Bryan Castro (Aka. ASTRA)

Bryan Castro (Aka. ASTRA)

Cybersecurity Enthusiast | Focused on Offensive Security, Reconnaissance & Exploitation
Actively Hunting for Vulnerabilities through Bug Bounty Platforms

My Skills

🔍 Web Application Attacks

Exploitation & enumeration of real-world vulnerabilities

  • OWASP Top 10: XSS (Reflected/Stored/DOM), SQLi (Error/Blind/Time-Based), LFI, RFI, SSTI, IDOR, CSRF, Open Redirects
  • Advanced Bugs: Prototype pollution, web cache deception, host header injection, authentication bypasses
  • Recon & Enumeration: Subdomain discovery, parameter fuzzing, endpoint hunting, JS analysis

🛠️ Tools & Automation

Custom scripts + trusted frameworks

  • Recon: Amass, Subfinder, httpx, waybackurls, GF, Hakrawler
  • Exploitation: Burp Suite, SQLMAP, XSStrike, ffuf, dirsearch, wfuzz
  • CMS Attacks: WPScan, manual WP enum + plugin exploits
  • Custom tooling with Bash, Python, and occasional Go

🧬 Post-Exploitation & Privilege Escalation

From foothold to full control

  • Linux: SUID abuse, PATH hijacking, cronjob exploitation, kernel exploits, LXC escape, file capabilities
  • Windows: Token impersonation, DLL hijacking, Unquoted Service Paths, UAC bypass, misconfigured services
  • Tools: LinPEAS, WinPEAS, PowerUp, Seatbelt, SharpHound, BloodHound, custom scripts

🕳️ Pivoting & Lateral Movement

Tunneling through segmented networks

  • Tools: CHISEL, SOCAT, NETCAT, SSH tunneling, proxychains, RDP pivoting
  • Techniques: Port forwarding, SOCKS proxies, multi-hop chains, pivot automation via scripts

📶 Wireless Attacks

Offensive Wi-Fi tactics

  • Attacks: WPA/WPA2 handshake capture, PMKID cracking, rogue AP, deauth attacks
  • Tools: WIFITE, Aircrack-ng, hcxdumptool, Bettercap, EvilAP, Wireshark

🧪 Malware Development & Red Team TTPs

Learning offensive security from the core

  • Custom droppers, obfuscated payloads, basic packers
  • Evasion: AV/EDR bypass via LOLBAS, dual-use tools, staged payloads
  • Tooling: MSFVenom, Shellter, Nim, C# loaders, Invoke-Obfuscation

🧠 Environment Mastery

OS & networking fluency

  • Linux: LFS experience, bash scripting, service hardening, kernel builds
  • Windows: PowerShell scripting, registry abuse, GPO hunting, userland attacks
  • Networking: TCP/IP deep understanding, VLANs, DHCP poisoning, port knocking setups

🎥 Community & Knowledge Sharing

Cybersecurity content creator

  • Tutorials & real-world demos on YouTube
  • Focus: bug bounty reports, walkthroughs, CTFs, and red team labs

🌐 Remote-First Mindset

Available for remote opportunities globally

  • Ready to collaborate with blue, red, or purple teams
  • Fluent in both English and Spanish (bilingual support)