tavares.re/blog | X | LinkedIn | [email protected]
Threat Researcher with Computer Science background, tracking malware botnets through open-source intelligence, malware analysis and reverse engineering. Always looking for new challenges, eager to share knowledge and ready to help the team.
Professional Experience
Senior Threat Researcher
Feb. 2022 — Present
Bitsight — Cyber Security Risk Management, Lisbon, Portugal (Remote)
- Conducted in-depth research on various diverse malware families, such as PrivateLoader, AgentTesla and Tofsee, including reverse engineering, botnet trackers/emulators development to monitor its command and control (C2) infrastructure and distribution campaigns, and writing of network/file/memory detection signatures.
- Big data mining and enrichment on various datasets, with Apache Spark on Amazon EMR, aiming to discover compromised systems and credentials.
Threat Researcher
Jan. 2020 — Jan. 2022
Bitsight — Cyber Security Risk Management, Lisbon, Portugal (Remote)
- Conducted research on various malware families, such as FluBot, IcedID and Trickbot, including reverse engineering, botnet trackers/emulators development to monitor its command and control (C2) infrastructure and distribution campaigns, and writing of detection signatures.
- Automated domain hunting and classification using Python, including domain clustering.
Junior Threat Researcher
Jan. 2018 — Dec. 2019
Bitsight — Cyber Security Risk Management, Lisbon, Portugal
- Discovered and classified botnet command and control domain names through open-source intelligence, malware analysis and reverse engineering, using Python for scripting.
- Writing of network detection signatures.
Research Highlights
- Hunting PrivateLoader: The malware behind InstallsKey PPI service (Bitsight, Feb. 2024)
- Data Insights on AgentTesla and OriginLogger Victims (Bitsight, Jan. 2024)
- Tofsee Botnet: Proxying and Mining (Bitsight, Mar. 2023)
- Unpacking Colibri Loader: A Russian APT linked Campaign (Bitsight, Nov. 2022)
- FluBot Persists: Infecting Europe and Australia (Bitsight, Feb. 2022)
- Backdoors Pre-Installed on Cheap Android Devices (Bitsight, Apr. 2020)
- Fraudulent Ads SDK Installed On 15 Million Android Devices (Bitsight, Mar. 2019)
- OSINT contributions on abuse.ch: ThreatFox, MalwareBaazar, YARAify and URLHaus
Education
B.Sc. + M.Sc. in Computer Science and Engineering
Sep. 2012 - Nov. 2017
Instituto Superior Técnico – Universidade de Lisboa, Lisbon, Portugal
- Specializations: Cyber Security & Software Engineering (Erasmus @ Universiteit van Amsterdam)
Skills
- Languages: Portuguese, English, Spanish.
- Computer Languages: Python, C++, ASM, PySpark, SQL, Java, JavaScript, Bash.
- Tools: Ghidra, x64dbg, IDA, JADX, YARA, RegEx, Docker, Suricata, Wireshark, Apache Spark, Git, VS Code, OpenSearch.
- Personal: Curiosity, Perseverance, Dedication, Teamwork, Problem-solving, Adaptability.
Training Highlights
- Advanced Malware Reverse Engineering with Ghidra — Kaspersky (Igor Kuznetsov and Georgy Kucherin)
- Targeted Malware Reverse Engineering — Kaspersky (Ivan Kwiatkowski and Denis Legezo)
- Zero 2 Automated: The Advanced Malware Analysis Course — Daniel Bunce and Vitali Kremez
- Machine Learning with Python: Foundations — LinkedIn Learning
- Attendance to Botconf 2018-2024 — The Botnet and Malware Ecosystems Fighting Conference
- Attendance to Underground Economy Conference 2023
Interests & Hobbies
InfoSec, FOSS, Non-Fiction Books, Calisthenics, Travelling, Outdoors, Playing Guitar 🤘, Casual Gaming, Sustainability, Volunteering.