Paulo Henrique Pereira is a CyberSec Professional and Digits3c Founder working on malware analysis. Digits3c is his small intel company that works with models for malware analysis. In his free time, he likes to work with Python programming for Volatility plugins. And, eventually, he goes to practice fly-fishing…
Could you briefly describe how and when you became interested in cybersecurity/forensics analysis?
I became interested in cybersecurity and forensics issues when I was a student and working as a trainee at the Department of Mathematics, Statistics, and Computer Science. I was developing an Access Database for storing the teachers' exam questions. My computer was Windows 95 and had a problem loading modules and the system was inaccessible. So, my question at that moment: What is going on here? What crashed my system? Where is my database?
What aspect of your work currently thrills you the most?
Discovering an artifact's behavior and finding the strategies for blocking the enemies.
From where do you learn the latest news about the digital forensics sector?
I follow several channels: Palo Alto Unit 42, Microsoft Learn (especially the Debug videos from old Channel 9), Malware Traffic Analysis, RSA News, SANS Posts.
You are a consultant at work, too. Where do you start when a particular organization hires you?
I always start with the human factor and go to network breach analysis.
Can you tell us about an example of a security issue you have resolved at work?
An example occurred in 2022 when a customer was attacked. The firewall rules were applied just to the surface of the company services, and privileged accounts were unprotected in their domain. Unfortunately, this is a common issue.
What do you believe to be the greatest current business threats, and what flaws in IT security measures are most frequent?
In my opinion, ransomware is the greatest threat. Attacker groups are increasing, and the alliance with access brokers creates a shortcut to prepare an attack.
On the other hand, the CVEs that open the doors to an attacker exploiting high-profile vulnerabilities expose the flaws: unpatched systems damage human behavior in the company network and uncritical clicking behavior are the flaws.
Tell us about the courses you are teaching right now.
I'm preparing a new course about Memory Forensics: a ransomware memory forensics investigation course. This course has a challenge: memory samples in which the process created by the ransomware behavior are listed and samples are a bit more complex: ransomware is present in the system but without a listed process.
Please tell our readers and us about the course you will be teaching soon.
This will be Exin CISEF (Cyber & IT Security Foundation) training (hosted by HSI and IDESP Cyber Security Educational Institutes) that will take place in April, addressing the following Exin Official Program Exam subjects:
1. Tcp/Ip Networking
1.1 Nodes, Node Connections & TCP/IP Addressing
1.2 OSI Model, TCP/IP Model, Protocols
2. Computer Systems
2.1 Computer Architecture, Operating Systems
2.2 Computer System Vulnerabilities
2.3 Computer System Security Measures
3. Applications & Databases
3.1 Application Development
3.2 Databases
3.3 Security Issues & Countermeasures
4. Cryptography
4.1 Encryption Methodologies & Standards
4.2 Digital Signatures, Hashing
4.3 Public Key Infrastructure (Pki)
4.4 SSL/TLS, Ipsec
5. Identity & Access Management
5.1 Identification, Authentication, Biometrics, Single Sign-On (SSO), Password Management
5.2 Authorization
6. Cloud Computing
6.1 Characteristics & Deployment Models
6.2 Risks
7. Exploiting Vulnerabilities
7.1 Attack Categories & Threat Types
7.2 Actors & Tools
This training is for IT and Information Security professionals who wish to obtain an Exin Cisef certification.
Certificates, what about them? What kind of certification do you think security experts ought to have?
Certifications are extremely important. But, the most essential is the everyday learning experience associated with certification content. For example, I recently finished a quick survey with certified professionals. In this survey, a question was “What is the C++ call for Windows global variables and heap process used by the most common malware?” This is an everyday problem because malware attacks occur anytime, anywhere. But, in all answer forms, this answer was empty. The choice of certification may depend on what position you are hoping to attain. But, in my opinion, an Incident Responder should try to get the CISSP (a complete certification). In a Red Team, OSCP or Palo Alto Network are two of the best certifications.
What would you suggest as the best book for a beginner learning about malware analysis, and why?
I recommend Michael Sicorski's book: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. This book is excellent for beginners and has very well-explained chapters.
If you had to suggest a cybersecurity expert for people to follow, say on Twitter. Who is that, exactly?
I follow Bradley Duncan (Palo Alto Network Unit 42 and Malware Traffic Analysis): http://twitter.com/malware_traffic @malware_traffic.
Thank you
Author
Latest Articles
- OfficialJune 6, 2024Dark Web File Sharing: Basic Forensics Using CSI Linux
- OfficialOctober 24, 2023The LockBit 3 Black Forensics Analysis Part II
- OfficialOctober 24, 2023The Lockbit 3 Black Forensics Analysis (Part III)
- OfficialOctober 17, 2023Reflections on Artificial Intelligence and Digital Forensics