Available for opportunities

Massimo Massetti

Offensive Security & AI Systems

I break systems, analyze AI behavior, and build tools for real-world exploitation.

View Projects Get in touch
massimo@portfolio:~$
$ whoami
massimo — offensive security researcher
$ cat achievements.log
XSS on major French retail group
private bug bounty programs (finance, energy, defense)
AI security research — LLM behavior & alignment
$ cat mindset.txt
think like attacker · build like engineer · automate everything
$

01 About

Computer Science student at Université de Caen Normandie, focused on offensive cybersecurity and AI systems. Currently working through OffSec's PWK labs in preparation for the OSCP certification.

I actively hunt vulnerabilities across real-world platforms. Invited to private bug bounty programs on HackerOne and YesWeHack for major French groups in insurance, energy, finance, healthcare, and defense. Reported XSS vulnerabilities at Groupe Les Mousquetaires and session manipulation flaws at fintech companies.

Simultaneously working as an RLHF expert at Outlier, fine-tuning Large Language Models for alignment and robustness. I don't just find vulnerabilities — I build systems to find them faster.

OSCP In preparation
H1 / YWH Bug Bounty Platforms
3 Languages spoken
RLHF AI Expert @ Outlier

02 Projects

Featured Research
▶ Watch demo

HYDRA×PIPELINE

Dual-use cybersecurity pipeline

LLM-powered SSH research system that answers any command in real time with memory and anti-fingerprinting. Deployed on a public VPS and exposed to live internet traffic — caught Kinsing botnets and in-band prompt injection attempts via SSH. The same raw events feed both defensive and offensive training datasets through a dual-use DataRouter with 7 generators.

sessions
days live
65+built-ins
7generators
Read Documentation GitHub
PythonLLMParamikoGroqDockerUnslothLoRABurp Suite
⚔️ Latest Project

OSCP Toolkit

Unified pentest workspace for OSCP+

After 6 months of OSCP+ prep I noticed the bottleneck wasn't the boxes — it was tool management. Built a single PyQt5 interface that syncs scope, credentials and notes across 80+ pre-configured tools. One LHOST setting propagates everywhere, commands auto-fill from a live scope vault, and embedded + external terminals coexist in the same window with the exam timer in the corner. 100% local — no cloud, no telemetry.

80+tools
2term modes
100%local
GitHub Read article
PythonPyQt5Kali LinuxWSLgOSCP+
🧪 Coming Soon

Security Lab Infrastructure

Custom-built environment for exploit development and advanced security research. Covers shellcode and buffer overflow development, automated recon workflows, DPAPI credential extraction, and AES/XOR-based evasion techniques.

PythonCPyCryptodomeMinGW
🏴‍☠️

Bug Bounty Hunting

Active hunter on HackerOne & YesWeHack with access to private programs across insurance, energy, finance, healthcare, and defense sectors. Identified stored XSS at Groupe Les Mousquetaires and session manipulation flaws at fintech companies. Methodology: recon, automation, manual exploitation, impact validation.

XSSSQLiSessionIDORCWE

03 Skills

> offensive

Pentesting Active Directory Vulnerability Research Bug Bounty OWASP Top 10 Network Security

> development

Python C C# Rust PHP SQL Solidity

> tooling

Kali Linux Burp Suite Metasploit Wireshark Nmap Docker Git

> ai_research

RLHF LLM Security Model Alignment Fine-tuning Adversarial Testing

04 Contact

Looking for an offensive security researcher, need a vulnerability assessment, or want to collaborate on AI security? Let's talk.

GitHub LinkedIn