My name is Iván Santos Malpica (aka HackCommander). I am a mathematician, computer engineer and I work as a cybersecurity consultant.

These are my titles:

  • Mathematical Engineering by the Universidad Complutense de Madrid.
  • Computer Engineer by the Universidad Nacional de Educación a Distancia (UNED).
  • eJPT (eLearnSecurity Junior Penetration Tester) by eLearnSecurity.

Developed tools

Creator of the following tools:

  • PHP-info-cookie-stealer (This is a payload generator designed in Bash to exfiltrate user cookies through the PHP info page bypassing the HttpOnly flag during XSS exploitation.)


I have made the following contributions:


Attendee at the following cybersecurity events:

  • RootedCON 2022 (Madrid)
  • Osintomático 2022 (Madrid)
  • RootedCON 2023 (Madrid)
  • Osintomático 2023 (Madrid)
  • RootedCON 2024 (Madrid)
  • RootedCON 2024 HackerNight - BugBounty (Madrid)