David Fernández

Principal Security Engineer | Security Researcher

root@security:~# whoami
→ Offensive Security Professional
root@security:~# cat specialties.txt
→ Red Team Operations
→ Security Research
Show Certifications Contact
David Fernández - Security Researcher

[ WORK EXPERIENCE ]

Red Team Operations | Security Assessments

Principal Security Engineer

SeguridadSI

January 2025 - Current

I am a lead Red Team auditor for various clients through the company SeguridadSI.

I have conducted external audits of web servers and have also worked with clients’ internal networks. I have used tools such as BurpSuite to hack websites and APIs, and PowerView, BloodHound, and Impacket, among others, to audit the security of Active Directory environments, both on-premises and in the cloud (Azure).

In addition, I have been responsible for preparing security reports for these clients, detailing the measures that need to be taken and the implications of each finding.

Red Team BurpSuite Web Hacking API Security Active Directory Azure PowerView BloodHound Impacket Security Reports Pentesting

[ BLOG ]

Security Research

[ CERTIFICATIONS ]

Offensive Security Certified | Constantly Evolving

✓ Completed
🔓

OSCP

Offensive Security

Offensive Security Certified Professional. A hands-on certification that validates skills in infrastructure penetration testing through a 24-hour exam.

Pentesting Privilege Escalation Buffer Overflow Active Directory
✓ Completed
🎯

CRTE

Altered Security

Certified Red Team Expert. Advanced specialization in Active Directory attacks, lateral movement, and evading corporate defenses.

Active Directory Red Teaming Lateral Movement Evasion
✓ Completed
⚔️

CRTO

Zero-Point Security

Certified Red Team Operator. Proficiency in red team techniques using Cobalt Strike, C2 frameworks, and offensive operations in corporate environments.

Cobalt Strike C2 Infrastructure OPSEC Post-Exploitation
⏳ In Progress
🍎

CIED

Mobile Hacking Lab

Certified iOS Exploit Developer. A certification that specializes in iOS Userland Fuzzing & Exploitation.

Pentesting Privilege Escalation iOS Binary Exploitation

[ Tools that I love to use ]

Hacking tools and methodologies

Web Exploitation

  • Burp Suite Professional
  • SQL Injection (Advanced)
  • XSS & CSRF Attacks
  • SSRF & XXE Exploitation
  • Authentication Bypass
  • API Security Testing

Red Team & AD

  • Active Directory Attacks
  • Cobalt Strike / Sliver
  • Kerberos Attacks (Kerberoasting)
  • Lateral Movement
  • Credential Dumping
  • Domain Persistence

Reconnaissance

  • OSINT & Information Gathering
  • Subdomain Enumeration
  • Nmap & Port Scanning
  • Directory Bruteforcing
  • DNS & Email Recon
  • Social Engineering

Programming & Scripting

  • Python (Automation & Exploits)
  • Bash Scripting
  • PowerShell
  • JavaScript (Node.js)
  • C/C++ (Binary Exploitation)
  • Assembly (x86/x64)

[ CONTACT ]

Available for security consulting, web application penetration testing, and red team projects. Let’s talk about how I can help secure your infrastructure.