tavares.re/blog | X | LinkedIn | [email protected]
Threat Researcher with Computer Science background, tracking malware botnets through open-source intelligence, malware analysis and reverse engineering. Always looking for new challenges and ready to help the team.
Professional Experience
Senior Threat Researcher
Feb. 2022 — Present
Bitsight — Cyber Security Risk Management, Lisbon, Portugal (Remote)
- Conducted in-depth research on various diverse malware families, such as PrivateLoader, AgentTesla and Tofsee, including reverse engineering, botnet trackers development to monitor its network infrastructure and campaigns, and writing of detection signatures.
- Big data mining on various vast datasets with Apache Spark on Amazon EMR.
Threat Researcher
Jan. 2020 — Jan. 2022
Bitsight — Cyber Security Risk Management, Lisbon, Portugal (Remote)
- Conducted research on various malware families, such as FluBot, IcedID and Trickbot, including reverse engineering, botnet trackers development to monitor its network infrastructure and campaigns, and writing of detection signatures.
- Automated domain hunting and classification using Python, including domain clustering.
Junior Threat Researcher
Jan. 2018 — Dec. 2019
Bitsight — Cyber Security Risk Management, Lisbon, Portugal
- Identified and classified botnet command and control domain names through open-source intelligence and malware analysis.
- Writing of network detection signatures.
Research Highlights
- Hunting PrivateLoader: The malware behind InstallsKey PPI service (Bitsight, Feb. 2024)
- Data Insights on AgentTesla and OriginLogger Victims (Bitsight, Jan. 2024)
- Tofsee Botnet: Proxying and Mining (Bitsight, Mar. 2023)
- Unpacking Colibri Loader: A Russian APT linked Campaign (Bitsight, Nov. 2022)
- FluBot Persists: Infecting Europe and Australia (Bitsight, Feb. 2022)
- Backdoors Pre-Installed on Cheap Android Devices (Bitsight, Apr. 2020)
- Fraudulent Ads SDK Installed On 15 Million Android Devices (Bitsight, Mar. 2019)
- OSINT contributions on abuse.ch: ThreatFox, MalwareBaazar, YARAify and URLHaus
Education
B.Sc. + M.Sc. in Computer Science and Engineering
Sep. 2012 - Nov. 2017
Instituto Superior Técnico – Universidade de Lisboa, Lisbon, Portugal
- Specializations: Cyber Security & Software Engineering (Erasmus @ Universiteit van Amsterdam)
Skills
- Languages: Portuguese | English | Spanish
- Computer Languages: Python | C++ | ASM | PySpark | SQL | Java | JavaScript | Bash
- Tools: Ghidra | x64dbg | IDA | JADX | YARA | Docker | Apache Spark | Suricata | Wireshark | Git | VS Code | OpenSearch
- Personal: Curiosity | Perseverance | Dedication | Teamwork | Problem-solving | Adaptability
Training Highlights
- Advanced Malware Reverse Engineering with Ghidra — Kaspersky (Igor Kuznetsov and Georgy Kucherin)
- Targeted Malware Reverse Engineering — Kaspersky (Ivan Kwiatkowski and Denis Legezo)
- Zero 2 Automated: The Advanced Malware Analysis Course — Daniel Bunce and Vitali Kremez
- Machine Learning with Python: Foundations — LinkedIn Learning
- Attendance to Botconf 2018-2023 — The Botnet and Malware Ecosystems Fighting Conference
- Attendance to Underground Economy Conference 2023
Interests & Hobbies
InfoSec | FOSS | Non-Fiction Books | Calisthenics | Travelling | Outdoors | Playing Guitar 🤘 | Casual Gaming | Sustainability | Volunteering