I'm Juan Felipe Oz.

Software developer/Information Security Enthusiast from Colombia, focused on web pentesting, Backend Django development. with a passion for what's new and a commitment to be better every day, to make the digital world safer and safer.

💻 Experience

Analyst Software/Ethical Hacker Trainee - Siesa

  • Software Analysis and Testing: Conducted comprehensive analysis of enterprise software solutions including ERP, CRM systems, AGP (Supplier Management Support), and AGR (Revenue Management Support). Tested software functionality across various versions prior to production deployment.
  • Security Testing and Improvement: Performed pentesting and testing on 2 applications, uncovering significant opportunities for enhancing information security. Proposed improvements to enhance confidentiality disclosure and input sanitization to mitigate SQL Boolean Injection and XSS Reflected attacks.
  • Gained practical experience in knowledge management at Siesa during internship, contributing to critical software analysis and security testing initiatives aimed at optimizing operational efficiency and data protection.

🏅 Achievements

DiceCTF 2024 Quals

  • Successfully participate in DiceCTF 2024 Quals, a prestigious 48-hour online Capture The Flag, in the ESPower_ team.

Reports in Hacker0ne

  • I was able to successfully report a disclosure vulnerability in Hackerone for the Adobe Security Response program.

Adobe

Reports in Hacker0ne

Platforms Web Academy

  • I have been able to solve over 260 labs on the Portswigger and Pentesterlab platform covering topics such as: SSRF, SQLi, Disclosure Information, LLM Attacks, ClickJacking, Server Side Template Injection, OS Command Injection, Path Traversal, File Upload, File Include, Access Control, Authentication/Authorization, Web Sockets, UNIX Systems, XSS, Business Logic Vulnerabilities, Caché Web Deception (In Progress).

PortSwigger

Platforms Web Academy

PentesterLab

Platforms Web Academy

💡 Security Chronicles

My Blog in Medium :)

  • In my spare time, I write on my personal blog about various topics related to computer security and software, from how AES hashing and Keccak states work in cryptography to how to set up dynamic routing between two LANs.
  • Passionate about learning every day, every new topic is a great opportunity to expose it to the public, to teach it, to give the opportunity to someone who is in the same process as me to learn and not give up.

Projects

TorIPGuard

A REST API for managing malicious IPs in TOR networks, featuring IP retrieval, exclusion, filtering, and detailed logging with user and admin permissions.

CVEHunter

A hacking tool designed to collect all NVD CVEs from 2018 onwards, storing them for integration with OWASP ZAP for web application analysis.

CryptoHack

A repository with the compilation of all my cryptographic knowledge converted to python code with the platform Cryptohack.

GPU-Hunter

GPU Hunter is a bot built in Python Selenium that allows to automate the whole process of finding the graphics card at the best price, alerting via emai in a nice hypertext message.

I specialize in Web Pentesting, driven by curiosity and lateral thinking to find innovative solutions to complex problems. I apply Shoshin every day in my life product of it, my projects: you can explore my GitHub profile for more information :)

github.com/JFOZ1010

Give it a ⭐, if you like it :)

Here are some
Skills/Technologies

Make it secure, make it resilient, make it efficient.

Make it secure, make it resilient, make it efficient.

Connect with me at