About me


Student of Engineering in Computer Science, University of Rome.
I have been interested in software development since I was thirteen and it is my hobby and my field of study at university.
I'm in the cybersecurity world due to my participation at CyberChallenge.IT in 2017.
I was a member of the Italian national team at European Cybersecurity Challenge 2017.
I co-founded the TRX academic CTF team and the mHACKeroni joint team of which TRX is part during big CTFs like DEF CON CTF or C3CTF.
Exploit development tutor at CyberChallenge Rome in 2018 and 2019.
Founder of the DEFCON 11396 ROME group, a monthly meeting of roman hackers with talks about security at Sapienza.
I'm also, finally, a homebrewer, a (not very skilled) trumpet player and a mountain passionate.
I'm malweisse on IRC.

ResearchGate profile.

Public projects

  • angrdbg - An abstract library used to implement synchronization between a concrete execution environment (tipically a debugger) and the angr symbolic execution engine.
  • IDAngr - An IDA Pro debugger plugin that implements the angrdbg api in IDA with an user friendly GUI.
  • angrgdb - Create an angr state from the current GDB state on top of angrdbg.
  • Carbonara Project - A malware research platform designed to recognize duplicated functions between binaries at scale and speed-up the static malware analysis process.
  • Draught Framework - An educational project consisting of a compiler, a virtual machine and a set of libraries created from scratch to learn the design and development of programming languages.
  • deferred_driller - My version of driller using Intel PIN and angrgdb. In "theory" can work with AFL in deferred and persistent mode.
  • afl++ - Maintainer with vh-thc and heiko - afl++ is afl 2.56b with community patches, AFLfast power schedules, qemu 3.1 upgrade + laf-intel support, MOpt mutators, InsTrim instrumentation, unicorn_mode and a lot more! .
  • frida-fuzzer - This experimetal fuzzer is meant to be used for API in-memory fuzzing.
  • AOSV CheatShit - Advanced Operating Systems and Virtualization notes in a shitty text file.
  • MotherFucking CTF - What do we say to JavaScript? Not today! motherfuckingwebsite.com inspired CTF platform.
  • QEMU-AddressSanitizer - QASan is a custom QEMU 3.1.1 that detects memory errors in the guest using AddressSanitizer.


  • 1st place (ex-aequo) in binary analisys at CyberChallenge.IT 2017
  • 2nd place in penetration testing at CyberChallenge.IT 2017
  • 3rd place with the italian team at the European Cybersecurity Challenge 2017
  • 7th place at DEF CON 26 CTF with the mhackeroni team
  • 1st place at 35C3 CTF with the KJC+mhackeroni team
  • 5th place at DEF CON 27 CTF with the mhackeroni team


Cyber security, che cosa faranno gli hacker italiani al Def Con di Las Vegas
Ansa - Nazionale degli hacker in ritiro a Lucca
Wired - CyberChallenge, i vincitori del premio per la sicurezza informatica
AGI - Ecco gli 8 ragazzi della nazionale italiana degli hacker. Chi sono, cosa studiano
Startup Italia - Ecco chi sono gli hacker della nazionale italiana di cyber-defender
Netservice - Hacker? Ne esistono di buoni e hanno la Nazionale
... (Google is your friend) ...