OSCP OffSec · 24h exam
Foundational hands-on penetration testing. Recognized by CREST as equivalent to their CRT (intermediate tester) qualification.
Verify →
About
Hi, I'm Rafael.
Computer scientist and offensive security specialist. Founder of Aleluya Technologies. Based in Florida, working internationally.
I started Aleluya Technologies to combine two disciplines I'd worked in separately: building production software, and testing it from the attacker's side.
The studio handles both. On the development side, that means web and SaaS applications — auth flows, payment systems, multi-tenant platforms. On the security side, network and Active Directory penetration tests.
I work directly with founders. There's no account manager, no offshore subcontractor, no upsell. If we agree on a scope, that's what gets built. If something is outside my scope, I'll say so and point you toward a specialist.
When I'm not working, I'm doing calisthenics, running, making beats, or setting up home labs.
01 — CREDENTIALS
Offensive security certifications
Each of these is a hands-on practical exam — not multiple choice. Listed in order of difficulty.
OSEP OffSec · 48h exam
Advanced penetration testing. AV evasion, AppLocker bypasses, advanced AD attacks against hardened environments.
Verify → CRTO Zero-Point Security · 48h exam
Adversary simulation methodology with Cobalt Strike. Full attack lifecycle, OPSEC, AD attacks, lateral movement.
Verify → CRTE Altered Security · 49h exam
Multi-forest Active Directory. Cross-forest trust abuse, delegation, AD CS, hybrid Azure AD.
Verify → 02 — STACK
What I work with
Frontend
- Next.js
- TypeScript
- React
- Tailwind
Backend & infra
- Supabase
- PostgreSQL
- Vercel
- Cloudflare
Security tooling
- Burp Suite Pro
- BloodHound
- Cobalt Strike
- Custom tooling
Get in touch
Have something
to build?
Email me a few sentences about your project. I reply within one business day.