About Me

Resume

My name is Daniel García (also known as cr0hn). I'm a senior security researcher and penetration tester. I was the founder of Navaja Negra Security Conference and the Chapter Leader of OWASP Madrid - Spain

I’m a security researcher, pen-tester (or black box), source code analyst, DevSecOps and developer. I have bit strange profile. Between hacking and developer. I love the researching of anything and a I'm little obsessed with the idea that not everything is invented.

Expert in hidden channels and anti-fingerprinting methods. FreeBSD lover and defender. And Python developer.

Currently I'm working on the Innovation department of BBVA Bank, Spain.

I have more than 7 years working for a lot of international leading companies of many different areas:

Telecommunications companies.
Lawyer.
Innovations companies
Insurance business.
National and international banks.
Building companies.
Public administrations of different countries.
Other Spanish IBEX 35 companies.

I have experience in different areas of security auditing:

Communications systems. Low and high network protocols. LAN, MAN and WAN networks.
Web services and associated infrastructures.
Another usual services: Mail, FTP, LDAP, VoIP...
Source code analysis in different languages: Java, .Net, PHP and Python.

I love developing as a hobby. I developed in some languages:

Python: Senior developer with many years of experience and a lot of tools published.
C#: I was developed for a short time in this language and their frameworks: ASP MVC, WebForms or EF.
Java: Like in C#, I developed some times in Java, strut or Spring
PHP and Perl: Some times I developed tools or analyze some code in those languages.

Security tools & other open source projects

I'm creator, or co-creator, of lot of hacking tools and other open source projects. All of them were published as open source on my Github account. Here a brief summary:

aiohttp-Swagger: Swagger API Documentation builder for aiohttp server.
NoSQLInjection: This repository contains payload to test NoSQL Injections.
aioTasks: A Celery like task manager that distributes Asyncio coroutines.
DockerScan: Docker security analysis & hacking tools Edit.
Vulnerable Node: A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools.
Booleans.io hider: Hide information into boolean.io service.
PyDiscover: Simple Secure and Lightweight Python Service Discovery.
Enteletaor: Message Queue & Broker Injection tool.
STB (Security Tool Builder): Security Tool Builder: project to automate the building of hacking tools
Ktcal2: SSH brute forcer tool and library, using AsyncIO of Python 3.4.
Info2CPE: Library to convert a information text (server banner, for example) into CPE v2.3 value.
OpenVAS to Report: OpenVAS2Report: A set of tools to manager OpenVAS XML report files.
OpenVAS Connector: OpenVAS connector for OMPv4.
GoLismero: Automated tools and framework, able to import, unify a feedback many known tools running as only one.
Plecost: WordPress vulnerability and fingerprinting tool
Topera: Security tools for IPv6, with the particularity that their attacks can't be detected by Snort IDS.
Gason: Burp Suite plugin to connect SQlMap analyzer and proxy.
ReMeMEP (Remember Me My Excel Password): PoC to find the forgotten passwords of your excel files.
SIPFuzzer: Suite of tools for check SIP protocol.
BaZIN: FreeBSD deployer and configurer script.
OMSTD: Open Methodology for Security Tool Developers.

Conferences:

I was speaker in many national and international conferences and events, (See my Linkedin for updated projects and talks)

cr0hn personal blog

About Me

Resume

Security tools & other open source projects

Conferences:

Contact:

Elsewhere: