Alessandro Greco

I'm passionate about computer science and enjoy participating in CTFs. I'm interested in learning new stuff and try to promote the philosophy of free software. I'm a supporter of cryptography and hacker culture. I enjoy volunteering my time on security-related projects, as I've done with the University of Calabria and Carnegie Mellon University. If you have any ideas to share, feel free to reach out (but please use my public key if you'd like to email me). A fan supporting Barricate against Gonzità.

Visit this website in Tor, it's updated regularly but not constantly, so you might see an older version of the site. (Read More: Onion Address Migration Notice)

If you are looking for thesis topics, click here.

Welcome image ethical-hacker course

Timeline

Ongoing...
2026
  • GHSA-jxmc-3mv6-7pwr; CVE-2026-50144 (high): Out-of-bounds heap write in ParamDict::load_param via unchecked negative parameter id.
  • CVE-2026-11600 4.3 (medium): Envo's Templates & Widgets for Elementor and WooCommerce <= 1.4.26 - Missing Authorization to Authenticated (Author+) Private Content Disclosure via Envo Tabs Widget 'templates' Setting
  • CVE-2026-11964 6.5 (medium): User Registration & Membership < 5.2.2 - Unauthenticated PayPal Webhook Signature Verification Bypass Leading to Membership Activation
  • CVE-2026-10750 8.1 (high): Royal MCP < 1.4.26 - Subscriber+ Insufficient Authorization in MCP Tools.
  • CVE-2026-10083 7.5 (high): APCu Manager < 4.5.0 - Unauthenticated Stored XSS via Cache Key Pollution.
  • GHSA-f7h3-f5vh-3764; CVE-2026-50167 (moderate): Authenticated cross-user authorization bypass in Kurrier API. Kurrier project.
  • GHSA-jxmc-3mv6-7pwr; CVE-2026-50144 7.1 (high): Out-of-bounds heap write in ParamDict::load_param via unchecked negative parameter id. NCNN project.
  • Nuclei Template: Add CVE-2026-42281 MagicMirror SSRF template
  • Crypto Toolkit: Crypto Toolkit is a lightweight, fully local VS Code/ium extension for common encoding, decoding, hashing and so on from the editor context menu.
  • GHSA-5vwr-qchf-q4pf: Maven project scanning may allow shell command injection through repository-controlled module paths. Cdxgen project.
  • Ethical Hacker: Cybersecurity course, organized by CISCO.
  • The Add/On Trap: Cybersecurity Collab with picoCTF by Carnegie Mellon University.
  • wayparam: Fetch and normalize parameterized URLs from the Wayback CDX API (OSINT, inspired by ParamSpider).
2025
2024
  • Hak5: Payload Hero of the Year 2023.
  • Paper Review: A description of a consideration regarding the paper "Extract Me If You Can: Abusing PDF Parsers in Malware Detectors".
  • DuckyScript Cookbook: VSCode/Codium extension for the DuckyScript language.
  • Temporary teacher of Hacking and Cybercrime: At Vibo Valentia Police Academy.
  • Cybersecurity Operations Unit Seminar: Cybersecurity course, organized by Ministero dell'Interno.
  • Automotive and Cybersecurity: Vulnerabilities, Protection Systems, and the Regulatory Framework: Cybersecurity course by Ministero dell'interno and Ministero del made in italy.
  • Cybersecurity and AI - A Comparison of Regulatory Frameworks for AI in Italy, the EU, and Globally: Cybersecurity course by Ministero dell'interno and Ministero del made in italy.
2023
  • My Flipper Shits: A collection of ready-to-use payloads for Flipper Zero.
  • Public Police Recruitment Competition (current): Telecommunications Technical Inspector, State Police - C.O.S.C. Calabria.
  • Advanced Training Course in Computer Engineering: Engineering Course, by e-campus.
2022
  • Fine-tuning the Tor Network: Bachelor's thesis based on the Tor Network.
  • CyberChallenge IT: Cybersecurity course, organized by CNI, CINI and ACN.
  • Software Programming and Development Specialist: Computer Science course, ProjectLife Calabria COOP. SOC. A R.L.
  • Temporary teacher of mathematics and science: At NewCo Investment S.R.L.
2021
  • Reception and Health Monitoring for Migrants: At Italian Red Cross.
2020
  • Temporary teacher of mathematics and science: At NewCo Investment S.R.L.

CONTACTs