Skip to content
View Retr02332's full-sized avatar
🇨🇴
Learn, imagine and create.
🇨🇴
Learn, imagine and create.
33 followers · 15 following

Achievements

Achievement: Pull Sharkx2

Achievements

Achievement: Pull Sharkx2

Block or report Retr02332

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Retr02332/README.md

Carlos Andrés Bello (Retr0)

A little about me

Hi, I am Carlos Bello, better known in tech industry as Retr0. I am 20 years old. I am a web hacker with 3 years of experience.

I started programming in Python3 when I was 16 years old. Then over time I learnt more about networking, command line and a bit about operating systems.

At 18 years old, I got interested in ethical hacking. I thought it was cool how to take technology to another level, giving it a particular use to accomplish things that never came up in business logic. I began like everyone else, in the infrastructure part, but it wasn't until 6 months later when I realized that what I liked the most was hacking web applications.

In my eagerness to better understand the web applications that I hacked, I started in parallel my training in web development. It is beautiful to build web applications and then to analyze where there may be bugs and how we could leverage that in a web security audit.

In 2021 and 2022 I was a bug hunter at Hackerone. Here I reported high impact vulnerabilities to companies like Yahoo!, Google, KAYAK, NASA, Cornershop by Uber, AT&T, Logitech, among others. I studied web hacking at Pentesterlab and PortSwigger.

I am currently a security researcher at Fluid Attacks. I test web apps, Android mobile apps and API'S. In my work I have found multiple CVE's which you can find here:

My skills

I am continuously training myself in topics related to hacking web applications, Android apps and API's.

I use technologies like Python3 and node.js to build tools that allow me to automate my daily activities in order to be much more productive.

I also use C++ when I need programs with good performance, or when I need low level programming, like interacting with the registers (internal state) of hash algorithms, for example.

In web development, I usually use HTML, CSS, and JavaScript for front-end, and Django with some databases like MySQL, PostgreSQL, and SQLite3 for back-end.

I like to spend time looking for security bugs at the apps' code.

Languages and tools

My goals

My purpose for 2023 is to get certified in hacking web, Android and API's applications.

Statistics

Retr02332's GitHub Stats

Top Langs

Contact me

Twitter Follow

Telegram Follow

Gmail Follow

Pinned Loading

  1. HackerBot HackerBot Public

    Receive notifications about your reports and access your hackerone information quickly and easily.

    JavaScript 8 2

  2. Entendiendo a detalle el CVE-2020-7115 Entendiendo a detalle el CVE-2020-7115
    1 
    # CVE-2020-7115 (Aruba Clearpass RCE)
    2 
    
              
    
              
    
                3
                
    ## Reconocimiento
    
              
    
              
    
                4
                
    Cuando seleccionamos un dominio como objetivo, y en la toma de huellas dactilares encontramos que el aplicación web funciona con java en el backend. Es interesante buscar archivos como **struts.xml** para agrandar aun mas la superficie de ataque.
    
              
    
              
    
                5
                
    
              
    
          
    
    
    
  
    

    3. 

      

  3. 
  
    
    
    
      
    
        
        
          Unickle (write-up)
Unickle (write-up)      
    

          
    
              
    
                1
                
    # Unickle
    
              
    
              
    
                2
                
    
              
    
              
    
                3
                
    ## ¿En que consiste?
    
              
    
              
    
                4
                
    Este reto trata de encontrar un SQL injection, y usar este para escalar a un RCE.
    
              
    
              
    
                5
                
    
              
    
          
    
    
    
  
    

    4. 

      

  4. 
  
    
    
    
      
    
        
        
          Hacking Json Web Tokens
Hacking Json Web Tokens      
    

          
    
              
    
                1
                
    # Hacking Json Web Tokens
    
              
    
              
    
                2
                
    ## Change the algorithm to none and JWT without sign
    
              
    
              
    
                3
                
    En este caso, solo debemos configurar el parametro alg con el valor none.
    
              
    
              
    
                4
                
    Luego de esto solo quitamos la parte de la firma, pero conservando el punto final es decir
    
              
    
              
    
                5
                
    ```bash
    
              
    
          
    
    
    
  
    

    5. 

      

  5. 
  
    
    
    
      
    
        
        
          Google CTF 2020 Web (Pasteurize) Wri...
Google CTF 2020 Web (Pasteurize) Write-Up      
    

          
    
              
    
                1
                
    # Pasteurize (Google CTF 2020)
    
              
    
              
    
                2
                
    
              
    
              
    
                3
                
    Este es mi primer [CTF de google](https://capturetheflag.withgoogle.com/), me anime a resolver los del 2020 asi que pronto hare el respectivo write-up de los demas. Este reto en particular me gusto mucho porque no solo encontre una vulnerabilidad en la aplicación objetivo, sino tambien en una biblioteca que usa llamada [**DOMpurify**](https://github.com/cure53/DOMPurify).
    
              
    
              
    
                4
                
    
              
    
              
    
                5
                
    
              
    
          
    
    
    
  
    

    6. 

      
  6. 
  
    
    
    
      
    
        
    
            
          
BBRF-maintenance
BBRF-maintenance          Public
        
    
      
    


      
    
        I built some bash functions to help me while doing mundane and repetitive tasks using BBRF, Nuclei or other Bug bounty tool. 
      
    

      
    
          
  
  Shell


          
            
    

            34
          
      
    
    
    
  
    

    7.