Lucas 'luriel' Carmo

Offensive Security Researcher

Penetration Tester

Red Team Operator

Hacking n' Roll

About Me
Good day to you all, I am Lucas Carmo, and I am better known as Luriel.

I have amassed seven years of experience in offensive security and hold esteemed certifications such as the GIAC Mobile Device Security Analyst and Offensive Security Web Expert. I am passionate about conducting vulnerability research and have discovered 16 CVEs in various vendors such as PRTG, Nagios, 3CX, Centreon, and others. Additionally, I have contributed to developing the ReconFTW web interface and am the creator of the Exploit Jewish Napalm.

  • Age: 26
  • Residence: Brazil
  • Freelance: Available
  • Address: Sao Paulo, SP
My Services
Vulnerability Research

Vulnerability research is the process of discovering and analyzing security vulnerabilities in software, networks, or systems, to identify potential weaknesses that could be exploited.

Penetration Test

Penetration testing is a simulated cyberattack aimed at identifying security weaknesses and vulnerabilities in a system or network.

Talks

Lectures on offensive security typically cover ethical hacking, penetration testing, vulnerability research, and exploitation techniques to help the community

Full-Stack Development

Full-stack development involves building both the front-end and back-end components of an application, allowing developers to work on all layers of the architecture.

Fun Fact
Began my studies in the field of hacking at the age of 14 and, by the time I turned 18, I had successfully secured my first employment opportunity in this field.
Possess over 10 gadgets such as Hak5 and Hacking Warehouse, as well as mobile devices (of which the Xiaomi Mi 9T is my favorite), to facilitate my technical activities.
Have a strong passion for playing video games and the spirit of competition. Therefore, during my younger years, I ventured into the Esports scene.
Fascinated by the concept of individuality, and body modification has provided me with the means to enhance my appearance with over 50 tattoos and 25 titanium rings.
Resume
Experience
September 2022 - At the moment
Technical lead of the Pentesters Destroyers team and head of Research and Development
Hakai Offensive Security.

Having dedicated my efforts to enhance the technical quality of the pentest team, I have assisted management in implementing the Individual Development Plan (IDP). As the founder of the company's research and development department, I have been contributing to vulnerability research, enhancements to community tools, delivering lectures, creating exploits, and various other initiatives

February 2022 - September 2022
Information Security Specialist
PicPay.

Dedicated to all types of intrusion testing and also all part of engineering, checking and solving problems found in mobile environments, such as: analyzing implementations of SSL Pinning, Hook Detection, Root/Jailbreak Detection, Frida Detection, Tamper Protection, etc.

August 2021 - February 2022
Technical lead of Research and Development
Stone Co.

Dedicated to research and development in offensive security context. Providing not only to Stone Co but also the entire Arpex holding with companies like Pagar.me, Mundipagg, Equals, Cappta and Elavon. Member of STOlabs, a research group responsible for the discovery of more than 50 vulnerabilities found, and reported on solutions adopted worldwide.

June 2021 - August 2021
Information Security Specialist
Mercado Bitcoin.

Dedicated to all types of intrusion testing and also all part of engineering, checking and solving problems found in mobile environments, such as: analyzing implementations of SSL Pinning, Hook Detection, Root/Jailbreak Detection, Frida Detection, Tamper Protection, etc.

December 2019 - June 2021
Senior Information Security Analyst
Stone Co.

Dedicated to penetration tests and researchers. Providing not only to Stone Co but also the entire Arpex holding with companies like Pagar.me, Mundipagg, Equals, Cappta and Elavon. Member of STOlabs, a research group responsible for the discovery of more than 50 vulnerabilities found, and reported on solutions adopted worldwide.

July 2019 - December 2019
Red Team Analyst
Black Skull Secuirty.

Dedicated to operations regarding web, mobile, internal infrastructure, wireless network, physical intrusion, adversary simulation, etc.

June 2019 - July 2019
Information Security Analyst
ITAU Bank.

Dedicated to intrusion testing and also all part of engineering, checking and solving problems found in mobile environments, such as: analyzing implementations of SSL Pinning, Hook Detection, Root/Jailbreak Detection, Frida Detection, Tamper Protection, etc.

My Skills
Offensive Security
  • Mobile Penetration Testing
  • Web Penetration Testing
  • API Penetration Testing
  • Vulnerability Research
Languages
  • Brazillian Portuguese
  • English
  • Spanish
  • Hebrew עִבְרִית
Coding
  • Python
    90%
  • Javascript
    70%
  • Swift
    50%
  • Ruby
    50%
Achievements
  • Member of the OWASP São Paulo Association
  • Tool ReconFTW Contributor
  • Talk on Hackers 2 Hackers Conference H2HC about BEERUS.APK - Spotlighting sandbox exfiltration
  • Talk on BsidesSP about Reconnaissance like a cyber ninja
  • Talk on Nullbyte Conference about Security Audit in Blockchain
  • Certification GIAC Mobile Device Security Analyst (GMOB)
  • Certification Offensive Security Web Expert (OSWE)
  • CVE-2019-15898, CVE-2021-28924, CVE-2021-28925 – Nagios.
  • EXPLOIT-DB:44500, CVE-2018-10253 – PRTG Network Monitoring.
  • CVE-2018-19118 ID – ADAudit.
  • CVE-2018-14905, CVE-2018-14906, CVE-2018-14907 – 3CX.
  • CVE-2018-19311, CVE-2018-191312 – Centreon.
  • Associate Degree. Computer Technician Specialized in Development. Senac Rio de Janeiro, 2015-2016.