Marco Abreu | Application Security Engineer

01. About Me

Hello, I'm Marco Abreu — an Application Security Engineer with a strong foundation in software development, offensive security, and secure architecture.

My background combines secure software engineering with practical cybersecurity operations. I started in software development working with banking systems, embedded Linux environments, and low-level programming before transitioning fully into Application Security and DevSecOps.

Currently, I work on secure code reviews, web application penetration testing, SAST & DAST validation, vulnerability assessments, CI/CD security integration, and SIEM monitoring.

I hold a Bachelor’s degree in Computer Science and a Master’s degree in Cybersecurity Engineering, where my thesis focused on AI-generated metamorphic malware and defensive system evaluation, achieving a final grade of 19/20.

My main interests include: Application Security, Offensive Security, Secure SDLC, DevSecOps, Vulnerability Research, and Web Exploitation.

3+

Years in Tech

1+

Year in Application Security

30+

CTF Flags

02. Technical Arsenal

Application Security

Secure Code Review
OWASP Top 10
SAST / DAST Validation
Authentication & Session Security
Vulnerability Assessment
Threat Modeling
Secure SDLC

Offensive Security

Web Application Penetration Testing
Manual Exploitation
Burp Suite
Reconnaissance & Attack Surface Mapping
API Security Testing
Source Code Auditing

DevSecOps & Infrastructure

CI/CD Security Integration
Terraform Security
Checkov
GitHub Actions
Linux Hardening
Container & Pipeline Security

Security Monitoring & DFIR

Wazuh SIEM
Log Correlation & Rule Tuning
Threat Detection
Incident Analysis
Windows Live Forensics

Development

Python
C / C++
JavaScript / TypeScript
PowerShell
Bash
SQL

03. Deployed Projects

AI-Based Metamorphic Malware Framework

Master’s thesis framework using LLMs to generate context-aware malware mutations and evaluate detection evasion with statistical metrics.

Python LLMs Malware Research

Security Application Suite (Python)

A comprehensive Python security toolkit featuring port scanning, DoS simulations, secure messaging, log analysis, and port knocking.

Python Scapy Networking

Biometric Banking Authentication

Multi-factor authentication using facial recognition, keystroke dynamics, and ML-based behavioral analysis.

Python Machine Learning Biometrics

Windows Live Forensics Collection

PowerShell-based live forensic data collection tool for volatile and non-volatile evidence gathering.

PowerShell DFIR Windows

Vigenère & Affine Cipher Toolkit

Cryptography learning tool with step-by-step visualizations, brute-force attacks, and known-plaintext analysis.

Python Cryptography Visualization

Terraform Security

This project demonstrates Infrastructure-as-Code (IaC) security scanning using Terraform and Checkov.

Terraform Checkov DevSecOps

Fixing OWASP Juice Shop

A full security audit and remediation of a deliberately vulnerable web application. Each backend file is analyzed, exploited, and rewritten using secure coding practices.

Source Code Security TypeScript OWASP Top 10 Web Security

Subtrace

Subtrace is a reconnaissance and attack surface mapping tool developed in Python.

Python AsyncIO httpx NetworkX

05. Write-Ups & Tutorials

XXE & Cookie Forgery on Play Framework

Step-by-step tutorial demonstrating an XXE attack and session cookie forgery on a vulnerable Play Framework web server (v2.1.3), including post-exploitation with SSH brute-force.

XXE Play Framework Web Security Python

Metamorphic Malware and Artificial Intelligence

Theorical approach on Metamorphic Malware and the use of Artificial Intelligence on malware generation.

Metamorphic Malware AI Malware

SIEM Platform – Wazuh

Comprehensive evaluation of the Wazuh SIEM platform in an academic environment, covering network traffic analysis, OS hardening, and application-level security.

SIEM Wazuh Security Monitoring

Application Security Engineer & Secure Software Developer.