Pepe BerbaPhilippines: Can we trust our elections?Some of my friends have approached me and asked if it’s possible for someone to cheat in the recent 2022 Philippine elections. Here is my…15 min read·May 12, 2022----
Pepe BerbaSynack 2021 Open Invitational CTF Crypto WriteupCrypto challenges write up for the Synack 2021 Red Team Five Open Invitational CTF.10 min read·Nov 13, 2021--1--1
Pepe BerbaDEFCON 29 Red Team Village CTF Writeup: Supply Chain AttackWriteup of the supply chain attack portion of the Red Team Village Finals CTF of DEFCON 2910 min read·Aug 13, 2021--1--1
Pepe BerbaPOC Exploit from a CVE: Apache Airflow 1.10.10. RCEA quick overview how to write an poc exploit from a CVE in Apache Airflow 1.10.103 min read·Jun 6, 2021--1--1
Pepe BerbaDEFCON 28 OpenSOC Blue Team CTF: Lessons and TipsReview of the DEFCON 28 OpenSOC Blue Team CTF Finals and some tips and lessons for future participants and beginners13 min read·Aug 11, 2020----
Pepe BerbainTowards Data ScienceA gentle introduction to HDBSCAN and density-based clusteringExplaining HDBSCAN in ~5 minutes6 min read·Jul 8, 2020--4--4
Pepe BerbaU2F with Duo Web Phishable by defaultA scenario when U2F/WebAuthn does not protect you against phishing attacks (until hostname whitelisting is enabled)3 min read·Jun 12, 2020----
Pepe BerbaHow LastPass decrypts your vaultThis is a medium-sized extract from a longer blog post of mine concentrating on the crypto used by LastPass. Notes here are from [1], [2]…5 min read·May 30, 2020--3--3
Pepe BerbaBypassing LastPass’s “Advanced” YubiKey MFA: A MITM Phishing Attack(Un)fortunately, this is NOT a MITM attack on U2F. LastPass doesn’t support U2F so this is disappointingly simple. It uses Yubico OTP…12 min read·May 29, 2020----
Pepe BerbainTowards Data ScienceData Analysis for Cyber Security 101: Detecting Lateral MovementUse network flow logs to create alerts to detect lateral movement25 min read·Apr 26, 2020--1--1