My name's Marco and I live in a small town in the region of Tuscany, Italy. I'm graduated in Computer Science at the University of Pisa
and attended the MSc in Information Security at the same university.
My main interests and areas of expertise are Linux, ethical hacking, digital forensics and OSINT (Open Source Intelligence). I've had the opportunity to combine them both as a freelancer consultant and as the author of the book Kali Linux Wireless Penetration Testing Essentials and the video course Digital Forensics with Kali Linux , both published by Packt Publishing.
For any additional information about my consultancy activities or my publications, feel free to contact me.
Acquisition, extraction and analysis of digital evidence and data from computers running different operating systems (Windows, Linux and OSX) and mobile devices (Android, iOS and Windows).
Security assessment of small to medium wired and wireless networks, servers and workstations, mobile devices.
Detection, removal and analysis of malware.
Production and revision of technical publications (articles, books and video courses), in particular on information security and Linux.
This video course teaches you all about the forensic analysis of computers and mobile devices that leverage the Kali Linux distribution. You’ll get hands-on, seeing how to conduct each phase of the digital forensics process: acquisition, extraction, analysis, and presentation, using the rich set of open source tools that Kali Linux provides for each activity.
The majority of this tools are also installed on other forensic Linux distributions, so the course is not only limited to Kali Linux but is suitable for any open-source forensic platform in the same way.
We start by showing you how to use the tools (dc3dd in particular) to acquire images from the media to be analyzed, either hard drives, mobile devices, thumb drives, or memory cards. The course presents the Autopsy forensic suite and other specialized tools, such as the Sleuth Kit and RegRipper, to extract and analyze various artifacts from a Windows image. It also shows how to perform the analysis of an Android device image using Autopsy. Next, we cover file carving and the recovery of deleted data, and then the process of acquiring and analyzing RAM memory (live analysis) using the Volatility framework. Another topic is treated in the course, that is network forensics; indeed, the course covers how to use Wireshark to capture and analyze network data packets. Finally, we demonstrate how to report and present digital evidence found during the analysis. By the end of the course, you will be able to extract and recover data, analyze the acquired data, and report and present digital evidence from a device.
You can find more info about the video course on the Packt Publishing web page:
Digital Forensics with Kali Linux
The book introduces you to wireless penetration testing and describes how to conduct its various phases. After showing you how to install Kali Linux on your laptop, you will verify the requirements of the wireless adapter and configure it. Next, the book covers the wireless LAN reconnaissance phase, explains the WEP and WPA/WPA2 security protocols and demonstrates practical attacks against them using the tools provided in Kali Linux, Aircrack-ng in particular. You will then discover the advanced and latest attacks targeting access points and wireless clients and learn how to create a professionally written and effective report.
You can find more info about the book on the Packt Publishing web page:
Kali Linux Wireless Penetration Testing Essentials
You can also find the book here:
"Autopsy 4.x, the GUI forensic analysis suite", published on eForensics Magazine, February 2019
I have written the following articles on OSSIM the open source SIEM:
In October-November 2013 I've been one of the technical reviewers of the book Getting Started with FortiGate by Packt Publishing, a step-by-step tutorial that teach you everything you need to know about the deployment and management of a FortiGate unit.
Sans Infosec Reading Room
"Featuring over 2,750 original computer security white papers in 77 different categories."
National Institute of Standards and Technology - Computer Security Resource Center website.
The "Publications" section contains many publications that are an authoritative reference in various topics of information security.
Carnegie Mellon University - Computer Emergency Response Team.
It has an interesting section dedicated to secure programming, with particular reference to C/C++ languages.
Purdue University - Center for Education and Research in Information Assurance and Security.
Security Focus - Web portal dedicated to information security.
Sam's classes - City College of San Francisco CNIT professor Sam Bowne's page with his valuable courses in various topics of IT Security, provided with lessons slides, exercise material and useful references.
Security Docs - Hacking and security documentation: slides, papers, video and audio recordings.
The site of the most famous and important conference in the world of computer security and hacking, with the participation of leading experts and researchers.
From this section you can download the slides (and in some cases also the audio/video) of the presentations of all the previous conferences.
Hack In The Box Security Conference Series
Digital Forensic Research Workshop
Windows Incident Response Blog
Blog dedicated to the topics of incident response and forensic analysis of Windows systems by Harlan Carvey, author of the book "Windows Forensic Analysis".
The Sleuth Kit and Open Source Digital Forensics Conference
The most reknown Linux-based (Debian) penetration testing and security distribution.Kali Linux
Metasploit - "World's most used penetration testing software".
Expert Metasploit Penetration Testing Video by Abhinav Singh - Packt Publishing
Step-by-step demonstration of the Metasploit framework using real-time examples, diagrams, and presentations for theoretical topics. Includes a detailed understanding of the framework internals and how they work and covers all three phases of penetration testing in detail including additional tools, such as Armitage, Nmap, and Nessus
Insecure.org - Home of the famous Nmap Security Scanner
The data sent via this contact form or by email are treated in accordance with the European Data Protection Regulation nr.2016/679 (GDPR)