Save the date for #DefCamp2018

Things are usually written in 0’s and 1’s. The key numbers for DefCamp this year are 8 & 9.
How? Easy!

The 9th edition of DefCamp will take place on November 8th – 9th 2018, in Bucharest, Romania.

Try to remember that 🙂

Now going to the latest news of the edition, we are happy to announce that we expect 1500 attendees from all over the world. And because we grow every year with your support, we invite you to actively get involved and propose what cyber security speakers you would like to see on stage at DefCamp 2018?

Include your choices here.

Once again Bucharest will become the capital of cybersecurity for two days and attendees can learn the latest news from the industry.

Don’t forget that the time flies; this year’s conference is only months away which means that very early bird tickets (50% discount from the Late Tickets) are available only until August 15th.

What to expect from this year’s conference edition?

  • Topics: Cyber (In)Security related to SMEs, Corporate Hacking, Ransomware, Malware, Car hacking, Medical hacking, Fintech hacking & More
  • 2 days packed with cyber security
  • 3 parallel tracks hosting over 40 speakers and 50 hours of presentations
  • 1 Hacking Village with over 10 competitions (new challenges will be added)
  • 1,500 attendees with a background in cyber security, information technology, management or students eager to learn from the best

How to get involved?

Join DefCamp Partner up Speak Call for contests Volunteer
Buy ticket! Become our sponsor! CFP Open! Enroll in the Hacking Village! Be part of the team!


DefCamp 2016 promises an edition to remember

It’s official! The 7th edition of DefCamp promises hot briefings, challenging competitions, real hands-on experiences and a place for companies to discover answers for their burning challenges. All under one roof from Bucharest, Romania at the beginning of November.
DefCamp 2016

For this new edition, DefCamp brings internationally recognised industry leaders ready to share knowledge and present latest threats from the market.

Five years ago there were only 80 attendees in Bran, now more than 1,000 professionals are expected to join. We encourage both students and specialists from the cyber security area, along with people passionate about hacking to come and be ready to put their skills to the test in at least one of the contests that the team has prepared for them. Hacking Village is the special place to be for all the participants who want to test their skills in different competitions and challenges because these competitions are essential as any topic related to cyber security must have in mind two main subjects: the solution and the part where you identify the problem.

Because of the high interest for IoT Village we decided to increase the number of competitions and encourage other companies to bring their own contest. This is the chance to bring innovation on the table through new ways of highlighting the importance of rising awareness on the cyber security topic.

The Startup Corner is also one of the new kids on the block as it’s a new area to be developed this year. The idea behind is to encourage security startups to show themselves and present their solutions during the conference, they benefit from a free access to the conference and free booth at Hacking Village area.

Moreover, Masterclass section is specially designed to bring companies and security experts closer in order to share knowledge on sensitive topics.

Last, we have a dedicated section for companies who are planning to recruit local talent for the cyber security field and an exclusive corner to showcase products & technologies.

“Five years ago this conference became real due to passion. Now, in 2016, before we start a new edition, I am still impressed about people’s motivation and specialist’s involvement, and also all the ideas generated in the two days we hold the conference. For DefCamp #7 we emphasize the competitions so that people can learn in a hands-on manner what hacking is and what sort of issues can appear in hardware or software. For this, we’ve got the famous Wall of Sheep, where we can see in real time and show the people also, what means to not have a secured connection and just give your information out to anybody who is interested enough to get it. Additionally, we’ve got amazing speakers from all over the world, people that are well known in their area of activity. We are glad and honored they accepted our invitation once again. If our estimations are right, the 2016 edition will be the most prolific one yet.”, says Andrei Avădănei, founder and DefCamp coordinator.

If DefCamp looks appealing for your company, learn more about what’s in for you or if you are looking for a seat for the 7th edition, now it’s the perfect time of the year to register for DefCamp 2016.

About DefCamp

Since 2011 and until now, DefCamp managed to attract almost 3.000 attendees from 50 countries and 95 cities to Romania, people interested in hacking and cyber vulnerabilities, and also keys for online protection. The audience is quite balanced, as it goes: 25% cyber security, 25% top management, 25% development, and the rest of the 25% are nicely split between institutions and NGOs, academic attendees or students.

DefCamp 2015 – the sixth edition come to an end

DefCamp 2015 come to an end. The sixth edition of the largest cyber security & hacking conference from the Central Eastern Europe became a must-attend event in Bucharest, Romania.

defcamp 2015 conference

More than 850 industry specialists, university & government representatives and students joined from 30+ countries joined at the event.

The event covered hot topics showcased by almost 30 internationally recognised speakers regarding the safety of citizens and also introduced discussion regarding infrastructures security, privacy & offensive security. Moreover, during the event the attendees had the chance to join to really challenging hands-on activities such as:

  • DefCamp Capture the Flag (D-CTF) – at the Qualification Phase almost 1,000 teams from more than 80 countries joined and the best 15 teams from 10 countries joined at the final organised during DefCamp, ended with the D-CTF Final Awards, the finalists winning prizes of more than 3,000 USD
  • App2Own Bug Bounty Contest powered by Orange Romania – a pre-event contest where anyone could join and discover vulnerabilities, while later on, reporting them in a responsible manner would have help the individual boost his score in the contest
  • IoT Village powered by Bitdefender – a hacking place during DefCamp where you could involve into the discover of 0-day vulnerabilities in common IoT Devices
  • Target John – a Treasure Hunt like contest for the attendees
  • Hack the Bank – the attendees had the chance to hack an online e-payment gateway and later on “cash out” the money from a custom made ATM
  • Wall of Sheep – a passive activity meant to raise awareness through attendees about the risks of accessing public Wifi hotspots without any protection

At the end, we really believe that DefCamp #6 was a great experience for local and foreign attendees and our organization already preparing for the 7th edition expected to be even better, with more high quality presentation, more challenging activities and more surprises to be announced. Thank you for trusting us! 🙂

Defensive Cyber Operations Engineer (DCOE) Training in Romania

Develop your cyberspace operations skills for the deployment of DCO, NETOPS, and OCO.

In this course, you will acquire the skills for the planning, executing, and integrating defensive cyberspace operations (DCO) into organizational missions and DCO requirements. The course builds on the planning skills learned in the Introduction to Cyber Warfare and Operations Design (ICWOD) course. Adversarial use of tools and their associated techniques are presented to assess network vulnerabilities and to defend friendly networks against adversary threats.

The course covers the use of open source tools and websites for system configuration, penetration testing, and control testing. You will use Linux and Windows command lines and unleash an attack on target servers and analyze the results. Attacks and analysis of will expose you to live attacks in a controlled environment where students can see first-hand the adversary realm of possible actions, how to detect, mitigate, and counter such activities.

Note: This course requires you to bring your own laptop preloaded with VMware Workstation 9 or 10.

Defensive Cyberspace Operations Engineer (CSFI-DCOE)

Trainer – Michael Walker
HeadshotMichael Walker is the Chief Operations Officer of CyINT LLC. In this capacity, he is in responsible for all activities related to Penetration Testing and the Security Operations Center which handles log management and intruder detection systems. He has 10 years of experience in the network security field working with various commercial institutions and Government agencies. Michael is also a Military Intelligence Officer in the Maryland Army National Guard with a background in cyber intelligence analysis and information operations.


Course Length: 3 days
Course Date: 21th – 23th October
Bucharest, Romania

What you will learn

  • Assess adversary intent and how threat vectors can support malicious intent
  • How to counter known and emerging threat vectors
  • Allocation and guidance for resource usage to counter adversary threats
  • Integration of DCO into larger organizational constructs
  • Deception methods
  • Data exfiltration and defense against exfiltration methodologies

Who needs to attend

  • Information operations officers
  • Information security / assurance professionals
  • Cybersecurity consultants
  • Cyber planners
  • Military members (J2, J3, J6)
  • Security analysts
  • Network security engineers
  • Penetration testers
  • Auditors
  • Security engineers


Recommended “Introduction to Cyber Warfare and Operations Design” – ICWOD.

Course Outline

1. Operational Environment

  • DCO Planning
  • Cloud Operations
  • Network Packet Capture and Data Exfiltration
  • Windows and Linux Operating System Differences and Configurations
  • Wireless Networks Operations and Access
  • Open Source Tool Usage
  • Network and Internet Reconnaissance

2. Defensive Methods

  • Adversary Perspective of Target Selection
  • Tool Capability and Countermeasure Planning
  • Maltego
  • Metasploit
  • Social Engineering Toolkit (SET) Usage
  • Defensive Tools for Network Threat Situational Awareness
  • DS/IPS – Snort
  • Honeypots
  • Detection Avoidance
  • Malware Analysis

3. Payload configuration and tool customization

  • Target Selection to Support Adversarial Intent
  • Tailoring Payloads to Adversary Intent
  • Payload Detection Avoidance
  • System Log Analysis
  • Sensor Adjustments
  • Payload Altering
  • Current Threat Detection
  • Emerging Threat detection

4. Web Application Defense

  • SQL Injection
  • Cross Site Scripting
  • Local File Inclusion
  • Remote File Inclusion
  • Web Shells

Introduction to Cyber Warfare and Operations Design Training in Romania

Learn the core set of skills needed for practical and dynamic cyber defense and set the foundation to become a CSFI-DCOE.

This course provides a basic understanding of full-spectrum cyberspace operations, the complexities of the cyberspace environment, as well as planning, organizing, and integrating cyberspace operations. The course will consist of presentations and exercises that will teach you how to develop a cyber-operations design and bring it to fruition. At the conclusion of the course, you will have a fundamental understanding of how to analyze, plan for, and execute cyberspace operations.

Trainer – Anthony Guess-Johnson
Anthony Guess-Johnson CSFIMr. Anthony Guess-Johnson assists CSFI in regards to fostering and promoting collaboration of cyberspace topics among interested parties.

He has operational experience from serving seventeen years of active duty in the United States Marine Corps to include: two deployments to Iraq, two deployments to Afghanistan, one deployment to the Mediterranean Sea, and six tours in Okinawa Japan.

Serving the Marine Corps Reserve forces, he assists the Marine Corps with personnel training and support to exercises. In his professional capacity he assists the John’s Hopkins University Applied Physics Laboratory with project support and development. In assisting CSFI Mr. Guess-Johnson has taken feedback and lessons learned from CSFI collaboration forums and applied them to contemporary challenges.

He has presented to the George Washington University and multiple conferences addressing challenges within cyberspace operations, the importance of collaboration among interested parties, and recommended approaches to challenges. Mr. Guess-Johnson also assists with the review of CSFI training curriculum, course structure, and the design of collaboration forums.


Course Length: 2 days
Course Date: 19th – 20th October
Bucharest, Romania

What you will learn

  • Cyberspace operations methodologies
  • Integration of cyberspace capabilities
  • The role of Information Assurance in cyberspace operations
  • Training and developing the cyber workforce
  • Designing cyber related organizations

Who needs to attend

  • Anyone interested in the field of cyber warfare/cyber operations
  • Anyone looking to expand a cyber-security career
  • Military commanders
  • Information-operations officers
  • Information security/assurance professionals
  • Cyber-security consultants
  • Cyber planners
  • Military members (J2, J3, J5, J6, J9)
  • Security analysts
  • Network-security engineers
  • Penetration testers
  • Auditors
  • Government officials
  • Security engineers


There are no prerequisites for this course. Just bring a laptop.

Follow-On Courses

CSFI: Defensive Cyber Operations Engineer (DCOE)

Course Outline

1. Understanding the Cyberspace Environment and Design

  • Cyberspace environment and its characteristics
  • Developing a design approach
  • Planning for cyberspace operation

2. Cyberspace Operational Approaches

  • Foundational approaches that utilize cyberspace capabilities to support organizational missions
  • The pros and cons of the different approaches
    (This module sets the foundation for CSFI Cyberspace Operations Strategist and Planner [CCOSP] advanced course.)

3. Cyberspace Operations

  • Network Operations (NETOPS)
  • Defensive Cyberspace Operations (DCO)
  • Offensive Cyberspace Operations (OCO)
  • Defense and Diversity of Depth network design
  • Operational methodologies to conduct cyberspace operations

4. Cyberspace Integration

  • Design a cyberspace operation and integrate it with a Joint Operations plan
  • Practice the presented methodologies in a practical application exercise

5. Building Cyber Warriors and Warrior Corps

  • The warrior and warrior corps concept as applied to cyber organizations
  • The challenges of training and developing a cyber workforce from senior leadership to the technical workforce

6. Designing Cyber Related Commands

  • Mission statements
  • Essential tasks
  • Organizational structures
  • Tables of organizations

7. Training and Readiness for Cyber Related Commands

  • Mission Essential Tasks (METs)
  • Developing the cyber workforce
  • Plan your own training programs within your organization

8. Final Exercise

  • You will presented with a scenario from which all previous instruction topics and exercises will be used to develop and integrate a cyber plan
  • The exercise will also include a brief Rehearsal of Concept (ROC) and Table Top Exercise (TTX) to exercise and evaluate your developed plan

Test your website for BashSmash (CVE-2014-6271) online

A Critical remotely exploitable vulnerability has been discovered in the widely used Linux and Unix command-line shell, known as Bash, aka the GNU Bourne Again Shell, leaving countless websites, servers, PCs, OS X Macs, various home routers, and many more open to the cyber criminals.

Earlier today (September 24th 2014), Stephane Chazelas publicly disclosed the technical details of the remote code execution vulnerability in Bash which affects most of the Linux distributions and servers worldwide.

The vulnerability (CVE-2014-6271) affects versions 1.14 through 4.3 of GNU Bash and being named as Bash Bug, and Shellshock by the Security researchers on the Internet discussions.

According to the technical details, a hacker could exploit this bash bug to execute shell commands remotely on a target machine using specifically crafted variables. “In many common configurations, this vulnerability is exploitable over the network,” Stephane said.


How to test your website for BashSmash (CVE-2014-6271)

CCSIR developed an online application where you can test a website to see if it’s vulnerable to BashSmash. Check your website here.

How to DDoS through Facebook Datacenter with almost 1Gbps. They’ve started to care!

The vulnerability, found by Teofil Cojocariu in June 12, Security Researcher has a simple concept but it can leave a big impact on websites of small companies or individuals. He made Open Source the script that exploits this vulnerability, leading to a Distributed Denial of Service (DDoS) of ~1Gbps using Facebook datacenter.

Update: Facebook now expires the unique identifier after few refreshes.

facebook ddos ccsir

Facebook encountered a similar situation this year, an issue that was reported by Security Researcher Chaman Thapa (nickname chr13). Unfortunately, at that time, Facebook replied with an unexpected answer:

“In the end, the conclusion is that there’s no real way to us fix this that would stop “attacks” against small consumer grade sites without also significantly degrading the overall functionality.”

At the beginning of June 2014, Facebook introduced a new feature to refresh attachments. Teofil Cojocariu, Security Researcher at Cyber Security Research Center from Romania – CCSIR discovered the issue and reported to Facebook on June 13th. At the end of July Facebook replied back and made some limitations, although small companies will still get affected by the vulnerability.

Teofil was really excited because it seems that Facebook finally changed their attitude regarding the damage they could make by using their datacenter to DDoS victims.

“I’m happy to see that now Facebook tried to make some limitation. A step forward for protecting the internet ecosystem.”, explained Teofil for

Steps to reproduce

1. Find the biggest image on a site/server with Google.
2. Publish that link to Facebook with “Only Me” privacy option.
3. Refresh the attachment from right corner of that post while you are sniffing or simple view in browser the requests.
4. Put the needed data from request to POC script.
5. You are now able to give DDoS from Facebook Datacenter (multiple IPs are involved).

“I have tried few times this script and the maximum bandwidth was 934.06 Mbps, but we should take into consideration that I sent the traffic to one of my server that has 1 Gbps port, so I think there is no limitation on output.”, Teofil added.

Simple POC Script


Although this situation is solved, please keep in mind that there are so many Cloud services out there free or with small fee rates that could be used to denial critical infrastructure services with a minimum effort.


Jun, 2014 – Facebook adds new feature to refresh attachments.
Teofil – Jun 8-12, 2014 6:19pm – Discovered in one of this days.
Teofil – Jun 13, 2014 6:19pm – Reported to Facebook.
Facebook – Jun 13, 2014 6:22pm – Automatic reply from Facebook.
Facebook – Jun 14, 2014 1:00am – A Security Engineer from Facebook said that this is interesting and forward the problem to the responsible team.
Facebook – Jul 28, 2014 8:13pm – Facebook replied telling him to test it again because there was a fix on the server.
Teofil – Jul 31, 2014 10:59pm – Message that the problem seems to be fixed, but the limitation are quite high, so small companies can still have problems.
Facebook – Aug 1, 2014 1:17am –  500$ Bounty 🙂

Related articles

DefCamp 2014 – 5th edition of the international hacking and information security conference in Romania

Between November 25th – 29th at Crystal Palace Ballroom, Bucharest – Romania, Cyber Security Research Center from Romania – CCSIR is hosting one of the most mesmerizing events of hacking & information security from Central Eastern Europe, Defcamp.


Already at the 5th edition, the event continues to emphasize through sparkling debates about sensitive topics regarding cyber security  but also through the famous international competition. At the event, Romanian and foreign speakers will present fresh news about cyber security, cyber war, identification and prevention mechanisms but also 0days and new vulnerabilities doubled by the night sessions where there will be presented specific case studies.

DefCamp 2014 is the biggest event in information security & hacking field from Romania and also one of the biggest from Central and Eastern Europe, awaiting over 600 participants from Romania and neighboring countries, participants with varying knowledge and experience – from students to industry leaders, trainers, and information security experts and researchers.

Several confirmed speakers are Mika Lauhde Vice President, Government Relations and Business Development – SSH Communication SecurityPaul de Souza, Director of Cyber Security Forum Initiative (CSFI) – Defcamp’s 2014 Keynotes, Selene Giupponi, Head of Digital Forensics Unit @The Security Brokers, Paolo “Aspy” Giardini, Director OPSI, Roger W. Kuhhn JR. – CSFI Advisory Board Director, Raoul “Nobody” Chiesa, President of The Security Brokers.

“The event from this fall is for sure long expected by many Romanian and not only them; the researches that were made during the year and the cyber environment problems identified  will be analyzed by European and USA leaders. For 2014, we estimate that we’ll have the higher density of security specialists on square meter from the beginning of times. The activities, the knowledge and the Defcamp community succeeds to develop every year the event.”, said Andrei Avădănei founder and coordinator of the Defcamp conference.


Among the news of the year we have the pre conference  trainings.Together with Cyber Security Forum Initiative, the biggest US security experts organization with over 50,000 members, we bring for the first time in CEE a  training that provides a basic understanding of full-spectrum cyberspace operations, the complexities of the cyberspace environment, as well as planning, organizing, and integrating cyberspace operations – Cyber Warfare Operations & Design. This one is strengthened by other two workshops organized in partnership with Security Brokers Academy: Digital Forensics  – provides a basic overview on methodologies and techniques which should be used when dealing with the extraction and analysis of data from digital media (hard drives, memory cards, USB sticks, etc..) and  Open Source Intelligence (OSINT) – the goal is to provide knowledge about the world of intelligence, related disciplines, and then focus on the analysis of open sources and its practical applications.

Furthermore,  Call for Papers is officially open so we invite all the security specialists to apply to speak at the conference. Through the important activities  DefCamp has this year, we can mention:

  • DefCamp Capture The Flag (D-CTF), one of the biggest CTF competition from CEE with up to 3,000 EURO cash prizes
  • Free Pentest on Demand, free pentest for the registered participants
  • Target John, Hack The Machine, App2Own – competitions for all the cyber security  passionates

It’s time to get into the Defcamp vibe! For more details you can access the conference website or you can contact us directly at [email protected]

CCSIR at “Cyber Security Challenges in Europe” Organised by ENISA, Brussels

Last week of April 2014 created the opportunity for Cyber Security Research Center from Romania – CCSIR to meet important representatives of European communities. They have experience and know-how to deliver CTF competitions at European level. The workshop was organised by ENISA and DG CONNECT in Brussels under the brand Cyber Security Challenges in Europe.

ccsir enisa

The participants of the workshop have discussed about the existent cyber challenges competitions and their future, along with the problems they identified during the events.

Objectives of the workshop

  • To present each existing example;
  • To inform, discuss and share ideas on an European level approach towards challenges;
  • Create synergies and help each other in reaching out to stakeholders;
  • Networking between teams.

DefCamp Capture The Flag

Andrei Avădănei, President of CCSIR discussed about DefCamp CTF (DCTF), the most disruptive competition from Romania that is mostly focused on creating an international competition for CTF enthusiasts. He identified several problems in last 4 years of DCTF.

Drapeaux européens devant le Berlaymont

  • CTF is a game mostly for young security passionate
  • Lack of public and private sectors funding public CTFs
  • Building challenges both realistic and technical stimulative
  • The approach – Red vs Blue Teams, Categories Based, Hack the Machine, App2Own, Cyber Attack Scenarios etc.
  • Security Departments from private sector underestimate the value of pushing their teams into competition (close door or public)

At the end of his intervention, Andrei proposed several solutions for those problems and, of course, for a future European CTF competition. CCSIR strongly believes in the power of Capture The Flag competition to build and keep up to date cyber security experts in Europe and other nations.

Microbe – simplified pentesting tool for Chrome users

Microbe is a Google Chrome extension created by Cosmin Gheorghita, 19 years old romanian developer. Extension has been developed for Web penetration testers, although some of its components can be individual applications themselves, like the cookie manager, form handler or Krypton.

Since one of the most influential and destructive attack methods on the Web is SQL injection, Microbe has been designed to help you perform those kind of attacks more easily by using shortcodes, but this doesn’t make Microbe an exclusive SQL injection tool. It servers multiple purposes such as:

  • Current Request
  • HTTP Headers
  • Cookie Manager
  • Form Handler
  • Krypton
  • Proxy Manager
  • Overrides and Disablers
  • Filter Evasion & Prepared Statements


Installation and Accessibility

Microbe can be found on the official Google Web Store: and you can read more about it on the official website.

After you’ve pressed the install button and you’ve given it access to the stuff it needs in order to function, right click on a Web page and select “Inspect Element”. On the right, in DevTools’ navigator, you’ll find a newly installed link that says “Microbe”, click on it and you’re there.

Unfortunately, Google doesn’t allow its extension developers to open a DevTools page from a custom button, for security reasons, so that’s why you must get to Microbe via “Inspect Element”. Or you can press F12 on a PC (CMD + ALT + I on a Mac) to open it up by its shortcut.

In the end

Microbe has a dedicated website where you can read more about the extension, you can report bugs and of course, you can support his project with donations.