About
Now
Since early 2020, I have been working as a security consultant in the IoT security unit at Spike Reply. My primary focus is on IoT and Automotive pentesting, and I also help organize security training sessions and CTF events.
I've played CTFs at LaSER lab with fuffateam for a while. Now I enjoy playing in my spare time with friends and colleagues.
Prev
In late 2015 I started working as a security consultant at Horizon Security where I mainly carried out pentesting activities on mobile and web applications, networks, embedded and IoT devices, biometric authentication systems and so on.
In 2019 I graduated at the University of Milan, where I was part of the LaSER lab.
In 2015 I worked as a cryptanalyst at STMicroelectronics, a world leader multinational in semiconductor solutions, where I carried out research activities on communication security of IoT devices.
In 2014 together with a couple of classmates, I co-founded cryptcoffee, a research group that focuses on security and cryptography.
I got my BSc in 2014 at the University of Milan, where I was part of the CLUB Laboratory.
Education
2019 - Master of Science in Computer Science
Institute: University of Milan Final mark: 110/100L Thesis: Fuzzing OS Kernel Module Interface
University of Milan
110/100L
Thesis: Fuzzing OS Kernel Module Interface
2014 - Bachelor of Science in Computer Science
Institute: University of Milan
Final mark: 104/110
Thesis: Can a FDE solution provide security in the event
that data is lost or stolen?
University of Milan
104/110
Thesis: Can a FDE solution provide security in the event that data is lost or stolen?
Teaching experience
2021 - Security - Lab on Attack/Defense
Institute: Politecnico di Torino
Course: 2nd level Specializing Master's Programme in
Artificial Intelligence & Cloud: Hands-on Innovation
Politecnico di Torino
2nd level Specializing Master's Programme in
Artificial Intelligence & Cloud: Hands-on Innovation
2020 - Mobile Security
Institute: Fastweb Digital Academy Course: Information Security Advanced
Fastweb Digital Academy
Course: Information Security Advanced
Misc
Outside of Computer Science I've three main hobbies that are music, photography and climbing.
I've been a guitar player in a rock band for a while and now I enjoy playing in an acoustic duo named Drawing Melodies.
I drop here some decent pics I take so... Come to have a look ;)
Research
Publications
On TLS 1.3 - Early performance analysis in the IoT field
This paper provides an overview of the novelties introduced in TLS 1.3 draft finalized to improve security and latency of the protocol: the reworked handshake flows and the newly adopted cryptographic algorithms are analyzed and compared in terms of security and latency to the current TLS in use.
What users should know about Full Disk Encryption based on LUKS
Full Disk Encryption (FDE) solutions might help users to protect sensitive data in the event that devices are lost or stolen. In this paper we focus on the security of Linux Unified Key Setup (LUKS) specifications, the most common FDE solution implemented in Linux based operating systems. In particular, we analyze the key management process used to compute and store the encryption key, and the solution adopted to mitigate the problem of brute force attacks based on weak user passwords. Our testing activities show some weaknesses and user’s behavior that can significantly reduce the security of the main LUKS implementation, Cryptsetup.
This paper shows that, if HMAC-SHA-1 is computed in a standard mode without following the performance improvements described in the implementation note of RFC 2104 and FIPS 198-1, an attacker is able to avoid 50 % of PBKDF2’s CPU intensive operations, by replacing them with precomputed values. We note that a number of well-known and widely-used crypto libraries are subject to this vulnerability. In addition to such a vulnerability, we describe some other minor optimizations that an attacker can exploit to reduce even more the key derivation time.
Projects
HTTP Digest Authentication
A Burp Suite extension to handle HTTP Digest Authentication, which is no longer supported by Burp Suite since version 2020.7. It might come in handy if you are testing IoT devices like CCTVs or similar. You should be able to find it in Burp Suite Extender, or you can have a look at the source code.
dirfy
dirfy is a lightweight and highly configurable async web path scanner, that performs fast content discovery against web applications. Give it a try!
Skul
Skul is a PoC to bruteforce the Cryptsetup implementation of Linux Unified Key Setup (LUKS), I mainly wrote during my BSc thesis. Skul is now maintained by myself and my colleagues at cryptcoffee and it has been integrated into the BlackArch Linux Penetration Testing Distribution. You can read more about it here or... Check it out!