Valdenio Marinho A.K.A. "0xrh0d4m1n"
Independent Cybersecurity Researcher
Executive Summary
Passionate about cybersecurity, my fascination with hacking began in my youth and has remained a constant drive throughout my career. My journey started with an electrical engineering background, where I acquired a solid foundation in electronics and microcontrollers. Embracing the typical greatest IT minds path and following the path of many IT pioneers, I left academia to carve out my own path, a decision fueled by a desire to apply the robust knowledge base I had acquired. This led me to web development.
Transitioning into web development, I rapidly evolved into a Full Stack Web Developer, a transformation made possible by the unwavering and invaluable support of great mentors around the world. My curiosity soon led me to the cutting-edge technology of blockchain and NFTs, where I was actively involved in innovative projects. However, it was the intricate and dynamic field of cybersecurity that truly captivated me, prompting a deep dive into cryptography and a range of security disciplines.
I have completed top-tier courses on leading cybersecurity platforms, staying ahead of industry trends and mastering the most current practices. My education has been greatly enhanced by hands-on experience in advanced labs, where I've tackled real-world scenarios to hone my skills. Additionally, I have extensively practiced advanced bug bounty hunting techniques, participating in numerous platforms worldwide. This comprehensive, practical experience has not only broadened my technical expertise but also instilled a profound appreciation for the ever-evolving landscape of knowledge in cybersecurity. I am committed to continuing this exhilarating journey, always learning, always adapting, and always pushing the boundaries of what's possible in the digital world. Today, I stand with a profound understanding of cybersecurity, shaped by extensive practice and the humility gained from the Dunning-Kruger effect. I am eager to continue this journey, constantly expanding my knowledge and expertise.
Skills & Expertise
Technical Skills
-
Penetration Testing
Simulating cyber attacks to identify and exploit security vulnerabilities.
-
Risk Assessment
Evaluating and prioritizing potential risks to minimize the impact.
-
Vulnerability Assessment
Systematically identifying and quantifying security vulnerabilities in systems.
-
Security Operations
Overseeing and maintaining a secure operational computing environment.
-
Incident Response
Effectively managing and mitigating cyber incidents to minimize damage and recovery time.
-
Cyber Threat Intel
Analyzing and interpreting information about potential cyber threats to prevent attacks.
Programming Languages
-
Nim
I'm still exploring new languages like Nim, trying to adeptly leverage Nim's efficiency and expressive syntax to craft secure, high-performance applications with a focus on cybersecurity tooling.
-
JavaScript
My JavaScript expertise come from a long time, my background as developer made me possible to perform penetration testing on web applications, identifying and exploiting client-side vulnerabilities.
-
Python
My Python skills are honed for scripting powerful cybersecurity tools and also automating complex security tasks.
-
Shell Script
I'm constantly using ShellScript for automating security processes and orchestrating system-level tasks on Unix/Linux platforms.
-
Rust
With my proficiency in Rust, I delve into low-level programming to create my own high-performance cybersecurity tools.
-
Assembly
My knowledge of Assembly allows me to perform meticulous analysis and reverse engineering of malware through tools like Ghidra.
Tools & Technologies
-
Burp Suite
Skilled in utilizing Burp Suite for comprehensive web application security testing and uncovering critical vulnerabilities.
-
OWASP Zed Attack Proxy
Proficient with OWASP ZAP for automated security scanning and targeted manual testing of web apps.
-
Greenbone OpenVAS
Experienced in deploying OpenVAS to scan and evaluate the security of network services and systems.
-
Tenable Nessus
Well-versed in using Nessus to identify a wide range of vulnerabilities and security issues within company infrastructure.
-
Qualys, Inc.
Adept at leveraging Qualys for vulnerability management and securing web applications and cloud environments.
-
Rapid7 Metasploit
Knowledgeable in applying Metasploit for developing and executing exploit code to assess network defenses.
-
Nmap
Capable of conducting advanced network discovery and security auditing with Nmap to reveal potential vulnerabilities.
-
Wireshark
Experienced in packet analysis with Wireshark, monitoring and diagnosing network traffic for security investigations.
-
Ghidra
Utilize Ghidra for reverse engineering, dissecting malicious code to understand and mitigate attack vectors.
Certifications
Fortinet
-
Fortinet Cybersecurity Associate
-
Fortinet Cybersecurity Fundamentals
-
Fortinet Network Security Level 3
-
Fortinet Network Security Level 2
-
Fortinet Network Security Level 1
-
Cyber Professional Certification
-
Foundations of Cybersecurity
-
Manage Security Risks
-
Networks and Network Security
-
Linux and SQL
-
Assets, Threats and Vulnerabilities
-
Detection and Response
-
Cybersecurity Tasks with Python
-
Preparation for Cybersecurity Jobs
Cybrary
-
Offensive Penetration Testing
-
Advanced Penetration Testing
-
Penetration Testing
-
Penetration Testing & Ethical Hacking
-
OWASP TOP 10
-
CompTIA Security+
-
Cyber Kill Chain Framework
-
MITRE ATT&CK Framework
-
Security Operations Analyst (SOC)
-
CompTIA Linux+
-
System Administrator
-
CompTIA A+
TCM Security
-
Web Application Penetration Testing
-
API Hacking
-
Ethical Hacking
-
Movement, Pivoting, Persistence
-
Privilege Escalation Windows
-
Privilege Escalation Linux
-
External Pentest Playbook
-
Governance, Risk and Compliance
-
Open Source Intelligence (OSINT)
Try Hack Me
-
Offensive Pentest
-
CompTIA Pentest+
-
JR Pentest
Other
-
Palo Alto Networks Cybersecurity Foundation
-
EC Council Master OSINT
-
EC Council Reconnaissance
-
API Penetration Testing
Professional Experience
-
HackerOne
Independent Cyber Security Researcher
Remote
2023 - Present
- Successfully identified and reported a significant security vulnerability through HackerOne's Bug Bounty Program.
- Conducted thorough vulnerability assessments and penetration testing on a variety of web applications to uncover security issues.
- Maintained up-to-date knowledge of the latest cybersecurity threats and trends.
- Collaborated with security teams to responsibly disclose vulnerabilities.
- Honed skills by using a good variety of cybersecurity tools.
- Practiced many methodologies to conduct security assessments.
Education
-
B.Tech in Cybersecurity
University X
2023 - 2026
- Actively involved in cybersecurity research projects and student-led initiatives.
- Strong foundation in network security, cryptography, and ethical hacking principles.
-
Electrical Engineering
University Z
2014 - 2016
- Gained proficiency in programming languages (e.g., C, Python) for embedded systems design and automation tasks.
- Developed problem-solving and analytical skills, providing a solid base for cybersecurity work.
Projects
-
0xh3x73rs Team
Founding Member
2023 - 2024
- Co-founded a bug bounty team, demonstrating leadership and initiative in the cybersecurity field.
- Collaborated with team members to identify and report vulnerabilities in various web applications.
- Contributed to the successful identification of significant security flaws.
- Developed expertise in vulnerability research and reporting methodologies.
Achievements
-
1st Place - CTF Hacker Talent of the Month (HackerOne) -
Top 1% - Hacker Rankings (TryHackMe)
Languages
-
English: Fluent -
Portuguese: Fluent -
Spanish: Conversational
Download Resume
If you want to save my resume, you can download it below, feel free to contact me any time!