All posts in General

Teaching“Assessing and exploiting control systems IIoT

After a long time in the making, our calendars finally aligned and this week I shared the stage co-training the class: “Assessing and exploiting control systems & IIoT”, with Justin Searle ?.


Keep Reading →

BSides Luxembourg 2019 Write-up

This was my second BSides event of this year. I must say I really like this type of events and I hope I can attend more of them next year.  I don’t think I can cover as many as Cooper (@ministrator), but I would love to.

For those of you who haven’t attended one before I ‘ll run you through the basics. Community organized, very nice people, great content (normally delivered by non Rockstar speakers) and non-profit.   Keep Reading →

Entering SevenShift

I’ve been working as a freelancer for a while now and lately been wanting to grow and attempt bigger things. That is why starting today I have officially founded SevenShift


This new company will be the place I will be doing all my work from. The main idea is to have a legal entity that can enable me to work on any future endeavors.

The main focus will be on IoT Security, which is what I have been working on lately, but we will see where the road takes us.

I hope I find some time to post here as well, now that I will be responsible for an additional site.


old time radio
At the end of last year a friend gave my contact information to a radio producer with an interesting project. She wanted to learn as much she could as you can from a person through different means:

  • Getting his writing analyzed
  • Getting his voice analyzed
  • Using a private detective to follow him for a couple of days
  • And of course the digital perspective (which is where I tried to pitch in)

Basically we had a target (which gave us written permission to hack him and his systems) and the idea was to go, collect all the information we could from his online presence, hack any of his accounts and / or his personal computer. One of the things we had in mind, was since “the Target” was one of the producers, is that we didn’t want to kill any of his devices.

Keep Reading →


Well after postponing it for quite a while I finally decided it was time to go down the certification path.  So there are a couple of questions that came to mind, I think I did my homework and these were my answers:

Why get certified?

Well it’s a way of proving that you know something to other people, in particular to potential new employers.  It is said that certs are a great way to boost your career or at least make a statement on where you want to steer yours to, i.e. if you take some CISCO certs, you probably what to pursue a the networking path; or if you take a security cert you’re showing that’s the way you want to go.

What certification should I get?

This was a hard one, there are lots of them out there.  So I took some notes and talked to people last year when I attended the RSA Conference 2007.  I also found a great website where they did some comparisons on with a lot of different variables.  After some thinking around I decided to start with Security+ and after that pursue OPSE and / or the well known CISSP.  So step 1 is done.

Other thoughts

A cert alone doesn’t make a good or complete professional, I know a couple of cert holders that don’t know squat and can’t solve a problem in their “area of expertise” even if their life depended on it.  One of those was and old colleague, he had a couple of the CISCO certs and said that he was an expert in networking but couldn’t understand the difference in the use of the POP3 (TCP 110) and webmail or HTTP (tcp 80), after that we just labeled him port 80.

Well officially as of last week I approved my Security+ exam and should continue down the cert road to get a couple more.