"Absolute security does not exist. What exists is risk management."
Hello! I am [Gabriel], currently a [1st] year student of [Information Security] at [Cruzeiro do Sul]. My passion for cybersecurity stems from a deep curiosity to understand how systems are built—and how they can be broken and, most importantly, hardened.
I am focused on building a solid foundation in the core pillars of security and applying that knowledge to practical scenarios. I am seeking an internship opportunity where I can actively contribute, learn from experienced professionals, and translate theoretical knowledge into effective security solutions.
- Targeting Internships in: SOC (Security Operations Center), Vulnerability Analysis, or Security Governance.
- Email: [downcastedgabe@gmail.com]
My knowledge base is centered on security principles and the core technologies essential to the field.
| Concept | Description |
|---|---|
| CIA Triad | Understanding the pillars: Confidentiality, Integrity, and Availability. |
| Common Attacks | Foundational knowledge of the OWASP Top 10 (SQLi, XSS, CSRF, etc.) and mitigation techniques (sanitization, validation). |
| Access Management | Understanding AAA (Authentication, Authorization, and Auditing) and Zero Trust concepts. |
| Cryptography | Differentiating between Symmetric (AES) and Asymmetric (RSA) cryptography, and the use of Hashing (SHA-256) for integrity. |
- Networking (OSI Model): Understanding layers and key protocols (TCP/IP, HTTP/HTTPS, DNS).
- Operating Systems: Familiarity with basic commands and file handling in Linux (Kali/Ubuntu) and Windows.
- Cloud Computing: Introductory knowledge of service models (IaaS, PaaS, SaaS) and fundamental cloud security principles.
- Python: Intermediate proficiency. Focused on writing scripts for security automation tasks (log analysis, port scanning, data collection).
- Bash/PowerShell: Ability to write basic scripts for administration and task automation in Linux and Windows environments.
- Network Scanning (Nmap): Practical use of Nmap for port enumeration, service identification, and vulnerability detection in authorized VMs. (Mention specific scanning techniques if possible, like NFS enumeration).
- Password Cracking (John the Ripper): Experience using John in Wordlist and Single Crack modes to test password strength and understand the fundamentals of dictionary attacks.
- Web Vulnerability Analysis: Hands-on practice with SQL Injection (SQLi) and XSS scenarios in controlled lab environments (e.g., OWASP Juice Shop, DVWA).
- **Nemesis: > An interactive, terminal-based (TUI) security tool built in Python to streamline penetration testing and SOC routines. Nemesis unifies three critical security workflows into a single, fluid interface:
- Network Scanning: Orchestrates Nmap scans, parses vulnerabilities, and provides automated mitigation recommendations.
- Defensive Web Auditing: Enumerates directories, parses HTML forms for injection points, and detects missing security headers or active WAFs.
- OSINT & Subdomain Takeover: Hunts for subdomains via
crt.shand VirusTotal, validating DNS resolution to identify potential takeover vulnerabilities. All results are automatically structured and saved as JSON for easy reporting. Built withTextual,python-nmap,BeautifulSoup4, anddnspython.
- **SIEM:> A practical Security Information and Event Management (SIEM) project focused on threat detection, log analysis, and Blue Team operations. This repository demonstrates hands-on SOC (Security Operations Center) capabilities by centralizing and analyzing security events to protect infrastructure against cyber threats. Key Highlights:
- Log Ingestion & Parsing: Collects and normalizes raw data from multiple sources, providing a unified and structured view of the environment's security posture.
- Threat Detection & Correlation: Utilizes custom detection rules to identify anomalous behavior, unauthorized access attempts, and potential intrusions in real-time.
- Incident Response Readiness: Generates actionable alerts and detailed event logs to streamline the triage, investigation, and mitigation processes.
- Courses/Platforms:
- TryHackMe: Pre Security Path Certificate
- TryHackMe: Cyber Security 101 Certificate
- TryHackMe: Jr Penetration Tester Certificate
