Author

Pedro Tavares é um profissional na área da segurança da informação, exercendo funções como Ethical Hacker, Analista de Malware e também como Evangelizador na área da Cibersegurança . Ele é também membro fundador no CSIRT.UBI e Editor-in-Chief do blog seguranca-informatica.

Nestes últimos anos tem investido muito do seu esforço no ramo da segurança da informação, explorando e analisando os mais diversos temas, na vertente do pentesting (Kali Linux), malware, hacking, cybersecurity, IoT e segurança em redes de computador. Ele é também Freelance Writer. Este blog tem como objetivo passar a mensagem da importância da segurança nesta era da informação digital, entregando, assim, conteúdo em formato de artigo digital e também em pequenos vídeos aqui partilhados  e  também no canal do Youtube.

Pedro Tavares is a professional in the field of information security, working as an Ethical Hacker, Malware Analyst and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.

In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, hacking, cybersecurity, IoT and security in computer networks.  He is also Freelance Writer. This blog aims to convey the importance of security in this era of digital information, thus delivering content in article format and also in small videos shared here and also on the Youtube channel.

	github.com/sirpedrotavares/
	https://www.linkedin.com/in/sirpedrotavares
	twitter.com/sirpedrotavares
	ptavares[at]seguranca-informatica[dot]pt

Pretty Good Privacy Public Key (PGP)

-----BEGIN PGP PUBLIC KEY BLOCK-----
xjMEXtwFlxYJKwYBBAHaRw8BAQdAky9W4n+KSnA6dR08VBFXwT7GZpaJdQUJ
tQZepb51VdvNMVBlZHJvIFRhdmFyZXMgPHB0YXZhcmVzQHNlZ3VyYW5jYS1p
bmZvcm1hdGljYS5wdD7CfQQQFgoAJQUCXtwFlwUJcPt8gAYLCQcIAwIEFQgK
AgMWAgECGQECGwMCHgEACgkQl7FZxQZxhOH5kAD/cOBnT0W/zYbgJRgfmCj2
TAXDBzpqGpyDyWcysRpAuSEA/0GZfpYXGDQKj753wVqaIZPF0xvCMfXVdwr1
1fPbr4EGzjgEXtwFlxIKKwYBBAGXVQEFAQEHQBdlg9//p06IM+O0X3UaaAYG
5cUH7Q0kYLpGVfLcJPlfAwEIB8JnBBgWCAAPBQJe3AWXBQlw+3yAAhsMAAoJ
EJexWcUGcYTh0GgA+gMVjAGcrX2ZfGJpXfdtw4lBwBrBFPaH2YN30RIxscfM
AQDlv7fc9snAulcWuJsXgnqrxN+Rzvvhgm4DHCHHuCweBw==
=rGNb
-----END PGP PUBLIC KEY BLOCK-----

Publicações Online (para além do blog) / Online Publications

2020
– NetWire malware: What it is, how it works and how to prevent it | Malware spotlight, Infosec. Institute, November 2020
– Sim, sou um hacker, Revista Comunicações – APDC, 13 October, 2020
– MalLocker Android ransomware: What it is, how it works and how to prevent it | Malware spotlight, Infosec. Institute, November 2020
– Troystealer malware: What it is, how it works and how to prevent it | Malware spotlight, Infosec. Institute, October 2020
– How to create a subdomain enumeration toolkit, Infosec. Institute, October 2020
– Using Merlin agents to evade detection, Infosec. Institute, October 2020
– Fuzzing introduction: Definition, types and tools for cybersecurity pros, Infosec. Institute, September 2020
– Hacking Microsoft Teams vulnerabilities: A step-by-step guide, Infosec. Institute, September 2020
– LockBit malware: What it is, how it works and how to prevent it | Malware spotlight, Infosec. Institute, September 2020
– Ransomware deletion methods and the canary in the coal mine, Infosec. Institute, September 2020
– Threat analysis: The emergent URSA trojan impacts many countries using a sophisticated loader [1],[2],[3],[4] September 15th, 2020
– Bypassing security products via DNS data exfiltration, Infosec. Institute, 03 August 2020
– Netwalker malware: What it is, how it works and how to prevent it | Malware spotlight, Infosec. Institute, Jully, 2020
– New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader [1], July 2020
– Benefits of A Security Operation Center (SOC), Cyber Defense Magazine, p.50-52, July 2020
– Ragnar Locker malware: what it is, how it works and how to prevent it | Malware spotlight, Infosec. Institute, June 25th, 2020
– TroyStealer – A new info stealer targeting Portuguese Internet users [1], [2] June 2020
– The Ransomware Age and How to Fight It, [1] Cyber Defense Magazine, p.122-127, June 2020
– In-depth analysis of a trojan banker impacting Portugal and Brazil, June 1st, 2020
– The updated Grandoreiro Malware equipped with latenbot-C2 features in Q2 2020 now extended to Portuguese banks, [1], May 26th, 2020
– Trojan Lampion is back after 3 months, [1], May 11th, 2020
– Brazilian trojan banker is targeting Portuguese users using browser overlay, [1], May 6th, 2020
– 2020 NIST ransomware recovery guide: What you need to know, Infosec. Institute, May 6th, 2020
– COVID-19: How to Take Advantage of Teleworking, [1], Cyber Defense Magazine, p.31-33, May 2020
– COVID-19: How criminals take advantage of the pandemic, Infosec. Institute, April 21st, 2020
– Hackers are again attacking Portuguese banking organizations via Android Trojan-Banker, [1], April 15th, 2020
– Lampion malware: what it is, how it works and how to prevent it | Malware spotlight, Infosec. Institute, April 15th, 2020
– Malware – A Cyber Threat for 2020, [1], Cyber Defense Magazine, p. 74-76, March 2020
– Lampion malware v2 February 2020, [1], February 24th, 2020
– [Whitepaper] A Landscape of Malware used on the Portuguese Top Level Domain [1], [2], CipherLabs, 29 January, 2020
– How to Build a Career in Cyber Security, Cyber Defense Magazine, p.64-66, January 2020

2019
– Targeting Portugal: A new trojan ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax [1], [2], [3], [4], [5], [6], [7], [8] December 26th, 2019
– Top cybersecurity certifications to consider for your IT career [1], October 10th, 2019
– The Role of Certifications for a Cyber Security Profissional, Cyber Defense Magazine, p.145-148, August 2019
– Security for Your Holidays, Cyber Defense Magazine, p. 89-91, June 2019
– Backups like The Last Resort, Cyber Defense Magazine, p. 39-41, May 2019
– EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services [1], [2], [3], [4], April 10th, 2019
– HTTPS — what kind of data is not protected by default, Cyber Defense Magazine, p. 79-82, April, 2019
– LockerGoga is the most active ransomware that focuses on targeting companies and bypass AV signature-based detection [1], March 20th, 2019
– How to Protect Files With Canary Tokens, Infosec. Institute, March 6th, 2019
– Secure Coding Resources: Popular Books, Whitepapers, Tutorials and More, Infosec. Institute, March 6th, 2019
– The story of the JCry ransomware spread in #OpJerusalem2019 is now infecting Windows users [1], [2], March 5th, 2019
– FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle [1], [2], [3], March 1st, 2019
– Cross-site Scripting is an Underatted Vulnerability, Cyber Defense Magazine, p. 38-41, March, 2019
– The Muncy malware is on the rise [1], [2], [3], February 18th, 2019
– Cybersecurity as a Priority in 2019, Cyber Defense Magazine, p. 67-70, February, 2019
– Cybersecurity For Kids [1], Cyber Defense Magazine, p. 48-51, January, 2019

2018
– Palavras-passe: O método fraco de autenticação, Computer World, 12 December, 2018
– Passwords and Honeywords, Cyber Defense Magazine, p. 95-98, December, 2018
– Best Practices for Conducting a Risk-Based Internal Audit, Infosec. Institute, 29 November, 2018
– Passwords are the weakest authentication method, Cyber Defense Magazine, p. 101-104, November, 2018
– How To Create an Employee Cybersecurity Awareness Strategy, Infosec. Institute, 29 October, 2018
– Cybersecurity as a Mandatory Rule in this Era, Cyber Defense Magazine, p. 75-78, October, 2018
– Como Surge o RGPD e Quem é o Data Protection Officer , Revista PROGRAMAR, edição 60, 27 setembro 2018
– HTTPS – Que Informação é Protegida , Revista PROGRAMAR, edição 60, 27 setembro 2018
– Crypto-jacking via ARP Poisoning em redes WiFi, Revista PROGRAMAR, edição 60, 27 setembro 2018
– Vulnerabilidades Web em 2017, Revista PROGRAMAR, edição 60, 27 setembro 2018
– Spear-phishing Is The Next Threat After A Data Breach, Cyber Defense Magazine, September, 2018
– Cyberhygiene as a Mandatory Doctrine for all Organizations, Infosec. Institute, 23 August, 2018
– SolarWinds – LEM, Infosec. Institute, 16 August, 2018
– The Art Of Phishing And How To Fight It, Cyber Defense Magazine, August Edition, 2018
– Risk Management, Infosec. Institute, 30 Jully, 2018
– Cyber Hygiene is Everyone’s Job, Cyber Defense Magazine, Jully Edition, 2018
– Detecting Data Breaches with Honeywords, Infosec. Institute, 02 Jully, 2018
– Security+: Cloud And Virtualization Concepts, Infosec. Institute, 27 June, 2018
– Security+: Risk Management Processes And Concepts, Infosec. Institute, 27 June, 2018
– Mechanics Behind Ransomware-as-a-Service, Infosec. Institute, 14 June, 2018
– BEC Attacks: How Attorney Impersonation Works, Infosec. Institute, 10 May, 2018
– BEC Attacks: How Email Account Compromise Works, Infosec. Institute, 10 May, 2018
– The Art of Fileless Malware, Infosec. Institute, 07 May, 2018
– How Business Email Compromise Attacks Work: A Detailed Case Study, Infosec. Institute, 09 April, 2018
– Hashcat Tutorial for Beginners, Infosec. Institute, 09 April, 2018
– Malicious Crypto-miner in Wireless Networks, Infosec. Institute, 23 March, 2018
– New Era of Crypto-jacking, Infosec. Institute, 6 March, 2018
– More Free/Open Source Forensics Tools, Infosec. Institute, 27 February, 2018
– RGPD – O Antes e o Depois, Revista PROGRAMAR, edição 59, 21 fevereiro 2018
– Vulnerabilidades Web em 2017, Revista PROGRAMAR, edição 59, 21 fevereiro 2018
– Incident Response and Forensics, Infosec. Institute, 30 January, 2018

2017
– Identidade Digital e a Blockchain, 20 dezembro 2017
– Segurança em Aplicações Android, Revista PROGRAMAR, edição 58, 27 novembro 2017
– Blockchain and Merkle Tree, Revista PROGRAMAR, edição 58, 27 novembro 2017
– Revolução da Blockchain – A Tecnologia do Futuro, Revista PROGRAMAR, edição 58, 27 novembro 2017
– Pseudorandom Number Generators, Revista PROGRAMAR, edição 57, 07 outubro 2017
– A Revolução pós-Internet? Blockchain, 06 de setembro de 2017
– A Revolução da Blockchain – A Tecnologia do Futuro, 17 de julho 2017
– Artigo no jornal online Observador sobre “black hat” e “white hat” hackers em Portugal., 20-06-2017
– A Anatomia de um IDS Moderno, 01-03-2017

Artigos em Conferências Científicas / Conference Papers

Ricardo X. P. Santos, Diogo A. B. Fernandes, Pedro Tavares, Mário M. Freire, and Pedro R. M. Inácio, PassCrackGUI — A Graphical User Interface for Password Cracking Tools, in Proceedings of the 10th Conference on Telecommunications (ConfTele2015), Aveiro, Portugal, September 17-18, 2015, pp. 0-4.

Ricardo X. P. Santos, Diogo A. B. Fernandes, Pedro Tavares, Mário M. Freire, and Pedro R. M. Inácio, Analysis of Password Habits and Leaked Databases, in Atas do 7º Simpósio de Informática (INForum 2015), Covilhã, Portugal, September 7-8, 2015, pp. 0-11.

– Speaker – Strategies to develop FUD malware – III Jornadas de InfoWeb — UBI, March 21th, 2019
– Formador – Regulamento Geral de Proteção de Dados e Segurança da Informação – Associação Empresarial do Sabugal (ADES), 20 de outubro de 2018.
– Formador – Regulamento Geral de Proteção de Dados e Segurança da Informação – Associação Empresarial do Sabugal (ADES), 26 de julho de 2018.
– Formador –  Regulamento Geral de Proteção de Dados e Segurança da Informação – Biblioteca Municipal de Gouveia (powered by Int3Gr4r), 24 de julho de 2018.
– Formador – Workshop Regulamento Geral de Proteção de Dados, Universidade da Beira Interior (powered by CFIUTE), 24 de maio de 2018. (ver vídeo aqui).
– Orador – A Nova Era do Crypto-jacking, Jornadas de Cibersegurança – UBI, 21 de março de 2018.