Jacking

Statistics and recognitions from various cybersecurity platforms and competitions.

About me

2019

Graduated in Telecommunication Technologies Engineering from the University of Seville.

2019

Cybersecurity Specialist at Wellness Tech / IRIS Sentinel.

2019

Speaker at the SecAdmin 2019 conference.

2022

Finalist CTF Team Spain ECSC 2022 - INCIBE.

2022

Finalist CTF SecAdmin 2022.

2023

Pentester at Telefonica.

2024

I do bug bounty part-time.

Pentesting - HackTheBox

Statistics

Name:

j0tt4

Country:

Spain

Users:

Roots:

Users 🩸:

Roots 🩸:

Points:

Rank:

Hacker (3/7)

Hall of Fame:

842

Challenges

Reversing

9% (6/66)

Crypto

6% (5/88)

Pwn

2% (2/90)

Web

30% (29/96)

Misc

19% (7/36)

Forensics

10% (6/58)

Mobile

6% (1/17)

OSINT

86% (6/7)

Hardware

3% (1/33)

GamePwn

9% (1/11)

Blockchain

0% (0/10)

Pentesting - PortSwigger

Learning Paths

Server-side vulnerabilities

100% (51/51)

SQL injection

73% (37/51)

API testing

100% (29/29)

Web LLM attacks

100% (17/17)

Clickjacking

100% (19/19)

Vulnerability labs

Apprentice

100% (59/59)

Practitioner

72% (122/171)

Expert

46% (18/39)

Categories

SQL Injection

50%

XSS

93%

CSRF

100%

Clickjacking

100%

DOM-based

100%

CORS

100%

XXE

100%

SSRF

100%

HTTP Request Smuggling

24%

Command Injection

100%

SSTI

100%

Path Traversal

100%

Access Control

100%

Authentication

57%

WebSockets

100%

WCP

100%

Insecure Deserialization

60%

Information Disclosure

100%

Business Logic

33%

Host Header

71%

OAuth

17%

File Upload

86%

JWT

75%

Essential Skills

100%

Prototype Pollution

GraphQL

100%

Race Conditions

33%

NoSQL Injection

100%

API Testing

100%

LLM

100%

WCD

80%

Bug Bounty - HackerOne

Badges

Bounty Hunter

June 16, 2023

First bounty received

Bounty Hunter

November 7, 2024

Ten bounties received

TrailBlazer

August 3, 2023

Was the first of multiple reporters to report a vulnerability

Insecticide

August 3, 2023

First report closed as resolved

Publish or Perish

August 14, 2023

Publicly disclosed a report

Good Samaritan

October 6, 2023

Resolved a report with a team that doesnt pay bounties

Diversity

October 18, 2024

Reported bugs to 5 different teams

Streaker

July 3, 2024

Two reports in a row were closed as resolved

A1: Injection

August 3, 2023

Reported a valid Injection vulnerability

A3: Sensitive Data Exposure

June 20, 2024

Reported a valid Sensitive Data Exposure vulnerability

A5: Broken Access Control

December 3, 2024

Reported a valid Broken Access Control vulnerability

A7: Cross-Site Scripting (XSS)

July 3, 2024

Reported a valid Cross-Site Scripting (XSS) vulnerability

CTF

CERTS