Diogo Torres Correia

Programming Enthusiast. Computer Science & Cybersecurity Student. Federated Athlete.

me@diogotc.com

Stockholm, Sweden

diogotc.com

@diogotcorreia

Programming

JavaScript

Nix (& Nixpkgs/NixOS)

Rust

React

NodeJS (& Express)

HTML/CSS

Java

Python

Vue

C++

SQL

PHP

Spring

Operating Systems

Linux

Windows

MacOS

Tools

Git

Docker

Languages

Portuguese

Native

English

C1 (IELTS Band 8.0)

Contributions in the following projects:

Nixpkgs (Packaging, Bug Fixes, and more)
Strapi (Small Enhancements, Bug Fixes, Security Vulnerability Patching, Translations)
STAYAWAY COVID (Dark Mode)
Vuepress (Bug Fixes)
Listmonk (Translations)
Umami (Translations)
phhusson's vendor_hardware_overlay (Android Device Overlay)
Firefly-III (Bug Fixes)
BungeeCord (Bug Fixes)
automatic-timezoned (New Features)

Education

2023 - 2025

KTH Royal Institute of Technology, Sweden

Master’s in Cybersecurity

Master’s Thesis: Classa: Uncovering Class Pollution In Python, resulting in the reporting of critical-severity CVE-2025-58367
Courses in Network & Systems Security, Cryptography, Ethical Hacking, and Language Based Security, among others

2020 - 2023

Técnico Lisboa, Portugal

Bachelor’s in Computer Science and Engineering (LEIC-A)

Final average: 18.63/20 (19)
Elected Year Delegate (2020 - 2023) and Degree Delegate (2022 - 2023)
Awarded Academic Excellence Diploma (2020/2021)
Awarded Academic Merit Diploma (2021/2022)
Awarded Academic Excellence Diploma (2022/2023)
Top 3 amongst students who enrolled in LEIC-A in 2020/2021 (out of ~180)
Member of the University’s Pedagogic Council

Professional Experience

Nov 2024 - Present

Ethiack

Penetration Tester
Freelance

Conducted penetration testing for Ethiack’s customers, finding high-severity vulnerabilities and proposing mitigations.

Sep 2024 - Jan 2025

LangSec Group, KTH Royal Institute of Technology

Research Assistant
Amanuensis

Researched the impacts and prevalence of client-side prototype pollution in JavaScript on various websites
Developed a Chromium fork to detect prototype pollution gadgets when visiting a vulnerable website, using dynamic analysis

April 2021 - July 2023

DASI, IST, Lisboa

Research Initiation Grant
Full Stack Developer

DASI is Técnico Lisboa’s IT Services’ Development Team, which I joined during my first year at the university. It is responsible for developing and managing the school’s learning management system, FenixEdu, and other services.
I developed a new version of the public API, as well as various bug fixes and UX improvements, some of which were my initiative.

Projects

Resumos LEIC

2021 - Present

React (GatsbyJS); Markdown

A completely open source website, dedicated to the creation of class notes focused on the courses in the curriculum of the BSc in Computer Science and Engineering at Técnico Lisboa, improving the academic performance of students. Currently, it achieves more than 30k monthly views across all pages.

Triton - Minecraft Plugin

2016 - Present

Java; SpigotMC API

A Minecraft plugin that intercepts network packets in search of placeholders, replacing them with translated messages in the player’s language. The project, which is written in Java, has more than 100 classes and 7000+ lines of code.

TWIN - Triton Web INterface

2019 - Present

JavaScript; React; NodeJS

A web app to configure the Triton plugin. Made with React, Redux and React Router, it allows for easily configuring the plugin, avoiding the need to manually editing JSON configuration files.

Craftathon

2017, 2018

NodeJS; PHP

Craftathon was an American charity event, where I configured the ticketing system with Paypal. In the first edition, we used PHP, while in the second one we used NodeJS.

Livraria e Papelaria Espaço

2021 - Present

React (NextJS); NodeJS (Strapi)

An online e-commerce store for a local bookstore, made with NextJS and Strapi. In addition to the online store, I have also made an internal program in order to speedup repetitive tasks, such as adding products to the billing program, saving dozens of manual labor hours.

Portugal Ultra Triathlon

May, June 2018

PHP; HTML / CSS

PUT was a charity event with the goal of raising funds to 4 Portuguese associations related to sports. The website and donation system was made with HTML/CSS and PHP.

Frigu

2022

Rust; Yew.rs + Axum.rs

A web application, developed in Rust and that uses Web Assembly for the frontend, to manage a small community fridge, keeping the transaction history and balance of each user. Docker images are automatically published on every release through GitHub Actions.

IST Delegate Election

2023

Rust; TypeScript/React.js

An online voting platform used by the Técnico Lisboa’s Pedagogical Council for delegate elections, made with Rust and Axum.rs for the backend, and Typescript and React.js for the frontend. It integrates with the school’s OAuth system and avoids storing personal information at all costs.

... and many other small projects