Skip to content
View DowncastedGabe's full-sized avatar
🎯
Focusing
🎯
Focusing
  • São paulo, São Bernardo do Campo

Block or report DowncastedGabe

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
DowncastedGabe/README.md


stats graph languages graph

🛡️ Gabriel Alexsander Pessotti Locatelli | Cybersecurity Internship Candidate

"Absolute security does not exist. What exists is risk management."

🚀 About Me

Hello! I am [Gabriel], currently a [1st] year student of [Information Security] at [Cruzeiro do Sul]. My passion for cybersecurity stems from a deep curiosity to understand how systems are built—and how they can be broken and, most importantly, hardened.

I am focused on building a solid foundation in the core pillars of security and applying that knowledge to practical scenarios. I am seeking an internship opportunity where I can actively contribute, learn from experienced professionals, and translate theoretical knowledge into effective security solutions.

  • Targeting Internships in: SOC (Security Operations Center), Vulnerability Analysis, or Security Governance.
  • Email: [downcastedgabe@gmail.com]


📚 Foundations and Technical Knowledge

My knowledge base is centered on security principles and the core technologies essential to the field.

1. Security Principles

Concept Description
CIA Triad Understanding the pillars: Confidentiality, Integrity, and Availability.
Common Attacks Foundational knowledge of the OWASP Top 10 (SQLi, XSS, CSRF, etc.) and mitigation techniques (sanitization, validation).
Access Management Understanding AAA (Authentication, Authorization, and Auditing) and Zero Trust concepts.
Cryptography Differentiating between Symmetric (AES) and Asymmetric (RSA) cryptography, and the use of Hashing (SHA-256) for integrity.

2. Networking and Systems

  • Networking (OSI Model): Understanding layers and key protocols (TCP/IP, HTTP/HTTPS, DNS).
  • Operating Systems: Familiarity with basic commands and file handling in Linux (Kali/Ubuntu) and Windows.
  • Cloud Computing: Introductory knowledge of service models (IaaS, PaaS, SaaS) and fundamental cloud security principles.

3. Programming and Scripting

  • Python: Intermediate proficiency. Focused on writing scripts for security automation tasks (log analysis, port scanning, data collection).
  • Bash/PowerShell: Ability to write basic scripts for administration and task automation in Linux and Windows environments.

python logo html5 logo css logo bootstrap logo

🛠️ Practical Experience (Projects and Labs)

1. Foundational Penetration Testing

  • Network Scanning (Nmap): Practical use of Nmap for port enumeration, service identification, and vulnerability detection in authorized VMs. (Mention specific scanning techniques if possible, like NFS enumeration).
  • Password Cracking (John the Ripper): Experience using John in Wordlist and Single Crack modes to test password strength and understand the fundamentals of dictionary attacks.
  • Web Vulnerability Analysis: Hands-on practice with SQL Injection (SQLi) and XSS scenarios in controlled lab environments (e.g., OWASP Juice Shop, DVWA).

2. Security Automation (Python)

  • **Nemesis: > An interactive, terminal-based (TUI) security tool built in Python to streamline penetration testing and SOC routines. Nemesis unifies three critical security workflows into a single, fluid interface:
  1. Network Scanning: Orchestrates Nmap scans, parses vulnerabilities, and provides automated mitigation recommendations.
  2. Defensive Web Auditing: Enumerates directories, parses HTML forms for injection points, and detects missing security headers or active WAFs.
  3. OSINT & Subdomain Takeover: Hunts for subdomains via crt.sh and VirusTotal, validating DNS resolution to identify potential takeover vulnerabilities. All results are automatically structured and saved as JSON for easy reporting. Built with Textual, python-nmap, BeautifulSoup4, and dnspython.
  • **SIEM:> A practical Security Information and Event Management (SIEM) project focused on threat detection, log analysis, and Blue Team operations. This repository demonstrates hands-on SOC (Security Operations Center) capabilities by centralizing and analyzing security events to protect infrastructure against cyber threats. Key Highlights:
  • Log Ingestion & Parsing: Collects and normalizes raw data from multiple sources, providing a unified and structured view of the environment's security posture.
  • Threat Detection & Correlation: Utilizes custom detection rules to identify anomalous behavior, unauthorized access attempts, and potential intrusions in real-time.
  • Incident Response Readiness: Generates actionable alerts and detailed event logs to streamline the triage, investigation, and mitigation processes.

🏆 Certifications


Pinned Loading

  1. threat-pro threat-pro Public

    Advanced Threat Intelligence Dashboard: Automated URL/File analysis, IOC extraction, and real-time security monitoring.

    Python

  2. SIEM SIEM Public

    SIEM desenvolvido para botar em pratica meu aprendizado

    Python

  3. Nemesis Nemesis Public

    Nemesis Scan desenvolvido com TUI & Python.

    Python

  4. enterprise-soar-ai enterprise-soar-ai Public

    Python 2

  5. HydraC2 HydraC2 Public

    Academic Command & Control (C2) ecosystem built in Python with end-to-end Fernet encryption, dynamic memory processing (fileless), and resilient beaconing handlers.

    Python