live node // blue-team oriented

FERNANDO OLIVEIRA FIGARO

Cybersecurity professional and Python instructor focused on blue-team operations, incident response and automating the boring parts of defense.

blue team & detection python // flask SIEM & log pipelines linux & networking threat simulations

browse labs ↳ deploy message

secure_shell // session: figaro@net

$ nmap -sC -sV fer-cybersec.lab

22/tcp open ssh OpenSSH - hardened

80/tcp open http custom static site

443/tcp open https tls13, perfect forward secrecy

1337/tcp open custom blue-team & teaching toolkit

$ cat mission.txt

> teach, defend, and build automation that actually helps defenders

visual feed

status: online ▌▌

// signal captured from an unnamed urban grid

🧟‍♂️ launch zombie detector

Between SOC noise and classroom whiteboards, I design labs and exercises that feel closer to underground cons than to a slide deck.

ctf badges log forensics infra puzzles covert dashboards

stack // tools of choice

logging & monitoring

Filebeat & log shipping Elasticsearch Kibana dashboards OpenSearch

infrastructure

Linux (server & workstation) Docker & Compose Nginx / reverse proxies Wireshark & tcpdump

development

Python (requests, asyncio) Flask & FastAPI Pandas & data inspection SQL (SQLite, PostgreSQL)

tools & automation

Git & GitHub Markdown & Jupyter Bash & shell scripts Streamlit dashboards

labs // selected operations

log surveillance

siem homelab

Attacker vs defender setup with real log collection and detection.

python · docker · elastic

Repo

blue-team utilities

http inspector

Inspect headers, cookies and auth flows in practice scenarios.

flask · requests · teaching

demo (soon)

detection engineering

query builder

Tool for crafting SIEM queries and testing detection logic.

python · visualization · siem

Private — coming soon

incident response

ir toolkit

Collection of scripts for rapid incident response workflows.

bash · python · automation

Private — coming soon

network fingerprint // exposed metadata

what the internet sees

running recon...

secure your connection ↳

contact // reach out

ops-console // contact.sh

$ ./contact.sh --mode secure --medium email
> packaging message...
> encrypting payload...
> tunneling through corporate infrastructure...
> dropping into my inbox.