Manuel Humberto Santander Peláez
Presione acá para la versión en español
GIAC Security Expert
SANS Internet Storm Center
GIAC Industrial Security Professional

Who is Manuel Humberto Santander Peláez?

I've been working in information security since 1995. I work in the information security field, but I like and spend part of my time in the Network Designing.

I have a B.S. on Computer Science (called "Ingeniería de Sistemas" in spanish) and a MBA from EAFIT University. I also have a Master of Science in Information Security Engineering (MSISE) from SANS Technology Institute

I currently serve as Information Security Coordinator (same functions as CSO) at Empresas Públicas de Medellín E.S.P in Medellín, Colombia. I work as a teacher for IT Audit, ITIL and information security techniques at Universidad de San Buenaventura. I teach also computer networks at Universidad Santo Tomás de Aquino - Medellin and Universidad Autónoma Latinoamericana.

I'm proud of being involved with SANS Institute, where I've been Local Mentor and Community SANS Instructor for Computer Forensics, Investigation and Response, Intrusion Detection In-depth, Defensible .NET and Hacker Techniques, exploits and incident handling. I have been coauthor for Browser Forensics course with Peter Charles Hewitt, coauthor for Protecting your Personal Privacy on the Internet course, Advisory Board member,  founder and currently vice chair member of the GIAC Ethics Council. You can use this page to report any ethics complaints to us.

If you need any information security training from SANS in Medellín, inside Colombia or any nearby country, I am happy to assist you! Contact me and we can discuss how to solve your needs.

I am a Internet Storm Center (ISC) handler!! The ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. ISC handlers detect problems, analyze threats and disseminate both technical as well as procedural information to the general public.

Some projects ...

There's a program called wbf (Web Browser Forensics) that I wrote for the SANS Browser Forensics course to parse the history file of firefox, opera and epiphany browsers. If you want to know more about it, click here.

I installed a  linux box to perform QoS but then I had a question: How can I know what's the amount of bandwith spent for every class? I wrote a small program for monitoring classes configured for a specific interface. If you want to know more about it, download it here.

I configured a virtual machine for my web app security students so they can play and learn all the attacks. More information here.

The Cisco IOS operating system is prone to malware infections. You can find here a proof of concept that allows to control an IOS device from an IRC channel and another proof of concept that masks the output of some CLI commands to mask a tunnel to the Network Administrator.

Some papers I have written

  • GIAC GCFA Gold Paper: This paper is my solution for practical version 1.5, when practicals were mandatory for the GIAC Certifications.
  • Measuring effectiveness in Information Security Controls: This paper was done to get my GSEC Gold certification.
  • IOSTrojan: Who really owns your router?: This paper was done to get my GCIH Gold Certification.
  • GIAC GCIA Gold Paper: This paper is my solution for the assignment that was mandatory for getting GCIA certification and the goal was to analyze some snort logs from
  • Data Retention & Cost Effective Data Loss Prevention Techniques: This paper is the solution for the Group Discussion and Written Project assignment made with Eric Conrad and Mason Pokladnik at SANS Orlando 2008
  • Consideraciones para la toma de decisiones en la ocurrencia de una intrusión de Seguridad (2003): I wrote this paper with Fabio Alberto Salazar Lopera for the CIBSI'03 (Congreso Iberoamericano de Seguridad Informática).

Some presentations I have given

  • Monitoring emerging threats: SCADA Security next step in ciberterrorism: This presentation was given in the Congreso Seguridad en Cómputo 2010 at the Universidad Nacional Autónoma de México.
  • Computer Forensics: An answer to investigate computer crime felonies (Spanish): This presentation was given in the XVII National Conference for Computer Science Students at Cali, Colombia.
  • Computer Forensics: From Programming Error to Antiforensics Techniques: Lessons Learned: This presentation was given as a requirement for the Community Project at the SANS MSISE Program. 
  • Countermeasures needed to generate valid evidence in case of an intrusion. A practical Case (Spanish): This presentation was given in the V National Computer Security Conference at Bogotá, Colombia
  • Complimentary protections in case of virus infections (Spanish): This presentation was given in the IV National Computer Security Conference at Bogotá, Colombia.
  • Cisco Malware: A new risk to consider in perimeter security designs: This presentation was given in SANSFIRE 2011 at Washington D.C.
  • Authentication Issues between entities during protocol message exchange in SCADA Systems: This presentation was given in SANSFIRE 2012 at Washington D.C.
  • Avoiding Cyberterrorism Threats Inside Hydraulic Power Generation Plants: This presentation was given in SANSFIRE 2012 at Washington D.C.