About
Hi, I'm Fernando Guisso.
I'm a Security Software Engineer at willbank where I lead the AppSec practice and its internal authentication platform.
I build solutions that make security a natural part of the developer workflow—helping engineers ship safely without losing speed. The best security is the one that ships with the code.
In my spare time I obsess over my home lab: explore experiments tagged home-lab or dive into the gritty details on my wiki.
featured projects
Projects I'm building right now
- Project
sfer.nvim
Lightweight Neovim plugin that displays SARIF files, perfect for CodeQL runs and my daily AppSec tooling.
open ↗ - Project
Dojo Shield
Hands-on exercise to train secure development through guided missions with real-time feedback.
open ↗ - Project
Home Lab
My home infrastructure running AppSec pipelines, ZFS storage, Kubernetes, and automations—full notes live on the wiki.
open ↗
new articles
Here's what I'm writing lately
-
A free bucket on GitHub Releases
How SunCVE serves 130 MB of SQLite with no server: GitHub Releases as object storage, a local bootstrap, incremental processing on Actions, snapshot retention, and the database loaded in the browser via sql.js.
2,906 words · 15 min
Creative ler artigo ↗ -
Phone Phreaking
Before the internet, a giant network already connected the world. From the 2600 Hz whistle to SS7 attacks and rogue cell sites in São Paulo apartments: the technical manual of phreaking, from classic to modern.
8,596 words · 43 min
Idea ler artigo ↗ -
CVE-2024-29041 only works on Safari?
Digging into the Chromium and Firefox source code to understand why the payload navigates to the malicious host on Safari but not on other browsers.
805 words · 4 min
Lifestyle ler artigo ↗