About me - (in)security

About me

That's what I do. I drink, and I know things.

Hello There!
My name is Alessio, and I’m an IT security enthusiast working as a Security Engineer.
I previously worked as a penetration tester in Milan where I conducted several activities against web and mobile applications, networks and infrastructures, and devices too (smartphones, laptops, printers, routers, etc).

I like to do security and vulnerability research, bug bounties and writing helpful tools to automate most of my work.

You can find my contacts at the end of this page and a quick summary of my main achievements right above.


  • October 2018 - Become a Offensive Security Certified Professional (OSCP)
  • July 2017 - Presented filewatcher for MacAdmins Meeting at the University of Utah


  • CVE-2022-2903 - PHP Objection Injection in WordPress Plugin (NinjaForms).
  • CVE-2018-20122 - Remote code execution in Fastweb FASTgate router.
  • CVE-2018-17172 - Remote code execution in Xerox Altalink printer.
  • CVE-2018-7064 - Cross-site scripting (XSS) Reflected in Aruba Instant web interface.
  • CVE-2017-17663 - Buffer overflow in thttpd and mini_httpd web server.


  • filewatcher - A simple auditing utility for macOS
  • shcheck - A basic tool to check security headers
  • pihole-dashboard - Minimal and clean dashboard to visualize some stats of Pi-Hole with an E-Ink display