Every year we reach out to several experts in the field and ask them to make a challenge for the Cyber Security Challenge. This ensures that we can provide top-quality challenges created by real-life Belgian security professionals. Just like last year, we received numerous interesting contributions and we would like to thank the following people in this Hall of Fame:
Jornt van der Wiel works as a local security researcher at Kaspersky Lab for the BeNeLux region and is a member of Kaspersky Labs Global Research and Analysis Team (GReAT). In this position he gathers information, evaluates new threats and helps designing new utilities for in-house and customer use. Besides that he is involved with the development of Threat Intelligence Services which support businesses in responding rapidly to new threats and provide them with information to pro-actively combat threats. Jornt specializes in source code auditing (especially C/C++), anomaly detection (detection based on behavior, not on signatures), online identities and authentication, cryptography, software exploitation, software exploitation prevention techniques and ICS / Scada system security.
Mathy Vanhoef is a postdoctoral researcher at KU Leuven. He is most well known for his KRACK attack against WPA2, and the RC4 NOMORE attack against RC4. His research interest is in computer security with a focus on wireless security (e.g. Wi-Fi), network protocols in general, applied cryptography, and software security (discovering and exploiting vulnerabilities). Currently his main research is about automatically discovering vulnerabilities in network protocol implementations, and proving the correctness of protocol implementations. Apart from research, he also knows a thing or two about low-level security, reverse engineering, and binary exploitation.
Captain Richardson has worked at CHQ for over 40 years. Due to the classified nature of his work, no further information is available
Not every contributor likes to be in the spotlights, but they do all deserve recognition. This entree is to thank all the anonymous contributors that have graciously helped us by providing challenges and supporting us in various other ways.
Xavier Mertens, aka @xme, is a freelance security consultant based in Belgium. His daily job focuses on protecting his customer’s assets by applying “offensive” (pentesting) as well as “defensive” security (incident handling, forensics, log management, SIEM, security visualisation, OSINT). Besides his daily job, Xavier is also a security blogger (https://blog.rootshell.be), an ISC SANS handler (https://isc.sans.org) and co-organizer of the BruCON (http://www.brucon.org) security conference. LinkedIn: https://www.linkedin.com/in/xmertens/
Working as a security consultant at NVISO, Wouter likes breaking and making stuff. Some say he hunts you down if you write bad and insecure code. In fact he likes researching software security and the blockhain. In his sparetime he plays the piano, likes having a beer with friends and enjoys the movies. If you dare to get in touch with him, contact him at (https://www.twitter.com/someniak).
Frederik Mennes is currently Senior Manager Market & Security Strategy at VASCO Data Security, a provider of strong authentication products and services. In this capacity he develops and oversees the execution of VASCO’s business strategy for certain markets. Besides this he leads VASCO’s Security Competence Center, working on the security aspects of VASCO’s products and infrastructure. He is a regular speaker at industry events and conferences about security technology, and a contributor to the Initiative for Open Authentication (OATH) and the HIMSS Identity Management taskforce. Besides his role at VASCO, Frederik has supported the Information Security Group (ISG) at Royal Holloway, University of London in various educational roles. He earned an MBA from Vlerick Business School (Belgium), an M.Sc. in Information Security from Royal Holloway, University of London, and an M.Sc. in Computer Science Engineering from KU Leuven, Belgium.
Hero name: Renaud Demez
Level: Intern at NVISO
Skill: Code until death
Description: I’m studying at HELMO Campus Guillemins (Liège) and works on cybersecurity challenge and gamification for his internship. I’m a developer but I’m really curious so, this is why I did my internship in cybersecurity and gamification. I worked hard for these challenges, so please give me a little feedback at email@example.com :slightly_smiling_face:
(Personal information: I like videos games, I played to a lot of them and I think my main license is Monster Hunter. For the cybersecurity, I don’t have any knowledge from school but I like having a lot of different knowledge in my pocket).
Nico Callens is a Sr. Security Expert in the NVISO’s technical security team. Where he specializes in SIEM, Security monitoring, Network and Cyber Security. An all-round IT Security professional with a broad technical background, analytical and problem solving capabilities and a strong customer focus. Prior to joining NVISO, Nico was a senior security consultant at Verizon Enterprise Solutions (Professional Security Services) for 8 years. Nico holds a Bachelor degree in Information Technology and is CISSP, PRINCE2 and GIAC Forensic Examiner certified.
Geoffrey is a 22 year old security consultant. By day he performs penetration testing and red team shenanigans, by night he tinkers with disassemblers and debuggers. Interested in vulnerability research, malware analysis, exploit development, cryptography and other arcane arts.
Annika is a security consultant at NVISO, where her job focuses mainly on digital forensics investigations, next to performing network- and application level security assessments. Before her interests in IT she was already focused on forensic investigations, leading to a degree in Forensics, Criminology and Law. Combining both interests, she is now a GIAC Certified Incident Handler and Forensics Examiner.
You can find Annika on LinkedIn.
Kris has extensive experience in Information Security. He joined NVISO in early 2017. The last decade he has mainly worked on Enterprise Security Architectures (ESA), PKI and (Web) Application Security. For ESA, he strongly believes in a business-driven approach (SABSA) and for human well-being in the healing power of coffee.
Sasja Reynaert is a security analyst at Nviso where he assists clients with technical information security issues, focusing the majority of his efforts on intrusion analysis, digital forensics and incident response. You can find Sasja on LinkedIn.
Michiel (OSCP, GWAPT) is a security consultant at NVISO where he mostly does penetration tests on web applications. He is also interested in network/infrastructure security and exploit development. Michiel really likes to break stuff and exploit things. He spends his spare time by doing research on various security topics to sharpen his skills so that he can break even more stuff, but he also takes the time to go out with friends, have a beer or watch some movies.
Some say he's an ethical hacker and he tends to hack big corporations for bug bounties, all I know is that he's a security consultant at the TSF. He currently works as a pentester(CEH) but also likes researching and developing applications. If you want to get in touch with him, contact him at https://www.linkedin.com/in/dtinel/
Anthony is a student at KU Leuven and previous contestant of the Cyber Security Challenge.
Jeroen Beckers is a security researcher at NVISO. He focusses mainly on mobile applications for Android/iOS and sometimes even Windows Phone (yes, some people actually use it!). Apart from breaking mobile applications, he also gives security trainings and presentations at conferences.
Jeroen is also an active member of Hacknamstyle, the KU Leuven CTF team.
I'm a security researcher at NVISO where my main focus is on web application security.
I could start listing my interests, but it’d be a long list… Basically I’m just curious how things – could - work, and with things, I mean just about anything that works with 1's & 0's
When the “tech-cap” goes off, I like to play the piano or watch a good movie. ( and off course a couple of beers in good company is never a waste of time:) )
Nik is a cyber security passionate that enjoys studying and working in the field as well as climbing, travelling and overall having a good time with friends and family. Currently, he is working as Cyber Security Analyst for the Belgian federal Cyber Emergency Response Team (CERT.be). You can find Nik on Linkedin.
I’m a 26 years old Cloud System Engineer (some say Cloud Jedi) / Ethical Hacker who’s working at Adifo Software. You can always find me on events like InfoSecurity, BruCon or maybe you can spot me at the finals of the Cyber Security Challenge. I like to go out with friends, watching series (Doctor Who … Yes, I’m a Whovian!) , having dinner and enjoying life!
Sophie is a Senior Security consultant at NVISO, where she primarily focus on cyber security incident response, network security and digital forensics. Before joining NVISO, she obtained her first working experience in the Security Operations team of SWIFT. Apart from security Sophie followed the Graphic and Digital Art classes at the Academics of Arts in Leuven (SLAC). You can find Sophie on LinkedIn (www.linkedin.com/in/sophiemarien) Sophie is also a member of HacknamStyle, the KULeuven CTF team.
Thomas still spends his days learning about information technology. That's not so different from when he was a student. Besides that, he loves movies, science fiction, puzzles,... Still not so different. He sometimes builds, he sometimes breaks things. He is old now, but he hasn't really changed since last century.
Didier Stevens (Microsoft MVP Consumer Security, SANS ISC Handler, Wireshark Certified Network Analyst, CISSP, GSSP-C, GCIA, GREM, MCSD .NET, MCSE/Security, MCITP Windows Server 2008, RHCT, CCNP Security, OSWP) is an IT Security Consultant (Contraste Europe) currently working at a large Belgian financial corporation. Didier started his own company in 2012 to provide IT security training services (DidierStevensLabs.com).
You can find his open source security tools on his IT security related blog at blog.DidierStevens.com.
I'm Cyber Security Consultant at APPROACH. I’m passionate in IT and Cyber Security. My favourite activity is Pentesting and Challenging the Security of systems. When not working, I’m a dance teacher, a passionate in photography … and, ok, also doing geek stuff ;-) Linkedin: https://www.linkedin.com/in/dimitridiakodimitris/
The following people have contributed in the past and we are ever grateful for their help!
24yo; Graduated from University of Amsterdam; Working at Proximus CSIRT; Challenges created under the influence of absurd quantities of caffeine.
The Proximus CSIRT monitors and responds to cyber security incidents on its core infrastructure and internal assets. We deal on a daily basis with all kind of incidents, ranging from very simple ones ( phishing *yawn* ) to actually pretty neat ones (Sorry, it's classified :3 ).
I am a freelance security consultant with experience in incident response and incident response coordination. Passionate about CSIRT work, incident detection, threat intelligence, network analysis, honeypots and log management. I have a security blog and contribute to CSIRT community projects.
Started as developer then moved to networks and finally found my vice as a security enthusiast.
The same “changing until the perfect is found” mentality is applied also to the places I have lived so far; Greece, Sweden, France and finally Belgium.
During the morning I work as a security expert for both offensive and defensive side @dayjob.
During the night I watch series and enjoy good friends around some beers.
I am a freelance security consultant based in Leuven. I currently focus on penetration testing, vulnerability research and bug bounty programs. My previous experience includes large scale log collection and analysis, threat detection, incident handling and forensic investigations.
I'm an ICT security engineer at the KBC bank and insurance group. I'm passionate about IT security in general, my favorite topics are: cryptography, threat hunting, reverse engineering malware and penetration testing. I love interacting with the ITsec community and I regularly blog about IT security topics on my website uperesia.com.
You can call him Ing, CISSP, CEH, ECPPT, GCFE or CSSLP, but it is also allowed to call him by his name: Dieter Van Den Bosch. He is a security enthusiast and an APD … Advanced Persistent Defender. After he has come home from DJ’ing he probably will start analyzing some breach.
He has 6 years of security experience at KBC Bank. He started in the Network Security team to later become the first Security Operations Center member and first Security Analyst of KBC Group. Lately the world of business has revealed to him as he is now Policy Advisor as part of the Corporate Change & Culture team for KBC Group.
20-something devops/infra/security guy working in Brussels. Enjoys coding, troubleshooting, understanding technology and improving things.
Vincent is a consultant at NVISO. He spends his days sending phishing emails, helping organizations define their security battle pans and convincing managers that security should be part of their technology strategy. All with one goal: embed a Cyber Culture at his clients.
Maxim is a Digital Forensics and Incident Response (DFIR) specialist and currently works as a Cyber Analyst for CERT.be. You can hook Maxim up through his Linkedin Profile (https://www.linkedin.com/in/maximd).
Yves is a specialized federal police officer for the Federal Computer Crime Unit (FCCU), where he ensures IT forensics training of the Belgian police forces. Throughout his career spanning over 20 years, Yves has built detailed IT forensics skills combined with an experience on measures to take when IT critical infrastructures are under attack.
Yves is also a lecturer in security in a series of schools, and the chairman of ECTEG, the European Cybercrime Training & Education Group. In his free time, you may catch Yves taking photographs or creating forensics challenges for the Cyber Security Challenge Belgium.
Sean is Security Consultant at Gremwell. He is passionate about software security, reverse engineering, testing software, fuzzer development and exploit development.He is actively engaged in security research and has discovered and exploited bugs in popular software.
Tom Van Goethem is a PhD student at the University of Leuven, where he has a (not so secret) love affair with research on security and privacy in the context of the web. The thirst for knowledge and practical experience has driven him to the worderful world of hacking competitions, where he acts as one of the team leaders of iMinds-Distrinet's own CTF team named HacknamStyle.
An innovative gamified approach to measuring the security posture of your development community
I came to security a bit by accident when realising that I have a natural tendency to break things due to excessive curiosity…
Now mostly working in the areas of incident response, security monitoring and penetration testing.
My motto is: “always question the world around you as per through the eyes of a child and keep on finding ways to improve what’s not OK. This is what real hacking is about and is the principle that drives my whole life; don’t take anything for granted and strive for perfection”.
A long time security enthusiast, Xavier likes to get technical insights on all levels - from current web technologies to embedded video analytics in C++, from plain Java to bash scripting and everything in between.
Find more details on LinkedIn.
Next to sustaining my caffeine addiction through large volumes of Nespresso, I research new opportunities for NVISO services / products and ensure our delivery is done according to the latest methods & techniques. My current focus areas include software security, (mobile) malware analysis and analyzing large amounts of network traffic for IoC’s.