About Me

That's what I do. I drink, and I know things.

Hi, my name is Alessio Santoru and I’m a IT security enthusiast. I work as Security Engineer at N26, in Berlin. Previosly I worked at Horizon Security, in Milan, where I was involved in penetration testing activities. I like computers, music, tv series and bikes.


  • October 2018 - Become a Offensive Security Certified Professional (OSCP)
  • July 2017 - Presented filewatcher for MacAdmins Meeting at the University of Utah
  • February 2017 - Graduated from Universita’ degli Studi di Perugia in Bachelor of Computer Science


  • CVE-2018-20122 - Remote code execution in Fastweb FASTgate router.
  • CVE-2018-17172 - Remote code execution in Xerox Altalink printer.
  • CVE-2018-7064 - Cross-site scripting (XSS) Reflected in Aruba Instant web interface.
  • CVE-2017-17663 - Buffer overflow in thttpd and mini_httpd web server.


  • filewatcher - A simple auditing utility for macOS.
  • shcheck - Just a basic tool to check security headers.