Joren/blog-howest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
blog-howest/public/index.json
Joren 0da3712a71
hi
2025-05-29 19:57:01 +02:00

63 lines
83 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[{"categories":null,"contents":"I built my personal blog using Hugo and deployed it on a lightweight Alpine Linux VPS. I chose this setup to have full control, keep things simple, and avoid bloated platforms or services. Heres how the process went from site generation to live deployment.\nCreating the Hugo Site On my development machine, I created a new Hugo site:\nhugo new site howest-blog I used the professors-hugo theme and copied its exampleSite content into my project. I customized the layout, structure, and styling by editing content files, SCSS in assets/scss/custom.scss, and partial templates in the theme directory.\nAll content lives under content/, with separate folders for blog/ and project/, each containing .md files with front matter and Markdown content.\nCustomization I edited the config/_default/hugo.toml to configure site parameters like the base URL, theme, language, and menus. SCSS and image assets go in assets/, and are processed by Hugo\u0026rsquo;s pipeline. Static files like favicons are placed in static/.\nTo preview the site locally:\nhugo server To build the static site:\nhugo This generates everything in the public/ folder.\nVPS Deployment I rented a minimal Alpine Linux VPS and installed only what I needed. After setting up SSH and a basic nginx web server, I copied the public/ folder over using scp:\nscp -r public/* user@my-vps:/var/www/html On the VPS, I installed nginx:\napk add nginx And configured /etc/nginx/conf.d/default.conf to serve files from /var/www/html. Then I enabled and started nginx:\nrc-service nginx start rc-update add nginx Now my Hugo site is live and served directly as static files, no backend, no database, just HTML, CSS, and JS.\nWhy Alpine + Hugo? Alpine Linux is minimal and fast, perfect for serving static sites with low resource usage. Combined with Hugos speed and flexibility, I get a complete, performant setup that I fully control. Its secure, lightweight, and easy to update, just rebuild and re-upload the public/ folder.\nThis setup is perfect if you want full control and minimal overhead for a personal blog or portfolio.\n","date":"May 29, 2025","image":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n \n\n\n\n\n\n \n\n \n \n \n \n \n\n\n \n \n\n\n \n \n \n \n \n \n \n\n\n \n \n \n \n \n \n \n \n \n \n\n\n \n \n\n\n \u003cimg\n \n src=\"/professors/site/images/project/project-2_hu_b10de0491c6514dc.webp\" loading=\"lazy\"\n decoding=\"async\"\n \n\n alt=\"\"\n class=\" img\"\n width=\"650\"\n height=\"278\"\n onerror=\"this.onerror='null';\n this.src='\\/professors\\/site\\/images\\/project\\/project-2_hu_3550dd40bf159427.jpg';\" /\u003e\n\n \n \n \n \n \n \n\n\n \n\n","permalink":"/professors/site/project/project-2/","title":"Building My Hugo Website on a VPS"},{"categories":null,"contents":"DRMDTool is an automation-centric utility designed to streamline the processing of .drmd files by tightly integrating with the N_m3u8DL-RE downloader. The tool offers robust automation via a watch folder and an intuitive web-based interface, significantly reducing the friction for managing and processing DRM-protected streaming content.\nWhats New DRMDTool has evolved into a comprehensive platform for batch downloading with enhanced support for user interaction and background processing. It features granular job tracking, dynamic download control (pause, resume, abort), and a refined WebSocket-based console for real-time command output. Subtitle handling now includes automatic downloading and conversion from VTT to SRT, and the downloader adapts based on metadata, organizing content into categorized directories.\nGoals and Use Case The primary aim is to automate .drmd file processing with minimal manual input. Users can configure download formats, specify directories, and enable real-time command broadcasting. DRMDTool is suitable for both interactive use through a web UI and headless automation in pipelines, supporting inotify or polling-based folder watching.\nHow .drmd Files Work A .drmd file is a structured JSON document that defines one or more encrypted media items to be processed by DRMDTool. It contains an Items array, with each item representing a specific media job. DRMDTool parses these entries to generate download commands for N_m3u8DL-RE.\nEach item includes:\nMPD: A DASH manifest, either a direct URL or a base64-encoded version. If base64-encoded, DRMDTool decodes and temporarily saves it before use. Keys: A comma-separated list of KID:key pairs (e.g., abcd1234ef567890:00112233445566778899aabbccddeeff). These are required for decrypting encrypted media streams and are passed directly to N_m3u8DL-RE using --key flags. Filename: The name to be used for the final output file. Subtitles: Comma-separated list of subtitle URLs in .vtt format. DRMDTool downloads and converts these to .srt, then muxes them into the final file. Metadata: A semicolon-separated string like Title;Type;Season (e.g., Example Show;serie;1) used to determine directory structure (Movies/Title or Series/Title/Season). Description and Poster: Optional fields used only for display in the web UI. Example .drmd Structure { \u0026#34;Items\u0026#34;: [ { \u0026#34;MPD\u0026#34;: \u0026#34;aHR0cHM6Ly9leGFtcGxlLmNvbS9zdHJlYW0ubXBk\u0026#34;, \u0026#34;Keys\u0026#34;: \u0026#34;abcd1234ef567890:00112233445566778899aabbccddeeff\u0026#34;, \u0026#34;Filename\u0026#34;: \u0026#34;ExampleShow.S01E01\u0026#34;, \u0026#34;Subtitles\u0026#34;: \u0026#34;https://example.com/sub1.vtt,https://example.com/sub2.vtt\u0026#34;, \u0026#34;Metadata\u0026#34;: \u0026#34;Example Show;serie;1\u0026#34;, \u0026#34;Description\u0026#34;: \u0026#34;Pilot episode\u0026#34;, \u0026#34;Poster\u0026#34;: \u0026#34;\u0026#34; } ] } Processing Steps Detection: DRMDTool either watches a folder or receives .drmd uploads through the web UI. Validation: It waits for the file to finish writing (based on file size stability), then parses its contents. MPD Handling: If base64-encoded, the MPD is decoded and written to a temp file; otherwise, the URL is fetched or passed as-is. Command Generation: Using the MPD, KID:key pairs, output paths, and subtitles, DRMDTool builds a command line for N_m3u8DL-RE. Execution: The download is launched with live progress tracking. Users can pause, resume, or abort jobs, and optionally stream console output via WebSocket. These files serve as portable job definitions. When DRMDTool detects or receives a .drmd file, it parses the items, decodes or downloads the MPD, applies the keys, and builds a download command using N_m3u8DL-RE. Files are saved in organized directories like Movies/Title or Series/Title/Season, and subtitles are embedded if available. Pausing, resuming, and aborting downloads is supported per file.\nArchitecture Overview The configuration is handled via config.toml, with environment variable overrides for containerized or dynamic deployments. Once started, the tool can either monitor a specified folder or allow file uploads through the UI. Each .drmd file is parsed, grouped by series and season (if applicable), and processed sequentially with support for job pausing and resuming.\nWeb UI \u0026amp; CLI To use:\n./drmdtool Visit http://localhost:8080 for the web interface, which supports drag-and-drop uploads, selection of episodes or movies, and real-time progress tracking. For headless operation:\n./drmdtool -f /path/to/file.drmd Jobs can be paused, resumed, or aborted through the web interface, which reflects the backend state via live updates.\nEnhanced Download Logic DRMDTool dynamically builds download commands using metadata from .drmd files and user preferences. It ensures that only the highest quality streams are kept, removing ad periods and duplicate segments from the MPD files. Subtitles are fetched and embedded automatically. Jobs are tracked with robust state management and logs for debugging and visibility.\nRepository Code and setup instructions are hosted here: https://git.directme.in/Joren/DRMDTool\nDRMDtool For advanced usage details, customization, and API structure, refer to the README.md in the repository.\n","date":"May 21, 2025","image":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n \n\n\n\n\n\n \n\n \n \n \n \n \n\n\n \n \n\n\n \n \n \n \n \n \n \n\n\n \n \n \n \n \n \n \n \n \n \n\n\n \n \n\n\n \u003cimg\n \n src=\"/professors/site/images/project/project-1_hu_3db5ce4165d1b6f3.webp\" loading=\"lazy\"\n decoding=\"async\"\n \n\n alt=\"\"\n class=\" img\"\n width=\"650\"\n height=\"396\"\n onerror=\"this.onerror='null';\n this.src='\\/professors\\/site\\/images\\/project\\/project-1_hu_7691192a371c30a3.jpg';\" /\u003e\n\n \n \n \n \n \n \n\n\n \n\n","permalink":"/professors/site/project/project-1/","title":"DRMDTool Project"},{"categories":["cybersecurity","podcast","interview"],"contents":"Red Team Talk: Een Blik Achter de Schermen bij Offensive Security In deze eerste aflevering van Red Team Talk nemen wij, Joren Schipman en Mattia Punjwani, studenten Cybersecurity aan Howest, jullie mee in een gesprek met Thomas Castronovo, ethical hacker en consultant bij Deloitte. Samen duiken we in de wereld van offensieve security, red teaming, en de realiteit van een carrière als pentester.\nVan Interesse tot Loopbaan Thomas deelt hoe zijn interesse in cybersecurity begon tijdens zijn opleiding, met hands-on projecten zoals het hacken van virtuele machines. Een stage bij Deloitte in 2019 zette hem op het pad naar een voltijdse functie binnen het Offensive Security Team. Vandaag werkt hij al drie jaar bij Deloitte België en specialiseert hij zich in offensieve testen.\nOffensive vs. Defensive Security Hoewel zijn hart bij offensieve security ligt, kreeg hij recent ook ervaring aan de defensieve kant. Het leverde hem een breder perspectief op: “Het geeft een heel ander zicht op hoe aanvallen eruitzien vanuit de andere kant.” Toch blijft het red team werk zijn voorkeur behouden.\nWat doet een pentester nu echt? Thomas legt uit hoe een typische pentest verloopt: van het ontvangen van de scope, over het scannen van het netwerk en het zoeken naar kwetsbaarheden, tot het rapporteren van bevindingen. Tools zoals Nessus, BloodHound en PingCastle worden ingezet, vaak gecombineerd met zelfgebouwde scripts die de output analyseren en structureren.\nKwetsbaarheden in Active Directory Een groot deel van zijn werk focust op Active Directory (AD), waar hij telkens weer dezelfde pijnpunten tegenkomt: legacy-instellingen, onvoldoende gepatchte systemen, en misconfiguraties die vaak pas worden rechtgezet na een echte aanval. Twee voorbeelden die hij aanhaalt:\nLLMNR/MDNS/NetBIOS poisoning om credentials te verkrijgen DNS wildcard records die leiden tot man-in-the-middle aanvallen Tools, Tips en Oefenen Voor wie zelf wil beginnen raadt hij aan om zelf een AD op te zetten en tools als PingCastle en BloodHound uit te proberen. De meeste kennis verwerf je volgens Thomas door zelf te oefenen, dingen stuk te maken, en vooral: blijven proberen.\nDe Praktijk vs. Certificaten Hoewel certificaten nuttig zijn (zoals WPT voor webapp testing), benadrukt Thomas dat de echte leerschool het werkveld is. “90% van wat ik weet, heb ik geleerd door het gewoon te doen,” zegt hij. Oefenen op Hack The Box, zelf een netwerk opzetten, en leren van collegas zijn voor hem essentieel.\nAfsluiter De aflevering toont hoe breed het vakgebied offensive security is: van interne pentests tot phishingcampagnes, van legacy exploits tot zero-days. Maar vooral: het is een vak waar creativiteit en nieuwsgierigheid centraal staan.\n","date":"May 20, 2025","image":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n \n\n\n\n\n\n \n\n \n \n \n \n \n\n\n \n \n\n\n \n \n \n \n \n \n \n\n\n \n \n \n \n \n \n \n \n \n \n\n\n \n \n\n\n \u003cimg\n \n src=\"/professors/site/images/blog/blog-1_hu_8def6289c64a2dc8.webp\" loading=\"lazy\"\n decoding=\"async\"\n \n\n alt=\"\"\n class=\" img\"\n width=\"650\"\n height=\"433\"\n onerror=\"this.onerror='null';\n this.src='\\/professors\\/site\\/images\\/blog\\/blog-1_hu_d77be45b273e444.jpg';\" /\u003e\n\n \n \n \n \n \n \n\n\n \n\n","permalink":"/professors/site/blog/post-4/","title":"Red Team Talk: Een Blik Achter de Schermen bij Offensive Security"},{"categories":["cybersecurity","event recap"],"contents":"Cyber Defence on the Digital Frontline: A Mission with NATO On a Mission with NATO: Cyber Defence on the Frontline Howests ongoing commitment to world-class cybersecurity training took center stage again as six lecturers from the Cyber Security program joined forces with experts from Latvia, Luxembourg and Belgium in one of NATO\u0026rsquo;s most intensive simulations: the Locked Shields exercise, hosted by the Cooperative Cyber Defence Centre of Excellence (CCDCOE). Now in its fifth year of participation, the Howest team shared their firsthand experiences at a special evening talk at Howest Bruges.\nThe Exercise: Locked Shields Locked Shields is no ordinary simulation. It is a full-scale, live-fire cyber defence exercise involving more than 6,000 machines and a narrative scenario so detailed it includes geopolitics, disinformation and even fictional countries. This year, the Blue Team 03 (our team) defended a simulated nations critical infrastructure including power plants, satellites, 5G networks and banking systems, all while under constant attack from a coordinated Red Team using automated scripts and over 28,000 attacks across two days.\nAnd yes, every team (Red, Blue, Yellow, White) uses Ansible. For everything.\nHigh Stakes, Real Lessons What do you do when a rogue process might be malware, or maybe just a poorly named service? What happens when your teammate refuses to act unless something is “officially malicious”? The team faced cultural clashes, communication breakdowns and stress-testing of both systems and people.\nThe exercise required more than technical fixes. It demanded communication with simulated commanders, media and public stakeholders. Reporting became just as important as patching. It taught participants how to translate technical impact into real-world consequences. Not \u0026ldquo;port 8443 unreachable\u0026rdquo;, but \u0026ldquo;our air defence system is degraded, and we cannot fly planes\u0026rdquo;.\nThe Black Team: Rapid Response in Action A new but powerful presence in the simulation was the Black Team, a rapid-response unit deployed when problems became too complex for any single team. Acting like special forces, they jumped in when incidents crossed team boundaries or demanded unconventional solutions. Their mission was to find out what was happening, assess the impact and suggest fast, creative responses. Introduced just last year, this team quickly proved its value again in 2025. They even embraced the role with style “you can wear sunglasses inside” became their unofficial motto.\nTheir presence underlined a critical lesson: not every problem fits neatly within a teams silo. Real-world defence requires flexibility, speed and lateral thinking.\nHighlights and Blooper Reel There were plenty of mishaps. Misfired scripts, team mix-ups, and one case where a DNS setup from a previous year was reused by mistake. Someone tried renaming cut to shutdown, breaking essential operations until it was fixed. Systems rebooted into chaos, a manual was uploaded to public GitHub, and the team had to quickly learn the difference between symbolic links and real binaries.\nHuman Factors and Growth From detecting malware with Velociraptor and Q9, to encountering teammates who took orders literally, the learning was intense. One participant noted that while Belgian and Luxembourg teams prioritized knowledge sharing, others preferred strict protocol. This highlighted cultural differences and the importance of interpersonal skills.\nThe biggest lesson? You are never fully prepared. Every iteration of Locked Shields is different. But each one sharpens not only your skills, but also your ability to function as a team under extreme conditions.\nFrom the Battlefield to the Classroom This experience directly impacts the classroom. Inspired by the exercise, Howest is introducing new hands-on courses like “Glutamine” in semester five. Students will be dropped into realistic broken networks, with misconfigurations, fake firewalls and simulated threats. It is chaos, but controlled. And that is the point.\nAs one speaker said: “You dont win Locked Shields. You just survive it better than the rest.”\nFinal Thoughts The exercise teaches more than just cybersecurity. It builds trust. It proves that knowing your teammates can be as important as knowing the tools. Whether that comes from a shared flight or a pre-exercise barbecue, it all matters when the pressure hits.\nWant to see how cyber defence works in real life? This is it.\n","date":"May 13, 2025","image":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n \n\n\n\n\n\n \n\n \n \n \n \n \n\n\n \n \n\n\n \n \n \n \n \n \n \n\n\n \n \n \n \n \n \n \n \n \n \n\n\n \n \n\n\n \u003cimg\n \n src=\"/professors/site/images/blog/blog-1_hu_8def6289c64a2dc8.webp\" loading=\"lazy\"\n decoding=\"async\"\n \n\n alt=\"\"\n class=\" img\"\n width=\"650\"\n height=\"433\"\n onerror=\"this.onerror='null';\n this.src='\\/professors\\/site\\/images\\/blog\\/blog-1_hu_d77be45b273e444.jpg';\" /\u003e\n\n \n \n \n \n \n \n\n\n \n\n","permalink":"/professors/site/blog/post-1/","title":"Cyber Defence on the Digital Frontline: A Mission with NATO"},{"categories":["cybersecurity","CTF","education"],"contents":"Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience On March 14 and 15, I joined the Cyber Security Challenge Belgium qualifiers with three teammates. For two days, we threw ourselves at CTF challenges covering binary exploitation, Android reversing, cryptography, and more.\nWhat follows is a recap of the challenges I personally worked on, some I solved, some I didnt—but all of them left me with new skills and new ideas.\nA Buffer Overflow to Warm Up One of the first challenges I picked involved a binary with a basic stack overflow. I used standard techniques, finding the offset, hijacking the return address, and injecting shellcode. Tools like pwntools helped automate the payload crafting. It was a great warm-up and a confidence boost once it worked.\nBinary Exploitation Flag\rOurEncIsSec: Zip Bombs and OEIS Then there was a more elaborate cryptography challenge: 18 zip files, each password-protected. We cracked the first three passwords using John the Ripper and got numeric values from them. I searched the sequence in OEIS and found it matched A007408, which gave us the full pattern of passwords.\nUsing this, I could extract all zip contents automatically, reconstruct the password-protected message, and finally reveal the flag.\nPicture of the solution\rInfinite Luck: One in a Million? One challenge involved “guessing” a thousand random numbers between 1 and 10. The banner claimed it required infinite luck, but of course, the randomness was seeded. After inspecting the generator, I realized it was deterministic. By precomputing seeds and output sequences, I could match the challenges banner to a specific seed and regenerate the entire solution.\nChallange picture\rCorrect number order\rAndroid Reversing: FRIDA and JADX Several APKs were part of the qualifier set. I used JADX to decompile them and FRIDA to patch logic at runtime. In one challenge, I bypassed license validation by forcing key methods to return true and unlocking hidden functionality.\nThe Challenge That Stuck with Me: Rebuilding a Split DEX This one stood out.\nThe app used a 4×8 button grid. Pressing buttons loaded a sequence of blockXX files from assets. These were concatenated in-memory and passed into InMemoryDexClassLoader to load a class called be.dauntless.flag.Flag.\nClass loadClass = new InMemoryDexClassLoader(ByteBuffer.wrap(byteArrayOutputStream.toByteArray()), getClassLoader()) .loadClass(\u0026#34;be.dauntless.flag.Flag\u0026#34;); Each block was a fragment of a DEX file, but the app didnt tell you the right order. I tried manually inspecting the fragments, identifying methods, string constants, and offsets—to infer how to reassemble the full file. I got close, but didnt crack it in time.\nThat challenge stuck with me because it combined static analysis, runtime introspection, and logic reconstruction. It wasnt just technical, it was creative.\nThe One That Got Away: TLS Fingerprinting Another challenge involved a Go-based TLS server that rejected all client connections unless they matched a specific fingerprint. I used Gos tls.Config to replicate the version, cipher suites, and ALPN:\ntls.Config{ MinVersion: tls.VersionTLS13, CipherSuites: []uint16{ tls.TLS_AES_128_GCM_SHA256, // ... }, NextProtos: []string{\u0026#34;h2\u0026#34;}, } Despite that, the server still refused the connection. I suspect it was using JA4 or similar TLS fingerprinting techniques we couldnt fully emulate. We had to move on, but Id love to revisit that one someday.\nFinal Thoughts I didnt solve everything. But that wasnt the point. Every challenge was a practical puzzle, something to decode, reverse, bypass, or just understand a little better.\nWorking as a team with Evarist, Nathan, and Waut made it even more valuable. We bounced ideas off each other, divided tasks, and got a much broader set of challenges covered.\nThe Cyber Security Challenge Belgium qualifiers werent easy. But they were the best kind of difficult, the kind that teaches you something whether you solve the problem or not.\n","date":"March 15, 2025","image":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n \n\n\n\n\n\n \n\n \n \n \n \n \n\n\n \n \n\n\n \n \n \n \n \n \n \n\n\n \n \n \n \n \n \n \n \n \n \n\n\n \n \n\n\n \u003cimg\n \n src=\"/professors/site/images/blog/post-2/binexpl_hu_3d36b409c72f3586.webp\" loading=\"lazy\"\n decoding=\"async\"\n \n\n alt=\"\"\n class=\" img\"\n width=\"650\"\n height=\"160\"\n onerror=\"this.onerror='null';\n this.src='\\/professors\\/site\\/images\\/blog\\/post-2\\/binexpl_hu_afca672637b6b98d.png';\" /\u003e\n\n \n \n \n \n \n \n\n\n \n\n","permalink":"/professors/site/blog/post-2/","title":"Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience"},{"categories":["cybersecurity","event","defense"],"contents":"Securing Cyberspace: Belgian Cyber Command at Howest On November 12, we had the opportunity to attend a Tech\u0026amp;Meet session unlike any other. The speaker was Colonel Gunther Godefridis, Director for Development \u0026amp; Readiness at Belgian Cyber Command, and the topic: safeguarding our country in the digital domain.\nHeld at Howest Campus Brugge Station, the event drew students, researchers, and professionals eager to understand how military-grade cybersecurity operations are run, and why they matter more than ever.\nDefending in the Digital Age Colonel Godefridis began by outlining the core mission of Belgian Cyber Command: protecting Defenses networks and weapon systems, supporting intelligence operations (ADIV), and conducting defensive and offensive operations in cyberspace. In short, Cyber Command isnt just watching traffic, its actively shaping Belgiums digital resilience.\nWith societys increasing reliance on digital infrastructure, the risks of espionage, disinformation, and attacks on critical systems are no longer theoretical. Godefridis highlighted the urgency of being able to respond to, not just detect, those threats.\nWorking Together: Academia, Industry, Government One theme that stood out was collaboration. Cyber Command doesnt operate in a vacuum. It works closely with national agencies, NATO partners, academic institutions, and the private sector. The colonel emphasized that defending cyberspace requires broad cooperation, and Belgiums approach is to engage across domains, military, civil, and industrial.\nHe also made it clear that this isnt just about defense systems or classified data. As the line between civil and military digital infrastructure blurs, vulnerabilities in civilian systems can become national security issues. Thats where cooperation becomes essential.\nLeading with Innovation With over 20 years in military service, Colonel Godefridis brings a unique perspective. From artillery innovation to defense technology strategy, and now to cyber development, his background reflects the evolving nature of conflict and the military\u0026rsquo;s response.\nHe discussed how innovation, including artificial intelligence, is becoming central to cyber defense. Cyber Command is investing in tools and skills to automate threat detection, analyze large datasets, and simulate attack scenarios. Its not just about building walls, its about staying several moves ahead.\nA Transparent, Human Conversation The Q\u0026amp;A session at the end made the evening especially memorable. Questions ranged from technical details of cyber defense capabilities to the human side of cyber careers: how people are trained, what skills are valued, and how students might contribute.\nColonel Godefridis was honest about the challenges. Cyber operations evolve quickly, and so do adversaries. But he was equally clear about the opportunity: Belgium is building a capability that matters, and it needs talent.\nFinal Thoughts If you walked into this talk expecting a dry presentation on military infrastructure, you were wrong. This session was a deep, realistic, and engaging look into how Belgium is preparing for cyber conflict, and how students like us could be a part of that mission.\nWhether youre in cybersecurity, software development, or systems engineering, theres a growing role to play. And as Colonel Godefridis made clear: its not just a job. Its part of defending a society thats more vulnerable, and more connected, than ever before.\nTip\nWant to learn more about Cyber Command? Visit the official website at mil.be\n","date":"November 12, 2024","image":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n \n\n\n\n\n\n \n\n \n \n \n \n \n\n\n \n \n\n\n \n \n \n \n \n \n \n\n\n \n \n \n \n \n \n \n \n \n \n\n\n \n \n\n\n \u003cimg\n \n src=\"/professors/site/images/blog/blog-3_hu_fdd9e13d0370b160.webp\" loading=\"lazy\"\n decoding=\"async\"\n \n\n alt=\"\"\n class=\" img\"\n width=\"650\"\n height=\"433\"\n onerror=\"this.onerror='null';\n this.src='\\/professors\\/site\\/images\\/blog\\/blog-3_hu_c932299ff2fa7067.jpg';\" /\u003e\n\n \n \n \n \n \n \n\n\n \n\n","permalink":"/professors/site/blog/post-3/","title":"Securing Cyberspace: Belgian Cyber Command at Howest"},{"categories":null,"contents":"I built my personal blog using Hugo and deployed it on a lightweight Alpine Linux VPS. I chose this setup to have full control, keep things simple, and avoid bloated platforms or services. Heres how the process went from site generation to live deployment.\nCreating the Hugo Site On my development machine, I created a new Hugo site:\nhugo new site howest-blog I used the professors-hugo theme and copied its exampleSite content into my project. I customized the layout, structure, and styling by editing content files, SCSS in assets/scss/custom.scss, and partial templates in the theme directory.\nAll content lives under content/, with separate folders for blog/ and project/, each containing .md files with front matter and Markdown content.\nCustomization I edited the config/_default/hugo.toml to configure site parameters like the base URL, theme, language, and menus. SCSS and image assets go in assets/, and are processed by Hugo\u0026rsquo;s pipeline. Static files like favicons are placed in static/.\nTo preview the site locally:\nhugo server To build the static site:\nhugo This generates everything in the public/ folder.\nVPS Deployment I rented a minimal Alpine Linux VPS and installed only what I needed. After setting up SSH and a basic nginx web server, I copied the public/ folder over using scp:\nscp -r public/* user@my-vps:/var/www/html On the VPS, I installed nginx:\napk add nginx And configured /etc/nginx/conf.d/default.conf to serve files from /var/www/html. Then I enabled and started nginx:\nrc-service nginx start rc-update add nginx Now my Hugo site is live and served directly as static files, no backend, no database, just HTML, CSS, and JS.\nWhy Alpine + Hugo? Alpine Linux is minimal and fast, perfect for serving static sites with low resource usage. Combined with Hugos speed and flexibility, I get a complete, performant setup that I fully control. Its secure, lightweight, and easy to update, just rebuild and re-upload the public/ folder.\nThis setup is perfect if you want full control and minimal overhead for a personal blog or portfolio.\n","date":"May 29, 2025","image":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n \n\n\n\n\n\n \n\n \n \n \n \n \n\n\n \n \n\n\n \n \n \n \n \n \n \n\n\n \n \n \n \n \n \n \n \n \n \n\n\n \n \n\n\n \u003cimg\n \n src=\"/professors/site/images/project/project-2_hu_b10de0491c6514dc.webp\" loading=\"lazy\"\n decoding=\"async\"\n \n\n alt=\"\"\n class=\" img\"\n width=\"650\"\n height=\"278\"\n onerror=\"this.onerror='null';\n this.src='\\/professors\\/site\\/images\\/project\\/project-2_hu_3550dd40bf159427.jpg';\" /\u003e\n\n \n \n \n \n \n \n\n\n \n\n","permalink":"/professors/site/project/project-2/","title":"Building My Hugo Website on a VPS"},{"categories":null,"contents":"DRMDTool is an automation-centric utility designed to streamline the processing of .drmd files by tightly integrating with the N_m3u8DL-RE downloader. The tool offers robust automation via a watch folder and an intuitive web-based interface, significantly reducing the friction for managing and processing DRM-protected streaming content.\nWhats New DRMDTool has evolved into a comprehensive platform for batch downloading with enhanced support for user interaction and background processing. It features granular job tracking, dynamic download control (pause, resume, abort), and a refined WebSocket-based console for real-time command output. Subtitle handling now includes automatic downloading and conversion from VTT to SRT, and the downloader adapts based on metadata, organizing content into categorized directories.\nGoals and Use Case The primary aim is to automate .drmd file processing with minimal manual input. Users can configure download formats, specify directories, and enable real-time command broadcasting. DRMDTool is suitable for both interactive use through a web UI and headless automation in pipelines, supporting inotify or polling-based folder watching.\nHow .drmd Files Work A .drmd file is a structured JSON document that defines one or more encrypted media items to be processed by DRMDTool. It contains an Items array, with each item representing a specific media job. DRMDTool parses these entries to generate download commands for N_m3u8DL-RE.\nEach item includes:\nMPD: A DASH manifest, either a direct URL or a base64-encoded version. If base64-encoded, DRMDTool decodes and temporarily saves it before use. Keys: A comma-separated list of KID:key pairs (e.g., abcd1234ef567890:00112233445566778899aabbccddeeff). These are required for decrypting encrypted media streams and are passed directly to N_m3u8DL-RE using --key flags. Filename: The name to be used for the final output file. Subtitles: Comma-separated list of subtitle URLs in .vtt format. DRMDTool downloads and converts these to .srt, then muxes them into the final file. Metadata: A semicolon-separated string like Title;Type;Season (e.g., Example Show;serie;1) used to determine directory structure (Movies/Title or Series/Title/Season). Description and Poster: Optional fields used only for display in the web UI. Example .drmd Structure { \u0026#34;Items\u0026#34;: [ { \u0026#34;MPD\u0026#34;: \u0026#34;aHR0cHM6Ly9leGFtcGxlLmNvbS9zdHJlYW0ubXBk\u0026#34;, \u0026#34;Keys\u0026#34;: \u0026#34;abcd1234ef567890:00112233445566778899aabbccddeeff\u0026#34;, \u0026#34;Filename\u0026#34;: \u0026#34;ExampleShow.S01E01\u0026#34;, \u0026#34;Subtitles\u0026#34;: \u0026#34;https://example.com/sub1.vtt,https://example.com/sub2.vtt\u0026#34;, \u0026#34;Metadata\u0026#34;: \u0026#34;Example Show;serie;1\u0026#34;, \u0026#34;Description\u0026#34;: \u0026#34;Pilot episode\u0026#34;, \u0026#34;Poster\u0026#34;: \u0026#34;\u0026#34; } ] } Processing Steps Detection: DRMDTool either watches a folder or receives .drmd uploads through the web UI. Validation: It waits for the file to finish writing (based on file size stability), then parses its contents. MPD Handling: If base64-encoded, the MPD is decoded and written to a temp file; otherwise, the URL is fetched or passed as-is. Command Generation: Using the MPD, KID:key pairs, output paths, and subtitles, DRMDTool builds a command line for N_m3u8DL-RE. Execution: The download is launched with live progress tracking. Users can pause, resume, or abort jobs, and optionally stream console output via WebSocket. These files serve as portable job definitions. When DRMDTool detects or receives a .drmd file, it parses the items, decodes or downloads the MPD, applies the keys, and builds a download command using N_m3u8DL-RE. Files are saved in organized directories like Movies/Title or Series/Title/Season, and subtitles are embedded if available. Pausing, resuming, and aborting downloads is supported per file.\nArchitecture Overview The configuration is handled via config.toml, with environment variable overrides for containerized or dynamic deployments. Once started, the tool can either monitor a specified folder or allow file uploads through the UI. Each .drmd file is parsed, grouped by series and season (if applicable), and processed sequentially with support for job pausing and resuming.\nWeb UI \u0026amp; CLI To use:\n./drmdtool Visit http://localhost:8080 for the web interface, which supports drag-and-drop uploads, selection of episodes or movies, and real-time progress tracking. For headless operation:\n./drmdtool -f /path/to/file.drmd Jobs can be paused, resumed, or aborted through the web interface, which reflects the backend state via live updates.\nEnhanced Download Logic DRMDTool dynamically builds download commands using metadata from .drmd files and user preferences. It ensures that only the highest quality streams are kept, removing ad periods and duplicate segments from the MPD files. Subtitles are fetched and embedded automatically. Jobs are tracked with robust state management and logs for debugging and visibility.\nRepository Code and setup instructions are hosted here: https://git.directme.in/Joren/DRMDTool\nDRMDtool For advanced usage details, customization, and API structure, refer to the README.md in the repository.\n","date":"May 21, 2025","image":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n \n\n\n\n\n\n \n\n \n \n \n \n \n\n\n \n \n\n\n \n \n \n \n \n \n \n\n\n \n \n \n \n \n \n \n \n \n \n\n\n \n \n\n\n \u003cimg\n \n src=\"/professors/site/images/project/project-1_hu_3db5ce4165d1b6f3.webp\" loading=\"lazy\"\n decoding=\"async\"\n \n\n alt=\"\"\n class=\" img\"\n width=\"650\"\n height=\"396\"\n onerror=\"this.onerror='null';\n this.src='\\/professors\\/site\\/images\\/project\\/project-1_hu_7691192a371c30a3.jpg';\" /\u003e\n\n \n \n \n \n \n \n\n\n \n\n","permalink":"/professors/site/project/project-1/","title":"DRMDTool Project"},{"categories":["cybersecurity","podcast","interview"],"contents":"Red Team Talk: Een Blik Achter de Schermen bij Offensive Security In deze eerste aflevering van Red Team Talk nemen wij, Joren Schipman en Mattia Punjwani, studenten Cybersecurity aan Howest, jullie mee in een gesprek met Thomas Castronovo, ethical hacker en consultant bij Deloitte. Samen duiken we in de wereld van offensieve security, red teaming, en de realiteit van een carrière als pentester.\nVan Interesse tot Loopbaan Thomas deelt hoe zijn interesse in cybersecurity begon tijdens zijn opleiding, met hands-on projecten zoals het hacken van virtuele machines. Een stage bij Deloitte in 2019 zette hem op het pad naar een voltijdse functie binnen het Offensive Security Team. Vandaag werkt hij al drie jaar bij Deloitte België en specialiseert hij zich in offensieve testen.\nOffensive vs. Defensive Security Hoewel zijn hart bij offensieve security ligt, kreeg hij recent ook ervaring aan de defensieve kant. Het leverde hem een breder perspectief op: “Het geeft een heel ander zicht op hoe aanvallen eruitzien vanuit de andere kant.” Toch blijft het red team werk zijn voorkeur behouden.\nWat doet een pentester nu echt? Thomas legt uit hoe een typische pentest verloopt: van het ontvangen van de scope, over het scannen van het netwerk en het zoeken naar kwetsbaarheden, tot het rapporteren van bevindingen. Tools zoals Nessus, BloodHound en PingCastle worden ingezet, vaak gecombineerd met zelfgebouwde scripts die de output analyseren en structureren.\nKwetsbaarheden in Active Directory Een groot deel van zijn werk focust op Active Directory (AD), waar hij telkens weer dezelfde pijnpunten tegenkomt: legacy-instellingen, onvoldoende gepatchte systemen, en misconfiguraties die vaak pas worden rechtgezet na een echte aanval. Twee voorbeelden die hij aanhaalt:\nLLMNR/MDNS/NetBIOS poisoning om credentials te verkrijgen DNS wildcard records die leiden tot man-in-the-middle aanvallen Tools, Tips en Oefenen Voor wie zelf wil beginnen raadt hij aan om zelf een AD op te zetten en tools als PingCastle en BloodHound uit te proberen. De meeste kennis verwerf je volgens Thomas door zelf te oefenen, dingen stuk te maken, en vooral: blijven proberen.\nDe Praktijk vs. Certificaten Hoewel certificaten nuttig zijn (zoals WPT voor webapp testing), benadrukt Thomas dat de echte leerschool het werkveld is. “90% van wat ik weet, heb ik geleerd door het gewoon te doen,” zegt hij. Oefenen op Hack The Box, zelf een netwerk opzetten, en leren van collegas zijn voor hem essentieel.\nAfsluiter De aflevering toont hoe breed het vakgebied offensive security is: van interne pentests tot phishingcampagnes, van legacy exploits tot zero-days. Maar vooral: het is een vak waar creativiteit en nieuwsgierigheid centraal staan.\n","date":"May 20, 2025","image":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n \n\n\n\n\n\n \n\n \n \n \n \n \n\n\n \n \n\n\n \n \n \n \n \n \n \n\n\n \n \n \n \n \n \n \n \n \n \n\n\n \n \n\n\n \u003cimg\n \n src=\"/professors/site/images/blog/blog-4_hu_8ddea2f052660626.webp\" loading=\"lazy\"\n decoding=\"async\"\n \n\n alt=\"\"\n class=\" img\"\n width=\"650\"\n height=\"433\"\n onerror=\"this.onerror='null';\n this.src='\\/professors\\/site\\/images\\/blog\\/blog-4_hu_96cadc46e7508592.jpg';\" /\u003e\n\n \n \n \n \n \n \n\n\n \n\n","permalink":"/professors/site/blog/post-4/","title":"Red Team Talk: Een Blik Achter de Schermen bij Offensive Security"},{"categories":["cybersecurity","event recap"],"contents":"Cyber Defence on the Digital Frontline: A Mission with NATO On a Mission with NATO: Cyber Defence on the Frontline Howests ongoing commitment to world-class cybersecurity training took center stage again as six lecturers from the Cyber Security program joined forces with experts from Latvia, Luxembourg and Belgium in one of NATO\u0026rsquo;s most intensive simulations: the Locked Shields exercise, hosted by the Cooperative Cyber Defence Centre of Excellence (CCDCOE). Now in its fifth year of participation, the Howest team shared their firsthand experiences at a special evening talk at Howest Bruges.\nThe Exercise: Locked Shields Locked Shields is no ordinary simulation. It is a full-scale, live-fire cyber defence exercise involving more than 6,000 machines and a narrative scenario so detailed it includes geopolitics, disinformation and even fictional countries. This year, the Blue Team 03 (our team) defended a simulated nations critical infrastructure including power plants, satellites, 5G networks and banking systems, all while under constant attack from a coordinated Red Team using automated scripts and over 28,000 attacks across two days.\nAnd yes, every team (Red, Blue, Yellow, White) uses Ansible. For everything.\nHigh Stakes, Real Lessons What do you do when a rogue process might be malware, or maybe just a poorly named service? What happens when your teammate refuses to act unless something is “officially malicious”? The team faced cultural clashes, communication breakdowns and stress-testing of both systems and people.\nThe exercise required more than technical fixes. It demanded communication with simulated commanders, media and public stakeholders. Reporting became just as important as patching. It taught participants how to translate technical impact into real-world consequences. Not \u0026ldquo;port 8443 unreachable\u0026rdquo;, but \u0026ldquo;our air defence system is degraded, and we cannot fly planes\u0026rdquo;.\nThe Black Team: Rapid Response in Action A new but powerful presence in the simulation was the Black Team, a rapid-response unit deployed when problems became too complex for any single team. Acting like special forces, they jumped in when incidents crossed team boundaries or demanded unconventional solutions. Their mission was to find out what was happening, assess the impact and suggest fast, creative responses. Introduced just last year, this team quickly proved its value again in 2025. They even embraced the role with style “you can wear sunglasses inside” became their unofficial motto.\nTheir presence underlined a critical lesson: not every problem fits neatly within a teams silo. Real-world defence requires flexibility, speed and lateral thinking.\nHighlights and Blooper Reel There were plenty of mishaps. Misfired scripts, team mix-ups, and one case where a DNS setup from a previous year was reused by mistake. Someone tried renaming cut to shutdown, breaking essential operations until it was fixed. Systems rebooted into chaos, a manual was uploaded to public GitHub, and the team had to quickly learn the difference between symbolic links and real binaries.\nHuman Factors and Growth From detecting malware with Velociraptor and Q9, to encountering teammates who took orders literally, the learning was intense. One participant noted that while Belgian and Luxembourg teams prioritized knowledge sharing, others preferred strict protocol. This highlighted cultural differences and the importance of interpersonal skills.\nThe biggest lesson? You are never fully prepared. Every iteration of Locked Shields is different. But each one sharpens not only your skills, but also your ability to function as a team under extreme conditions.\nFrom the Battlefield to the Classroom This experience directly impacts the classroom. Inspired by the exercise, Howest is introducing new hands-on courses like “Glutamine” in semester five. Students will be dropped into realistic broken networks, with misconfigurations, fake firewalls and simulated threats. It is chaos, but controlled. And that is the point.\nAs one speaker said: “You dont win Locked Shields. You just survive it better than the rest.”\nFinal Thoughts The exercise teaches more than just cybersecurity. It builds trust. It proves that knowing your teammates can be as important as knowing the tools. Whether that comes from a shared flight or a pre-exercise barbecue, it all matters when the pressure hits.\nWant to see how cyber defence works in real life? This is it.\n","date":"May 13, 2025","image":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n \n\n\n\n\n\n \n\n \n \n \n \n \n\n\n \n \n\n\n \n \n \n \n \n \n \n\n\n \n \n \n \n \n \n \n \n \n \n\n\n \n \n\n\n \u003cimg\n \n src=\"/professors/site/images/blog/blog-1_hu_8def6289c64a2dc8.webp\" loading=\"lazy\"\n decoding=\"async\"\n \n\n alt=\"\"\n class=\" img\"\n width=\"650\"\n height=\"433\"\n onerror=\"this.onerror='null';\n this.src='\\/professors\\/site\\/images\\/blog\\/blog-1_hu_d77be45b273e444.jpg';\" /\u003e\n\n \n \n \n \n \n \n\n\n \n\n","permalink":"/professors/site/blog/post-1/","title":"Cyber Defence on the Digital Frontline: A Mission with NATO"},{"categories":["cybersecurity","CTF","education"],"contents":"Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience On March 14 and 15, I joined the Cyber Security Challenge Belgium qualifiers with three teammates. For two days, we threw ourselves at CTF challenges covering binary exploitation, Android reversing, cryptography, and more.\nWhat follows is a recap of the challenges I personally worked on, some I solved, some I didnt—but all of them left me with new skills and new ideas.\nA Buffer Overflow to Warm Up One of the first challenges I picked involved a binary with a basic stack overflow. I used standard techniques, finding the offset, hijacking the return address, and injecting shellcode. Tools like pwntools helped automate the payload crafting. It was a great warm-up and a confidence boost once it worked.\nBinary Exploitation Flag\rOurEncIsSec: Zip Bombs and OEIS Then there was a more elaborate cryptography challenge: 18 zip files, each password-protected. We cracked the first three passwords using John the Ripper and got numeric values from them. I searched the sequence in OEIS and found it matched A007408, which gave us the full pattern of passwords.\nUsing this, I could extract all zip contents automatically, reconstruct the password-protected message, and finally reveal the flag.\nPicture of the solution\rInfinite Luck: One in a Million? One challenge involved “guessing” a thousand random numbers between 1 and 10. The banner claimed it required infinite luck, but of course, the randomness was seeded. After inspecting the generator, I realized it was deterministic. By precomputing seeds and output sequences, I could match the challenges banner to a specific seed and regenerate the entire solution.\nChallange picture\rCorrect number order\rAndroid Reversing: FRIDA and JADX Several APKs were part of the qualifier set. I used JADX to decompile them and FRIDA to patch logic at runtime. In one challenge, I bypassed license validation by forcing key methods to return true and unlocking hidden functionality.\nThe Challenge That Stuck with Me: Rebuilding a Split DEX This one stood out.\nThe app used a 4×8 button grid. Pressing buttons loaded a sequence of blockXX files from assets. These were concatenated in-memory and passed into InMemoryDexClassLoader to load a class called be.dauntless.flag.Flag.\nClass loadClass = new InMemoryDexClassLoader(ByteBuffer.wrap(byteArrayOutputStream.toByteArray()), getClassLoader()) .loadClass(\u0026#34;be.dauntless.flag.Flag\u0026#34;); Each block was a fragment of a DEX file, but the app didnt tell you the right order. I tried manually inspecting the fragments, identifying methods, string constants, and offsets—to infer how to reassemble the full file. I got close, but didnt crack it in time.\nThat challenge stuck with me because it combined static analysis, runtime introspection, and logic reconstruction. It wasnt just technical, it was creative.\nThe One That Got Away: TLS Fingerprinting Another challenge involved a Go-based TLS server that rejected all client connections unless they matched a specific fingerprint. I used Gos tls.Config to replicate the version, cipher suites, and ALPN:\ntls.Config{ MinVersion: tls.VersionTLS13, CipherSuites: []uint16{ tls.TLS_AES_128_GCM_SHA256, // ... }, NextProtos: []string{\u0026#34;h2\u0026#34;}, } Despite that, the server still refused the connection. I suspect it was using JA4 or similar TLS fingerprinting techniques we couldnt fully emulate. We had to move on, but Id love to revisit that one someday.\nFinal Thoughts I didnt solve everything. But that wasnt the point. Every challenge was a practical puzzle, something to decode, reverse, bypass, or just understand a little better.\nWorking as a team with Evarist, Nathan, and Waut made it even more valuable. We bounced ideas off each other, divided tasks, and got a much broader set of challenges covered.\nThe Cyber Security Challenge Belgium qualifiers werent easy. But they were the best kind of difficult, the kind that teaches you something whether you solve the problem or not.\n","date":"March 15, 2025","image":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n \n\n\n\n\n\n \n\n \n \n \n \n \n\n\n \n \n\n\n \n \n \n \n \n \n \n\n\n \n \n \n \n \n \n \n \n \n \n\n\n \n \n\n\n \u003cimg\n \n src=\"/professors/site/images/blog/post-2/binexpl_hu_3d36b409c72f3586.webp\" loading=\"lazy\"\n decoding=\"async\"\n \n\n alt=\"\"\n class=\" img\"\n width=\"650\"\n height=\"160\"\n onerror=\"this.onerror='null';\n this.src='\\/professors\\/site\\/images\\/blog\\/post-2\\/binexpl_hu_afca672637b6b98d.png';\" /\u003e\n\n \n \n \n \n \n \n\n\n \n\n","permalink":"/professors/site/blog/post-2/","title":"Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience"},{"categories":["cybersecurity","event","defense"],"contents":"Securing Cyberspace: Belgian Cyber Command at Howest On November 12, we had the opportunity to attend a Tech\u0026amp;Meet session unlike any other. The speaker was Colonel Gunther Godefridis, Director for Development \u0026amp; Readiness at Belgian Cyber Command, and the topic: safeguarding our country in the digital domain.\nHeld at Howest Campus Brugge Station, the event drew students, researchers, and professionals eager to understand how military-grade cybersecurity operations are run, and why they matter more than ever.\nDefending in the Digital Age Colonel Godefridis began by outlining the core mission of Belgian Cyber Command: protecting Defenses networks and weapon systems, supporting intelligence operations (ADIV), and conducting defensive and offensive operations in cyberspace. In short, Cyber Command isnt just watching traffic, its actively shaping Belgiums digital resilience.\nWith societys increasing reliance on digital infrastructure, the risks of espionage, disinformation, and attacks on critical systems are no longer theoretical. Godefridis highlighted the urgency of being able to respond to, not just detect, those threats.\nWorking Together: Academia, Industry, Government One theme that stood out was collaboration. Cyber Command doesnt operate in a vacuum. It works closely with national agencies, NATO partners, academic institutions, and the private sector. The colonel emphasized that defending cyberspace requires broad cooperation, and Belgiums approach is to engage across domains, military, civil, and industrial.\nHe also made it clear that this isnt just about defense systems or classified data. As the line between civil and military digital infrastructure blurs, vulnerabilities in civilian systems can become national security issues. Thats where cooperation becomes essential.\nLeading with Innovation With over 20 years in military service, Colonel Godefridis brings a unique perspective. From artillery innovation to defense technology strategy, and now to cyber development, his background reflects the evolving nature of conflict and the military\u0026rsquo;s response.\nHe discussed how innovation, including artificial intelligence, is becoming central to cyber defense. Cyber Command is investing in tools and skills to automate threat detection, analyze large datasets, and simulate attack scenarios. Its not just about building walls, its about staying several moves ahead.\nA Transparent, Human Conversation The Q\u0026amp;A session at the end made the evening especially memorable. Questions ranged from technical details of cyber defense capabilities to the human side of cyber careers: how people are trained, what skills are valued, and how students might contribute.\nColonel Godefridis was honest about the challenges. Cyber operations evolve quickly, and so do adversaries. But he was equally clear about the opportunity: Belgium is building a capability that matters, and it needs talent.\nFinal Thoughts If you walked into this talk expecting a dry presentation on military infrastructure, you were wrong. This session was a deep, realistic, and engaging look into how Belgium is preparing for cyber conflict, and how students like us could be a part of that mission.\nWhether youre in cybersecurity, software development, or systems engineering, theres a growing role to play. And as Colonel Godefridis made clear: its not just a job. Its part of defending a society thats more vulnerable, and more connected, than ever before.\nTip\nWant to learn more about Cyber Command? Visit the official website at mil.be\n","date":"November 12, 2024","image":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n \n\n\n\n\n\n \n\n \n \n \n \n \n\n\n \n \n\n\n \n \n \n \n \n \n \n\n\n \n \n \n \n \n \n \n \n \n \n\n\n \n \n\n\n \u003cimg\n \n src=\"/professors/site/images/blog/blog-3_hu_fdd9e13d0370b160.webp\" loading=\"lazy\"\n decoding=\"async\"\n \n\n alt=\"\"\n class=\" img\"\n width=\"650\"\n height=\"433\"\n onerror=\"this.onerror='null';\n this.src='\\/professors\\/site\\/images\\/blog\\/blog-3_hu_c932299ff2fa7067.jpg';\" /\u003e\n\n \n \n \n \n \n \n\n\n \n\n","permalink":"/professors/site/blog/post-3/","title":"Securing Cyberspace: Belgian Cyber Command at Howest"},{"categories":null,"contents":"I built my personal blog using Hugo and deployed it on a lightweight Alpine Linux VPS. I chose this setup to have full control, keep things simple, and avoid bloated platforms or services. Heres how the process went from site generation to live deployment.\nCreating the Hugo Site On my development machine, I created a new Hugo site:\nhugo new site howest-blog I used the professors-hugo theme and copied its exampleSite content into my project. I customized the layout, structure, and styling by editing content files, SCSS in assets/scss/custom.scss, and partial templates in the theme directory.\nAll content lives under content/, with separate folders for blog/ and project/, each containing .md files with front matter and Markdown content.\nCustomization I edited the config/_default/hugo.toml to configure site parameters like the base URL, theme, language, and menus. SCSS and image assets go in assets/, and are processed by Hugo\u0026rsquo;s pipeline. Static files like favicons are placed in static/.\nTo preview the site locally:\nhugo server To build the static site:\nhugo This generates everything in the public/ folder.\nVPS Deployment I rented a minimal Alpine Linux VPS and installed only what I needed. After setting up SSH and a basic nginx web server, I copied the public/ folder over using scp:\nscp -r public/* user@my-vps:/var/www/html On the VPS, I installed nginx:\napk add nginx And configured /etc/nginx/conf.d/default.conf to serve files from /var/www/html. Then I enabled and started nginx:\nrc-service nginx start rc-update add nginx Now my Hugo site is live and served directly as static files, no backend, no database, just HTML, CSS, and JS.\nWhy Alpine + Hugo? Alpine Linux is minimal and fast, perfect for serving static sites with low resource usage. Combined with Hugos speed and flexibility, I get a complete, performant setup that I fully control. Its secure, lightweight, and easy to update, just rebuild and re-upload the public/ folder.\nThis setup is perfect if you want full control and minimal overhead for a personal blog or portfolio.\n","date":"May 29, 2025","image":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n \n\n\n\n\n\n \n\n \n \n \n \n \n\n\n \n \n\n\n \n \n \n \n \n \n \n\n\n \n \n \n \n \n \n \n \n \n \n\n\n \n \n\n\n \u003cimg\n \n src=\"/professors/site/images/project/project-2_hu_b10de0491c6514dc.webp\" loading=\"lazy\"\n decoding=\"async\"\n \n\n alt=\"\"\n class=\" img\"\n width=\"650\"\n height=\"278\"\n onerror=\"this.onerror='null';\n this.src='\\/professors\\/site\\/images\\/project\\/project-2_hu_3550dd40bf159427.jpg';\" /\u003e\n\n \n \n \n \n \n \n\n\n \n\n","permalink":"/professors/site/project/project-2/","title":"Building My Hugo Website on a VPS"},{"categories":null,"contents":"DRMDTool is an automation-centric utility designed to streamline the processing of .drmd files by tightly integrating with the N_m3u8DL-RE downloader. The tool offers robust automation via a watch folder and an intuitive web-based interface, significantly reducing the friction for managing and processing DRM-protected streaming content.\nWhats New DRMDTool has evolved into a comprehensive platform for batch downloading with enhanced support for user interaction and background processing. It features granular job tracking, dynamic download control (pause, resume, abort), and a refined WebSocket-based console for real-time command output. Subtitle handling now includes automatic downloading and conversion from VTT to SRT, and the downloader adapts based on metadata, organizing content into categorized directories.\nGoals and Use Case The primary aim is to automate .drmd file processing with minimal manual input. Users can configure download formats, specify directories, and enable real-time command broadcasting. DRMDTool is suitable for both interactive use through a web UI and headless automation in pipelines, supporting inotify or polling-based folder watching.\nHow .drmd Files Work A .drmd file is a structured JSON document that defines one or more encrypted media items to be processed by DRMDTool. It contains an Items array, with each item representing a specific media job. DRMDTool parses these entries to generate download commands for N_m3u8DL-RE.\nEach item includes:\nMPD: A DASH manifest, either a direct URL or a base64-encoded version. If base64-encoded, DRMDTool decodes and temporarily saves it before use. Keys: A comma-separated list of KID:key pairs (e.g., abcd1234ef567890:00112233445566778899aabbccddeeff). These are required for decrypting encrypted media streams and are passed directly to N_m3u8DL-RE using --key flags. Filename: The name to be used for the final output file. Subtitles: Comma-separated list of subtitle URLs in .vtt format. DRMDTool downloads and converts these to .srt, then muxes them into the final file. Metadata: A semicolon-separated string like Title;Type;Season (e.g., Example Show;serie;1) used to determine directory structure (Movies/Title or Series/Title/Season). Description and Poster: Optional fields used only for display in the web UI. Example .drmd Structure { \u0026#34;Items\u0026#34;: [ { \u0026#34;MPD\u0026#34;: \u0026#34;aHR0cHM6Ly9leGFtcGxlLmNvbS9zdHJlYW0ubXBk\u0026#34;, \u0026#34;Keys\u0026#34;: \u0026#34;abcd1234ef567890:00112233445566778899aabbccddeeff\u0026#34;, \u0026#34;Filename\u0026#34;: \u0026#34;ExampleShow.S01E01\u0026#34;, \u0026#34;Subtitles\u0026#34;: \u0026#34;https://example.com/sub1.vtt,https://example.com/sub2.vtt\u0026#34;, \u0026#34;Metadata\u0026#34;: \u0026#34;Example Show;serie;1\u0026#34;, \u0026#34;Description\u0026#34;: \u0026#34;Pilot episode\u0026#34;, \u0026#34;Poster\u0026#34;: \u0026#34;\u0026#34; } ] } Processing Steps Detection: DRMDTool either watches a folder or receives .drmd uploads through the web UI. Validation: It waits for the file to finish writing (based on file size stability), then parses its contents. MPD Handling: If base64-encoded, the MPD is decoded and written to a temp file; otherwise, the URL is fetched or passed as-is. Command Generation: Using the MPD, KID:key pairs, output paths, and subtitles, DRMDTool builds a command line for N_m3u8DL-RE. Execution: The download is launched with live progress tracking. Users can pause, resume, or abort jobs, and optionally stream console output via WebSocket. These files serve as portable job definitions. When DRMDTool detects or receives a .drmd file, it parses the items, decodes or downloads the MPD, applies the keys, and builds a download command using N_m3u8DL-RE. Files are saved in organized directories like Movies/Title or Series/Title/Season, and subtitles are embedded if available. Pausing, resuming, and aborting downloads is supported per file.\nArchitecture Overview The configuration is handled via config.toml, with environment variable overrides for containerized or dynamic deployments. Once started, the tool can either monitor a specified folder or allow file uploads through the UI. Each .drmd file is parsed, grouped by series and season (if applicable), and processed sequentially with support for job pausing and resuming.\nWeb UI \u0026amp; CLI To use:\n./drmdtool Visit http://localhost:8080 for the web interface, which supports drag-and-drop uploads, selection of episodes or movies, and real-time progress tracking. For headless operation:\n./drmdtool -f /path/to/file.drmd Jobs can be paused, resumed, or aborted through the web interface, which reflects the backend state via live updates.\nEnhanced Download Logic DRMDTool dynamically builds download commands using metadata from .drmd files and user preferences. It ensures that only the highest quality streams are kept, removing ad periods and duplicate segments from the MPD files. Subtitles are fetched and embedded automatically. Jobs are tracked with robust state management and logs for debugging and visibility.\nRepository Code and setup instructions are hosted here: https://git.directme.in/Joren/DRMDTool\nDRMDtool For advanced usage details, customization, and API structure, refer to the README.md in the repository.\n","date":"May 21, 2025","image":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n \n\n\n\n\n\n \n\n \n \n \n \n \n\n\n \n \n\n\n \n \n \n \n \n \n \n\n\n \n \n \n \n \n \n \n \n \n \n\n\n \n \n\n\n \u003cimg\n \n src=\"/professors/site/images/project/project-1_hu_3db5ce4165d1b6f3.webp\" loading=\"lazy\"\n decoding=\"async\"\n \n\n alt=\"\"\n class=\" img\"\n width=\"650\"\n height=\"396\"\n onerror=\"this.onerror='null';\n this.src='\\/professors\\/site\\/images\\/project\\/project-1_hu_7691192a371c30a3.jpg';\" /\u003e\n\n \n \n \n \n \n \n\n\n \n\n","permalink":"/professors/site/project/project-1/","title":"DRMDTool Project"},{"categories":["cybersecurity","podcast","interview"],"contents":"Red Team Talk: Een Blik Achter de Schermen bij Offensive Security In deze eerste aflevering van Red Team Talk nemen wij, Joren Schipman en Mattia Punjwani, studenten Cybersecurity aan Howest, jullie mee in een gesprek met Thomas Castronovo, ethical hacker en consultant bij Deloitte. Samen duiken we in de wereld van offensieve security, red teaming, en de realiteit van een carrière als pentester.\nVan Interesse tot Loopbaan Thomas deelt hoe zijn interesse in cybersecurity begon tijdens zijn opleiding, met hands-on projecten zoals het hacken van virtuele machines. Een stage bij Deloitte in 2019 zette hem op het pad naar een voltijdse functie binnen het Offensive Security Team. Vandaag werkt hij al drie jaar bij Deloitte België en specialiseert hij zich in offensieve testen.\nOffensive vs. Defensive Security Hoewel zijn hart bij offensieve security ligt, kreeg hij recent ook ervaring aan de defensieve kant. Het leverde hem een breder perspectief op: “Het geeft een heel ander zicht op hoe aanvallen eruitzien vanuit de andere kant.” Toch blijft het red team werk zijn voorkeur behouden.\nWat doet een pentester nu echt? Thomas legt uit hoe een typische pentest verloopt: van het ontvangen van de scope, over het scannen van het netwerk en het zoeken naar kwetsbaarheden, tot het rapporteren van bevindingen. Tools zoals Nessus, BloodHound en PingCastle worden ingezet, vaak gecombineerd met zelfgebouwde scripts die de output analyseren en structureren.\nKwetsbaarheden in Active Directory Een groot deel van zijn werk focust op Active Directory (AD), waar hij telkens weer dezelfde pijnpunten tegenkomt: legacy-instellingen, onvoldoende gepatchte systemen, en misconfiguraties die vaak pas worden rechtgezet na een echte aanval. Twee voorbeelden die hij aanhaalt:\nLLMNR/MDNS/NetBIOS poisoning om credentials te verkrijgen DNS wildcard records die leiden tot man-in-the-middle aanvallen Tools, Tips en Oefenen Voor wie zelf wil beginnen raadt hij aan om zelf een AD op te zetten en tools als PingCastle en BloodHound uit te proberen. De meeste kennis verwerf je volgens Thomas door zelf te oefenen, dingen stuk te maken, en vooral: blijven proberen.\nDe Praktijk vs. Certificaten Hoewel certificaten nuttig zijn (zoals WPT voor webapp testing), benadrukt Thomas dat de echte leerschool het werkveld is. “90% van wat ik weet, heb ik geleerd door het gewoon te doen,” zegt hij. Oefenen op Hack The Box, zelf een netwerk opzetten, en leren van collegas zijn voor hem essentieel.\nAfsluiter De aflevering toont hoe breed het vakgebied offensive security is: van interne pentests tot phishingcampagnes, van legacy exploits tot zero-days. Maar vooral: het is een vak waar creativiteit en nieuwsgierigheid centraal staan.\n","date":"May 20, 2025","image":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n \n\n\n\n\n\n \n\n \n \n \n \n \n\n\n \n \n\n\n \n \n \n \n \n \n \n\n\n \n \n \n \n \n \n \n \n \n \n\n\n \n \n\n\n \u003cimg\n \n src=\"/professors/site/images/blog/blog-4_hu_8ddea2f052660626.webp\" loading=\"lazy\"\n decoding=\"async\"\n \n\n alt=\"\"\n class=\" img\"\n width=\"650\"\n height=\"433\"\n onerror=\"this.onerror='null';\n this.src='\\/professors\\/site\\/images\\/blog\\/blog-4_hu_96cadc46e7508592.jpg';\" /\u003e\n\n \n \n \n \n \n \n\n\n \n\n","permalink":"/professors/site/blog/post-4/","title":"Red Team Talk: Een Blik Achter de Schermen bij Offensive Security"},{"categories":["cybersecurity","event recap"],"contents":"Cyber Defence on the Digital Frontline: A Mission with NATO On a Mission with NATO: Cyber Defence on the Frontline Howests ongoing commitment to world-class cybersecurity training took center stage again as six lecturers from the Cyber Security program joined forces with experts from Latvia, Luxembourg and Belgium in one of NATO\u0026rsquo;s most intensive simulations: the Locked Shields exercise, hosted by the Cooperative Cyber Defence Centre of Excellence (CCDCOE). Now in its fifth year of participation, the Howest team shared their firsthand experiences at a special evening talk at Howest Bruges.\nThe Exercise: Locked Shields Locked Shields is no ordinary simulation. It is a full-scale, live-fire cyber defence exercise involving more than 6,000 machines and a narrative scenario so detailed it includes geopolitics, disinformation and even fictional countries. This year, the Blue Team 03 (our team) defended a simulated nations critical infrastructure including power plants, satellites, 5G networks and banking systems, all while under constant attack from a coordinated Red Team using automated scripts and over 28,000 attacks across two days.\nAnd yes, every team (Red, Blue, Yellow, White) uses Ansible. For everything.\nHigh Stakes, Real Lessons What do you do when a rogue process might be malware, or maybe just a poorly named service? What happens when your teammate refuses to act unless something is “officially malicious”? The team faced cultural clashes, communication breakdowns and stress-testing of both systems and people.\nThe exercise required more than technical fixes. It demanded communication with simulated commanders, media and public stakeholders. Reporting became just as important as patching. It taught participants how to translate technical impact into real-world consequences. Not \u0026ldquo;port 8443 unreachable\u0026rdquo;, but \u0026ldquo;our air defence system is degraded, and we cannot fly planes\u0026rdquo;.\nThe Black Team: Rapid Response in Action A new but powerful presence in the simulation was the Black Team, a rapid-response unit deployed when problems became too complex for any single team. Acting like special forces, they jumped in when incidents crossed team boundaries or demanded unconventional solutions. Their mission was to find out what was happening, assess the impact and suggest fast, creative responses. Introduced just last year, this team quickly proved its value again in 2025. They even embraced the role with style “you can wear sunglasses inside” became their unofficial motto.\nTheir presence underlined a critical lesson: not every problem fits neatly within a teams silo. Real-world defence requires flexibility, speed and lateral thinking.\nHighlights and Blooper Reel There were plenty of mishaps. Misfired scripts, team mix-ups, and one case where a DNS setup from a previous year was reused by mistake. Someone tried renaming cut to shutdown, breaking essential operations until it was fixed. Systems rebooted into chaos, a manual was uploaded to public GitHub, and the team had to quickly learn the difference between symbolic links and real binaries.\nHuman Factors and Growth From detecting malware with Velociraptor and Q9, to encountering teammates who took orders literally, the learning was intense. One participant noted that while Belgian and Luxembourg teams prioritized knowledge sharing, others preferred strict protocol. This highlighted cultural differences and the importance of interpersonal skills.\nThe biggest lesson? You are never fully prepared. Every iteration of Locked Shields is different. But each one sharpens not only your skills, but also your ability to function as a team under extreme conditions.\nFrom the Battlefield to the Classroom This experience directly impacts the classroom. Inspired by the exercise, Howest is introducing new hands-on courses like “Glutamine” in semester five. Students will be dropped into realistic broken networks, with misconfigurations, fake firewalls and simulated threats. It is chaos, but controlled. And that is the point.\nAs one speaker said: “You dont win Locked Shields. You just survive it better than the rest.”\nFinal Thoughts The exercise teaches more than just cybersecurity. It builds trust. It proves that knowing your teammates can be as important as knowing the tools. Whether that comes from a shared flight or a pre-exercise barbecue, it all matters when the pressure hits.\nWant to see how cyber defence works in real life? This is it.\n","date":"May 13, 2025","image":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n \n\n\n\n\n\n \n\n \n \n \n \n \n\n\n \n \n\n\n \n \n \n \n \n \n \n\n\n \n \n \n \n \n \n \n \n \n \n\n\n \n \n\n\n \u003cimg\n \n src=\"/professors/site/images/blog/blog-1_hu_8def6289c64a2dc8.webp\" loading=\"lazy\"\n decoding=\"async\"\n \n\n alt=\"\"\n class=\" img\"\n width=\"650\"\n height=\"433\"\n onerror=\"this.onerror='null';\n this.src='\\/professors\\/site\\/images\\/blog\\/blog-1_hu_d77be45b273e444.jpg';\" /\u003e\n\n \n \n \n \n \n \n\n\n \n\n","permalink":"/professors/site/blog/post-1/","title":"Cyber Defence on the Digital Frontline: A Mission with NATO"},{"categories":["cybersecurity","CTF","education"],"contents":"Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience On March 14 and 15, I joined the Cyber Security Challenge Belgium qualifiers with three teammates. For two days, we threw ourselves at CTF challenges covering binary exploitation, Android reversing, cryptography, and more.\nWhat follows is a recap of the challenges I personally worked on, some I solved, some I didnt—but all of them left me with new skills and new ideas.\nA Buffer Overflow to Warm Up One of the first challenges I picked involved a binary with a basic stack overflow. I used standard techniques, finding the offset, hijacking the return address, and injecting shellcode. Tools like pwntools helped automate the payload crafting. It was a great warm-up and a confidence boost once it worked.\nBinary Exploitation Flag\rOurEncIsSec: Zip Bombs and OEIS Then there was a more elaborate cryptography challenge: 18 zip files, each password-protected. We cracked the first three passwords using John the Ripper and got numeric values from them. I searched the sequence in OEIS and found it matched A007408, which gave us the full pattern of passwords.\nUsing this, I could extract all zip contents automatically, reconstruct the password-protected message, and finally reveal the flag.\nPicture of the solution\rInfinite Luck: One in a Million? One challenge involved “guessing” a thousand random numbers between 1 and 10. The banner claimed it required infinite luck, but of course, the randomness was seeded. After inspecting the generator, I realized it was deterministic. By precomputing seeds and output sequences, I could match the challenges banner to a specific seed and regenerate the entire solution.\nChallange picture\rCorrect number order\rAndroid Reversing: FRIDA and JADX Several APKs were part of the qualifier set. I used JADX to decompile them and FRIDA to patch logic at runtime. In one challenge, I bypassed license validation by forcing key methods to return true and unlocking hidden functionality.\nThe Challenge That Stuck with Me: Rebuilding a Split DEX This one stood out.\nThe app used a 4×8 button grid. Pressing buttons loaded a sequence of blockXX files from assets. These were concatenated in-memory and passed into InMemoryDexClassLoader to load a class called be.dauntless.flag.Flag.\nClass loadClass = new InMemoryDexClassLoader(ByteBuffer.wrap(byteArrayOutputStream.toByteArray()), getClassLoader()) .loadClass(\u0026#34;be.dauntless.flag.Flag\u0026#34;); Each block was a fragment of a DEX file, but the app didnt tell you the right order. I tried manually inspecting the fragments, identifying methods, string constants, and offsets—to infer how to reassemble the full file. I got close, but didnt crack it in time.\nThat challenge stuck with me because it combined static analysis, runtime introspection, and logic reconstruction. It wasnt just technical, it was creative.\nThe One That Got Away: TLS Fingerprinting Another challenge involved a Go-based TLS server that rejected all client connections unless they matched a specific fingerprint. I used Gos tls.Config to replicate the version, cipher suites, and ALPN:\ntls.Config{ MinVersion: tls.VersionTLS13, CipherSuites: []uint16{ tls.TLS_AES_128_GCM_SHA256, // ... }, NextProtos: []string{\u0026#34;h2\u0026#34;}, } Despite that, the server still refused the connection. I suspect it was using JA4 or similar TLS fingerprinting techniques we couldnt fully emulate. We had to move on, but Id love to revisit that one someday.\nFinal Thoughts I didnt solve everything. But that wasnt the point. Every challenge was a practical puzzle, something to decode, reverse, bypass, or just understand a little better.\nWorking as a team with Evarist, Nathan, and Waut made it even more valuable. We bounced ideas off each other, divided tasks, and got a much broader set of challenges covered.\nThe Cyber Security Challenge Belgium qualifiers werent easy. But they were the best kind of difficult, the kind that teaches you something whether you solve the problem or not.\n","date":"March 15, 2025","image":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n \n\n\n\n\n\n \n\n \n \n \n \n \n\n\n \n \n\n\n \n \n \n \n \n \n \n\n\n \n \n \n \n \n \n \n \n \n \n\n\n \n \n\n\n \u003cimg\n \n src=\"/professors/site/images/blog/post-2/binexpl_hu_3d36b409c72f3586.webp\" loading=\"lazy\"\n decoding=\"async\"\n \n\n alt=\"\"\n class=\" img\"\n width=\"650\"\n height=\"160\"\n onerror=\"this.onerror='null';\n this.src='\\/professors\\/site\\/images\\/blog\\/post-2\\/binexpl_hu_afca672637b6b98d.png';\" /\u003e\n\n \n \n \n \n \n \n\n\n \n\n","permalink":"/professors/site/blog/post-2/","title":"Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience"},{"categories":["cybersecurity","event","defense"],"contents":"Securing Cyberspace: Belgian Cyber Command at Howest On November 12, we had the opportunity to attend a Tech\u0026amp;Meet session unlike any other. The speaker was Colonel Gunther Godefridis, Director for Development \u0026amp; Readiness at Belgian Cyber Command, and the topic: safeguarding our country in the digital domain.\nHeld at Howest Campus Brugge Station, the event drew students, researchers, and professionals eager to understand how military-grade cybersecurity operations are run, and why they matter more than ever.\nDefending in the Digital Age Colonel Godefridis began by outlining the core mission of Belgian Cyber Command: protecting Defenses networks and weapon systems, supporting intelligence operations (ADIV), and conducting defensive and offensive operations in cyberspace. In short, Cyber Command isnt just watching traffic, its actively shaping Belgiums digital resilience.\nWith societys increasing reliance on digital infrastructure, the risks of espionage, disinformation, and attacks on critical systems are no longer theoretical. Godefridis highlighted the urgency of being able to respond to, not just detect, those threats.\nWorking Together: Academia, Industry, Government One theme that stood out was collaboration. Cyber Command doesnt operate in a vacuum. It works closely with national agencies, NATO partners, academic institutions, and the private sector. The colonel emphasized that defending cyberspace requires broad cooperation, and Belgiums approach is to engage across domains, military, civil, and industrial.\nHe also made it clear that this isnt just about defense systems or classified data. As the line between civil and military digital infrastructure blurs, vulnerabilities in civilian systems can become national security issues. Thats where cooperation becomes essential.\nLeading with Innovation With over 20 years in military service, Colonel Godefridis brings a unique perspective. From artillery innovation to defense technology strategy, and now to cyber development, his background reflects the evolving nature of conflict and the military\u0026rsquo;s response.\nHe discussed how innovation, including artificial intelligence, is becoming central to cyber defense. Cyber Command is investing in tools and skills to automate threat detection, analyze large datasets, and simulate attack scenarios. Its not just about building walls, its about staying several moves ahead.\nA Transparent, Human Conversation The Q\u0026amp;A session at the end made the evening especially memorable. Questions ranged from technical details of cyber defense capabilities to the human side of cyber careers: how people are trained, what skills are valued, and how students might contribute.\nColonel Godefridis was honest about the challenges. Cyber operations evolve quickly, and so do adversaries. But he was equally clear about the opportunity: Belgium is building a capability that matters, and it needs talent.\nFinal Thoughts If you walked into this talk expecting a dry presentation on military infrastructure, you were wrong. This session was a deep, realistic, and engaging look into how Belgium is preparing for cyber conflict, and how students like us could be a part of that mission.\nWhether youre in cybersecurity, software development, or systems engineering, theres a growing role to play. And as Colonel Godefridis made clear: its not just a job. Its part of defending a society thats more vulnerable, and more connected, than ever before.\nTip\nWant to learn more about Cyber Command? Visit the official website at mil.be\n","date":"November 12, 2024","image":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n \n\n\n\n\n\n \n\n \n \n \n \n \n\n\n \n \n\n\n \n \n \n \n \n \n \n\n\n \n \n \n \n \n \n \n \n \n \n\n\n \n \n\n\n \u003cimg\n \n src=\"/professors/site/images/blog/blog-3_hu_fdd9e13d0370b160.webp\" loading=\"lazy\"\n decoding=\"async\"\n \n\n alt=\"\"\n class=\" img\"\n width=\"650\"\n height=\"433\"\n onerror=\"this.onerror='null';\n this.src='\\/professors\\/site\\/images\\/blog\\/blog-3_hu_c932299ff2fa7067.jpg';\" /\u003e\n\n \n \n \n \n \n \n\n\n \n\n","permalink":"/professors/site/blog/post-3/","title":"Securing Cyberspace: Belgian Cyber Command at Howest"}]
Reference in New Issue View Git Blame Copy Permalink