Pepe Berba. I blog about stats, security, and crypto.

I'm currently a Machine Learning Researcher at Thinking Machines while taking up my masters degree in data science.

Previously, I was part of the founding SOC team in a security startup in the Philippines. We built a lot of things from scratch end-to-end.


Recent Posts

  • A gentle introduction to HDBSCAN and density-based clustering

    Explaining HDBSCAN in ~5-minutes. A beginner friendly to primer to the core ideas of density based clustering

  • U2F with Duo Web Phishable by default

    Without changes to evilginx, we can bypass U2F on Duo with default configurations. This is an analysis of how implementation and configuration of U2F can lead to a scenario where U2F/WebAuthn does not protect you against phishing attacks (until hostname whitelisting is enabled)

  • Bypassing LastPass’s “Advanced” YubiKey MFA: A MITM Phishing Attack

    How to deploy a phishing attack on LastPass users, even when they are protected with Yubikey physical keys. This is to appreciate what is U2F and why it is important. I will also give an overview of how LastPass encrypts and handles your vault