Skip to content
View Groppoxx's full-sized avatar
🏀
Training or Coding
🏀
Training or Coding

Highlights

  • Pro

Block or report Groppoxx

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Groppoxx/README.md

Hi, I'm Iam Anthony Marcelo Alvarez Orellana

Typing SVG


About me

Cybersecurity GIF

I am an Information Systems Engineering student at Universidad Peruana de Ciencias Aplicadas (UPC), currently focused on Cybersecurity, with a stronger specialization in Web Pentesting, Offensive Security, Application Security, vulnerability analysis, and CTF competitions.

I am currently working at Fluid Attacks, where I continue strengthening my offensive security mindset and practical skills around real-world vulnerability assessment, secure development, and application security.

My current path is mainly oriented toward Web Application Security, understanding how modern applications break, how vulnerabilities are discovered, and how secure systems can be built from a deeper technical perspective.

I actively train through Hack The Box, TryHackMe, CTFs, security labs, vulnerability research, and personal writeups. I enjoy documenting what I learn, building tools, solving realistic exploitation scenarios, and improving every day as a security professional.

  • Main focus: Web Pentesting, AppSec, Offensive Security, CTFs and Vulnerability Research.
  • Currently working at: Fluid Attacks.
  • Currently learning:
    • Advanced Web Exploitation
    • OWASP Top 10 in real-world scenarios
    • Authentication and authorization vulnerabilities
    • API Security
    • Active Directory attacks and defenses
    • Cloud security fundamentals
    • Secure code review basics
  • Hands-on practice:
    • Web vulnerability analysis
    • CTFs and cybersecurity competitions
    • Hack The Box and TryHackMe labs
    • Linux privilege escalation
    • Python and Bash scripting for automation
    • Security writeups and technical documentation
  • I’m open to collaborating on:
    • Cybersecurity projects
    • Open source security tools
    • CTF writeups and labs
    • Web security and AppSec initiatives
    • Secure coding projects
  • Ask me about: Web Pentesting, CTFs, cybersecurity labs, Python scripting, Linux, AppSec, dashboards, or anything tech-related.
  • Outside of tech, I enjoy 🎶 listening to music, 🏀 playing basketball, and 🏋️ training at the gym.
  • 📫 Reach out to me at: iam_alvarez_orellana@hotmail.com

🛡️ Cybersecurity Focus

whoami

Web Pentesting enthusiast | Offensive Security learner | CTF player | AppSec explorer

current_status

Working at Fluid Attacks | Focused on Web Application Security

main_fields

Web Pentesting | AppSec | Offensive Security | CTFs | Linux | API Security | Cloud Security

mindset

🧠 “Break it. Understand it. Report it. Secure it.”

Popular repositories Loading

  1. CVE-2025-25198-PoC CVE-2025-25198-PoC Public

    PoC for CVE-2025-25198: automated Host header poisoning test for Mailcow - HTTPS listener, automatic cookie/CSRF handling, captures first reset link.

    Python 20 1

  2. CVE-2020-25042-PoC CVE-2020-25042-PoC Public

    PoC for CVE-2020-25042: automated Mara CMS 7.5 authenticated PHP upload to RCE, with login hash handling, shell reuse, custom payload support, and clean CLI output.

    Python 5

  3. CVE-2023-2825-PoC CVE-2023-2825-PoC Public

    PoC for CVE-2023-2825: automated GitLab 16.0.0 arbitrary file read via nested public groups, project upload traversal, reusable upload paths, and clean CLI output.

    Python 4

  4. invalidated-like-binary-bruteforce invalidated-like-binary-bruteforce Public

    Python helper for the HTB Invalidated challenge: session bypass and optional admin password extraction using LIKE BINARY.

    Python 1

  5. CC216-TP-2023-2-CC51 CC216-TP-2023-2-CC51 Public

  6. Groppoxx Groppoxx Public