In this article, we will introduce our Alliance (formerly Red Team) member Lenon Leite. Lenon has been an Alliance member since March 2021.
Patchstack Alliance is a community of independent security researchers who contribute to building a safer web.
The Alliance members identify and report security vulnerabilities in WordPress plugins and themes to help software vendors address security issues before they pose risk to users and to the public.
My background comes from web development, so I started developing in PHP, most of the time using WordPress.
I've always been interested in security. The main goal has not been about exploiting the vulnerabilities, but more about understanding them.
I started doing publications for Exploit-DB, WPScan, some talks on WordCamps until I got here.
Nowadays, I like traveling, discovering new places and new cultures. I'm always looking for a good music festival in different places. Sometimes I play my CDJ.
Every other day I usually exercise in the gym or go for a run.
Under favorite movie/series/book I'd list these three:
I don't like games too much, but I would say my top three are:
This is a hard question. I guess I'd sell coconuts on some beach.
Just kidding! Maybe something in the field of finance or something connected to sports or music.
I prepared to go to WordCamp in 2020, but the pandemic came and I ended up not submitting my speaker proposal.
But yes, I have already spoken in 4 WordCamps and I do intend to speak this year (June 2-4, 2022 in Porto, Portugal). It would be like a small goal, but if it's not possible I’ll go and visit other WordCamps around the world.
I enjoy finding vulnerabilities related to file handling.
Like, delete, copy, rename, read, download. I like this type of vulnerability because the way to write code to protect against those is very different from XSS and SQL Injection (most common vulnerabilities).
There is usually no code or structure that blocks this.
Like everyone else, I use Burp. But I have also developed a SAST (Static Application Security Testing). So I take code patterns that I know are vulnerable and look for new ways for this pattern. After that, I insert the new pattern in this system to find the same vulnerability in other systems.
My suggestion to get started is to contribute to communities or on GitHub. The more you give, the more the world will give back to you. It's a way for you to learn, and show yourself to the market.
I like it and I recommend it too. It's a group of highly capable people with incredible skills, it's where the deepest information appears and is discussed clearly.
It's a place to exchange experiences and every day someone has something nice to share.