Josias Fabian

Josias Fabian

iamJfabian

Cybersecurity Professional & Pentester

Profile

Josias Fabian

iamJfabian

Cybersecurity Professional & Pentester

What I work with

Slack Slack
Airtable Airtable
Claude Claude Code
Cyver Cyver
Python
Java
Burp Suite Burp Suite
SP Reporter
Bash Bash
Fortinet Fortinet
MSSQL
Qualys Qualys
Cisco Cisco
Virus Total Virus Total
Ubiquiti Ubiquiti
JWT JWT
Postman Postman
Nginx Nginx
Wireshark Wireshark
.NET .NET
Ubuntu Ubuntu
Linux
Azure
Google Cloud
Oracle
AWS
MongoDB
Redis
MySQL
Neo4j
Docker
Python
Java
Linux
Azure
Google Cloud
Oracle
AWS
MongoDB
Redis
MySQL
Neo4j
Docker
LangChain
Windows
WordPress
vscode
Obsidian Obsidian
Notion
Joomla Joomla
Apache Apache
Laravel Laravel
Deepseek

Experience

Thoropass

Penetration Tester

2025 - Present

I conduct end-to-end penetration testing engagements across a wide range of targets including web applications, APIs, mobile apps (iOS & Android), internal networks (Windows & Linux), and cloud environments (AWS, Azure, GCP). I deliver detailed technical and executive-level reports with clear remediation guidance, working closely with clients throughout scoping, execution, and remediation validation.

Cybersecurity Blue Team & Red Team

Penetration Tester

2024 - 2025

I work as a Penetration Tester, conducting comprehensive offensive security assessments across cloud infrastructures, web platforms, mobile applications, and internal networks. My role involves simulating real-world cyberattacks to identify and exploit vulnerabilities before malicious actors can. I specialize in Azure security, where I uncover misconfigurations and abuse identity mechanisms to demonstrate risk impact. I also develop custom payloads tailored to specific environments and automate reconnaissance, exploitation, and post-exploitation workflows to maximize efficiency. My findings are documented in detailed technical reports and high-level executive summaries, providing clear remediation guidance and strategic risk mitigation insights for stakeholders.

Grey Matter Technologies / Hotel W&P Santo Domingo

Infrastructure Manager - Outsourced to Hotel W&P

2023 - Past

I served as the Infrastructure Manager, where I led the end-to-end design, deployment, and lifecycle management of secure, high-performance IT systems across both on-premises and cloud environments. My responsibilities included architecting resilient network and server infrastructures, implementing robust cybersecurity controls, and optimizing system performance for critical business operations. I ensured high availability and business continuity through strategic backup, monitoring, and disaster recovery solutions. Additionally, I directed cross-functional teams in delivering infrastructure upgrades, enforced compliance with industry security standards, and continuously evaluated emerging technologies to enhance operational efficiency and scalability.

Side Projects

Custom Vulnerability Scanner

Built a lightweight scanner for internal web apps using Go and Nuclei templates.

Go Nuclei Docker
View Project →

Azure Recon Suite

Freelance project to automate enumeration of Azure tenants for a client.

Python PowerShell Azure CLI
View Project →

Certifications

Burp Suite Certified Practitioner (BSCP)

Issued: 2024

Certified Bug Bounty Hunter (CBBH)

Issued: 2024

Certified Pentesting Against Azure Cloud (CPAZ)

Issued: 2024

Certified Web Exploitation Expert (CWEE) (Locked)

Issued: In Progress

Projects

Azure Pwnsuite

Azure Pwnsuite

Learn More
View All

Blogs

26 May 2025

Compromising an Azure Tenant via XXE OOB and web.config Exfiltration

View All