My Road to TROOPERS Scholarship – Part 2

Hello Everyone,

Last week I talked to you about my scholarship adventures for TROOPERS conference and how I applied to it. So now it is time to see what the response was from the TROOPERS side, to us, the students that successfully acquired a scholarship for the event.

Immediatelly after my “motivation letter” email, I got a reply, that said:

Hi Thomas,

Thank you for writing us and for your interest in TROOPERS! We will be in touch later this year.

Best,
{name of representative goes here}

With this, I understood that until the end of 2016, I must have a response with the results of my application, but that was not the case. The whole December and January passed without any email from them, and no response to my emails, asking for an update on the results. Luckily, in the 8th of February, and once I had the scholarship idea let go, I received an email from them with the following message:

Dear all,

thank you very much for your interest in TROOPERS and your motivational
letters. We are stoked to let you know that your letter convinced us and
you are hereby INVITED to the amazing experience of participating in the
TROOPERS main conference and the NGI [1] event. The invitation means
that you can register yourself for participation without any fees for
those two events using the Booking Code

{booking code goes here}

Please use the regular registration form. Besides the participation in
the conference, the NGI event, and the shared dinner Wednesday night,
everything else is on you (in particular your travel organization [2]).

We’re looking forward to you being at TROOPERS! I’d also love to use the
opportunity and get to know you in person. If you are also interested in
that, I will hang out at the Student Information Desk on Thursday, 13:00
over lunch.

Have a great time & stay tuned,
{name of representative goes here}

[1] https://www.troopers.de/troopers17/next-generation-internet-ngi/
[2] https://www.troopers.de/troopers17/travel/

At first, when I saw the summary of the email on my Android device, I was sure that it was an automated response which rejected me from the selection. But I was wrong and as you can see the email concerned the opposite. Of course, I was a bit let down because of the automated email (in BlackHat Europe it was a personalized one, with personalized support fot each student) but this is just a minor thing, in the whole case.

cdvrufowwaabgg

I am now in the phase that I have my tickets and accommodation booked, and I will attend the Next Generation Internet event, the Conference and the Roundtables, in 20-24th of March in Heidelberg, Germany. I will be really happy to meet any of you, that will also attend the event, talk and hangout in the breaks, or after the scheduled hours. Feel free to contact me! I will be happy to meet you all!

Cr0wTom

P.S. I want to attend the PacketWars event(22nd March @ TROOPERS), but I don’t have a team. If you have a team and you are interested in including me, please contact me. 🙂

graphic-1

My Road to TROOPERS Scholarship! – Part 1

Hello Everyone,

It’s been a while since our last talk. You know, many things happening, a masters degree and a constant dream hunting. I think that the last time we talked, it was about my conclusion in the BlackHat Europe 2016 event, and my first vlog. Now, it is time for a new announcement, and my acquisition of a scholarship for the TROOPERS 17, which happens to be the 10 year anniversary of TROOPERS, which will be awesome, for sure!

For more, go here: https://www.troopers.de/troopers17/

As with BlackHat, TROOPERS gives some scholarships to students around the world, which are interested and involved into the security sector. The competition is big in such events, because you are attending for free, bypassing a big fee that others have to pay, to attend it. For TROOPERS the process is more simple than BlackHat, and you just have to sent a motivation letter. The instructions on the site are as follows:

STUDENTS@TROOPERS – MOTIVATION LETTER

Troopers is all about training, personal progression, and making the world a safer place. The limited budget of many students should not get in the way of this mission. Hence we offer students the opportunity to submit a short abstract to apply for their free Troopers attendance. As the available seats are limited and there are potentially a high number of students, we apologize if we cannot accept all student applications.

If you want to apply, please send us an abstract about why you in particular should be attending Troopers — keep in mind, you have to convince us! Including:

  • A short personal introduction
  • Current fields of work/degree programs
  • Experiences and activities in the area of IT security
  • Published work/research/white papers/write-ups
  • Expectations for the conference and expected personal progression
  • What you will contribute to TROOPERS

Send this letter to student@troopers.de.
The deadline for the submission of Student Motivation Letters is January 31st 2017.

I learned about it, in one of my work trips, that a friend of mine mentioned it, and I searched it immediately. I prepared my letter and sent it to the email stated above. My email was the following:

Dear TROOPERS,

My name is Thomas Sermpinis, and I am a Master’s student from Greece. I am 23 years old, with great passion for Cyber Security, from the age of 12 when I firstly started programming. I am currently studying for my master’s degree in “Informatics and Management” in the Aristotle University of Thessaloniki and I work in the security sector, preparing workshops for Hakin9 media, related to IT security topics. I have started working in this sector by the age of 18, where I worked in the biggest Greek Hacking Magazine, DeltaHacker. I am also, freelance in penetration testing, for an extra income, because of the difficult economic situation of Greece, but of course I really love what I do. Also, I have a personal YouTube channel, that I produce videos related to security, with a big fanbase.

As I wrote, my main field of work these last years, is presenting my knowledge to others, with workshop instructing, and article writing. By this, I have met many people, and acquired many experience in this field. I have also traveled to Germany this last year, for an opportunity in working with a Cyber Security firm, named Auxilium. Continuing, recently I acquired an academic scholarship for BlackHat Europe 2016, which I will attend in November and I hope that I will gain much from it.

Some of the topics that I have researched and presented in various ways are:

  • Penetration Testing with Android Devices (Hakin9, Google Developers Conference)
  • Android Malware Analysis (Hakin9)
  • Web Application Hacking: Data Store Attacks (Hakin9)
  • Penetration Testing with Kali 2.0 (Hakin9, DeltaHacker)

This is only a small part of my work in the security field, in which I want to work and offer my knowledge and experiences. This is also a reason why I want to attend TROOPERS. I want to meet new people, and acquire new knowledge, throughout the exceptional layout of this event. I thing that this is the way to my personal progression, and this is why I am continuously searching for new opportunities that will help me in this matter. Of course, my presence there will not go unnoticed. I want to be active and stand out of the crowd, by participating in competitions and discussions of TROOPERS. Finally, it will be a big and serious opportunity for me, that I will also be able to write about in my blog (cr0wsplace {dot} wordpress {dot} com) and let every reader know about TROOPERS conference and events, which will also be good advertising for you.

I look forward to hearing from you.

Best Regards,
Thomas Sermpinis

I am now selected as one of the scholarship holders, and I will attend the conference and the NGI event on March 20-24th of 2017. I will make a part 2 for the letter of acceptance and the registration process, so stay tuned. 😉

Cr0wTom

BlackHat Europe 2016 – Epilogue

Hello Everyone,

Here again, after two really succesful days in London. BlackHat Europe ended up with really good fealings, with new friends and contacts, with many presents from the event, and more knowledge.

During my time there, I tried to capture the most importand aspects of the event, to able to constract them in a mini-documentary, that it can pass you the spirit and for you to be able to feel it, despite you weren’t there.

The conclusion of the event is that it was a really good start in the security events for me, and I hope that it is the first of many to come. Finally, I want to tell you that I met Jeff Moss (the founder of BlackHat and DefCon events) in person, and we had a really good talk. His tweet after our talk was the following:

screenshot_20161110-113335

Hope to enjoy my video. Feel free to commend, like, dislike and subscribe to my channel.

Cr0wTom

Web Application Hacking Course by Cr0wTom

Hello Everyone,

As you already know, because of my early work on Cr0w’s Place, and your support of course, I have the opportunity to work in some of the biggest education providers in the security sector. One of them is Hakin9 Media SP. with whom I am starting a new four week course tomorrow, in the subject of Web Application Hacking, and specifically in DataStore attacks and Advanced SQL Injection. You can find my course here.

My intentions are not to phish for clients. It is a really advanced topic, that not anyone can attend. But if you are up to Security and Hacking and you have some knowledge in SQL Injection, you can find this really helpful.

To continue, I want to tell you that I am preparing a vlog for the upcoming BlackHat event, that I will attend in November. I want to call anyone that will attend too, to communicate me, and scheduled a meeting in the event. I will happy to meet all of you, and present you in my BlackHat videos.

Feel free to contact me with any contact way available. 🙂

Cr0wTom

Wordlist Creation with CUPP (Mr. Robot)

In this tutorial for Cr0w’s Place we are going to see how to generate a wordlist / dictionary file in Kali Linux, with a different tool, called CUPP. The difference is that this tool uses questions related to the victim, to produce a personalized wordlist for him/her. It is a really useful and effective tool, and it has also been shown in Mr. Robot series.

CUPP is a very powerful tool that creates a wordlist specifically for a person. CUPP is cross platform and written in Python. CUPP asks us questions about the target (name, wife’s name, pet’s name…) and then creates a password based on the keywords we entered.

To install it, go to a folder with a terminal window and type:

git clone https://github.com/Mebus/cupp.git

After this, and into the newly created cupp folder, we start the program like this:

  • cupp -i

Parameters are:

  • -h this menu
  • -i Interactive questions for user password profiling
  • -w Use this option to profile existing dictionary, or WyD.pl output to make some pwnsauce 🙂
  • -l Download huge wordlists from repository
  • -a Parse default usernames and passwords directly from Alecto DB. Project Alecto uses purified databases of Phenoelit and CIRT which where merged and enhanced.
  • -v Version of the program

If you like my job please Subscribe.

Thank You For Watching.:)

Cr0wTom

CTF team recruitment!

Hello everyone,

As you already know, I have started to be more active these last years in the field of security. I am not just an enthusiast, but I work and study for this field. The purpose of this post isn’t to present you my resume, but to start something new.

All these years I work alone. I write, test, and learn alone. I have also, compete in some CTFs alone, with random teams, from forums and Reddit. But I want to end this now. I want to create a team, and start to compete, wherever it is possible, develop-learn-share knowledge together, and start something new, that will offer not only to us, but hopefully to everyone.

I don’t know the name, I don’t know how many people we will be, but I want people with passion for the Security sector. Passion for computer hacking, developing, programming, penetration testing etc. I don’t want the guy that studies I.T. and goes to work just to live. Let’s create something extraordinary!

I will be happy to hear and speak with you. I am based in Greece, but I don’t thing that I want to restrict it here, so everyone is welcome. Feel free to ask me anything in any of the contact ways that you may find in this blog.

Cr0wTom

My road to BlackHat Europe so far – Part 2 (Acceptance email)

Previously, we talked about the process I followed to get awarded with a student scholarship on BlackHat Europe 2016. As I told you, I followed the application process and I answered the required questions, as I showed you in part 1.

In this post, I will show you the acceptance email that I received in my inbox, ~40 days after my application.

Congratulations, you have been awarded a complimentary Student Scholarship to attend Black Hat Europe 2016 in London.  Black Hat Europe is the most technical and relevant global information security event in the world. For more than 19 years, Black Hat has provided attendees with the very latest in information security research, development, and trends in a strictly vendor-neutral environment.  This is an outstanding opportunity for students to learn from and network with some of the most talented researchers and practitioners working in InfoSec today.

 

Event:                   Black Hat Europe Briefings

Date:                     November 3 and November 4, 2016

Location:              Business Design Centre, London

 

Requirements:  In order to register for your complimentary Student Pass, you must meet the following requirements:

  • Must be at least 18 years old at the time of the event
  • Must provide copy of verifiable proof of full-time academic status at an accredited college or university (copy of class schedule or syllabus)
  • Must provide copy of valid and current college/university ID card
  • You must be able to provide your own travel to and accommodations in London —these are not included
  • Submit your materials on or before September 30, 2016.

 

Please reply to this email with the required information and we will set up your registration.  If you have any questions or need any more information, please contact us at blackhateuroperegistration@ubm.com

 

Congratulations on your nomination, and we hope you will be able to join us at Black Hat Europe this year.

 

The Black Hat Team

The email came from the address registration@ubm.com.

Cr0wTom