Safety

Personal information

  • Nationality: Italian

Skills

Malware analysisWindows internalsPenetration testing
Low-level programmingShell scriptingLinux system administration
Mantainable software designResearch-orientedTeam/autonomous worker

Experience

November 2022 ~ present: R&D Security Engineer @ Leonardo

  • Security software development
    • Software development of server-side logic of an EDR system
      • Handling data related to agent telemetry in a centralized manner
      • DevOps & deploying (CI/CD, virtualized environments)
      • Load testing
    • Developed a minimal plugin-library to flexibly extend server functionalities
    • Used tools:
      • CMake, Conan for project & dependencies management
      • Postman for testing
      • Docker & Portainer for deploying & CI/CD
      • Python with Locust, PrometheusDB, Kibana for load tests & simulation of 1000+ clients
  • Malware analysis
    • x86 reverse engineering using FlareVM, IDA and other malware analysis tools
    • Malware analysis of beacon samples
      • gathered uncommon injection techniques and evasion patterns
      • studied immutable characteristics of the file in search of particular data, blocks of instructions and artifacts that could make the file suspicious
    • Output: yara rules representing beacon TTPs for the detection by scanning instruments

Summer 2020: Full-stack developer @ AFA Systems

  • Project management and development
    • PHP (frontend, backend)
    • Responsive dashboard to check online active users & access rules
  • SQL Database management
    • Query time optimization, cutting up to half of the initial query time of the company
    • Linux environment

Education

  • Cybersecurity - master degree - Oct 2020 - Jan 2023
    • Sapienza Univeristy of Rome
    • Thesis: “The Many Facets of Malware Evasion and Cutting-edge Dynamic Binary Instrumentation Tools to Deal With Them”
      • Researching and applying countermeasures for anti-debug, anti-VM/sandbox and anti-DBI evasions by developing a tool using DynamoRIO framework
      • PoC: a C++ logger “with steroids” reporting activity of “benign look-a-like” evading samples, revealing hidden malicious behavior
      • Scanning area: in-memory, syscalls, APIs, exceptions, asm instructions
  • Computer Engineering - bachelor’s degree - Sep 2016 - Mar 2020
    • Alma Mater Studiorum - Bologna
    • Thesis: A Python software library for dataset generation based on linear models

Certifications

  • GIAC Reverse Engineering Malware (GREM): https://www.credly.com/badges/a029363e-f93b-46dd-a7a6-ea23b16c8c0f/public_url
  • Maldevacademy: Certificate of Completion
    • Content: C/C++ malware development, windows internals, C2 development, cutting-edge malware evasion mechanisms, cross-compilation Linux -> Windows

Languages

  • Italian - Native speaker
  • English - B2 level