Explore a curated selection of my work in full-stack development, showcasing expertise in Web 2, Web 3, and blockchain technologies:

• Moverz Groupies NFT Platform: purchase.ligroupies.com
  A minting platform designed for NFT ticketing with seamless user experience and blockchain integration.

• Moverz NFT Hidden Treasure: purchase.hiddentreasureli.com
  An interactive NFT minting dApp with treasure hunt mechanics and wallet support.

• Lost Cats NFT Minting DApp: lost-cats-ui.vercel.app
  Developed a user-friendly interface for minting unique digital collectibles.

• Personal Portfolio: johncruz.info
  A showcase of my professional journey, skills, and projects.

• Take-Home Magic Login Project: Project Demo
  Implemented Google Authentication with seamless user onboarding for a technical challenge.

• Python Security Scripts: GitHub Repository
  Scripts created as part of TCM Security training, focusing on practical security automation.

• 🖥 Full Stack Developer with a Focus on Security: Experienced in building robust applications using technologies like React.js, Next.js, Prisma, and Node.js, with an evolving interest in secure coding practices and application security.
• 🔒 Web Application Security Practitioner: Skilled in identifying and mitigating vulnerabilities, particularly those aligned with the OWASP Top 10, as part of hands-on penetration testing and secure development practices.
• 🎓 Educational Background: Bachelor’s degree in Information Systems Engineering with a minor in Technological Systems Management from Stony Brook University.
• 📫 Connect with Me: [email protected]

• Practical Web Pentest Associate (PWPA) by TCM Security:
  Demonstrated hands-on expertise in web application penetration testing by working with the OWASP Top 10 vulnerabilities. To earn the certification, I successfully exploited a web application using various tools and techniques, including authentication and authorization attacks, injection vulnerabilities, and insecure configurations. The process culminated in writing a detailed, professional CVSS-based penetration testing report, showcasing the ability to communicate findings and provide remediation strategies effectively.
  Certification Link
  

• CompTIA Security+: Comprehensive understanding of foundational security principles and practices.
  Certification Link
  

• Practical Junior Penetration Tester (PJPT) by TCM Security:
  Validated proficiency in performing internal network penetration testing, including Active Directory exploitation, reconnaissance, scanning, enumeration, and exploitation techniques. Successfully demonstrated lateral and vertical movements across network systems to compromise the exam Domain Controller. Delivered a comprehensive, professionally written penetration test report, including detailed findings, CVSS-based vulnerability assessments, and actionable remediation strategies.
  Certification Link
  

🔨 Professional Commitments:

- Freelance Developer with Moverz: Driving innovation in Web 3 applications and contributing to decentralized project development.
- Cybersecurity Training: Completed the Practical Junior Penetration Tester (PJPT) certification, with a focus on Active Directory and Network Penetration Testing.

🎯 Upcoming Goals:

• 🥋 Advance Web Application Security Expertise: Building on my PJPT certification, my next milestone is earning the TCM Security Practical Web Application Penetration Tester (PWPP) certification. This will sharpen my skills in web application security and penetration testing, aligning with my goal to specialize as a Web Application Security Engineer or a Security Role.
• 🛡 Community Mentor: Committed to fostering a motivated and skilled tech community. Actively mentoring in the TCM Security Discord and previously contributed to communities like Hashlips, Stractor, and Thirdweb.
• 🌐 Secure a Specialized Role in Application Security: Leveraging my combined expertise in web development and security to tackle complex application security challenges.

Welcome to PySecScripts, a curated collection of Python scripts designed for security testing and penetration testing. This repository showcases my expertise in developing automated tools to enhance network defense and streamline security assessments, ideal for cybersecurity enthusiasts and professionals looking to deepen their knowledge through Python.

📚 Python 101 for Hackers - TCM Security
I completed the Python 101 for Hackers course by TCM Security, where I gained foundational Python skills for cybersecurity and automation tasks.
Course Link

What I Learned:

• Python 2 and Python 3: Leveraging both versions for hacking and automation.
• Python Environment Setup: Installed and configured Python in Kali Linux with VirtualBox.
• Fundamental Programming Concepts: Mastered variables, data types, string formatting, booleans, operators, tuples, lists, dictionaries, sets, conditionals, functions, and loops.
• Security-Focused Programming: Skills in reading/writing files, handling user input, exception handling, comprehensions, and lambdas.
• Security Modules: Utilized hacking-focused Python modules for cybersecurity tasks.
• Practical Applications:
  • SSH login brute forcing
  • SHA-256 password cracking
  • Web login form brute forcing
  • SQL injection exploitation

Current Projects 📂

• SSH Brute Force Script: Automates attempts to log into an SSH server using common passwords, helping identify weak credentials.
• SHA-256 Hash Cracker Tool: Performs brute-force attacks on SHA-256 hashed passwords to find plaintext matches.
• Username and Password Brute Forcer Tool: Tests common username and password combinations on web-based login forms, underscoring the need for strong authentication.

Integrates Stripe payments and Thirdweb Engine to manage cryptocurrency transactions and NFT subscriptions, supporting scalability across over 1000 EVM blockchains for high transaction throughput.

🔍 What I Learned:

• 🛠️ Advanced integration of blockchain technology with traditional payment gateways like Stripe.
• 🔄 High-throughput transaction management across multiple EVM blockchains.
• 🛡️ Addressing security and scalability challenges specific to financial and blockchain systems.
• 📚 Used Thirdweb SDK, Magic SDK, Stripe API/Webhook, ReactJS, TypeScript
• 🔗 Integration of blockchain operations with e-commerce using the Thirdweb SDK.
• 🛍️ Improving user experience in blockchain applications by simplifying payment and purchasing flows.
• 🔐 Addressing security challenges specific to handling digital assets and payments.

A dynamic platform designed to support the handball community, featuring robust data management for player and tournament organization. Built with React, Next.js, Prisma, PostgreSQL, and Chakra UI, it emphasizes intuitive user design and high-efficiency data handling.

🔍 What I Learned:

• 🌐 Integrating a complex front end with a scalable back end using Prisma and PostgreSQL.
• 🎨 Building user-centric, responsive UIs with Chakra UI, enhancing the user experience.
• 💾 Handling and managing data for efficient storage and retrieval in large-scale applications.

A comprehensive collection of Java projects demonstrating advanced understanding of data structures, algorithms, and real-world applications. Highlights include a Baseball Card Manager, Baccarat game, Scheduler Manager, and Stony Brook Bus Simulator, showcasing proficiency in arrays, linked lists, stacks, queues, and graph-based systems.

🔍 What I Learned:

• 📊 Advanced Java programming concepts: applying data structures like linked lists, stacks, queues, and graph systems.
• 🧩 Object-oriented programming practices: encapsulation, inheritance, and polymorphism within each project.
• 🌍 Real-world application of theoretical concepts to build functioning applications.

A complex coding challenge solution focused on efficient data organization through API interactions and array manipulations, with solutions for rate limit handling and API error management using axios-retry.

🔍 What I Learned:

• ⚙️ Advanced API interaction handling, including error management and retry logic with axios-retry.
• 🗃️ Efficient data management and organization using array manipulation techniques.
• 🧠 Problem-solving under constraints like rate limits, improving solution efficiency.

Developed a scalable NFT minting service for the Solana blockchain, employing Metaplex's Candy Machine and wallet support for efficient drop management.

🔍 What I Learned:

• 🎉 Implementing blockchain-specific minting processes using Metaplex's Candy Machine on Solana.
• 💳 Managing wallet connections and transactions in a secure and user-friendly manner.
• ⚡ Understanding and optimizing the NFT minting process for efficiency and scalability.
• 🌏 Collaborated with developers globally to bring this and other projects to completion.