WHOAMI

My name is Iván Santos Malpica (aka HackCommander). I am a mathematician, computer engineer and I work as a cybersecurity consultant.

These are my titles:

• Mathematical Engineering by the Universidad Complutense de Madrid.
• Computer Engineer by the Universidad Nacional de Educación a Distancia (UNED).
• eJPT (eLearnSecurity Junior Penetration Tester) by eLearnSecurity.

Developed tools

Creator of the following tools:

• PHP-info-cookie-stealer (This is a payload generator designed in Bash to exfiltrate user cookies through the PHP info page bypassing the HttpOnly flag during XSS exploitation.)

Contributions

I have made the following contributions:

• Personal blog about science and technology.
• Talk called Pentesting: CTFs as a learning medium at Bluetab Company.
• Pull request to HackTricks to add a method to bypass the HttpOnly during an XSS exploit using the PHP info page.
• Final project degree of Computer Engineering about CTFs as a learning tool in cybersecurity.
• CTFs in the Capture The Flag Platform VulNyx:
  • HackingStation.
  • Diff3r3ntS3c.

Attendances

Attendee at the following cybersecurity events:

• RootedCON 2022 (Madrid)
• Osintomático 2022 (Madrid)
• RootedCON 2023 (Madrid)
• Osintomático 2023 (Madrid)
• RootedCON 2024 (Madrid)
• RootedCON 2024 HackerNight - BugBounty (Madrid)