Author

Pedro Tavares is a professional in the field of information security, working as an Ethical Hacker/Pentester, Malware Researcher, and also Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.

In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), exploitation, malware, hacking, IoT, and security in Active Directory networks.  He is also a Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens. This blog aims to convey the importance of security in this era of digital information, thus delivering content in article format and also in small videos shared here and also on the Youtube channel.

Pedro Tavares é um profissional na área da segurança da informação, exercendo funções como Ethical Hacker/Pentester, Analista de Malware e também como Evangelizador na área da Cibersegurança . Ele é também membro fundador no CSIRT.UBI e Editor-in-Chief do blog seguranca-informatica.

Nestes últimos anos tem investido muito do seu esforço no ramo da segurança da informação, explorando e analisando os mais diversos temas, na vertente do pentesting (Kali Linux), exploits, malware, hacking, IoT e segurança em redes Active Directory. Ele é também Freelance Writer e criados do 0xSI_f33d – um feed que compila ameças de phishing e malware ocorrida dentro do ciberespaço portugues. Este blog tem como objetivo passar a mensagem da importância da segurança nesta era da informação digital, entregando, assim, conteúdo em formato de artigo digital e também em pequenos vídeos aqui partilhados  e  também no canal do Youtube.

	github.com/sirpedrotavares/
	https://www.linkedin.com/in/sirpedrotavares
	twitter.com/sirpedrotavares
	ptavares[at]seguranca-informatica[dot]pt

Pretty Good Privacy Public Key (PGP)

-----BEGIN PGP PUBLIC KEY BLOCK-----
xjMEXtwFlxYJKwYBBAHaRw8BAQdAky9W4n+KSnA6dR08VBFXwT7GZpaJdQUJ
tQZepb51VdvNMVBlZHJvIFRhdmFyZXMgPHB0YXZhcmVzQHNlZ3VyYW5jYS1p
bmZvcm1hdGljYS5wdD7CfQQQFgoAJQUCXtwFlwUJcPt8gAYLCQcIAwIEFQgK
AgMWAgECGQECGwMCHgEACgkQl7FZxQZxhOH5kAD/cOBnT0W/zYbgJRgfmCj2
TAXDBzpqGpyDyWcysRpAuSEA/0GZfpYXGDQKj753wVqaIZPF0xvCMfXVdwr1
1fPbr4EGzjgEXtwFlxIKKwYBBAGXVQEFAQEHQBdlg9//p06IM+O0X3UaaAYG
5cUH7Q0kYLpGVfLcJPlfAwEIB8JnBBgWCAAPBQJe3AWXBQlw+3yAAhsMAAoJ
EJexWcUGcYTh0GgA+gMVjAGcrX2ZfGJpXfdtw4lBwBrBFPaH2YN30RIxscfM
AQDlv7fc9snAulcWuJsXgnqrxN+Rzvvhgm4DHCHHuCweBw==
=rGNb
-----END PGP PUBLIC KEY BLOCK-----

–My badges–

• • RED TEAM Operator: Privilege Escalation in Windows
  • RED TEAM Operator: Malware Development Essentials
  • RED TEAM Operator: Windows Persistence
  • RED TEAM Operator: Malware Development Intermediate

Relevant Projects / Projetos Relevantes

– Seguranca-Informática Blog: Breaking News, Research papers, Malware and Phishing campaigns impacting Portugal
– 0xSI_f33d: a feed that compiles phishing and malware campaigns targeting Portuguese citizens
– Threat Report Portugal: published in each quarter)
– Red Teaming and Malware Analysis – GitBook: A list of exploits and laboratories about Red Teaming and Malware. This list compiles some techniques, tricks, payloads, and tools I’m using during my red teaming experiments.
– wifi-Lord3: A rogue app tool available on GitHub.
– 100% anonymous and compliant voting system.
– Red Teaming/Pentesting assessments for several companies, including international airports, banking institutions, Portuguese firms and their software/apps/networks, and so on. The scope is defined as presented below:

• • Web applications
  • Mobile apps
  • Infrastructure / Internal networks
  • Active Directory
  • Cloud-based apps/infrastructures (Azure, AWS, etc)

– Source-code and IoC contribution on several open projects/sources (GitHub tools, Awesome lists, exploits, Yaras, IoCs, etc).

Online Publications / Publicações Online (para além do blog)

2021
– A taste of the latest release of QakBot, [1], May 2021
– VMware vCenter vulnerability: Inside a critical remote code execution flaw, Infosec. Institute, May 2021
– New Sudo flaw used to root on any standard Linux installation, Infosec. Institute, April 2021
– TeamTNT evades detection with new malware using ld_preload technique, Infosec. Institute, April 2021
– Turla Crutch backdoor: analysis and recommendations, Infosec. Institute, April 2021
– Blackrota abused Docker remote API to deliver CobalStrike beacon, Infosec. Institute, April 2021
– APT Sandworm (NotPetya) technical overview, Infosec. Institute, April 2021
– Malicious Excel attachments bypass security controls using .NET library, Infosec. Institute, April 2021
– Volodya/BuggiCorp Windows exploit developer: What you need to know, Infosec. Institute, March 2021
– MRBMiner malware: What it is, how it works and how to prevent it | Malware spotlight, Infosec. Institute, March 2021
– Fileless Windows Error Reporting (WER) malware attack: Technical overview and walkthrough, Infosec. Institute, March 2021
– Bandook malware: What it is, how it works and how to prevent it, Infosec. Institute, March 2021
– Ghimob Trojan Banker: What it is, how it works and how to prevent it | Malware spotlight, Infosec. Institute, March 2021
– Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware, [1], [2], [3], [4] February 2021
– SonicWall firewall VPN vulnerability (CVE-2020-5135): Overview and technical walkthrough, Infosec. Institute, February 2021
– Stantinko Trojan: What it is, how it works, and how to prevent it | Malware spotlight, Infosec. Institute, February 2021
– Vizom malware: What it is, how it works and how to prevent it | Malware spotlight, Infosec. Institute, February 2021
– Exploiting built-in network protocols for DDoS attacks, Infosec. Institute, February 2021
– Zerologon CVE-2020-1472: Technical overview and walkthrough, Infosec. Institute, February 2021
– RansomExx: The malware that attacks Linux OS, Infosec. Institute, January 2021
– RegretLocker ransomware: What it is, how it works and how to prevent it | Malware spotlight, Infosec. Institute, January 2021
– Installing and Configuring CentOS 8 on Virtualbox, Infosec. Institute, January 2021
– Lazarus’s VHD ransomware: What it is, how it works, and how to prevent it | Malware spotlight, Infosec. Institute, January 2021

2020
– Anubis Network – The Evolution of the phishing schema, December 2020
– Drovorub malware: What it is, how it works and how to prevent it | Malware spotlight, Infosec. Institute, December 2020
– Hashcat Tutorial for Beginners [updated 2021], Infosec. Institute, December 2020
– How to hack a phone charger, Infosec. Institute, December 2020
– BlindingCan malware: What it is, how it works and how to prevent it | Malware spotlight, Infosec. Institute, December 2020
– Emotet returns in summer 2020 with new improvements, Infosec. Institute, December 2020
– WastedLocker malware: What it is, how it works and how to prevent it | Malware spotlight, Infosec. Institute, December 2020
– Android vulnerability allows attackers to spoof any phone number, Infosec. Institute, December 2020
– What is a side-channel attack?, Infosec. Institute, November 2020
– NetWire malware: What it is, how it works and how to prevent it | Malware spotlight, Infosec. Institute, November 2020
– Sim, sou um hacker, Revista Comunicações – APDC, 13 October, 2020
– MalLocker Android ransomware: What it is, how it works and how to prevent it | Malware spotlight, Infosec. Institute, November 2020
– Troystealer malware: What it is, how it works and how to prevent it | Malware spotlight, Infosec. Institute, October 2020
– How to create a subdomain enumeration toolkit, Infosec. Institute, October 2020
– Using Merlin agents to evade detection, Infosec. Institute, October 2020
– Fuzzing introduction: Definition, types and tools for cybersecurity pros, Infosec. Institute, September 2020
– Hacking Microsoft Teams vulnerabilities: A step-by-step guide, Infosec. Institute, September 2020
– LockBit malware: What it is, how it works and how to prevent it | Malware spotlight, Infosec. Institute, September 2020
– Ransomware deletion methods and the canary in the coal mine, Infosec. Institute, September 2020
– Threat analysis: The emergent URSA trojan impacts many countries using a sophisticated loader [1],[2],[3],[4] September 15th, 2020
– Bypassing security products via DNS data exfiltration, Infosec. Institute, 03 August 2020
– Netwalker malware: What it is, how it works and how to prevent it | Malware spotlight, Infosec. Institute, Jully, 2020
– New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader [1], July 2020
– Benefits of A Security Operation Center (SOC), Cyber Defense Magazine, p.50-52, July 2020
– Ragnar Locker malware: what it is, how it works and how to prevent it | Malware spotlight, Infosec. Institute, June 25th, 2020
– TroyStealer – A new info stealer targeting Portuguese Internet users [1], [2] June 2020
– The Ransomware Age and How to Fight It, [1] Cyber Defense Magazine, p.122-127, June 2020
– In-depth analysis of a trojan banker impacting Portugal and Brazil, June 1st, 2020
– The updated Grandoreiro Malware equipped with latenbot-C2 features in Q2 2020 now extended to Portuguese banks, [1], May 26th, 2020
– Trojan Lampion is back after 3 months, [1], May 11th, 2020
– Brazilian trojan banker is targeting Portuguese users using browser overlay, [1], May 6th, 2020
– 2020 NIST ransomware recovery guide: What you need to know, Infosec. Institute, May 6th, 2020
– COVID-19: How to Take Advantage of Teleworking, [1], Cyber Defense Magazine, p.31-33, May 2020
– COVID-19: How criminals take advantage of the pandemic, Infosec. Institute, April 21st, 2020
– Hackers are again attacking Portuguese banking organizations via Android Trojan-Banker, [1], April 15th, 2020
– Lampion malware: what it is, how it works and how to prevent it | Malware spotlight, Infosec. Institute, April 15th, 2020
– Malware – A Cyber Threat for 2020, [1], Cyber Defense Magazine, p. 74-76, March 2020
– Lampion malware v2 February 2020, [1], February 24th, 2020
– [Whitepaper] A Landscape of Malware used on the Portuguese Top Level Domain [1], [2], CipherLabs, 29 January, 2020
– How to Build a Career in Cyber Security, Cyber Defense Magazine, p.64-66, January 2020

2019
– Targeting Portugal: A new trojan ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax [1], [2], [3], [4], [5], [6], [7], [8] December 26th, 2019
– Top cybersecurity certifications to consider for your IT career [1], October 10th, 2019
– The Role of Certifications for a Cyber Security Profissional, Cyber Defense Magazine, p.145-148, August 2019
– Security for Your Holidays, Cyber Defense Magazine, p. 89-91, June 2019
– Backups like The Last Resort, Cyber Defense Magazine, p. 39-41, May 2019
– EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services [1], [2], [3], [4], April 10th, 2019
– HTTPS — what kind of data is not protected by default, Cyber Defense Magazine, p. 79-82, April, 2019
– LockerGoga is the most active ransomware that focuses on targeting companies and bypass AV signature-based detection [1], March 20th, 2019
– How to Protect Files With Canary Tokens, Infosec. Institute, March 6th, 2019
– Secure Coding Resources: Popular Books, Whitepapers, Tutorials and More, Infosec. Institute, March 6th, 2019
– The story of the JCry ransomware spread in #OpJerusalem2019 is now infecting Windows users [1], [2], March 5th, 2019
– FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle [1], [2], [3], March 1st, 2019
– Cross-site Scripting is an Underatted Vulnerability, Cyber Defense Magazine, p. 38-41, March, 2019
– The Muncy malware is on the rise [1], [2], [3], February 18th, 2019
– Cybersecurity as a Priority in 2019, Cyber Defense Magazine, p. 67-70, February, 2019
– Cybersecurity For Kids [1], Cyber Defense Magazine, p. 48-51, January, 2019

2018
– Palavras-passe: O método fraco de autenticação, Computer World, 12 December, 2018
– Passwords and Honeywords, Cyber Defense Magazine, p. 95-98, December, 2018
– Best Practices for Conducting a Risk-Based Internal Audit, Infosec. Institute, 29 November, 2018
– Passwords are the weakest authentication method, Cyber Defense Magazine, p. 101-104, November, 2018
– How To Create an Employee Cybersecurity Awareness Strategy, Infosec. Institute, 29 October, 2018
– Cybersecurity as a Mandatory Rule in this Era, Cyber Defense Magazine, p. 75-78, October, 2018
– Como Surge o RGPD e Quem é o Data Protection Officer , Revista PROGRAMAR, edição 60, 27 setembro 2018
– HTTPS – Que Informação é Protegida , Revista PROGRAMAR, edição 60, 27 setembro 2018
– Crypto-jacking via ARP Poisoning em redes WiFi, Revista PROGRAMAR, edição 60, 27 setembro 2018
– Vulnerabilidades Web em 2017, Revista PROGRAMAR, edição 60, 27 setembro 2018
– Spear-phishing Is The Next Threat After A Data Breach, Cyber Defense Magazine, September, 2018
– Cyberhygiene as a Mandatory Doctrine for all Organizations, Infosec. Institute, 23 August, 2018
– SolarWinds – LEM, Infosec. Institute, 16 August, 2018
– The Art Of Phishing And How To Fight It, Cyber Defense Magazine, August Edition, 2018
– Risk Management, Infosec. Institute, 30 Jully, 2018
– Cyber Hygiene is Everyone’s Job, Cyber Defense Magazine, Jully Edition, 2018
– Detecting Data Breaches with Honeywords, Infosec. Institute, 02 Jully, 2018
– Security+: Cloud And Virtualization Concepts, Infosec. Institute, 27 June, 2018
– Security+: Risk Management Processes And Concepts, Infosec. Institute, 27 June, 2018
– Mechanics Behind Ransomware-as-a-Service, Infosec. Institute, 14 June, 2018
– BEC Attacks: How Attorney Impersonation Works, Infosec. Institute, 10 May, 2018
– BEC Attacks: How Email Account Compromise Works, Infosec. Institute, 10 May, 2018
– The Art of Fileless Malware, Infosec. Institute, 07 May, 2018
– How Business Email Compromise Attacks Work: A Detailed Case Study, Infosec. Institute, 09 April, 2018
– Hashcat Tutorial for Beginners, Infosec. Institute, 09 April, 2018
– Malicious Crypto-miner in Wireless Networks, Infosec. Institute, 23 March, 2018
– New Era of Crypto-jacking, Infosec. Institute, 6 March, 2018
– More Free/Open Source Forensics Tools, Infosec. Institute, 27 February, 2018
– RGPD – O Antes e o Depois, Revista PROGRAMAR, edição 59, 21 fevereiro 2018
– Vulnerabilidades Web em 2017, Revista PROGRAMAR, edição 59, 21 fevereiro 2018
– Incident Response and Forensics, Infosec. Institute, 30 January, 2018

2017
– Identidade Digital e a Blockchain, 20 dezembro 2017
– Segurança em Aplicações Android, Revista PROGRAMAR, edição 58, 27 novembro 2017
– Blockchain and Merkle Tree, Revista PROGRAMAR, edição 58, 27 novembro 2017
– Revolução da Blockchain – A Tecnologia do Futuro, Revista PROGRAMAR, edição 58, 27 novembro 2017
– Pseudorandom Number Generators, Revista PROGRAMAR, edição 57, 07 outubro 2017
– A Revolução pós-Internet? Blockchain, 06 de setembro de 2017
– A Revolução da Blockchain – A Tecnologia do Futuro, 17 de julho 2017
– Artigo no jornal online Observador sobre “black hat” e “white hat” hackers em Portugal., 20-06-2017
– A Anatomia de um IDS Moderno, 01-03-2017

Conference Papers  / Artigos em Conferências Científicas

Ricardo X. P. Santos, Diogo A. B. Fernandes, Pedro Tavares, Mário M. Freire, and Pedro R. M. Inácio, PassCrackGUI — A Graphical User Interface for Password Cracking Tools, in Proceedings of the 10th Conference on Telecommunications (ConfTele2015), Aveiro, Portugal, September 17-18, 2015, pp. 0-4.

Ricardo X. P. Santos, Diogo A. B. Fernandes, Pedro Tavares, Mário M. Freire, and Pedro R. M. Inácio, Analysis of Password Habits and Leaked Databases, in Atas do 7º Simpósio de Informática (INForum 2015), Covilhã, Portugal, September 7-8, 2015, pp. 0-11.

– Speaker – Strategies to develop FUD malware – III Jornadas de InfoWeb — UBI, March 21th, 2019
– Formador – Regulamento Geral de Proteção de Dados e Segurança da Informação – Associação Empresarial do Sabugal (ADES), 20 de outubro de 2018.
– Formador – Regulamento Geral de Proteção de Dados e Segurança da Informação – Associação Empresarial do Sabugal (ADES), 26 de julho de 2018.
– Formador –  Regulamento Geral de Proteção de Dados e Segurança da Informação – Biblioteca Municipal de Gouveia (powered by Int3Gr4r), 24 de julho de 2018.
– Formador – Workshop Regulamento Geral de Proteção de Dados, Universidade da Beira Interior (powered by CFIUTE), 24 de maio de 2018. (ver vídeo aqui).
– Orador – A Nova Era do Crypto-jacking, Jornadas de Cibersegurança – UBI, 21 de março de 2018.