Acerca de Mariano
As a highly skilled and detail-oriented Penetration tester, I am seeking everyday to improve my expertise in ethical hacking, red teaming, vulnerability assessment and security testing to identify and mitigate risks within complex IT infrastructures.
Proficient in using advanced tools such as Burp Suite Professional, Metasploit, ffuf, Nikto, Nmap, WPScan, netexec, and testssl for comprehensive penetration testing.
Skilled in conducting vulnerability assessments with Greenbone and Nessus Expert to identify and remediate security risks.
Possess expertise in identifying and exploiting vulnerabilities such as XXE, RXSS, SXSS, SSRF, IDOR, SQL Injection (SQLi), Local File Inclusion (LFI), Remote File Inclusion (RFI), and file upload attacks.
Utilize OSINT tools including 4iQ, Shodan, FOFA, Maltego, FOCA, Gospider, and Google Dorks to gather actionable information.
Apply tools and techniques for internal assessments, including LaZagne, PowerUp, PowerView, Mimikatz, Inveigh, Pypykatz, samdump2, ldapsearch, bloodhound, impacketkit, and windapsearch.
Demonstrate ability in advanced pivoting and lateral movement using ligolo-ng for secure and effective network penetration testing.
Some of my soft skills:
● Problem solving
● Effective Communication
● Time management
● Persistence
● Teamwork
Español
Bilingüe o nativo
Inglés
Competencia profesional completa
Solo teletrabajo
Lleva a cabo sus proyectos principalmente en remoto
Experiencia
- KPMGPenetration testerTELECOMUNICACIONESagosto de 2020 - Hoy (5 años y 10 meses)Spain
- Execute comprehensive Vulnerability Assessments and Penetration Testing (VAPT) projects across diverse domains, including infrastructure, networks, web applications and APIs.
- Conduct in-depth security assessments for over 100 client applications and systems, providing actionable recommendations to strengthen their security posture.
- Perform black-box/grey-box VAPT exercises, leveraging advanced techniques to identify and remediate vulnerabilities with precision and efficiency.
- Manage end-to-end client engagements, maintain clear communication, and deliver high-quality results within defined timelines.
- Conduct internal and external infrastructure security assessments, simulating real-world attack scenarios on Enterprise Active Directory (AD) environments to evaluate and enhance security resilience.
- Demonstrate extensive knowledge of the OWASP Penetration Testing Checklist and deliver exceptional reporting with clarity and detail.
- SevenShiftSecurity and Web Development InternTELECOMUNICACIONESmarzo de 2020 - julio de 2020 (4 meses)Madrid, España
- Man-in-the-Middle (MitM) Simulation: Implemented MitM attacks using Mosquitto (MQTT broker) and HAProxy to intercept and manipulate IoT traffic, demonstrating risks in unsecured message brokering.
- Protocol & Traffic Analysis: Captured and analyzed network communications of a BLE (Bluetooth Low Energy) smart bulb with Wireshark, identifying protocol weaknesses, insecure transmissions, and potential attack vectors.
- IoT Pentesting & Security Assessment: Conducted penetration testing on IoT devices focusing on MQTT and BLE, testing authentication, encryption, and resilience against spoofing or replay attacks.
- Web Security & Maintenance: Developed, maintained, and secured a WordPress website, applying hardening practices (secure configurations, patch management, plugin vulnerability assessments, WAF implementation).
Recomendaciones
Sé el primero en recomendar a Mariano
Ayuda a este freelance a destacar compartiendo tu experiencia.
Estos perfiles de freelance también coinciden con tus criterios
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Formación
- Higher Technician in Computer Network Systems ManagementIES Francisco de Goya2020
Certificados
- Certified Penetration Testing Specialist (CPTS)Hack The Box2025