🎯
Contenido con criterio
Cada módulo se diseña partiendo de vulnerabilidades y técnicas reales. Nada de ejemplos "de libro" que luego no se ven en auditorías.
SixHack Academy
Academia de Ciberseguridad Ofensiva con investigación real detrás.
SixHack Academy es una academia online de hacking ético y pentesting dirigida por un investigador con 67 CVE publicados y reconocimientos internacionales en CERN, WHO, UNESCO, Harvard y U.S. Department of Commerce. No es un curso más de teoría: aquí enseñamos lo que hacemos todos los días en el mundo real.
Vulnerabilidades
67CVE
Hall of Fame
17orgs
Certificaciones
14obtenidas
Pilares
Qué define a SixHack Academy
Cuatro principios que marcan la diferencia frente a la formación genérica en ciberseguridad.
🧪
Laboratorios como eje
El 70% del tiempo se pasa en el laboratorio. SQLi, XSS, IDOR, SSRF, file upload, path traversal y más, en entornos controlados.
🔬
Investigación viva
El investigador detrás de los cursos sigue descubriendo y publicando vulnerabilidades. El material se actualiza con lo que funciona hoy.
📝
Metodología profesional
Del hallazgo al informe: enumerar, validar, explotar, documentar y comunicar impacto. Como se hace en auditorías reales.
Instructor principal
Gonzalo Aguilar García
Head of Cybersecurity en K-LAGAN · Investigador en seguridad ofensiva · Conocido en la comunidad como 6h4ack
Ingeniero informático especialista en seguridad ofensiva, con enfoque en investigación de vulnerabilidades y auditoría de aplicaciones en escenarios reales. Actualmente lidera la estrategia y el gobierno de seguridad en K-LAGAN, compaginando esa responsabilidad con la publicación de investigación independiente y la dirección técnica de SixHack Academy.
Su trabajo se centra en identificar y evaluar vulnerabilidades de impacto real, con un historial verificable de divulgación responsable ante organismos y empresas de referencia a nivel internacional.
Red Team y Pentesting Web/Móvil
Application Security (AppSec)
Divulgación responsable (CVD)
Automatización con Python y Bash
Investigación pública: CVEs publicados
Vulnerabilidades descubiertas y divulgadas de forma responsable. Cada tarjeta enlaza al registro oficial.
67 CVE en total
CVE-2026-5010
Medium
Reflected Cross-Site Scripting (XSS) in Sanoma’s Clickedu Summary A reflected Cross-Site Scripting (XSS) vulnerability has been discovered in Clickedu. This vulnerability allows an attacker to execute JavaScript code in…
2026-03-27
CVSS 5,1
CVE-2025-41026
Medium
Multiple vulnerabilities in GDTaller Summary Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a…
2026-03-26
CVSS 5,1
CVE-2025-41027
Medium
Multiple vulnerabilities in GDTaller Summary Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a…
2026-03-26
CVSS 5,1
CVE-2026-4816
Medium
Reflected Cross Site Scripting (XSS) vulnerability in Support Board Summary A Reflected Cross Site Scripting (XSS) vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to execute…
2026-03-25
CVSS 4,8
CVE-2026-4815
High
SQL Injection vulnerability in Support Board Summary A SQL Injection vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to retrieve, create, update and delete database via…
2026-03-25
CVSS 8,7
CVE-2025-41007
Critical
SQL Injection in Cuantis Summary SQL Injection in Cuantis. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'search' parameter in the '/search.php' endpoint. Severity ?…
2026-03-23
CVSS 9,3
CVE-2025-41008
Critical
SQL Injection in Sinturno Summary SQL injection vulnerability in Sinturno. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'client' parameter in the…
2026-03-23
CVSS 9,3
CVE-2025-40638
Medium
Reflected Cross-Site Scripting (XSS) in Eventobot Summary A reflected Cross-Site Scripting (XSS) vulnerability has been found in Eventobot. This vulnerability allows an attacker to execute JavaScript code in the…
2026-03-09
CVSS 5,1
CVE-2025-40639
High
SQL injection in Eventobot Summary A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promo_send' parameter in…
2026-03-09
CVSS 8,7
CVE-2025-40701
Medium
Reflected Cross-Site scripting (XSS) in SOTE's SOTESHOP Summary Reflected Cross-Site Scripting vulnerability in SOTESHOP, version 8.3.4. THis vulnerability allows an attacker execute JavaScript code in the victim's…
2026-02-23
CVSS 5,1
CVE-2025-40986
Medium
Reflected Cross-Site Scripting in PideTuCita Summary Reflected Cross-Site Scripting (XSS) vulnerability in PideTuCita. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending…
2026-02-23
CVSS 5,1
CVE-2025-41002
Critical
SQL injection in Infoticketing Summary SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request…
2026-02-23
CVSS 9,3
CVE-2025-40697
Medium
Reflected Cross-Site Scripting (XSS) in Lewe WebMeasure Summary Reflected Cross-Site Scripting (XSS) vulnerability in '/index.php' in Lewe WebMeasure, which allows remote attackers to execute arbitrary code through the…
2026-02-19
CVSS 5,1
CVE-2025-41023
Medium
Authentication bypass in AutoGPT de Thesamur Summary An authentication bypass vulnerability has been found in Thesamur's AutoGPT. This vulnerability allows an attacker to bypass authentication mechanisms. Once inside…
2026-02-19
CVSS 6,9
CVE-2026-2735
Medium
Stored Cross-Site Scripting (XSS) vulnerability in Alkacon's OpenCms Summary Stored Cross-Site Scripting (XSS) in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST…
2026-02-19
CVSS 5,1
CVE-2026-2736
Medium
Reflected Cross-Site Scripting (XSS) vulnerability in Alkacon's OpenCms Summary Reflected Cross-site Scripting (XSS) in Alkacon's OpenCms v18.0, which allows an attacker to execute JavaScript code in the victim's…
2026-02-19
CVSS 5,1
CVE-2025-40644
Medium
Reflected Cross-Site Scripting (XSS) in QRGen's Riftzilla Summary Reflected Cross-Site Scripting (XSS) vulnerability in Riftzilla's QRGen. This vulnerability allows an attavker to execute JavaScript code in the victim's…
2026-01-20
CVSS 5,1
CVE-2025-40679
Medium
HTML injection in Isshue from Bdtask Summary HTML Injection vulnerability in Isshue by Bdtask, consisting os an HTML injection due to a lack os proper validation of user input by sending a POST request to…
2026-01-20
CVSS 5,1
CVE-2025-41081
Medium
Reflected Cross-Site Scripting (XSS) in IsMyGym Summary Reflected Cross-Site Scripting (XSS) vulnerability in IsMyGym by Zuinq Studio. This vulnerability allows an attacker to execute JavaScript code in the victim's…
2026-01-20
CVSS 5,1
CVE-2026-1183
Medium
HTML injection in multiple Botble products Summary HTML injection vulnerability in multiple Botble products such as TransP, Athena, Martfury, and Homzen, consisting of an HTML injection due to a lack of proper…
2026-01-20
CVSS 5,1
CVE-2025-40975
Medium
Multiple vulnerabilities in WorkDo products Summary Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's HRMGo, consisting of a lack of proper validation of user input by sending a POST request to…
2026-01-12
CVSS 5,1
CVE-2025-40976
Medium
Multiple vulnerabilities in WorkDo products Summary Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's TicketGo, consisting of a lack of proper validation of user input by sending a POST request to…
2026-01-12
CVSS 5,1
CVE-2025-40977
Medium
Multiple vulnerabilities in WorkDo products Summary Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to…
2026-01-12
CVSS 5,1
CVE-2025-40978
Medium
Multiple vulnerabilities in WorkDo products Summary Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceGo SaaS, consisting of a stored XSS due to a lack of proper validation of user input by sending a…
2026-01-12
CVSS 5,1
CVE-2025-41003
Medium
Multiple vulnerabilities in Imaster products Open configuration options Summary Imaster's Patient Record Management System contains a stored Cross-Site Scripting (XSS) vulnerability in the endpoint…
2026-01-12
CVSS 5,1
CVE-2025-41004
High
Multiple vulnerabilities in Imaster products Open configuration options Summary Imaster's Patient Records Management System is vulnerable to SQL Injection in the endpoint ‘/projects/hospital/admin/complaints.php’…
2026-01-12
CVSS 8,7
CVE-2025-41005
High
Multiple vulnerabilities in Imaster products Open configuration options Summary Imaster's MEMS Events CRM contains an SQL injection vulnerability in‘keyword’ parameter in ‘/memsdemo/exchange_offers.php’. Severity ? 8.7…
2026-01-12
CVSS 8,7
CVE-2025-41006
Critical
Multiple vulnerabilities in Imaster products Open configuration options Summary Imaster's MEMS Events CRM contains an SQL injection vulnerability in ‘phone’ parameter in ‘/memsdemo/login.php’. Severity ? 9.3 (Critical)…
2026-01-12
CVSS 9,3
CVE-2025-40700
Medium
Reflected Cross-Site Scripting (XSS) in Governalia by IDI Eikon Summary Reflected Cross-Site Scripting (XSS) in IDI Eikon's Governalia. The vulnerability allows an attacker to execute JavaScript code in the victim's…
2025-12-02
CVSS 5,1
CVE-2025-41101
Medium
Multiple vulnerabilities in Fairsketch's RISE CRM Framework Summary HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation…
2025-11-11
CVSS 5,1
CVE-2025-41102
Medium
Multiple vulnerabilities in Fairsketch's RISE CRM Framework Summary HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation…
2025-11-11
CVSS 5,1
CVE-2025-41103
Medium
Multiple vulnerabilities in Fairsketch's RISE CRM Framework Summary HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation…
2025-11-11
CVSS 5,1
CVE-2025-41104
Medium
Multiple vulnerabilities in Fairsketch's RISE CRM Framework Summary HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation…
2025-11-11
CVSS 5,1
CVE-2025-41105
Medium
Multiple vulnerabilities in Fairsketch's RISE CRM Framework Summary HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation…
2025-11-11
CVSS 5,1
CVE-2025-41106
Medium
Multiple vulnerabilities in Fairsketch's RISE CRM Framework Summary HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation…
2025-11-11
CVSS 5,1
CVE-2025-41107
Medium
Stored XSS in Smart School Summary Stored Cross Site Scripting (XSS) vulnerability in Smart School 7.0 due to lack of proper validation of user input when sending a POST request to '/online_admission', wich affects the…
2025-11-10
CVSS 5,1
CVE-2025-41009
Critical
SQL injection on the virtual campus platform of Diseño de Recursos Educativos Summary SQL injection vulnerability in the DRED virtual campus platform. This vulnerability allows an attacker to retrieve, create, update,…
2025-10-27
CVSS 9,3
CVE-2025-40989
Medium
Stored XSS in Creativeitem Ekushey CRM Summary Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the…
2025-10-02
CVSS 5,1
CVE-2025-40990
Medium
Stored XSS in Creativeitem Ekushey CRM Summary Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the…
2025-10-02
CVSS 5,1
CVE-2025-40991
Medium
Stored XSS in Creativeitem Ekushey CRM Summary Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the…
2025-10-02
CVSS 5,1
CVE-2025-40992
Medium
Stored XSS in Creativeitem Sociopro Summary Stored XSS vulnerability in Creativeitem Sociopro due to lack of proper validation of user inputs via the endpoint '/sociopro/profile/update_profile', affecting to 'name'…
2025-10-02
CVSS 5,1
CVE-2025-10341
Medium
HTML injection in Perfex CRM Summary HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter…
2025-09-29
CVSS 5,3
CVE-2025-10342
Medium
HTML injection in Perfex CRM Summary HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter…
2025-09-29
CVSS 5,3
CVE-2025-10343
Medium
HTML injection in Perfex CRM Summary HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter…
2025-09-29
CVSS 5,3
CVE-2025-10344
Medium
HTML injection in Perfex CRM Summary HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters…
2025-09-29
CVSS 5,3
CVE-2025-10345
Medium
HTML injection in Perfex CRM Summary HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters…
2025-09-29
CVSS 5,3
CVE-2025-10346
Medium
HTML injection in Perfex CRM Summary HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters…
2025-09-29
CVSS 5,3
CVE-2025-40725
Medium
Reflected Cross-Site Scripting (XSS) in Azon Dominator Summary Reflected Cross-Site Scripting (XSS) vulnerability in Azon Dominator. This vulnerability allows an attacker to execute JavaScript code in the victim's…
2025-09-10
CVSS 5,1
CVE-2025-40641
Medium
Stored Cross-Site Scripting (XSS) in the Multi-purpose Inventory Management System Summary Cross-site Scripting (XSS) vulnerability stored in Multi-Purpose Inventory Management System, consisting of a stored XSS due to…
2025-09-08
CVSS 5,1
CVE-2025-40642
Medium
Reflected Cross-Site Scripting (XSS) in WebWork Summary Reflected Cross-Site Scripting (XSS) vulnerability in WebWork, which allows remote attackers to execute arbitrary code through the 'q' and 'engine' request…
2025-09-08
CVSS 5,1
CVE-2025-40730
Medium
HTML injection in Vox Media's Chorus CMS Summary HTML injection in Vox Media's Chorus CMS. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using…
2025-07-28
CVSS 4,8
CVE-2025-40724
Medium
Stored Cross-Site Scripting (XSS) in Pharmacy POS PHP Script Summary Stored Cross-Site Scripting (XSS) vulnerability in Pharmacy POS PHP Script. This vulnerability allows an attacker to execute JavaScript code in the…
2025-07-16
CVSS 5,1
CVE-2025-40674
Medium
Reflected Cross-Site Scripting (XSS) in osCommerce Summary Reflected Cross-Site Scripting (XSS) in osCommerce v4. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the…
2025-06-17
CVSS 5,1
CVE-2025-40726
Medium
Cross-Site Scripting (XSS) reflected in Nosto Summary Reflected Cross-Site Scripting (XSS) vulnerability in /pages/search-results-page in Nosto, which allows remote attackers to execute arbitrary code via the q GET…
2025-06-16
CVSS 5,1
CVE-2025-40727
Medium
Reflected Cross-Site Scripting (XSS) in Phoenix CMS Summary A Reflected Cross Site Scripting (XSS) vulnerability was found in '/search' in Phoenix Site CMS from Phoenix, which allows remote attackers to execute…
2025-06-16
CVSS 5,1
CVE-2025-40675
Medium
Reflected Cross-Site Scripting (XSS) in Bagisto Summary A Reflected Cross-Site Scripting (XSS) vulnerability has been found in Bagisto v2.0.0. This vulnerability allows an attacker to execute JavaScript code in the…
2025-06-09
CVSS 5,1
CVE-2025-40628
Critical
SQL Injection in DomainsPRO Summary SQL injection vulnerability in DomainsPRO 1.2. This vulnerability could allow an attacker to retrieve, create, update and delete databases via the “d” parameter in the “/article.php”…
2025-05-13
CVSS 9,3
CVE-2025-40626
Medium
Reflected Cross-Site Scripting (XSS) in AbanteCart Summary Reflected Cross-Site Scripting (XSS) vulnerability in AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by…
2025-05-12
CVSS 5,1
CVE-2025-40627
Medium
Reflected Cross-Site Scripting (XSS) in AbanteCart Summary Reflected Cross-Site Scripting (XSS) vulnerability in AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by…
2025-05-12
CVSS 5,1
CVE-2025-1746
Medium
Cross-Site Scripting vulnerability in OpenCart Summary Cross-Site Scripting vulnerability in OpenCart versions prior to 4.1.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by…
2025-02-28
CVSS 6,1
CVE-2025-1747
Medium
HTML injection vulnerability in OpenCart Summary HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a…
2025-02-28
CVSS 4,7
CVE-2025-1748
Medium
HTML injection vulnerability in OpenCart Summary HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a…
2025-02-28
CVSS 4,7
CVE-2025-1749
Medium
HTML injection vulnerability in OpenCart Summary HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a…
2025-02-28
CVSS 4,7
CVE-2025-1776
Medium
Cross-Site Scripting (XSS) vulnerability in Soteshop Summary Cross-Site Scripting (XSS) vulnerability in Soteshop, versions prior to 8.3.4, which could allow remote attackers to execute arbitrary code via the ‘query’…
2025-02-28
CVSS 6,1
CVE-2025-1751
Critical
SQL Injection CIGES Summary A SQL Injection vulnerability has been found in Ciges 2.15.5 from ATISoluciones. This vulnerability allows an attacker to retrieve, create, update and delete database via $idServicio…
2025-02-27
CVSS 9,8
CVE-2025-1360
Medium
Internet Web Solutions Sublime CRM HTTP POST Request inicio.php cross site scripting Summary A vulnerability, which was classified as problematic, was found in Internet Web Solutions Sublime CRM up to 20250207. Affected…
2025-02-16
CVSS 5,1
CVE-2024-10332
Medium
A Cross-Site Scripting vulnerability has been found in Janto v4.3r11 from Impronta.
2024-10-24
CVSS 6,1
Hall of Fame y agradecimientos
Reconocimientos por divulgación responsable e investigación de vulnerabilidades.
UNESCO
WHO
CERT-EU
CERN
Harvard University
Bayer
U.S. Department of Commerce
Universitetet i Oslo
Ayuntamiento de Madrid
Berlin.de
LG Electronics
Bournemouth University
Utrecht University
NCSC-NL (Dutch Gov)
BASF
EducaMadrid
GovTech Singapore
Certificaciones obtenidas
Formación técnica verificada en ofensiva, red team y appsec.
OSCP
OSWE
OSEP
OSWP
CRTO
CRTP
CRTE
CARTP
CEH
eCPTXv2
eWPTXv2
eCDFP
eCTHP
eMAPT
Metodología
Cómo funciona la academia
Un flujo de aprendizaje pensado para construir habilidad real y reproducible, paso a paso.
1
Fundamentos técnicos
Redes, HTTP/HTTPS, aplicaciones web y flujo del tráfico. Sin estos cimientos, las técnicas ofensivas son trucos sin contexto. Empezamos por aquí aunque tengas experiencia, para fijar vocabulario común.
2
Enumeración y reconocimiento
Cómo estudia un atacante un objetivo antes de tocar nada: descubrimiento de superficie, mapeo de endpoints, identificación de tecnologías y priorización. La enumeración buena ahorra horas en todo lo que viene después.
3
Explotación práctica en labs
Cada vulnerabilidad del OWASP Top 10 se trabaja en un laboratorio real: SQL injection, XSS, IDOR, SSRF, path traversal, file upload, deserialización, SSTI... Detección, prueba de concepto e impacto.
4
Validación y evidencia
Encontrar un fallo no basta: hay que demostrar que es explotable y medir el impacto. Te enseñamos a construir evidencia reproducible que aguanta una auditoría seria.
5
Informe profesional
De los hallazgos al documento final: cómo priorizar, describir riesgo, proponer remediación y comunicar de forma útil tanto al equipo técnico como a negocio. El entregable que se exige en el mundo real.
Para quién
A quién va dirigida la academia
Tres perfiles tipo que encajan especialmente bien con la metodología de SixHack Academy.
🚀
Si empiezas desde cero
Nunca has hecho hacking ético y quieres entrar con base sólida, no con 20 tutoriales sueltos de YouTube.
- Arrancas con fundamentos de red y web
- Progresión clara sin lagunas técnicas
- Labs guiados paso a paso
🔧
Si eres dev o sysadmin
Ya sabes de tecnología pero nunca has auditado desde el otro lado. Aquí aprendes a romper lo que construyes.
- Aprendes el enfoque ofensivo aplicado
- Descubres fallos que antes no veías
- Tu código sale mejor protegido
🎯
Si quieres especializarte
Ya haces ciberseguridad pero quieres profundizar en web hacking y técnicas reales de explotación.
- Cadenas de vulnerabilidades complejas
- Casos reales de investigación
- Metodología profesional completa
FAQ
Preguntas frecuentes sobre la academia
Lo que más nos preguntan sobre el instructor, la metodología y los cursos.
¿Quién está detrás de SixHack Academy?
SixHack Academy está liderada por Gonzalo Aguilar García (6h4ack), ingeniero
informático especialista en seguridad ofensiva y actual Head of Cybersecurity en K-LAGAN.
Tiene 67 CVE publicados y reconocimientos de organizaciones como
CERN, WHO, UNESCO, Harvard University y U.S. Department of Commerce.
¿Qué diferencia a esta academia de ciberseguridad ofensiva?
El contenido lo diseña un investigador con trayectoria pública y verificable en descubrimiento de
vulnerabilidades reales. No es un curso grabado a partir de otros cursos: se construye desde la
experiencia directa de auditar aplicaciones en producción.
¿Cuánto tiempo se tarda en completar un curso?
Depende del nivel y de la dedicación. Los cursos no tienen fecha límite: puedes avanzar a tu ritmo,
pausar, volver y acceder a los laboratorios cuando quieras. El acceso es para siempre.
¿Hay soporte directo con el instructor?
Sí. Una de las ventajas reales de la academia es el acceso directo para dudas, feedback sobre tus
hallazgos y orientación técnica. No es un vídeo pregrabado donde te quedas a solas con tus bloqueos.
¿Qué temario cubren los cursos?
Ciberseguridad ofensiva completa: fundamentos de red, HTTP/HTTPS, enumeración y reconocimiento,
OWASP Top 10 con sus variantes (SQLi, XSS, IDOR, SSRF, file upload, path traversal),
técnicas de explotación web, uso profesional de Burp Suite, metodología de auditoría y redacción
de informes.
Empieza a formarte en ciberseguridad ofensiva
Entra al catálogo, elige tu curso y empieza a practicar con labs reales desde hoy.