Cybersecurity

CyberChallenge.IT is the first Italian cybersecurity training program for talented young people from high schools and universities. In this edition I acted as the main responsible for the project management and taught at Politecnico di Bari to the cyberchallenge class as an expert teacher, teaching Software and Web security and training the class solving some CTFs, with the aim of building a strong team ready for the national competition.

CTFBox is a simulator for Attack/Defense CTF competitions, originally born as a fork of TheRomanExploit project. It simulates a complete A/D infrastructure and has been successfully used to host actual competitions. The project's complexity lies in securely simulating VMs via containers while still allowing traffic interception. Key features include unpredictable checker execution, scoring calculation, and simulated network infrastructure management with multiple WireGuard servers, subnets, and custom routing rules. Source code: https://github.com/domysh/ctfbox

Co-founder of the CTF team Pwnzer0tt1 at poliba just at the end of Cyberchallenge 2022. Our group is composed by students who like playing CTFs and are interested in the field of cybersecurity. Together we play CTF and organize different projects that you can check on our website.

Exploitfarm is a distributed attack management and submission system for Attack/Defense CTF competitions. It handles the recurrent execution of exploits across various clients. Its main strength lies in real-time system performance monitoring and data acquisition, providing immediate insights and enabling subsequent analysis—a feature often missing in popular A/D attack systems. The system also centralizes flag submission to efficiently distribute the load across the game server.

Firegex is a firewall with multiple functions made for CTF A/D competition that is able to filter connections with 0 down time using regexes in real time. It is made to be easy to use, fast to deploy and performing. Go here to see the source code and get more informations

In the 2022 I joined again in the national team (Team Italy), with the best 20 italian hackers to partecipate to ENISA ECSC 2022 european competition.

Me and Nicola Guerrera during the developing of the application firewall firegex discovered a vulnerbaility in the netfilter module in the linux kernel. At first we contacted the linux security team, sending a poc of the vulnerability, first discovered in a python script, and after replicated in a c program, you can find the poc in the github page created by us about the CVE here. After the release of a patch from the security team, we contacted the mitre requiring an identifier of the security problem, more details here

The Italian Cybersecurity Olympics (Olicyber) are the program to enhance the excellence in cybersecurity for high schools. In the edition of 2022 I won the gold medal taking the 4th place in the national competition.

The Italian Cybersecurity Olympics (Olicyber) are the program to enhance the excellence in cybersecurity for high schools. In the edition of 2021 I won the silver medal taking the 8th place in the national competition.

Following my participation in the project Cyberchallenge.IT, after having faced all the races foreseen by the project itself, I soon received the invitation to join the national team (Team Italy). It was also a surprise for me to join the Italian cybersecurity team, which allowed me to meet older and certainly more experienced people than myself.

CyberChallenge.IT is the first Italian cybersecurity training program for talented young people from high schools and universities. In this occasion acquired my basic and advance notions about cybersecurity about hardware, software and web security, cryptography, cryptographic protocols and more. I won the first place at the Politecnico di Bari in this occasion, and this allowed me to enter in Team Italy 2020. Furthermore, I participated in the "YOUNG TALENT ASSESSMENT CENTER" project, being selected among the top 50 participants nationwide based on technical and psychometric characteristics, which led to a coaching cycle with the "Flow coaching school".