Pepe Berba. I blog about stats, security, and crypto.
I'm currently a Machine Learning Researcher at Thinking Machines while taking up my masters degree in data science.
Previously, I was part of the founding SOC team in a security startup in the Philippines. We built a lot of things from scratch end-to-end.
Explaining HDBSCAN in ~5-minutes. A beginner friendly to primer to the core ideas of density based clustering
Without changes to evilginx, we can bypass U2F on Duo with default configurations. This is an analysis of how implementation and configuration of U2F can lead to a scenario where U2F/WebAuthn does not protect you against phishing attacks (until hostname whitelisting is enabled)
How to deploy a phishing attack on LastPass users, even when they are protected with Yubikey physical keys. This is to appreciate what is U2F and why it is important. I will also give an overview of how LastPass encrypts and handles your vault