I'm Juan Felipe Oz.

Software developer/Information Security Enthusiast from Colombia, focused on web pentesting, Backend Django development. with a passion for what's new and a commitment to be better every day, to make the digital world safer and safer.

πŸ’» Experience

Security Researcher - HackerOne/BugCrowd

  • Specialized in identifying critical vulnerabilities in systems and applications using the PTES methodology and lateral thinking to solve complex problems with technical creativity.
  • Identified and mitigated vulnerabilities, reducing attack surfaces by 60% and improving system resilience by 40%.
  • Reported Open Redirect, Subdomain Takeover, and Info Disclosure, in Adobe, NASA VDP, and private programs. Strengthened security for major organizations through detailed vulnerability reports. Specialized in asset enumeration and web exploitation for high-impact findings.

Analyst Software/Ethical Hacker Internship - Siesa

  • Conducted comprehensive analysis of enterprise software solutions, including ERP and CRM systems. Tested functionality across various versions before production deployment.
  • Performed pentesting on two applications, uncovering security vulnerabilities. Proposed improvements to mitigate SQL Boolean Injection and XSS Reflected attacks.
  • Contributed to software security analysis and optimization efforts, enhancing operational efficiency and data protection.

πŸ… Achievements

DiceCTF 2024 Quals

  • Successfully participate in DiceCTF 2024 Quals, a prestigious 48-hour online Capture The Flag, in the ESPower_ team.

Reports in Hacker0ne

  • I was able to successfully report a disclosure vulnerability in Hackerone for the Adobe Security Response program.

Adobe

Reports in Hacker0ne

Reports in BugCrowd

  • Among the vulnerabilities I have reported to the NASA VDP, my most critical and impactful finding was an information disclosure affecting the supply chain, compromising both NASA and its associated customers.

Nasa πŸš€

Reports in BugCrowd

Platforms Web Academy

  • I have been able to solve over 356 labs on the Portswigger and Pentesterlab platform covering topics such as: SSRF, SQLi, No-SQLi, Disclosure Information, LLM Attacks, ClickJacking, Server Side Template Injection, OS Command Injection, Path Traversal, File Upload, File Include, Access Control, Authentication/Authorization, Web Sockets, UNIX Systems, XSS, Business Logic Vulnerabilities, CachΓ© Web Deception, HTTP Request Smuggling, Prototype Pollution, Insecure Deserialization, Race Conditions, XXE, CORS, DOM Based Vulnerabilities, GraphQL API Attacks, HOST Header Attacks, Web Cache Poisoning, and more.

PortSwigger

Platforms Web Academy

PentesterLab

Platforms Web Academy

πŸ’‘ Security Chronicles

My Blog in Medium :)

  • In my spare time, I write on my personal blog about various topics related to computer security and software, from how AES hashing and Keccak states work in cryptography to how to set up dynamic routing between two LANs.
  • Passionate about learning every day, every new topic is a great opportunity to expose it to the public, to teach it, to give the opportunity to someone who is in the same process as me to learn and not give up.

Projects

TorIPGuard

A REST API for managing malicious IPs in TOR networks, featuring IP retrieval, exclusion, filtering, and detailed logging with user and admin permissions.

CVEHunter

A hacking tool designed to collect all NVD CVEs from 2018 onwards, storing them for integration with OWASP ZAP for web application analysis.

CryptoHack

A repository with the compilation of all my cryptographic knowledge converted to python code with the platform Cryptohack.

GPU-Hunter

GPU Hunter is a bot built in Python Selenium that allows to automate the whole process of finding the graphics card at the best price, alerting via emai in a nice hypertext message.

I specialize in Web Pentesting, driven by curiosity and lateral thinking to find innovative solutions to complex problems. I apply Shoshin every day in my life product of it, my projects: you can explore my GitHub profile for more information :)

github.com/JFOZ1010

Give it a ⭐, if you like it :)

Here are some
Skills/Technologies

Make it secure, make it resilient, make it efficient.

Make it secure, make it resilient, make it efficient.

Connect with me at