theoffsecgirl
offensive mindset · practical execution

theoffsecgirl

Pink lines. Red team.

I work the space between a weak technical signal and a defensible finding — research, applied methodology and the tooling that supports both.

Bug Bounty Research Tooling Teaching
Open workstation → Go to academy Get in touch
current focus
auth boundary failures tenant isolation CORS classification path normalization weak-signal validation
tracked in workstation ↗
ecosystem

Three surfaces. One methodology.

workstation is where the methodology lives. academy is where it's taught. labs is where it's practised.

workstationlive
workstation
workstation.theoffsecgirl.com
Offensive research workstation. 20 signals, 9 workflows, 9 playbooks. Trace weak signals through validation, edge cases and methodology.
signalsworkflowsplaybooksgraph
workstation.theoffsecgirl.com →
academylive
academy
academy.theoffsecgirl.com
Progressive bug bounty study program. 4 phases, 24 modules. From HTTP internals to specialized hunting. Not a course — a curriculum.
4 phases24 modulesEN / ES
academy.theoffsecgirl.com →
labscoming soon
labs
labs.theoffsecgirl.com
Practical lab environments for the academy modules. Hands-on exercises, vulnerable targets and guided hunting scenarios.
labsexercisesscenarios
in development
about

Offensive security with research, tooling and execution.

I work across bug bounty, offensive research, open-source tooling and cybersecurity education with a strong bias toward execution. The goal is simple: cut noise, move faster and make technical judgment something you can write down and reuse.

Most of the day-to-day sits between the obvious finding and the report — triaging weak signals, validating ownership and authority, and turning a hunch into something a reviewer can act on.

The structured methodology lives in workstation — a research surface I built and use actively. The study program lives in academy.

I also teach offensive security at master's and vocational training level — hacking ético, bastionado de redes y sistemas, and puesta en producción.

theoffsecgirl
linkedin.com/in/theoffsecgirl github.com/theoffsecgirl info@theoffsecgirl.com
what I do

Built around signal, speed and validation.

Four threads. Same posture: practical, methodology-first, no theatre.

🎯

Bug Bounty

Attack-surface mapping, hypothesis-driven testing and validation focused on impact, not noise. Active on HackerOne.

🔬

Security Research

Turning weak technical signals into reproducible findings with clear security value. Methodology-first, always.

🛠

Tool Development

Building tooling that removes repetitive friction from recon, triage and validation work. Open source, on GitHub.

📐

Cybersecurity Education

Teaching offensive security through execution, workflow and applied reasoning. Master's and FP level.

open-source tooling

Tools organized by operational role.

Same projects, grouped by where they sit in a research workflow.

// reconsurface mapping, attestation, candidate triage02
Python · Recontakeovflow

Subdomain takeover candidate triage. Resolves CNAME chains and matches vendor fingerprints against assets you control.

github → Zsh · Workflowdotfiles

Personal recon and triage workstation: consistent shell, pinned tooling and ergonomics that make a long session sustainable.

github →
// validationturning a weak signal into a defensible finding03
Python · Webwebxray

Web research helper for mapping attack surface and surfacing weak signals on inputs, headers and response shapes.

github → Python · Pathpathraider

Path-handling research tool. Studies how parsers, filters and middleware normalize candidate paths in a lab.

github → HTML · JS · CORScorskit

CORS posture classifier. Reads a request/response pair and reasons about the policy without sending traffic.

github →
// workflowstructuring a session from recon to writeup01
Python · Methodologybb-copilot

Local methodology companion. Walks a session stage-by-stage against your own notes and structured prompts.

github →
teaching

Cybersecurity education through execution.

I teach offensive security at master's and vocational training level. Methodology-first, not slideware.

Hacking Ético

Web application security from first principles — HTTP semantics, same-origin, auth flows, triage methodology.

FP / Máster

Bastionado de Redes y Sistemas

Network and system hardening: attack surface reduction, configuration review, detection and response fundamentals.

FP / Máster

Puesta en Producción

Secure deployment, CI/CD security posture, infrastructure hardening and operational security for practitioners.

FP / Máster

Online Course (coming)

A structured offensive methodology course. Practical, execution-driven. Follow updates on academy.

Go to academy →
writing

Writeups and methodology notes.

Long-form offensive research writeups. Technical, methodology-first, no fluff.

Writeups are in progress. The methodology behind them already lives in workstation — signals, workflows, edge cases, playbooks. The writeups will document the real cases behind those artifacts.

Publishing via Substack. Subscribe to get notified when the first writeup drops.

Read the methodology → Subscribe on Substack
contact

Professional contact and presence.

Open to collaborations, security training engagements, speaking and selected technical projects.

LinkedIn

Profile, background, training and networking.

@theoffsecgirl

Email

Direct contact for collaborations and proposals.

info@theoffsecgirl.com

GitHub

Open-source tools, utilities and technical projects.

github.com/theoffsecgirl

Workstation

Research methodology — signals, workflows, playbooks.

workstation.theoffsecgirl.com