Exploit Development & Reverse Engineering
Learning phase: Binary Gecko Academy & ret2.systems wargames. R&D focus on Windows exploitation, modern mitigations, and kernel primitives.
About me
WHOAMI
Computer Science student from Buenos Aires 🇦🇷 specializing in offensive security and vulnerability research. I focus on Application Security, penetration testing, and DevSecOps consulting—backed by OSCP+, CPTS, PNPT, eJPT, and eWPT certifications.
Core interests: exploit development, malware engineering, and binary analysis. Continuously sharpening skills through CTFs, specialized labs, and real-world engagements.
Experience
4000+ hours
Professional experience with strong emphasis on WebApp pentesting, plus infra (AWS cloud), mobile, and Active Directory engagements.
Engineering
Rust · Go · C/C++ · Python
Custom tooling for exploits, loaders, and automation.
Industry
Veritran · Hackmetrix · Codefend
AppSec, threat modeling, SDLC, PCI-DSS, AWS.
Focus
Current workstreams
Malware Engineering & C2 Development
Learning phase: MalDev Academy. Building a C2 framework in Rust from scratch—learning maldev, OPSEC tradecraft, EDR evasion, and resilient infrastructure.
AppSec, Pentesting & Automation
Web/mobile/network pentesting with Burp Suite, OWASP Top 10 methodology, and SDLC automation through secure CI/CD pipelines, SAST/DAST integration, and supply-chain hardening.
Trajectory
My Career
Formation
Education
Computer Science @ Universidad de Buenos Aires
In progress
Strong foundation in computing, security, and software development.
Binary Gecko Academy @ reverse engineering & binary exploitation
In progress
One-year advanced offensive security crash course specializing in reverse engineering, binary exploitation, and vulnerability research. Hands-on labs, exploitation challenges, and mentorship from top researchers.
Hackademy @ Hacking & Defense Fundamentals
2021
Offensive security bootcamp covering exploitation and defensive baselines.
Ethical Hacking @ UTN
2020 - 2021
University expert course in ethical hacking and security operations.
Fullstack Web App Development @ Comunidad IT
2020
Foundations in modern web application development.
Trajectory
Experience
Application Security Analyst @ Veritran
03/24 - 06/25
Led the "Security Champions" program, integrating security across the SDLC. Conducted pentesting, implemented SAST/DAST pipelines (SonarQube, Fortify), and ensured PCI-DSS, ISO 27001, and SOC 2 compliance for fintech products.
Security Consultant @ Codefend
2023 - Present
Remote offensive security consulting focused on penetration testing, DevOps security, and risk mitigation. Deliver tailored solutions through automation, scripting, and hands-on exploitation.
Application Security Engineer @ Hackmetrix
2022 - 2023
Emulated real-world attacks tailored to client requirements: pentesting (web/mobile, networks), spear phishing, OSINT, threat modeling, and AD exploitation. Delivered technical and executive reports, training sessions, and guided clients through vulnerability mitigation.
Stack
Technical capabilities
Ethical Hacking
OSINT
NodeJS
Python
DevSecOps
Kubernetes
Docker
AWS
Rust
Go
Java
Linux
Win Internals
C / C++
SDLC & AppSec Principles
Projects
Tooling and research
Social Panic Button
Emergency-ready app with quick actions and automation for high-pressure situations.
Scripts & Exploits
Collection of personal tooling: ffuf command helper, AD LPE to DA, HTB automations, CVE PoCs, Windows revshell/WIP maldev, and password/enum utilities.
HackTheBox & TryHackMe
Continuous CTF practice, Red Team paths, and exploit/reversing labs.
Anon Land
Open-source imageboard with real-time interactions and modern PWA stack.
Rust Ransomware Research
Rust-based ransomware lab project exploring encryption flows and secure ops controls.
CTFs & Labs
Continuous practice
HackTheBox, TryHackMe, reversing, and a homelab with Raspberry Pi plus containerized services.
Contact
Ready to collaborate
Looking for maldev, pentesting or AppSec with clear outcomes. Let's talk.