Iβm Qu.by (a.k.a Umby) a fantastic bachelor degreed nerd with so much interests:
- π€ Nerd since 11 years old
- π Manga/Anime lover (oh no now you know my password!)
- π Love for any programming language
- π€― Math and Cryptography lover
- π§βπ» Amateur reversering engineer
- π₯ Near to be Yellow Belt on fantastic pwn.college judo (pwn executables martial arts)
- βοΈ Quantum Computing Enthusiast but not so skilled
- π€ AI Enthusiast but not so skilled
- πΉοΈ CTF Player (pwn&cryptografy skills)
What else do you need?
My story
I started to programming since 11 years old in Visual Basic 6, having an happing computer destroyer childhood. Happy experience in programming in different language (VB.NET, C++, PHP, Javascript) in childhood, at 16 years old I started to disassembly x86 executables and reading books about assembly and pwning some games (my hacker side).
During my bachelor degree I improved my hacking and programming skills, and started to love not so classical language such as Python π
I get 1st place in CyberChallenge in individual competition within university context (32th place in national context on over 500 partecipants) and 12th/31 place in team competition national context in 2021.
Skill List
Programming Languages:
| Language | Level | Comments |
|---|---|---|
| Β©οΈ C | Medium | Standard Library usage and dynamic allocation skills |
| β C++ | Low | Object-oriented low skills |
| π΄ Fortran | Very Low | Basic fortran statements |
| β¨οΈ Java | Medium | Object-oriented programing, Standard Library usage and Android App development |
| π Javascript | Medium | Small web-app developer in NodeJS environment |
| π Python | Medium | Big love for fast scripting |
| π¦ Swift | Low | iOS App development in Apple Course |
| π» Visual Basic 6 | Low | First programming language to consume RAM memory |
| π§ Visual Basic NET | Medium | Improving visual basic skills in event driven programming |
Architecture Knownlegment:
| Architecture | Level | Comments |
|---|---|---|
| π΄ 68k | Medium | Universitary course knowledgment |
| πΎ x8086 | High | Reversering and pwn skills for x86 executable |
| πΏ x64 | Medium | Reversering and pwn skills for x64 executable |
| πΏ ARM | Very Low | Starting training |
Database Management System Managament:
| DBMS | Level | Comments |
|---|---|---|
| π¬ MySQL | Medium | Relation database used in web-app static app |
| π¦ MariaDB | Medium | Relation database used in web-app static app |
| π PostgreSQL | Low | Starting training |
| π₯ Firebase | Medium | No-Relational database used in Android app or web app (NodeJS) |
| π₯¬ MongoDB | Very Low | Starting training |
Hacking Techniques
| Context | Techniques | Level | Comments |
|---|---|---|---|
| π Web | NoSQL Injection | Low | Introduction to NoSQL Injection techniques |
| π Web | SQL Injection | High | Most of all SQL injection techniques |
| π Web | LFI | Medium | Upload and usage of malicious files |
| π Web | RCE | High | Usage of web vulnerability to gain privilaged system access |
| π Web | SSRF | Medium | Server-side request forgery to induce the server-side application to make arbitrary HTTP requests (including some request muggling vulnerabilities) |
| π Web | XSS | High | Advanced XSS techniques (including techniques bypass CSP nonces) |
| βͺ Reversering | Static Debugging | Medium | Static Debugger analysis and various static analysis techniques |
| βͺ Reversering | Dynamic Debugging | Medium | Dynamic Debugger anaylis using different breakpoint analysis and knowledgment different techniques |
| βͺ Reversering | Symbolic Debugging | Low | Starting training using ANGR framework in order to analysis executable using symbolic analysis |
| βͺ Reversering | Unpacking Techniques | Medium | Knownlegment of packing/virtualization/junk code technqiues and usage automatical scripts |
| βͺ Reversering | NET Reflection | Low | Usage of common decompiler and static analyzer |
| πͺ Stegography | All | Very Low | I hate guessing π€¬ |
| π€ Pwn | Patching Techniques | Medium | Patching (including crc32 verification fix and IAT rebuild) or injection techniques |
| π€ Pwn | Buffer Overflow | High | Detect and exploiting buffer overflow vulnerabilities (including Return2LibC techniques) |
| π€ Pwn | Format String | Medium | Detect and exploiting format string vulnerabilities for memory leak |
| π€ Pwn | ROP Chaining | High | Define complex ROP chaining with very limited sizes (10 bytes record βοΈ) |
| π€― Cryptography | Classical | Medium | Some times it looks so guessing |
| π€― Cryptography | Private-Key | Medium | Knowledgment of most common private key algorithm (DES/AES) and exploitation of common vulnerabilties such as Bit Flipping and Oracle Padding in CBC Block modes |
| π€― Cryptography | Public-Key RSA | Very High | Knowledgment and exploitation of most vulnerabilties (Coppersmith and LLLβs algorithm knownledgment) see here |
| π€― Cryptography | Public-Key ECC | Low | Starting Training |
| π€― Cryptography | Hash | Low | Need training on exploitation techniques |
| π΅οΈ Osint | Google Dorks | Medium | Standard Google Dork techniques |
My Works
Below there are reported some of most relevant projects:
| Title | Description | Role |
|---|---|---|
| Nabbo Project (Escape Room) | University event inteneded to high schoolβs students in order to recruit and test hacking skill within social environment | Co-Responsable and developer |
| Security in IoT Pairing & Authentication protocols, a Threat Model and a Case Study Analysis | Scientific Paper presented in ITASEC21 | Co-writer |