Code name 23-00 / Nom de code 23-00

Faire défiler le texte pour la version française

This story is largely based on real facts, the names and places have been changed to ensure the anonymity of the characters and entities involved.

One beautiful fall morning, Agent John Durden and I received a mysterious package at the « Beautiful Winter Day » office…

No, our mission does not start with a tape recorder whose tapes burn out at the end of the message.

It starts with a mission order from the Bureau that Agent Effix left on our email inboxes:

« Good morning, Agent Durden and Agent Granville, your mission, if you agree, will be to enter the offices of Sansnom. We must act urgently, Sansnom would like to know if their security system is ready before the unfixable happens. You will have to visit four strategic locations:

The electrical room, the server room, the production room and finally the hardest place to reach the management offices.

If you have no question, this message will self-destruct in a few seconds… or not. »

Excited about our new mission, Agent Durden and I took the first train.

When we arrived at the location, we thought we were in front of a fortress… This imposing building was surrounded by high, sharply pointed gates, its walls were adorned with surveillance cameras, and guards made sure that everyone who entered had a badge to prove their presence.

Also, to make things more difficult for us, any outside person who wanted to enter was escorted to his or her appointment.

This deployment of deterrent security forced us to make our scenarios more complex, but in no way diminished our determination.

In short, only one question occupied our thoughts: How to get in?

We then observed the habits of the local workers. How did they use their badges? Did they sneak into the glass gates in single or multiple groups?

That’s when agent Durden noticed that the glass door reserved for people with reduced mobility had a bottom door large enough to fit through.

We also noted that by a certain time the main security towers were empty, only the scanning cameras were ensuring the security of the building.

Were they operational? We didn’t know.

These small discoveries, our many reconnaissance phases and our multiple scenarios, led us to make an abrupt decision, our eyes concluded: « It will be tonight »…

23-00, dark night, like our camouflages, we were in front of the targeted door waiting for silence around us.

Excitement and apprehension took hold of us, but our determination would guide our entire mission.

Swept away by this mixture of emotions, I suddenly slipped under the narrow doorway.

Joined by my sidekick, we looked at each other for a moment without daring to breathe too deeply, as if we were waiting for something to happen. Nothing happened. In front of us were large staircases.

We went up the first steps and arrived at another staircase, but protected this time.

Undeterred, we went around and found an open door next to it.

So we began our ascent to the various offices in the building.

Our exploration on each floor allowed us to make beautiful discoveries such as blank badges to circulate in the building, precise plans of each room, unlocked mobile phones …

As our research progressed, we were able to find our way around this well-guarded lair which still seemed to selfishly hide some of its mysteries.

In one of the rooms on the third floor, we found temporary access badges, as well as a machine that seemed to be used to print new badges.

Our searches and finds were interrupted by our startle at every sound we thought we heard.

To optimize time, but more importantly to complete our mission, we eventually parted ways.

There, on one of the desks, I found a large booklet containing access codes and instructions for the building’s security systems.

Agent Durden had also made some interesting discoveries, including plans of the building.

Both of us, armed with our valuable information, decided to reach our first target, the management offices. Prior to our mission, I had been able to create a precise profile with information from the management.

When we arrived upstairs, we found that the door security system was much more elaborate than the others, listening only to his courage, Agent Durden began to try to hook the door.

Indeed, agent Durden, always very skilled with his hands, had taken care to forge for us a door-picking equipment that would have made even the greatest locksmiths blush.

While he was testing his new tools, I concentrated on searching for any additional information from the surrounding offices.

Some of the drawers were locked, so the search for their keys intuitively led me to a box containing almost magically the keys to the drawers.

I made interesting discoveries about the schedules of the various members of the management. I made notes and took pictures of everything in case we had to improvise another scenario the next day if we didn’t reach our targets that night.

Officer Durden, who was dealing with a particularly tough door, suggested that I go back down to the third floor offices to pick up a blank badge from the machine we had spotted beforehand, which he hoped would help him with this tedious task.

He didn’t count on a bunch of master keys that he found in a drawer. With these discoveries made, and the master keys tested on a few doors, we took the opportunity of opening the electrical room which we had located, but which we could not open for lack of keys.

Then we went back upstairs to the floor and the offices we had been looking for.

Suddenly as we walked down a corridor we heard the sound of a door slamming very near us, and Officer Durden rushed down a small perpendicular passage which ran along the side of the fully glazed offices and found a dark corner where he crashed against the wall.

Surprised by the urgency of the situation and dazzled by a shower of light on me, I had no choice but to stick to the wall of the passage.

Officer Durden glanced at me, his look distorted by anguish, and then we passed a security guard from behind who miraculously did not turn around and pay no attention to our cleverly concealed presence.

Once the silence came back, which seemed hours later but was only a few seconds, we moved away as quietly and quickly as possible. We resumed our mission at the refractory door to test the passes we had found earlier.

Eureka, it opened, we had reached our first target, which we took pictures of.

We decided to do all the floors we hadn’t done yet in search of our last targets. That’s how we found the server room, however, our master keys didn’t work and the place was even more full of cameras than the rest of the offices.

We spotted a slab in a false floor and discovered that we could lift it to get into the room. We took a picture of it as evidence of a possible bypass of the security system and continued our descent and visit of the top floors.

We paused to study the plans we had found previously and especially the basement plan that intrigued us.

We spotted an area where nothing was indicated and concluded that it was probably another of our most important targets: the production room, which was also our last target, the one that would end our perilous mission.

So we headed there, joyful and carefree of our previous successes, but still discreet. As we descended to the basement we heard a radio noise and finished our descent on velvet steps despite my poor choice of shoes, which had an annoying tendency to squeak on the smooth floor. Once in front of the door of the ultimate room, I opened it carefully while agent Durden took a picture of me saying « the backlight suits you! « which triggered my hilarity and prevented me from immediately seeing the person who was working in this room, which seemed to be a production room indeed.

« What’s going on here? « asked the individual, Agent Durden stammered, « We’re lost”.

Still mixed between the stress of our previous frights and exhilarated by the fact that this room was the end of our mission, I said to our interlocutor:

« My colleague was kind enough to accompany me to retrieve important documents.  » I showed the official envelope that I had retrieved during our visit to the third floor and in which was just some letterhead paper that I had taken in case we had to build future scenarios.

« I had left them in the office, but now we can’t find the exit, where is it please? »

The individual, even more embarrassed than we were, pointed to the security post for the night exit, while a security guard came down and asked us what we were doing here in the middle of the night. We had been in the building for more than five hours. We explained our shameless lies to him again and showed him the temporary badges previously recovered to justify our presence, while joining his colleague.

He asked us more questions and we were forced to give the name of our contact to justify the absence of an escort. The second officer was disconcertingly kind and explained that he was surprised to see us arrive in the basement.

They took our names and our identification papers, and then showed us the gate where we had to badge our way out. So we tried to get through with the temporary badges, which obviously did not allow us to open the glass doors.

So they opened the gates themselves and we were able to leave, relieved and happy about the success of this mission.

After walking a few meters outside, the second officer joined us to collect our temporary badges. « We will provide you with other badges tomorrow, » he apologized, « but we must first clear up this incident which should not have happened.”

We gave him back our badges and were able to leave for the comfort of our homes, with the satisfaction of a mission accomplished and as many emotions as memories in our eyes and hearts.

Cette histoire est largement inspirée de faits réels, les noms et les endroits ont été changés afin de garantir l’anonymat des personnages, et entités concernés.

Un beau matin d’automne, l’agent John Durden et moi-même avons reçu aux bureaux de « Belle journée d’hiver » un mystérieux colis… 

Non, notre mission ne commence pas avec un magnétophone dont les bandes se consument à la fin du message.

Mais bien par un ordre de mission de l’agent Effix du Bureau, laissé sur nos boîtes courriel :

« Bon matin agent Durden et agent Granville, votre mission si vous l’acceptez sera de vous introduire dans les bureaux de Sansnom. Il faut agir de toute urgence, Sansnom souhaiterait savoir si leur système de sécurité est au point avant que l’irréparable ne se produise. Vous allez devoir y visiter quatre endroits stratégiques:

La salle électrique, la salle des serveurs, la salle de production et enfin l’endroit le plus difficile à atteindre les bureaux de la direction.

Si vous n’avez pas de questions, ce message s’autodétruira dans quelques secondes … ou pas»

Excités de notre nouvelle mission, l’agent Durden et moi-même partîmes d’un pas décidé et prîmes le premier train.

À notre arrivée, sur le lieu-dit, nous nous crûmes devant une forteresse. Cette bâtisse imposante était encerclée de hautes grilles aux bouts très pointus, ses murs étaient ornés de caméras de surveillance et des gardes veillaient à ce que chaque personne qui y entrait ait un badge qui justifiait de sa présence. 

Aussi, pour nous compliquer la tâche, toute personne extérieure qui souhaitait y rentrer était escortée à son rendez-vous. 

Ce déploiement de sécurité dissuasive nous obligea à complexifier nos scénarios, mais n’entama en rien notre détermination. 

Une seule question, en somme, occupait nos pensées : Par où rentrer ? 

Nous observâmes alors les habitudes des travailleurs du lieu. Comment utilisaient-ils leur badge ? Se faufilaient-ils à un ou à plusieurs dans les portiques de verres ? 

C’est à ce moment-là que l’agent Durden remarqua que la porte de verre réservée aux personnes à mobilité réduite avait un bas de porte assez grand pour s’y faufiler. 

Nous notâmes également, qu’à partir d’une certaine heure, les tourelles principales étaient vides, seul le balayage des caméras veillait à la sécurité du bâtiment.

Étaient-elles opérationnelles ? Nous n’en savions rien.

Ces minces trouvailles, nos nombreuses phases de reconnaissances et nos multiples scénarios, nous amenâmes à prendre une décision abrupte, nos regards conclurent: « ça sera ce soir »

23-00, nuit noire, comme nos camouflages, nous étions devant la porte ciblée à attendre que le silence se fasse autour de nous.

L’excitation et l’appréhension s’emparèrent alors de nous, mais notre détermination guiderait toute notre mission.

Emportée par ce mélange d’émotions, je me glissais brusquement sous le bas de porte étroit. 

Rejointe par mon acolyte, nous nous regardâmes un instant sans oser respirer trop fort comme si nous attendions que quelque chose se produise. Rien ne se passa. Devant nous se trouvaient de grands escaliers.

Nous montâmes les premières marches et arrivâmes devant un autre escalier, mais protégé cette fois-ci. 

Sans nous décourager, nous fîmes le tour et finîmes par trouver une porte ouverte juste à côté. 

C’est ainsi que nous commençâmes notre ascension vers les différents bureaux du bâtiment.

Notre exploration à chaque étage nous permit de faire de belles trouvailles comme des badges vierges pour circuler dans le bâtiment, des plans précis de chaque salle, des téléphones portables non verrouillés …

Au fur et à mesure de nos recherches, nous nous repérions un peu mieux au sein de cet antre bien gardé qui semblait encore cacher égoïstement quelques-uns de ses mystères.

Dans une des salles du troisième étage, nous trouvâmes des badges d’accès temporaires, ainsi qu’une machine qui semblait servir à imprimer de nouveaux badges. 

Nos recherches et trouvailles connaissaient des intermèdes de sursaut à chaque bruit que l’on croyait entendre.

Pour optimiser le temps, mais surtout pour mener à bien notre mission, nous finîmes par nous séparer.

C’est là que sur un des bureaux, je trouvais un grand livret contenant des codes d’accès et des modes d’emploi des systèmes de sécurité du bâtiment. 

De son côté, l’agent Durden avait également fait de belles trouvailles dont des plans du bâtiment.

Tous deux, forts de nos précieuses informations, nous décidâmes de viser notre première cible, les bureaux de la direction. En amont de notre mission, j’avais pu créer un profil précis avec les informations de la Direction. 

Arrivés à l’étage, nous constatâmes que le système de sécurité des portes était bien plus élaboré que les autres, n’écoutant que son courage l’agent Durden commença à essayer de crocheter la porte.

En effet, l’agent Durden toujours très habile de ses mains avait pris soin de nous forger un matériel de crochetage de porte qui aurait fait rougir les plus grands serruriers.

Pendant qu’il testait ses nouveaux outils, je me concentrais à glaner toutes informations supplémentaires dans les bureaux des alentours. 

Certains tiroirs étaient fermés à clé, la quête de ces clés m’amena intuitivement vers une boîte renfermant presque par « Magie » les clés des tiroirs.

Je fis d’intéressantes découvertes sur l’emploi du temps des divers membres de la direction. Je pris tout en note et en photo pour le cas où nous devions improviser un autre scénario le lendemain si jamais nous n’atteignons pas nos cibles cette nuit.

L’agent Durden ayant à faire à une porte particulièrement coriace, me proposa de redescendre explorer les bureaux du troisième étage afin de prendre un badge vierge de la machine que nous avions repérée au préalable qui, espérait-il, l’aiderait dans cette fastidieuse tâche. 

C’était sans compter sur un trousseau de passe-partout qu’il trouva dans un tiroir. Ces découvertes faites, et le trousseau testé sur quelques portes, nous en profitâmes pour ouvrir la salle électrique que nous avions repérée, mais que nous ne pouvions ouvrir faute de clés.

Nous remontâmes ensuite vers l’étage et les bureaux tant convoités.

Tout à coup alors que nous marchions dans un couloir, nous entendîmes le bruit d’un claquement de porte tout près de nous, l’agent Durden se précipita dans un petit passage perpendiculaire qui longeait des bureaux entièrement vitrés et trouva un coin sombre où il s’écrasa contre le mur. 

Surprise par l’urgence de la situation et éblouie par une douche de lumière sur moi, je n’eus d’autre choix que de me coller au mur du passage. 

L’agent Durden me lança un regard déformé par l’angoisse, puis nous vîmes passer un agent de sécurité de dos qui par miracle ne se retourna pas et ne fit pas attention à nos présences si intelligemment dissimulées. 

Une fois les bruits de pas éloignés, ce qui sembla des heures plus tard, mais ne fut que quelques secondes seulement, nous nous éloignâmes le plus discrètement et le plus rapidement possible. Nous reprîmes notre mission au niveau de la porte réfractaire pour tester les passes que nous avions trouvés précédemment.

Eurêka, elle s’ouvrit, nous avions atteint notre première cible que nous prîmes en photos.

Nous décidâmes de faire tous les étages que nous n’avions pas encore faits à la recherche de nos dernières cibles. C’est ainsi que nous trouvâmes la salle des serveurs toutefois, notre trousseau ne fonctionnait pas et l’endroit était encore plus truffé de caméras que le reste des bureaux. 

Nous repérâmes une dalle dans un faux sol et découvrîmes que nous pouvions la soulever pour nous introduire dans la salle. Nous la prîmes donc en photo en guise de preuve de bypass possible du système de sécurité et continuâmes notre descente et visite des derniers étages.

Nous fîmes une pause pour étudier les plans trouvés précédemment et particulièrement celui du sous-sol qui nous intriguait. 

Nous repérâmes un espace où rien n’était indiqué et nous conclûmes qu’il s’agissait probablement d’une autre de nos cibles les plus importantes : la salle de production, qui était aussi notre dernière cible, celle qui clôturerait notre mission périlleuse.

Nous nous dirigeâmes donc vers cet endroit, joyeux et insouciants de nos précédents succès, mais tout de même encore discret. Au moment de descendre vers le sous-sol nous entendîmes un bruit de radio et finîmes notre descente à pas de velours malgré mon mauvais choix de chaussures qui avaient une fâcheuse tendance à grincer sur le sol lisse. Arrivés devant la porte de la fameuse salle je l’ouvris avec précaution tandis que l’agent Durden me prit en photo en me lançant un « le contre-jour te va à ravir! » ce qui déclencha mon hilarité et m’empêcha de voir tout de suite la personne qui travaillait dans cette salle qui semblait être en effet, une salle de production.

« – Qu’est-ce qu’il se passe? » demanda l’individu, l’agent Durden bredouilla : « Nous sommes perdus ».

Encore mélangée entre le stress de nos frayeurs précédentes et grisés par le fait que cette salle clôturait notre mission je dis à notre interlocuteur :

« Mon collègue a eu la gentillesse de m’accompagner pour récupérer des documents importants ». Je montrais l’enveloppe officielle que j’avais récupérée lors de notre visite du troisième étage et dans laquelle se trouvait juste du papier à entête que j’avais pris pour le cas où nous devions construire des scénarios ultérieurs.

« Je les avais oubliés au bureau, mais maintenant nous ne trouvons plus la sortie, où est-ce s’il vous plait? »

L’individu, encore plus gêné que nous, nous indiqua le poste de sécurité de la sortie de nuit, tandis qu’un agent de sécurité descendit et nous demanda ce que nous faisions ici en pleine nuit. Nous avions, en effet, passé plus de cinq heures dans le bâtiment. Nous lui expliquâmes à nouveau nos mensonges éhontés et lui montrâmes les badges temporaires récupérés précédemment pour justifier notre présence, tout en rejoignant son collègue. Il nous posa davantage de questions et nous fûmes obligés de donner le nom de notre contact pour justifier l’absence d’une escorte. Le deuxième agent, d’une gentillesse déconcertante, nous expliqua avoir été étonné de nous voir arriver au sous-sol.

Ils prirent nos noms et nos papiers d’identité, puis nous indiquèrent le portique où nous devions badger pour sortir. Nous tentâmes donc de passer les badges temporaires qui évidemment ne nous permirent pas d’ouvrir les portes vitrées. 

Ils ouvrirent donc eux-mêmes les portiques et nous pûmes sortir, soulagés et heureux de la réussite de cette mission. 

Après avoir marché quelques mètres dehors, le deuxième agent nous rejoint pour récupérer nos badges temporaires, « nous vous en fournirons d’autres demain, s’excusa-t-il, mais nous devons d’abord tirer au clair cet incident qui n’aurait pas dû se produire »

Nous lui rendîmes nos badges et pûmes partir retrouver le confort de nos foyers, avec la satisfaction d’une mission accomplie et autant d’émotions que de souvenirs dans nos yeux.

Happy birthday C.S. by G.B.

I am proud to announce that my blog is 2 years old!

To celebrate this event, i made a visual recap of my challenge to become a pentester.

To realize my project of becoming a pentester, I relied on Philipe Carré’s « Apprenance » concept.
« Apprenance » is « a lasting set of dispositions… favourable to the act of learning… in all situations: formal or informal, experiential or didactic, self-directed or not, intentional or accidental ».
Philippe Carré, 2005.

My project, involved six steps such as E-learning, CTFs, learning expeditions, internship, conferences and volunteering.
In order to document my approach, I created a blog to share my experience and I also built an analysis grid of skills resulting from the whole project.

I am so happy that I achieved my goal by being hired as a pentester at Okiok but my desire to learn remains as strong as ever.

Journey to be continued…

Six mois après, au Canada… / Six month later, in Canada…

Scroll down for English

Six mois déjà et je n’ai pas vu le temps passer! Entre deux déménagements, la vie quotidienne, mes activités sportives, associatives et des balades en ville et dans la nature. 

Ma passion pour la cybersécurité et sa démocratisation a pris la plus grande place.

Cet article va présenter ce que j’ai fait à Montréal ces six derniers mois.

Comment ai-je continué mon auto-formation? Comment se passe mon expérience de pentesteuse?

Mon travail chez Okiok est très varié et dépasse de loin mes attentes (voir ici l’article concernant Okiok).

J’ai eu différents mandats passionnants qui m’ont permis de m’améliorer en pentest Web et externes. J’ai découvert les pentests interne et WiFi et toute la variété de missions possibles dans ce métier.

Aussi, j’ai eu la possibilité de faire un pentest physique, dont je parlerai prochainement dans un article.

Au delà des missions, j’ai eu l’opportunité d’animer un lunch and learn sur le pentest pour présenter le métier à nos collaborateurs.

En ce moment, je suis en clientèle pour une mission de Blue Team où je développe mes compétences en défense.

Avec Okiok j’ai également la possibilité d’assister à des conférences et de participer à des CTF.

J’ai notamment, peu après mon arrivée sur le sol canadien eu la chance de participer au fameux Hackfest de Québec City. 

Passionnée par l’OSINT, je me suis inscrite au Missing Person CTF organisé par Tracelabs, une super initiative qui permet d’aider les autorités à trouver des personnes disparues. 

Après avoir assisté à de passionnantes conférences je suis allée me fabriquer un badge au village de soudure, je me suis entraînée au lockpicking et j’ai hacké des badges RFID!

Côté démocratisation de la cybersécurité et promotion de la cyberpaix, je ne suis pas en reste non plus!

En effet, en arrivant au Canada, j’ai été chaleureusement accueillie par Véro, Fyscillia et Sabrine qui organisent des panels pour permettrent à des femmes de la cyber de débattre sur différents sujets dans le cadre de NousSommesCyber (aka WoSEC Montréal)

J’ai ainsi été panéliste chez Ubisoft Montréal (voir ici) pour une table ronde sur la sensibilisation à la cybersécurité.

Lors de mon arrivée, il était également question pour WoSEC Montréal d’organiser des workshops et Véro m’a proposé de les aider dans cette tâche.

Le premier workshop était celui de Diana Whitney qui nous a présenté comment exploiter eternal blue avec la box Blue de Hactkthebox. Ensuite, j’ai animé un atelier d’initiation au pentest web.

Avec la situation de pandémie actuelle nous avons décidé de maintenir les workshops en version 100% remote 😀 et nous aurons la chance d’avoir une introduction sur l’ingénierie inverse par Emma Spradbrow (Informations pour l’inscription dans l’image suivante ATTENTION réservé aux femmes).

Aussi, lors de mes activités pour NousSommesCyber, j’ai rencontré Masarah qui m’a proposé de participer au Outreach committee du NorthSec.

L’objectif, permettre à tous les publics d’assister au NorthSec et de bénéficier des formations proposées lors de la conférence.

Pour en savoir plus sur le NorthSec c’est ici!

Afin de continuer dans mes démarches de sensibilisation et de partage de mes connaissances, j’ai soumis plusieurs CFP. C’est ainsi que j’ai été selectionnée pour animer un talk à WomenTechMakers Montréal.

En raison du COVID-19 l’évènement s’est fait 100% en ligne, vous pouvez donc voir mon talk ici:

Dans le cadre de MeetCyber, Enkelada Ibrahimi m’a contactée via Linkedin et j’ai ainsi été interviewée pour relater mon parcours, mon travail et mes projets. Pour les personnes qui sont sur Crowdcast, c’est disponible ici

Être interviewée ne m’a pas empêché de continuer mes interviews! 

En effet, grâce à WoSEC j’ai fait la connaissance de Angela Marafino et Alyssa Miller que j’ai interviewées dans ma série de podcast.

Leurs parcours sont passionnants et inspirants! Je vous invite à les découvrir ici avec les précédents podcasts.

Pour améliorer mon aisance à l’oral et continuer à faire de nombreux talks, j’ai rejoint un club Toastmasters. C’est une expérience très enrichissante, le club se réunit une fois par semaine et propose différents format de participation. Par exemple, il y a un rôle d’évaluateur de la langue, qui consiste à faire un retour sur les termes et expressions utilisées par les divers intervenants. Nous faisons également des improvisations et bien sur des présentations orales.

Pour continuer à apprendre et affiner mes compétences, j’ai également continué mes formations en ligne. J’ai notamment validé le Mooc problem Solving qui m’a permis de développer une méthodologie face aux challenges de la vie professionnelle. 

Grâce à Okiok, je fais actuellement la formation de Elearn Security sur le pentest Web.

Enfin, je continue à m’entrainer sur Hackthebox et Certifiedsecure et j’avance sur les exercices du Mossé Institute.

D’ailleurs si vous êtes une femme intéressée par la cybersécurité le Mossé institute offre une formation gratuite et certifiante. Vous pouvez me contacter via Linkedin pour en savoir plus.

Retrouvez la suite de cette aventure dans un prochain article!…

I have spent six month in Montreal already! Between two moves, daily life, sports, associative activities and walks in the city and in nature.

My passion for cybersecurity and its democratization has taken the greatest place.
This article will present what I have been doing during these past six months…
How did I continue my self-study? How is my experience as a pentester going?

My work at Okiok is very varied and exceeds by far my expectations (see here my article about Okiok).

I’ve had various exciting mandates that have allowed me to improve my skills in Web and external pentest. I discovered internal and WiFi pentests and all the variety of possible missions in this position.

Also, I had the opportunity to do a physical pentest, which I will talk about soon in an article.

Beyond these missions, I had the opportunity to host a lunch and learn about pentest to present it to our collaborators.

At the moment, I am on a Blue Team mission where I am developing my skills in defence.

With Okiok, I also have the opportunity to attend conferences and participate in CTFs.
In particular, shortly after my arrival in Canada, I had the chance to participate in the famous Hackfest in Quebec City.
Passionate about OSINT, I signed up for the Missing Person CTF organized by Tracelabs, a great initiative that helps authorities find missing persons.
After attending exciting conferences, I went to the soldering village to make myself a badge, practiced lockpicking and hacked RFID badges!

As for democratizing cyber security and promoting cyberpeace, I have plenty of opportunities either!
Indeed, when I arrived in Canada, I was warmly welcomed by Véro, Fyscillia and Sabrine who organize panels to allow women from the cyber world to debate on different subjects about cybersecurity with WeAreCyber (aka WoSEC Montreal).

I was a panelist at Ubisoft Montreal (see here) with a theme on cybersecurity awareness.

When I arrived, WoSEC Montreal was also talking about organizing workshops and Véro offered me to help them in this task.

The first workshop was with Diana Whitney who demonstrate how to exploit eternal blue with Hactkthebox’s « Blue » box.

Then, I animated an initiation workshop to web pentest

With the current pandemic situation we decided to keep the workshops but in a 100% remote 😀 version and we will have the chance to have an introduction on reverse engineering by Emma Spradbrow (Registrations info in the image below. WARNING only for women).

Also, during my activities for WeAreCyber, I met Masarah who offered me to participate to the Outreach committee of NorthSec.

The goal: to allow all audiences to attend NorthSec and benefit from the training offered at the conference.

To learn more about NorthSec, click here!

In order to continue in my efforts to raise awareness and share my knowledge, I have submitted several CFP. That’s how I was selected to host a talk (in french) at WomenTechMakers Montreal.

My talk for WomenTechMakers Montreal, in french

Due to COVID-19 the event was 100% online, so you can see my talk above.

As part of MeetCyber, Enkelada Ibrahimi contacted me via Linkedin and I was interviewed about my background, my work and my projects for the people on Crowdcast, it’s available here.

Being interviewed didn’t stop me from continuing my interviews!
Indeed, thanks to WoSEC I met Angela Marafino and Alyssa Miller who I interviewed in my podcast series.

Their backgrounds are exciting and inspiring! I invite you to discover them here among other interviewees.

To improve my public speaking skills and continue to do many talks, I joined a Toastmasters club. It’s a very enriching experience, the club meets once a week and offers different participation formats. For example, there is a role of language assessor, which consists of reviewing the terms and expressions used by the various speakers. We also do improvisations and of course oral presentations.

To continue to learn and refine my skills, I also continued my online training. In particular, I validated the Mooc problem Solving, which allowed me to develop a methodology for dealing with the challenges of professional life.

Thanks to Okiok, I am currently doing the Elearn Security training about web pentesting.
Finally, I continue to train on Hackthebox and Certifiedsecure and I go further on the exercises of the Mossé Institute.

Moreover if you are a woman interested in cyber security the Mossé Institute offers free training and certification. You can contact me via Linkedin to find out more.

Find the sequel of this adventure in another article soon!…

A toi belle journée d’hiver * Okiok

Ma démarche d’auto-formation en cybersécurité que je documente ici, depuis avril 2018, m’a permis d’être embauchée comme pentesteuse chez Okiok.

Cette nouvelle aventure canadienne m’a inspiré un conte cyber.

Il était une fois, un grand grand royaume nommé l’Internet où existe un territoire lointain et invisible, le Cyberespace.

Cet espace non défini, renferme les plus grands serpents de mer du royaume. Ces colosses, cachés sous nos océans terrestres susurrent les tous petits, les petits, les moyens, les grands et les très grands secrets de ses habitants que l’on appelle : Internautes. 

Ces Internautes, habillés de rouge, de bleu, de violet, de noir ou d’autres couleurs encore ont chacun une façon bien particulière de vivre dans le royaume. 

Les bleus défendent le royaume, les rouges préparent les bleus en organisant de fausses attaques qui consistent à attraper discrètement des drapeaux sur les territoires à défendre. Les violets font les deux et enfin les gris-noirs ont des projets bien plus flous. 

Ces derniers portent différentes nuances de noir. Ils ont pour emblème un hoodie de leur couleur qui cache leurs yeux. 

Certains d’entre eux militent pour des causes politiques ou sociales nobles ou pas, d’autres s’accaparent les richesses du royaume et des Internautes et d’autres encore, créent des stratégies d’intrusions qui pourraient détruire le royaume et ses habitants.

Face à tous ces personnages aux bonnes et mauvaises intentions, j’ai voulu m’impliquer avec ceux vêtus de couleurs claires et dont les yeux étaient teintés d’une lueur bienveillante. 

C’est alors que j’appris qu’au coin de ma rue, Okiok, le premier à avoir voulu protéger l’Internet et ses habitants organisait un recrutement d’internautes aux couleurs claires. 

D’un pas curieux et décidé, je suis allée à sa rencontre, car je voulais faire partie de son équipe. 

C’est ainsi que nous avons discuté, de mes voyages dans le royaume, de ses missions pour qu’il reste sûr et libre et qu’il m’a invité à attraper des drapeaux pour un premier essai.

Quelques jours plus tard j’appris avec une grande joie que j’allais faire partie de son équipe. Surexcitée, je m’empressais de le rejoindre dans son pays d’hiver où il m’a accueilli chaleureusement par un « Bienvenue dans la famille ». 

J’avais enfin trouvé la définition de la cybersécurité : confiance et bienveillance.

My internship at Radically Open Security

One of my goal in this ethical hacker challenge was to volunteer for a GREAT organization. This is what i did with Radically Open Security who welcomed me as an intern for six months.

How did i get this opportunity?

When i started to work in the IT I quickly had concerns about the lack of safety on the Internet.
Therefore, my curiosity and thirst for learning led me to wonder about the construction of a safer cyberspace.
This quest has shaped the type of company I wanted to be involved with. This is when I discovered the existence of ROS (Amsterdam, Netherlands) and Melanie Rieback in a press article.
This initiative was an evidence and in line with the values I want to promote.
Transparency is the central point of this company and its business model is a promise of a better social future.

What is Radically Open Security?

« Radically Open Security is the world’s first not-for-profit computer security consultancy company. We are prototyping an innovative new business model – using a Dutch « Fiscaal Fondswervende Instelling » (Fiscal Fundraising Institution) to provide a commercial front-end that sends 90% of our profits tax-free to a backend foundation (Stichting NLnet) that has supported open-source, Internet research, and digital rights organizations for almost 20 years. The other 10% of our profits will go to an employee profit-sharing scheme, in which the secretary accumulates profit-sharing rights as quickly as the CEO. Additionally, due to our low management/overhead costs, we can afford to pay competitive wages to our computer security consultants.  »
At ROS everybody works remotely.

Wait! Not for profit?

Yes not for profit! Let Melanie Rieback co-founder and CEO explain this to you:

What service do they offer?

  • Penetration testing, ethical hacks and social engineering
  • Malware reversing and analysis
  • Network monitoring and threat detection
  • Forensics
  • CSIRT and incident response
  • Code audits
  • DDoS Testing
  • Cryptographic analysis
  • Custom R&D Projects
  • Workshops, trainings and mentoring
  • Misc: Embedded, Android and RFID Security


What did i do?

Participation in the creation of a Capture-The-Flag (CTF) game

ROS helped to build a CTF for the CyberHeroes week of the non profit organization Cyberworkplace (see my article about the CyberHeroes week here).
The theme of the week was Heroes in cyber, I build a list with many heroes from the cybersecurity world, cryptography and cybersecurity resources.

Observation of pentests

I was added to some pentesting channels on RocketChat a chatroom that was used for communication for work purposes. This way, i was able to peek over the shoulders of pentester and see how they work, how they communicate with the client as the pentests are completely available to the clients from the begining to the end (this is one of the core principle of ROS).

Review of pentest reports

I was able to read and review some pentests reports. This really helped me to see how proper pentest reports are build, what pentesters look for while pentesting and which tools they use.

Improvement of the onboarding manual for new staff members

When i onboarded i was provided with an onboarding manual. As i encountered some little problems to set up my work environment i added some entrees in the onboarding manual in order to help future onboarders who had the same configuration i had.

Creation of a wiki page with relevant onboarding information for new staff members

ROS wanted to improve the onboarding process and provide the onboarders resources and useful informations.
This is why i created a wiki page with many resources for every type of positions (project management, software development, pentesting, …). I also added a section for general informations about ROS.
After the set up of this wiki i invited everyone to contribute and share their knowledge with relevant links like their favorite tools that help them in their tasks, great articles they’ve read, anything they would find relevant.

Submission of a process for improving internal training

We wanted to improve the internal training that is why i created a documentation to propose some ideas on the subject.

Helping a coworker with the use of Gitlabs (Radically Open Security’s file storage system)

One of the other intern was new to Gitlabs. As i had previously encountered Git and worked with it, i was able to provide my help.

Organizing folders in Gitlabs

ROS puts their projects and documentation on an internal Gitlabs system. I updated the organization of the folders.

Use of Pentext and XML

« The OWASP PenText XML documentation project can help your software security company produce offers, reports, invoices and generic documents by offering a well-structured and easy to maintain documenting system you can modify to your liking. »
This tool was created by ROS they open sourced it and made it available on Github.
In order to use Pentext you need to know XML.
I really enjoyed using pentext. XML is really useful and you get to generate great looking documents. This saves a lot of work mainly for pentesting reports but it can also be use to save time on other types of reports.

What did i get from this experience

As I plan to build a company, ROS was an inspiring and innovative model for tomorrow’s companies.
More specifically, I learned how a holocratic system works in a company. This system in which everyone has a place and a voice has been a beautiful discovery.
On a more technical aspect I have used many tools such as Pentext.
Finally, I have appreciated working remotely because it requires a personal work organization that invites to be autonomous and rigorous.

(source cyberheroes week flickr) During the CyberHeroes week i had the opportunity to meet Daan, Steven, Melanie and Anh from ROS.

To go further

CyberHeroes week by Cyberworkplace

During my internship at Radically Open Security, i had the opportunity to help with the building of a CTF made for the CyberHeroes week of Cyberworkplace.
I found Cyberworkplace’s initiative so great that i asked if i could volunteer for the CyberHeroes week. They did not only accepted that i volunteered, but also invited me to come as a participant.

What is Cyberworkplace?

Cyberworkplace is a dutch initiative based in Rotterdam. It « is a non-profit initiative that helps reduce the current shortage of cyber security experts in the labor market and provides much-needed 21st-century skills to vulnerable young people (dropouts/ gamers/students, who lack practical experience in their study programs).
The training/lessons given at Cyberworkplace are inspired by modern teaching methods such as peer-to-peer techniques and project-based learning. » (source:

What is CyberHeroes ?

« CyberHeroes is a one-week training program that brings together twenty talented youngsters from The Netherlands and New Mexico, USA. Together they will be trained in ethical hacking skills to address current security threats. Over the course of one week they will take on hacker battles, work on CSI-type cyber challenges with local police, study the history of cryptography, learn to fight cyber crime alongside international hackers, and much more. » (source: Cyberheroes booklet)

(source: Cyberheroes flickr)

What happened?

Day 1: Cryptography and Lockpicking

(source: cyberheroes booklet)

Philip Zimmerman made a great talk about cryptography and data protection.
He exposed the evolution of the Internet and the impact it had on privacy.

(source: cyberheroes booklet)

(source: Oscar Koeroo’s slides)

Oscar Koeroo started his workshop by a talk about his work at KPN and how they handled security.
On 2012 KPN got hacked, this year they decided to set up a Security Operation Center to handle better such incidents.
KPN CISO Strategy and policy is made available for everyone here
After this introduction, he started explaining cryptography concepts.
He then detailed RSA encryption.
Finally we practiced RSA encryption and encrypted with our own messages and numbers.
He mentioned a very good tool to help us for the assignments:

(source: Cyberheroes flickr)

We ended the day with lockpicking, now i really want to buy my own lockpicking set! 😀 It reminded me of the video game called Skyrim, except it is much easier with a joystick^^

Day 2: CTF with Radically Open Security

(source: screen of the CTF platform made by Daan Spitz from Radically Open Security)

In the morning, Daan Spitz was introduced and the CTF started.
Daan works for Radically Open Security who sponsored the event and gave a CTF that he made.
In the afternoon, Melanie Rieback CEO of Radically Open Security was introduced she presented ROS and gave a great demo talk about cracking passwords.
We cracked the password « TreeHouse1234 » in less than 33 seconds!
Demo and slides can be found on ROS’s github.

(source: Cyberheroes flickr)

Day 3: On a boat with the dutch Police

(source: Cyberheroes flickr)

On day 3, we spent all day at the Seaport Police of Rotterdam.
We had the opportunity to meet Dirk-Jan Grootenboer, Peter Duin and other great police officers. They presented the Seaport Police and their work.
The Cyber Resilience unit has different goals:

  • Awareness of cyber threats and risks by citizens, corporations and other organisations
  • Know how to act: reactive, preventive, pro-active
  • Work together to share knowledge and new opportunities offered by technology
  • Resulting in continuous growth of cyber resiliency
  • From cyber security to cyber resilience
  • From reactive to pro active thinking and acting
  • Catching the advantages of cyber with an open eye for the risks

(source: Police officers talk)

Then, we had a CSI like challenge and a Police Patrol Boat Adventure. We were able to work on our social engineering skills and see the huge port of Rotterdam (largest in Europe).

On the afternoon, Floor Jansen and Marinus Boekelo joined us to present the Hack_Right initiative and explain the amazing take over of Hansa Market a dark web marketplace.
Hack Right is an initiative to help young hackers who commited a small crime, to get back in the right path and use their skills for ethical hacking.
It consists of 4 modules

  1. Restorative justice: if you commit a crime you break your connection with the victim to repair this boundary you have to do something for the community. In this module, cyber criminals are confronted with the damage and possibly even with the victims.
  2. Training: ethical and legal boundaries
  3. Coaching: personal connection between coach and offender. This involves providing longer guidance to the offender, linking them to someone from the community.
  4. Alternative: indicates the opportunities on the labour market and teaches young people where to develop their talents

(source: Floor Jansen’s talk and Mediawijzer’s article)

Day 4: Cybersprint at The Hague Security Delta and US Ambassador residence

In the morning, we worked on « Make it Smart » Maarten van Duivenbode introduced us to smart objects and how to use them. We were able to program lights and their colors.

In the afternoon, we visited Cybersprint at The Hague Security Delta.
Cynthia Schouten made an introductive talk and gave us a tour of the campus. We visited: Hogeschool Leiden’s IOT lab, we were introduced to a mixed reality tool that aims to train student in forensics with simulated crime scenes

(source: Cyberheroes flickr)

Then, we visited Splendo that introduced us their smart bikelock project for X-bike.

After the tour, Peter van Eijk who works at the municipality of the Hague presented the Hack Den Haag CTF. A CTF to help the city of the Hague to be more secure.
Finally, Soufian El Yadmani made an amazing talk about his adventure to cybersecurity. He explained that he was hired as a cybersecurity analyst at Cybersprint by winning a CTF. His team and him travel to many CTF competitions.
His secret to be a good ethical hacker? Practice, practice, practice!

After our visit to The Hague Security Delta Campus we went to the US Ambassador’s residence for a reception for the Cyberheroes program. There, Peter Hoekstra the Ambassador of the US, Anouk Vos from Cyberworkplace and Charles Ashley III from Cultivating Coders talked.
The Ambassador, is now a proud hacker in a beautiful Cyberworkplace hoodie and the owner of a CyberHeroes medal!

(source: Cyberheroes flickr)

Day 5 and 6: Trip to Leeuwarden, no escape possible 😀

(source: Cyberheroes flickr)

On the last two days of CyberHeroes, we were invited to Leeuwarden for a CTF at the amazing Hacklab.
Leeuwarden is a beautiful historical city in the north of Netherlands that has been European Capital of 2018.
The CTF gave us the opportunity to learn a lot.
After all this hacking we did we had to go to jail… joking we just spent the night in a former prison: Alibi Hostel

But before going to sleep, we took part in a great escape game made by Henk Van Ee founder of Cybersafety4u in which we had to unlock a hacker’s phone.

(source: Cyberheroes flickr)

To conclude this awesome week, we all got a certificate and a CyberHeroes medal.
Needless to way i was very proud to participate and help for this great adventure.
I would like to take the time to thank Radically Open Security (Melanie and Anh) without whom i would not have heard about Cyberworkplace.
Thanks also to Anouk, Nasya and Maria from Cyberworkplace that welcomed me for this week.
They all made an amazing work and i would definetely recommend everyone who has the opportunity to take part in a week like this.
Volunteer or help Cyberworkplace any way you can, they do such an amazing work for students and cybersecurity lovers.

(source: Cyberheroes flickr) Volunteers for the CyberHeroes week: Adelle, Anh, Maria, Anouk, Me, Nasya

To go further: