Hello there! I’m Ricardo, an Ethical Hacker and Red Team Specialist from Madrid with 10 years of experience in offensive security, penetration testing, and incident response.
I hold a Telecommunications Engineering degree and a Master’s from Universidad Politécnica de Madrid, where I also spent two years in research. My expertise covers Red Team operations, ICS/SCADA systems, and advanced exploit and tool development. I’m skilled in Python, C#, Go and Bash.
My professional path started as a Researcher at Universidad Politécnica de Madrid, then moved into offensive security roles as a Penetration Tester at Indra and later at Innotec, where I also participated in Red Team missions and Incident Response. I now work as a Penetration Tester and Red Teamer at Siemens, focusing on critical infrastructure and industrial systems. In parallel, I participate in private bug bounty programs through Synack Red Team and work as an instructor for OffSec trainings.
Personal projects
Some open-source tools I’ve built, available on my GitHub:
- NativeDump – Dump lsass using only NTAPIs, optionally remapping ntdll
- TrickDump – Dump lsass generating JSON/ZIP instead of a Minidump file
- SAMDump – Extract SAM/SYSTEM via Volume Shadow Copy (VSS) API
- NativeBypassCredGuard – Bypass Credential Guard patching WDigest.dll via NTAPI
- SharpCovertTube – YouTube as C2 channel using QR codes in videos
Certifications
| Certification | Issuer |
|---|---|
| GIAC Experienced Penetration Tester (GX-PT) | GIAC Certifications |
| GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) | GIAC Certifications |
| GIAC Penetration Tester (GPEN) | GIAC Certifications |
| GIAC Red Team Professional (GRTP) | GIAC Certifications |
| GIAC Web Application Penetration Tester (GWAPT) | GIAC Certifications |
| GIAC Certified Incident Handler Certification (GCIH) | GIAC Certifications |
| GIAC Cloud Penetration Tester (GCPN) | GIAC Certifications |
| Offensive Security Certified Expert 3 (OSCE3) | Offensive Security |
| Offensive Security Experienced Penetration Tester (OSEP) | Offensive Security |
| Offensive Security Exploit Developer (OSED) | Offensive Security |
| Offensive Security Web Expert (OSWE) | Offensive Security |
| Offensive Security Certified Expert (OSCE) | Offensive Security |
| Offensive Security Certified Professional (OSCP) | Offensive Security |
| Offensive Security Wireless Professional (OSWP) | Offensive Security |
| Offensive Security Incident Responder (OSIR) | Offensive Security |
| Offensive Security Threat Hunter (OSTH) | Offensive Security |
| Assessing and Exploiting Control Systems and IIoT | Black Hat |
| Burp Suite Certified Practitioner | PortSwigger |
| Certified Enterprise Security Specialist (PACES) | Pentester Academy |
| Certified Red Team Expert (CRTE) | Pentester Academy |
| Certified Azure Red Team Professional (CARTP) | Pentester Academy |
| Certified Red Team Master (CRTM) | Altered Security |
| Certified Enterprise Security Professional - AD CS (CESP-ADCS) | Altered Security |
| Pentester Academy Cloud Security Professional (PACSP) | Altered Security |
| SecurityTube Linux Assembly Expert (SLAE-32) | SecurityTube |
| Cisco Certified Network Associate | Cisco |
| Cisco Certified Network Associate Routing and Switching | Cisco |
| eLearnSecurity Certified Penetration Tester Extreme (eCPTX) | eLearnSecurity |
| Certified Red Team Operator (CRTO) | Zero-Point Security |
| Certified Red Team Lead (CRTL) | Zero-Point Security |
| Hack The Box Pro Labs: Alchemy | Hack The Box |
| Hack The Box Pro Labs: APTLabs | Hack The Box |
| Hack The Box Pro Labs: Cybernetics | Hack The Box |
| Hack The Box Pro Labs: Dante | Hack The Box |
| Hack The Box Pro Labs: Hailstorm | Hack The Box |
| Hack The Box Pro Labs: Offshore | Hack The Box |
| Hack The Box Pro Labs: Rastalabs | Hack The Box |
| Microsoft Certified: Azure Security Engineer Associate (AZ-500) | Microsoft |
| Microsoft Certified: Azure Fundamentals (AZ-900) | Microsoft |
| Microsoft Certified: Security, Compliance and Identity (SC-900) | Microsoft |
| Microsoft Certified: Azure AI (AI-900) | Microsoft |
| Microsoft Certified: Azure Data (DP-900) | Microsoft |
| AWS Certified Cloud Practitioner | Amazon Web Services |
| Red Team Operator – Windows Persistence and Windows Evasion | Sektor7 |
| Red Team Operator – Malware Development Essentials and Intermediate | Sektor7 |
| Malware Development Course | MalDev Academy |
| CyberWarFare Labs Red Team Specialist (CRTS) | CyberWarFare Labs |
| Hybrid Multi-Cloud Red Team | CyberWarFare Labs |
| Multi-Cloud Red Team Analyst | CyberWarFare Labs |
| Practical Industrial Control Systems Penetration Testing | Udemy |
Contact
LinkedIn: https://www.linkedin.com/in/ricardojoserf/
Twitter: https://x.com/ricardojoserf
Feel free to reach out about security research, tool development, or anything offensive security related!
