What an incredible start to 2024.
I’ve had some incredible opportunities and I’ve been able to do some really interesting things.
I continue my role as ambassador for the Aerospace industry within the “L’Aéro Recrute” program with the support of My Job Glasses and GIFAS – Groupement des Industries Françaises Aéronautiques et Spatiales, to promote the Aerospace, Sace, Defense and Security sector.
I took part of the « Introduction to Cybersecurity in Space Systems » course provided by Tim Fowler during the march summit, The Most Offensive Con that Ever Offensived – Bypass Edition! organized by Antisyphon Training. More here.
My work about the analysis of the Viasat Cyber Attack has been quoted and highlighted by Tim Fowler during this course.
- A a reminder, I did an analysis of the Viasat cyber attack with the MITRE ATT&CK® framework.
- I also wrote a post mortem investigation about the Viasat Cyber Attack.
I successfully passed the Certificate of Competence in Zero Trust (CCZT) from the Cloud Security Alliance (CSA). CCZT enables you to understand and implement Zero Trust principles into business planning, enterprise architectures, and technology deployments. More about CCZT.
I was quoted in the following article alongside Gerome Billois (Partner – Cybersecurity and Digital Trust – Wavestone) and Martial Gervaise (Cybersecurity Expert – Former Deputy Director at Orange Group). This article shows how important it’s to have a guideline in your cybersecurity career. This article shows also how it’s important to share whith others. It’s not by staying on your own that you grow the community. It’s by sharing that we collectively increase our skills. Cybersecurity grows when it’s shared.
I was elected as a CyberStar (or SpaceCyberStar) by Yohann BAUZIL. CyberStar is a program that highlights those who work to make cybersecurity a reality on a daily basis, either by sharing their knowledge or by their work.
I was choosen as ethicallyHackingspace(eHs)® h4ck32n4u75™ (Hackernauts) Community Member. Thank’s to William Ferguson for this distinction.
I wrote an article to explain how I used the new MITRE EMB3D™ threat model to identify Siemens PLC vulnerabilities potentially exploited by the Stuxnet worm. On May 13, 2024, MITRE released EMB3D™, a cybersecurity threat model for embedded devices. I carried out the following exercise to test and evaluate this new model.
- The first step was to identify the properties of the Siemens PLC by analyzing the data sheet.
- Next, I used the Properties tool to select the properties relevant to Siemens PLCs.
- Finally, I used the mapping tool to list the threats that represent a viable risk for Siemens PLCs.
The next step is to check whether these vulnerabilities have been exploited by the Stuxnet worm.
I’d like to thank everyone who has followed me, encouraged me and supported me.
I hope all the information I share with you is interesting and helps you keep up to date and learn more.
But stay tuned because the rest of 2024 promises to be just as incredible and intense.
Until then, take care.
Coming soon : My article on Pentestmag