Information Security Professional involved in Vulnerabilities Assessments and Hacking Activities. Passionate about Discovering Systems Security Breaches with the scope of turning them into Impenetrable and Secure Systems.Download CV
Oct,2016 - Present
Penetration Tester | Security Engineer
Security analyst for conducting penetration test and vulnerability assessment activities with manual and automated application security testing tools.
Cyber security fields:
• Network Penetration Testing
• Social Engineering
• Web Application & Wireless Pentesting
• Customer's internal & external infrastructure Vulnerability Assessment
• Mobile App Penetration Testing
• Reverse Engineering, Binary & Malware Analysis
• Antivirus Evasion Technics
• Embedded IoT Systems, CPE & TIR Vulnerability Assessments
• Fortinet Infrastructural Technical Support
Conducted offensive security trainings including theoretical and cyberlabs. Security Testing based on OWASP and OSSTMM Methodologies. Writer of security advisories and exploitation documentation following guidelines established by NIST (NVD) and exploits 0day.
Jun,2018 - Present
Security researcher and bug hunter in Web Applications, Infrastructure and Network areas.
Network Security Expert Internship
Hands on Fortinet Infrastructural and Network Security Expert training focused on potential information and security vulnerabilities identification, incidence response and risk management.
Infrastructural and network perimeter protection through security policies implementation, monitoring and management of Fortinet firewalls, Virtual Private Networks (VPNs), Intrusion Detection/Prevention Systems (IDS/IPS), reverse proxy and data loss prevention.
Network security issues troubleshooting and IT technical support.
NSE attended courses:
• Fortinet NSE 1 Training: Network Security Technology Foundations.
• Fortinet NSE 2 Training: Network Security Solutions Training for Sales.
• Fortinet NSE 3 Training: Network Security Product Training for Sales.
• Fortinet NSE 4 Training: FortiGate Network Security Professional.
Fortinet NSE Institute
Sep,2015 - Jul,2016
Network Engineer Intern
System administration and real time network monitoring.
Concept design and implementation of a Secure Communication Infrastructure for high-speed mobile nodes focused on fast Trains technologies.
Behavioural assessment of Experimental Congestion Control Algorithms for Multipath-TCP over a ciphered environment.
Research Center of Integrated Technologies and Cyber Security CITI
Sep,2012 - Dec,2012
Security Research Internship
Analysis and Penetration testing of Wireless security protocols.
Wireless virtualised environment design and implementation.
Stress test and brute-forcing attacks against WEB, WPA, WPA2 and WPS Wireless Security.
OSCE - Offensive Security Certified Expert
Issued Jul, 2020
OSWP - Offensive Security Wireless Professional
Issued Apr, 2019
OSCP - Offensive Security Certified Professional
Issued Apr, 2018
Apple Certified Associate - Mac Integration 10.9
Issued Sep, 2014
Fortinet NSE 3 - Network Security Expert
Issued Feb, 2017
Vulnerability Assessment 90%
Network Security 80%
Reverse Engineering 60%
Windows, Linux Exploitation 87%
Exploit Development 82%
Corporate Exploitation 87%
Embedded IoT Systems, CPE and TIR Exploitation 89%
Mar,2016 - Present
The International Consortium of Minority Cyber Professionals (ICMCP) was created as a 501(c)3 non-profit association dedicated to the academic and professional success of minority cybersecurity
students and professionals.
Jun,2016 - Present
The Linux Foundation is dedicated to building sustainable ecosystems around open source projects to accelerate technology development and industry adoption.
Founded in 2000, The Linux Foundation provides unparalleled support for open source communities through financial and intellectual resources, infrastructure, services, events, and training. Working together, The Linux Foundation and its projects form the most ambitious and successful investment in the creation of shared technology.
May,2014 - Present
The Internet Society was founded in 1992 by a number of people involved with the Internet Engineering Task Force (IETF).The Internet Society is a global cause-driven organization governed by a diverse Board of Trustees that is dedicated to ensuring that the Internet stays open, transparent and defined by you.
May, 2, 2019
It is possible to enumerate application username based on different server responses using the request to check the otp code. No authentication is required.
May, 2, 2019
An attacker with access to the offline victim’s otp physical token or virtual app (like google authenticator) is able to bypass the first authentication phase (username/password mechanism) and log-in using username/otp combination only (phase 2 of 2FA).
November, 8, 2019
File Sharing Wizard version 1.5.0 is affected of Structured Exception Handler based buffer overflow vulnerability. An unauthenticated attacker is able to perform remote command execution and obtain a command shell by sending a HTTP GET request including the malicious payload in the URL, a similar issue to CVE-2019-17415, CVE-2019-16724, and CVE-2010-2331.