I am pentester and cybersecurity consultant passionate about hacking. I am certified in CEHv12 (Certified Ethical Hacker) EC-Council. I am proactive in learning and I am always trying new techniques and expanding my knowledge.
📌 Tools - Scripts:
- rogue-https-server.py: https server with python 3.10/3.11 for incoming TLS encrypted communications and checks of Out-of-bands attacks. Amoong features: free DNS and auto generating pem. Checks vulnerabilities like: External Service Interaction (DNS, HTTP), blind SSRF, REC PHP, XSS Stored with cookies exfiltration, Out-of-band SQL injection (OOB SQLi), Server Security Miscofiguration, among others.
- awsbugseeker: script for testing on AWS cloud apps.
- lootXploits: bash script for find exploits for exposed services.
📌 Medium posts - My actual blog for hacking posts.
https://medium.com/@arielhacking
-
Introduction API Pentesting: importance for companies and pentesters. Link: https://medium.com/@arielhacking/introducci%C3%B3n-a-api-pentesting-importancia-para-empresas-y-pentesters-d0a90ce0d835
-
Is your antivirus really secure? Testing Powershell payload obfuscated with Chimera. Link: https://medium.com/@arielhacking/is-your-antivirus-really-secure-testing-powershell-payload-obfuscated-with-chimera-7f91d8f4c5fe
📌 My website to share some articles on hacking techniques, guidance to get started in the field and interesting things on CyberSec. (replaced for Medium Blog)
📌 Another of my projects is a Useful Hacks repository where I share useful commands for hacking and pentesting that serve as a quick cheatSheet.
⚔️ I hack your stuff so you have better security I am passionate about Hacking and Offensive Security, proactive in learning and working, I constantly update myself and I have the initiative to find new perspectives and solutions. Among my skills are:
🛡 Pentesting of external and internal infrastructure.
🛡 Web Application Pentesting
🛡 Pentesting APIs
🛡 Pentesting Mobile Apps
🛡 OSINT Recognition
🛡 Oral and written English. Preparation of reports in English.
🛡 Vulnerability scanning with professional tools (DAST): Nessus (Pro and Tenable Cloud for PCI DSS ASV Compliance), Acunetix, Burp Suite Pro, etc. Experience with debugging false positives and handling scanner paranoia levels.
🛡 Experience with Linux and Windows environments. Using Kali and Parrot for pentesting.
🛡 Experience with intrusion pentesting tools: NMAP, SQLMap, Metasploit framework, Burp Suite (Proxy, repeater, intruder; cookie tests); detection of privilege escalation vectors with automated tools and manually;
🛡 API hacking with Postman, Burp, Kiterunner;
🛡 Mobile Apps: Genymotion/AndroidStudio; static and dynamic tests with MobSF, ADB, APKTool, Frida, Drozer.
🛡 DoS with httpslowtest and hping3;
🛡 Footprinting with search engines (google dorks, Bing, etc), automated tools (theHarvester, Dig, WHOIS, AMASS), devices, technologies and geolocation (Netcraft, Shodan, Builtwith), social networks, email and metadata collection .
🛡 Knowledge of exploits, vulnerability ratings by CVE and CWE, and risk level by CVSS.
🛡 Frameworks/methodologies: OSSTMM, OWASP, MITER ATT&CK, EC-Council, Cyber Kill Chain.
🛡 Knowledge of networks and communications: TCP/IP, UDP, ARP, DNS and DHCP. OSI model. Cryptography: secure and insecure encryption types; SSL and TLS protocols.
🛡 Knowledge of programming languages: Bash, Python, Javascript, PHP.
Clear oral and written communication.
Adaptability, proactive learning.
Integrity: sincerity, morality, personal values, honesty.