Francesco Pompò

Lead Security Engineer

Location: Turin, Italy
Email: contact@francesco.cc
Website: francesco.cc
Github: github.com/deade1e

About Me

C and Rust developer with 10+ years of experience, specialized in low-level systems programming, malware analysis, and threat intelligence. Skilled in both offensive and defensive security, with expertise ranging from red teaming tool development to SOC L3 incident response.

Contributor to the Linux kernel, author of a Tor protocol re-implementation, and developer of several tools in Rust.

Work Experience

Lead Security Engineer | 7Layers S.r.l. | Turin, Italy

November 2020 - December 2024 | 4 years 2 month

• Implemented various EDR/AV evasion techniques and payloads in C that were effective and helped different Red Team operations.
• Developed automation tools in Python for threat intelligence workflows, serving hundreds of environments with hundreds of thousands of indicators
• Reverse engineered a heterogeneous pool of malware – from financially motivated groups to state-sponsored actors – to extract IoCs and identify attack patterns, producing actionable intelligence to proactively defend customer infrastructures
• Managed multiple containerized environments (Docker and Podman).
• Handled L3 security incidents
• Led two junior developers

Lead Security Engineer | Novanext S.r.l. | Turin, Italy

March 2020 - November 2020 | 9 months

• Developed intelligence collection system in Python
• Created Early Warning service for customers
• Led two junior developers

Splunk Developer | Consoft S.p.a. | Turin, Italy

September 2019 - February 2020 | 6 months

• Developed Python integrations for Splunk
• Configured dashboards for Splunk Enterprise Security

C Developer | eSurv S.r.l. | Catanzaro, Italy

April 2017 - March 2019 | 2 years

• Developed C and x64 Assembly software
• Contributed to the development of a zero-day exploit for the Linux kernel
• Built CI pipelines for build quality assurance
• Developed Linux distribution using Buildroot

C Developer | Self Employed | Trapani, Italy

October 2015 - January 2017 | 1 year 4 months

• Handled ransomware incidents for local businesses and developed prevention software in C using Linux backup strategies
• Developed Light Onion Router, a C library that enables Tor connections without proxy. Used in different PoCs
• Spoke at the Linux day 2015 conference and at schools regarding Tor and security

Security Engineer | TS-Way S.r.l. | Orvieto, Italy

August 2013 - August 2015 | 2 years 1 month

• Performed malware analysis on samples coming from state-sponsored actors to aid military organizations
• Developed tools in C to support malware analysis
• Conducted code review for a sensitive military project
• Performed penetration testing following OWASP guidelines and vulnerability assessments
• Developed custom payloads in C to help evade AV solutions

Notable projects and contributions

Linux Kernel Patch: efistub/x86 SMBIOS Fallback | October 2025 - November 2025 | 2 months
Fixed EFI subsystem bug in Apple firmware by adding fallback method for SMBIOS information retrieval.
Accepted and merged into mainline Linux

Lor - Light Onion Router | October 2015 - January 2017 | 1 year 4 months
Tor protocol client re-implementation using mbedTLS, demonstrating direct hidden service connection without Tor binary

Radar - Asynchronous Network Scanner | May 2025 - Present
Rust-based network scanner with userspace implementation of TCP, UDP, ARP, and DHCP protocols using Linux raw sockets for active scanning and passive monitoring

Ape Escape Manipulation Toolkit | April 2025 - June 2025 | 2 months
Rust toolset for game archive manipulation

libfjson | May 2017 | 1 month
Recursive finite-state machine JSON parser in C, operating byte-by-byte with sub-6KB compiled size

mbedTLS point decompression function | June 2016 | 1 month
Proposed elliptic curve point decompression function for the mbedTLS project.
The feature was later added in 2022 based on my research.

Certifications

Cyber Threat Intelligence Analyst (CTIA) | EC-Council
June 2024

Incident Responder | Group-IB
November 2021

Skills

Programming languages:

• C
• Rust
• Assembly (x86/64, arm64)
• Python
• Nix
• JavaScript
• SQL
• NoSQL

Systems & Security:

• Low-level OS internals (Linux kernel, EFI)
• Network Protocols (TCP/IP, ARP, DHCP, Tor)
• Malware Reverse Engineering (Windows/Linux)
• Containerization (Docker and Kubernetes)
• NixOS administration
• Incident Response (L3)
• Threat Intelligence

Education

Diploma di Perito Industriale Capotecnico | I.T.I. L. da Vinci | Trapani, Italy
Issued by Ministero dell’Istruzione, dell’Università e della Ricerca - 2013

Languages

• Italian: Native
• Arbëresh: Native
• English: Professional proficiency C1