# Daniel Ordonez Arango

> Freelance penetration tester based in Colombia. Specializes in web application security, Active Directory, network infrastructure, and AI/LLM security assessments. Available for remote engagements worldwide in English and Spanish.

Daniel Ordonez Arango is a cybersecurity professional focused on offensive security. He has completed the CPTS (Certified Penetration Testing Specialist), CDSA (Certified Defensive Security Analyst), CJCA (Junior Cybersecurity Analyst Associate), and CWEE (Certified Web Exploitation Expert) training paths on Hack The Box Academy — exams pending. Currently training: Active Directory Pentesting Expert, Offensive AI Expert, and Wi-Fi Pentesting Expert (all Hack The Box Academy).

He offers freelance penetration testing services to startups and SMBs, including web application assessments (OWASP Top 10), Active Directory attacks, network infrastructure testing, and AI/LLM red-teaming (OWASP LLM Top 10). Engagements are fully remote. Reports include executive summary, technical findings with CVSS scores, and prioritized remediation steps.

Contact: danielordonezarango@gmail.com

## Services
- Web Application Penetration Testing: Full OWASP Top 10 assessment, business logic, API security, authentication flaws. Detailed remediation report included. From $2,000 USD.
- Active Directory Penetration Testing: AD misconfigurations, Kerberoasting, Pass-the-Hash, lateral movement, privilege escalation paths. From $3,000 USD.
- Network Penetration Testing: External and internal assessments, open services, segmentation weaknesses, lateral movement. From $2,000 USD.
- AI / LLM Security Assessment: Red-team of AI integrations against OWASP LLM Top 10 — prompt injection, jailbreaks, data pipeline vulnerabilities. From $4,000 USD.

## Training & Certifications
- CPTS — Certified Penetration Testing Specialist (Hack The Box, training completed, exam pending)
- CDSA — Certified Defensive Security Analyst (Hack The Box, training completed, exam pending)
- CJCA — Junior Cybersecurity Analyst Associate (Hack The Box, training completed, exam pending)
- CWEE — Certified Web Exploitation Expert (Hack The Box, training completed, exam pending)
- Active Directory Pentesting Expert (Hack The Box, in progress)
- Offensive AI Expert (Hack The Box, in progress)
- Wi-Fi Pentesting Expert (Hack The Box, in progress)

## Key Facts
- Based in Colombia, works remotely worldwide
- Fluent in English and Spanish
- Fixed-price engagements, bilingual delivery
- Free re-test after remediation included
- Portfolio and case studies: https://danieloa.com

## Links
- [Portfolio](https://danieloa.com): Full portfolio with case studies, services, and contact form
- [Case Study: SEO Injection & Malware Discovery](https://danieloa.com/case-studies/seo-injection-malware-discovery.html): WordPress e-commerce compromise — PHP backdoor serving SEO spam to Googlebot, full remediation
- [Case Study: WordPress Intranet Code Review](https://danieloa.com/case-studies/wordpress-intranet-static-code-analysis.html): 20 vulnerabilities including hardcoded credentials for HR and payment systems
- [Case Study: Active SEO Spam Injection & Remediation](https://danieloa.com/case-studies/active-seo-spam-injection-remediation.html): Active compromise — 51 illegal gambling domains injected into CMS database, full cleanup
- [LinkedIn](https://www.linkedin.com/in/danieloarango): Professional profile
- [GitHub](https://github.com/dan1e124): Code repositories
- [Hack The Box](https://profile.hackthebox.com/profile/019d0d58-909e-7011-97e3-1f8ebc6567af): HTB profile