https://cr0wtom.github.io/ Recent content on Cr0w's Place Hugo 0.125.0 en Thomas Sermpinis Sun, 10 Aug 2025 16:56:46 +0100 https://cr0wtom.github.io/projects/research---chv_ctf_25/ Sun, 10 Aug 2025 16:56:46 +0100 https://cr0wtom.github.io/projects/research---chv_ctf_25/ 1st Place in the Car Hacking Village CTF, as the Team Leader of the team OBDII Obl1terat0rs. Members of the team: Thomas Sermpinis (cr0wtom) - Captain Jarno Pomstra (beh3moth) Ekhi Lopez (FearOfQuiet) Pavel Khunt (pk) Wiktor Sedkowski (wiktor) Andre Maia (figis) James Rowley (pixelfelon) Mark Omo (ferret_guy) Competition happened during DEFCON 33, August 7th - 11th, 2025, in Las Vegas, NV. CTF Link Final Scoreboard Contest Closing Ceremony Team Award Ceremony Media References: https://cr0wtom.github.io/media/podcast---podcar/ Wed, 07 May 2025 16:56:46 +0100 https://cr0wtom.github.io/media/podcast---podcar/ Podcast on Automotive Hacking and Cyber Security in Greek, hosted by the automotive show Podcar.gr. Podcast links: Website YouTube YouTube Music Spotify Apple Podcasts For more platforms Other media posts, related on the podcast: YouTube Promo Are you a target Jeep Hack Instagram Promo Facebook Promo Instagram Camera Roll https://cr0wtom.github.io/projects/research---obo_ctf/ Mon, 05 May 2025 16:56:46 +0100 https://cr0wtom.github.io/projects/research---obo_ctf/ 2nd Place in the 1v1 Speedrun CTF, playing with the handle cr0wtom. Competition happened during Off By One 2025, May 8th - 9th, 2025, in Singapore. CTF Post https://cr0wtom.github.io/projects/research-talks---the-matrix-unloaded/ Mon, 05 May 2025 16:56:46 +0100 https://cr0wtom.github.io/projects/research-talks---the-matrix-unloaded/ In the current reality of connected and autonomous vehicles, manufacturers keep repeating security mistakes of the past, with minimal experience adopted by other industries and their failures. And one of those failures, which arguably costed millions in stolen intellectual property, initiated exploit chains and botnets, and helped malicious actors exploit understand and analyze targets more efficiently, is hardware vulnerabilities. The telephone booth of escape for an attacker after an unsuccessful compromise of target hardware, is (and always will be) hardware vulnerabilities, allowing full access due to physical limitations on the amount of protections one can implement. https://cr0wtom.github.io/labs/ Mon, 05 May 2025 15:48:39 +0100 https://cr0wtom.github.io/labs/ https://cr0wtom.github.io/media/interview---ismg/ Thu, 15 Aug 2024 16:56:46 +0100 https://cr0wtom.github.io/media/interview---ismg/ Interview with ISMG, based on my DEF CON talk during 2024, shot in Las Vegas, NV. Interview links: OT Security Banking Info Security Brochure LinkedIn Post https://cr0wtom.github.io/projects/research---chv_ctf/ Sun, 11 Aug 2024 16:56:46 +0100 https://cr0wtom.github.io/projects/research---chv_ctf/ 3rd Place in the Car Hacking Village CTF, as the Team Leader of the team OBDII Obl1terat0rs (Aux_labs). Competition happened during DEFCON 32, August 9th - 11th, 2024, in Las Vegas, NV. CTF Link https://cr0wtom.github.io/projects/research-talks---two-smocking-barrels/ Sun, 11 Aug 2024 16:56:46 +0100 https://cr0wtom.github.io/projects/research-talks---two-smocking-barrels/ Abstract: This is not a talk in which I will demonstrate exploit chains obtained from the underworld after signing with blood. It’s about sharing meaningful stories from said underworld. The automotive underworld of huge corporations, short deadlines and lukewarm engineers. The one where companies fight for packing more and more functionality inside your computer on wheels, without paying attention to one of the things that our life actually depends on right now, cybersecurity. https://cr0wtom.github.io/projects/research---nissan_seed/ Sun, 07 Jul 2024 16:56:46 +0100 https://cr0wtom.github.io/projects/research---nissan_seed/ Title: Predictable seed generation after ECU reset Date: 15/08/2024 CVE-ID: CVE-2024-6347 CVSS Score: 5.3 (v4) Author: Thomas Sermpinis Versions: Nissan Altima MY22 - MY24 (More to be added) CNA: ASRG Tested on: Nissan Altima MY22 - MY24 Unprotected privileged mode access through UDS session in the Blind Spot Detection Sensor ECU firmware in Nissan Altima (2022) allows attackers to trigger denial-of-service (DoS) by unauthorized access to the ECU’s programming session. * No preconditions implemented for ECU management functionality through UDS session in the Blind Spot Detection Sensor ECU in Nissan Altima (2022) allows attackers to disrupt normal ECU operations by triggering a control command without authentication. https://cr0wtom.github.io/projects/research---nissan_ecureset/ Sun, 07 Jul 2024 16:56:46 +0100 https://cr0wtom.github.io/projects/research---nissan_ecureset/ Title: Predictable seed generation after ECU reset Date: 15/08/2024 CVE-ID: CVE-2024-6348 CVSS Score: 5.3 (v4) Author: Thomas Sermpinis Versions: Nissan Altima MY22 - MY24 (More to be added) CNA: ASRG Tested on: Nissan Altima MY22 - MY24 Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima (2022) allows attackers to predict the requested seeds and bypass security controls via repeated ECU resets and seed requests. https://cr0wtom.github.io/projects/research-talks---storytellers24/ Wed, 26 Jun 2024 16:56:46 +0100 https://cr0wtom.github.io/projects/research-talks---storytellers24/ Title: How I Hacked My Way to the Security Sector {And why you should always do what you love, no matter what people say!} Abstract: It all started 30 years ago… hm, that’s a bit too much, let me try again. It all started 18 years ago, when I found a book of C in my uncles’ library. How stupid can you be to read C at 12 years old you might ask? https://cr0wtom.github.io/projects/research-talks---v2gevil/ Mon, 24 Jun 2024 16:56:46 +0100 https://cr0wtom.github.io/projects/research-talks---v2gevil/ This research is dedicated to enhancing the cybersecurity of electric vehicles, with a specific focus on identifying vulnerabilities in the Electric Vehicle Communication Controller (EVCC). This controller facilitates communication with the Supply Equipment Communication Controller during the charging process. Accessible through the On-Board Charging (OBC) port, which is as publicly available as the gas tank in combustion engine vehicles. The research journey began by studying the electric vehicle charging ports, how they communicate, and the standards they follow, especially focusing on ISO 15118. https://cr0wtom.github.io/projects/research-talks---need-for-speed/ Fri, 31 May 2024 16:56:46 +0100 https://cr0wtom.github.io/projects/research-talks---need-for-speed/ While the automotive industry starts to realize the mistakes of the past, penetration testers, researchers and automakers strive to create impenetrable vehicle components, with the ultimate purpose being safer streets inside and outside of our vehicles. However, as desirable as this can be, it had an impact in other aspects of the automotive landscape, notably in terms of privacy and ownership, out of many. Tuners and car enthusiasts, while they might have no direct connection to cyber security, they have significantly contributed to vehicle vulnerabilities and exploitation over the years. https://cr0wtom.github.io/projects/research-talks---back-to-the-future/ Thu, 04 Apr 2024 16:56:46 +0100 https://cr0wtom.github.io/projects/research-talks---back-to-the-future/ While hardware security is a topic of interest for decades, devices are constantly getting smaller, more powerful and more complicated. Most would assume that this resulted in higher security standards, but from our 100+ penetration tests in the (heavily hardware based) automotive industry, we beg to differ. With automotive suppliers trying to make everything work under heavily constrained environments, with limited resources both for energy and processing power, understandably many things are getting left out of the table, with one of the biggest victim being security. https://cr0wtom.github.io/projects/research---asrg/ Tue, 27 Feb 2024 16:56:46 +0100 https://cr0wtom.github.io/projects/research---asrg/ As the main contact of the ASRG Prague Group, I will be presenting a series of events, focused on Automotive Security. List to be updated with more information, as the events happen. Event 1: ASRG Prague Meetup: Vehicle (In)Securities - Part 1 Event Link LinkedIn Link https://cr0wtom.github.io/projects/research---obc-research/ Sun, 07 Jan 2024 16:56:46 +0100 https://cr0wtom.github.io/projects/research---obc-research/ Topic: Vehicle On-Board Charging Security Scanner Autor: Pavel Khunt Supervisor: Thomas Sermpinis University: Czech Technical University in Prague Type: Masters Thesis in the department of Informatics Abstract This thesis focusses on the cybersecurity of electric vehicles, with an emphasis on security issues associated with the On-Board Charging (OBC) port. I have developed a security tool that enables the enumeration and partial evaluation of the publicly accessible OBC port on European electric vehicles. https://cr0wtom.github.io/projects/research-talks---horror-stories/ Fri, 30 Jun 2023 16:56:46 +0100 https://cr0wtom.github.io/projects/research-talks---horror-stories/ In this talk, we will revisit some of the scariest stories we faced during more than 50 penetration testing and security research projects, with a twist. In the ever-emerging industry of automotive, with old and new OEMs trying to get a share of the pie, many things are at stake, with many things getting overlooked, forgotten, or even deliberately covered. We will go through a journey of critical findings in different targets and the constant battle between penetration testers, developers, and mid to upper management. https://cr0wtom.github.io/projects/2600---is-it-time-to-change-our-approach-to-security/ Mon, 07 Nov 2022 16:56:46 +0100 https://cr0wtom.github.io/projects/2600---is-it-time-to-change-our-approach-to-security/ One more article for the legendary 2600 magazine, going through the intresting and critical story of the Automotive security, and my views on where we are, where we are going, and what we should pay attention and change on our way there. Volume Thirty Nine Number Three - Autumn 2022. Buy the issue. 2600 Magazine https://cr0wtom.github.io/projects/research-talks---uds-fuzzing-troopers22/ Thu, 30 Jun 2022 16:56:46 +0100 https://cr0wtom.github.io/projects/research-talks---uds-fuzzing-troopers22/ The automotive industry presented significant advances in the sector in the last decade, to catch up with the technological advances of the world. Lack of proper regulations and security standards meant that automotive companies had to develop custom solutions most of the time, which resulted in a lot of security issues. Security testing also fell behind, as there was no significant need till now to test and research those devices, but with more and more connected components the risks are increasing rapidly. https://cr0wtom.github.io/projects/github---doip-cc-module/ Thu, 24 Feb 2022 16:56:46 +0100 https://cr0wtom.github.io/projects/github---doip-cc-module/ An enumeration and exploitation module for the UDS protocol on DoIP upon the ISO 13400-2, as a CaringCaribou contribution. It includes the following sub-functions: discovery - Scan for arbitration IDs where ECUs listen and respond to incoming diagnostics requests services - Scan for diagnostics services supported by an ECU ecu_reset - Reset an ECU security_seed - Request security seeds from an ECU dump_dids - Dump data identifiers with the read_data_by_identifier UDS service testerpresent - Force an elevated diagnostics session against an ECU to stay active seed_randomness_fuzzer - ECUReset method fuzzing for seed randomness evaluation Project Link https://cr0wtom.github.io/projects/github---uds_fuzzer-cc-module/ Wed, 24 Nov 2021 16:56:46 +0100 https://cr0wtom.github.io/projects/github---uds_fuzzer-cc-module/ A fuzzing module for the UDS protocol, as a CaringCaribou contribution. It includes the following sub-functions: seed_randomness_fuzzer: Supply the seed request process used by the target ECU and fuzz it to test for possible duplicates after a supplied Hard ECUReset (with flexibility on the reset method implementation), which means that the device is possibly vulnerable. delay_fuzzer: This is more of an exploitation sub-function, where a seed request process is supplied, alongside the seed from a single seed/key pair that a tester has acquired. https://cr0wtom.github.io/projects/research---dlt-daemon/ Tue, 11 May 2021 12:56:46 +0100 https://cr0wtom.github.io/projects/research---dlt-daemon/ Title: Improper Input Validation leads to buffer overflow in dlt-daemon Date: 12/05/2021 CVE-ID: CVE-2021-29507 CVSS Score: 6.5 (v3) Author: Thomas Sermpinis Versions: 2.10.0 < version <= 2.18.6 Package URL: https://github.com/GENIVI/dlt-daemon/ Tested on: dlt-daemon 2.18.6 The dlt-daemon includes a configuration file load functionality (-c) which is vulnerable to a buffer overflow vulnerability and allows a malicious user to supply a specially crafted configuration file which results in a segmentation fault after improper validation of the file content. https://cr0wtom.github.io/projects/research---aleth/ Mon, 11 Jan 2021 12:56:46 +0100 https://cr0wtom.github.io/projects/research---aleth/ Title: Stack based buffer overflow while parsing JSON file in Aleth C++ Ethereum client Date: 11/01/2021 CVE-ID: CVE-2020-26800 CVSS Score: 5.5 (v3) Author: Thomas Sermpinis Versions: <= 1.8.0 Package URL: https://github.com/ethereum/aleth Tested on: Aleth C++ Ethereum Client 1.8.0 An attacker can supply a specially crafted config.json file, consisting of 3764 left square brackets or more, which results in segmentation fault by the application. This immediately results in Denial of Service, and with more advanced exploitation it can have further implications, with higher severity security issues. https://cr0wtom.github.io/projects/research---socketio_2/ Tue, 08 Sep 2020 16:56:46 +0100 https://cr0wtom.github.io/projects/research---socketio_2/ Title: File Type Restriction Bypass in Socket.io-file NPM module Date: 31/07/2020 CVE-ID: CVE-2020-24807 CVSS Score: 7.8 (v3) Author: Thomas Sermpinis Versions: <= 2.0.31 Package URL: - Tested on: node v10.19.0, Socket.io-file v2.0.31, socket.io v2.3.0 All versions of socket.io-file are vulnerable to a file restriction bypass. The validation for valid file types only happens on the client-side, which allows an attacker to intercept the Websocket request post-validation and alter the name value to upload any file types. https://cr0wtom.github.io/projects/certifications---osce/ Mon, 07 Sep 2020 16:56:46 +0100 https://cr0wtom.github.io/projects/certifications---osce/ OSCEs have expert-level penetration testing skills. They have proven that they can craft their own exploits, execute attacks to compromise systems, and gain administrative access. The intense 48-hour exam also demonstrates that OSCEs have an above-average degree of persistence, determination, and ability to perform under pressure and can think outside the box to determine innovative ways of penetrating internal networks. An OSCE also has familiarity with more advanced protections like ASLR. https://cr0wtom.github.io/projects/research---detract-a-decentralized-transparent-immutable-and-open-pki-certificate-framework/ Fri, 07 Aug 2020 16:56:46 +0100 https://cr0wtom.github.io/projects/research---detract-a-decentralized-transparent-immutable-and-open-pki-certificate-framework/ The academic paper based on my masters thesis and research made during my work with the OSwinds research team of the Aristotle Unicersity of Thessaloniki got published in Springers’ Internationa Journal of Information Security by the name “DeTRACT a decentralized, transparent, immutable and open PKI certificate framework”. Thanks to the team, George Vlahavas, Konstantinos Karasavvas & Athena Vakali. Abstract Public key infrastructure (PKI) is widely used over the Internet to secure and to encrypt communication among parties. https://cr0wtom.github.io/projects/research---socketio/ Sun, 07 Jun 2020 16:56:46 +0100 https://cr0wtom.github.io/projects/research---socketio/ Title: Path Traversal in Socket.io-file NPM module Date: 18/05/2020 CVE-ID: CVE-2020-15779 CVSS Score: 7.5 (v3) Author: Thomas Sermpinis Versions: <= 2.0.31 Package URL: https://www.npmjs.com/package/socket.io-file Tested on: node v10.19.0, Socket.io-file v2.0.31, socket.io v2.3.0 All versions of socket.io-file are vulnerable to Path Traversal. The package fails to sanitize user input and uses it to generate the file upload paths. The socket.io-file::createFile message contains a name option that is passed directly to path. https://cr0wtom.github.io/projects/certifications---oscp/ Sat, 07 Dec 2019 16:56:46 +0100 https://cr0wtom.github.io/projects/certifications---oscp/ Offensive Security Certified Professional (OSCP) is an ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution (successor of BackTrack). The OSCP is a hands-on penetration testing certification, requiring holders to successfully attack and penetrate various live machines in a safe lab environment. An OSCP is able to research a network, identify vulnerabilities and successfully execute attacks. https://cr0wtom.github.io/about/ Tue, 05 Nov 2019 15:48:39 +0100 https://cr0wtom.github.io/about/ Thomas Sermpinis (a.k.a. Cr0wTom) is a distinguished security engineer and researcher currently serving as Device Security Engineer and Lead for TFH. In this capacity, he engineers innovative solutions that shape the future of security for next-generation hardware ecosystems. Concurrently, he guides the strategic direction of Auxilium Pentest Labs as a member of the Supervisory Board. Previously, as CTO of Auxilium, Thomas directed over 300 security assessments for top-tier automotive OEMs, ensuring the safety of global vehicle fleets. https://cr0wtom.github.io/references/ Tue, 05 Nov 2019 15:48:39 +0100 https://cr0wtom.github.io/references/ References Traceability decentralization in supply chain management using blockchain technologies DeTRACT: a decentralized, transparent, immutable and open PKI certificate framework UDS Fuzzing and the Path to Game Over Acknowledgements Automated tool for CAN bus message mapping Vehicle On-Board Charging Security Scanner Media References ISMG - The Auto Industry’s Achilles Heel: Cybersecurity Podcar.gr - Automotive Podcast (GR) Deepsec 2023 Press Release Deepsec 2024 Press Release ScapyCon24 Recap Daily Secu (KR) Daily Secu 2 (KR) Denis Laskov LinkedIn Automotive Blog - DEF CON Talk Denis Laskov LinkedIn Automotive Blog - V2GEvil Talk Denis Laskov LinkedIn Automotive Blog - The Matrix Unloaded Talk Randorisec 24Opole (PL) Po. https://cr0wtom.github.io/contact/ Tue, 05 Nov 2019 15:48:39 +0100 https://cr0wtom.github.io/contact/ Email https://cr0wtom.github.io/projects/2600---the-madness-debate/ Sun, 07 Jul 2019 16:56:46 +0100 https://cr0wtom.github.io/projects/2600---the-madness-debate/ 2600 is one of the oldest and most appreciated by me magazines in the security community. It is a joy to read, with interesting stories from hackers from all over the world. Writing to this legend was a must for me, so I composed a really interesting story, describing how privacy concern can drive you crazy, how it can lead you to losing everything and a debate on what can anc cannot be the attitute of online entities in our modern world. https://cr0wtom.github.io/projects/github---miai_remap/ Sun, 07 Apr 2019 16:56:46 +0100 https://cr0wtom.github.io/projects/github---miai_remap/ I created a Magisk module that allows you to remap the dedicated Mi AI hardware button of the Xiaomi Mi 9 and Mi Mix 3 to any one of 15 user-selectable functions. The mod is availavle in the Magisk store, and you can directly download it from there. Magisk Project Link Project Link XDA-Developers Thread Some blog threads that talked about my work: Thread 1 Thread 2 Thread 3 Thread 4 https://cr0wtom.github.io/projects/github---mi9_stereo_mod/ Sun, 07 Apr 2019 16:56:46 +0100 https://cr0wtom.github.io/projects/github---mi9_stereo_mod/ With this Magisk mod you can hear sound for both the speaker and the earpiece in stereo mod. Original module by acervenky for Mi 8, modified for Mix 3 by Nukeclears and for the Mi 9 by me. The mod is availavle in the Magisk store, and you can directly download it from there. Magisk Project Link Project Link https://cr0wtom.github.io/projects/github---cross-chain_transaction/ Mon, 07 Jan 2019 16:56:46 +0100 https://cr0wtom.github.io/projects/github---cross-chain_transaction/ This repo contains possible implementations for cross chain transactions platforms, that need support for multiple cryptocurrencies. Due to this fact several ways can be used to implement cross chain transactions. Some of the methods are described bellow, with PoC code in the folders of this repo. Project Link https://cr0wtom.github.io/projects/github---ethereum_voting/ Mon, 07 Jan 2019 16:56:46 +0100 https://cr0wtom.github.io/projects/github---ethereum_voting/ This is a project developed during my blockchain research in the Aristotle University of Thessaloniki. This project includes decentralized voting capabilities to support the decentralized addition of new organizations in the final Plastic Twist network (Horizon 2020 European Project). It uses the blockchain technology to exploit its capabilities and especially the Ethereum Blockchain, to be easily applicable to the initial system created by Almerys. Project Link https://cr0wtom.github.io/projects/github---hyperledger-voting-chaincode/ Mon, 07 Jan 2019 16:56:46 +0100 https://cr0wtom.github.io/projects/github---hyperledger-voting-chaincode/ This is a project developed during my blockchain research in the Aristotle University of Thessaloniki. This project includes decentralized voting capabilities to support the decentralized addition of new organizations in the final Plastic Twist network (Horizon 2020 European Project). It uses the blockchain technology to exploit its capabilities and the Hyperledger Fabric framework, to be easily applicable to the initial system created by Almerys. For more information, technical specifications and installation instructions head to the repo wiki. https://cr0wtom.github.io/projects/github---hyperledger_channel_configuration/ Mon, 07 Jan 2019 16:56:46 +0100 https://cr0wtom.github.io/projects/github---hyperledger_channel_configuration/ This is a project developed during my blockchain research in the Aristotle University of Thessaloniki. Hyperledger voting for new peer join in channel. This repo includes the setup and information needed to vote and join of a new peer in a hyperledger privet network channel. Project Link https://cr0wtom.github.io/projects/github---detract-sc/ Wed, 07 Nov 2018 16:56:46 +0100 https://cr0wtom.github.io/projects/github---detract-sc/ SSL/TLS Certificate Authority Replacement through Ethereum Smart Contracts. The project was developed alongside the academic paper based on my Master’s Thesis for Aristotle University of Thessaloniki. Project Link https://cr0wtom.github.io/projects/github---detract-t_bitcoin/ Wed, 07 Nov 2018 16:56:46 +0100 https://cr0wtom.github.io/projects/github---detract-t_bitcoin/ SSL/TLS Certificate Authority Replacement through the Bitcoin Blockchain. The project was developed alongside the academic paper based on my Master’s Thesis for Aristotle University of Thessaloniki. Project Link https://cr0wtom.github.io/projects/github---detract-t_ethereum/ Wed, 07 Nov 2018 16:56:46 +0100 https://cr0wtom.github.io/projects/github---detract-t_ethereum/ SSL/TLS Certificate Authority Replacement through the Ethereum Blockchain. The project was developed alongside the academic paper based on my Master’s Thesis for Aristotle University of Thessaloniki. Project Link https://cr0wtom.github.io/projects/github---mi_notebook_pro_mods/ Sun, 07 Oct 2018 16:56:46 +0100 https://cr0wtom.github.io/projects/github---mi_notebook_pro_mods/ Mi Notebook Pro by Xiaomi is a 15inch laptop which was widely adopted because of its good price/performance ratio. This made it a huge success and created a big community of hackers wanting to fix some minor issues that the laptop had, alongside adding new capabilities, like natevelly running MacOS. I created a repo including all the available mods, and additional stuff I created for this device. Project Link https://cr0wtom.github.io/projects/github---oscp-pwk-repo/ Sun, 07 Oct 2018 16:56:46 +0100 https://cr0wtom.github.io/projects/github---oscp-pwk-repo/ During my time at the PWK labs and for my OSCP preparation, I gathered a big amount of useful stuff that I want to share and make available to the community. With a huge amount of respect to the Offensive Security team, I will not disclose anything about the labs and the exam, but I will give general information and study lines for the young padawans out there who want to TRY HARDER! https://cr0wtom.github.io/projects/sbc-penetration-testing-with-raspberry-pi-hakin9/ Sun, 07 Oct 2018 16:56:46 +0100 https://cr0wtom.github.io/projects/sbc-penetration-testing-with-raspberry-pi-hakin9/ Instructor in the 4 week course for Hakin9 Media, in the topic of penetration testing with Raspberry Pi and other security related hardware. See project YouTube Video Sample https://cr0wtom.github.io/projects/research-talks---consensus-algorithms/ Sun, 07 Oct 2018 16:56:46 +0100 https://cr0wtom.github.io/projects/research-talks---consensus-algorithms/ Presentation at the “Bitcoin & Blockchain Tech Meetup (Thessaloniki)” taking place at Thessaloniki. Recording Meetup Link Slides https://cr0wtom.github.io/projects/research-talks---traceability-decentralization-in-supply-chain-management-using-blockchain-technologies/ Sat, 07 Jul 2018 16:56:46 +0100 https://cr0wtom.github.io/projects/research-talks---traceability-decentralization-in-supply-chain-management-using-blockchain-technologies/ Conference talk and paper proceeding in the 4th Olympus International Conference on Supply Chains (14-15 September 2018, Katerini), on the topic “Traceability Decentralization in Supply Chain Management Using Blockchain Technologies”. Co-author Christos Sermpinis. Abstract With the increase of web users and applications with real time requests, the ability to identify, track and trace elements of a product as it moves in the supply chain is deemed necessary, and for many industries is even mandated by national or international regulations. https://cr0wtom.github.io/projects/research---pki-decentralization-using-blockchain-technologies/ Mon, 07 May 2018 16:56:46 +0100 https://cr0wtom.github.io/projects/research---pki-decentralization-using-blockchain-technologies/ My masters thesis, supervised by Athena Vakali, was based on blockchain technologies with the title “PKI Decentralization Using Blockchain Technologies”. Abstract The Public Key Infrastructure (PKI) is used widely on the Internet in order to certify the identity of users, and as a result encrypt the communication between two parties and make it more secure. From this model, multiple problems can arise, most of them due to its centralized nature. In the past, there have been cases of Certificate Authorities distributing rogue certificates that resulted in attacks, targeting users of the system. https://cr0wtom.github.io/projects/research-talks---introduction-to-bitcoin-and-blockchain-technologies-greek/ Mon, 07 May 2018 16:56:46 +0100 https://cr0wtom.github.io/projects/research-talks---introduction-to-bitcoin-and-blockchain-technologies-greek/ Presentation at the “Bitcoin and Machine Learning joint meetup” taking place at Thessaloniki. Recording Slides Meetup Link Blog Post https://cr0wtom.github.io/projects/attack-and-defense-in-blockchain-technologies-hakin9/ Sat, 07 Apr 2018 16:56:46 +0100 https://cr0wtom.github.io/projects/attack-and-defense-in-blockchain-technologies-hakin9/ Instructor in the 4 week course for Hakin9 Media, in Blockchain security topics. See Project YouTube Video Sample https://cr0wtom.github.io/projects/attack-and-defense-in-blockchain-technologies-hakin9ebook/ Sat, 07 Apr 2018 16:56:46 +0100 https://cr0wtom.github.io/projects/attack-and-defense-in-blockchain-technologies-hakin9ebook/ Alongside the 4 week course for Hakin9 Media, in Blockchain security topics, an eBook was created with all the content of the course. See Project or buy the Book. https://cr0wtom.github.io/projects/academic---informatics-and-management-msc/ Wed, 28 Mar 2018 16:56:46 +0100 https://cr0wtom.github.io/projects/academic---informatics-and-management-msc/ Master’s Degree with title Informatics and Management from the Aristotle University of Thessaloniki and the department of Computer Science. Thesis: PKI Decentralization Using Blockchain Technologies (Grade: 10/10) Courses: Business Intelligence, IT Infrastructure, IT Business Systems, Worldwide Web, IT Project Management, Research Methodology and Data Analysis, E-commerce, Databases and Data Mining, Financial Risk Management Final Grade: 9,25/10 https://cr0wtom.github.io/projects/scholarship---troopers-18/ Wed, 07 Feb 2018 16:56:46 +0100 https://cr0wtom.github.io/projects/scholarship---troopers-18/ I received a scholarship covering the ticket to the TROOPERS 2018 information security conference in Heidelberg. Cr0w’s Place Vlog of Attendance BlackHat, TROOPERS and more! TROOPERS18 and a crazy journey! https://cr0wtom.github.io/projects/scholarship---blackhat2017/ Thu, 07 Dec 2017 16:56:46 +0100 https://cr0wtom.github.io/projects/scholarship---blackhat2017/ I received a scholarship covering the Academic Pass to Black Hat Europe 2017 in London. Cr0w’s Place Vlog of Attendance BlackHat, TROOPERS and more! BlackHat Europe 2017 – The Wrap Up https://cr0wtom.github.io/projects/scholarship---blackhat2017-asia/ Tue, 07 Mar 2017 16:56:46 +0100 https://cr0wtom.github.io/projects/scholarship---blackhat2017-asia/ I received a scholarship covering the Academic Pass to Black Hat Asia 2016 in Singapore. My road to BlackHat Asia 2017 and some updates! https://cr0wtom.github.io/projects/scholarship---troopers-17/ Tue, 07 Feb 2017 16:56:46 +0100 https://cr0wtom.github.io/projects/scholarship---troopers-17/ I received a scholarship covering the ticket to the TROOPERS 2017 information security conference in Heidelberg. Cr0w’s Place Vlog of Attendance My Road to TROOPERS Scholarship! – Part 1 My Road to TROOPERS Scholarship – Part 2 TROOPERS 17 – The Wrap Up https://cr0wtom.github.io/projects/bypassing-web-application-firewalls-hakin9/ Wed, 07 Dec 2016 16:56:46 +0100 https://cr0wtom.github.io/projects/bypassing-web-application-firewalls-hakin9/ Workshop Instructor in the 4 week topic, “Bypassing Web Application Firewalls”, hosted by the Hakin9 Magazine. See project YouTube Video Sample YouTube Video Sample 2 https://cr0wtom.github.io/projects/bypassing-web-application-firewalls-hakin9ebook/ Wed, 07 Dec 2016 16:56:46 +0100 https://cr0wtom.github.io/projects/bypassing-web-application-firewalls-hakin9ebook/ Alongside my 4 week topic, “Bypassing Web Application Firewalls”, hosted by the Hakin9 Magazine, an eBook was created with all the content of the course. See Project or buy the Book. https://cr0wtom.github.io/projects/web-application-hacking-advanced-sql-injection-and-data-store-attacks-hakin9/ Wed, 07 Sep 2016 16:56:46 +0100 https://cr0wtom.github.io/projects/web-application-hacking-advanced-sql-injection-and-data-store-attacks-hakin9/ Workshop Instructor in the 4 week topic, “Web Application Hacking: Advanced SQL Injection and Data Store Attacks”, hosted by the eForensics Magazine. See Project YouTube Video Sample https://cr0wtom.github.io/projects/web-application-hacking-advanced-sql-injection-and-data-store-attacks-hakin9ebook/ Wed, 07 Sep 2016 16:56:46 +0100 https://cr0wtom.github.io/projects/web-application-hacking-advanced-sql-injection-and-data-store-attacks-hakin9ebook/ Alongside my 4 week topic, “Web Application Hacking: Advanced SQL Injection and Data Store Attacks”, hosted by the eForensics Magazine, an eBook was created with all the content of the course. See Project or buy the Book. https://cr0wtom.github.io/projects/scholarship---blackhat2016/ Sun, 07 Aug 2016 16:56:46 +0100 https://cr0wtom.github.io/projects/scholarship---blackhat2016/ I received a scholarship covering the Academic Pass to Black Hat Europe 2016 in London. Cr0w’s Place Vlog of Attendance My road to BlackHat Europe so far (or how to get your scholarship)! My road to BlackHat Europe so far – Part 2 (Acceptance email) BlackHat Europe 2016 – Epilogue https://cr0wtom.github.io/projects/academic---administration-and-economics-bsc/ Thu, 30 Jun 2016 16:56:46 +0100 https://cr0wtom.github.io/projects/academic---administration-and-economics-bsc/ Bachelor’s Degree on Administration and Economics from the International Hellenic University with major in Supply Chain Management (Logistics). Major: Supply Chain Management Thesis: Integration of Near Field Communication technology into Warehouse Management Systems (Grade: 10/10) Courses: Mathematics, Consumer behavior, Informatics, Introduction to economics, Plant product processing, Animal product processing, HRM, Dissertation writing, Statistical and qualitative data analysis, Urban Commercial Law, Technical Chemistry, Business Administration, Marketing, Technology and Materials Management, Accounting principles, Industrial Processes in Manufacturing, Costing - Management Accounting, GIS, Quality control, Packaging and Standardization, E-commerce, Reverse and Green Logistics, Introduction to Logistics, Marking and Traceability, Organisational Behavior, Systems and Means of Transport, Inventory Management and Demand Forecasting, Warehouse Organization and Management, Quality management, Supply Chain Management, Research methodology, Purchasing management, CRM, Operational research, Management of services supply chain. https://cr0wtom.github.io/projects/research---integration-of-near-field-communication-into-warehouse-management-systems/ Tue, 07 Jun 2016 16:56:46 +0100 https://cr0wtom.github.io/projects/research---integration-of-near-field-communication-into-warehouse-management-systems/ My bachelors thesis, supervised by Dimitrios Folinas, was based on NFC and WMS technologies with the title “Integration of Near Field Communication into Warehouse Management Systems”. Abstract (Greek) Στην παρούσα εργασία θα αναφερθούμε και θα εξετάσουμε μία καινοτόμο εφαρμογή που έχει να κάνει με την εφαρμογή της τεχνολογίας NFC, και παράλληλα της πολιτικής BYOD, στα συστήματα WMS. Τα κύρια σημεία που εξετάστηκαν είναι το αν υπάρχει ενδιαφέρον από τους εργαζομένους, όσο αναφορά την εφαρμογή ενός τέτοιου συστήματος στον χώρο εργασίας τους, και αν είναι δυνατή η ανάπτυξη ενός ολοκληρωμένου συστήματος με την προσθήκη των τεχνολογιών και πολιτικών που προτείνονται. https://cr0wtom.github.io/projects/pentesting-with-kali2-hakin9/ Tue, 07 Jul 2015 16:56:46 +0100 https://cr0wtom.github.io/projects/pentesting-with-kali2-hakin9/ Co-Workshop instructor in the topic “Penetration Testing with Kali 2.0” due to the release of the second version of the Kali OS, hosted by the PenTest Magazine. See project https://cr0wtom.github.io/projects/research-talks---integration-of-augmented-reality-technology-into-warehouse-management-systems/ Tue, 07 Apr 2015 16:56:46 +0100 https://cr0wtom.github.io/projects/research-talks---integration-of-augmented-reality-technology-into-warehouse-management-systems/ Conference talk in the “12th Student Conference on Management Science and Technology” taking place in Athens on 14th of May 2015. The subject is my innovative idea on the “Integration of Augmented Reality technology into Warehouse Management Systems” based on my paper made in the context of my studies in the Technological Educational Institute of Central Macedonia. Conference Link Slides https://cr0wtom.github.io/projects/research-talks---integration-of-near-field-communication-technology-into-warehouse-management-systems/ Tue, 07 Apr 2015 16:56:46 +0100 https://cr0wtom.github.io/projects/research-talks---integration-of-near-field-communication-technology-into-warehouse-management-systems/ Conference talk in the “12th Student Conference on Management Science and Technology” taking place in Athens on 14th of May 2015. The subject is my innovative idea on the “Integration of Near Field Communication technology into Warehouse Management Systems” based on my paper made in the context of my studies in the Technological Educational Institute of Central Macedonia. Conference Link Slides https://cr0wtom.github.io/projects/android-malware-analysis-hakin9/ Wed, 07 Jan 2015 16:56:46 +0100 https://cr0wtom.github.io/projects/android-malware-analysis-hakin9/ Workshop Instructor in the 4 week topic, “Android Malware Analysis”, hosted by the eForensics Magazine. See Project https://cr0wtom.github.io/projects/pentesting-with-android-hakin9/ Wed, 07 Jan 2015 16:56:46 +0100 https://cr0wtom.github.io/projects/pentesting-with-android-hakin9/ Workshop Instructor in the 10 week topic, “Penetration Testing with Android Devices”, hosted by the Pentest Magazine. You can find more here. https://cr0wtom.github.io/projects/research-talks---penetration-testing-with-android-devices/ Sun, 30 Nov 2014 16:56:46 +0100 https://cr0wtom.github.io/projects/research-talks---penetration-testing-with-android-devices/ One of my first talks in the security industry happened in the Google DevFest 2014 Season of Thessaloniki. A brief visit to the ways of performing penetration testing with an Android device was presented. Conference Link Slides Recording https://cr0wtom.github.io/projects/deltahacker---all-articles/ Sun, 07 Sep 2014 16:56:46 +0100 https://cr0wtom.github.io/projects/deltahacker---all-articles/ For a couple of years I was colaborating with DeltaHacker as a Magazine Editor for penetration testing and cyber security technical topics, under my Cr0wTom alias. I wrote 10 articles in total, for which you can find abstracts of the article in my blog, in Greek. DeltaHacker alongside my personal blog, can be considered my start in the security industry, my first steps and some really exciting times with people from the Greek hacking community that I really apreciate. https://cr0wtom.github.io/projects/awards---trackandfield/ Sat, 07 Dec 2013 16:56:46 +0100 https://cr0wtom.github.io/projects/awards---trackandfield/ I was a Professional Track and Field Athlete in the Greek team of Iraklis Gymnastics Club of Thessaloniki under the supervision of coach (Dr.) Theodora Ountzoudi. Some of my greatest achievements during my career, were: Greek Champion 4x400m Relay 2013 Greek Champion Under 22 4x400m Relay 2013 2nd Greek Champion Under 22 4x400m Relay 2014 Greek Army Champion 4x100m Relay 2014 (Hellenic Air Force) Honorary selection for reduced military service Additionaly, I received a reduction in my military services from the Armed Forces Supreme Council of Sports, due to my nationwide victories in my sport.