My road to BlackHat Asia 2017 and some updates!

Hello Everyone,

I know that it is getting a bit frustrating, but in this section I really need to update my blog about my academic work in the cyber security sector. The next couple of days I will write about my progress in my Ms program, but this post is all about another conference scholarship.

Just like BlackHat Europe, I recently got awarded with a student scholarship for BlackHat Asia 2017 in Singapore, 28-31 March 2017. It is a great honor to be selected for this event, but unfortunately I will not be able to attend it. The reason? Really expensive transport and accommodation, for a conference that will be more or less the same with BlackHat Europe that I attended earlier this year.

It was a great opportunity to visit Asia and meet people from this side of the world, but I think that in this time of my life I need to invest on other things and not in a similar conference.

The process is pretty similar with the one I presented you in the BlackHat Europe scholarship, and the support stays really great. They helped me a lot with the registration process, and in my questions about helping me cover transport and accommodation. Unfortunately, they couldn’t cover me these expenses so I will not attend the event.

To continue, this Sunday I will fly to Heidelberg for the TROOPERS conference, and I will keep you updated with posts and vlogs. Today, I received the following message with the last info about the event:

Dear TROOPERS,

We are now less than one week away from TROOPERS17! Just wanted to brief everyone on a few things to get your week of to a great start!

1. The trainings and Next Generation Internet (NGI) start on Monday, March 20 at 9:00am at the Print Media Academy

a. PMA Address: Kurfürsten-Anlage 60 69115 Heidelberg Germany

b. Registration will start at 8:00AM and light breakfast and coffee will be available.

c. There will be signs on site to guide you to the appropriate training rooms.

d. Please use this link to see where you can park at the Print Media Academy for those who are driving: http://parken.heidelberg.de/static/asset/parking/pdf/p18_bg-rci.pdf

e. The complete Training agenda is located at https://www.troopers.de/troopers17/trainings/

2. The trainings start on Tuesday 9:00am

a. Registration will be open at 8:00AM

b. Exception: TelcoSec Day will begin at 8:30AM on Tuesday.
https://www.troopers.de/troopers17/telcosec-day/

3. The Conference starts on Wednesday, March 22nd at 9:00 at the Print Media Academy, and will end at 1900 each day (there is an additional hour of talks each day to celebrate the 10th edition of TROOPERS).

a. Registration begins at 7:45AM. PLEASE come earlier rather than late.

b. You do not need a physical ticket. Just your name. Again please check-in at the Registration Desk to get all your TROOPERS goodies and agenda.

c. Don’t be late! Given the huge amount of the highest quality content and some special surprises for you, the doors of the keynote auditorium will close right at 9:00. We need to ask all late arrivals to watch the keynote through the streaming on the first floor.

d. The complete Conference Agenda is located at
https://www.troopers.de/troopers17/agenda/

e. There is a Shared Dinner Wednesday evening at Kulturbrauerei: Leyergasse 6, 69117 Heidelberg. We will arrange for buses to pick people up from the Print Media Academy starting at 6:30pm until 7:00pm. Please meet in the lobby of the PMA to catch your bus.
Dinner will start at 8:00pm.

4. Important Additional Information

a. 10k TROOPERS Run: Don’t forget your running shoes! We will meet at the Crowne Plaza Heidelberg hotel on Thursday March 23rd at 7:00AM.

b. PacketWars: BYOD! The Battle Briefing will be available on Monday March 20th here: https://www.troopers.de/troopers17/special-events/

c. TROOPERS GSM Network: As in the last years, we will have our own Troopers GSM network. Because there will be some challenges, it might come in handy to have a second cell phone with you. SIM cards can be picked up at the Reception Desk. This time you are also able to host your own SMS service. More information about this is published on our blog:https://insinuator.net/2017/03/troopers17-gsm-network-how-about-your-own-smpp-service/

d. Food: Monday – Thursday, starting at 8:30am, a light breakfast will be available, there will be 2 coffee breaks per day with nice snacks, and lunch will be provided onsite at the Print Media Academy.

e. Roundtables are on Friday from 9:30-13:00. The list of topics can be found here: https://www.troopers.de/troopers17/roundtables/

If you have any additional questions or concerns, please email us at info@troopers.de

Safe travels and see You soon!
Your Troopers Crew

So stay tuned! 😉

I want to close with the announcement of my new website, cr0wsplace.com, which is an attempt to start in the business security sector. So wish me luck and give me your feedback . 😀

Cr0wTom

Web Application Hacking Course by Cr0wTom

Hello Everyone,

As you already know, because of my early work on Cr0w’s Place, and your support of course, I have the opportunity to work in some of the biggest education providers in the security sector. One of them is Hakin9 Media SP. with whom I am starting a new four week course tomorrow, in the subject of Web Application Hacking, and specifically in DataStore attacks and Advanced SQL Injection. You can find my course here.

My intentions are not to phish for clients. It is a really advanced topic, that not anyone can attend. But if you are up to Security and Hacking and you have some knowledge in SQL Injection, you can find this really helpful.

To continue, I want to tell you that I am preparing a vlog for the upcoming BlackHat event, that I will attend in November. I want to call anyone that will attend too, to communicate me, and scheduled a meeting in the event. I will happy to meet all of you, and present you in my BlackHat videos.

Feel free to contact me with any contact way available. 🙂

Cr0wTom

My road to BlackHat Europe so far – Part 2 (Acceptance email)

Previously, we talked about the process I followed to get awarded with a student scholarship on BlackHat Europe 2016. As I told you, I followed the application process and I answered the required questions, as I showed you in part 1.

In this post, I will show you the acceptance email that I received in my inbox, ~40 days after my application.

Congratulations, you have been awarded a complimentary Student Scholarship to attend Black Hat Europe 2016 in London.  Black Hat Europe is the most technical and relevant global information security event in the world. For more than 19 years, Black Hat has provided attendees with the very latest in information security research, development, and trends in a strictly vendor-neutral environment.  This is an outstanding opportunity for students to learn from and network with some of the most talented researchers and practitioners working in InfoSec today.

 

Event:                   Black Hat Europe Briefings

Date:                     November 3 and November 4, 2016

Location:              Business Design Centre, London

 

Requirements:  In order to register for your complimentary Student Pass, you must meet the following requirements:

  • Must be at least 18 years old at the time of the event
  • Must provide copy of verifiable proof of full-time academic status at an accredited college or university (copy of class schedule or syllabus)
  • Must provide copy of valid and current college/university ID card
  • You must be able to provide your own travel to and accommodations in London —these are not included
  • Submit your materials on or before September 30, 2016.

 

Please reply to this email with the required information and we will set up your registration.  If you have any questions or need any more information, please contact us at blackhateuroperegistration@ubm.com

 

Congratulations on your nomination, and we hope you will be able to join us at Black Hat Europe this year.

 

The Black Hat Team

The email came from the address registration@ubm.com.

Cr0wTom

My road to BlackHat Europe so far (or how to get your scholarship)!

As I mentioned in my previous post, I recently got awarded with a complimentary Student Scholarship to attend Black Hat Europe 2016 in London. Of course they do not search for all the qualified students in the world, but you as a student have to apply for the scholarship and after a review from their side, be accepted or rejected.

The application form is hosted here and consists of several questions. I will now provide you the answers I gave to the application form, but of course if you decide to apply, give your own answers, as my answers have been recorded and you will immediately disqualified.

  • Why do you want attend Black Hat?
    Black Hat is one of the biggest events in the security industry, with many breakthrough topics every year. Because of this, and because I want to work in the Cyber Security sector in the future, I think that Black Hat can give me a head start, with the knowledge and the acquaintances that I may acquire with my attendance in the event. Also, I am really passionate in the research of this field, and finally, I think that I will be able to stand out of the crowd on the friendly competitions of the event. 
  • What course work, training, and/or experiences have you had that you feel qualify you for a complimentary pass? Be as specific as possible.
    First of all, I have completed successfully the Computer Science (CS50) course of Harvard University, through the edx platform, with a week focused on security. I am a Bachelor’s degree holder in the field of “Supply Chain Management” and I have been selected to start a Master’s Degree in the field of “Informatics and Management” in October 2016. These are for my accademics.Continuing, I was trained from the age of 12, by my uncle, in the field of computer science and especially programming. By the age of 18, I have started working in the biggest Greek penetration testing magazine, DeltaHacker, as a content creator, covering advanced penetration testing topics. Now, I am a workshop instructor in PenTest Mag and Hakin9, two of the biggest penetration testing related magazines in the world. I also own a big Youtube channel and a blog, related to penetration testing and information security, named Cr0w’s Place.In addition, I have presented the topic “Penetration Testing with Android Devices” in the Google Developers conference of Thessaloniki 2014, and the topics “Integration of Augmented Reality technology into Warehouse Management Systems” and “Integration of Near Field Communication technology into Warehouse Management Systems” in the 12th Student Conference on Management Science and Technology.Finally, I have worked many times as a freelance penetration tester, and I have visited Germany after an invitation for cooperation from Auxilium Cyber Sec, with whom I may cooperate in the future, after my Master’s Degree. 
  • What specific research (Briefings, Arsenal tools, Keynotes, etc.) from past Black Hat events do you find especially interesting and WHY? Relating specific Black Hat content back to your course work and/or area of study will increase your chances of being awarded a scholarship. Please site at least 3 examples. Archives can be found here for reference: https://www.blackhat.com/html/archives.html
    1. Don’t Stand So Close To Me: An Analysis of the NFC Attack Surface (July 25, 2012) – As I stated in the previous question, I have presented the topic “Integration of Near Field Communication technology into Warehouse Management Systems” which happens to also be my thesis topic for my bachelors. A big part of this topic was the security of NFC in which this Black Hat presentation helped me a lot, and I find it really interesting.
    2. Fingerprints on Mobile Devices: Abusing and Leaking (2015) – One of my main fields of interest in the security sector is mobile devices. I have presented a topic in the GDG, wrote many things on my blog and on the magazines I work. For this matter I am interested in many Android and iOS related presentations of BlackHat, and one of my favourites was this. I have many times referenced to the paper of this presentation.
    3. Hacking the Corporate Mind: Using Social Engineering Tactics to Improve Organizational Security Acceptance (July 26, 2012) – Because most of my work is based on the corporate world, as I studied in the Supply Chain Management field, I have used the knowledge acquired by this presentation, and other sources, to fix some aspects of security in the company I was helding an internship program, Kleemann S.a.
    4. Attacking Mobile Broadband Modems Like a Criminal Would (2014) – One of my biggest and most successful topic in the DeltaHacker Magazine, was based in this exact blackhat presentation. When I saw it, I was so excited that I wanted to present it to the Greek public, and I did it with great success.

    I have also, liked many other presentations but I think that these four was the most important now that I have to choose.

I have to thank many people for this opportunity, and for the state that I’ve reached until now, but I will not do it publicly. Keep in mind that all the above are property of the Cr0w’s Place and Thomas Sermpinis, and their use is prohibited. They have been uploaded for educational purposes only. Thank you and I wish good luck to every contestant.

BlackHat Europe 2016 is taking place in London, 1-4 November 2016. I will be happy to meet you there.

Cr0wTom

Android Malware Analysis and BlackHat Europe 2016

Hello everyone,

Long time since our last talk. I have to say sorry, but I am pretty busy those last months. I graduated in my bachelors, I started a Masters degree and many more.

The thing I want to talk you about today, is a new course that I instruct, which has to do with Android Malware Analysis. It has started 2 weeks ago and it will continue for 2 weeks more, but don’t worry, it’s self paced. You can start it whenever you want, it will be online for a long time. You can find it in eForensics magazine, in this link.

I hope that you will like it, if you decide to start it. Feel free to ask me anything, before you start, or during your course time.

Another interesting thing about Cr0w’s Place is that I will attend the BlackHat Europe conference in November. I will cover most of the things that I will see there and if some of you attend too, I will be happy to meet and talk with you.

Cr0wTom