Stefano Lorenzi
Born in Bergamo, April 17th, 1972
Email: [email protected]
Mobile phone: +393891678572
SUMMARY
Technical and strategic skills in Cyber-Security with more than 10 years of experience in IT fields.
Working with Finmeccanica’s Group, I gained experience in preventing and managing IT incidents
using the main international standards (NIST and SANS).
I colloborated with many Governmental Institutions, such as Italian Police and Italian Army, on
Remediation, Vulnerability Assessment/Penetration Test, Malware Analysis and Forensic and
played military NATO Cyber Defense eXcercise (CDX) in 2012 and 2015 in the Italian Blueteam.
MAIN WORKING EXPERIENCES
From November 2008 on – Selex Elsag Cyberlabs (Finmeccanica Group)
Finmeccanica is Italy's main industrial group, leader in the high technology sector, and
ranks among the top ten defence groups worldwide. It operates in the Aerospace, Defence
and Security sectors. The group I work with is focused on Incident Handler and my main
tasks are Incident Handling, managing Vulnerability Assessment, Penetration Test,
Forensic, log analysis, Malware detection (APT discovery) in companies of the Group, in
Italy and abroad. In particular:
CERT Team Leader
Vulnerability Assessment and Penetration Test
Produce Vulnerability Assessment project and report
Focal point with technical customer personnel.
I follow the accident investigation network, determine the cause of the safety
problems
Analyze potential infrastructure security incidents to determine if incident qualifies as
a legitimate security breach
Perform network incident investigations, determining the cause of the security
incident and preserving evidence for potential legal action
Make recommendations on the appropriate corrective action for incidents
Produce security incident reports and briefings to be distributed to the team lead
and manager.
Appropriately inform and advise management on incidents and incident prevention
Professional grow in Selex Elsag Cyberlabs
From 2008 to 2010: IT developer in Delphi using Oracle as Database. I developed security
and Hack tool, mainly in Network Forensics area
From 2011 – 2013: Incident Handler, managing Vulnerability Assessment, Penetration Test
and Forensic. IT Security teacher for emplyees at Selex.
Ai sensi art. 13 D. Lgs. 30/06/2003, N.196 sulla tutela della privacy, autorizzo al trattamento dei miei dati personali .
Stefano Lorenzi
Form 2014: CERT Operation Leader with 8 reports. My team work on Incident Handling,
Penetration Test, Forensic and Malware Analysis.
Knowledge Tools:
Vulnerability Assessment
o
Nessus, nmap, metasploit, fierce, ZAP, DirBuster, tcpdump, wirshark,
sqlmap, hydra
Forensic
o
Volatility, autopsy, Foremost, Scalpel, RegRipper,
Malware Analysis
o
Cuckoo, peframe, yara, GFI sandobox
General
o
Sysinternals, Scapy
Language
Delphi, Java and python
For vulnerability Assessment and Penetration test I use OSSTMM methodology for
infrastructor task and OWASP methodology for Web application.
I have written
below)
many tools in python, java and Delphi language (see Personal Projects
From 2006 to 2008 – Sopra Group
Sopra is a consulting, IT services and software development company. I worked as Project
Manager in Sisal, the main italian company of gaming and entertainment products, such as
superEnalotto, Totocalcio, Totogol etc, a company authorized by the Bank of Italy to
provide payment services including.
My main tasks were to develop plays together with 3 reports. All written softwares were
interconnected with sqlite database.
From 2001 to 2006 – San Giorgio Automazione
A industrial automatisation company, that gave me the opportunity to work as consultant
developer at the plant of Tenaris Dalmine (Bergamo), the first Italian company for industrial
pipes without welds. Here I could work in a large team, collaborating with other
professionalities of all levels of the plant and managing directly the performances of
machinaries thorught the software I wrote.
My main tasks were:
Delphi IT Developer of software for industrial automation.
Interconnection between PLC and PC. All written softwares were interconnected with
Microsoft SQLServer database.
From 1997 to 2001 – Italgael
National and international import- export company. I worked as employee.
From 1990 to 1997 – Orobica Trasporti
Employee in a national road transport company.
Ai sensi art. 13 D. Lgs. 30/06/2003, N.196 sulla tutela della privacy, autorizzo al trattamento dei miei dati personali .
Stefano Lorenzi
EDUCATION
Postgraduate course in “IT Security and legal regulations” at Università di Modena. Marks:
110/110 with Lode.
Master Degree in Computer Science - Università degli Studi di Milano. Marks: 93/110.
Bachelor’s degree in Computer Science - Università degli Studi di Milano. Marks: 96/110.
CERTIFICATION WITH COURSERA PLATFORM
June 2015: Certification in “Malicious Software and its Underground Economy: Two Sides
to Every Story” – University of London. Marks 86%
March 2015: Certification in “Usable Security” – University of Maryland. Marks 84.0%
March 2015: Certification in “Hardaware Security” – University of Maryland. Marks 96.3%
January 2015: Certification in “Cryptography” – University of Maryland. Marks 100%
November 2014: Certification in “Software Security” – University of Maryland. Marks 95.6%
November 2014:Certification in “Programming in Python” – University of Rice. Marks 99.3%
Personal projects
I developed a Live Linux Based distribution which is focused on the IT security incidents managing
and it’s thought for CERT groups (Computer Emergency Response Team). It puts together tools of
three main category: Vulnerability Assessment, Forensic and Malware Analysis. It can be found in
my Official Web Site (www.certtoolkit.org).
Scanfolder: Scanfolder is an open source tool to analyze a subfolder of your disc (or dd file
mounted on your PC). With this tool is possible to find some bad MD5 or find some know malicious
pattern with YARA, or extract some data like IP, email address, credit card number, ssn and more
data type. It can be found in my web site (http://www.stefanolorenzi.org/site/?page_id=601). This
tool is wrote in python and it has a web GUI.
FileInspection: An automatic tool for Static Analysis. This software allows the user to discover the
system calls inside the PE files, identify the suspicious ones, find IP, URL, Antidebug or anti VM.
Arpscanspoof: Lately, I wrote a hack tool in python to discover the machines in a network, and
attack one of these machines with a “man in the middle” attack (MITM). It can be found in my
personal web site (http://www.stefanolorenzi.org/site/?p=342). This tool is wrote in python
language
Pcaparse: this tool, wrote in python, gets a pcap file and extracts a lot of information and statistics
detail. It’s possible to see if there are some packets with bad TCP Flags, or if there are SQL
injection or XSS attacks. This tool Can reproduce picture, PDF and HTML page there are in pcap
file.
VAAR: Vulnerability Assessment Automatic Report. I’m now completing a software, that is
Ai sensi art. 13 D. Lgs. 30/06/2003, N.196 sulla tutela della privacy, autorizzo al trattamento dei miei dati personali .
Stefano Lorenzi
developed for the automatic writing of reports about
Test. This software is wrote in Java
Vulnerability Assessment and Penetration
APT-Demo: This tool is a prototype of malware, wrote in Delphi only to show what is possible to
do with this malware type. There are a malware and a remote command and control. Thanks to this
tool it is possible to see the process that is active in remote machine. It’s also possible to get the
screenshot, to active a keylogger, to take a picture with webcam, to download and upload file, to
record the microphone and to restart the machine.
LANGUAGES
English: good understanding of books and technical papers. I attend an English lesson at level B1.
Ai sensi art. 13 D. Lgs. 30/06/2003, N.196 sulla tutela della privacy, autorizzo al trattamento dei miei dati personali .