Pepe Berba. I blog about stats, security, and crypto.
I'm in Threat Detection and Hunting at Canva
Ex-Machine Learning Researcher at Thinking Machines and previously a SOC Engineer at Redrock IT Security.
Recent Posts
-
Script Confusion: Playing with AppleScripts hidden in Named Forks
Exploring how we can use a legacy feature of AppleScript to hide payloads in other AppleScripts, images, and files.
-
MacOS Infection Vector: Using AppleScripts to bypass Gatekeeper
A look at how threat actors are abusing AppleScript .scpt files to deliver macOS malware, from fake documents to browser update lures, and how these scripts can still run despite Gatekeeper protections.
-
Acquiring Malicious Browser Extension Samples on a Shoestring Budget
Cracking the simple encryption scheme used by Genesis Market to hunt for malicious browser extensions
Archive
Here are all the blog posts I've written so far.- 2025/11/15 » Script Confusion: Playing with AppleScripts hidden in Named Forks (security)
- 2025/11/11 » MacOS Infection Vector: Using AppleScripts to bypass Gatekeeper (security)
- 2024/09/14 » Acquiring Malicious Browser Extension Samples on a Shoestring Budget (crypto)
- 2022/02/07 » Hunting for Persistence in Linux (Part 5): Systemd Generators (security)
- 2022/02/06 » Hunting for Persistence in Linux (Part 4): Initialization Scripts and Shell Configuration (security)
- 2022/01/30 » Hunting for Persistence in Linux (Part 3): Systemd, Timers, and Cron (security)
- 2021/11/23 » Hunting for Persistence in Linux (Part 2): Account Creation and Manipulation (security)
- 2021/11/22 » Hunting for Persistence in Linux (Part 1): Auditd, Sysmon, Osquery (and Webshells) (security)
- 2021/11/08 » Synack 2021 Open Invitational CTF Crypto Writeup (crypto)
- 2021/08/10 » DEFCON 29 Red Team Village CTF Writeup: Supply Chain Attack (security)
- 2021/06/05 » POC Exploit from a CVE: Apache Airflow 1.10.10 RCE (security)
- 2020/08/11 » DEFCON 28 OpenSOC Blue Team CTF: Lessons and Tips (security)
- 2020/07/08 » A gentle introduction to HDBSCAN and density-based clustering (stats)
- 2020/06/12 » U2F with Duo Web Phishable by default (security)
- 2020/05/28 » Bypassing LastPass’s “Advanced” YubiKey MFA: A MITM Phishing Attack (security)
- 2020/04/26 » Data Analysis for Cyber Security 101: Detecting Lateral Movement (security)
- 2020/01/17 » Understanding HDBSCAN and Density-Based Clustering (stats)
- 2019/11/04 » Time Complexity for Data Scientists (stats)
- 2019/10/08 » Data Analysis for Cyber Security 101: Detecting Data Exfiltration (security)