$ whoami

Hello ๐Ÿ‘‹๐Ÿป I'm

Umberto Della Monica

$ ./about

About Me

Umberto Della Monica
Experience
M.Sc. in Computer Science, Cybersecurity Curriculum
Project
9

I am an Embedded Security Researcher, with a Master's degree in Computer Science specialized in Cybersecurity from the University of Salerno. My studies concluded with a thesis developed at STMicroelectronics, titled "XAI-SideLeak: A Framework for Explainable Side-Channel Analysis", focused on the explainability (XAI) of Side-Channel Analysis attacks on COTS microcontrollers.

I work on Offensive Hardware Security: side-channel analysis (power and electromagnetic analysis, fault injection), hardware penetration testing, and firmware reverse engineering on microcontrollers and IoT devices, with a background in automotive cybersecurity (ISO 21434), ICS/SCADA security, and TARA threat modeling. I carry out research and development activities both independently and at the Habes Lab of the University of Salerno, focusing on hardware and embedded security.

I like to experiment hands-on, taking apart hardware and software to truly understand how they work. It's this practical approach, combined with curiosity, that drives the way I approach security.

Education

  • M.Sc. in Computer Science โ€” Cybersecurity Curriculum, University of Salerno (2023โ€“2026) โ€” 110 cum laude
  • B.Sc. in Computer Science, University of Salerno (2019โ€“2023) โ€” 106/110

Internships

STMicroelectronics (Naples)

STMicroelectronics (Naples)

January 2026 - June 2026 (6 months)

Master Thesis: "XAI-SideLeak: A Framework for Explainable Side-Channel Analysis" - power and electromagnetic analysis with fault injection on COTS microcontrollers across multiple MCU families, with XAI-driven explainability of Side-Channel Analysis attack outcomes.

STMicroelectronics (Naples)

STMicroelectronics (Naples)

April 2024 - July 2024 (4 months)

Development of a Penetration Testing suite compliant with ISO 21434 standard.

LargeSystem (Naples)

LargeSystem (Naples)

4 months

External internship during my Bachelor's degree, focused on web design and microservices architecture.

Collaborations

LinearIT (Salerno)

LinearIT (Salerno)

October 2024 - March 2025 (4 months)

Development of a portable security device (Custom Travel Router) with OpenWRT, custom Python IDS/IPS, integrated ad-block, and mobile app for efficient management. Achieved 3rd place in the 2024/2025 App Challenge.

LinearIT (Salerno)

LinearIT (Salerno)

2 months

Development of a web app with a private blockchain using Hyperledger Besu/FireFly and Flutter for the front-end.

$ ./publications

Publications

$ ./skills

Skills

Cybersecurity

Firmware/Software Reverse Engineering

Firmware extraction via JTAG, SPI, UART

Android Reverse Engineering

ICS/SCADA Security (Modbus, OPC-UA, SNAP7)

Defensive Strategies

Network Protocols & Configuration

Digital Forensics

Cryptography

Penetration Testing

Penetration Testing Methodologies

OSINT Tools & Techniques

Target Discovery & Enumeration

Port Scanning

Vulnerability Mapping & Analysis

Vulnerability Taxonomies

Exploit Development & PoC

AI & Data Science

Machine/Deep Learning

Large Language Models

Genetic Algorithms

Prompt Engineering

Computer Vision

IoT & Embedded

Embedded Programming

IoT Security

IoT/ICS Communication Protocols

Hardware Analysis (UART, JTAG, SPI)

Programming & Frameworks

Java

C

C++

C#

Python

JavaScript

Dart

Solidity

VHDL/VHDP

Bash Scripting

Spring Boot

Flutter

Angular

React

Flask

Django

Databases & Other

MySQL

PostgreSQL

Neo4J

Linux / macOS / Windows

Virtualization

QEMU / VirtManager

Open-source Contributions

Teamwork & Critical Thinking

$ ./hardware-security

Hardware Security & Penetration Testing

XAI-SideLeak

Explainable Side-Channel Analysis framework developed for my Master Thesis at STMicroelectronics: power and electromagnetic analysis with fault injection on COTS microcontrollers across multiple MCU families, with Machine Learning/XAI techniques applied to explain SCA attack outcomes.

Python, Machine Learning, XAIChipWhisperer, Oscilloscope, Multimeter, Logic Analyzer

S.I.D.E. - SCADA Intrusion Detection Engine

Modular IDS platform for ICS/SCADA traffic: anomaly detection via Isolation Forest, event correlation on Neo4J, packet capture in Python. Containerized microservices with Docker & RabbitMQ and a Next.js monitoring dashboard.

Python, Scikit-learn, Neo4J, Docker, RabbitMQ, Next.js
View Project
Linksys-WRT54GL-Exploitation

Linksys-WRT54GL-Exploitation

Hardware penetration testing on the Linksys WRT54GL router including full JTAG extraction and reverse shell attack.

Firmadyne, FirmAE, Ghidra, binwalk, openOCDJTAGulator, AttifyBadge
View Project
$ ./projects

Project

Team Project

DefNet

Custom travel router with IDS/IPS, FastAPI backend, SQLite database and mobile app.

FastAPI, SQLite, OpenWRT, AdGuardHome
View Project
$ ./academic

Academic Projects

ViLearERC-1155

Microservices-based management of courses and certificates as NFTs. Bachelor's thesis on the project and the NFT ecosystem. Project no longer active.

Spring Boot, Solidity, Ethereum BlockchainPostgreSQL
Team Project
Filiera-TokenFiliera-Token

Filiera-Token

Web App for supply chain management using private Hyperledger Besu blockchain and Hyperledger FireFly. Front-End developed in Flutter.

Hyperledger Besu, Hyperledger FireFly, Flutter

UniConnect

University social network with Flutter front-end, Spring Boot backend and Neo4J NoSQL database.

Flutter, Spring Boot, Neo4J
Team Project

fp-mash

Tool based on Lyndon factorization of DNA strings for genomic distancing, evaluated with Jaccard distance. Complete software rewrite with CLI component.

C++, Python, Flutter
Team Project
MarcoSmiles-RhythmGames

MarcoSmiles-RhythmGames

Game to learn playing using hands, leveraging a DQN neural network to predict if the user can play the recorded note during training.

FastAPI, UnityOculus Meta Quest 2/3
$ ./contact

Contact Me