My name is Daniel García (also known as cr0hn). I’m a senior security researcher and penetration tester. I was the founder of Navaja Negra Security Conference and the Chapter Leader of OWASP Madrid – Spain
I’m a security researcher, pen-tester (or black box), source code analyst, DevSecOps and developer. I have bit strange profile. Between hacking and developer. I love the researching of anything and a I’m little obsessed with the idea that not everything is invented.
Expert in hidden channels and anti-fingerprinting methods. FreeBSD lover and defender. And Python developer.
Currently I’m working on the Innovation Labs department of BBVA Bank in Spain.
I have more than 10 years working for a lot of international leading companies of many different areas:
- Telecommunications companies.
- Innovations companies
- Insurance business.
- National and international banks.
- Building companies.
- Public administrations of different countries.
- Many other Spanish IBEX 35 market index companies.
I have experience in different areas of security auditing:
- Communications systems. Low and high network protocols. LAN, MAN and WAN networks.
- Web services and associated infrastructures.
- Another usual services: Mail, FTP, LDAP, VoIP…
- Source code analysis in different languages: Java, .Net, PHP and Python.
I love developing as a hobby. I developed in some languages:
- Python: Senior developer with many years of experience and a lot of tools published.
- C#: I was developed for a short time in this language and their frameworks: ASP MVC, WebForms or EF.
- Java: Like in C#, I developed some times in Java, strut or Spring
- PHP and Perl: Some times I developed tools or analyse some code in those languages.
Security tools & other open source projects
I’m creator, or co-creator, of lot of hacking tools and other open source projects. All of them were published as open source on my Github account. Here a brief summary:
- aiohttp-Swagger: Swagger API Documentation builder for aiohttp server.
- NoSQLInjection: This repository contains payload to test NoSQL Injections.
- aioTasks: A Celery like task manager that distributes Asyncio coroutines.
- DockerScan: Docker security analysis & hacking tools Edit.
- Vulnerable Node: A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools.
- Booleans.io hider: Hide information into boolean.io service.
- PyDiscover: Simple Secure and Lightweight Python Service Discovery.
- Enteletaor: Message Queue & Broker Injection tool.
- STB (Security Tool Builder): Security Tool Builder: project to automate the building of hacking tools
- Ktcal2: SSH brute forcer tool and library, using AsyncIO of Python 3.4.
- Info2CPE: Library to convert a information text (server banner, for example) into CPE v2.3 value.
- OpenVAS to Report: OpenVAS2Report: A set of tools to manager OpenVAS XML report files.
- OpenVAS Connector: OpenVAS connector for OMPv4.
- GoLismero: Automated tools and framework, able to import, unify a feedback many known tools running as only one.
- Plecost: WordPress vulnerability and fingerprinting tool
- Topera: Security tools for IPv6, with the particularity that their attacks can’t be detected by Snort IDS.
- Gason: Burp Suite plugin to connect SQlMap analyzer and proxy.
- ReMeMEP (Remember Me My Excel Password): PoC to find the forgotten passwords of your excel files.
- SIPFuzzer: Suite of tools for check SIP protocol.
- BaZIN: FreeBSD deployer and configurer script.
- OMSTD: Open Methodology for Security Tool Developers.