[~]$

Hi! I’m Gonzalo, this is my personal blog where I share ideas, tools, and experiences related to cybersecurity and DFIR (Digital Forensics & Incident Response).

In the Projects section, you’ll find tools I’ve developed to support forensic investigations and incident response.

I’m always happy to connect with others in the community. If you have an idea, a project, or just want to share thoughts, feel free to message me on Linkedin.

Profile

Work Experience

CSIRT Incident Responder at BASE4

📅 Jun 2023 – Present

Handling security incidents through the analysis of logs, network traffic, and other data sources to identify root causes, assess impact, and collect evidence. Experienced in collaboratively managing large-scale incidents, ensuring their resolution and full remediation.

Key Responsibilities:

  • Responsible for the investigation and response to security incidents.
  • Conducted Threat Hunting to detect threat actors using Threat Intelligence.
  • Delivered technical and executive reports based on incident analysis.

Incident Response Consultant at Deloitte

📅 Jun 2021 – Sept 2022

Comprehensive incident management in enterprise environments, from detection to remediation, in collaboration with the client. Conducted forensic analysis, developed timelines and compromise theories, and created cybersecurity training programs for senior management and C-Level executives.

Key Responsibilities:

  • Performed advanced forensic analysis of host and network artifacts.
  • Developed and maintained Incident Response Playbooks, workflows, and technical procedures.
  • Development of cybersecurity training for senior management in the context of incident response.

Incident Response Intern at Deloitte

📅 Jan 2021 – Jun 2021

Comprehensive, hands-on training in core cybersecurity domains, with a primary focus on Incident Response. Areas covered included security auditing, cloud security, SOC operations, penetration testing, and forensic analysis.

Projects & Tools

ESXIe0x.sh is an automated forensic collection tool for VMware ESXi hosts. The script runs a series of commands to capture relevant system artifacts, enabling security event analysis. It is designed to be simple, structured, and effective in critical environments.
IP Abuse Checker 0x is a tool designed to assist Incident Response teams in efficiently analyzing large volumes of suspicious IP addresses. By leveraging the AbuseIPDB API, it quickly retrieves threat intelligence, categorizes risks, and generates structured reports in CSV and HTML formats.
IPTracker0x is a tool focused on IP geolocation analysis using the ipinfo.io API. It provides detailed information, including ASN data and detection of potentially malicious ASNs. The tool generates CSV and HTML reports, highlighting suspicious IPs, and is designed to support Incident Response and cybersecurity investigations by enabling quick assessment of large datasets.
The tool analyzes a list of IP addresses to identify which ones are TOR exit nodes, displaying the results both in the console and in a well-structured HTML report. This report is particularly useful for security analysis and Threat Hunting activities.

Incident Response Focus

My experience is focused on Incident Response across all its stages, complemented by skills in Forensic Analysis and Threat Intelligence. I specialize in the detection, analysis, and mitigation of security incidents through event correlation, digital evidence investigation, and profiling of malicious actors.

The image below summarizes the three key areas I focus on during the response:

  • Cyber Incident Response – Log analysis, correlation, and threat containment

  • Cyber Forensic Analysis – Evidence acquisition and technical investigation

  • Cyber Threat Intelligence – Profiling and enrichment of indicators

    Incident Response Focus