Alejandro Parodi
Offensive Security Engineer & Founder
Offensive Security Engineer, Red Teamer, and Founder with over 10 years of hands-on experience in cybersecurity, deep tech, and startup building. Currently building Volt AI, combining offensive security expertise with AI-driven automation to identify, exploit, and remediate vulnerabilities across modern infrastructure.
Available for opportunities
About
I blend deep technical expertise with strategic leadership. I've led red teams, trained offensive engineers, built advanced tooling for exploitation and post-exploitation, closed security deals with CXOs, and supported startups from both a technical and business standpoint. I'm currently building Volt AI, a platform that merges offensive security with autonomous AI agents simulating real-world attacks, exploiting vulnerabilities, and delivering code-level fixes at scale.
Current Projects
Volt AI
AI Security for the Future. We combine cybersecurity with artificial intelligence to anticipate, detect and neutralize threats in real-time. Protect your business with the power of AI.
Volt AI combines cybersecurity with artificial intelligence to anticipate, detect and neutralize threats in real-time.
Main Products:
- • Volt Brain: Superpowers for your SIEM with automated detection and response
- • Volt IØ: 24/7 virtual hacker that finds vulnerabilities before attackers
- • Volt APT: Automated internal pentesting that learns and attacks your network
Protect your business with the power of predictive AI.
Hackmetrix
Increase your company security and obtain certifications easily. Get certified 10 times faster in standards like ISO 27001 and PCI DSS with our platform.
Cybersecurity platform that helps companies get certified 10 times faster in standards like ISO 27001 and PCI DSS.
Main Solutions:
- • ISO 27001: Information security certification
- • PCI DSS: Payment processing compliance
- • Ethical Hacking: Professional penetration testing
Clients: Mercado Libre, Datamart, Buk, Fracttal, Talana, PixelPay
Recognition: Forbes, Bloomberg, El Mercurio, Diario Financiero
Nimhawk Framework
A powerful, modular, lightweight and efficient command & control framework written in Nim. Advanced C4 framework with reflective .NET execution, direct syscalls, and encrypted communication between implants.
Advanced C4 framework written in Nim with reflective .NET execution, direct syscalls and encrypted communication between implants.
Key Features:
- • Modular and efficient framework for command & control
- • Reflective .NET execution to evade detection
- • Direct syscalls for EDR bypass
- • Encrypted communication between implants
- • 187+ stars on GitHub, 30 forks
Essential tool for red team operations.
Offensive Crew
Autonomous AI-driven system designed to perform end-to-end web application penetration testing — from reconnaissance to exploitation, reporting, and remediation. Built as a graph of specialized agents with autonomous offensive reasoning.
Autonomous AI-driven system designed to perform end-to-end web application penetration testing.
Architecture as a graph of specialized agents:
- 🤖 Autonomous offensive reasoning based on context
- 🕸️ Distributed scraping and attack surface mapping
- 🧠 Technical and business logic analysis
- ⚔️ Automated exploitation chains
- 📄 Reports and fix suggestions
Combines the speed of automation with the strategic thinking of human red teamers.
My TOP Research
- CVE-2018-16119: TP-Link Router Remote Code Execution
Remote Code Execution vulnerability in MIPS-based TP-LINK router firmware with advanced ROP exploitation.
- TP-Link Firmware Vulnerabilities: Automated Analysis
Advanced firmware vulnerability research using Ghidra scripting and automated binary analysis.
- Mercury Browser Intent Hijacking: Android File Manager Exploit
Critical intent hijacking vulnerability in Mercury Browser for Android enabling arbitrary file upload and code execution through file manager abuse.
- VLC 2.2.6 Stack Overflow: ActiveX Plugin Exploitation
Stack overflow vulnerability in VLC Media Player exploitable via Internet Explorer ActiveX plugin with heap spraying.
- Audacious 3.8/3.9 Stack Overflow: Deep Dive Analysis
Critical stack overflow vulnerability in Audacious Player discovered through advanced fuzzing and exploitation techniques.
- QQPlayer 3.9 Heap Overflow: Matroska Exploitation
Heap overflow vulnerability in QQPlayer discovered through WinAFL fuzzing with Matroska container exploitation.
- LimeSurvey RCE via TCPDF PHP Object Injection
Remote Code Execution through TCPDF PHAR deserialization attacks demonstrating advanced PHP object injection techniques.
- WIX Premium Zone Bypass: API Security Vulnerability
Critical authentication bypass vulnerability in WIX.com's premium zone allowing unauthorized access to protected content.
- Shellshock QMAIL Exploitation: SMTP Injection Attack
Advanced exploitation of CVE-2014-6271 (Shellshock) through QMAIL SMTP servers via header injection techniques.
- License Plate OSINT: Argentina Vehicle Registry
Reverse-engineering Argentina's license plate system to track hit-and-run drivers using client-side JavaScript vulnerabilities.
My CVEs
Nextcloud Extract RCE
Remote Code Execution via shell metacharacters in RAR filename extraction.
Read Blog Post →LimeSurvey Path Traversal
Directory traversal vulnerability enabling arbitrary file downloads via unsanitized parameters.
Read Blog Post →Moodle Blind SSRF
Blind Server-Side Request Forgery vulnerability allowing internal network reconnaissance and data exfiltration.
Read Blog Post →TP-LINK WR1043ND RCE
Remote Code Execution vulnerability in MIPS-based TP-LINK router firmware.
Read Blog Post →Always searching for new ones.
Active vulnerability research in progress across multiple target platforms and applications.
Coming soon...Always searching for new ones.
Active vulnerability research in progress across multiple target platforms and applications.
Coming soon...Bug Bounty Achievements
Real impact, real rewards
I don’t do side projects — I do side payloads.
Some of my work can't be showed due to NDAs.
Contributions and Collaborations
Metasploit Framework
Contributor to exploitation modules
Open Source Tools
Contributions to security tooling
Private Vulnerability Disclosure
Academic institutions and major platforms
C2 Framework Development
Advanced command & control framework research
Exploit Code Shared with Community
Public exploit releases and PoC code
Experience
Founder
Volt AI
2025 – Present
- Building a company focused on scaling offensive security through autonomous AI agents
- Helping organizations identify, exploit, and remediate vulnerabilities — from web apps to AI systems
- Designing secure-by-default AI architectures by blending red team tactics with modern ML pipelines
- Developing custom offensive tooling and methodologies for LLMs, vector databases, and agentic systems
Co-Founder & CTO
Hackmetrix
2018 - 2025
- Co-founded cybersecurity startup that raised $3M in venture capital
- Expanded operations to 7 countries across Latin America
- Reached $3M in annual recurring revenue (ARR)
- Led the Offensive Security division managing technical teams and building offensive pipelines
- Translated business risks into real-world attack simulations
Senior Security Consultant
Include Security, VerSprite, Faraday
2015 - 2018
- Conducted red team engagements and penetration testing
- Specialized in web application and network security
- Participated in research groups and contributed to CVEs
- Developed custom offensive tools and methodologies
Press & Media
Financial Media
Major financial publications coverage
Video & Podcasts
TV interviews & digital content
Certifications
Want to know what I am reading?
X Posts
Latest insights on offensive security, cybersecurity research, and my way to see the world
Follow me on Twitter @hdbreaker_ for real-time updates
Wanna hear me play some music?
Music & Creativity
Music helps me think differently about problem-solving and creativity. Check out my tracks where I explore different genres and experiment with sound.
Listen on SoundCloudBehind the Scenes
A little bit about my life
There’s a person behind the screen. Here I share a bit of my daily life, travels, and human side.
Curious about my life?