HEY, I'M MAURO, AN ENGINEER SPECIALIZED IN
CYBERSECURITY OFF-SEC CLOUD-SEC BLOCKCHAIN

EXPERIENCED CYBERSECURITY PROFESSIONAL WITH A PROVEN TRACK RECORD OF SUCCESS IN INDUSTRY AND ACADEMIA, I'VE COMPLETED TWO CYBERSECURITY MASTERS AND WORKED AS A SECURITY ENGINEER FOCUSING ON DIFFERENT AREAS. I HOLD +20 HONORS, A PUBLICATION, AND MANY PROJECTS RELATED TO SECURITY.

Resume

$ WHOAMI

Hello, I am Mauro, born in Cospeito, Lugo, Spain (1998), where I attended compulsory education before starting the scientific-technological high school in Castro Ribeiras de Lea. After this stage, in 2016, I moved to A Coruña to study what I was most passionate about, Computer Science at the FIC, UDC (Universidade da Coruña). There, I became more interested in cybersecurity until, after finishing my Bachelor of Engineering, I completed my Master's degree in Cybersecurity (MUniCS). After this, in 2022, I received the academic excellence fellowship from the Barrié Foundation for postgraduate studies abroad, which allowed me to fulfill my dream of going abroad to study at NYU (New York University), where I coursed a Master of Science in Cybersecurity and was a member of the well-known cybersecurity club, OSIRIS. An experienced professional with many roles as a Security Engineer, a CTF player, and above all, an enthusiast of technology and security with a great attitude and desire to continue learning and undertake a successful career.

about-image

Works

Here are my main publications and personal projects, both those focused on theoretical developments or research, as well as those oriented to a more practical environment.

COVID-19 Digital Vaccination Passport Based on Blockchain with Its Own Cryptocurrency as a Reward and Mobile App for Its Use

(ENG) Published paper as a summary of my Final Undergraduate Project in the journal MDPI Engineering Proceedings and presented at the IV XoveTIC Scientific Congress.

A CTF-Based Exploration of Blockchain Vulnerabilities

(ENG) NYU's Blockchain course Final Project that mixes theoretical and practical concepts about Blockchain security using 3 CTFs challenges. All the project is explained in detail, from spinning up the infrastructure hosting the CTFd platform and the challenges; to the vulnerabilities exploited to solve the challenges.

Ciberseguridade en contornas industriais

(GAL) Nowadays, airports are critical infrastructures, as they are authentic interconnected cities. The following work tries to make a general review of cybersecurity in these areas, divided into social, infrastructure, and vehicles. For each of them, several attacks and vulnerabilities to exploit will be listed, as well as examples of attacks and security options.

Guía para la puesta en marcha de Elastiflow

(GAL) Guide for the start-up and deployment of Elastiflow, making the most of this Open Source framework and explaining in several chapters concepts such as the configuration of flow exporters, the visualization of the data it provides, without forgetting, of course, a very detailed step-by-step guide for its correct installation and configuration. It also has an appendix of possible errors and another of future "Next Steps".

Twitter + Spotify bot en AWS Lambda

(GAL) Python creation of a Twitter bot that uses data from Spotify's public API and operates from Amazon Cloud Computing's AWS Lambda tool.

QR Codes and its security

(ENG) A brief presentation on what QRs are and how they work, accompanied by a detailed analysis of their concepts related to cybersecurity such as vulnerabilities, associated exploits, and examples of attacks. A quick look at the cybersecurity of one of today's hottest attack vectors.

Pasaporte dixital de vacinación COVID-19 baseado en blockchain e aplicación móbil para o seu uso

(GAL) Own Final Undergraduate Project, fully Open Source, which creates a digital passport COVID-19 based on a private Blockchain based on Ethereum, with a system of incentives through a custom cryptocurrency and mobile applications distributed for use.

Análisis de dominios con FOCA

(ESP) Exploiting and exploring to the maximum the Eleven Paths Open Source version tool, trying to go through each and every one of the chapters exposed in the book Pentesting with FOCA, highlighting the key concepts and exemplifying various tests about its potential, as well as addressing recurring topics in cybersecurity such as vulnerability analysis, network discovery or metadata.

Ataques en Redes IPV6

(GAL) Studying IPV6 networks, from the explanation of basic concepts, to the exposition of different attacks to be performed on them, the enumeration of tools to take advantage of them, and the implementation of different practical environments such as Rogue servers or network discovery.

Despliegue de un cluster para HPC con Qlustar

(GAL) Deploying a cluster with virtual and real parts for high-performance computing with the free and Open Source Qlustar framework and analyzing its parts, capabilities, and operation. It includes an installation guide of the operating system, to real tests and monitoring of a deployed cluster, including the study of several frameworks related to clustering such as Slurm, Qluman, or Vagrant.

GRUB2 en detalle

(ESP) A presentation summarizing the operation of GRUB2, the UNIX bootloader par excellence, where topics such as its installation, the use of the shell, its configuration, and full customization, as well as less common topics about this framework such as its hardening, among other things, will be discussed.

Paradigmas de desarrollo Android - iOS

(ESP) The different development options are exposed to either move our Android app to the iOS environment or to make a common and simultaneous development for both. Special emphasis is given to the study of new technologies such as Flutter or KMM (Kotlin Multiplatform Mobile).

Pegasus

(ESP) In-depth review of everything related to the famous Pegasus spyware. The work will cover the most technical details of its operation and exploitation of security flaws, to its most famous cases and news. An extensive guide to everything behind Pegasus.

Rootkits en profundidade

(GAL) Analyzing to the maximum the unknown Rootkits. Both from a theoretical perspective, explaining its key concepts and delving into the forensic study of them, and from a practical one, exposing an extensive and detailed appendix with code, implementations, and tests of several rootkits, from less to more difficult.

WHAT DO YOU THINK?

If you have any questions, offers or suggestions, please do not hesitate to contact me:

Contact