Knowing Null: Phoenix750 -- The Bazaar Belgian Badass

interview

#1

Hello and welcome to another installment of Knowing Null!

Housekeeping First this time:

First: If you’d like to toss your name in the voting pool, PLEASE LET ME KNOW. You do NOT need to be some uber-hacker to feel welcome in my interviews. You just gotta have some passion for what you do and have the guts to talk about it publicly!

Second: If you have any questions you’d like to see asked in future interviews, post them in a comment below!

Third: Vote Time!

  • slobber
  • Rain
  • egy
  • yuu
  • REal0day
  • nugget
  • f0rg

0 voters

The Interview

Okay, so, first off. Can you tell us all a bit about you, your interests in infosec, and maybe a brief bit of your technical background?

Well I am a 19 year old mechatronics graduate from Belgium, and I am currently doing a specialisation in PLC programming, and maybe if this year goes well, I’ll do another specialisation in alarms & (physical) security techniques. Regarding infosec, I’m a true hobbyist, so I take in a lot of stuff without truly mastering anything, my main goal is to make the technological illiterate more security-aware.
As for my technical background, I think i answered a lot in the first question. I am an electrical technician with a passion power electrical installations and automation, so most of my time goes to this field in my free time, too

Where do you see the interplay in physical and digital security?
How do you see it in your own work?

Everything runs on a computer chip nowadays, whether we like it or not. Security alarms now have a digital interface so the end user can control the alarm from a distance. It is necessary that said connection is well secured, because a chain is only as strong as it’s weakest link. When i need to install cameras, digital configuration is always involved, such as login pages. It is a very sad fact that
Most of my colleague electrical technicians leave their camera’s at the default password, which makes for fun Shodan experiences ;). As such, people who work with physical security NEED to know some digital security. Likewise, red teamers for example need to be very knowledgeable about physical alarm systems, camera’s, IR sensors, etc. if they want to be successful in physical infiltration. IMO it is a 2-way street.

What sort of insight can those red teamers utilize in their infiltrations? Got a top list of tips?

1.) IR sensors detect heat. Try to give off as less heat as possible: wear isolating clothing, cover your face especially (the face gives off the most heat), and don’t move too much so your body temperature doesn’t rise

2.) almost all cameras today have some kind of interface. Try to get into a network first so you can shut them down. If you can’t login, blocking their MAC address from the network should suffice

3.) It is absolutely not uncommon that images from a camera get stored in some local (or remote) server. Whacking the camera does not mean they didn’t see you

That is all I can give I think, I am still a student when it comes to physical security, and I don’t want to hand out too much details in public under my name, you can always PM me on IRC if you would like to know more details

Regarding that: DISCLAIMER: I AM NOT IN ANY WAY RESPONSIBLE WHAT YOU DO WITH THESE TIPS. USE AT OWN RESPONSIBILITY

What’s the computer security field like in Belgium? Is it in the media as much as it is in other nations like the U.S. or U.K.?

It is at a terrible state, honestly, just like the rest of the country. Computer security is given little to no attention in the media, most people here fall for phishing easily, everyone of my friends connect to “free WiFi” networks like it’s nothing, and the FCCU (Federal Computer Crime Unit, basically Belgium’s NSA) receives very little funding. The only good things I have seen is that the FCCU
Once made a project, safeonweb.be, which teaches about phishing, but it of course got no attention in the media (maybe a small mention on the news, at best).
However, there are some good things, too:
There is a famous hacker living in Aalst, by the name of Inti De Ceukelaire, he is a man I respect a lot. He once tricked the majority of Belgium in a fake analytics test (Oilsjt analytica), and thus making the Belgians a bit more aware about Social Engineering. Furthermore, he hacked the Vatican website once, and made it play this video: https://www.youtube.com/watch?v=SiEAmK99Brg
He did this because the Vatican refused to fix a bug he reported so he abused said bug
The song is a carnival song from Aalst, (“Oilsjt carnaval” is a big event here), and the title, “Onzjier es nen ajoin” basically means “god is an onion”, and the onion is the symbol of the carnival club of Aalst
So it was a great joke that became super famous here, thus raising awareness
In this aspect, I share the same mission as Inti: to make the average person more aware of their online security
Inti, if you’re reading this: YOU ARE AWESOME! KEEP ON GOING!

Nice bit of hacktivism there! It certainly is a big task trying to educate the public on responsible and secure digital habits

Yes it is, even at a small scale

Are you planning on taking your career more into the security side?
or continuing your current trajectory while staying security minded?

I will try to continue my current trajectory, while also trying to stay active within infosec as a hobbyist. I love electrical work & everything related to it WAYYY more than infosec, I would also not be suited for the job IMO, the electrical field is where I belong the most
I will try to continue my mission of educating the uneducated, though

So what does the life of a PLC programmer look like?
What kinds of software and hardware do you interact with?

Let’s break an illusion here: most PLC’s are not programmed using conventional programming languages. Most PLC’s use the “ladder diagram”. This language is a visual one and they have gone through that route for various reasons:

#1 PLC’s are critical infrastructure so they wanted to make the programming process as simple as possible
#2 the ladder diagram is very similar to conventional relay schematics, so very little re-training was needed for electricians, technicians, and engineers

The ladder diagram is not the only thing though:
The closest to conventional programming languages is the “instruction set”, but that one is dependent on the manufacturer and is not as universal as the ladder diagram
Furthermore there is function blocks, or FUB, most commonly known for their use in the LOGO! micro-PLC from Siemens.
I have made challenges for the LOGO! on the site, but cancelled them because they were very unpopular, but @lkw solved all of them, you should check out his solutions for a clean sense of FUB

Do you have a favorite example link or image for readers at home?

If you want to have a look at ladder diagram: https://www.youtube.com/watch?v=7P4gGCvgNnk
For instruction sets, there are so many examples out there i challenge 0x00sec to look for themselves :wink:
Ss for the hardware: there are many variations, but I have worked mostly with Siemens and Saia

Do you have a favorite project you’ve worked on?

Yes, my end project for the last 2017-2018 school year. I had to make a game using a LOGO!, using an inductive (metal) sensor and a 3-phase asynchronous motor. It ended up being one of those respond-quick games: The motor drives a piece of metal near the sensor and you have to press the button in time, if you do so the motor spins faster (using a frequency drive), if you miss a number of times the machine shuts down. Everything in it is controlled using the LOGO! and the program for it is pretty massive: approximately 310 function blocks. I unfortunately can’t share it with the community because of an NDA of my school (they recycle the project for the next year)

312 blocks*, i just checked it
The fun thing about it is that i built it from the ground up: the pre-research, the actual research, documentation, wiring, programming, mounting, testing… I did it all, and it was a hell of an educative experience

Wow that sounds pretty cool. A great “all around” experience

Absolutely.

Okay, let’s dig into the human behind the nickname. Who is Phoenix750? What other hobbies do you have, outside of infosec and your work?

I’ve got a dog, a border collie, and I do agility trials with her, she is a true prodigy. Makes me wonder why her previous owners abandoned her. I also really like history, especially from WW1 to the modern day. I am also an occasional gamer. Furthermore, I help in my local community with my skills: if someone needs a new outlet placed or a light bulb replaced, I’m always there to help

Let’s do some quick questions! First, Windows, Mac or Linux?
What are you running at home?

I run a dual boot between Linux (Arch) and Windows 10: Linux for infosec and general purposes, Windows for school & work, because much of the software I need doesn’t run on Linux and aren’t that great on a VM or wine

Do you use a mechanical keyboard?

Yes, Corsair STRAFE

Favorite book/movie/video game?

Favorite movie: band of brothers, even though it’s technically a series. Favorite game: it depends, but I play Hearts of Iron IV a lot lately. I don’t have a favorite book, I don’t read a lot

Do you have a favorite Meme?

My own memes :wink:

Nice. Alright, let’s talk 0x00sec. What brought you here? How’d you find us?

I helped make 0x00sec. I was on Null-Byte far before @pry0cc even was there, and I was known there. When we gained our independence from Null-Byte, pry0cc, oaktree, and unh0ly made 0x00sec in the background while I ignited a revolution on Null-Byte to get as many people shipped to 0x00sec as possible: the operation was a big success, clearly :D. As you can see, I was all about the community from the start: that is why I resigned as a moderator on the website and I only want IRC op when it is absolutely necessary and I am quickly to resign it. My primary service is to the people of 0x00sec, not any of the staff, you’re all my children in my eyes, because I have been here the longest in terms of activity: almost 4 years I’d say.
TL;DR: I didn’t find 0x00sec, 0x00sec found me
(sarcasm)

What’s it been like for you watching us continue to grow?

it was one epic ride. 0x00sec started out as a small github repo where articles were published through pull requests, and look at it now! Need I say more?
Also, I want to make a big shoutout to @pry0cc for his service to 0x00sec and to me: he knows how much i care about the people on here and he has always reviewed advice I have given with care, he is a true leader.
0x00sec wouldn’t have become what it is today without him, but that is not to say oaktree and unh0ly didn’t do anything, they did a lot too

Awesome. Any advice for members out there looking to get into PLC and electrical systems?

yes: guys, you NEED to get a degree, there is no way around it. Electrical work is so dangerous that companies can’t afford taking risks, so degrees are really valued in the industry, unlike infosec for example. IT has backups, when a transformer blows up, it blows up (and kills people sometimes, too).
there are many after-hour schools that teach you how to be an electrician, and you can work up to technician from there

Safety First! Any other shout outs to the community?

THAT is always the top priority, indeed!
yes, I want to sincerely thank EVERY SINGLE ONE of you for being here with us, contributing with us, and helping each other. 0x00sec is a machine, and you all are a vital piece to keep the machine in good condition.

A few people in particular:
@exploit for his unseen skill and willingness to help, @fraq for being an experienced leader and advice-giver for many, @L0k1 for giving us our IRC server, @ricksanchez for the good times, @_py for being a very good friend of me back in time when I was not as good as I am now, @Cry0l1t3 for the great ideas he is developing, and to everyone else thanks for helping to build the 0x00sec-machine that it is today

Furthermore: newcomers, DO NOT be afraid to contribute! 0x00sec has set itself apart from other communities in the sense that it is friendly to newcomers. Go ahead and post what you find interesting!

Awesome. Now, last question! What’s your ‘hat’ color?

My hat color? that depends on the situation. Usually it is something like #ff8928

Well thank you so much for participating, Phoenix750!

no problem
looking forward to the title :stuck_out_tongue:

That’s All Folks! Be sure to vote and comment. See you next time!


#2

Please ignore that stupid solution facepalms again


#3

Where’s my boye @0x00pf? Are you guys conspiring against him??? :face_with_raised_eyebrow:


(pico) #4

https://0x00sec.org/latest?order=views

@Nitrax, @maderas and @dtm have contributed more than 120K views to the community just with 1 post each… and I cannot vote for any of them??? I cannot vote either for the people that worked hard when we only had a few users…(in no special order) @dtm (again), @_py, @IoTh1nkN0t @oaktree, @TheDoctor

ooohhhh!.. I remember when hacking was a meritocracy… the good old days… :disappointed_relieved: :disappointed_relieved: :disappointed_relieved:


#5

I feel you, mate. But don’t be so harsh :stuck_out_tongue:

Back in the days, we were only a few members and it makes sense newcomers don’t know us due to our lack of recent activity.


(Command-Line Ninja) #6

+100

Also, @sprtn, he’s a red team boss, and I’ve love to know about his background.


#7

Ok everyone please relax.

I was with @skidd0 on the IRC when he was making up the poll and I’ll have you know that he waited a good 30 minutes or even more before submitting this poll. He doesn’t want to include people who don’t want to be in his poll to begin with, and yes there have been a few yesterday. So if you are not in the poll, it is most likely your own fault. Yes, I know not everyone can be active on IRC at that time, but if you look at his post carefully, you’ll see:

So if you want to be included in the next one, I highly suggest you do exactly that. Stop giving @skidd0 shit for not trying to include people that don’t want to be included.


#8

@dtm, @Nitrax, @0x00pf,

A few of those names had been on previous polls to fill space, but I’ve since removed them because I never got explicit permission to list them. I didn’t want to end up in a situation where the 0x00sec community had a majority vote for a subject that never wanted to be interviewed in the first place. In short, they were not removed or omitted out of malice.

Please, if you have suggestions for interview subjects or want to be one yourself, send me a ping (here, IRC, twat-er [@mcskidd0], protonmail). Thanks! :]


(Vivere militaire est. Si vales, valeo.) #9

I am hugely appreciative of @dtm and @0x00pf looking out for my interests.

I am also appreciate of @skidd0’s tact and consideration of our (or at least my) privacy.

I would love to be in the irc here or more active; however, I have a busy professional life within the Red Team/penetration testing space along with multiple different projects eating my time, including a site that will stand as a living repository of data pertinent to the hacking community (OuterHeaven), my establishing a realistic penetration lab I want to open to portions of our community and an anonymity/privacy project I am looking to release by the end of the year after multiple years of work (HeavyJacket).

I am working on projects to be released here soon as well.

That being said, I am always looking to give back here and to the hacker/Information Security community at large.

Professionally (as far as work I can comment on without violating any ND), I have engaged some of the most secure environments on earth in my time as Schneider Electric’s lead Red Teamer & Penetration Tester (my title was Cybersecurity, Penetration Test and Vulnerability Assessment Lab Manager) and during my work with National Grid (both were incredible organizations I am honored to have been a part of).

I was also Schneider Electric’s Lead Consultant/Point of Contact during the events such as the Wannacry Attacks and Lead Analyst for the company when we provided/helped create Saudi Aramco’s action plan for dealing with the Shamoon 2.0 attacks (W32.DistTrack/W97M.Downloader variant pre-StoneDrill).

More recently, I served as the Senior Red Team Operator (EDIT was included here to correct "Red Operator typo for clarity) for National Grid (in a short term consultancy role)…

I am not pounding my chest here; the reason I love this place is that I am fairly sure there are plenty of people here with professional experience and talent that dwarf my own.

I stated the latter only as a means to give background to anyone new who may not know I exist here and provide context into why my words may (or may not) have potential to be of value to them.

This is because I am indeed interested in contributing to “Knowing Null”, though I would need to conduct the interview via e-mail or some messaging application due to my schedule (there would likely be a lull of hours in between my answers to questions due to the oddness of the hours I keep, though I could easily complete a series of multiple answers in 24 to 48 hours).

All of you and this place are incredible; I am glad to be a part of this place.

And I am sorry for the length of my reply here; when I get the time to contribute here, I like to do so in huge chunks, as this place deserves the maximum I can give when I can give it.

-maderas


(Vivere militaire est. Si vales, valeo.) #10

Having run quite a few engagements against environments were PLCs were native (as well as many engagements where PLCs and all manner of other IoT appliances/embedded devices/SCADA were the target), I cannot express how important someone like @Evalion is to this world.

Those with @Evalion’s intellect, interest and talent are a critical resource desperately needed by every industrialized nation.

The Industrial/Energy Sectors are the spaces where real human misery or loss of human life can result due to a lack of security related resources…

We need legions of similar minds desperately in those spaces: young (until you work in these spaces, you do not know how few talents are closer to graduation then retirement) educated and actively engaged minds are too rare a resource where the infrastructure of civilization is concerned.

I do not know you @Evalion; to be honest, sometimes the frankness of your words have made me wince the slightest bit (probably because I too tend toward abrupt bluntness)…

I am glad such as you exist.

-maderas


#11

Thank you for the kind words!

All I try is to get the truth out there, which is that most of my colleagues don’t take the time to fully understand what they are installing: they just wire it up and expect it to work. It is this kind of ignorance that will one day end badly. Mark my words.


(Guess, there's a solution I'm not seeing.) #12

I’m sorry to hear that. I actually solved at least 2/3 of them but didn’t had the time to write them up. I would really appreciate it, if you would post one or two hard challenges in the future.
Something like: change the ladder diagram so it is fulfilling it’s original purpose, but also does something malicious.


#13

I’ll think about it.