Skip to content
View Ruby570bocadito's full-sized avatar
🎯
Focusing
🎯
Focusing

Block or report Ruby570bocadito

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Ruby570bocadito/README.md

Rafael Gálvez

Junior Red Team Engineer & Offensive Security Tool Developer
eJPTv2 · Building C2 frameworks, kernel rootkits & AI-powered red team tooling · Málaga 🇪🇸


whoami

> Offensive security developer specialized in building the full attack chain —
  from OSINT reconnaissance to kernel-level rootkits and C2 frameworks.
> Background in game development (C#/Unity) turned into a passion for
  understanding systems at a deep level. I build my own tools.
> Currently: studying IT Systems (SMR) · eJPTv2 certified · 17+ open-source tools.
  • 🔴 Red Team focus: C2 infrastructure, AV/EDR evasion, privilege escalation, post-exploitation
  • 🧠 AI + Security: local LLMs (Ollama), ML-driven automation, autonomous offensive agents
  • 🛠️ I ship tools: Go · Python · C · C# · Rust
  • 🏆 Competitions: ASTI Robotics Challenge finalist · Hilda Ericsson / Cátedra Lamarr (UMA & Ericsson)
  • 📍 Málaga, Spain
  • · 🌐 Portfolio: https://ruby570bocadito.github.io/portfolio/#contact

Tech & Tools

Go Python C C# Rust Bash Linux Docker Metasploit Wireshark Kali


🚩 Featured Projects

Project Stack What it is
X404X Go · Vue 3 Autonomous red team platform — full kill chain, AI decisions, kernel persistence
Pulse-C2 Go · Vue 3 Multi-agent C2 with encrypted comms, AV evasion, SOCKS5 tunneling
Vault-Kernel C Linux LKM rootkit — syscall hooking, process/file/port hiding
Wormy-ML Python ML-powered polymorphic worm (educational research)
Rise-Privilege Go Automated Linux privesc — 60+ GTFOBins, auto-root
Titan-Operations Python · Go APT emulation with hybrid decision engine (A* + CBR)

⚠️ All tools are published for educational and authorized security research purposes only.


🎓 Certifications

eJPTv2 (INE) · Cisco: Ethical Hacker · Python Essentials 1 · Networking Basics · Intro to Cybersecurity · Linux Unhatched · Hack4u / S4vitar · Palo Alto ILT-CoC · +17 Udemy courses


📊 GitHub Stats


"The best red teamer is the one who understands code at a deep level — so I build my own."

Pinned Loading

  1. Wormy-ML-Network-Worm Wormy-ML-Network-Worm Public

    ML-powered polymorphic network worm — self-replicating payload with dynamic encryption, multi-vector propagation, and adversarial evasion.

    Python 6 2

  2. T-100AI T-100AI Public

    T-100AI — AI-Powered Offensive Security Terminal. Local LLM + sandboxed execution + pentesting skills. 100% air-gapped.

    Python

  3. HandsControl HandsControl Public

    HandsControl — Controla tu PC con Gestos, Voz e IA Local. Hand tracking with MediaPipe, voice assistant in Spanish, and local AI agent via Ollama.

    Python

  4. Apex-Automation Apex-Automation Public

    AI-assisted penetration testing automation — ML-driven vulnerability discovery and exploitation workflow with intelligent decision making.

    Python

  5. Alpaca-Trading-ML Alpaca-Trading-ML Public

    Python

  6. Auto-Privilege Auto-Privilege Public

    Auto-Privilege — Automated Linux Privilege Escalation Suite. Single Go binary, 12 scanners, 60+ GTFOBins, zero dependencies.

    Go 1