Security
Posts tagged with Security.
04 Jan 2026
Este post descreve a evolução do HADES na detecção de URLs fraudulentas sem depender de serviços pagos.
O foco foi fortalecer a detecção com código próprio, heurísticas locais (PT/BR) e fontes públicas abertas, mantendo controle total do pipeline.
Nota: o CNPJ presente nos exemplos foi alterado para 11917932300169.
O objetivo é ilustrar o caso, não expor pessoas físicas ou jurídicas reais.
1) Problema inicial: heurística simples falha com golpes locais O HADES usava regras simples: palavras suspeitas em inglês (login/verify), HTTP sem TLS, IP na URL, subdomínios excessivos e domínio recém-registrado.
04 Jan 2026
This post describes how HADES evolved to detect fraudulent URLs without relying on paid services.
The focus was to strengthen detection with in-house code, local heuristics (PT/BR), and open public sources, while keeping full control of the pipeline.
Note: the CNPJ used in the examples was changed to 11917932300169.
The goal is to illustrate the case, not to expose real individuals or companies.
Note #2: CNPJ is the Brazilian business tax ID, similar to the EIN in the U.
07 Dec 2025
Recently, I was lucky enough to pick up an amazing Dell laptop during a company clearance sale. Being able to split the payments and get it for a ridiculously good price was the icing on the cake. It’s not some overhyped, flashy machine full of unnecessary specs - but putting my hands on a device that turns into a powerful tool with a bit of care and intention brought me genuine joy.
23 Nov 2025
Update on the GPG Signing of My Website I don’t remember exactly when I started, but for at least two years I’ve been signing the HTML pages on my website with GPG. I do this as a way to practice sovereignty, authenticity, and to promote tools that help protect privacy.
At first, I kept the GPG signature embedded directly in the HTML content, for example:
<!-- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - --> <!
16 Aug 2025
People talk about security like it’s a product you install or a checkbox you tick off before launch. But that mindset is exactly why so many systems fail. Security isn’t a module. It’s not a team. It’s not something you slap on later. It’s a consequence — of how you think when you build.
Most software is a prototype that accidentally went live. Security gets added later. If it gets added at all.
14 Jul 2025
Ever worried someone might peek at your MacBook when you’re not around?
Last Friday, I built a simple, effective, and open-source solution to deal with that — and I called it Say Cheese.
Here’s the idea: if someone opens your Mac’s lid without authenticating via Touch ID, a photo is instantly taken and sent to your iPhone through iMessage. You get a live snapshot of the intruder — no fuss.
28 Jun 2025
FraudTalon just took another important step. I’m only able to work on FraudTalon a few hours per week, but I’m committed to making steady progress and sharing weekly updates.0
Starting today, you can upload .eml files directly through the interface, and the system will run a complete analysis using a combination of email security heuristics and artificial intelligence.
The pipeline now works like this:
Automatic .eml parsing with extraction of headers, sender, recipient, subject, and body Heuristic evaluation with signals such as: Mismatch between From, Reply-To, and Return-Path Authentication failures (DKIM, SPF, DMARC) Relaying through unknown servers AI analysis (via OpenAI) that takes into account the full textual content Final score with a breakdown of suspicious indicators This update makes FraudTalon a much more powerful tool for analyzing suspicious emails like phishing, Pix scams, or fake investment offers.
20 Jun 2025
After getting so many messages from my parents, wife, sister, and friends asking if emails or ads they saw on social media were legit, I decided to build a tool to help identify fraud, scams, and phishing attempts.
That’s how FraudTalon was born.
It’s currently in MVP version 0.0.1 — basic functionality, simple heuristics (I started with NLP but dropped it — not needed for now), and a single cloud-based LLM.
14 Jun 2025
Building My Own Sovereign RAG for Secure Code Analysis Lately, I’ve been taking a closer look at some code analysis tools that claim to detect security vulnerabilities in software projects. The idea itself is solid. I got one of these tools recommended to me and decided to dig deeper to see what’s really behind these solutions.
Pretty quickly I noticed a pattern: these platforms are far from cheap. Some offer limited free plans, but we all know how this game works.
20 May 2025
Ran my site through MDN’s security scanner and kept tweaking until I hit 120/100 (A+).
Checked the scan history and the very first one, back in 2018, scored 20/100 (F).
Always improving.
10 May 2025
An open-source project called Deep-Live-Cam is gaining traction on GitHub — and for good reason.
With just a single still image, it can mimic anyone’s face in a live video call. In real-time. Running locally. No cloud required.
The implication is clear: you can no longer trust a video call at face value.
So here’s the question: how do we verify identity in a world where faces can be forged on demand?
27 Apr 2025
Why You Should Start Using GPG Now If you’re not using GPG to sign or encrypt your files and messages yet, it’s time to reconsider. It’s not just about looking like a 90s movie hacker — it’s about protecting your communication and digital identity in an increasingly hostile world.
🔐 What is GPG? GPG (GNU Privacy Guard) is a free implementation of the OpenPGP standard. It allows you to create cryptographic key pairs to digitally sign files and messages, as well as encrypt them to ensure confidentiality.
13 Oct 2024
Yesterday, I published a blog post introducing my new open-source project, ShadowData.
This post is just to inform anyone interested that I have made some updates today.
New Features Added to the Project:
Email address anonymization Phone number anonymization Symmetric cryptography for encryption and decryption Minor improvements to tests and code quality You can look the code at the Github repository.
See you.
12 Oct 2024
I am deeply concerned about how to handle sensitive data in the projects I work on. Nowadays, there are laws in various countries addressing this issue, and the topic becomes increasingly important as time goes on.
Therefore, I decided to create a Python library that can help me deal with scenarios where it is necessary to process data to prevent any individual from being identified if the information is accessed. The library also handles data transformations, encryption, and the detection of sensitive personal data.
05 Jun 2024
Setting up sudo for use with Touch ID on macOS Sonoma in just a few steps is very easy.
Locate the file /etc/pam.d/sudo_local.template and make a copy as shown in the example below:
sudo cp /etc/pam.d/sudo_local.template /etc/pam.d/sudo_local Then edit the file and remove the # character from the beginning of line 3, it should look like this:
# sudo_local: local config file which survives system update and is included for sudo # uncomment following line to enable Touch ID for sudo auth sufficient pam_tid.