About me

🇮🇹 Ciao,
sono Andrea Draghetti, aka Drego, sono nato e vivo a Bologna e sono un ricercatore di Sicurezza Informatica. Diplomato come Perito in Elettronica e Telecomunicazioni e Laureato in Sicurezza dei Sistemi e delle Reti Informatiche all’Università di Milano con una tesi sull’evoluzione del phishing.

Attualmente sono il responsabile del team di Threat Intelligence di D3Lab.

Questo è il mio blog personale dove parlo di informatica e non solo.

Photo: Matteo G.P. Flora
Head shot by MGPF

Podismo, Fotografia e Formula 1 sono sono i miei principali hobby. Sono un donatore di sangue e un forte sostenitore della lotta contro l’HIV.


🇬🇧 Hello,
I am Andrea Draghetti, aka Drego, I was born and live in Bologna and I am an IT Security researcher. I have a high school diploma in Electronics and Telecommunications and a bachelor degree in Computer Systems and Networks Security at the University of Milan with a thesis on the evolution of phishing.

I am currently the head of the D3Lab Threat Intelligence team.

This is my personal blog where I write about IT and more.

Running, Photography and Formula 1 are my main hobbies. I am a blood donor and a strong supporter of the fight against HIV.


Projects:

Development:

  • Python
  • PHP
  • Several other languages, but with less thorough knowledge.

Security Disclosure:

  • 2021: ilPost: AWS Bucket Credentials Leaked and Information Disclosure
  • 2020: TNT Italy: XSS Stored
  • 2019: Gruppo TIM: SQL Injection
  • 2018: Gruppo TIM: Security Misconfiguration
  • 2016: Telegram: Security Misconfiguration (SMTP Open Relay)
  • 2016: Vodafone Station: Unauthenticated full router backend access
  • 2015: iGyno: SQL Injection, Arbitrary File Upload/Delete, RCE and Remote Database Disclosure
  • 2001: Multiple Italian Newspapers: Unauthenticated access to the online version of the newspapers
  • Other disclosures on OpenBugBounty.

Publications: