██████╗██╗   ██╗██████╗ ███████╗██████╗     ██████╗  █████╗ ████████╗██╗  ██╗
██╔════╝╚██╗ ██╔╝██╔══██╗██╔════╝██╔══██╗    ██╔══██╗██╔══██╗╚══██╔══╝██║  ██║
██║      ╚████╔╝ ██████╔╝█████╗  ██████╔╝    ██████╔╝███████║   ██║   ███████║
██║       ╚██╔╝  ██╔══██╗██╔══╝  ██╔══██╗    ██╔═══╝ ██╔══██║   ██║   ██╔══██║
╚██████╗   ██║   ██████╔╝███████╗██║  ██║    ██║     ██║  ██║   ██║   ██║  ██║
 ╚═════╝   ╚═╝   ╚═════╝ ╚══════╝╚═╝  ╚═╝    ╚═╝     ╚═╝  ╚═╝   ╚═╝   ╚═╝  ╚═╝

📍 Spain (Remote) · Responsible disclosure · Clear PoCs & remediation guidance

---

🗺️ Repo Map

cyber-path/
├── 📂 ctf/                    # Capture The Flag writeups & solutions
│   ├── 📂 web/                # Web exploitation challenges
│   ├── 📂 pwn/                # Binary exploitation
│   ├── 📂 crypto/             # Cryptography
│   ├── 📂 reverse/            # Reverse engineering
│   ├── 📂 forensics/          # Digital forensics
│   └── 📂 misc/               # Miscellaneous challenges
│
├── 📂 bug-bounty/             # Bug bounty findings & methodology
│   ├── 📂 reports/            # Anonymized report templates
│   └── 📂 methodology/        # Recon & exploitation workflows
│
├── 📂 labs/                   # Hands-on lab environments
│   ├── 📂 hackthebox/         # HackTheBox machines
│   ├── 📂 tryhackme/          # TryHackMe rooms
│   └── 📂 portswigger/        # PortSwigger Web Security Academy
│
├── 📂 cloud-security/         # Cloud security research & tooling
│   └── 📂 wiz-challenges/     # Wiz security challenges
│
├── 📂 certs/                  # Certification study notes & labs
│
├── 📂 scripts/                # Custom tools & automation
│
└── 📂 docs/                   # Methodology guides & cheatsheets
    └── index.html              # 🌐 Portfolio (GitHub Pages)

---

📊 Stats

Metric	Value
CTF Roots	105
HackTheBox	Hacker
TryHackMe	[0x9] MAGE
Focus	Web / API / Cloud
Languages	EN / ES

---

🏴 CTF Writeups

Challenge	Category	Platform	Difficulty	Status
Coming soon	—	—	—	🔜

🐛 Bug Bounty

Focus areas: IDOR / BOLA / BFLA · Auth & Session · SSRF-to-Cloud · API Security (REST/GraphQL)

#	Target	Severity	Type	Status
Coming soon	—	—	—	🔜

Notable Findings (sanitized)

Finding	Description	Tags
IDOR → privilege escalation	Object-level access control issue enabling cross-tenant access	idor api
Auth logic bypass	Inconsistent checks between UI and API endpoints	auth api
SSRF risk in import feature	Potential internal network access; cloud metadata hardening recommended	ssrf cloud

🔬 Labs & Machines

Machine / Room	Platform	Difficulty	Writeup
Coming soon	—	—	🔜

☁️ Cloud Security

Challenge	Platform	Topic	Status
Coming soon	—	—	🔜

---

🎓 Certifications

Cert	Status	Tags	Link
CCNA	✅ Completed	Network · Routing · SDN	Credly
AWS Solutions Architect	✅ Completed	Cloud · Architecture	Credly
Terraform Associate	✅ Completed	IaC · Cloud	Credly
CompTIA Security+ 701	🔄 In Progress	Cybersecurity · Defensive · GRC	Credly
HTB CPTS	🔄 In Progress	Offensive · Web · AD	—
HTB CBBH	🔄 In Progress	Offensive · Web · API	—
CRTO	🔄 In Progress	Offensive · Red Team	—
OSCP	⏳ Not started	Offensive	—

Training

Path	Status	Tags
PortSwigger Web Security Academy	🔄 Ongoing	Web
HTB Academy (CPTS, CBBH, ProLabs)	🔄 Ongoing	Offensive
Cloud labs (AWS)	🔄 Ongoing	Cloud

---

🔗 Platforms

---

🛠️ Toolbox

---

📝 How I Document

Each writeup follows a consistent format:

## Challenge Name
### Recon → Foothold → Privesc → Root

- 🎯 Objective
- 🔍 Enumeration & Discovery
- 💣 Exploitation
- 🏁 Flag / Proof
- 📚 Lessons Learned

---

🗓️ Roadmap

When	Goal	Detail
Now	Finish CPTS + consistent bug bounty routine	Daily reps: labs + target practice; write one note per week
3–6 months	Increase valid reports + focus specialization	Deepen access control expertise (BOLA/BFLA) across APIs
Next	Increase high/critical vulnerabilities found	Show proof: reports, certs, writeups, and professional workflow

---

📊 GitHub Activity

---

If you find this repo useful, drop a ⭐ — it fuels the grind.