-
Notifications
You must be signed in to change notification settings - Fork 2
/
index.html
318 lines (276 loc) · 19.4 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"https://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="https://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<title>One Page Resume</title>
<style type="text/css">
* { margin: 0; padding: 0; }
body { font: 16px Helvetica, Sans-Serif; line-height: 24px; background: url(images/noise.jpg); }
.clear { clear: both; }
#page-wrap { width: 800px; margin: 40px auto 60px; }
#pic { float: right; margin: -30px 0 0 0; }
h1 { margin: 0 0 16px 0; padding: 0 0 16px 0; font-size: 42px; font-weight: bold; letter-spacing: -2px; border-bottom: 1px solid #999; }
h2 { font-size: 20px; margin: 0 0 6px 0; position: relative; }
h3 { font-size: 16px; margin: 0 0 6px 0; position: relative; }
h2 span { position: absolute; bottom: 0; right: 0; font-style: italic; font-family: Georgia, Serif; font-size: 16px; color: #999; font-weight: normal; }
h3 span { position: absolute; bottom: 0; right: 0; font-style: italic; font-family: Georgia, Serif; font-size: 16px; color: #999; font-weight: normal; }
.mediat { font-family: Georgia, Serif; color: #999; font-weight: normal; }
p { margin: 0 0 16px 0; }
a { color: #999; text-decoration: none; border-bottom: 1px dotted #999; }
a:hover { border-bottom-style: solid; color: black; }
ul { margin: 0 0 32px 17px; }
#objective { width: 500px; float: left; }
#objective p { font-family: Georgia, Serif; font-style: italic; color: #666; }
dt { font-style: italic; font-weight: bold; font-size: 18px; text-align: right; padding: 0 26px 0 0; width: 150px; float: left; height: 100px; border-right: 1px solid #999; }
dd { width: 600px; float: right; }
dd.clear { float: none; margin: 0; height: 15px; }
.logo { position:fixed; top:0; right:0; }
</style>
<link rel="shortcut icon" type="image/gif" href="static/favicon.gif"/>
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-93924348-1', 'auto');
ga('send', 'pageview');
</script>
<script type="text/javascript">
function decryptCharcode(n,start,end,offset) {
n = n + offset;
if (offset > 0 && n > end) {
n = start + (n - end - 1);
} else if (offset < 0 && n < start) {
n = end - (start - n - 1);
}
return String.fromCharCode(n);
}
function decryptString(enc,offset) {
var dec = "";
var len = enc.length;
for(var i=0; i < len; i++) {
var n = enc.charCodeAt(i);
if (n >= 0x2B && n <= 0x3A) {
dec += decryptCharcode(n,0x2B,0x3A,offset); // 0-9 . , - + / :
} else if (n >= 0x40 && n <= 0x5A) {
dec += decryptCharcode(n,0x40,0x5A,offset); // A-Z @
} else if (n >= 0x61 && n <= 0x7A) {
dec += decryptCharcode(n,0x61,0x7A,offset); // a-z
} else {
dec += enc.charAt(i);
}
}
return dec;
}
function linkTo_UnCryptMailto(s) {
location.href = decryptString(s,-2);
}
</script>
</head>
<body>
<div id="page-wrap">
<img src="images/crazybyte.png" alt="Avatar" id="pic" />
<div id="contact-info" class="vcard">
<!-- Microformats! -->
<h1 class="fn">Gianluca Gabrielli</h1>
<p>
Email: <a class="email" href="javascript:linkTo_UnCryptMailto('ocknvq,etcbadavgBrtqvqpockn0eqo');">crazybyte [at] protonmail [dot] com</a><br />
Mobile: <a href="static/ggabrielli.vcf">(+39) 342 9988576</a><br />
<a href="https://linkedin.com/in/gianlucagabrielli" target="_blank">Linkedin</a> - <a href="https://github.com/StayPirate" target="_blank">GitHub</a> - <a href="https://telegram.me/crazybyte" target="_blank">Telegram</a><br />
</p>
</div>
<div id="objective">
<p>
Computer fanatic. The trait I love most about myself is curiosity.
Thanks to this, from the age of eight I've experimented, first, and then studied everything I could about computer science.
Its incredible complexity never stops giving us ever-growing opportunity to understand how computers work.
It's obvious that I quickly became addicted to GNU/Linux and open source software:
I felt, and still do feel, the need to know exactly what happens inside my –and maybe your– computer.<br />
A never-stop-learning attitude let me improve myself every day.
My grandfather used to say: "If at the end of the day you realize that you've learned something new,
even a simple thing that a day earlier you didn't know, then you didn't waste your day".
Since he's gone, I've been trying to put that into practice and never let a day pass by without having expanded my knowledge.
Hopefully, one day I'll turn into a man as great as he was.
</p>
</div>
<div class="clear"></div>
<dl>
<dd class="clear"></dd>
<dt>Experience</dt>
<dd>
<h2 id="SUSE"><br /><span><a href="https://www.suse.com" target="_blank">SUSE</a> – Italy, January 2021 - Present</span></h2>
<h2>Software Security Engineer</h2>
<p>SUSE Linux Security Team (R&D)</p>
</dd>
<dd>
<h2 id="SUSE"><br /><span><a href="https://www.suse.com" target="_blank">SUSE</a> – Prague, April 2020 - December 2020</span></h2>
<h2>Cybersecurity Design & Engineering</h2>
<p>SUSE Linux CyberSecurity Team</p>
</dd>
<dd>
<h2 id="Accenture"><br /><span><a href="https://www.accenture.com" target="_blank">Accenture</a> – Prague, June 2019 - March 2020</span></h2>
<h2>Forensic Investigator Specialist</h2>
<p>Global Cyber Incident Response Team</p>
</dd>
<dd>
<h2 id="Accenture"><br /><span><a href="https://www.accenture.com" target="_blank">Accenture</a> – Prague, Feb 2017 - May 2019</span></h2>
<h2>Senior Forensic Investigator</h2>
<p>Global Cyber Incident Response Team</p>
<p>
Working in a huge environment like Accenture, I have the opportunity to: investigate a wide variety of incidents,
learn about the latest cyber threats every day, hone my forensic skills by analyzing post-mortem environments,
and as a <a href="https://en.wikipedia.org/wiki/Cyber_threat_hunting" target="_blank">threat hunter</a> avoid future incidents by implementing pro-active methodologies.<br />
Lately I've been focusing on <a href="https://en.wikipedia.org/wiki/Red_team" target="_blank">red teaming</a> operations: meaning after a successful exploitation the goal is to move laterally and gain persistence
in the target environment, once all the information of interest is collected and silently exfiltrated any traces of break-in is going to be deleted.<br />
<i>Moreover, I've gained the know-how needed to work in a big corporation where many responsibility groups and detailed policies are in place.</i>
</p>
</dd>
<dd>
<h2 id="CNR"><br /><br /><span><a href="https://www.cnr.it/en" target="_blank">National Research Council</a> – Ancona, May 2015 - Jan 2017</span></h2>
<h2>Software Engineer</h2>
<ul>
<li>Developed software for biological analysis with <a href="https://www.djangoproject.com/" target="_blank">Django</a></li>
<li>Developed software for ecosound data processing and deployed it on <a href="https://www.eni.com/" target="_blank">ENI</a>'s oil platforms</li>
<li>Modelling and management of relational databases with <a href="https://www.postgresql.org/" target="_blank">PostgreSQL</a> and <a href="https://postgis.net/" target="_blank">PostGIS</a></li>
<li>Collected sensors data on <a href="https://www.influxdata.com/" target="_blank">InfluxDB</a> and charted it with <a href="https://grafana.com/" target="_blank">Grafana</a></li>
</ul>
</dd>
<dd class="clear"></dd>
<dt>Certification</dt>
<dd>
<h2 id="Unicam">GCIH<small class="mediat"> - <a href="https://www.youracclaim.com/badges/ac1af443-7234-426d-983b-642537c58651" target="_blank">badge</a></small><span>6 June 2019</span></h2>
<p>GIAC Certified Incident Handler</p>
<p>
GCIH holders have demonstrated their ability to manage security incidents by understanding common attack techniques, vectors and tools as well as defending against
and/or responding to such attacks when they occur. The GCIH certification focuses on methods used to detect, respond, and resolve computer security incidents.
Professionals holding the GCIH are qualified for hands-on and leadership positions within incident handling teams.
</p>
</dd>
<dd>
<h2 id="Unicam">GPEN<small class="mediat"> - <a href="https://www.youracclaim.com/badges/2938ce96-38d2-4d24-a282-46fdffec87a9" target="_blank">badge</a></small><span>21 December 2018</span></h2>
<p>GIAC Certified Penetration Tester</p>
<p>
GPEN holders have demonstrated their ability to execute penetration-testing methodologies and properly conduct a penetration test, as well as best practice
technical and non-technical techniques specific to conduct a penetration test. Professionals holding the GPEN are qualified for job duties involving assessing
target networks and systems to find security vulnerabilities.
</p>
</dd>
<dd class="clear"></dd>
<br />
<dt>Education</dt>
<dd>
<h2 id="Unicam">University of Camerino<span>Camerino, Oct 2011 - Apr 2015</span></h2>
<p> Bachelor's degree, Computer Science </p>
<p><strong>Thesis:</strong><br /> MITM Attack with Patching Binaries on the Fly by Adding Shellcodes<small class="mediat"> - <a href="static/MITM_Attack_with_Patching_Binaries_on_the_Fly_by_Adding_Shellcodes.pdf">pdf</a>, <a href="static/MITM_Attack_with_Patching_Binaries_on_the_Fly_by_Adding_Shellcodes.odp">slide</a></small><br />
Winner of <a href="#ThesisAward"><em>Innovating Information Security</em></a></p>
<p>
My thesis shows how easy it is to achieve remote control of a personal computer, even if it runs Windows, GNU/Linux or macOS. This method aims to
intercept and parse traffic of one or more end systems, looking for executable codes. If found, the transparent proxy injects the malware before
it reaches the end system. <br />
That means you can securely download a legitimate executable from a trusted server, and the backdoor will be added during transmission.
</p>
<br />
<h2>ITIS "G. e M. Montani"<span>Fermo, Sep 2005 - Jul 2008</span></h2>
<p>High School Diploma, Computer Science</p>
<p>
The most ancient Industrial Technical Institute of Italy, founded in 1854 has been for me a cornerstone of my education.
Proud to be a <i>G. e M. Montani's</i> alumnus.
</p>
</dd>
<dd class="clear"></dd>
<br />
<dt>Honours & Awards</dt>
<dd>
<h2 id="ThesisAward">Innovating Information Security<span>Milano, Italy 2015</span></h2>
<p>
The award "Innovating the Security of Information", issued by <a href="https://tesi.clusit.it/vincitori.php" target="_blank">CLUSIT</a>, reserved for the most innovative university theses in the field of computer security,
aims to promote collaboration among subjects that deal with information security in Italy: companies, universities, and students. A point
of exchange between production and the scientific world, including students and the labor force, powered directly by the individual
participating entities bringing their own needs and experiences.
</p>
<h2>Cybercop<span>Genova, Italy 23-24 May 2014</span></h2>
<p>
At Cybercop, a competition part of <a href="http://www.iisfa.net" target="_blank">IISFA</a> Forum, different teams play a simulated scenario where the first team to
catch the cybercriminal wins. The 2014 edition was about a victim who denounced an extorsion from an hacker who recorded a video together an accomplice who convinced the victim
to show himself naked via webcam. My team played against the <em>Polpost (Cybercrime Police) of Genova</em> and the <em>Financial Police of Milano</em>.<br />
We took the second place.
</p>
</dd>
<!--
<dd class="clear"></dd>
<br />
<dt>Skills</dt>
<dd>
<h2>GNU/Linux</h2>
<p>...</p>
<h2>Python</h2>
<p>...</p>
</dd>
-->
<dd class="clear"></dd>
<br />
<dt>Organizations</dt>
<dd>
<h2>HackLab Ancona<small class="mediat"> - <a href="http://staypirate.org" target="_blank">site</a></small><span>Founder – Ancona, Italy 2016</span></h2>
<p>
The Hacklab is located in Ancona, I've founded it after I moved there to work for the <a href="#CNR">National Research Council</a>.
At its highest peak it counted 84 members, most of them <a href="https://en.wikipedia.org/wiki/Free_and_open-source_software" target="_blank">FOSS</a> passionated.
I left the association when I moved to Prague to join <a href="#Accenture">Accenture</a>.
Luckily, some members overtook responsibility roles and the group does still exist.
</p>
<h2>CameLUG<small class="mediat"> - <a href="http://camelug.unicam.it/" target="_blank">site</a></small><span>Founder – Camerino, Italy 2013</span></h2>
<p>
Camerino Linux User Group is a non-profit cultural association made by students for students, with the mission to share
and sensibilize people to use free software. There is no hierarchy in CameLUG, each decision is reached by a majority consensus.
We all believe in free culture and we're led by a passion to improve and share our skills
in computer science. CameLUG is a place where ideas become real.
</p>
<h2>GLM<small class="mediat"> - <a href="http://www.gruppolinuxmc.it" target="_blank">site</a></small><span>Active Member and Speaker – Macerata, Italy 2012</span></h2>
<p>
Linux User Group of Macerata (Italy) is a landmark for learning, exploring and developing the GNU/Linux operating
system. If you think about GNU/Linux not only as an alternative to Windows, but as an innovative way to experience
computers, if you want to learn or improve your know-how, or if you just want to install it or know anything else: this is
the right place.
</p>
</dd>
<dd class="clear"></dd>
<br />
<dt>Talks</dt>
<dd>
<br />
<h3><span>University of Macerata – 2 December 2016</span></h3>
<h3>European Cyber Security Month<small class="mediat"> - <a href="static/European_Cyber_Security_Month.pdf">flyer</a></small></h3>
<p>I was invited to give a lecture about my <a href="#Unicam">thesis</a> at the Economics and Law department of the University of Macerata.<br />
Students who participated were awarded ECTS credits.<br /></p>
<br />
<h3><span>University of Macerata – 21 April 2016</span></h3>
<h3>Cryptocurrency: is digital the money of the future?<small class="mediat"> - <a href="static/Cryptocurrency.pdf">flyer</a></small></h3>
<p>I was invited to give a lecture about cryptocurrencies at the Economics and Law department of the University of Macerata.
Concretely, I explained Bitcoin internals.<br />
Students who participated were awarded ECTS credits.<br /></p>
<br />
<h3><span>ITIS “A.Merloni” – 25 October 2014</span></h3>
<h3>OTR Messaging<small class="mediat"> - <a href="static/OTR.odp">slide,</a> <a href="https://www.youtube.com/watch?v=mRxApokOMTo&t=180s">video</a></small></h3>
<p>ITIS Aristide Merloni is a high school situated in Fabriano (Italy) where young people study computer science.
In October 2014 the school organized "Linux Day", a day where students can trade their lessons for talks about open source and free software.<br />
I was invited by the school to give a lecture about asymmetric cryptography and how it is used in Off-The-Record messaging,
a protocol which lets users have a private end-to-end encrypted communication over a not secure channel.<br /></p>
<br />
<h3><span>University of Camerino – 7 May 2014</span></h3>
<h3>TOR and Hidden Service Protocol<small class="mediat"> - <a href="https://www.youtube.com/watch?v=eOXp0BwMpQQ">video</a></small></h3>
<p>The Computer Science department of the University of Camerino, invited me to talk about the TOR anonymous network.
After a general overview I focused on the server side, explaining how TOR ensures anonymity through hidden service protocol, rendevous point,
and hidden service directory to people who provide online services.<br /></p>
</dd>
<dd class="clear"></dd>
<dt>Leisure time & Hobbies</dt>
<dd>Having quality time with my family, <a href="https://www.youtube.com/user/freegnulinux" target="_blank">my youtube channel</a>, <a href="images/Richard%20Matthew%20Stallman.jpg" target="_blank">RMS</a>, jogging.</dd>
<dd class="clear"></dd>
</dl>
</div>
<div class="logo">
<a style="border-bottom: 0px;" href="fp.html"><img src="images/get_in_touch.png" alt="StayPirate"></a>
</div>
</body>
</html>