Finding what attackers find — first.
Penetration testing, ISO 27001 audits, and ongoing security consulting for teams that take it seriously.
Got an incident, a question, or a hunch?
Bring it to a free 30-minute call. Live incidents, vendor questions, architecture sanity checks - no pitch, just help.
Offensive Security Engineer.
I'm Francisco - based in Buenos Aires, working with companies across Latin America, USA and Europe. Background in computer engineering, currently focused on offensive security and ISMS work.
more about me →Three ways I work with companies.
Whether it's a one-time engagement or ongoing support, every project starts with the same question - what would an attacker do here?
Penetration testing
Web, API, internal and external. Manual exploitation backed by clear, actionable reports.
ISO 27001 consulting
Build and audit your ISMS. Bureau Veritas certified, hands-on with documentation and controls.
Security advisory
Ongoing consulting for teams without a full-time security hire. DevSecOps and architecture reviews.
Selected writing.
Fluffy - HTB Machine
We started by enumerating the provided credentials for the user j.fleischman and identified an SMB share named IT. After downloading files from the share, we discovered a PDF detailing…
Cypher - HTB Machine
Cypher is a HTB machine running a web app that relies on a Neo4j graph database. A Cypher-injection flaw lets us bypass the login logic and enumerate data. Then, an exposed directory holds a JAR file…
Artificial - HTB Machine
Artificial is a machine with a web interface that allows to upload and execute TensorFlow .h5 model files. The initial foothold was obtained by embedding a reverse shell code inside a Lambda layer…
Let's see if I can help.
Drop a line about what you're working on, or grab a 30-minute slot directly on my calendar.