Eric Labrador

Bio

Eric Labrador is a Senior Red Team Operator with 6+ years of experience planning and executing adversary simulations against enterprise and financial sector organizations. He specializes in identifying high-impact attack paths across web applications, APIs, and LLM-based systems, combining deep technical skills in Active Directory exploitation, mobile security (Android & iOS), and infrastructure testing with hands-on experience in physical intrusion and social engineering operations.

Recognized contributor to the offensive security community through open-source tooling published on Burp Suite's BApp Store and published vulnerability research. Active bug bounty hunter on HackerOne with confirmed findings across multiple programs. Speaker at The Bug Hunter's Methodology Live from Jason Haddix on advanced reconnaissance techniques.

Certifications & Trainings

Burp Suite Extensions

Encode IP: IP encoding/obfuscation to bypass URL validation filters. Featured at BSides.
Header Snipper: Truncates verbose headers for cleaner report screenshots.
IP Tracker: Tracks IP address changes during testing sessions.
Match & Replace: Advanced match-and-replace rules for Burp traffic manipulation.

Recon & Monitoring

sub.Monitor: Passive subdomain continuous monitoring with automated scope filtering.
web.Monitor: Web content change detection and monitoring for reconnaissance workflows.

Exploitation

ImagePanick: SVG-to-RCE exploit chaining ImageMagick weak default policies with Ghostscript SAFER bypass. Achieves arbitrary file write via crafted SVG files.

Eric Labrador

Bio

Certifications & Trainings

Research Portfolio

Talks & Conferences

Burp Suite Extensions

Recon & Monitoring

Exploitation

Published Research

Featured