Educator and cybersecurity specialist with 10+ years of experience, Jézer Ferreira weighs in on the security state of Latin America, OSINT methods, and others in an ANY.RUN interview.
This column has become a real treat for us, as it gives us an opportunity to meet amazing cybersecurity people.
And today’s guest gave us more than we wished for: honesty, experience, and valuable advice. So, let us introduce a new expert for our Q&A.
Industry expert Jézer Ferreira has launched a new course to provide advice and guidance to develop cybersecurity skills. Jézer – who just received the Medal of Merit of the Holy Guardian Angels, founded OSINTOMÁTICO Conference, a security conference, and is a Cyber Intelligence coordinator at Cyber Hunter Academy — brings an in-depth perspective to the LATAM and Spain cybersecurity state, and OSINT solutions.
OSINT in cybersecurity
Of course, we should discuss OSINT with the OSINTOMÁTICO Conference co-founder himself.
Jézer, you have 10+ years of experience in Pentest, Forensics, and OSINT. What is OSINT, and how to use it in cybersecurity?
Jézer Ferreira: That’s right, I started my professional career 10 years ago, and a lot has happened since then. OSINT is closely related to Pentest and Forensics as well. OSINT is the acronym for Open Source Intelligence, it refers to all knowledge that can be acquired from public sources, a process that includes search, selection, acquisition for further processing, and intelligence generation.
In a pentest way is used to perform or process of recognition of assets, what is exposed of this asset on the Internet, in many sources, from forums, social networks, blogs, wikis, etc.
Often it is used to validate information, investigate fake news, investigate cybercrimes, analyze movements and war crimes. Well, you can see that it is something very broad, right?
It sounds like a detective TV show right now. Total PI mode.
In these 10 years, I think I have applied OSINT in almost all these cases, but I think that what fills my life the most, is to be able to apply the knowledge of OSINT to search for missing persons… There are many stories.
What makes OSINT methodologies vital for penetration testing?
Jézer Ferreira: OSINT is applied 100% in the Information gathering (is the first phase of penetration testing in which we collect publicly available information or internal information about the target while performing active and passive reconnaissance which we can use in our further testing phases).
Talking about practical cases, I remember a website we were testing and when we found a user login we thought about performing some brute force activities, but when we reviewed the material previously collected with OSINT, there were users and passwords exposed in recent leaks.
In short: We already obtain the users and their credentials without further effort.
OSINTOMÁTICO is an interesting name for the conference. How did come up with the idea to create it?
Jézer Ferreira: Isn’t it? It’s a very creative name! Well, I must confess that the name credits are not entirely mine.
I had seen in a meme that matched the word Osintomatic (in the middle of the worst pandemic we were going through) and I liked it, the first thing I did was to register the domain and think: later I will do something with that. And it came up.
In 2021 I was talking with a great friend of mine, and now partner, Roberto Gonzalez, the best forensic expert I have ever met, Argentinean and a Boca Juniors fanatic (nobody is perfect, right?). And he was one of the only ones who jumped on the bandwagon with me from the very beginning.
We gathered more than 500 analysts, students, private detectives, police officers from several countries, and speakers from 7 different countries, it was surreal!
We held a CTF (capture the flag), a typical game in the hacker world, but focused on searching for missing persons around the world in collaboration with a project created by TraceLabs, a Canadian NGO led by great Robert Sell, who was present at the event and led the judges in this CTF.
This CTF was held in person for the first time in Europe!
Even with limited knowledge of English, both, mine and Roberto Gonzalez’s, we went after leading companies in the cyber world, thus our beautiful relationship with ANY.RUN was born. Really, you were very kind to us. Do you know how much it cost us to talk, promote and organize an event that had never been done? We will never forget it. (tears of emotion come into my eyes).
Spoiler Alert: the award-winning guest
How did you connect with the National Police and the Civil Guard in Spain? Could you describe this collaboration?
Jézer Ferreira: Well, my relationship with the Police started when I was in jail in 2014.
I’m just kidding!!! My wife always scolds me for making this joke because there are real people who believed it after repeating it so much 😉
We must admit, you totally got us here.
Jézer Ferreira: In means to several conferences that I have participated, there were always some attendees who approached me, introduced themselves, and asked me technical questions and they always came up with an invitation for a coffee or lunch to talk about techniques and methodologies, but, and this is very important: without ever exposing the cases in which they were working and often stuck with.
One day I offered to give free training to their teams, and soon I was already with training scheduled for the whole year, traveling around Spain and other many countries where they required me.
Just in 2022, I was in the Canary Islands (Spanish archipelago on the coast of Africa), Peru, Bolivia, and Brazil giving training and I started to receive invitations to participate in some cases as a “consultant”. Some of these cases could not be successfully closed yet, but mostly could!
And I am very proud to have helped to imprison pedophiles, terrorists, cybercriminals, kidnappers… in several countries. I have been able to train police officers in Spain, Mexico, the USA, Guatemala, Honduras, Peru, Bolivia, Ecuador, Argentina, and Brazil.
Now you transported us to a superhero movie.
Your work with law enforcement agencies hasn’t been left unrecognized, right?
Jézer Ferreira: The past September I received a message, “we have nominated you for the Medal of Merit of the Holy Guardian Angels but it is the board who decides whether you are awarded or not”, and for me, it was already a victory as I knew well the weight of the medal and what it means to members of the security forces.
To give you an idea, it is usually awarded to the 100 best police officers of the year among more than 150,000 colleagues in service!!!! So, I was not too excited, since a Civilian is rarely recognized, even more so in the Cyber world.
But the best was yet to come, at the beginning of October 2022 I received the notification: “The board of directors approved it unanimously”. I had the honor of receiving it from the hands of the Duke of Seville, His Excellency Don Francisco de Borbón y Escasany, Grand Duke of Spain and Doña Sofía de Borbón y Mateos of the Spanish Royal Family.
That sounds incredible to have a cybersecurity expert get this award. Well-deserved! Congratulations on receiving the Medal of Merit of the Holy Guardian Angels!
Are there any projects that you are working on together with the National Police and the Civil Guard in Spain now?
Jézer Ferreira: I continue working, supporting, and with future developments for 2023, but the most important thing is to continue forming these teams since the bad ones are always very well trained.
In 2020 Latin America recorded the world’s highest cyber-attack rates.
What is your perspective on why LATAM countries receive the highest volume of attacks?
Jézer Ferreira: LATAM is currently one of the main targets of attackers worldwide, both, internal and external attacks. In my opinion, here are the principal reasons:
Developing countries such as Argentina, Brazil, and Chile are going through the digitization of files in public agencies forced by the need to have “everything in the cloud” to provide the population with faster and more streamlined access and processes.
This makes it easier for cyber-attackers to have access to information in a centralized way, what used to be on paper.
To take as an example, Brazil suffered irreversible data breaches, making the personal information of all Brazilians available to cyber-attackers: registration data, address, work, identity number, vehicles, debts, and social benefits.
If we add that banks are also driving their users more and more to the Internet, so that all transactions are online, this means that:
- banking systems are very secure (I wish governments would take you as a reference)
- users are more easily fooled by social engineering techniques and malware attacks
- a good part of these users are older and are now having contact with online banking and are less aware of it, as civil people usually do not receive cyber-security training
TCS opens the Threat Management Center in Mexico, IBM invests in Columbia, and Brazil rises in international cybersecurity ranking. Is Latin America a future trendsetter in cybersecurity?
Jézer Ferreira: There is no doubt that, first of all, LATAM is the target of the main attacks at a global level, and second of all, it becomes the focus of attention of the main European and North American cybersecurity companies. Companies are also victims of these attacks and also need to defend themselves.
In Brazil, for example, offices are migrating there to offer services to other countries and continents, since the cost is lower in relation to hard currencies such as the euro and the dollar.
The impulse of the “work from home” policy extended in the pandemic helps companies to hire technical profiles at lower costs in Brazil. However, it brings companies the need to take out of their doors the security of communication of an employee who will be connected from home to the company’s central network.
Get started in the cyber world
You are a professor, instructor, consultor, and trainer – what inspired you to become a teacher?
Jézer Ferreira: Oh, I didn’t expect this question:
Without a doubt, it was my mother. I grew up in a family without a father, and my mother was responsible for moving the whole house forward and, on the other hand, forcing me and my sisters to study, since she did not have this opportunity.
So, she didn’t accept that we came home with low grades and complaints from the school. Right after that, without having an in-depth knowledge of the subjects, she had the patience to first understand what we had to do and then explain it to us.
Over time and because I was her older son, this responsibility fell on me: Helping my sisters with their homework at school. And it isn’t easy for us, to keep a girl attentive to what she had to explain in the face of so many distractions such as hunger or the noises of the troubled neighborhood in which we grew up.
Later, I had the opportunity to teach professionally when I was only 14 years old and from this moment it has been something that brings me great pride and pleasure: Sharing knowledge and making a person leave with something different from when they arrived.
Could you tell us about your course? What can you recommend for newcomers in malware analysis?
Jézer Ferreira: Well, at Cyber Hunter Academy we have a whole range of training courses to get you started in the cyber threat world. From training focused on Open Source Intelligence from the beginner level to the most advanced.
How can ANY.RUN help students with phishing analysis in your program?
Jézer Ferreira: ANY.RUN is present in my talks and classes at the university, honestly, until now I have not met such a proactive sandbox.
When we designed the Phishing Analysis training for Cyber Hunter Academy, we told the teacher:
If it wasn’t with ANY.RUN it wouldn’t be with any other sandbox.
Thank you for supporting this from the beginning.
Our students can put into practice the tasks of analyzing phishing email attachments and also safely reproduce the step-by-step that a deceived user would do on the pages.
And this is our small tradition for Q&As – what is cybersecurity for you?
Jézer Ferreira: Cybersecurity is bringing to the virtual world the security that we have in the physical mode.
If we put bars, cameras, alarms, dogs, or physical porters in our real houses, it is because we pretend to restrict the entry of strangers without authorization. We do all this to protect what we have best and what is ours in our homes.
In the virtual world, we also have a lot to protect. So, we must have the same care that we have in the physical mode. That is why we have firewalls, proxies, alerts, antivirus, etc.
The main difference and disadvantage are that we always see physical threats and are more afraid of them, while cyber threats…
Thank you, Jézer, for your time and interesting insights.
And for those, who are new to our blog – welcome! – and check our previous interviews: John Hammond, a Youtube blogger with a bunch of lifehacks, Renzon Cruz – a DEFCON master, or maybe you are interested in nao_sec mystery and work?
Who should we talk to in our Q&A next? Let us know in the comments!