Paolo Stagno
Freelance Offensive Security Researcher & Exploit Developer
“Some things in life are unpredictable, your Security doesn’t have to be one of them”
Paolo Stagno (aka VoidSec) has worked as a consultant for a wide range of clients across top tier international banks, major tech companies and various Fortune 1000 industries.
At ZeroDayLab, he was responsible for discovering and exploiting new unknown vulnerabilities in web applications, network infrastructure components, IoT devices, new protocols and technologies.
He is now a freelance security researcher and a penetration tester focused on offensive application security. He enjoys understanding the digital world we live in, disassembling, reverse engineering and exploiting complex products and code.
In his own research, he discovered various vulnerabilities in software of multiple vendors and tech giants like eBay, Facebook, Fastweb, Google, HP, McAfee, Microsoft, Oracle, Paypal, TIM and many others.
Since the beginning of his career, he has enjoyed sharing his expertise with the security community with his website and blog. He is also an active speaker in various security conferences around the globe like: Typhooncon, Hacktivity, SEC-T, Droidcon, HackInBo, TOHack and M0leCon.
Certified:
- Offensive Security:OSCE.
- eLearnSecurity: eCRE, eCXD, eCPPT, eWPTX, eWPT, eJPT.
- CompTIA:CASP+, PenTest+.
- Pentester Academy:SLAE32.
Courses I’ve attended:
- Corelan:Win32 Exploit Development Bootcamp.
- SANS:SEC660 (Advanced Penetration Testing, Exploit Writing, and Ethical Hacking).
- Sektor7 RED TEAM Operator: Malware Development Intermediate, Malware Development Essentials, Privilege Escalation, Windows Persistence.
- eLearnSecurity: eWDP.
- Kamil Frankowicz: Fuzzing, From zero to first 0-day!
- Justin Searle: Assessing and Exploiting Control Systems & IoT.
A non-exhaustive list of public vulnerabilities and CVEs that I have discovered can be found here.
