Sergio Medeiros

Sergio Medeiros

San Jose, California, United States
31K followers 500+ connections

Join to follow

About

As a Senior Penetration Tester on the Advanced Services team at Synack, I contribute to…

Articles by Sergio

See all articles

Activity

Experience

  • Synack Graphic

    Synack

    San Francisco Bay Area

  • -

  • -

    San Francisco Bay Area

  • -

    San Francisco Bay Area

  • -

    San Francisco Bay Area

  • -

    San Jose, California, United States

  • -

    San Jose, California, United States

  • -

    Atlanta, Georgia, United States

  • -

    Atlanta, Georgia

  • -

    Greater Atlanta Area

  • -

    Greater Atlanta Area

  • -

    Greater Atlanta Area

  • -

    Redwood City, CA

  • -

    Milipitas, CA

  • -

    Telecommute

  • -

    Santa Clara, CA

Education

  • West Valley College Graphic

    West Valley College

    -

    Computer science major with a focus in cybersecurity, infosec, penetration testing, pentesting, pentester, pentest. Unfortunately have not graduated due to taking a full time role at intel corporate headquarters.

Licenses & Certifications

Publications

  • Founder of CVE-2024-37629

    NIST

    A recent CVE that I discovered related to SummerNote 0.8.18 which is vulnerable to Cross Site Scripting (XSS) via the Code View Function.

    See publication

  • Founder of CVE-2024-34241

    NIST

    I recently discovered a cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications.

    See publication

  • Founder of CVE-2024-34240

    NIST

    A recent CVE that I discovered in QDOCS Smart School 7.0.0 which is vulnerable to Cross Site Scripting (XSS) resulting in arbitrary code execution in admin functions related to adding or updating records.

    See publication

  • Founder of CVE-2023-31045

    NIST

    A recent CVE that I discovered. A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

    See publication

Courses

  • Bug Bounty Hunting - Offensive Approach to Hunt Bugs

    From Vikash Chaudhary

  • CompTIA CySA+ Bootcamp

    Dion Training

  • CompTIA Pentest+ Bootcamp

    Dion Training

  • CompTIA Security+ (SY0-601) Bootcamp

    Dion Training

  • Discover Web Application Security Issues using Burp Proxy

    By Rajganesh Pandurangan

  • External Pentest Playbook

    TCM Security

  • Intro to Bug Bounty Hunting and Web Application Hacking

    From Ben Sadeghipour

  • Learn Python & Ethical Hacking From Scratch

    zSecurity

  • Modern Ethical Hacking - Complete Course

    From Vonnie Hudson

  • Movement, Pivoting and Persistence

    TCM Security

  • OSINT Fundamentals

    TCM Security

  • OSWE Course

    -

  • Penetration Testing Student

    INE.com

  • Practical Ethical Hacking - The Complete Course

    TCM Security

  • Red Team Ethical Hacking - Beginner

    From Chris Sikes

  • Red Team Ethical Hacking - Intermediate

    From Chris Sikes

  • The RedTeam Blueprint - A Unique Guide To Ethical Hacking

    RedTeam Nation

  • Website Hacking / Penetration Testing & Bug Bounty Hunting

    zSecurity

  • Windows Privilege Escalation for Beginners

    TCM Security

Projects

  • Grumpz Blog - Bug Bounty Hunting and More!

    Documenting my learning, and path of becoming a professional hacker and bug bounty Hunter, attempting to share knowledge to help others become successful in the cyber security space.

Honors & Awards

  • Level 5 Synack Red Team Member

    Synack

    Ranked Level 5 out of 5 on the Synack Red Team platform.

    - Top 20 in USA
    - Top 80 on the platform

  • Placed Top 700 MetaCTF CyberGames 2021

    MetaCTF

    Competed in a team event as a solo with various colleges in a cybersecurity capture the flag event with various penetration testing challenges ranging from web application security, reverse engineering binaries, and various pentesting challenges.

  • Top 1% on TryHackMe

    TryHackMe

    Currently level 9, and ranked Top 1% on TryHackMe penetration testing, infosec, cybersecurity labs.

  • Active Member of OWASP (Open Web Application Security Project)

    Open Web Application Security Project / OWASP

    Active member of the Open Web Application Security Project.

  • Completed 10+ Hard Boxes

    Offensive Security Proving Grounds

    Being an active subscriber to Offensive Security's Proving Grounds, a penetration testing/cyber security lab, I have completed 10+ boxes ranging from Medium to Very Hard per the Proving Grounds Community, to prepare prior to pursuing my OSCP certification.

  • Received 2 Private Bug Bounty Invitations

    HackerOne

    Competing in the HackerOne CTF I earned enough points when completing their penetration testing, web application hacking, cybersecurity challenges.

  • Competed in HackPack CTF 2021

    hackpack.club

    HackPack CTF is a security competition that is part of the two security courses at NCSU: CSC-405 Computer Security and CSC-591 Systems Attacks and Defenses. The target audience is people interested in computer security that have some related background (like took a security course before ;) and want to exercise their skills in a secure environment by solving security challenges.

  • Competed in KringleCon 2021

    SANS

    r. The SANS Holiday Hack Challenge is a FREE series of super fun, high-quality, hands-on cybersecurity challenges where you learn new skills, help Santa defeat cybersecurity villains, and save the whole holiday season from treachery. The SANS Holiday Hack Challenge is for all skill levels, with a stellar prize at the end for the best of the best entries.

  • Competed in Metasploit CTF 2021

    Rapid7

    Metasploit community CTF event

  • Competed in h@cktivitycon CTF 2021

    HackerOne

    h@cktivitycon is a HackerOne hosted hacker conference built by the community for the community. After a successful inaugural h@cktivitycon 2020 with over 12,000 registrants, we are back this year for an even bigger and better conference!

    h@cktivitycon is a place for hackers to learn, share, and meet friends. Join Vickie Li, NahamSec, and friends for CTFs, prizes, talks, villages, and more for h@cktivitycon 2021.

  • Sales Pinnacle Award 2017

    Merchant eSolutions

    Achieving over 100%+ in annual in year net contribution sales quota

  • Core Leadership Award 2016

    -

    Going above and beyond and serving as a model in regard to the Leadership Core Value in the organizational goals.

  • Core Leadership Award 2015

    -

    Serving as a model in the leadership core value to others in the organization

Languages

  • English

    -

Recommendations received

1 person has recommended Sergio

Join now to view

View Sergio’s full profile

  • See who you know in common
  • Get introduced
  • Contact Sergio directly
Join to view full profile

Other similar profiles

Explore more posts

Explore top content on LinkedIn

Find curated posts and insights for relevant topics all in one place.

View top content

Add new skills with these courses

See all courses