ABOUT ALESSANDRO
Alessandro Grisa is a CovertSwarm Hive Member. Red teamer specialized in covert operations. Since joining the Swarm in September 2021, he’s been building malware deployment techniques that evade modern EDR and MDR solutions. His focus? OPSEC-safe payload delivery. Moreover, he researches process injection methods that bypass detection at the API level.
His expertise isn’t just software. In fact, Alessandro is a hardware and IoT hacker. Additionally, he led CovertSwarm’s DEFCON badge project. From designing PCBs in KiCad to hand-soldering 0603 components. Furthermore, he created hardware CTF challenges that introduced attendees to hardware hacking culture. Consequently, he understands attack surfaces across digital and physical domains.
Currently, Alessandro develops novel process injection techniques. His ModuleOverride method targets DLL memory space instead of PE entry points. Therefore, it avoids triggering common EDR alerts. His earlier “Process No-Hollowing” technique leveraged undocumented Windows API behavior. Specifically, exploiting WriteProcessMemory’s automatic memory protection manipulation. Microsoft’s response? “This cannot be considered a vulnerability as no security boundary is crossed.” Instead, he turned it into a working exploit.
His credentials include CRTO (Certified Red Team Operator), Social Engineering Expert, CRTP, CEH, and ECPPT certifications. Not just paper qualifications. Proof of hands-on capability across red teaming, social engineering, and penetration testing domains.
Beyond malware development, Alessandro is also a DEFCON 33 speaker. Alongside Ibai Castells, he delivered a workshop at Red Team Village on ModuleOverride process injection. Ultimately, his philosophy applies to offensive security. Find the gaps defenders don’t monitor. Then exploit assumptions baked into legitimate tools.
RESEARCH & PUBLICATIONS
Alessandro’s research focuses on evasion techniques, process injection, and hardware security. Both technical deep-dives and hands-on projects:
- “ModuleOverride – Part 2” – Zer0Phat Blog, December 2024
PEB Walking, remote execution via Thread Hijacking, and practical implementation of ModuleOverride - “ModuleOverride” – Zer0Phat Blog, November 2024
Novel process injection technique targeting DLL exported function memory space to bypass EDR detection - “Exploiting Microsoft Windows 11 via Process No-Hollowing” – July 2022
Technique to bypass MDR/EDR solutions by recycling existing memory sections and exploiting WriteProcessMemory behavior - “A journey into Badge Life” – February 2024
Behind-the-scenes story of designing and building the CovertSwarm DEFCON badge from concept to production.
Speaking & Community Engagement
Alessandro shares his offensive security research at major hacker conferences:
Recent Appearances
- DEFCON 33 – Red Team Village (August 2025)
“ModuleOverride Process Injection Technique” – Workshop
Co-presented with Ibai Castells on novel evasion techniques
Areas of Expertise
- Red Teaming – Covert operations and adversary simulation
- Malware Development – OPSEC-safe payload deployment techniques
- Process Injection – Novel evasion techniques bypassing EDR/MDR
- Hardware Hacking – PCB design, firmware development, and embedded security
- IoT Security – Device exploitation and hardware CTF challenge design
- Penetration Testing – Full-spectrum attack methodologies
- Network Security – Infrastructure compromise and lateral movement
- Cloud Security – Cloud environment exploitation
Connect
- Personal Blog: zer0phat.github.io
- LinkedIn: alessandro-grisa-5671b5136
- GitHub: zer0phat
