Curriculum Vitae
PERSONAL DATA| First Name: | Andrea |
| Last Name: | Fabrizi |
| Date and place of birth: | Anagni (FR) - April 10 1983 - Italy |
| Nationality: | Italian |
Contacts
| Web: | http://www.andreafabrizi.it |
| E-Mail: | andrea.fabrizi@gmail.com |
EDUCATION
- 2002: Science and Maths High School (82/100)
WORK EXPERIENCE
Business-e S.p.A. [from February 2010 - Present]
Position: ICT Security Consultant
- Penetration testing.
- Vulnerability assessment.
- Administration of SIEM, Log Management and GRC products.
- Technical and Governance security consulting.
- Penetration Tester & Security Analist for Telecom Italia and TIM Brazil.
STM Italia S.p.A. [from June 2008 to January 2010]
Position: ICT Security Consultant
- Penetration testing.
- Vulnerability assessment.
- Security software development.
- Development of log management software.
- Security Assessment of Application Firewall (IBM Datapower).
Telecom Italia S.p.A - Unidata S.p.A [from May 2006 to June 2008]
Position: ICT Security Consultant
- Penetration Tester & Security Analist for a big Italian telecommunication company.
- Security software development.
Hypergolica Webworks Studio [References] [from March 2005]
Position: Developer/System administrator
- Software designer and developer (Web applications and standalone applications).
- System administration.
Monforte srl [2005]
Position: Developer
- Software designer and developer for Linux Embedded systems (MIPS/x86).
Omeofarma srl [2005]
Position: Developer
- Development of Mac OS networking application (to interact with IBM AS400).
InfoByte S.p.A. [2005]
Position: Developer
- Web application developer.
- Database designer.
MondoWeb srl [2004]
Position: System administrator
- Administration of Web/Mail/Database servers
SKILLS
Operating Systems:
- UNIX/GNU Linux
- SUN Solaris
- HP-UX/TRU64/AIX (for Penetration Testing)
- Mac OS X
- MS Windows
Programming Languages:
- C
- ASSEMBLY (x86/MIPS/MIPSEL)
- ASSEMBLY PIC (Microchip PIC series)
- JAVA (PC/Android)
- J2ME (the old Java Micro Edition)
- OBJECTIVE-C ( + Framework Cocoa)
- Python
- BASH SCRIPTING
- PHP
- SQL
- JAVASCRIPT ( + JQuery and JQuery UI)
- BASIC
- VISUAL BASIC
- PASCAL
- A little bit of knowledge of others languages
Markup languages and others:
- HTML/XHTML
- CSS
- XML
- UML
Certifications:
- RSA SE Associate in Security Management.
Security:
- Penetration Testing
- System and Web Application penetration test. My strength point is the security audit of complex web applications, from OpenSource applications to enterprise applications or custom web applications and WebServices.
- I also experienced Penetration Test against a wide range of technologies and systems: Solaris, Linux, Windows, Tru64, HP-UX, AIX, OpenVMS, Oracle, MySQL, PostgreSQL, Apache, Tomcat, JBoss, WebLogic, Oracle IAS, SAP, Java, PHP, ASP, Coldfusion, Smartcards, Token, SSO, and others...
- I worked for Telco, Banks, Public Administration Companies, etc...
- Knowledge of OWASP and OSSTMM.
- Excellent skills in writing reports.
- Vulnerability Assessment
- Knowledge of McAfee Foundstone and Nessus.
- Experiences in VoIP Assessment.
- Experiences in WiFi Assessment.
- Experiences in War Dialing.
- Code Review
- Some experiences in manual Code Review of applications written in Java and PHP.
- Cracking
- Analysis and cracking of custom security systems. Some experiences in hardware keys craking, Smartcard, Token and software security protections.
- Reverse engineering
- For me one of the most interesting topics.
I had experience in reverse engineering on MIPS, MIPSEL, and x86 microprocessors (Linux and Windows OS).
- For me one of the most interesting topics.
Enterprise products:
- Novell Sentinel
- Novell Sentinel Log Manager (on which I discovered some vulnerabilities)
- Splunk
- Juniper STRM
- RSA Envision
- Symantec Control Compliance Suite
- McAfee Foundstone
- Nessus
- RSA Archer
- ArcSight
Governance:
- Some experiences in Risk Analysis and ITIL
Embedded Systems:
- Whether for business and hobby I had the opportunity to develop applications for embedded Linux systems.
- Knowledge of MIPS, MIPSEL and x86 architectures
Electronics:
- Good knowledge of electronic theory and applied.
- Excellent knowledge of Microchip PIC microcontrollers.
- Knowledge of the HD44780 protocol (used to control LCD display)
- Knowledge of the I2C protocol.
- I have developed an application for MAC (iBook and PowerBook G4) that, using I2C protocol, is able to control the fans speed, helping thousand of users to solve the heating problem that afflicts this MAC series. (G4FanControl)
Simple list of projects:
- G4FanControl, software useful to control the cooling fans of mac g4 laptops (C for core and Java for the GUI)
- many CMS (PHP)
- full featured mailing list software (PHP)
- mySQLenum, penetration testing software (C)
- dnsproxy, dns proxy over http (C)
- slogd, software useful to collect, sign and archive logs (C)
- smartone, distribuited penetration testing software (C e JAVA)
- software to transfer data from Mac to AS400 (JAVA)
- software, for embedded linux systems, to control datamatrix readers (C)
- training application for penetration testers (PHP)
- temperature monitoring system (embedded linux, C + BASH)
- simple robot/rovers (assembly on Microchip PIC)
- automatic backup system, on local or remote storage, with encryption capabilities (BASH)
- gateway webmail->pop3 for some free webmail (C and JAVA)
- ioled, software usefult to show HardDisk activities using the CAPS Lock led (for laptops without a dedicated led, C)
- software for automatic CAPTCHA solving (C)
- software useful to securely store Database password for PHP applications (C)
- prism, an advanced backdoor (C)
- software useful to send SMS from command line, using some free sms services (C)
- PHP library for reading Outlook DBX files (PHP)
- LCD control software for linux (C)
- software useful to transfer data between two PC, using the soundcard input/output (C)
- smartphone remote control (J2ME)
- GNOME Proxy Applet, panel applet for GNOME, useful to change proxy settings (C)
- Dropbox Uploader, software useful to transfer files to DropBox from command line (BASH)
- more..