Offensive Docker Container
Brief information about the Docker Container used for Red Team, an alternative to virtual machines due to its quick setup.
Hi, I'm Roberto Alfaro.
Ethical Hacker.
I uncover critical vulnerabilities in your APIs, mobile apps and Active Directory environments before attackers do. Exploit‑ready reports delivered in less than 7 days.
Core Skills
Python & Automation
Burp Suite & Web Exploit
Network Discovery
API Security
Active Directory
Metasploit & Post-Exploit
Cloud Security (AWS/GCP/Azure)
Container Security (Docker/K8s)
Pen‑Testing Services
API & Web Services
I perform a full-stack security review of your REST or GraphQL endpoints mapped to the latest OWASP API Top 10 risks (Broken Object-Level Authorization, Mass Assignment, Excessive Data Exposure, etc.). Each finding includes:
1. Controlled Proof-of-Concept exploit
2. Impact analysis & fix guidance
3. Validation scripts for pipelines
Mobile Pentesting
Static & dynamic analysis for iOS and Android following OWASP MASVS. Reproducible evidence included, The engagement covers:
1. Static analysis (SAST), reverse-engineering of the .apk / .ipa
2. Dynamic & runtime testing (DAST), on-device assessment with instrumentation
3. Back-end linkage, any server-side issues discovered via the mobile client
Active Directory
I audit your Windows domain end-to-end to surface privilege-escalation chains and misconfigurations that attackers exploit during ransomware and lateral-movement campaigns. The engagement includes:
1. Domain reconnaissance & graph mapping
2. Exploitation simulation
3. Defence-evasion & detection review
Latest Articles
Bash Custom Functions
Customized functions in bash to streamline work, with pending functions to be added.
HTB Write‑ups
HackTheBox walkthroughs for simulations of various difficulty levels.
About
Industrial Engineer turned security professional with 4+ years as a Data Analyst. Certified CEH, BSCP, and holder of multiple SecOpsGroup credentials (Practical Web App Pentesting, Cloud Security Fundamentals, Threat Hunting). Currently preparing for OSCP. I’ve led 50 + API security assessments and disclosed critical vulnerabilities through Bug-Bounty programs on HackerOne, YesWeHack and Cyscope.
See certifications Gitbook Blog Hack The Box Profile
Contact
Ready to secure your platform or just have questions? Send me a message — I reply within 24 hours.