Hi, I’m Pepe Berba GMON, CCSK.

I write about stats, security, and cryptography. I’ve been bouncing back and forth between cybersecurity and machine learning for the past few years. In my free-time, I practice penetration testing and forensics, and I’m targetting to get an OSCP in the future.

I’m a hobbyist cryptographer. I’ve had a few units of cryptography and number theory in college and some experience solving crypto challenges in CTFs. Nothing serious.

Background

I’m currently a Cloud Security Engineer and an ex-Machine Learning Researcher at Thinking Machines Data Science, a data science startup in the Philippines. I’m also trying to finish my masters degree in data science from the University of the Philippines, School of Statistics.

Previously, I worked in a Redrock IT Security, a cybersecurity startup based in the Philippines. I was part of the founding team of the SOC and had to wear many hats: deploying SIEMs from scratch using ELK, developing integrations and custom scripts for the operations, configuring rules and alerts for threat detection, and monitoring and analyzing alerts.

Certifications

GMON, CSSK, Google Cloud Professional Cloud Security Engineer, and Elastic Certified Engineer

GMON   CCSK   gcp cloud sec elastic   advisory board

Awards

Summa Cum Laude, University of the Philippines(UP) Diliman, 2016
Graduated top of BS Computer Science 2016 graduating batch and 8th overall in UP batch 2016.

Student Excellence Award for Most Outstanding Graduate of Information Technology, UP College of Engineering, 2016

Education

University of the Philippines, School of Statistics, Masters in Data Science (Ongoing)

University of the Philippines, College of Engineering, BS Computer Science, SCL (2016)


Projects

LastPass evilginx2 Phishlet
A fork of evilginx2 to be able to setup a phishing site for LastPass, bypass 2FA, and decrypt and dump the credentials in the vault. (Blog post)

Pulsedive Python API
A low-level Python client for Pulsedive API, an analyst-centric threat intelligence platform that can provide users with comprehensive community threat intelligence to help identify known threats.

HSB CTF Write-ups

When I’m free, I try to solve crypto challenges in CTFs with the hackstreetboys .

My write-ups are in my ctf-solutions repository, but I will try to migrate some of them in the crypto section.

Competitive Programming

I used to do Competitive Programming back in college. I mainly did problems on data structures and dynamic programming. (UVa Online Judge Profile)

uhunt     project euler