š”ļø About Me
Hi, Iām Diogo Vieira, a Bug Bounty Hunter & Penetration Tester passionate about cybersecurity, ethical hacking, and responsible disclosure.
I work in web application security, network vulnerabilities, and exploit research, helping companies identify and fix security flaws before attackers can exploit them.
š Achievements & Recognitions
- šÆ Bug Bounty Programs: Disclosed security vulnerabilities in various organizations.
- š Recognized by Nokia for a responsible disclosure (December 2023).
- š ļø Skilled in: Web app security, Network analysis and vulnerabilites, recon automation, and exploit development.
- š„ļø Self-Hosting Enthusiast: Deploying and managing custom web applications and cloud infrastructure.
- TryHackMe: Old Top500, Now Top800
š ļø Technical Skills
1ļøā£ Web Application & API Security
- OWASP Top 10: Detecting & mitigating XSS, SQLi, CSRF, SSRF, and RCE vulnerabilities.
- API Security: Skilled in testing API endpoints for authorization flaws and token leakage.
- Burp Suite Proficiency: Used Burp for manual testing & automated security scans.
2ļøā£ Network Security & Red Teaming
- Active Directory Attacks: Completed Challanges like ADversary Badge, LDAP enumeration, Kerberoasting, and NTLM relay attacks on TryHackMe.
- Privilege Escalation: Mastered Windows Privilege Escalation (Windows Priv Esc) and Linux Privilege Escalation (Linux PrivEsc) on TryHackMe.
- Packet Analysis: Skilled in Wireshark and TCPDump
3ļøā£ Container & Cloud Security
- Docker Escape Techniques: Explored Multiple ways of Escaping Containers Like docker.
- Cloud Monitoring & Auditing: Hands-on experience in AWS, R2 Object Storage, and security audits.
4ļøā£ Penetration Testing & Exploit Development
- Metasploit Mastery: Exploited multiple times using Metasploit most of times.
- Hash Cracking: Used tools for Hash Cracking like JTR and HashCat.
- EternalBlue & SMB Exploitation: Successfully exploited EternalBlue CVE.
5ļøā£ Digital Forensics & Incident Response (DFIR)
- Log Analysis: Completed Logging Legend Badge, analyzing SIEM logs, firewall logs, and security events.
- Cyber Crisis Management: handling real-world security incidents.
- OSINT & Threat Intelligence: Iām specializing too in open-source intelligence gathering.
6ļøā£ Full-Stack Development & Self-Hosting
- Frontend: Learning React, Astro, and Tailwind CSS for web development.
- Backend: Already Worked with Node.js, Express, and PostgreSQL.
- Self-Hosting & DevOps: Deploying applications via Docker, Nginx, and Cloudflare R2 for an independent ecosystem. Already used other alternatives as Vercel, AWS S3, R2, WordPress And others
š¹ How I Work
I use a mix of manual testing and automated tools to discover vulnerabilities in web applications, mobile apps, and cloud environments. My workflow typically involves:
ā
Reconnaissance ā Mapping attack surfaces.
ā
Exploitation ā Identifying flaws, and exploiting them.
ā
Reporting ā Submitting clear, reproducible reports to security teams.
š Continuous Learning & Certifications
I continuously expand my skill set through TryHackMe, Hack The Box, and self-hosted labs. Other skills im seeking are
- Reverse engineering
- Building an OS
- Full Stack Development(Trying to get into it more)
š¬ Contact
Want to collaborate or discuss security? Feel free to reach out!
š§ Email: snowy@snowy.pt
š¦ Twitter: @SnowyY0_
š LinkedIn: SnowyY