Security Research

Most of my research and work has been focused on building (and some times breaking) security products and solutions. I have always been specially interested in website security, DNS, log analysis, malware and secure coding.

You can find most of my projects (and their code) here:

Trunc Logging

After many years building OSSEC and using other logging solutions, decided to take all that experience and make it available on Trunc. A google-like search engine for your logs, with a strong log analysis and correlation engine in the back:

A swiss arm knife for network and sys admins. Monitoring, CDN, WAF, and authoritative DNS:


A free (with paid options) anycast and DNS-based content filtering for kids, families and schools:

DNS over TLS/HTTPS clients

Built multiple client tools for DNS over TLS (DoT) and DNS over HTTPS (DoH) in PHP:
*Both DoH and DoT client (and server) side are now used on CleanBrowsing.

Sucuri WAF/CDN*

Different type of cloud-based WAF focused on protecting CMSs via white listing and virtual patching/hardening.
*Sold to GoDaddy in 2017 (worked on it from 2011-2017)

Sucuri Labs*

A web malware repository with samples and domains we were seeing in the wild with Sucuri.
*Sold to GoDaddy in 2017 (worked on it from 2012-2017)


My first born baby :) The open source log analysis and intrusion detection engine.
*Sold to Trend Micro in 2008 (worked on it from 2003-2011, even after the acquisition).
**Resumed working on it in 2015+ with my own fork.

Sitecheck Scanner*

The sitecheck scanner was an experimental work developed between 2008/2009 to try to identify anomaly on web sites. This research lead to the creation of Sucuri and our free scanner that is widely used with millions of scans done per month.
*Got merged into Sucuri in 2010 (worked on it from 2009-2010).


Rootcheck is an open source rootkit detection for Linux and BSD systems. It got merged into OSSEC, but you can still use it standalone.
*Started in 2002. Merged into OSSEC in 2005.

Security Research

List of articles and papers posted on external sites (mostly sucuri, and other sites).

Coding for fun and profit. Often fun and little profit.