Hi there. My name is Guilherme Alves, and I'm an Offensive Security professional specializing in penetration testing and vulnerability research, with over three years of hands-on experience exploiting complex systems across web applications, Active Directory environments, and network infrastructure. Based in Brazil (but I'm also an EU citizen), I hold multiple industry certifications including HTB CPTS, THM PT1, eJPT and CompTIA Security+, and have successfully compromised over 250 vulnerable systems (Hack The Box machines) throughout my career. I'm also currently pursuing the Offensive Security Certified Professional (OSCP) certification.

All prolabs credentials verifiable at HackTheBox Certificates

TryHackMe	HackTheBox

hackersOnSteroids is brazil's #1 team on hack the box (htb). around 30 members on our main roster and growing. we're an international crew of hackers, pentesters, software engineers, malware/exploit writers, infra people, mobile sec folks, and some absolute HTB tryhards. based in brazil but we've got people from india, germany, usa, puerto rico, pakistan... basically everywhere.

what we do:

• compete // every saturday we're grinding the HTB season. many of us cleared all active boxes already
• share knowledge // on-demand internal writeups for active machines/challenges and other events outside hack the box. we also mentor newer hackers
• infra // blog, collab platform, pentest reporting system, mailserver (@hos.team / @hackersonsteroids.org), plus tools we built ourselves to move faster.
• partner up // we work with other like-minded teams like OSI and other crews globally. because hacking is better together

My commitment to education and knowledge sharing is evident through my role as the maintainer of BehindSecurity. Reaching over 6,000 readers per month, I use this online platform to:

• share detailed documentation of the CTFs I've solved, and
• post informative articles (from cybersecurity to programming and privacy).

This initiative not only solidifies my own understanding but also contributes to the community by providing resources for those looking to learn and grow in the field.

My technical foundation extends beyond offensive security. I served as a full-stack developer and systems administrator at the Infomundi Project. Infomundi is a Flask-based news aggregation and social platform that collects stories from RSS feeds worldwide, processes them with AI-powered summarization, and provides a social layer for users to engage with global news. The platform organizes content by geographic regions and categories, making it easy to discover news from any part of the world.

This dual perspective as both a builder and breaker gives me unique insight into how applications and infrastructure can be compromised, enabling me to provide comprehensive security assessments and actionable remediation strategies that development teams can actually implement.

A from-scratch build:

• Backend: Flask 3.1 with Blueprints architecture, MySQL 8.0 with SQLAlchemy ORM, Redis 7, Flask-SocketIO with eventlet workers, OpenAI API for summarization, and security features like Flask-WTF (CSRF) and Flask-Limiter (rate limiting)
• Frontend: Jinja2, Bootstrap 5, custom CSS and JS, Flask-Assets with minification, and Font Awesome for icons
• Status: Open Source

Always up for collabs, code reviews, or a quick security chat.