, , ,

Fostering a knowledge economy at Toreon using cryptocurrency

Toreon is proud to announce that we will be launching the Torbuck in the beginning of May, 2019.

Torbuck is our own cryptocurrency. It will enable our employees to value their knowledge and be rewarded for sharing it. Effectively, we are creating a knowledge economy within Toreon.

The Torbuck will be published on the Ethereum blokchain. In May, all of our employees will be able to access their Torbucks using a standard cryptowallet. They will be able to spend Torbucks on external training, as well as get paid by colleagues for their own knowledge sharing efforts. If a Toreon employee organizes an internal training, their colleagues will pay Torbucks to attend.

Our ICO (internal coin offering) came about when trying to solve a few issues we had.

First, as a cyber security consulting company, Toreon is all about people and their knowledge. Our people have to learn constantly. We try to stimulate knowledge creation and exchange as much as possible. Although everyone has a large personal budget for attending external training, internal knowledge sharing never comes easy. Putting it in our company bonus plan has worked only partly. The Toreon management never likes to use a top-down approach, but we’ve found ourselves forced to organize knowledge events ourselves to stimulate knowledge exchange. We needed a good incentive system to reward knowledge sharing.

Second, Toreon is an innovative company. We had identified Blockchain as a technology to watch and have actively tried to learn more about the technology, in order to assess early on what the security challenges could be. Our R&D effort has largely meant listening to other organizations trying out blockchain technology. It seems blockchain is ‘a technology looking for a use case’. We hadn’t really been able to find a project that would allow us to participate in the technology and apply our security knowledge.

Torbuck fills both needs: It allows our people to get rewarded for sharing knowledge. And it allows us to develop our own platform, to learn about blockchain development, its many pitfalls (a very immature technology) and of course security. The Torbuck will be a tool as well as a playground for our techies. Our ethical hacking team can’t wait to launch their attacks!

What’s in the future? If Torbuck is successful, we can expand its use. We could give our clients Torbucks as part of a loyalty program to spend on our services. It could become an integral part of the internal reward system. But first and foremost, it is a way to learn and share knowledge and not just about blockchain.

, , , ,

Toreon @ Niveau S

On the 19th and 20th of December, Toreon will be at the Niveau S event.

This event is targeted at government services and the activities will be an exciting mix of seminars, R&D demonstrations and a job/internship speed dating area. The overall theme is technological innovation and security.

We want to present ourself as a trusted partner for cyber security consultancy and advice and as an innovative player in this market. You will find us in the main hall with a live demo by our innovation department. Don’t be shy and come say hi!

Looking for a new challenge? Learn all about us and working at Toreon, look at our current job openings and book us for a speed date at the event.

In anticipation of this event, we’ve made a promo video that’s worth taking a look at:
Niveau S promo – NL
Niveau S promo – FR

See you in Brussels!

, ,

Toreon’s new office opening party

On 30th of June, we had a major party to celebrate the opening of our new office. We invited all of our friends, family, ex-employees and partners to celebrate with us.

After months of working in dust and noise, we finally got to show off our new space.

And of course, a great opportunity to do some fine dining and drinking!

, ,

Belgian Cyber Security Challenge CTF: A Junior’s View

The Belgian Cyber Security Challenge is a Capture-The-Flag game that’s focused on cybersecurity. The event is organised by Toreon’s friends NVISO.

Wednesday 10 am started my team’s 32 hour adventure; capturing as many flags as we could possibly find.

10:30 am: first blood! After half an hour we already found a first flag that placed us in the top five on the scoreboard.

12:00 am: finally a second flag we could submit to the platform!
As all team members finished working, we gathered on voice chat to discuss strategies and started brainstorming around the challenges. At first sight it seemed like NVISO had stepped up their game, since the challenges last year were not as difficult as in this edition.

6:00 pm: it had been six hours since we last submitted a flag. Other teams caught up with us and we started to lose all hope. But then we started to understand how certain challenges were built and where we should look for the flags.

6:30 pm: new flag, back on track! We were frustrated since a lot of people had found the flag of the so called ‘ModBusted’ challenge, inspired by Industrial Control Systems. Two of our team members had already done some research on ICS-systems in the past but we just couldn’t find that one easy flag that everyone else did.

07:45 pm: Yeahaa! We found it! This flag took us from 61th place all the way back to 22nd! At this point we were so happy and filled with new hope.

09:30 pm: We lost too much time on this one. This was probably the last easy one we found.

11:00 pm: We put our heads together to solve the ‘Whistle’ challenge and – yes! – we were the third ones to solve it. Our first big win: 90 points!

01:45 am: last flag for this session. It took us a while to figure out where the flag was hidden since this was a forensics exercise.

Until 4 am we kept searching but we were all too tired to keep on digging for flags so we took a nap to continue with clear heads the next morning.

11:15 am: submitted the new flag! What’s next? The time is ticking guys! The contest would end in only seven hours. We had to come back to this one ‘XYZ-adventures.com Data Exfiltration’ challenge several times. The organisation provided us with data capture files and we had to find where the flag was hidden in that giant pile of data. One team member found credentials that were sent while capturing the data. With these plain text credentials we could log into his mail account and retrieve a word document from his mailbox.

12:45 pm: The flag was found in the document properties.

05:15 pm: We submitted the flag we just found but we needed to find some others.

06:00 pm: END of competition, Team BlumBlumShub ranked 24th place on the scoreboard.

During the competition we heard only the first eight would qualify to compete in the finals, afterwards we received a mail that said the top fourtyfive can join a second CTF in two weeks and compete for another eight places in the finals.
So stay tuned for more in a few weeks!