About

About

avatar

I’m Daniele Bartiromo, a Penetration Tester and Backend Developer from Naples, Italy.
I run this blog to document security research, vulnerability analyses, and reverse engineering findings.

Penetration Testing

  • Perform web application assessments covering authentication flaws, broken access control, IDOR, SSRF, XXE, SSTI, and second-order injection scenarios
  • Manually chain low-severity issues into high-impact attack paths rather than relying on automated scanner output
  • Write technical reports with CVSS v3.1 scoring, full reproduction steps, and context-aware remediation — not generic advice
  • Hold eWPT and eWPTX certifications from INE Security

Reverse Engineering

  • Unpack and deobfuscate protected Windows PE binaries — worked with custom packers, anti-debug tricks, and VM-based protections
  • Analyze Android APKs: bypass certificate pinning at runtime, hook methods with Frida to trace crypto operations and tamper detection logic
  • Investigated malware samples to extract C2 communication patterns, persistence mechanisms, and payload staging logic

Backend Development

  • Build REST APIs and web platforms in PHP handling real transaction flows — not toy projects
  • Integrated full-node RPC for Bitcoin, Monero, and Ethereum into production payment systems: address generation, transaction monitoring, confirmation handling, and webhook dispatch
  • Designed systems under realistic threat models — authentication, rate limiting, replay attack prevention, and secrets management were part of the architecture from day one
  • Worked extensively with async job queues, Redis-backed caching layers, and multi-tenant database schemas

Currently Working On

  • Pursuing OSWE (Offensive Security Web Expert) to go deeper into white-box web application exploitation
  • Conducting independent vulnerability research to bring original and technically solid content to this blog

Stack

Languages

Languages

Frameworks & Libraries

Frameworks

Databases & Infrastructure

Infra

IDEs & Dev Tools

Tools

Security & RE Tools

Security

Burp Suite Wireshark x64dbg Frida Jadx apktool ffuf wfuzz Acunetix

Certifications

  • 🎯 eWPTX — Web Application Penetration Testing eXtreme — INE Security, Aug 2023
  • 🛡️ eWPT — Web Application Penetration Testing — INE Security, May 2023

Contact