root@security:~$whoami

Iván Santiago Lastra
Cybersecurity Portfolio | Red & Blue Team Labs and Projects

Systems Engineering student specializing in Offensive security, Penetration testing, and Security automation. Focus areas include web application security (OWASP Top 10), Linux and Windows hardening, and hands-on security labs in controlled environments. I document my methodology, findings, and mitigation strategies as technical write-ups.

View ProjectsLabs & Write-upsContact Me
🔐
10+
Security Labs
5+
Projects
🎯
OWASP
Top 10 Focus

Featured Projects

Hybrid Home Lab

Multi-Platform Security Environment

high

Advanced segmented network with VirtualBox, VMware, and Docker. Simulating enterprise infrastructure with Windows Server, vulnerable Ubuntu hosts, and containerized OWASP applications for realistic red/blue team exercises.

NetworkingVirtualizationDockerActive Directory

Web Application Pentesting

OWASP Top 10 Exploitation

critical

Comprehensive penetration testing methodology using Burp Suite, Nikto, and OWASP ZAP. Full workflow from reconnaissance and enumeration to exploitation and remediation documentation.

Burp SuiteOWASP ZAPSQL InjectionXSS

Network Security Monitoring

Detection & Response Lab

medium

Building a SIEM environment with log aggregation, alert rules, and threat detection. Analyzing attack patterns and creating custom detection signatures.

SIEMLog AnalysisIDS/IPSThreat Hunting

Security Automation Scripts

Python & Bash Tools

low

Custom security tools for vulnerability scanning, enumeration automation, and report generation. Focus on efficiency and reproducibility in security assessments.

PythonBashAutomationDevSecOps

Labs & Write-ups

Detailed technical documentation of security assessments: methodologies, findings, exploitation techniques, and defensive countermeasures for real-world scenarios.

Apache Server Hardening

2024

Complete security audit of Apache web server. Identifying and fixing information disclosure vulnerabilities, implementing security headers, and validating configurations.

LinuxApacheHardeningInfoSec

Secure DNS & Deployment

2024

End-to-end secure deployment pipeline using Cloudflare for DNS management and DDoS protection, with automated HTTPS provisioning and security best practices.

CloudflareDNSHTTPSDevSecOps

SQL Injection Deep Dive

2024

Exploring various SQL injection techniques from basic union-based to blind and time-based attacks. Includes both exploitation and secure coding practices.

SQLiWeb SecurityDatabaseOWASP

Active Directory Attacks

2024

Understanding common AD attack vectors: Kerberoasting, Pass-the-Hash, Golden Tickets. Lab setup, exploitation, and detection mechanisms.

ADWindowsPost-ExploitationRed Team

Technical Arsenal

Penetration Testing

  • Burp Suite
  • Metasploit
  • Nmap
  • Nikto
  • SQLMap
  • Hydra

Operating Systems

  • Kali Linux
  • Parrot OS
  • Ubuntu Server
  • Windows Server

Scripting & Automation

  • Python
  • Bash
  • PowerShell
  • Git

Web Technologies

  • OWASP Top 10
  • REST APIs
  • Docker
  • Nginx/Apache

Network Security

  • Wireshark
  • VPN
  • Firewalls
  • IDS/IPS

Cloud & DevSecOps

  • Cloudflare
  • Vercel
  • CI/CD
  • Infrastructure as Code

Get In Touch

Interested in collaboration, security consulting, or just want to connect? Feel free to reach out through any of these platforms.

GitHubLinkedIn

Email coming soon with proper SPF/DKIM/DMARC configuration

© 2025 Iván Lastra | Built with security in mind