In this article, we will introduce our Alliance (formerly Red Team) member Lenon Leite. Lenon has been an Alliance member since March 2021.
Patchstack Alliance is a community of independent security researchers who contribute to building a safer web.
The Alliance members identify and report security vulnerabilities in WordPress plugins and themes to help software vendors address security issues before they pose risk to users and to the public.
What is your story about getting into cybersecurity?
My background comes from web development, so I started developing in PHP, most of the time using WordPress.
I've always been interested in security. The main goal has not been about exploiting the vulnerabilities, but more about understanding them.
I started doing publications for Exploit-DB, WPScan, some talks on WordCamps until I got here.
What are your hobbies, what you're doing in your free time?
Nowadays, I like traveling, discovering new places and new cultures. I'm always looking for a good music festival in different places. Sometimes I play my CDJ.
Every other day I usually exercise in the gym or go for a run.
What are your favorite movies and PC games?
Under favorite movie/series/book I'd list these three:
- Mr Robot
- Silk Road (a movie based on the real history of Ross Ulbricht)
- The KingPin (book - The KingPin, real-life computer hacker Max Butler)
I don't like games too much, but I would say my top three are:
- Age of Empires II
- Age of Empires III
If you'd decide to change your profession what would that profession be?
This is a hard question. I guess I'd sell coconuts on some beach.
Just kidding! Maybe something in the field of finance or something connected to sports or music.
Have you attended or spoken on any WordCamps?
I prepared to go to WordCamp in 2020, but the pandemic came and I ended up not submitting my speaker proposal.
But yes, I have already spoken in 4 WordCamps and I do intend to speak this year (June 2-4, 2022 in Porto, Portugal). It would be like a small goal, but if it's not possible I’ll go and visit other WordCamps around the world.
What kind of vulnerabilities do you like to search for, and why?
I enjoy finding vulnerabilities related to file handling.
Like, delete, copy, rename, read, download. I like this type of vulnerability because the way to write code to protect against those is very different from XSS and SQL Injection (most common vulnerabilities).
There is usually no code or structure that blocks this.
What kind of tools do you use?
Like everyone else, I use Burp. But I have also developed a SAST (Static Application Security Testing). So I take code patterns that I know are vulnerable and look for new ways for this pattern. After that, I insert the new pattern in this system to find the same vulnerability in other systems.
Any suggestions to other cyber security researchers who are just starting their career path?
My suggestion to get started is to contribute to communities or on GitHub. The more you give, the more the world will give back to you. It's a way for you to learn, and show yourself to the market.
Do you enjoy being part of Patchstack Alliance? Would you recommend other researchers to join?
I like it and I recommend it too. It's a group of highly capable people with incredible skills, it's where the deepest information appears and is discussed clearly.
It's a place to exchange experiences and every day someone has something nice to share.