RSS feed of Women in Infosec Blogs

I am currently working on this list. More RSS are coming soon 🙂

Alyssa’s Blog – Alyssa Miller Hacker, Security Evangelist, and Cyber Security Professional

  • Don’t Tap That Mic

    Top 1o tips for working with production crews as a speaker A colleague and I were recently talking about the bad habits we’ve seen from speakers at […]

  • A Promotions Gap

    Could it be that our promotions practices are helping fuel the supposed skills gap in security. Organizations can do much more when it comes to developing […]

  • RSA Conference Schedule

    Where to find me at RSA As I’ve announced previously through social media, I’ve received the great honor of being accepted to speak at the RSA […]


CryptoKait Home of the National Cyber League Player Ambassadors

  • The Easy Way to Deal with Difficult NCL Teammates

    It happens to everyone at some point in their lives — you get stuck on a team with someone who you seem to get along with fine with, but working together […]

  • Writing Elegant Regular Expressions

    Regular expressions have a reputation for looking like an unintelligible mishmash of random symbols. While it’s true that most regular expressions tend […]

  • Fresh Kali…I mean Coffee

    Gather ’round, friends. We’ll be skipping the coverage of Kali Linux today in favor of a hacking tool even more essential to hackers of all shapes […]


0x1338 One Step Ahead Of The Average Nerd

  • BlackHoodie comes back to San Francisco
    par Unknown le 18 mars 2019 à 17 h 51 min

    I promised we’d be back! So here we roll again, BlackHoodie is coming back to San Francisco, this time filling the Google campuses in downtown with a […]

  • BlackHoodie Bay Area 2018
    par Unknown le 10 juillet 2018 à 22 h 18 min

    Years ago I was listening to a talk at the CCC Congress in Hamburg, where a hackerette explained to us how she managed to exploit a Tamagotchi. I was […]

  • BlackHoodie #3 - Staring assembly to death
    par Unknown le 7 juillet 2017 à 12 h 19 min

    I am happy to announce BlackHoodie #3, a free reverse engineering workshop for women, taking place the 25th and 26th of November in the beautiful city of […]


    Feed has no items.

Blackhoodie Homepage for Blackhoodie


Stories by its C0rg1 on Medium Stories by its C0rg1 on Medium

Six mois après, au Canada… / Six month later, in Canada…

Scroll down for English

Six mois déjà et je n’ai pas vu le temps passer! Entre deux déménagements, la vie quotidienne, mes activités sportives, associatives et des balades en ville et dans la nature. 

Ma passion pour la cybersécurité et sa démocratisation a pris la plus grande place.

Cet article va présenter ce que j’ai fait à Montréal ces six derniers mois.

Comment ai-je continué mon auto-formation? Comment se passe mon expérience de pentesteuse?

Mon travail chez Okiok est très varié et dépasse de loin mes attentes (voir ici l’article concernant Okiok).

J’ai eu différents mandats passionnants qui m’ont permis de m’améliorer en pentest Web et externes. J’ai découvert les pentests interne et WiFi et toute la variété de missions possibles dans ce métier.

Aussi, j’ai eu la possibilité de faire un pentest physique, dont je parlerai prochainement dans un article.

Au delà des missions, j’ai eu l’opportunité d’animer un lunch and learn sur le pentest pour présenter le métier à nos collaborateurs.

En ce moment, je suis en clientèle pour une mission de Blue Team où je développe mes compétences en défense.

Avec Okiok j’ai également la possibilité d’assister à des conférences et de participer à des CTF.

J’ai notamment, peu après mon arrivée sur le sol canadien eu la chance de participer au fameux Hackfest de Québec City. 

Passionnée par l’OSINT, je me suis inscrite au Missing Person CTF organisé par Tracelabs, une super initiative qui permet d’aider les autorités à trouver des personnes disparues. 

Après avoir assisté à de passionnantes conférences je suis allée me fabriquer un badge au village de soudure, je me suis entraînée au lockpicking et j’ai hacké des badges RFID!

Côté démocratisation de la cybersécurité et promotion de la cyberpaix, je ne suis pas en reste non plus!

En effet, en arrivant au Canada, j’ai été chaleureusement accueillie par Véro, Fyscillia et Sabrine qui organisent des panels pour permettrent à des femmes de la cyber de débattre sur différents sujets dans le cadre de NousSommesCyber (aka WoSEC Montréal)

J’ai ainsi été panéliste chez Ubisoft Montréal (voir ici) pour une table ronde sur la sensibilisation à la cybersécurité.

Lors de mon arrivée, il était également question pour WoSEC Montréal d’organiser des workshops et Véro m’a proposé de les aider dans cette tâche.

Le premier workshop était celui de Diana Whitney qui nous a présenté comment exploiter eternal blue avec la box Blue de Hactkthebox. Ensuite, j’ai animé un atelier d’initiation au pentest web.

Avec la situation de pandémie actuelle nous avons décidé de maintenir les workshops en version 100% remote 😀 et nous aurons la chance d’avoir une introduction sur l’ingénierie inverse par Emma Spradbrow (Informations pour l’inscription dans l’image suivante ATTENTION réservé aux femmes).

Aussi, lors de mes activités pour NousSommesCyber, j’ai rencontré Masarah qui m’a proposé de participer au Outreach committee du NorthSec.

L’objectif, permettre à tous les publics d’assister au NorthSec et de bénéficier des formations proposées lors de la conférence.

Pour en savoir plus sur le NorthSec c’est ici!

Afin de continuer dans mes démarches de sensibilisation et de partage de mes connaissances, j’ai soumis plusieurs CFP. C’est ainsi que j’ai été selectionnée pour animer un talk à WomenTechMakers Montréal.

En raison du COVID-19 l’évènement s’est fait 100% en ligne, vous pouvez donc voir mon talk ici:

Dans le cadre de MeetCyber, Enkelada Ibrahimi m’a contactée via Linkedin et j’ai ainsi été interviewée pour relater mon parcours, mon travail et mes projets. Pour les personnes qui sont sur Crowdcast, c’est disponible ici

Être interviewée ne m’a pas empêché de continuer mes interviews! 

En effet, grâce à WoSEC j’ai fait la connaissance de Angela Marafino et Alyssa Miller que j’ai interviewées dans ma série de podcast.

Leurs parcours sont passionnants et inspirants! Je vous invite à les découvrir ici avec les précédents podcasts.

Pour améliorer mon aisance à l’oral et continuer à faire de nombreux talks, j’ai rejoint un club Toastmasters. C’est une expérience très enrichissante, le club se réunit une fois par semaine et propose différents format de participation. Par exemple, il y a un rôle d’évaluateur de la langue, qui consiste à faire un retour sur les termes et expressions utilisées par les divers intervenants. Nous faisons également des improvisations et bien sur des présentations orales.

Pour continuer à apprendre et affiner mes compétences, j’ai également continué mes formations en ligne. J’ai notamment validé le Mooc problem Solving qui m’a permis de développer une méthodologie face aux challenges de la vie professionnelle. 

Grâce à Okiok, je fais actuellement la formation de Elearn Security sur le pentest Web.

Enfin, je continue à m’entrainer sur Hackthebox et Certifiedsecure et j’avance sur les exercices du Mossé Institute.

D’ailleurs si vous êtes une femme intéressée par la cybersécurité le Mossé institute offre une formation gratuite et certifiante. Vous pouvez me contacter via Linkedin pour en savoir plus.

Retrouvez la suite de cette aventure dans un prochain article!…


I have spent six month in Montreal already! Between two moves, daily life, sports, associative activities and walks in the city and in nature.


My passion for cybersecurity and its democratization has taken the greatest place.
This article will present what I have been doing during these past six months…
How did I continue my self-study? How is my experience as a pentester going?

My work at Okiok is very varied and exceeds by far my expectations (see here my article about Okiok).

I’ve had various exciting mandates that have allowed me to improve my skills in Web and external pentest. I discovered internal and WiFi pentests and all the variety of possible missions in this position.

Also, I had the opportunity to do a physical pentest, which I will talk about soon in an article.

Beyond these missions, I had the opportunity to host a lunch and learn about pentest to present it to our collaborators.

At the moment, I am on a Blue Team mission where I am developing my skills in defence.

With Okiok, I also have the opportunity to attend conferences and participate in CTFs.
In particular, shortly after my arrival in Canada, I had the chance to participate in the famous Hackfest in Quebec City.
Passionate about OSINT, I signed up for the Missing Person CTF organized by Tracelabs, a great initiative that helps authorities find missing persons.
After attending exciting conferences, I went to the soldering village to make myself a badge, practiced lockpicking and hacked RFID badges!

As for democratizing cyber security and promoting cyberpeace, I have plenty of opportunities either!
Indeed, when I arrived in Canada, I was warmly welcomed by Véro, Fyscillia and Sabrine who organize panels to allow women from the cyber world to debate on different subjects about cybersecurity with WeAreCyber (aka WoSEC Montreal).

I was a panelist at Ubisoft Montreal (see here) with a theme on cybersecurity awareness.

When I arrived, WoSEC Montreal was also talking about organizing workshops and Véro offered me to help them in this task.

The first workshop was with Diana Whitney who demonstrate how to exploit eternal blue with Hactkthebox’s « Blue » box.

Then, I animated an initiation workshop to web pentest


With the current pandemic situation we decided to keep the workshops but in a 100% remote 😀 version and we will have the chance to have an introduction on reverse engineering by Emma Spradbrow (Registrations info in the image below. WARNING only for women).

Also, during my activities for WeAreCyber, I met Masarah who offered me to participate to the Outreach committee of NorthSec.

The goal: to allow all audiences to attend NorthSec and benefit from the training offered at the conference.

To learn more about NorthSec, click here!

In order to continue in my efforts to raise awareness and share my knowledge, I have submitted several CFP. That’s how I was selected to host a talk (in french) at WomenTechMakers Montreal.

My talk for WomenTechMakers Montreal, in french

Due to COVID-19 the event was 100% online, so you can see my talk above.

As part of MeetCyber, Enkelada Ibrahimi contacted me via Linkedin and I was interviewed about my background, my work and my projects for the people on Crowdcast, it’s available here.

Being interviewed didn’t stop me from continuing my interviews!
Indeed, thanks to WoSEC I met Angela Marafino and Alyssa Miller who I interviewed in my podcast series.

Their backgrounds are exciting and inspiring! I invite you to discover them here among other interviewees.

To improve my public speaking skills and continue to do many talks, I joined a Toastmasters club. It’s a very enriching experience, the club meets once a week and offers different participation formats. For example, there is a role of language assessor, which consists of reviewing the terms and expressions used by the various speakers. We also do improvisations and of course oral presentations.

To continue to learn and refine my skills, I also continued my online training. In particular, I validated the Mooc problem Solving, which allowed me to develop a methodology for dealing with the challenges of professional life.

Thanks to Okiok, I am currently doing the Elearn Security training about web pentesting.
Finally, I continue to train on Hackthebox and Certifiedsecure and I go further on the exercises of the Mossé Institute.

Moreover if you are a woman interested in cyber security the Mossé Institute offers free training and certification. You can contact me via Linkedin to find out more.

Find the sequel of this adventure in another article soon!…

Women Tech Makers – Montréal

Le 21 mars 2019 j’ai donné un talk: Qu’est-ce que le pentest web? Et quelques exemples d’exploitation de vulnérabilités.

Vous pouvez visionner mon intervention ci-après

On the 21st of march i gave a talk: What is web pentest? And some vulnerabilities example.

You can see my video here (in french only)

Qu’est-ce que le pentest web? – WomenTechMakers Montreal

World Tour Podcast Series 1 Episode 6: Alyssa Miller

Alyssa Miller

Alyssa Miller is a hacker, security evangelist, cyber security professional and public speaker with almost 15 years of experience in the security industry.

Her experience includes penetration testing, threat modeling and working with business leaders to build enterprise security programs. She speaks internationally at industry, vendor, and leadership conferences on topics ranging from technical security vulnerabilities, to high-level security program strategies, to issues within the security community itself.

She is a member of the Board of Directors for Women of Security (WoSEC), an Advisory Board member for Blue Team Con in Chicago, and she currently works as an Application Security Advocate for London-based open-source security firm Snyk.

Today, she will talk to us her inspiring career, imposter syndrome and how it is to be a « human being in cybersecurity ».

You can follow her on Twitter, Linkedin and visit her website

Listen here

Listen on Apple Podcasts: https://podcasts.apple.com/fr/podcast/alyssa-miller/id1476926546?i=1000463754298

World Tour Podcast Series 1 Episode 5: Angela Marafino

Angela Marafino

Angela Marafino is an Evolve Security Academy alumna and is currently an Associate Consultant Engineer on CDW’s InfoSec team. With no background in IT or computer science, Angela did not take the traditional route to obtain a career in cybersecurity. However, being computer savvy and having a passion for privacy led her to enroll in Evolve Security Academy’s cybersecurity bootcamp, which gave her the skills and mindset to become a cybersecurity professional.

She is CompTIA Security + and Network + certified and holds two Bachelor’s degrees, one in Fine Arts and another in pre-law. Angela is also the organizer of her local WoSec (Women of Security) Chapter (Denver).

Today she is going to share with us her journey in cybersecurity. How the reading of an article made her consider starting a career in cyber!

You can follow her on Linkedin, on Twitter and on Medium

Listen on this page

Listen on Apple Podcasts: https://podcasts.apple.com/fr/podcast/world-tour-podcast-series-1-episode-5-angela-marafino/id1476926546?i=1000461860466

A toi belle journée d’hiver * Okiok

Ma démarche d’auto-formation en cybersécurité que je documente ici, depuis avril 2018, m’a permis d’être embauchée comme pentesteuse chez Okiok.

Cette nouvelle aventure canadienne m’a inspiré un conte cyber.

Il était une fois, un grand grand royaume nommé l’Internet où existe un territoire lointain et invisible, le Cyberespace.

Cet espace non défini, renferme les plus grands serpents de mer du royaume. Ces colosses, cachés sous nos océans terrestres susurrent les tous petits, les petits, les moyens, les grands et les très grands secrets de ses habitants que l’on appelle : Internautes. 

Ces Internautes, habillés de rouge, de bleu, de violet, de noir ou d’autres couleurs encore ont chacun une façon bien particulière de vivre dans le royaume. 

Les bleus défendent le royaume, les rouges préparent les bleus en organisant de fausses attaques qui consistent à attraper discrètement des drapeaux sur les territoires à défendre. Les violets font les deux et enfin les gris-noirs ont des projets bien plus flous. 

Ces derniers portent différentes nuances de noir. Ils ont pour emblème un hoodie de leur couleur qui cache leurs yeux. 

Certains d’entre eux militent pour des causes politiques ou sociales nobles ou pas, d’autres s’accaparent les richesses du royaume et des Internautes et d’autres encore, créent des stratégies d’intrusions qui pourraient détruire le royaume et ses habitants.

Face à tous ces personnages aux bonnes et mauvaises intentions, j’ai voulu m’impliquer avec ceux vêtus de couleurs claires et dont les yeux étaient teintés d’une lueur bienveillante. 

C’est alors que j’appris qu’au coin de ma rue, Okiok, le premier à avoir voulu protéger l’Internet et ses habitants organisait un recrutement d’internautes aux couleurs claires. 

D’un pas curieux et décidé, je suis allée à sa rencontre, car je voulais faire partie de son équipe. 

C’est ainsi que nous avons discuté, de mes voyages dans le royaume, de ses missions pour qu’il reste sûr et libre et qu’il m’a invité à attraper des drapeaux pour un premier essai.

Quelques jours plus tard j’appris avec une grande joie que j’allais faire partie de son équipe. Surexcitée, je m’empressais de le rejoindre dans son pays d’hiver où il m’a accueilli chaleureusement par un « Bienvenue dans la famille ». 

J’avais enfin trouvé la définition de la cybersécurité : confiance et bienveillance.

International Cyber Security Summer School 2019 (ICSSS 2019)

ICSSS 2019 in The Hague

In the end of august i participated to ICSSS 2019 in The Hague (Netherlands). We had different lectures about cybersecurity in various places such as Leiden University, NCI Agency, Europol, The Hague Security Delta, Dutch innovation factory. We also had the full week to work on different challenges in groups. My challenge was about Cyber resilience for The Hague Center for Strategic Studies.

What is ICSSS 2019?

« The International Cyber Security Summer School (ICSSS) is an annual summer school, originally organised by NATO C&I Agency, Europol, the Netherlands Ministry of Defence Cyber Command, Leiden University and The Hague Security Delta. « 

Source: ICSSS website

What happened?

Day 1

Day 1 of ICSSS 2019

Useful to know about Day 1:

The ice breaker game:

The afternoon was animated by Ákos Wetters. Akos offered an app for an Ice Breaker game called SpotYet. We had to take a selfie and answer questions about ourselves. Then, the app showed us the picture of the person we had to talk to and after finding the person, we could talk about our answers or about anything else we fancied. It gave us the possibility to have one on one conversation instead of having to introduce ourselves in front of 60 other persons. Here is a map of our interconnection during the event made by SpotYet.

SpotYet interconnexions map of our ice breaker game

A blue team vs red team workshop

Scenario of red team versus blue team game

The red team versus blue team game was made by Leila Taghizadeh. The read team is suppose to hack the blue team. The red team had to explain the process they would use to hack the company. The blue team had to explain how they would protect themselves.

ICSSS Tweet about Day 1

Day 2

Day 2 of ICSSS 2019

Useful to know about Day 2:

  • The lecture of the morning by Professor Bibi Van Den Berg was a broad overview of cyberspace. The following subjects were tackled: Human error and cybersecurity incidents, Law as an incentive to prevent human error, alternative way of steering human behavior.
  • The workshop of the afternoon was made by Els de Busser. It was an exercise about NotPetya. We were divided in groups some represented the Russian and the others, the Ukrainian. We had to build an argumentation to defend the team we were in so that we could give our point of view in front of the International court of law.
ICSSS tweet about Day 2

Day 3

Day 3 at ICSSS 2019

Useful to know about Day 3:

The subject tackles in the keynotes were as follow: Introduction to the NCI Agency, Cyber Security at the NCI Agency, Career opportunities at the NCI Agency.

NCI Agency’s tweet about Day 3

Day 4

Day 4 at ICSSS 2019

Useful to know about Day 4:

  • The keynotes were made by Maia Spilman and Michael Payne.
  • In the first workshop of the afternoon we saw how to transform a Raspberry Pi into a hacking tool. It was lead by Niels Vonk and Ramon Janssen
  • In the second workshop of the afternoon we worked on a home made version of OWASP Juice shop. It was lead by Wout Debaenst and Ricardo Sanchez Marchand.
ICSSS tweet about Day 4

Day 5

Day 5 at ICSSS 2019

Useful to know about Day 5:

The subjects tackled in the morning lecture by Jarek Jakubcek were : Introduction to Europol EC3 and latest cybercrime trends and threats, Use and abuse of cryptocurrencies, Cryptocurrency investigations and strategic investigations, Blockchain, OSINT and the Europol on-the-job experience.

Europol’s tweet about Day 5

Day 6

Day 6 at ICSSS 2019

Useful to know about day 6:

The subject tackled in the keynotes of the morning were the following: short briefing on the concept of the Dutch Innovation Factory, Cyber Security activities within an international context. Also, Dr Rutger Leukfeld made a lecture about The Human factor in cybercrime and Peter Janssen presented Cybersprint.

Dutch Innovation Park’s tweet about Day 6

Summary of ICSSS 2019 in pictures

ICSSS 2019 summary in pictures

Why should you attend ICSSS ?

  • ICSSS gives a holistic point of view of cybersecurity. We had ethical hacking workshops and also tackled subjects as various as: laws, policies, cyber resilience, crypto currencies, …
  • Meet people from all over the world (this year 22 different countries). But also a great panel of different backgrounds from technical to legal.
  • The lectures were made by renowned University professors but also by experienced professionals from different fields (private and public sector).
  • Don’t hesitate to apply your motivation will lead you the way! This experience is a once in a lifetime.

To go further

World Tour Podcast Series 1 Episode 4: Chloe Messdaghi

Chloe Messdaghi is a Security Researcher Advocate and partner of WoSEC of the San Francisco chapter. Today she is going to share with us her vision of cybersecurity, give some tips to non profit on how to stay safe, and other tips for those of you who would like to start bug bounties.

You can follow her on Linkedin or Twitter or go to her website

Listen in this page

Listen on Apple Podcasts: https://podcasts.apple.com/fr/podcast/world-tour-podcast-series-1-episode-4-chloe-messdaghi/id1476926546?i=1000447473807