Hello Everybody, I am
Joel Beleña
Cybersecurity Researcher/Analyst
We can only be sure of one thing about a company: whether it has been already compromised or it has been compromised, but you don't know yet.
We can only be sure of one thing about a company: whether it has been already compromised or it has been compromised, but you don't know yet.
Right now, I am working as a freelance, looking for companies and startups to work with or conduct researchs.
I am interested in projects focused on:
I enjoy traveling, meeting new people from different countries and explore new cultures. Also, I enjoy taking pictures and learning about photography.
During University I learnt about security by myself and with the help of the people from ACM, where I started imparting my first workshops. Durign this period I had the opportunity to assist to several congresses in Spain like Navaja Negra, FAQin, MorterueloCon or Hack&Beers.
Furthermore, I also did an internship in the cybersecurity lab of the university, where I learnt how to reverse engineer malware (Ransomware) and write a technical report about a sample.
I did my Erasmus in Krakow, where I set up an international cybersecurity group of students to exchange knowledge and play CTFs.
For my final project I developed a botnet for Android using third party services as communication bridge between the nodes and the manager of the infected devices. This project combines symmetric and asymmetric cryptography and steganography to cover the exchanged messages. Full Project (Spanish only)
Apart from that I was an active member of the theater association.
August 2021 - Nowadays
Red Team | Offensive Security
Madrid, Spain
September 2020 -
August 2021
Senior Security Analyst | Pentester
Madrid, Spain
June 2018 - October 2019
Pentester | Red Team
Madrid, Spain
December 2016 - July 2017
Malware Analyst
Madrid, Spain
March 2016 - June 2016
Backend Programmer | Danjgo - Python
Madrid, Spain
September 2014 - June 2017
Robotics and programming teacher
Madrid, Spain
November 2019 - May 2020
Sept. 2011 - June 2018
Computer Science
Madrid, Spain
Talk showing a real case of a pentesting to an organization combining different attacks like: Wifi hacking to enterprise networks, lateral movement and privilege escalation until get the control of the Active Domain.
19 March 2019
@Tryit_upm Madrid, Spain
During a MuerterueloCon (cybersec conference in Cuenca, Spain) I participated in a talk during the Hack&Beers where I spoke about some attacks developed for Android where an attacker could install malicious apps into the phone of a victim using the Ovipositor device hidden in a phone charger.
11 February 2017
H&B Cuenca, Spain
I gave this workshop thanks to the ACM association of my faculty, where I explained how could we use BurpSuite to analyze the security of a web.
10 October 2016
ACM - ETSIINF, UPM IT Faculty of Polytechnic University of Madrid, Spain
This is the final project that I developed as final project for the university. It is a botnet for Android that uses third-party services and existing services to support the communication between the manager of the botnet and the malware. It combines symetric cyptography to encrypt the orders, steganography to hide in pictures that are attached to an email and it is modular, allowing the bots to receive a piece of code, compile it in Runtime and execute it.
For the project of the botnet for Android, I was needing a steganography library supporting Java and Python. Because I couldn't find any library that satisfy my needs, I decided to program my own.
This is a small piece of malware developed for a contest about funny programs. The aim of this program is to alter the content of the text files in a way that for every found word, it keeps the first and the last letter and swap the letters in the middle randomly. So it is possible to be read, but it does not make sense. For example, the world "cybersecurity" could turn into "ctbrysecrueiy".
There is a project called Phoenix Ovipositor that consists in a Teensyduino with a female a male USB end. My work was to use this device to perform attacks against Android Devices developing scripts to retrieve and writes, and even install apps on the phone.
This attacks and scripts are shown and explained in the talk that I gave at Hack&beers.
There was a bug happening in the webpage of the official dictionary of the Spanish Real Academy that allowed you to inject HTML code in the URL and create fake definitions. This way, I reported the problem to them and in the meanwhile, I created a webpage that was allowing you to craft your own definition, but it wasn't modifying the content of their database, it was a reflected injection.
Vuln tracking:
22 May 2019: First report
Never replied
(Approximate) 20 November 2019: Vulnerability fixed
Update (25 November 2019): Apparently the bug is still present, and despite the web is a bit slow rendering, it works.
A vulnerability present in an important website of France was allowing to access to the uploaded documents by the users. This bug was leaving more than 6 million sensitive documents exposed.
Vuln tracking:
30 October 2019: Report the vulnerability to the Cert of France
30 October 2019: Answer from the Cert of France not allowing to disclouse
(Approximate) 15 November 2019: Vulnerability fixed
An unauthenticated user can inject arbitrary JavaScript code in the URL of a web which is using Elementor < 3.1.4
Exploit and hunting process