Domenic Lo Iacono: Offensive Security Engineer
MS & BS Computing Security Graduate from RIT | Offensive Security Engineer at Praetorian
Employment Experience
Praetorian
Offensive Security Engineer (2025 - Present)
- Conducting external network, internal network, and web application security assessments for enterprise clients to identify vulnerabilities and strengthen security postures.
Malware Benchmark Dataset Research
Research Assistant (May 2024 - August 2024)
- Designed and established a benchmark dataset of malware samples for the malware research community.
- Developed a Flask-based web interface and integrated PostgreSQL for secure data storage and Docker for feature extraction in isolated environments. Learn more.
Little Caesars, 2125 Woodward Ave, Detroit, MI 48201
Cybersecurity Intern (May 2022 - December 2023)
- Worked with the cybersecurity architecture and engineering team on threat modeling, security solutions, and building configurations for tooling, and automating security tasks.
- Managed application security domain tasks including creating guidelines and standards, and deploying tools like Snyk and other DAST and SAST tools.
Notable Projects
Web Application Fuzzer with GUI (QT6 Framework)
Developed a fuzzer tool for web applications with a user-friendly graphical interface, designed to identify vulnerabilities through automated testing. Learn more.
Metadata Analyzer (Python)
Created a metadata analyzer to assist in generating detailed metadata reports. Learn more.
ChatCSEC - Undergraduate Capstone Project
Developed ChatCSEC, an LLM-based chatbot for computing security education, as part of a group project. Collaborated with a team to design, develop, and deploy the chatbot. Learn more.
Vulnerabilities in Tap-To-Pay Systems
Participated in a research project analyzing vulnerabilities in Tap-To-Pay systems. Documented potential security flaws and contributed to a comprehensive research paper. Read the full report here to learn more.
Cuckoo Watchtower
Created Cuckoo Watchtower to assist with malware forensics by integrating GPT-4 to analyze Cuckoo Sandbox JSON reports. Enhanced malware analysis with interactive, chatbot-style insights within a Google Colab environment. Learn more.
AudioCovert
Developed AudioCovert, a tool to embed and decode hidden messages in audio files. Encoded messages into WAV files, manipulating high-frequency signals to make them imperceptible to the human ear. Messages were decoded by generating and inspecting the audio file's spectrogram. Learn more.
Malware Benchmark Dataset
Created a streamlined workflow for malware sample uploading, feature extraction, and data management using Flask, PostgreSQL, and Docker. The project addresses the lack of standardized malware datasets in cybersecurity research. Learn more.
Attacking Ethereum Lottery Game "1000 Guess"
Explored the vulnerabilities of Ethereum-based lottery dApps by implementing a game, exploiting its weaknesses, and creating a secure version using Chainlink's VRF for randomness. Read the full report here.
Advanced Cybersecurity Research: Acoustic Side-Channel Analysis - Masters Capstone
Conducted comprehensive cybersecurity research investigating acoustic side-channel vulnerabilities in VoIP communications and cryptographic operations. Developed novel methodologies for systematic acoustic analysis, successfully demonstrating measurable acoustic leakage during VoIP communications. Utilized Python, C, and advanced signal processing techniques for real-time spectrogram analysis and cryptographic timing evaluation. View Project
Mock OSINT Report on Experian
Conducted a detailed OSINT investigation on Experian, identifying potential security and privacy risks from publicly available information. Read the full Experian OSINT Report to learn more.
Technical Expertise
Offensive Security
Technical Domains
Programming & Tools
About Me
I am an Offensive Security Engineer at Praetorian with MS & BS degrees in Computing Security from RIT. I specialize in red teaming, penetration testing, vulnerability research, and developing innovative cybersecurity tools.