operator = {
"nome" : "Lucas J. Da Cunha",
"role" : ["Red Team", "Pentester", "SecOps", "SRE"],
"filosofia" : "Ataco para entender. Entendo para construir defesas melhores.",
"stack" : ["Python", "Linux", "Kali", "Nmap", "Hydra", "Metasploit"],
"distros" : ["Kali Linux", "Debian", "Arch"],
"formação" : "Engenharia de Software — Universidade São Francisco (USF)",
"agora" : "Monitoramento de Sistemas + labs ativos no HackTheBox",
"diferencial": "Construo as próprias ferramentas pra entender o que ataco",
"motto" : "Sunrise, parabellum.",
}Durante um lab no HackTheBox, parei de ler log manualmente e escrevi o defensor.
O Citadel é um mini-SOAR que construí para rodar enquanto faço pentest. Ele age como Blue Team autônomo — eu ataco, ele detecta e bloqueia.
Isso me forçou a pensar nos dois lados simultaneamente: Red e Blue. É assim que Purple Team funciona na prática.
[Kali — eu, atacando] [Debian — Citadel, defendendo]
──────────────────────────────────────────────────────────────────
$ hydra -l root -P wordlist.txt [ALERTA] Falhas: 1/5 → 2/5 → 3/5
ssh://192.168.100.10 -t 4
[ALERTA] Falhas: 4/5 → 5/5
[DATA] attacking... [LIMIAR ATINGIDO] Bloqueando...
[BLOQUEIO] ✓ blackhole (ip route)
[timeout... timeout... timeout]
[262 tentativas. 0 respostas.] # silêncio total. kernel descarta tudo.
Click to expand 🇺🇸
operator = {
"name" : "Lucas J. Da Cunha",
"role" : ["Red Team", "Pentester", "SecOps", "SRE"],
"philosophy" : "I break things to understand them. Then I build better defenses.",
"stack" : ["Python", "Linux", "Kali", "Nmap", "Hydra", "Metasploit"],
"distros" : ["Kali Linux", "Debian", "Arch"],
"education" : "Software Engineering — Universidade São Francisco (Brazil)",
"currently" : "Systems Monitoring + active labs on HackTheBox",
"edge" : "I build my own tools to understand what I'm attacking",
"motto" : "Sunrise, parabellum.",
}I'm a Red Teamer who builds his own tools.
During HackTheBox sessions I got tired of reading massive SSH logs manually — so I wrote Citadel, a headless mini-SOAR that acts as an autonomous Blue Team operator while I run the pentest. It detects brute-force patterns, tracks IPs with a sliding window, and blocks them via kernel-level routing blackhole.
Building the defense taught me more about attacking than any tutorial ever did. That's Purple Team in practice.
📬 Let's connect: linkedin.com/in/lucas-j-da-cunha
