerino, Italy 2013

Camerino Linux User Group is a non-profit cultural association made by students for students, with the mission to share and sensibilize people to use free software. There is no hierarchy in CameLUG, each decision is reached by a majority consensus. We all believe in free culture and we're led by a passion to improve and share our skills in computer science. CameLUG is a place where ideas become real.

GLM - siteActive Member and Speaker – Macerata, Italy 2012

Linux User Group of Macerata (Italy) is a landmark for learning, exploring and developing the GNU/Linux operating system. If you think about GNU/Linux not only as an alternative to Windows, but as an innovative way to experience computers, if you want to learn or improve your know-how, or if you just want to install it or know anything else: this is the right place.

University of Macerata – 2 December 2016

European Cyber Security Month - flyer

I was invited to give a lecture about my thesis at the Economics and Law department of the University of Macerata.
Students who participated were awarded ECTS credits.
​

University of Macerata – 21 April 2016

Cryptocurrency: is digital the money of the future? - flyer

I was invited to give a lecture about cryptocurrencies at the Economics and Law department of the University of Macerata. Concretely, I explained Bitcoin internals.
Students who participated were awarded ECTS credits.
​

ITIS “A.Merloni” – 25 October 2014

OTR Messaging - slide, video

ITIS Aristide Merloni is a high school situated in Fabriano (Italy) where young people study computer science. In October 2014 the school organized "Linux Day", a day where students can trade their lessons for talks about open source and free software.
I was invited by the school to give a lecture about asymmetric cryptography and how it is used in Off-The-Record messaging, a protocol which lets users have a private end-to-end encrypted communication over a not secure channel.
​

University of Camerino – 7 May 2014

TOR and Hidden Service Protocol - video

The Computer Science department of the University of Camerino, invited me to talk about the TOR anonymous network. After a general overview I focused on the server side, explaining how TOR ensures anonymity through hidden service protocol, rendevous point, and hidden service directory to people who provide online services.
​