Michele Orru'

Experience

• 

  Det Akademiske Kvarter

  Aug 2006 - Feb 2007

  System administrator and Security Engineer

  System administrator and Security Engineer- Build a secure IDS server with FreeBSD and OpenBSD;- Penetration Testing of the remotely exposed servers and the eticketapplication [https://intern.kvarteret.no/ticket/] used by allthe students(700 c.a.).Skills: *BSD, Debian, arpwatch, Snort, Postgresql, pf, OpenLDAP,Apache, Exim, BIND, MySQL, Paros, nmap, amap, webscarab.

• 

  Fantoft Studentboliger Network Group

  Sept 2006 - Nov 2006

  System administrator and Security Engineer

  System administrator and Security EngineerHelp the Network Group to mitigate and prevent arpspoofing/sniffing into the Fantoft network, managing HP and Dlinkswitches with SNMP and implementing IDS sensors tostatically monitor the arp:IP association of main servers.Skills: OpenBSD, Snort, SnortSam, MySQL, iptables, Acid, dsniff,ettercap.

• 

  Hakin9

  Nov 2006 - Feb 2011

  Writer and beta-tester

  Writer and beta-tester (http://en.wikipedia.org/wiki/Hakin9) Official writer, reviewer and beta-tester of articles in english anditalian. I've written three articles by now:1. Introducion to Firewalls: from ISO/OSI stack to DMZ(published in english and italian)2. Gentoo Hardened: portare la sicurezza di Linux all'estremo(published in italian, November 2007);3. Sniffing SSL/TLS connections through fake certificate injection(published in english, January 2008).

• 

  University of Bergen

  Feb 2007 - May 2007

  Teaching Assistant in Computer Networks course

  Teaching assistant in the course of Computer Networks at HighTechnology Center. My work was help the students during labs withexercices and in-depth explanations about security topics relatedwith the course.

• 

  IntegratingWeb

  May 2007 - Nov 2010

  Network and Security Manager

  Build a secure, reliable and powerful Linux based platform forIntegratingWeb with CentoOS 5. Admin and check regularly thehealth of the system.- Official developer of the OpenSource project Opentaps (www.opentaps.org), and contributor of Apache Ofbiz (security)- Implement and Manage the security of the web applications withAcegi Security and JAAS.- Threat Assesment and Penetration testing on the system and thewebsite.- Threat Assesment and Penetration Testing on the IT structure ofmiller.it (and his first product, streamit.it).Skills: Gentoo Hardened, Grsecurity, Sun AP, Glassfish, Jetty, Tomcat, Apache, Postgresql, Postfix, Cyrus-SASL, ProFTP, vsftp, Snort, Base, iptables, Cisco ASDM, tripwire, Nessus, hping, amap, Metasploit,Paros, Burp, Spring Security, JAAS. Show less

• 

  Miller s.r.l

  Sept 2007 - Dec 2007

  Penetration Tester

  I did some penetration tests on the network infrastructure, especially black box testing on mail and web servers, and on Flash applications.

• 

  Logital S.P.A

  Nov 2008 - Apr 2009

  Programmer and Analyst

  Managing software development in legacy products using Visual Basic 6 for the biggest Italian companies. Linux and Java reference person. Java development for Real time access control systems and Real Time media content distribution Bologna buses.

• 

  INFN-CNAF

  May 2009 - May 2010

  Researcher and Developer

  Researcher and Developer at INFN -CNAF (National Institute of Nuclear Phisycs, Bologna): - working with OGF-europe (www.ogfeurope.eu) on the OCCI cloud interface, and cloud computing use-cases collection - main Java developer of INFN-CNAF research on Cloud Computing (Spring, Hibernate, Restlet, Jetty, X.509, Kerberos, Shibboleth, Platform LSF, Xen/KVM, Eucalyptus) - penetration tester on some web application that monitor the Tier-1 Grid infrastructure (WMS monitor)

• 

  The BeEF Project

  Oct 2010 - Oct 2018

  Core Developer

  As Web Application Security is one of my main research fields, I couldn't continue without being part of a good open source project. I was using BeEF from many years during pentests and security seminars, and now I'm proud to be part of the core development team. Thanks to Wade for inspiration on many things.Some of my work: - Thin/Rack/Sinatra migration, RESTful API, core architectural and code development; - coaching other people to delve in the BeEF core and/or modules and extensions development; - A number of extensions: Social Engineering, Evasion, Tunneling Proxy, XssRays, etc.. - A number of droppers (Java, Firefox) and other exploits - many enhancements, command modules and general bug fixing. Show less

• 

  Royal Bank of Scotland Group

  Mar 2011 - Mar 2012

  Penetration Testing Specialist

  Penetration testing of worldwide banking systems. Vulnerability research activities.Main Areas:- Web Application Security- Infrastructure/Web penetration tests and build reviews on *NIX/Linux/Windows- BeEF

• 

  Trustwave SpiderLabs

  Apr 2012 - Mar 2015

  Senior Security Consultant

  Providing professional consulting services to clients in the following areas: - Application Penetration Testing, - Source Code Analysis and Secure Architecture/Code guidelines, - Social Engineering, - Secure Development and Pentesting live trainings, - Internal Products Pentesting and Code Review.

• 

  FortConsult | Part of NCC Group

  Apr 2015 - Jun 2017

  Senior Security Consultant

  Providing professional consulting services to clients in the following areas: - Application Penetration Testing, - Phishing and Social Engineering, - Source Code Analysis and Secure Architecture/Coding guidelines.

• 

  404 - Not Found

  Jun 2017 - Jul 2022

  Professional Freelancer
• 

  Persistent Security Industries

  Jul 2022 - now

  Principal Security Engineer