WHOAMI
My name is Iván Santos Malpica (aka HackCommander). I am a mathematician, computer engineer and I work as a cybersecurity consultant.
These are my titles:
- Mathematical Engineering by the Universidad Complutense de Madrid.
- Computer Engineer by the Universidad Nacional de Educación a Distancia (UNED) with an academic excellence award for the best academic record.
- eJPT (eLearnSecurity Junior Penetration Tester) by eLearnSecurity.
Developed tools
Creator of the following tools:
- PHP-info-cookie-stealer (This is a payload generator designed in Bash to exfiltrate user cookies through the PHP info page bypassing the HttpOnly flag during XSS exploitation.)
Contributions
I have made the following contributions:
- Personal blog about science and technology.
- Talk called Pentesting: CTFs as a learning medium at Bluetab Company.
- Pull request to HackTricks to add a method to bypass the HttpOnly during an XSS exploit using the PHP info page.
- CTFs in the Capture The Flag Platform VulNyx:
- HackingStation.
- Diff3r3ntS3c.
Attendances
Attendee at the following cybersecurity events:
- RootedCON 2022 (Madrid)
- Osintomático 2022 (Madrid)
- RootedCON 2023 (Madrid)
- Osintomático 2023 (Madrid)
- RootedCON 2024 (Madrid)
- RootedCON 2024 HackerNight - BugBounty (Madrid)