What penetration testing services does Daniel Ordonez Arango offer?

Daniel Ordonez Arango offers web application penetration testing, network and infrastructure assessments, Active Directory security reviews, privilege escalation analysis, AI/LLM red teaming, and detailed remediation reporting. Available remotely for freelance engagements.

Is Daniel Ordonez Arango certified as a penetration tester?

Daniel Ordonez Arango has completed the CPTS, CDSA, CJCA and CWEE paths on HTB Academy. He ranks in the Top 1% globally on Hack The Box with 658 targets compromised. He also holds the IBM Cybersecurity Analyst and Google Cybersecurity Professional certificates.

Where is Daniel Ordonez Arango based and does he work remotely?

Daniel Ordonez Arango is based in Colombia and is fully available for remote penetration testing engagements worldwide. He works in both English and Spanish.

How can I contact Daniel Ordonez Arango for a penetration test?

You can reach Daniel via email at danielordonezarango@gmail.com, through the contact form on danieloa.com, or via LinkedIn at linkedin.com/in/danie125/. He is currently open to new engagements.

Daniel Ordonez Arango | Penetration Tester

Daniel Ordonez Arango

Available for engagements

Penetration tester with experience across web applications, networks and systems.

My work covers the full engagement cycle — reconnaissance, exploitation and clear written reporting that both technical teams and decision-makers can act on. A development background helps me trace vulnerabilities to root cause and propose realistic fixes.

Web Pentest

Networks

Active Directory

SOC / DFIR

AI / LLM

Get in touch View original CV Verified by HTB Academy

12 HTB paths completed
658 Targets compromised
Top 1% HTB ranking

[ ABOUT ]

I approach each engagement from the perspective of someone who has built software — understanding how vulnerabilities are introduced makes them easier to find and enables remediation advice that actually works. My training spans the full attack surface: web application exploitation, Active Directory attacks, network pivoting, privilege escalation, binary exploitation and incident response — covering both offensive and defensive angles.

[ PROFESSIONAL EXPERIENCE ]

Real-World Impact & Career Timeline

Why this profile stands out

Offensive + Defensive Context I assess weaknesses with an attacker mindset while keeping remediation and defensive priorities in focus.

Application + Infrastructure View I work across web applications, internal networks, servers and databases, providing comprehensive security coverage.

Incident Response Training Trained in DFIR through the CDSA path — covering threat triage, forensic analysis and incident containment procedures.

Builder Knowledge My development background helps connect vulnerabilities with implementation realities, making remediation more practical.

Operational history

Zeroazul

Full-Stack Developer & Security Specialist · Dec 2025 – Apr 2026

Web application development using PHP, JavaScript and Node.js with security integrated from the start.
Network and application security — hardening, vulnerability assessments and secure architecture decisions.
Linux server administration — deployment, configuration and maintenance of production environments.

HTB Academy — CPTS & CWEE Paths

Offensive Security Training · 2025

Completed full penetration testing methodology covering web apps, networks and Active Directory through the CPTS path.
Covered advanced server-side and client-side web exploitation techniques through the CWEE path.
Trained in professional reporting — translating technical findings into actionable business impact.

HTB Academy — CDSA Path

Defensive Security Training · 2025

Trained in SIEM monitoring and log analysis using Splunk and Elastic Stack.
Completed DFIR and incident response labs, including forensic acquisition and threat triage.
Built detection rules with Suricata/Snort and developed incident response playbooks for common attack patterns.

[ TECHNICAL ARSENAL ]

Offensive / Pentesting Tools

Burp Suite Nmap Metasploit Hashcat ffuf Hydra SQLMap Impacket BloodHound PowerView / SharpHound Responder CrackMapExec Netcat Wireshark Shodan Aircrack-ng

Defensive / DFIR Tools

Splunk Elastic Stack Suricata Zeek Sysmon YARA Sigma Volatility FTK Imager Velociraptor x64dbg KAPE

Programming & Scripting

Python JavaScript Bash PowerShell SQL C

Infrastructure & Platforms

Linux Windows Server Docker REST APIs MySQL/PostgreSQL Git VPS Active Directory

Compliance & Methodologies

MITRE ATT&CK NIST Cybersecurity Framework PTES

[ 658 TARGETS COMPROMISED ]

Web Application Exploitation SQL injection, XSS, CSRF, SSRF, file upload bypasses, authentication flaws, API vulnerabilities, insecure deserialization, XXE, broken access control, IDOR and command injection. Covered through the CPTS and Web Penetration Tester paths.

Active Directory Attacks Kerberoasting, AS-REP roasting, DCSync, Pass-the-Hash, Pass-the-Ticket, GPO abuse, ACL exploitation, BloodHound enumeration, domain privilege escalation and persistence techniques. Covered through the Penetration Tester and Active Directory Enumeration paths — also trained in AD hardening and detection engineering.

Privilege Escalation Linux: SUID/SGID binaries, kernel exploits, sudo misconfigurations, cron job abuse, writable paths and NFS shares. Windows: SeImpersonatePrivilege, unquoted service paths, DLL hijacking, registry manipulation and token impersonation.

Network & Service Exploitation SMB, RDP, SSH, FTP, SNMP, WinRM and MSSQL exploitation. Port forwarding, proxychains, pivoting through compromised hosts, tunneling and lateral movement across segmented networks.

Reconnaissance & Enumeration Passive and active recon using Nmap, Masscan, Gobuster, ffuf, Wfuzz, Feroxbuster, Shodan and OSINT techniques. DNS enumeration, subdomain discovery, virtual host fuzzing and certificate transparency lookups.

SOC Analysis & Threat Detection Log analysis, SIEM monitoring with Splunk and Elastic Stack, traffic analysis with Wireshark and tcpdump, IDS/IPS rule tuning with Suricata and Snort. DFIR activities, threat hunting and incident triage. Covered through the CDSA and SOC Analyst paths.

Binary Exploitation Buffer overflow attacks on 32-bit Windows and Linux systems, CPU architecture and register analysis, shellcode development, Python exploit scripting, and stack-based overflow techniques. Covered through the Intro to Binary Exploitation path.

Post-Exploitation & Persistence Credential dumping with Mimikatz and secretsdump, C2 staging concepts, maintaining access via scheduled tasks and registry run keys, data exfiltration techniques and covering tracks across Windows and Linux environments.

AI / LLM Red Teaming Prompt injection attacks, adversarial ML, LLM output manipulation, AI data pipeline exploitation, model evasion (white-box and black-box), MCP protocol vulnerabilities and AI application attacks. Covered through the AI Red Teamer path modules.

Wi-Fi Penetration Testing WPA/WPA2 handshake capture, PMKID attacks, evil twin access points, deauthentication attacks, WPS exploitation, password cracking with Hashcat and Aircrack-ng, and targeted dictionary strategies for wireless assessments.

Malware Analysis & DFIR Static and dynamic malware analysis, unpacking, reverse engineering with x64dbg, memory forensics with Volatility, disk imaging with FTK Imager and KAPE, Linux forensics, timeline reconstruction from MFT/USN Journal and Windows event logs.

Active Directory Hardening Remediating common AD pentest findings, hardening default configurations, detection engineering for AD attacks, logging strategies and ongoing maintenance best practices. Covers both attacker and defender perspectives.

[ HTB Job Role & Skills Paths Completed ]

Web Penetration Tester Web recon, exploitation, APIs and professional reporting.

Penetration Tester Methodology, enterprise assessments, exploitation and reporting.

SOC Analyst Monitoring, SIEM, traffic analysis, DFIR and reporting.

Junior Cybersecurity Analyst Offensive and defensive foundations for practical cybersecurity work.

Active Directory Enumeration In-depth AD enumeration techniques, tools and attack surface mapping. Hard difficulty path.

Information Security Foundations Core InfoSec concepts: networking, cryptography, pentesting methodology and career foundations.

SOC Analyst Prerequisites Prerequisite knowledge for SOC operations — security fundamentals and threat analysis concepts.

Operating System Fundamentals Windows and Linux internals, administration and hardening in line with security best practices.

Local Privilege Escalation Manual and tool-assisted privilege escalation techniques on Windows and Linux systems.

Intro to Binary Exploitation Buffer overflows, shellcode and exploit scripting. Hard difficulty path.

Basic Toolset Core offensive security tools and their practical application across various scenarios.

Cracking into Hack The Box First guided HTB machine walkthrough — bridging academy knowledge and real-world labs.

External cybersecurity studies

IBM Cybersecurity Analyst Cybersecurity Analyst Professional Certificate (V2)

Google Cybersecurity Cybersecurity Professional Certificate V2

[ LANGUAGES ]

English Spanish

[ INTERACTIVE SHELL ]

[ RESOURCES ]

HTB Academy Student Transcript

★ Primary Evidence ID: HTB-E9139F3DCE

The official Hack The Box Academy transcript documenting 12 completed job role paths, 658 compromised targets, Top 1% ranking, and completed CPTS, CDSA, CJCA & CWEE paths — the primary evidence backing every claim on this portfolio.

658targets

12paths

Top 1%ranking

htb-academy-student-transcript.pdf · 1.2 MB ↓ Download Transcript

[ CONTACT ]

[ SEND A MESSAGE ]