Skip to content
View beafn28's full-sized avatar
👩‍💻
👩‍💻
79 followers · 35 following

Achievements

Achievement: Starstruck

Achievements

Achievement: Starstruck

Highlights

Block or report beafn28

Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
beafn28/README.md

👩‍💻 Welcome to my GitHub!

Encabezado de GitHub

🖥️ Whoami

  • Beatriz Fresno Naumova
  • Junior Pentester at Advens
  • Final-year Computer Engineering student at the University of Salamanca

🎯 Focus

  • Identification and exploitation of vulnerabilities in:

    • Web applications
    • Software
    • Infrastructure across public institutions and private organizations

  • Vulnerability Research:

    • CVE discovery and publication
    • Proof of Concept (PoC) development

  • Active participation in CTF (Capture The Flag) competitions as continuous offensive security training

  • I am in a continuous learning process, expanding my technical skills through hands-on practice and progressively advanced cybersecurity certifications.

🧪 Community & Learning

  • Host of Hack The Box Salamanca, a Spanish-speaking ethical hacking community:
    • Practical and theoretical sessions
    • Technical talks
    • Collaborative challenge solving
  • I enjoy working as a security researcher, discovering vulnerabilities in:
    • Web applications
    • Software
    • Infrastructure of both public and private institutions and reporting them responsibly
  • Creator of custom vulnerable machines for training platforms:
    • The Hacker Labs: Facultad, CryptoLabyrinth
    • DockerLabs: Elevator, Pequeñas Mentirosas
  • Member of the INCIBE Cybercooperators Program
  • Interested in the impact of quantum computing on cybersecurity
  • I share writeups, projects, scripts, and tools on my blog as part of continuous learning

🧠 What you'll find here

  • Technical writeups from various cybersecurity platforms published on my GitHub
  • Scripts designed to automate and optimize CTF challenge solving
  • Personal projects and experimentation in offensive security and quantum computing

🚨 Public Vulnerability Research

CVEs

  • CVE-2025-52392 - Brute-force login vulnerability (Soosyze CMS)
  • CVE-2025-60427 - Broken access control (LibreTime)
  • CVE-2025-12630 - Arbitrary option disclosure (WordPress plugin)
  • CVE-2025-11699 - Insufficient session cookie invalidation (nopCommerce)
  • CVE-2025-64746 - Improper permission handling (Directus)
  • CVE-2025-71164 - Reflected XSS in editor component (Typesetter CMS ≤ 5.1)
  • CVE-2025-71165 - Reflected XSS in admin interface (Tools / Status) (Typesetter CMS ≤ 5.1)
  • CVE-2025-71166 - Reflected XSS in admin status messages (Typesetter CMS ≤ 5.1)
  • CVE-2025-15549 – Stored XSS via SVG upload in File Management (FluentCMS ≤ 0.0.5)
  • CVE-2025-15550 – Cross-Site Request Forgery in GraphQL endpoint (birkir prime ≤ 0.4.0.beta.0)

Public PoCs & Exploits

📄 Detailed technical analysis, advisories and additional PoCs are available on my blog.

📬 Contact

Email LinkedIn GitHub Hack The Box TryHackMe

📊 GitHub Stats



Popular repositories Loading

  1. Cheatsheet-Hacking Cheatsheet-Hacking Public

    54 9

  2. Computacion-Cuantica Computacion-Cuantica Public

    Aquí subo mis apuntes de computación cuántica hechos con Latex

    4

  3. StegaToolkit StegaToolkit Public

    Herramienta de estenografía con interfaz web.

    Vue 4 1

  4. GitBook GitBook Public

    Mi cuaderno de Writeups y apuntes de hacking

    3

  5. VulnSpy VulnSpy Public

    Herramientas en bash que escanea puertos, verifica los servicios y busca las vulnerabilidades dada una IP o dominio.

    Shell 2 1

  6. CTF-Elevator CTF-Elevator Public

    CTF creado para la plataforma DockerLabs

    2