ABOUT ME

ABOUT ME

I'm a computer security enthusiast                            

In recent years I have made so many successful projects of high level for several of the most important companies both in Spain and internationally. These projects have allowed me to traveling and o learning constantly to new situations, responding effectively in all of them. The main projects are the following type:

  • Malware Analysis: Analyzing malware, or malicious software, is more of an art than a technique. Because of the wide nature of these products, there are limitless ways to hide functionality. Some common tools for malware analysis include simple programs like strings. More complex analysis can be conducted by looking at the headers of executables with programs like PEiD and PeExplorer. Finally, the most complete analysis can be done with debuggers like IDA Pro and OllyDbg.
  • External Penetration Test: It tries to evaluate the security of the systems to respond to a possible  external attack, simulating what a hacker could try to penetrate in the information systems and what vulnerabilities it might try to exploit. Could be considerer a black box audit. Not only detect possible vulnerabilities in information systems, additionally, to try to exploit the results obtained demonstrating the consequences of unauthorized acces.
  • Internal Penetration Test: It tries to evaluate the security of the systems against a possible internal attack, that is to say, analyze risks from employees who might violate the internal security of the information systems of the company. In this type of the test is also attempt to exploit vulnerabilities to demonstrating the consequences that could have an internal attack.
  • Web Applications Audit: The objective is to evaluate the security of web applications and obtain a vision of his security level. It is necessary that applications are security developed, because across them it is possible to bypass other security mechanisms such as a firewall or intrusion detection system and even penetrate the internal network of the company.
  • WIFI Networks Audits: It tries to analyze in detail the implemented wireless networks and to detect the existence of security problems that could be taking place when using this technology without the necessary security considerations. This test is performed intrusive attacks on the network through its wireless access, simulating the actions of a hacker who manages to capture the wireless signal of the network to access it.
  • Source Code Review: In the Source Code review I follow the guidelines set in the "OWASP Code Review Guide", which provides for review of the following points:
  1. Authentication
  2. Authorization
  3. Data Validation
  4. Error Handling
  5. Information Leaks
  6. Cryptography
  7. Secure Code Environment
  8. Session Management
  • Programming scripts: I have programmed many scripts to realize tasks associated with all phases discussed previously. These scripts are needed, as during the previous phases unique situations arise where existing programs do not meet the required case and is necessary to realize a personalized programs for the new situations.
  • Imparting Security Courses: 

    • Secure Programming in Web environments: In this course there are seen secure aspects of web application development such as making a good validation of input data, which are the best methods of authentication depending on what resources you want to protect, etc.
    • Hacking Web Applications: This course is focuses on defining what are the main Hacking techniques in web applications, and then to realize a laboratory of practices with them, to be aware of the danger to which these applications are exposed.

The technical level required for all these projects is very high so you have to have great capacity to adapt to new situations to carry them out successfully.