Michele Orrù is a Senior Software Engineer and seasoned offensive security specialist with 14+ years of experience building and hardening web applications, leading pentests, and developing bespoke red-team tooling. He’s a prolific open-source contributor and former core developer for the widely used BeEF Browser Exploitation Framework, and has driven security-focused back-end work on projects like Muraena—a reverse proxy for automated phishing/post-phishing workflows. Michele blends deep protocol- and code-level expertise (Golang, JavaScript) with hands-on experience in social engineering, code review, and secure architecture from roles at Trustwave, NCC Group, and multiple freelance engagements. A frequent speaker and co-organizer of specialist security conferences, he pairs a pragmatic offensive mindset with creative lateral thinking and a curiosity for unconventional research approaches.
14 years of coding experience
19 years of employment as a software developer
bachelor, information technology, bachelor, information technology at Alma Mater Studiorum – Università di Bologna
erasmus, information technology, erasmus, information technology at University of Bergen (UiB)
Contributions:486 commits, 18 PRs, 66 pushes in 5 years 7 months
Contributions summary:Michele's commits primarily involve refactoring the server core and related API/classes, specifically rewriting the server core to use Thin and Rack instead of WebRick. The user also contributed to the Requester extension, implementing and enhancing the integration of HTTP requests and responses within the framework. Furthermore, the user addressed bugs, updated API calls, and refactored code related to the WebSocket channel to support communication with the BeEF shellcode.
Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities.
Role in this project:
Back-end & Security Engineer
Contributions:15 commits, 1 PR, 9 pushes in 1 year 11 months
Contributions summary:Michele primarily contributes to back-end functionalities related to the Muraena project, which focuses on reverse proxying for phishing and post-phishing activities. Their work involves modifying code to bind the proxy to 0.0.0.0 and refactoring parts of the code to implement Redis-based persistence, including victim and cookie data. The user also integrates MaxMind and Whois queries and introduces a necrobrowser integration for session hijacking, demonstrating security-focused development.
pythontransparentproxyreverse-proxyactivities
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Michele Orru - Senior Software Engineer at Dataflow Security