• 🎓 M.Sc. Degre in "Computer Engineering" at University of Naples "Federico II"
• 👨‍💻 Senior Penetration Tester at SECFORCE
• 🚩 CTF Player at napwnli
• 🖖 Incurable Nerd
• 🎞️ Movie/TV Show addicted

Want to know more? Check my website.

• CVE-2025-58374: Auto-approve allows npm install execution of malicious postinstall scripts. (RooCode)
• CVE-2025-58373: Symlink-bypass of .rooignore leading to unintended file disclosure. (RooCode)
• CVE-2025-58372: Potential Remote Code Execution via .code-workspace. (RooCode)
• CVE-2024-28722: Reflected XSS. (Innovaphone myPBX)
• CVE-2024-3761: Missing Authorization on Delete Datasets. (lunary-ai/lunary)
• CVE-2023-7194: Reflected XSS. (Meris WordPress Theme)
• CVE-2022-2535: Unauthenticated Arbitrary Post Title Disclosure. (SearchWP Live Ajax Search plugin)

• DroidGround: A flexbile playground for Android CTF challenges.
• RoboDroid: Manage and deploy Android machines with pre-defined behaviors for Cyber Range environments
• RAUDI: Regularly and Automatically Updated Docker Images
• Dockerized Android: A container-based framework to execute Android in Docker
• HOUDINI: Hundreds of Offensive and Useful Docker Images for Network Intrusion
• asciified: A simple ASCII Art API with a good-looking Web App.