Luis Grangeia A personal blog


My name is Luis Grangeia, and I’m an information security professional working in the field for about 15 years, mostly doing security audits and pen-tests.

I do information security auditing and testing to major portuguese and european companies (retail, banking, insurance, telcos). I sometimes speak about information security at conferences and meetings.

Some stuff that I put out there you might find interesting:

  • Cupid, an implementation of the heartbleed attack for wireless networks, implemented as patches for hostapd and wpa_supplicant (slides here).
  • I authored a Burp Suite extension to handle and inject inside AES encrypted payloads.
  • I wrote the original paper for DNS Cache Snooping.
  • In another millenium I’ve co-authored a phrack article that, among other things, implemented a covert TCP sniffer inside the Linux kernel.

All my recent slide decks are available on

I’m mostly interested in security research, covering the usual topics:

  • Operation System design models (trusted path computing, security models, etc.);
  • Web Application security (lots of experience here…);
  • Low level protocols design and implementation;
  • Debugging & disassembling software & hardware;
  • Mobility and embedded systems, Android/IOS, wearables, IoT;
  • Futurology, new uses for technology, new forms of interaction.

You can find me on these places: