[{"content":"","date":"3 April 2025","externalUrl":null,"permalink":"/","section":"Bertrand Martin","summary":"","title":"Bertrand Martin","type":"page"},{"content":"I\u0026rsquo;ve created a very simple command-line game that challenges you to correctly conjugate Italian verbs (for now in the present tense). This game is totally inspired from the Guessing game in the Rust book. It also came to me during a similar exercice in my Italian book. The game randomly selects a pronoun-verb pair, and you test your Italian knowledge by providing the proper conjugation. It\u0026rsquo;s simple yet effective for language practice and manipulate some simple concept in programming (string manipulation, simple control flow,..)\n👉 Check out the code on my GitHub\nEmbracing Rust: From Blockchain to Language Learning # My journey with Rust began while working on the PQB project, where we needed smart contracts for the NEAR blockchain. What started as a necessity for this university project evolved into a genuine interest.\nI decided to adapt the classic guessing game example into something personally meaningful. This Italian practice tool serves a dual purpose:\nProviding practical Rust coding experience Creating something useful for my language learning Each feature I add is both a Rust learning opportunity and a chance to improve my Italian study toolkit.\nThe Italian Connection: Preparing for Roma # Since January, I\u0026rsquo;ve been taking classes at the Instituto Italiano di Cultura di Dakar, preparing for an upcoming move to Rome with my family. While classroom learning is invaluable, I wanted a supplemental practice tool I could use anytime.\nThe current version focuses on present tense conjugations, but I would like to expand it to include:\nPast tense practice (passato prossimo) Future tense challenges Irregular verb special exercises Vocabulary building features Using GitHub # This project has also been the perfect opportunity to properly build a GitHub presence. I\u0026rsquo;ve been:\nLearning best practices in unsing Git for repository organization Following the Git Immersion labs Setting up proper documentation What\u0026rsquo;s Next? # As both my Italian and Rust skills improve, so will this project. I\u0026rsquo;m planning to add difficulty levels, expand the verb database, and potentially create a simple web interface ( with a server built in Rust \u0026#x1f980; )\nFollow my journey from code to Rome as I continue building and learning!\n","date":"3 April 2025","externalUrl":null,"permalink":"/posts/italianguessinggame/","section":"Posts","summary":"Learn Rust - Learn Italian - Use Github","title":"Italian Guessing Game","type":"posts"},{"content":"","date":"3 April 2025","externalUrl":null,"permalink":"/posts/","section":"Posts","summary":"","title":"Posts","type":"posts"},{"content":" Source Type Category Difficulty Cyberdefenders Lab Malware analysis Easy Scenario # Your cybersecurity team has been alerted to suspicious activity on your organization\u0026rsquo;s network. Several employees reported unusual behavior in their browsers after installing what they believed to be a helpful browser extension named \u0026ldquo;ChatGPT\u0026rdquo;. However, strange things started happening: accounts were being compromised, and sensitive information appeared to be leaking.\nYour task is to perform a thorough analysis of this extension identify its malicious components \u0026#x1f680;.\nQ1 : Which encoding method does the browser extension use to obscure target URLs, making them more difficult to detect during analysis? # I look at the code provided in the challenge. In the app.js file, I see the targets variable is encoded in Base64.\nQ2 : Which website does the extension monitor for data theft, targeting user accounts to steal sensitive information? # echo \u0026#34;d3d3LmZhY2Vib29rLmNvbQ==\u0026#34; | base64 -d www.facebook.com Q3 : Which type of HTML element is utilized by the extension to send stolen data? # In the sendtoServer function, I see the encrytped data is send using the img element.\nQ4 : What is the first specific condition in the code that triggers the extension to deactivate itself? # In the loader.js file, I see the comment of the developper that this code will nto execute if it is in a virtual environnement. The first condition is navigator.plugins.length === 0\nQ5 : Which event does the extension capture to track user input submitted through forms? # THe submit event is captured using document.addEventListener('submit', function(event)\nQ6 : Which API or method does the extension use to capture and monitor user keystrokes? # keydown in document.addEventListener('keydown', function(event)\nQ7 : What is the domain where the extension transmits the exfiltrated data? # The domain Mo.Elshaheedy[.]com, found in this function\nQ8 : Which function in the code is used to exfiltrate user credentials, including the username and password? # function exfiltrateCredentials(username, password)\nQ9 : Which encryption algorithm is applied to secure the data before sending? # I find this info in the encryptPayload function\nQ10 : What does the extension access to store or manipulate session-related data and authentication information? # I find this info in manifest.json file : the malware needs to access cookies\n\u0026#34;permissions\u0026#34;: [ \u0026#34;tabs\u0026#34;, \u0026#34;http://*/*\u0026#34;, \u0026#34;https://*/*\u0026#34;, \u0026#34;storage\u0026#34;, \u0026#34;webRequest\u0026#34;, \u0026#34;webRequestBlocking\u0026#34;, \u0026#34;cookies\u0026#34; ] ","date":"11 March 2025","externalUrl":null,"permalink":"/posts/fakegpt/","section":"Posts","summary":"Cyberdefenders Writeup - Malware analysis","title":"Fakegpt","type":"posts"},{"content":" Source Type Category Difficulty HackTheBox Sherlock Threat Intelligence Very Easy Sherlock scenario # You are a junior threat intelligence analyst at a Cybersecurity firm. You have been tasked with investigating a Cyber espionage campaign known as Operation Dream Job. The goal is to gather crucial information about this operation.\nNote : this sherlock provides a text file called IOCs.text with hashes that I will search on Virus Total.\nWho conducted Operation Dream Job? # The Mitre website has a section about campaigns, where I find that this cyber espionage operation was likely conducted by Lazarus Group.\nWhen was this operation first observed ? # It was first observed in September 2019.\nThere are 2 campaigns associated with Operation Dream Job. One is Operation North Star, what is the other? # The other operation was Operation Interception.\nDuring Operation Dream Job, there were the two system binaries used for proxy execution. One was Regsvr32, what was the other? # First, I look at Regsvr32 to find that this tool is used as part of a technique called \u0026ldquo;System Binary Proxy Execution\u0026rdquo;. Attackers use some legitimate and signed Windows binaries to execute their own malicious tools. The other system binary is rundll32.\nWhat lateral movement technique did the adversary use? # I remember that in the MITRE framework, Lateral Movement is tactics category. I use the ATT\u0026amp;CK Navigator layers view. I can search and find easily the \u0026ldquo;Lateral Movement\u0026rdquo; category and see that they used Internal Spearphishing techniques.\nWhat is the technique ID for the previous answer? # The technique ID for Internal Spearphishing is T1534.\nWhat Remote Access Trojan did the Lazarus Group use in Operation Dream Job? # I find this info on the ClearSky report, linked from the MITRE page. The Remote Access Trojan (RAT) developped by Lazarus is DRATzarus.\nWhat technique did the malware use for execution? # I continue to look for info about DRATzarus on the MITRE website, listing all techniques used by the malware. I find here that DRATzarus can use Native API calls to see if it is running in a sandbox. The Native API technique allows attackers to call low-level OS services, and also allows them to avoid being executed on virtual machine or sandbox (like the IsDebuggerPresent to avoid debugging)\nWhat technique did the malware use to avoid detection in a sandbox? # I find that this is a subtechnique of Sandbox evasion called time based evasion . DRATzarus can use the GetTickCount and GetSystemTimeAsFileTime Windows API calls to measure function timing.\nTo answer the remaining questions, utilize VirusTotal and refer to the IOCs.txt file. What is the name associated with the first hash provided in the IOC file? # The first hash is associated with file name IEXPLORE.EXE on VirusTotal\nWhen was the file associated with the second hash in the IOC first created? # I find this information on the Virus Total page: 2020-05-12 19:26:17.\nWhat is the name of the parent execution file associated with the second hash in the IOC? # I look up on VT for \u0026ldquo;Execution Parents\u0026rdquo; in the relations tab : BAE_HPC_SE.iso\nExamine the third hash provided. What is the file name likely used in the campaign that aligns with the adversary\u0026rsquo;s known tactics? # Salary_Lockheed_Martin_job_opportunities_confidential.doc : this files looks like part of spearphishing campaigns.\nWhich URL was contacted on 2022-08-03 by the file associated with the third hash in the IOC file? # I see VT here that is markettrendingcenter[.]com/lk_job_oppor[.]docx\n","date":"7 March 2025","externalUrl":null,"permalink":"/posts/dream-job-1/","section":"Posts","summary":"HackTheBox Sherlock Writeup - Threat Intelligence","title":"Dream Job 1","type":"posts"},{"content":"I will be sharing some writeups from challenges I solve on security platforms, some projects, some courses I take or some reading recommandations in field of information security.\u0026#x1f499;\n","date":"23 February 2025","externalUrl":null,"permalink":"/posts/first-post/","section":"Posts","summary":"Welcome to my personal site!","title":"First post","type":"posts"},{"content":"","externalUrl":null,"permalink":"/authors/","section":"Authors","summary":"","title":"Authors","type":"authors"},{"content":"","externalUrl":null,"permalink":"/categories/","section":"Categories","summary":"","title":"Categories","type":"categories"},{"content":"I worked on several projects in cybersecurity during my training at ENSIBS and during my apprenticeship at Crédit Mutuel Arkéa. I also created some websites and mobile apps while in Haiti, with coordination of international team members.\nTenable SC | Jan-Aug 2023 # I worked on the implementation of the Tenable SC security solution to automate vulnerability scanning at scale. This project was the opportunity to experience a POC with security vendors, learn more about network security, the Nessus vulnerability scanner and vulnerability management in general.\nPQB : Post-Quantum Blockchain | Sept-Dec 2022 # I worked on this project alongside my classmates Lostaquilae, Zigtur and Alyzée. The goal was to use one of the NIST approved quantum-resistant algorithms and deploy it on a blockchain. We selected the Falcon algorithm and the NEAR blockchain. We had the opportunity to meet and exchange with some of the scientists and mathematicians who conceived the Falcon algorithm. It was a great opportunity for me to learn more about cryptography, post-quantum cryptography, Rust and blockchains. Among other deliverables, we created this website.\nAttacking a medical lab to raise awareness about cybersecurity | Sept 2021 - Apr 2022 # I worked on this project alongside my classmates Lostaquilae, Zigtur and Alan. The goal of this project was to create an attack scenario targeting a medical lab and extracting personnal medical data to raise awareness about cybersecurity in the health sector. It was a great opportunity for me to learn about malwares in general and rootkits in particular, a little bit of Windows Internals, the MITRE framework ( we used MITRE to describe the actions of the attackers) and understand virtualization.\nManManPemba | 2011-2019 # ManManPemba project was the \u0026ldquo;Yelp\u0026rdquo; for Haiti and Port-au-Prince. It was a website, that also had an iOS and Android app, where users could find info and reviews about local businesses and events in Haiti. Initially this project required to manually geo-localize thousands of local places in Port-au-Prince, at a time where there was near to ZERO data, even on Google Maps. The project attracted some attention but did not survive the unfortunate events in Haiti. I shut down the site and the app in 2019. It was an opportunity to learn Wordpress, PHP, mobile app development and management.\nPapita King - Mobile game | 2015-2016 # Papita King was a cool mobile game, published on Android. It was a great opportunity to learn Unity, game development, and mobile game project management.\nMMPB Digital | 2013-2020 # MMPB Digital was a digital marketing agency that I founded in 2013. It gave me invaluable hands-on experience designing and maintaining websites tailored to the unique needs of Haitian businesses. I collaborated directly with business owners to understand their vision, then translated these requirements into functional website features. This process taught me how to bridge the gap between client expectations and technical implementation while staying within budget and timeline constraints. Perhaps the most educational aspect of my time at MMPB was managing security incidents. From handling attempted breaches to implementing stronger protections, these experiences shaped my understanding of the critical importance of daily cybersecurity for even small business websites.\n","externalUrl":null,"permalink":"/projects/","section":"Bertrand Martin","summary":"BigBert Projects.","title":"Projects","type":"page"},{"content":" Courses \u0026amp; Certifications # Title Description TryHackMe My learning paths Root-Me My challenges on Root-Me Cyberdefenders CTI challenges on Cyberdefenders OpenClassrooms Docker, pentest methodology and security BurpSuite Academy Technical learning OSINT My challenges on ozint.eu CodeCademy Courses on Python, SQL, C and Machine Learning Coursera Google IT Support MITx Intro to Computer Science using Python CompTIA Security+ Security + certification IT Skills # Title Description Language Python OS Linux, Windows Security tools BurpSuite, Nessus, Postman, IDA, Volatility, Shodan Security skills Secure Network Architecture, Risk Analysis (EBIOS), Security Auditing, CTI frameworks (Mitre Att\u0026amp;ck, Diamond model), OSINT, API Security Miscellaneous Networking fundamentals, Git, Wireshark, Virtualbox, Docker Experience # Company Role Date Location Self-employed Consultant 2023-present Dakar, SEN Crédit Mutuel Arkéa Cybersecurity engineer 2021-2023 Brest, FR MMPB Digital Founder 2013-2021 Port-au-Prince, HT Capital Bank Digital Marketing Manager 2012-2013 Port-au-Prince, HT Voilà ( now Digicel) Mobile Money Product Manager 2011 Port-au-Prince, HT IOM Communication Officer 2010 Port-au-Prince, HT Mobinfo Founder 2008-2010 Port-au-Prince, HT Natixis Business Continuity Aanalyst 2006-2007 New-York, USA BNP Paribas Lease Group Security administration 2004-2005 Paris, FR Education # School Degree Date Location ENSIBS Masters in Information Security / Cyberdefense engineer 2021-2023 Vannes, FR Sciences Po Paris Masters in Political Sciences 1999-2004 Paris, FR Boston University Year abroad 1999 Boston, USA ","externalUrl":null,"permalink":"/resume/","section":"Bertrand Martin","summary":"my résumé","title":"Resume","type":"page"},{"content":"","externalUrl":null,"permalink":"/series/","section":"Series","summary":"","title":"Series","type":"series"},{"content":"","externalUrl":null,"permalink":"/tags/","section":"Tags","summary":"","title":"Tags","type":"tags"},{"content":"I am a seasoned professional with experience in banking, telecom, and communication, passionate about cybersecurity, technology, history and geopolitics. I worked and lived in France (Paris and Brest), in the USA (Boston and New-York), in Vietnam (Hanoi), in Haiti (Port-au-Prince) and in Senegal (Dakar).\nOriginally a Sciences Po Paris graduate with a generalist background, I went back to University at ENSIBS to hone my technical skills. I proudly became a cyberdefense engineer in 2023. I love to keep myself updated in the field of computer science and information security through a strong personal investment in training, reading and learning (view my resume here).\nI rely on a multidisciplinary skill set and a unique entrepreneurial experience, acquired in challenging international contexts, to work in the field of cybersecurity, IT and risk management, ideally in Cyber Threat Intelligence teams, in a SOC or a CERT.\n","externalUrl":null,"permalink":"/about/","section":"Bertrand Martin","summary":"Learn more about me and why I am starting this blog.","title":"whoami","type":"page"}]