My road to BlackHat Asia 2017 and some updates!

Hello Everyone,

I know that it is getting a bit frustrating, but in this section I really need to update my blog about my academic work in the cyber security sector. The next couple of days I will write about my progress in my Ms program, but this post is all about another conference scholarship.

Just like BlackHat Europe, I recently got awarded with a student scholarship for BlackHat Asia 2017 in Singapore, 28-31 March 2017. It is a great honor to be selected for this event, but unfortunately I will not be able to attend it. The reason? Really expensive transport and accommodation, for a conference that will be more or less the same with BlackHat Europe that I attended earlier this year.

It was a great opportunity to visit Asia and meet people from this side of the world, but I think that in this time of my life I need to invest on other things and not in a similar conference.

The process is pretty similar with the one I presented you in the BlackHat Europe scholarship, and the support stays really great. They helped me a lot with the registration process, and in my questions about helping me cover transport and accommodation. Unfortunately, they couldn’t cover me these expenses so I will not attend the event.

To continue, this Sunday I will fly to Heidelberg for the TROOPERS conference, and I will keep you updated with posts and vlogs. Today, I received the following message with the last info about the event:


We are now less than one week away from TROOPERS17! Just wanted to brief everyone on a few things to get your week of to a great start!

1. The trainings and Next Generation Internet (NGI) start on Monday, March 20 at 9:00am at the Print Media Academy

a. PMA Address: Kurfürsten-Anlage 60 69115 Heidelberg Germany

b. Registration will start at 8:00AM and light breakfast and coffee will be available.

c. There will be signs on site to guide you to the appropriate training rooms.

d. Please use this link to see where you can park at the Print Media Academy for those who are driving:

e. The complete Training agenda is located at

2. The trainings start on Tuesday 9:00am

a. Registration will be open at 8:00AM

b. Exception: TelcoSec Day will begin at 8:30AM on Tuesday.

3. The Conference starts on Wednesday, March 22nd at 9:00 at the Print Media Academy, and will end at 1900 each day (there is an additional hour of talks each day to celebrate the 10th edition of TROOPERS).

a. Registration begins at 7:45AM. PLEASE come earlier rather than late.

b. You do not need a physical ticket. Just your name. Again please check-in at the Registration Desk to get all your TROOPERS goodies and agenda.

c. Don’t be late! Given the huge amount of the highest quality content and some special surprises for you, the doors of the keynote auditorium will close right at 9:00. We need to ask all late arrivals to watch the keynote through the streaming on the first floor.

d. The complete Conference Agenda is located at

e. There is a Shared Dinner Wednesday evening at Kulturbrauerei: Leyergasse 6, 69117 Heidelberg. We will arrange for buses to pick people up from the Print Media Academy starting at 6:30pm until 7:00pm. Please meet in the lobby of the PMA to catch your bus.
Dinner will start at 8:00pm.

4. Important Additional Information

a. 10k TROOPERS Run: Don’t forget your running shoes! We will meet at the Crowne Plaza Heidelberg hotel on Thursday March 23rd at 7:00AM.

b. PacketWars: BYOD! The Battle Briefing will be available on Monday March 20th here:

c. TROOPERS GSM Network: As in the last years, we will have our own Troopers GSM network. Because there will be some challenges, it might come in handy to have a second cell phone with you. SIM cards can be picked up at the Reception Desk. This time you are also able to host your own SMS service. More information about this is published on our blog:

d. Food: Monday – Thursday, starting at 8:30am, a light breakfast will be available, there will be 2 coffee breaks per day with nice snacks, and lunch will be provided onsite at the Print Media Academy.

e. Roundtables are on Friday from 9:30-13:00. The list of topics can be found here:

If you have any additional questions or concerns, please email us at

Safe travels and see You soon!
Your Troopers Crew

So stay tuned! 😉

I want to close with the announcement of my new website,, which is an attempt to start in the business security sector. So wish me luck and give me your feedback . 😀


My Road to TROOPERS Scholarship – Part 2

Hello Everyone,

Last week I talked to you about my scholarship adventures for TROOPERS conference and how I applied to it. So now it is time to see what the response was from the TROOPERS side, to us, the students that successfully acquired a scholarship for the event.

Immediatelly after my “motivation letter” email, I got a reply, that said:

Hi Thomas,

Thank you for writing us and for your interest in TROOPERS! We will be in touch later this year.

{name of representative goes here}

With this, I understood that until the end of 2016, I must have a response with the results of my application, but that was not the case. The whole December and January passed without any email from them, and no response to my emails, asking for an update on the results. Luckily, in the 8th of February, and once I had the scholarship idea let go, I received an email from them with the following message:

Dear all,

thank you very much for your interest in TROOPERS and your motivational
letters. We are stoked to let you know that your letter convinced us and
you are hereby INVITED to the amazing experience of participating in the
TROOPERS main conference and the NGI [1] event. The invitation means
that you can register yourself for participation without any fees for
those two events using the Booking Code

{booking code goes here}

Please use the regular registration form. Besides the participation in
the conference, the NGI event, and the shared dinner Wednesday night,
everything else is on you (in particular your travel organization [2]).

We’re looking forward to you being at TROOPERS! I’d also love to use the
opportunity and get to know you in person. If you are also interested in
that, I will hang out at the Student Information Desk on Thursday, 13:00
over lunch.

Have a great time & stay tuned,
{name of representative goes here}


At first, when I saw the summary of the email on my Android device, I was sure that it was an automated response which rejected me from the selection. But I was wrong and as you can see the email concerned the opposite. Of course, I was a bit let down because of the automated email (in BlackHat Europe it was a personalized one, with personalized support fot each student) but this is just a minor thing, in the whole case.


I am now in the phase that I have my tickets and accommodation booked, and I will attend the Next Generation Internet event, the Conference and the Roundtables, in 20-24th of March in Heidelberg, Germany. I will be really happy to meet any of you, that will also attend the event, talk and hangout in the breaks, or after the scheduled hours. Feel free to contact me! I will be happy to meet you all!


P.S. I want to attend the PacketWars event(22nd March @ TROOPERS), but I don’t have a team. If you have a team and you are interested in including me, please contact me. 🙂


My Road to TROOPERS Scholarship! – Part 1

Hello Everyone,

It’s been a while since our last talk. You know, many things happening, a masters degree and a constant dream hunting. I think that the last time we talked, it was about my conclusion in the BlackHat Europe 2016 event, and my first vlog. Now, it is time for a new announcement, and my acquisition of a scholarship for the TROOPERS 17, which happens to be the 10 year anniversary of TROOPERS, which will be awesome, for sure!

For more, go here:

As with BlackHat, TROOPERS gives some scholarships to students around the world, which are interested and involved into the security sector. The competition is big in such events, because you are attending for free, bypassing a big fee that others have to pay, to attend it. For TROOPERS the process is more simple than BlackHat, and you just have to sent a motivation letter. The instructions on the site are as follows:


Troopers is all about training, personal progression, and making the world a safer place. The limited budget of many students should not get in the way of this mission. Hence we offer students the opportunity to submit a short abstract to apply for their free Troopers attendance. As the available seats are limited and there are potentially a high number of students, we apologize if we cannot accept all student applications.

If you want to apply, please send us an abstract about why you in particular should be attending Troopers — keep in mind, you have to convince us! Including:

  • A short personal introduction
  • Current fields of work/degree programs
  • Experiences and activities in the area of IT security
  • Published work/research/white papers/write-ups
  • Expectations for the conference and expected personal progression
  • What you will contribute to TROOPERS

Send this letter to
The deadline for the submission of Student Motivation Letters is January 31st 2017.

I learned about it, in one of my work trips, that a friend of mine mentioned it, and I searched it immediately. I prepared my letter and sent it to the email stated above. My email was the following:


My name is Thomas Sermpinis, and I am a Master’s student from Greece. I am 23 years old, with great passion for Cyber Security, from the age of 12 when I firstly started programming. I am currently studying for my master’s degree in “Informatics and Management” in the Aristotle University of Thessaloniki and I work in the security sector, preparing workshops for Hakin9 media, related to IT security topics. I have started working in this sector by the age of 18, where I worked in the biggest Greek Hacking Magazine, DeltaHacker. I am also, freelance in penetration testing, for an extra income, because of the difficult economic situation of Greece, but of course I really love what I do. Also, I have a personal YouTube channel, that I produce videos related to security, with a big fanbase.

As I wrote, my main field of work these last years, is presenting my knowledge to others, with workshop instructing, and article writing. By this, I have met many people, and acquired many experience in this field. I have also traveled to Germany this last year, for an opportunity in working with a Cyber Security firm, named Auxilium. Continuing, recently I acquired an academic scholarship for BlackHat Europe 2016, which I will attend in November and I hope that I will gain much from it.

Some of the topics that I have researched and presented in various ways are:

  • Penetration Testing with Android Devices (Hakin9, Google Developers Conference)
  • Android Malware Analysis (Hakin9)
  • Web Application Hacking: Data Store Attacks (Hakin9)
  • Penetration Testing with Kali 2.0 (Hakin9, DeltaHacker)

This is only a small part of my work in the security field, in which I want to work and offer my knowledge and experiences. This is also a reason why I want to attend TROOPERS. I want to meet new people, and acquire new knowledge, throughout the exceptional layout of this event. I thing that this is the way to my personal progression, and this is why I am continuously searching for new opportunities that will help me in this matter. Of course, my presence there will not go unnoticed. I want to be active and stand out of the crowd, by participating in competitions and discussions of TROOPERS. Finally, it will be a big and serious opportunity for me, that I will also be able to write about in my blog (cr0wsplace {dot} wordpress {dot} com) and let every reader know about TROOPERS conference and events, which will also be good advertising for you.

I look forward to hearing from you.

Best Regards,
Thomas Sermpinis

I am now selected as one of the scholarship holders, and I will attend the conference and the NGI event on March 20-24th of 2017. I will make a part 2 for the letter of acceptance and the registration process, so stay tuned. 😉


BlackHat Europe 2016 – Epilogue

Hello Everyone,

Here again, after two really succesful days in London. BlackHat Europe ended up with really good fealings, with new friends and contacts, with many presents from the event, and more knowledge.

During my time there, I tried to capture the most importand aspects of the event, to able to constract them in a mini-documentary, that it can pass you the spirit and for you to be able to feel it, despite you weren’t there.

The conclusion of the event is that it was a really good start in the security events for me, and I hope that it is the first of many to come. Finally, I want to tell you that I met Jeff Moss (the founder of BlackHat and DefCon events) in person, and we had a really good talk. His tweet after our talk was the following:


Hope to enjoy my video. Feel free to commend, like, dislike and subscribe to my channel.


Web Application Hacking Course by Cr0wTom

Hello Everyone,

As you already know, because of my early work on Cr0w’s Place, and your support of course, I have the opportunity to work in some of the biggest education providers in the security sector. One of them is Hakin9 Media SP. with whom I am starting a new four week course tomorrow, in the subject of Web Application Hacking, and specifically in DataStore attacks and Advanced SQL Injection. You can find my course here.

My intentions are not to phish for clients. It is a really advanced topic, that not anyone can attend. But if you are up to Security and Hacking and you have some knowledge in SQL Injection, you can find this really helpful.

To continue, I want to tell you that I am preparing a vlog for the upcoming BlackHat event, that I will attend in November. I want to call anyone that will attend too, to communicate me, and scheduled a meeting in the event. I will happy to meet all of you, and present you in my BlackHat videos.

Feel free to contact me with any contact way available. 🙂


Wordlist Creation with CUPP (Mr. Robot)

In this tutorial for Cr0w’s Place we are going to see how to generate a wordlist / dictionary file in Kali Linux, with a different tool, called CUPP. The difference is that this tool uses questions related to the victim, to produce a personalized wordlist for him/her. It is a really useful and effective tool, and it has also been shown in Mr. Robot series.

CUPP is a very powerful tool that creates a wordlist specifically for a person. CUPP is cross platform and written in Python. CUPP asks us questions about the target (name, wife’s name, pet’s name…) and then creates a password based on the keywords we entered.

To install it, go to a folder with a terminal window and type:

git clone

After this, and into the newly created cupp folder, we start the program like this:

  • cupp -i

Parameters are:

  • -h this menu
  • -i Interactive questions for user password profiling
  • -w Use this option to profile existing dictionary, or output to make some pwnsauce 🙂
  • -l Download huge wordlists from repository
  • -a Parse default usernames and passwords directly from Alecto DB. Project Alecto uses purified databases of Phenoelit and CIRT which where merged and enhanced.
  • -v Version of the program

If you like my job please Subscribe.

Thank You For Watching.:)


CTF team recruitment!

Hello everyone,

As you already know, I have started to be more active these last years in the field of security. I am not just an enthusiast, but I work and study for this field. The purpose of this post isn’t to present you my resume, but to start something new.

All these years I work alone. I write, test, and learn alone. I have also, compete in some CTFs alone, with random teams, from forums and Reddit. But I want to end this now. I want to create a team, and start to compete, wherever it is possible, develop-learn-share knowledge together, and start something new, that will offer not only to us, but hopefully to everyone.

I don’t know the name, I don’t know how many people we will be, but I want people with passion for the Security sector. Passion for computer hacking, developing, programming, penetration testing etc. I don’t want the guy that studies I.T. and goes to work just to live. Let’s create something extraordinary!

I will be happy to hear and speak with you. I am based in Greece, but I don’t thing that I want to restrict it here, so everyone is welcome. Feel free to ask me anything in any of the contact ways that you may find in this blog.