Françoa Taffarel, MSc. ⚓️

Françoa Taffarel, MSc.

M.Sc. | Offensive Security Engineer | Red Team | OSCE³

Brazilian Navy

Hack The Box HackerOne

About me

I’m an Offensive Security Engineer driven by a deep curiosity about how systems break — and how they’re defended. With over 5 years of experience in Red Team operations, penetration testing, adversary emulation, and vulnerability research across cloud, hybrid, and on-premise environments, applying real-world TTPs in fast-moving contexts. I hold the OSCE³ (OSWE, OSEP, OSED) certification, with a hands-on focus on exploitation, secure code review, and custom tooling. My master’s research explored large-scale IoT and embedded systems security, leading to multiple 0-days and CVEs and shaping how I approach practical security. When I’m not breaking or building systems, I’m usually studying new attack surfaces, refining techniques, and thinking about how to make security teams harder to surprise.
Request CV

Education

MSc in Computer Science (Cyber Warfare)

2022-03-01
2024-07-01

Instituto Tecnológico de Aeronáutica (ITA)

MBA in Information Security

2019-01-01
2020-12-01

Universidade Estácio de Sá

BS in Computer Science

2012-01-01
2018-12-31

Universidade Federal do Rio de Janeiro

BSc in Naval Science (Mechanics)

2011-01-01
2014-12-31

Escola Naval

Interests

Offensive Security & Red Teaming Cyber Warfare & Adversary Emulation Vulnerability Research IoT & Embedded Systems Security Cyber Training, Simulation & Exercises

Experience

  1. Offensive Security Engineer / Cyber Warfare Specialist

    Brazilian Navy
    Professional experience in cyber operations, technical research, and training environment development within defense and academic contexts.

Skills & Hobbies

Offensive & Technical Skills

Web Exploitation
Binary Exploitation
IoT / Firmware Analysis
Red Team Operations
Python

Research & Teaching

Vulnerability Research
Academic Writing
Cybersecurity Instruction

Languages

100%
Portuguese Native
80%
English Advanced

Education

  1. MSc in Computer Science (Cyber Warfare)

    Instituto Tecnológico de Aeronáutica (ITA)
    Master’s research focused on large-scale vulnerability analysis in IoT and Wi-Fi routers, combining static and dynamic analysis, firmware emulation, and automated tooling.

  2. MBA in Information Security

    Universidade Estácio de Sá
    Postgraduate program focused on information security management, risk analysis, and applied cybersecurity practices in Nuclear Sector.

  3. BS in Computer Science

    Universidade Federal do Rio de Janeiro
    Bachelor’s degree with emphasis on software engineering, algorithms, operating systems, and computer networks.

  4. BSc in Naval Science (Mechanics)

    Escola Naval
    Undergraduate naval officer formation with a focus on mechanics, leadership, and operational training.
Awards
3rd Place — MD/CAPES National Defense Theses & Dissertations Award (2025)
Brazilian Ministry of Defense (MD) / CAPES December 2025
Awarded 3rd place at the MD/CAPES National Competition on Defense Theses and Dissertations (2025). The research focused on advancing large-scale vulnerability analysis in Wi-Fi routers, contributing directly to national cyber defense and offensive security capabilities.
Outstanding Artifact Reviewer — CTA (SBSeg) 2025
Committee of Technical Artifacts (CTA), SBSeg September 2025
Recognized again as one of the outstanding artifact reviewers of the CTA at SBSeg 2025, reinforcing consistent contributions to artifact evaluation, sustainability, and reproducible security research.
CVE-2025-2252
Published CVE March 2025
An unauthenticated information disclosure vulnerability in the Easy Digital Downloads – eCommerce Payments and Subscriptions plugin (versions <= 3.3.6.1) allows attackers to retrieve private download post titles via the edd_ajax_get_download_title() AJAX action.
Outstanding Artifact Reviewer — CTA (SBSeg) 2024
Committee of Technical Artifacts (CTA), SBSeg December 2024
Recognized as one of the outstanding artifact reviewers of the CTA at SBSeg 2024, for high-quality technical evaluations, reproducibility validation, and constructive academic feedback.
CVE-2024-0769
Published CVE January 2024
A vulnerability in affected software versions allows improper input handling, which may result in unintended information exposure or system behavior.
CVE-2023-6580
Published CVE December 2023
An information disclosure vulnerability in specific software components allows attackers to access sensitive data due to improper access control mechanisms.
CVE-2023-7002
Wordfence / Published CVE December 2023
The Backup Migration plugin for WordPress (versions <= 1.3.9) contains an authenticated OS command injection vulnerability via the ‘url’ parameter, allowing administrators or higher-privileged users to execute arbitrary system commands on the underlying server.
1st Place — p0t30s3 CTF (Extreme Hacking) 2023
Extreme Hacking September 2023
First place at the p0t30s3 CTF 2023, focused on real-world offensive security challenges, including vulnerability exploitation and adversarial problem solving.
Best Short Paper Award — SBSEG 2023
SBSEG 2023 September 2023
Best short paper award at SBSEG 2023, associated with Instituto Tecnológico de Aeronáutica (ITA).
CVE-2022-46552
Published CVE January 2023
A vulnerability in certain Wi-Fi router firmware versions allows improper handling of network requests, which may lead to information disclosure or unintended behavior under specific conditions.
1st Place — SBSEG CTF 2022
Brazilian Symposium on Information and Computational Systems Security (SBSEG) September 2022
First place at the SBSEG 2022 Capture The Flag (CTF) competition, demonstrating advanced skills in exploitation, reverse engineering, and applied offensive security techniques.