Every year we reach out to several experts in the field and ask them to make a challenge for the Cyber Security Challenge. This ensures that we can provide top-quality challenges created by real-life Belgian security professionals. Just like last year, we received numerous interesting contributions and we would like to thank the following people in this Hall of Fame:
Mathy Vanhoef is a postdoctoral researcher at KU Leuven. He did his PhD on the security of WPA-TKIP, TLS, and RC4. His research interest is in computer security with a focus on wireless security (e.g. Wi-Fi), network protocols in general, the RC4 stream cipher, and software security (discovering and exploiting vulnerabilities). Currently his main research is about automatically discovering vulnerabilities in network protocol implementations, and proving the correctness of implementations.
Vincent is a consultant at NVISO. He spends his days sending phishing emails, helping organizations define their security battle pans and convincing managers that security should be part of their technology strategy. All with one goal: embed a Cyber Culture at his clients.
Thomas still spends his days learning about information technology. That's not so different from when he was a student. Besides that, he loves movies, science fiction, puzzles,... Still not so different. He sometimes builds, he sometimes breaks things. He is old now, but he hasn't really changed since last century.
Not every contributor likes to be in the spotlights, but they do all deserve recognition. This entree is to thank all the anonymous contributors that have graciously helped us by providing challenges and supporting us in various other ways.
I'm a security researcher at NVISO where my main focus is on web application security.
I could start listing my interests, but it’d be a long list… Basically I’m just curious how things – could - work, and with things, I mean just about anything that works with 1's & 0's
When the “tech-cap” goes off, I like to play the piano or watch a good movie. ( and off course a couple of beers in good company is never a waste of time:) )
I am a freelance security consultant based in Leuven. I currently focus on penetration testing, vulnerability research and bug bounty programs. My previous experience includes large scale log collection and analysis, threat detection, incident handling and forensic investigations.
24yo; Graduated from University of Amsterdam; Working at Proximus CSIRT; Challenges created under the influence of absurd quantities of caffeine.
The Proximus CSIRT monitors and responds to cyber security incidents on its core infrastructure and internal assets. We deal on a daily basis with all kind of incidents, ranging from very simple ones ( phishing *yawn* ) to actually pretty neat ones (Sorry, it's classified :3 ).
Didier Stevens (Microsoft MVP Consumer Security, SANS ISC Handler, Wireshark Certified Network Analyst, CISSP, GSSP-C, GCIA, GREM, MCSD .NET, MCSE/Security, MCITP Windows Server 2008, RHCT, CCNP Security, OSWP) is an IT Security Consultant (Contraste Europe) currently working at a large Belgian financial corporation. Didier started his own company in 2012 to provide IT security training services (DidierStevensLabs.com).
You can find his open source security tools on his IT security related blog at blog.DidierStevens.com.
I'm an ICT security engineer at the KBC bank and insurance group. I'm passionate about IT security in general, my favorite topics are: cryptography, threat hunting, reverse engineering malware and penetration testing. I love interacting with the ITsec community and I regularly blog about IT security topics on my website uperesia.com.
Jeroen Beckers is a security researcher at NVISO. He focusses mainly on mobile applications for Android/iOS and sometimes even Windows Phone (yes, some people actually use it!). Apart from breaking mobile applications, he also gives security trainings and presentations at conferences.
Jeroen is also an active member of Hacknamstyle, the KU Leuven CTF team.
I am a freelance security consultant with experience in incident response and incident response coordination. Passionate about CSIRT work, incident detection, threat intelligence, network analysis, honeypots and log management. I have a security blog and contribute to CSIRT community projects.
Next to sustaining my caffeine addiction through large volumes of Nespresso, I research new opportunities for NVISO services / products and ensure our delivery is done according to the latest methods & techniques. My current focus areas include software security, (mobile) malware analysis and analyzing large amounts of network traffic for IoC’s.
Frederik Mennes is currently Senior Manager Market & Security Strategy at VASCO Data Security, a provider of strong authentication products and services. In this capacity he develops and oversees the execution of VASCO’s business strategy for certain markets. Besides this he leads VASCO’s Security Competence Center, working on the security aspects of VASCO’s products and infrastructure. He is a regular speaker at industry events and conferences about security technology, and a contributor to the Initiative for Open Authentication (OATH) and the HIMSS Identity Management taskforce. Besides his role at VASCO, Frederik has supported the Information Security Group (ISG) at Royal Holloway, University of London in various educational roles. He earned an MBA from Vlerick Business School (Belgium), an M.Sc. in Information Security from Royal Holloway, University of London, and an M.Sc. in Computer Science Engineering from KU Leuven, Belgium.
Maxim is a Digital Forensics and Incident Response (DFIR) specialist and currently works as a Cyber Analyst for CERT.be. You can hook Maxim up through his Linkedin Profile (https://www.linkedin.com/in/maximd).
Started as developer then moved to networks and finally found my vice as a security enthusiast.
The same “changing until the perfect is found” mentality is applied also to the places I have lived so far; Greece, Sweden, France and finally Belgium.
During the morning I work as a security expert for both offensive and defensive side @dayjob.
During the night I watch series and enjoy good friends around some beers.
The following people have contributed in the past and we are ever grateful for their help!
Tom Van Goethem is a PhD student at the University of Leuven, where he has a (not so secret) love affair with research on security and privacy in the context of the web. The thirst for knowledge and practical experience has driven him to the worderful world of hacking competitions, where he acts as one of the team leaders of iMinds-Distrinet's own CTF team named HacknamStyle.
20-something devops/infra/security guy working in Brussels. Enjoys coding, troubleshooting, understanding technology and improving things.
Yves is a specialized federal police officer for the Federal Computer Crime Unit (FCCU), where he ensures IT forensics training of the Belgian police forces. Throughout his career spanning over 20 years, Yves has built detailed IT forensics skills combined with an experience on measures to take when IT critical infrastructures are under attack.
Yves is also a lecturer in security in a series of schools, and the chairman of ECTEG, the European Cybercrime Training & Education Group. In his free time, you may catch Yves taking photographs or creating forensics challenges for the Cyber Security Challenge Belgium.
Sean is Security Consultant at Gremwell. He is passionate about software security, reverse engineering, testing software, fuzzer development and exploit development. He is actively engaged in security research and has discovered and exploited bugs in popular software.
You can call him Ing, CISSP, CEH, ECPPT, GCFE or CSSLP, but it is also allowed to call him by his name: Dieter Van Den Bosch. He is a security enthusiast and an APD … Advanced Persistent Defender. After he has come home from DJ’ing he probably will start analyzing some breach.
He has 6 years of security experience at KBC Bank. He started in the Network Security team to later become the first Security Operations Center member and first Security Analyst of KBC Group. Lately the world of business has revealed to him as he is now Policy Advisor as part of the Corporate Change & Culture team for KBC Group.
Annika is a security consultant at NVISO, where her job focuses mainly on digital forensics investigations, next to performing network- and application level security assessments. Before her interests in IT she was already focused on forensic investigations, leading to a degree in Forensics, Criminology and Law. Combining both interests, she is now a GIAC Certified Incident Handler and Forensics Examiner.
You can find Annika on LinkedIn.
A long time security enthusiast, Xavier likes to get technical insights on all levels - from current web technologies to embedded video analytics in C++, from plain Java to bash scripting and everything in between.
Find more details on LinkedIn.
I came to security a bit by accident when realising that I have a natural tendency to break things due to excessive curiosity…
Now mostly working in the areas of incident response, security monitoring and penetration testing.
My motto is: “always question the world around you as per through the eyes of a child and keep on finding ways to improve what’s not OK. This is what real hacking is about and is the principle that drives my whole life; don’t take anything for granted and strive for perfection”.
Sasja Reynaert is a security analyst at Nviso where he assists clients with technical information security issues, focusing the majority of his efforts on intrusion analysis, digital forensics and incident response. You can find Sasja on LinkedIn.
Nico Callens is a Security Expert in the NVISO’s technical security team. Where he specializes in SIEM, Network and Cyber Security. An all-round IT Security professional with a broad technical background, analytical and problem solving capabilities and a customer focus.
Prior to joining NVISO, Nico was a senior security consultant at Verizon Enterprise Solutions (Professional Security Services) for 8 years.
Nico holds a Bachelor degree in Information Technology from VHTI (KATHO), Kortrijk and is CISSP and PRINCE2 Foundation certified.
Xavier Mertens is a freelance security consultant. His job focuses mainly on protecting his customer’s assets by applying “offensive” (pentesting) as well as “defensive” security (incident handling, log management, SIEM, security visualization). In parallel to his daily job, Xavier is also a security blogger, a SANS ISC Handler and a co-organizer of the BruCON security conference. You can find Xavier on Linked-In here.