CesarBTakeda

About Me

Passionate about technology and cybersecurity. Skilled in various aspects of hacking, programming, and network security.

Skills

• Databases
  • MySQL
  • And others...
• Operating System Used (OS)
  • Debian 12
  • Kali Wsl
  • ArchLinux
  • BlackArch Linux
  • Win 11 + WSL
• Certifications
  • ISO-17024 | IC-PEN-1560
  • PT-IC-SOC-380
  • PT-IC-LNX-1180
  • PT-IC-SEC-1780
  • GCP
• Hacking and Penetration Testing
  • Vulnerability Assessment
  • Exploit Development
  • Web Application Security
  • Network Penetration Testing
• Programming Languages
  • PhP
  • JavaScript
  • Python
  • BashScript
• Network Security
  • WAF/IDS/IPS
  • VPNs
  • Network Protocols
  • Wireless Security
• Web Technologies
  • HTML/CSS
  • JS
  • PHP.8
• Cloud Technologies
  • AWS
  • Google Cloud Platform
  • Azure
• Some Cybersecurity Tools
  • Wireshark
  • Metasploit
  • Nmap
  • Burp Suite

Projects

One of my main projects:

• Tool-Anti-Phishing

  Tool developed to intercept phishing connections and fill the attacker's log cache. Uses Tor network and proxies for user anonymity. And also for consumer protection, being able to intercept Trojans, phishing emails and take down VPNs connected to local public IPs.

• UPX_PROJETO_GESTAO_DE_RECLAMACAO

  UPX_PROJETO_GESTAO_DE_RECLAMACAO. Developed at my college during the UPX course, the project was created to manage complaints in a dynamic and massive way, generating a daily complaint report from any type of company, city or union!

• H00ks_T0x1na

  H00ks_T0x1na is a Phishing framework (Social Engineering) tool used to remotely control a computer or a mobile phone from links as a helper. It is written in HTML, CSS, PHP, JavaScript, BashScript and is compatible with Windows, Android and probably iPhone. It was created to be stable, completely open source, easy to use and with many customizable features. Improvements were added in the Alpha 0.1 version... It now has an internal API of templates, where there will be a "graphical interface" "setup.sh" where the user can choose the specific social engineering or choose the complete one, number 2 is still in development...

• 7-Zip-CVE-2025-0411-Exploit

  This vulnerability (CVSS SCORE 7.0) allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability, as the target must visit a malicious web page or open a malicious archive. The specific flaw exists within the handling of archive files. When extracting files from a crafted archive that has Mark-of-the-Web, 7-Zip does not propagate Mark-of-the-Web to the extracted files. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current user.

• InstaInsane

  InstaInsane BackEnd Python instainsane was a project started with the goal of facilitating bruteforce attacks in controlled environments, so that it would be fast, clean and could be bypassed quickly.

• Am3b4_T00ls

  Ameba is a creation of my own bug bounty solution, it is an automation tool when you don't have much time to do a bug bounty, or when you are pressed for time, am3b4 was developed with the best bug bounty tools to use, the tool strings can also be modified, but of course they are already predefined.

Bug Bounty Experience

Here are some of the bug bounty projects I've participated in:

• Pichau Bug - Click to view
  • Target: Pichau
  • Vulnerability: OpenRedirect | CWE-601
  • Platform: OpenBugbounty
  • Date: June 26, 2025
• 9altitudes Bug - Click to view
  • Vulnerability: XSS | CWE-79
  • Details: I found this vun in the recon phase while analyzing the subdomains with footprint I saw this search button and decided to run some payloads in which most of them were blocked by the waf and I got around it by adding div mouseover so that when the mouse passed it would mirror the XSS
  • Platform: Intigriti
  • Date: June 26, 2025
• GlasDoor - Click to view
  • Vulnerability: CSRF | CWE-532
  • Details:CSRF exposed when resetting password, token with no expiration limit, and can be reused and manipulated after first use!
  • Platform: HackerOne
  • Date: February 16, 2025
• Trip Bug - Click to view
  • Vulnerability: RCE
  • Details: trip.com vulnerable to rce exploit from vulnerable dns server that allows remote access from dnsnameserver configuration, vulnerability found in outdated version of ngnix.
  • Platform: HackerOne
  • Date: September 29, 2024
• CacauShow Bug - Click to view
  • Vulnerability: XSS | CWE-79
  • Details: Reflected XSS found in the search field of Cacau Show, logically the XSS executes scripts due to the lack of sanitization of Java Script, thus saying that it can be escalated to an HtmlLi from HTMLLi to an RCE thus fixing the session with the server without much difficulty, this XSS is of a medium to high severity level, due to the ease of privilege escalation! Here is the vulnerable search field
  • Platform: N/A
  • Date: March 9, 2025
• Playtika Bug - Click to view
  • Vulnerability: OpenRedirect | CWE-601
  • Details: Open Redirect and banner grabbing found on playtika subdomain bingoblitz.com
  • Platform: HackerOne
  • Date: March 19, 2025

Contact me

Linkedin

Github

Email

Whatsapp