Vulnerability Researcher & Exploit Developer
“Some things in life are unpredictable, your Cyber Security doesn’t have to be one of them”
Paolo Stagno (aka VoidSec) has worked as a Penetration Tester for a wide range of clients across top-tier international banks, major tech companies and various Fortune 1000 industries. He was responsible for discovering and exploiting new unknown vulnerabilities in applications, network infrastructure components, IoT devices, new protocols, and technologies.
He is now a freelance Vulnerability Researcher and Exploit Developer focused on Windows offensive application security (kernel and user-land). He enjoys understanding our digital world, disassembling, reverse engineering and exploiting complex products and code.
In his own research, he discovered various vulnerabilities in the software of multiple vendors and tech giants like eBay, Facebook, Google, HP, McAfee, Microsoft, Oracle, Paypal, VMware and many others.
Since the beginning of his career, he has enjoyed sharing his expertise with the security community through his website (https://voidsec.com). He is also an active speaker in various security conferences around the globe like HITB, Typhooncon, Hacktivity, SEC-T, Droidcon, No Hat, HackInBo, M0leCon, TOHack and Meethack.
A non-exhaustive list of vulnerabilities and CVEs that I have discovered can be found at https://voidsec.com/advisories/
- Offensive Security: OSCE
- eLearnSecurity: eCRE, eCXD, eCPPT, eWPTX, eWPT, eJPT
- CompTIA: CASP+, PenTest+
- Pentester Academy: SLAE32
Courses I’ve attended:
- Offensive Security: EXP-401 – Advanced Windows Exploitation
- Corelan: Win32 Exploit Development Advanced and Bootcamp
- Ashfaq Ansari: Windows Kernel Exploitation Advanced
- SANS: SEC760, SEC660
- Hexorcist: Reverse Engineering
- Source Incite: Full Stack Web Attack
- Signal Labs: Vulnerability Research & Fuzzing, Reverse Engineering
- Ptrace Security: Advanced Software Exploitation
- Mossé Cyber Security Institute: MVRE – Certified Vulnerability Researcher & Exploit Developer
- Sektor7 RED TEAM Operator: Malware Development Intermediate and Essentials, Privilege Escalation, Windows Persistence
- eLearnSecurity: eWDP
- Kamil Frankowicz: Fuzzing, From zero to first 0-day!
- Hyperiongray: Zero Day Hunting
- Justin Searle: Assessing and Exploiting Control Systems & IoT