About me


My name is Daniel García (also known as cr0hn). I’m a senior security researcher and penetration tester. I was the founder of Navaja Negra Security Conference and the Chapter Leader of OWASP Madrid – Spain

I’m a security researcher, pen-tester (or black box), source code analyst, DevSecOps and developer. I have bit strange profile. Between hacking and developer. I love the researching of anything and a I’m little obsessed with the idea that not everything is invented.

Expert in hidden channels and anti-fingerprinting methods. FreeBSD lover and defender. And Python developer.

Currently I’m working on the Innovation Labs department of BBVA Bank in Spain.

I have more than 10 years working for a lot of international leading companies of many different areas:

  • Telecommunications companies.
  • Lawyer.
  • Innovations companies
  • Insurance business.
  • National and international banks.
  • Building companies.
  • Public administrations of different countries.
  • Many other Spanish IBEX 35 market index companies.

I have experience in different areas of security auditing:

  • Communications systems. Low and high network protocols. LAN, MAN and WAN networks.
  • Web services and associated infrastructures.
  • Another usual services: Mail, FTP, LDAP, VoIP…
  • Source code analysis in different languages: Java, .Net, PHP and Python.

I love developing as a hobby. I developed in some languages:

  • Python: Senior developer with many years of experience and a lot of tools published.
  • C#: I was developed for a short time in this language and their frameworks: ASP MVC, WebForms or EF.
  • Java: Like in C#, I developed some times in Java, strut or Spring
  • PHP and Perl: Some times I developed tools or analyse some code in those languages.

Security tools & other open source projects

I’m creator, or co-creator, of lot of hacking tools and other open source projects. All of them were published as open source on my Github account. Here a brief summary:

  • aiohttp-Swagger: Swagger API Documentation builder for aiohttp server.
  • NoSQLInjection: This repository contains payload to test NoSQL Injections.
  • aioTasks: A Celery like task manager that distributes Asyncio coroutines.
  • DockerScan: Docker security analysis & hacking tools Edit.
  • Vulnerable Node: A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools.
  • Booleans.io hider: Hide information into boolean.io service.
  • PyDiscover: Simple Secure and Lightweight Python Service Discovery.
  • Enteletaor: Message Queue & Broker Injection tool.
  • STB (Security Tool Builder): Security Tool Builder: project to automate the building of hacking tools
  • Ktcal2: SSH brute forcer tool and library, using AsyncIO of Python 3.4.
  • Info2CPE: Library to convert a information text (server banner, for example) into CPE v2.3 value.
  • OpenVAS to Report: OpenVAS2Report: A set of tools to manager OpenVAS XML report files.
  • OpenVAS Connector: OpenVAS connector for OMPv4.
  • GoLismero: Automated tools and framework, able to import, unify a feedback many known tools running as only one.
  • Plecost: WordPress vulnerability and fingerprinting tool
  • Topera: Security tools for IPv6, with the particularity that their attacks can’t be detected by Snort IDS.
  • Gason: Burp Suite plugin to connect SQlMap analyzer and proxy.
  • ReMeMEP (Remember Me My Excel Password): PoC to find the forgotten passwords of your excel files.
  • SIPFuzzer: Suite of tools for check SIP protocol.
  • BaZIN: FreeBSD deployer and configurer script.
  • OMSTD: Open Methodology for Security Tool Developers.