Feb 2023 – Apr 2024 · 1 yr 2 mos · Brasil · Remote

• Situation & Task
• Grupo Boticário, a large retail enterprise, needed stronger cyber threat detection capabilities while migrating from legacy SIEM (QRadar) to SentinelOne XDR. The challenge was ensuring coverage continuity, reducing noise, and defending against ransomware campaigns targeting the retail sector.
• Action
• Designed and led an intel-driven detection program: CTI strategy, YARA/Sigma rule engineering, and Python automation to transform research into durable detections.
• Built an automated Sigma → QRadar ingestion pipeline with normalization, ATT&CK/actor tagging, staged rollouts, and rollback guardrails.
• Developed adversary emulation automation (Atomic Red Team + custom benign artifacts) to validate detections end-to-end and surface drift early.
• Conducted reverse engineering of ransomware families (e.g., Akira), analyzing cryptographic implementations and mapping TTPs into Sigma/YARA + emulation artifacts.
• Participate in the migration from QRadar → SentinelOne XDR: re-implemented detectors, parsers, hunts, and dashboards to accelerate analyst triage.
• Partnered with Vulnerability Management (Qualys) to correlate CVEs with ransomware behaviors and prioritize remediation.
• Result
• ✅ Achieved 64% reduction in mapped attack surface by linking exposure to ransomware behaviors(TTPs/CVEs/Emulations).
• ✅ Preserved full detection coverage during the SIEM → XDR migration.
• ✅ Delivered higher-fidelity alerts with reduced noise, improved time-to-signal, and standardized coverage reports for leadership.

Jan 2023 – Present · 3 yrs 2 mos · Ханчжоу · Remote

• The famous company of one man hahahahaha
• iam the founder and CEO of ReverseLabs, where I currently work in different challenges:
• I operate in Research and Development across proprietary software, working with companies from Australia, Europe, the United States, and China. My contracts focus on understanding how proprietary systems work at a deep level, from intellectual property mechanisms and custom protocols to cryptographic flows and hardened security layers, primarily within mobile/firmware and Android/Linux ecosystems. This work feeds into two core areas:
• ▸ Reverse Engineering
• Deep analysis of mobile applications, native protections, custom virtual machines, obfuscation layers, and anti tampering mechanisms. I reverse engineer protected binaries to extract logic, understand cryptographic implementations, analyze proprietary protocols, and assist companies in improving their security posture. My daily work involves bridging Java and native layers (ART, JNI, native libraries, kernel interactions) using IDA, Frida, Unidbg, Angr, LLVM, Unicorn, QEMU, and custom tooling.
• ▸ Software Engineering
• I design and build internal frameworks, backend systems, and automation tooling in Rust, C++, Python, Java, and JavaScript. This includes distributed service architectures for large scale binary processing, async pipelines built on Tokio, and internal APIs using gRPC and Protocol Buffers. Frameworks handle automated deobfuscation of control flow flattening, mixed boolean arithmetic, and virtualization based protections, running across multiple workers with job scheduling, result aggregation, and persistent storage backed by PostgreSQL and Redis. Development follows TDD practices with structured test suites, integration tests against real infrastructure, and CI/CD pipelines for continuous validation. Code is modular, documented, and built for long term maintainability across projects and client requirements.

Jan 2022 – Jan 2023 · 1 yr

• Situation & Task
• Tempest needed to strengthen its cyber threat intelligence program for the LATAM banking threat landscape, where Windows and Android malware families were evolving rapidly to target regional payment systems and financial institutions. The challenge was to translate complex research into actionable detections and deliver operational intelligence to clients in the financial sector.
• Action
• Developed CTI strategy and authored advanced YARA and Sigma rules for real-time detection.
• Conducted reverse engineering of LATAM malware families for Windows and Android, extracting TTPs, IOCs, and cryptographic implementations.
• Built Python automations to extract IOCs/configs at scale, producing structured outputs for SIEM correlation and analyst triage.
• Operated a honeymail-to-MISP pipeline, capturing multi-stage campaigns and publishing intelligence directly consumable by security teams in the financial sector.
• Created a mobile malware testing platform with Genymotion + Corellium, instrumented with Frida hooks for SSL pinning bypass, dynamic key extraction, and anti-debug/root evasion.
• Result
• ✅ Delivered faster investigations and hunts by automating IOC/TTP extraction.
• ✅ Ensured consistent detection coverage across families, enabling analysts to deploy detections with minimal tuning.
• ✅ Empowered financial-sector organizations in LATAM with operational intelligence, strengthening defenses against evolving malware campaigns.

Feb 2021 – Jan 2022 · 11 mos · Rio de Janeiro, Brasil

• Situation & Task
• Petrobras, a major oil & gas multinational, required stronger malware detection and response capabilities across its enterprise and industrial (OT) environments. The challenge was to support CSIRT operations, accelerate investigations, and build durable detections against advanced threats targeting Windows, Android, and IoT systems.
• Action
• Developed Python automations to streamline threat analysis, enrich alerts, and generate data-driven insights for defenders.
• Conducted malicious file analysis and reverse engineering across Windows, Android, and IoT malware families, mapping behaviors into actionable detection rules.
• Performed targeted threat hunting in enterprise and industrial environments, correlating telemetry with threat intelligence to identify ongoing compromises.
• Created and maintained a knowledge base to support SOC/CSIRT workflows, ensuring lessons learned were codified into new detection content and playbooks.
• Partnered with the SOC to triage and respond to malware-related alerts across onshore, offshore, and automation systems.
• Result
• ✅ Delivered faster triage and investigations, reducing analyst workload and improving detection quality.
• ✅ Strengthened Petrobras’ cyber resilience by turning reverse engineering insights into deployable SIEM detections and playbooks.
• ✅ Established a repeatable workflow for CSIRT that improved coverage of both IT and OT threats.

Mar 2019 – Feb 2021 · 1 yr 11 mos · Palmas, Tocantins, Brasil

• In the Armed Forces, I worked in the following areas:
• Incident Response;
• Malware Analysis;
• SOC (Security Operations Center) Development;
• Network Security;
• Development of Playbooks and Runbooks;
• Advanced CSIRT Activities.
• I completed professionalization courses in CyberSecurity, focusing on these areas, delivered both by the institution itself and by CISCO. These courses were designed to train and qualify temporary military personnel for specialized tasks.
• Additionally, during the CISCO Brazil 2020 CyberEducation program, I achieved a top-100 national ranking, competing with both military and civilian participants.

Jan 2017 – Feb 2019 · 2 yrs 1 mo · Palmas, Tocantins

• In the GENESIS Robotic Team, I worked in the following areas:
• Python;
• JavaScript;
• Data Science;
• LLMs;
• Computer Vision;
• C/C++;
• Assembly x86;
• embedded systems;
• Electronics.
• In this team, I contributed specifically to the development of a robotic system designed to navigate areas impacted by natural disasters. I developed software integrated into the robot that utilized advanced computer vision to identify objects, people, pathways, and animals. Additionally, the system incorporated various sensors, including gas, motion, and tactile sensors, among others, to enable the robot to effectively perform its tasks.

Jan 2016 – Feb 2019 · 3 yrs 1 mo · Palmas, Tocantins

• On G-REDES research group, i worked with:
• Python;
• Data Science;
• LLMs;
• Computer Vision;
• C/C++;
• Assembly x86;
• embedded systems;
• Eletronic.
• I have been involved in projects focused on developing advanced image recognition software for autonomous drones, delivering solutions across the agriculture, surveillance, and search and rescue sectors.