nstsec.com

Recently Published

Article
Jan 20, 2024

Sono su HackerJournal!

Il mio contributo nell'uscita N.275 di HackerJournal. In particolare, l'articolo "So da dove posti" a pagina 36 racconta come ho effettuato la geolocalizzazione di un soggetto utilizzando esclusivamente fonti open source, partendo da una sua foto pubblica.
Article
Sep 21, 2023

Come ho risolto la OSINT challenge di Unlock Security

Ispirati dalle numerose challenge di Gary Ruddell, Unlock Security propone una challenge OSINT un po’ particolare: nessuna informazione di contesto e una sola foto sgranata con pochi dettagli all’interno.
Article
May 02, 2023

My OSCP Journey: Tips, Tricks, and Cheat Sheets

In this GitBook I shared my experiences, tips, and resources for preparing for the OSCP certification exam. I hope this guide inspires others to become certified security experts.
CVE
Oct 29, 2022

CVE-2022-44023 - PwnDoc

Username Enumeration via response messages in PwnDoc (up to and including 0.5.3) allows unauthenticated attacker to enumerate “disabled account” usernames observing the web server response messages to login requests.

Whoami

I'm a cybersecurity specialist, focused on ethical hacking and offensive security.

My primary area of expertise lies in conducting vulnerability research and penetration testing on a variety of digital assets, including infrastructures, networks, websites, portals, and mobile applications. I leverage advanced hacking techniques to simulate the tactics of real world attackers, allowing me to identify and expose any potential weaknesses that could be exploited by malicious actors.

What I hack

Web apps

Websites exploiting.
APIs

API vulnerability research.
Mobile apps

Android and iOS apps exploiting.
Networks

Infrastructure penetration testing.

Experience

Kirey Group

Penetration Tester
Gen 2023 - Present
Currently, I hold the position of Penetration Tester and specialize in researching vulnerabilities in networks, web, and mobile applications. My primary responsibility involves conducting thorough penetration tests and vulnerability analysis with the objective of identifying weaknesses and providing solutions to enhance system security.

Almaviva S.p.A.

Lead Ethical Hacker
Feb 2022 - Dec 2022 (11 mos)
As coordinator of Almaviva's Security Assessment Team, I led a team of offensive security professionals in conducting various cybersecurity services, including Penetration Testing, Vulnerability Assessment, Code Review, and Remediation Management. These services were tailored to meet clients' specific security needs, with the goal of identifying vulnerabilities in their systems before they could be exploited by malicious actors.
Ethical Hacker
Sep 2020 - Jan 2022 (1 yr 5 mos)
I assumed the responsibility of simulating cyber attacks to discern vulnerabilities and evaluate client defense mechanisms. My daily responsibilities encompassed thorough research of vulnerabilities, formulation and execution of exploitation plans, and the issuance of recommendations for remediation.

CY4GATE S.p.A.

Cybersecurity Consultant
Jun 2019 - Sep 2020 (1 yr 4 mos)
My responsibilities included analyzing systems, identifying vulnerabilities, providing security recommendations, conducting penetration testing, and developing reports. Active involvement in researching new security solutions showcased a passion for cybersecurity, comprehensive knowledge of technologies and threats, and strong communication and problem-solving skills.

Teleperformance S.p.A.

Account Security Support Advisor
Jun 2016 - Jun 2019 (3 yrs 1 mo)
I extended my expertise to the Account Security Team, where I offered support for resolving issues related to Apple ID and iCloud accounts, contributing to a comprehensive user assistance experience.
Tier 1 Support Advisor
Apr 2013 - Jun 2016 (3 yrs 3 mos)
As a technical support assistant specializing in resolving issues and software bugs on Apple devices, I provided dedicated support through customer care to end users, ensuring effective solutions to optimize the use of the products.

Ethereum Network

Ethereum Mining
Nov 2017 - Dec 2018 (1 yrs 2 mos)
I designed, assembled, and configured mining rigs to validate and verify transactions on the Ethereum blockchain using the Proof of Work protocol. This experience provided valuable insights into the complexities of blockchain technology and allowed me to develop my hardware optimization and troubleshooting skills.