IT Security Auditor

Certified Ethical Hacker (CEH) - ISO/IEC 17024

About Me

I'm a Security Auditor of ISGroup and an independent Security Researcher.

As Security Auditor, my job is to perform security activities like Penetration Test and Vulnerability Assessment on networks and web applications in order to identify security issues that may be exploited by an attacker to perform malicious actions on your assets.

When I was a teenager I have co-founded an underground e-zine called Italian Hard Phreaking with some friends on IRC, writing lots of papers related to hack and reverse engineering stuffs in the telecommunication world.

Later, I've started a new adventure as a Security Researcher, discovering vulnerabilities in a commonly used software, web applications, and web sites, in collaboration with other fabulous people of U.S.H.

Publications

QNAP QTS Domain Privilege Escalation Vulnerability

CVE-2017-5227

The vulnerability allows any local user, such as "httpdusr" used to run web application, to escalate to Domain Administrator if the NAS is a domain member.

Authors: ,

Veeam Backup & Replication Local Privilege Escalation Vulnerability

CVE-2015-5742

The vulnerability allows any local Windows user with low privileges, such as the ones provided to an anonymous IIS's virtualhost user, to escalate up to Domain Administrator.

Authors: , ,

Keep in touch

PGP: 0x124FED2DF8DA417E

info@{myname}{mysurname}.it
{myname} is pasquale
{mysurname} is fiorillo