> Hands-on security, hardware and tooling projects_
ORUAM BSS (Basic Security Suite) is a custom firmware for the M5Cardputer ADV that turns the device into a compact, handheld security reconnaissance tool. The project explores the real limits of what an ESP32-S3-based device can do in the field of network and wireless security — no Linux, no external SBCs, pure embedded C++.
The name carries a double meaning: ORUAM is the author's security codename, and BSS (Basic Security Suite) is also a reference to the 802.11 wireless term Basic Service Set — a nod to the WiFi-heavy nature of the tool.
Active development and expansion of the MeshCore decentralized mesh network in Brazil, focusing on interconnecting cities across the state of São Paulo — Santo André, Jundiaí, Sorocaba, and Campinas.
The project builds a resilient, low-cost communication mesh completely independent of traditional telecommunications infrastructure — fully off-grid, powered by LoRa radio technology. LoRa (Long Range) is a low-power wireless protocol capable of transmitting data over tens of kilometers without internet or cellular connectivity, ideal for emergency communications and remote areas. Nodes are powered by solar-charged batteries, enabling permanent autonomous operation.
A MeshCore LoRa mesh client running on a 1990s Palm IIIe — Motorola 68K at 16MHz, 2MB RAM, monochrome 160×160 display. The Palm connects to a Heltec V3 LoRa node via the RS-232 HotSync cradle, through a MAX3232 level shifter, and joins the mesh network with no internet, no cloud, no Bluetooth.
Built from scratch in C for Palm OS 3.1 using prc-tools-remix, PilRC and the Palm OS SDK 3.5. A purely nostalgic but functional experiment in pushing vintage hardware into modern off-grid communications.
Terminal Pomodoro timer for macOS and Linux with no external dependencies. Detects the OS automatically and uses native notifications and audio on each platform — osascript + afplay on macOS, notify-send + sox on Linux.
Configurable work and break durations, automatic long break every N sessions, live countdown display, session counter, and graceful Ctrl+C exit with a focus time summary.
Secure CLI wrapper for PWPush — share passwords via one-time URLs that expire by time or view count. The password is passed as a JSON body via stdin to curl, never as a process argument, making it safe against ps aux snooping.
Supports self-hosted PWPush instances, optional notes, recipient delete, numeric validation, and dependency checking. Password can be passed via flag, environment variable, or stdin pipe.
A collection of security case writeups from real-world exercises and hackathon simulations — documenting full exploitation chains, root causes, and defensive lessons. Covers Linux privilege escalation, cloud IAM abuse, container escape, Kubernetes RBAC, and lateral movement techniques observed in practice.
Each case follows the same structure: scenario context, reconnaissance methodology, step-by-step exploitation chain with commands, root cause analysis, and defensive takeaways. No CVE dependency — real misconfigurations, real chains.
Contributing author at Disconecta, a Brazilian music portal focused on classic rock, progressive rock, and alternative music. Specialist in Italian Progressive Rock and author of the book "Rock Progressivo Italiano" — available on Amazon.
Writing in-depth album reviews, artist histories, show coverage, and opinion pieces — applying the same analytical rigor used in technical work to dissect the complexities and timelessness of classic rock. Also co-host of the Redação Disconecta podcast.
Volunteer editor at the Wikimedia Foundation since 2014, contributing to the world's largest free knowledge base. Work includes article review, content editing, and translation between Portuguese and English — ensuring accuracy, neutrality, and quality across Wikipedia's collaborative encyclopedia.