Pepe BerbaPhilippines: Can we trust our elections?Some of my friends have approached me and asked if it’s possible for someone to cheat in the recent 2022 Philippine elections. Here is my…May 12, 2022May 12, 2022
Pepe BerbaSynack 2021 Open Invitational CTF Crypto WriteupCrypto challenges write up for the Synack 2021 Red Team Five Open Invitational CTF.Nov 13, 20211Nov 13, 20211
Pepe BerbaDEFCON 29 Red Team Village CTF Writeup: Supply Chain AttackWriteup of the supply chain attack portion of the Red Team Village Finals CTF of DEFCON 29Aug 13, 20211Aug 13, 20211
Pepe BerbaPOC Exploit from a CVE: Apache Airflow 1.10.10. RCEA quick overview how to write an poc exploit from a CVE in Apache Airflow 1.10.10Jun 6, 20211Jun 6, 20211
Pepe BerbaDEFCON 28 OpenSOC Blue Team CTF: Lessons and TipsReview of the DEFCON 28 OpenSOC Blue Team CTF Finals and some tips and lessons for future participants and beginnersAug 11, 2020Aug 11, 2020
Pepe BerbainTowards Data ScienceA gentle introduction to HDBSCAN and density-based clusteringExplaining HDBSCAN in ~5 minutesJul 8, 20204Jul 8, 20204
Pepe BerbaU2F with Duo Web Phishable by defaultA scenario when U2F/WebAuthn does not protect you against phishing attacks (until hostname whitelisting is enabled)Jun 12, 2020Jun 12, 2020
Pepe BerbaHow LastPass decrypts your vaultThis is a medium-sized extract from a longer blog post of mine concentrating on the crypto used by LastPass. Notes here are from [1], [2]…May 30, 20203May 30, 20203
Pepe BerbaBypassing LastPass’s “Advanced” YubiKey MFA: A MITM Phishing Attack(Un)fortunately, this is NOT a MITM attack on U2F. LastPass doesn’t support U2F so this is disappointingly simple. It uses Yubico OTP…May 29, 2020May 29, 2020
Pepe BerbainTowards Data ScienceData Analysis for Cyber Security 101: Detecting Lateral MovementUse network flow logs to create alerts to detect lateral movementApr 26, 20201Apr 26, 20201