>_ ~/cyberescudo

Protecting the Digital World

Projects, manuals and guides on cybersecurity. From server hardening to penetration testing.

$ cat projects.md | grep security_

πŸ”΄ View Latest Alerts & 0-Days ↓
Sergio Belmonte Morales

Sergio Belmonte Morales

Cybersecurity Analyst SOC Operator Pentester (eCPPT)

Cybersecurity Analyst with real SOC and infrastructure hardening experience. Specialized in Microsoft 365 and Azure Sentinel (KQL), with an offensive mindset backed by the eCPPT certification. This platform is my lab β€” I built every tool on it myself.

0
Tools
0
CTF Challenges
0
Projects
0
Certifications
// TACTICAL TRAINING ZONE
🌳

Skill Tree

Master the cybersecurity roadmap tier by tier. Learn from networking to advanced pentesting.

🎣

SOC Simulator

Train your initial triage. Analyze threats and locate phishing red flags in real-time.

πŸ›‘οΈ

SOC Arsenal (KQL)

Tactical directory of Threat Hunting queries and automation.

🎯

Perimeter Scanner

Audit your infrastructure and discover exposed vulnerabilities.

Security Projects

Collection of cybersecurity projects on hardening, network defense, and offensive security.

Cat:
Level:

πŸ” No results. Try another filter.

Basic 🎯 CTF INSIDE

Apache Hardening

Configuration of apache2.conf, security.conf and php.ini with recommended security parameters.

Intermediate 🎯 CTF INSIDE

Command Injection & RFI/LFI

Exploitation and countermeasures for command injection and remote/local file inclusion vulnerabilities using OWASP Mutillidae and bWAPP.

Intermediate 🎯 CTF INSIDE

SQLMap: SQL Injection

Using SQLMap with BurpSuite to extract data from vulnerable databases on DVWA: users, passwords, and SQL shell.

Intermediate 🎯 CTF INSIDE

XSS: Cookie Theft & Fake Forms

Stealing credentials with Netcat, session cookie theft via XSS and defense with htmlspecialchars().

Intermediate 🎯 CTF INSIDE

Manual SQL Injection: bWAPP & DVWA

Manual UNION-based exploitation on bWAPP and unhex() bypass on DVWA medium level.

Advanced 🎯 CTF INSIDE

Android Reversing: InsecureBankv2 & KGB Messenger

APK reverse engineering: Java extraction, smali modification and access control bypass with dex2jar and JD-GUI.

Intermediate 🎯 CTF INSIDE

DIVA Audit: Android Vulnerabilities

Insecure Logging, Hardcoding, insecure storage in SharedPreferences, SQLite and SQL Injection demonstrated with ADB.

Intermediate 🎯 CTF INSIDE

InsecureBankv2 APK Analysis

APK unpacking, exported activity invocation with am start, VirusTotal/Metadefender analysis and Android permissions.

Advanced 🎯 CTF INSIDE

DIVA Advanced: Access Control & Buffer Overflow

Exercises 9–13: PIN bypass, insecure Content Providers, hardcoded JNI key and buffer overflow.

Basic 🎯 CTF INSIDE

Nmap: Network Reconnaissance & Scanning

SYN scan, OS/version detection, NSE vulnerability scripts, firewall evasion and result export.

Advanced 🎯 CTF INSIDE

Metasploit Framework

Finding and using exploits, Meterpreter payloads, post-exploitation, auxiliary modules and msfvenom.

Intermediate 🎯 CTF INSIDE

Hydra: Brute Force Attacks

Brute force SSH, FTP, RDP, SMB and HTTP web forms. Practice on DVWA with session cookies.

Basic 🎯 CTF INSIDE

Wireshark: Traffic Analysis

Traffic capture, BPF and display filters, cleartext credential extraction and ARP spoofing detection.

Intermediate 🎯 CTF INSIDE

John the Ripper & Hashcat

Cracking MD5, SHA1, bcrypt and NTLM hashes with dictionary attacks, brute force and mutation rules.

Intermediate 🎯 CTF INSIDE

Burp Suite: Web Interception & Testing

Proxy, Repeater, Intruder and Scanner. Complete OWASP testing flow: SQLi, XSS, IDOR and brute force.

Intermediate 🎯 CTF INSIDE

CSRF & Clickjacking

Exploitation on DVWA, PoC creation, and countermeasures: CSRF tokens, SameSite cookies and X-Frame-Options.

Basic 🎯 CTF INSIDE

Nikto & Dirb/Gobuster

Automated web vulnerability scanning and discovery of hidden directories and files.

Advanced 🎯 CTF INSIDE

XXE & Path Traversal

XXE payloads to read server files and SSRF, and Path Traversal exploits with filter bypass.

Basic 🎯 CTF INSIDE

Firewall Configuration

Step-by-step firewall configuration using iptables and firewalld to protect network infrastructure.

Intermediate 🎯 CTF INSIDE

Vulnerability Scanner

Vulnerability scanning tool built with Python for automated security assessments.

Intermediate 🎯 CTF INSIDE

Network Monitoring

Deployment and configuration of Snort IDS for real-time traffic analysis and intrusion detection.

Intermediate 🎯 CTF INSIDE

Secure Development

Collection of secure development guides for web applications, covering OWASP Top 10.

Advanced 🎯 CTF INSIDE

Incident Response Plan

Framework and playbook to manage security incidents from detection to recovery.

Basic 🎯 CTF INSIDE

Gobuster & ffuf: Web Fuzzing

Directory, file, subdomain and VHost discovery via dictionary attacks with Gobuster and ffuf.

Advanced 🎯 CTF INSIDE

Linux Privilege Escalation

Privesc techniques with LinPEAS: SUID, misconfigured sudo, cron jobs, exposed credentials and dangerous groups.

Intermediate 🎯 CTF INSIDE

Docker: Container Security

Container escapes, exposed secrets, Dockerfile hardening and image vulnerability scanning with Trivy.

Basic 🎯 CTF INSIDE

Shodan: OSINT & Passive Recon

Advanced Shodan searches to find exposed services, CVEs in production and misconfigured devices worldwide.

Guides & Manuals

Step-by-step manuals to improve your security posture.

// THREAT INTEL FEED

Latest Threats & 0-Days

04 Jul 2026

U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case

Source: The Hacker News
04 Jul 2026

North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign

Source: The Hacker News
03 Jul 2026

Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices

Source: The Hacker News
03 Jul 2026

New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android

Source: The Hacker News
🌍 ACCESS FULL INTELLIGENCE CENTER β†’