Marco Alfan (kac0)
Offensive & Application Security | Threat Intelligence | Mentor & Trainer
TOP 1 HackTheBox 🇮🇩
Status : ● Available for engagements

I'm an offensive security professional who'd rather find the gap before someone else does. My work splits across three areas:
Curious about the actual work? Walk through a few writeups, or catch one of my talks.
Finding authentication, access-control, and business-logic flaws across web apps and APIs, then turning each into clear remediation.
Internal and Active Directory assessments: lateral movement, privilege escalation, and full-domain compromise paths.
Android and iOS application testing through static and dynamic analysis, runtime instrumentation, and API review.
Tracking adversary TTPs and infrastructure, mapped to MITRE ATT&CK, and shaped into intel teams can act on.
Building custom offensive tooling and automating recon-to-exploitation workflows to keep engagements fast and repeatable.
Mentoring, training, and certified competency assessment across cybersecurity, AI, and emerging technology.
Precision-first identity discovery tool for username research across platforms, built for accuracy, fewer false positives, and actionable OSINT workflows.
Client-side pentest & red team toolkit with 49 tools across recon, encoding, hashing, ciphers, payloads, privesc, and reporting. No backend, runs entirely in the browser.
Malware behavior monitoring and analysis framework for threat detection and classification.
MCP (Model Context Protocol) integration for AI-assisted security operations and automation.
Most of what I work on is confidential. These are the few things that can safely exist in public.
Recognized through responsible disclosure & bug bounty programs
Interested in red team engagements, threat intelligence consulting, or collaboration on security projects? Reach out anytime.
Available for engagements