Hi there

I’m Pablo Caro. I’m currently working as IT Security Person. I like learning, hacking, tinkering, very hot coffee, some videogames, and music; among others. Sometimes, I am known as pcaro90 on the Internet.

My PGP key fingerprint is 59C6 2FE9 F9F9 9D95 24B6 AF26 2871 C649 5491 7E91. You can find my full ID on Keybase.io.

Some cool things I’m doing, or I have done, or I can do:

I like solving boot2root machines and finding creative solutions to programming problems, such as the the Cryptopals Crypto Challenges and Project Euler.
I have some certifications, including OSCP, OSCE and GREM (CTF winner, coin holder!).
I maintain my own micro-datacenter, which I use to self-host several applications, as well as to learn and practice about new techs.
I created Hermit, my very own monospaced font, because I didn’t quite like the rest.
I implemented SHA1, AES and the AES S-Box/Galois Field/Rcon using pure Python, just for learning and fun.
I can solve a 3x3x3 Rubik Cube in ~1 minute.

You can contact me by email or Twitter.

Talks

Projects

Baconhash

A lookup table for MD5, NTLM, SHA1, SHA256 and SHA512 hashes, with more than 12.6 billion entries.

Kaonashi

After the password crackaing study and talk “I know your p4$$w0rd (and if I don’t, I will guess it…)” Jaime Sánchez and I did for RootedCON 2019, everything was published in this repo so everyone can use the results.

Hermit

A monospaced font designed to be clear, pragmatic and readable.

Dotfiles

These are the configuration files I use to feel like home everywhere.

Tiny Toys

Python SHA1 implementation: A pure Python SHA1 implementation, as defined in FIPS-180-4.
Python AES implementation:A pure Python AES algorithm implementation, as defined in FIPS-197. Demo included.
Python AES base generator: This script generates the S-Box, Galois Field lookup and Rcon tables used in the AES algorithm.
Color Factors (demo): This is the demo I submitted to the JS1K 2013-spring competition.
pyCollisions2D: A tiny Python (PyGame) elastic collisions simulator.