Welcome to my security research and CTF repository. This space is dedicated to documenting the exploitation and remediation of various machines from platforms like DockerLabs, HackTheBox, and TryHackMe.
The primary focus is to demonstrate a structured, professional methodology in Penetration Testing and Vulnerability Assessment.
| Category | Tools |
|---|---|
| Reconnaissance | Nmap, Feroxbuster, Gobuster, WhatWeb, Wappalyzer |
| Exploitation | Burp Suite, Netcat, Metasploit, Exploit-DB |
| Privilege Escalation | LinPEAS, GTFOBins, Linux Smart Enumeration (LSE) |
| Scripting | Python, Bash, PHP |
Every write-up in this repository follows a standardized 4-step process to ensure clarity and technical depth:
- Reconnaissance: High-speed scanning and service fingerprinting.
- Foothold: Identification of entry-point vulnerabilities (CVEs, misconfigurations).
- Privilege Escalation: Internal enumeration to move from low-privilege users to Root/System.
- Remediation: Implementation of hardening measures and security patches.
| Machine | Platform | Difficulty | Key Vulnerabilities & Techniques |
|---|---|---|---|
| ChocolateLovers | DockerLabs | Easy | CVE-2015-6967 (RCE), Sudoers Hijacking, Cronjob Exploitation |
| (Pending) | ... | ... | ... |
I am a cybersecurity enthusiast focused on offensive security and system hardening. Currently developing my skills in web application security and Linux environments.
- LinkedIn: Daniel Fernandez-Pello San Romรกn
Disclaimer: All activities were performed in controlled, authorized environments for educational purposes only.