██████╗ ██╗ ██╗██╗ ██╗ █████╗ ███╗ ██╗ ██████╗ ██╗ ██╗ █████╗ ██████╗ ██████╗
██╔═████╗╚██╗██╔╝██║ ██║██╔══██╗████╗ ██║██╔════╝ ██║ ██║██╔══██╗██╔══██╗██╔══██╗
██║██╔██║ ╚███╔╝ ██║ ██║███████║██╔██╗██║██║ ███╗██║ ██║███████║██████╔╝██║ ██║
████╔╝██║ ██╔██╗ ╚██╗ ██╔╝██╔══██║██║╚████║██║ ██║██║ ██║██╔══██║██╔══██╗██║ ██║
╚██████╔╝██╔╝╚██╗ ╚████╔╝ ██║ ██║██║ ╚███║╚██████╔╝╚██████╔╝██║ ██║██║ ██║██████╔╝
╚═════╝ ╚═╝ ╚═╝ ╚═══╝ ╚═╝ ╚═╝╚═╝ ╚══╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═════╝
Security Analyst · AppSec · OSINT · Blue Team · DevSecOps
Security practitioner from Colombia focused on applied offensive and defensive security. I don't just list tools — I document the why, the how, the risk, and the fix.
- 🔴 Red/AppSec: web vulnerabilities (OWASP Top 10 + API Security), recon, OSINT, exploitation workflows
- 🔵 Blue Team: SIEM deployment (Wazuh), log analysis, alert tuning, MITRE ATT&CK-mapped detections
- 🟣 Purple: bridging findings to remediations, threat modeling, DevSecOps pipelines
- 🤖 AI Security: LLM attack surfaces, prompt injection, AI-assisted threat hunting
"Un portafolio real no dice 'sé herramientas'. Dice: puedo investigar, documentar evidencia, explicar riesgo y comunicar una remediación."
| Layer | Tools & Frameworks |
|---|---|
| Languages | Python · Bash · JavaScript · SQL |
| AppSec / Web | Burp Suite · OWASP WSTG · PortSwigger Labs · Nikto · SQLMap |
| OSINT & Recon | Shodan · theHarvester · Maltego · WHOIS APIs · Recon-ng |
| Blue Team / SIEM | Wazuh · Splunk (basic) · ELK Stack · Sigma rules |
| Frameworks | OWASP Top 10 · MITRE ATT&CK · PTES · NIST CSF |
| Infra / DevSecOps | Docker · GitHub Actions · Linux (Pop OS · Mint) · VPS |
| AI Tooling | LangChain · OpenAI API · Claude · Prompt Engineering |
Each project includes: objective → methodology → evidence → risk → remediation
| Project | Description | Frameworks |
|---|---|---|
writeups-portswigger |
Technical writeups of PortSwigger Web Security Academy labs — SQL injection, XSS, SSRF, IDOR, Web LLM attacks. Each writeup follows OWASP WSTG format with executive summary + finding + evidence + remediation | OWASP WSTG · CWE |
api-security-labs |
Practical analysis of OWASP API Security Top 10 vulnerabilities on intentionally vulnerable apps (crAPI, vAPI). Documented with risk impact and fix | OWASP API Top 10 |
osint-recon-toolkit |
Python automation for OSINT recon workflows — passive fingerprinting, data aggregation, report generation | PTES Recon Phase |
| Project | Description | Frameworks |
|---|---|---|
wazuh-homelab-siem |
Full Wazuh deployment on local VM — agent enrollment, custom rules, log analysis, alert tuning. Documented as a production-grade implementation report | MITRE ATT&CK · Wazuh |
mitre-detection-rules |
Custom Wazuh/Sigma detection rules mapped to MITRE ATT&CK techniques (T1059, T1078, T1190). Includes TP/FP analysis per rule | MITRE ATT&CK |
log-analysis-lab |
Structured log analysis exercises — identifying C2 beaconing, brute force patterns, lateral movement indicators in raw Apache/auth logs | MITRE · Sigma |
| Project | Description | Frameworks |
|---|---|---|
pentest-report-template |
Professional penetration test report template following OWASP WSTG + PTES structure: executive summary → scope → findings → CVSS scoring → remediations | OWASP · PTES · CVSS |
trillion-income-streams |
Web platform organizing income vectors with hacker-style UI, Docker backend and Grafana dashboard | Python · FastAPI · Docker |
Every security finding I document uses this structure (based on OWASP WSTG + PTES):
📋 EXECUTIVE SUMMARY → What was found, severity, business risk
🔍 SCOPE & METHODOLOGY → Test parameters, tools used, rules of engagement
🎯 FINDING → Vulnerability, CWE/CVE reference, MITRE technique
📸 EVIDENCE → Reproducible proof (request/response, payload, PoC)
💥 IMPACT → Technical + business risk explanation
🛠️ REMEDIATION → Specific fix with code/config example where applicable
📊 CVSS SCORE → Calculated severity vector
No capturas sueltas. No flags sin contexto. Solo criterio técnico documentado.
- 📘 Information Security — Politécnico Grancolombiano (Aug 2026 →)
- 🎯 Ethical Hacking & DevSecOps — CIIF Latam (in progress)
- 🏛️ Multiple IT & Cybersecurity courses — SENA
- 🌐 PortSwigger Web Security Academy — Advanced labs (ongoing)
- 🔐 TryHackMe / Hack The Box — Active practitioner
Contributing to security-related open source projects is how I validate knowledge beyond labs.
- 🔍 Reviewing CVE reports and open issues in security tooling repos
- 🛡️ Targeting projects with known vulnerabilities needing fixes (Open CSF and similar)
- 📖 Documenting security improvements with full evidence and remediation
"Si podés mostrar un commit que soluciona un problema de seguridad real, eso vale más que cualquier certificado."
| Platform | Link |
|---|---|
| 🐙 GitHub | @0xvanguard |
| 🌐 Portfolio Web | 0xvanguard.github.io/trillion-income-streams |
| Próximamente | |
| Disponible en solicitud |
[ Built with purpose from Bogotá, Colombia ]
[ Criterion over credentials. Evidence over screenshots. ]



