Home Blog

Hacktivism Goes Orbital: Investigating NB65’s Breach of ROSCOSMOS


In March of 2022, Network battalion 65 (NB65), a hacktivist affiliate of Anonymous, publicly asserted its successful breach of ROSCOSMOS’s satellite imaging capabilities in response to Russia’s invasion of Ukraine.

NB65 disseminated a series of primary sources as substantiation, proclaiming the incapacitation of ROSCOSMOS’s space-based vehicle monitoring system and doxing of related proprietary documentation.

Despite the profound implications of hacktivist incursions into the space sector, the event has garnered limited attention due to the obscurity of technical attack vectors and ROCOSMOS’s denial of NB65’s allegations.

Through analysis of NB65’s released primary sources of evidence, this paper uncovers the probable vulnerabilities and exploits that enabled the alleged breach into ROSCOSMOS’s ground and space segment. Additionally, this paper highlights lessons learned and the consequences this event has for the global aerospace community.

The authors of this paper are : Rajiv Thummala and Gregory Falco

You can download the document here : https://arxiv.org/abs/2402.10324

Successfully passed the “Certificate of Competence in Zero Trust” (CCZT), the first Zero Trust certificate in the industry


I february 2024, I successfully passed the Certificate of Competence in Zero Trust (CCZT) from the Cloud Security Alliance (CSA).

This certificate is a logical follow-up to the CCSK (Certificate of Cloud Security Knowledge) awarded by the same CSA organization (to know more about CCSK, read my article here).

Zero Trust Philosophy is :

  • Never Trust Always verify
  • Assume a hostile environment
  • Assume breach
  • Scrutinize explicitly
  • Apply unified analytics

The CCZT is considered the first Zero Trust certificate in the industry, developed by combining the guidance of Zero Trust experts, foundational documents from authoritative sources, and leadership from vendor-neutral CSA Research.

Building on the foundational principle of Zero Trust that no part of a computing and networking system can be implicitly trusted, CCZT will give you the knowledge and skills necessary to implement a Zero Trust strategy and reduce systemic risk.


CCZT outlines how to put specific measures in place to provide assurance that systems and their components operate appropriately and are continuously verified.

CCZT enables you to understand and implement Zero Trust principles into business planning, enterprise architectures, and technology deployments.

The Certificate of Competence in Zero Trust consists of the following topics:

  • Introduction to Zero Trust Architecture (ZTA)
  • Introduction to Software-Defined Perimeter (SDP)
  • ZT Planning
  • ZT Implementation

Recommanded authoritative sources :

  • CISA Zero Trust Maturity Model
  • NSTAC Report to the President on Zero Trust
  • NIST Zero Trust Architecture (SP.800-207)

Special thank’s to Rajan Iyer and Abdulrahman Alkayali who inspired me to write this post.

Congratulations to Troy Leach and Dominik Vleming for the quality of this program

To know more about CCZT and CSA : https://cloudsecurityalliance.org/education/cczt

I also wrote a post here where I explain :

  • What is Zero Trust Architecture (#ZTA)
  • What is Certificate of Competence in Zero Trust (#CCZT)
  • Who is #CCZT for
  • What is the #CCZT exam structure
  • What does #CCZT cover
  • How do I prepare for the #CCZT exam
  • What is the cost

“Space Cybersecurity” magazine special edition from PenTest and Hakin9


PenTest and Hakin9 are very proud to present with a special edition, created in a collaborative process between experts in the field of space cybersecurity, PenTest, and Hakin9 magazines. The topic is currently getting more and more deserved attention, and they are more than happy to bring experts’ voice to the table here.

In the “Space Cybersecurity” eBook by PenTest & Hakin9 you will read about this fascinatingarea from a variety of perspectives: from the future of optical and laser communication and its security, through cybersecurity measures in modern space exploration, simulating the test of space systems with S-WAN, end-to-end security management system using COSMOS2, Space threats and operational risks to mission, security by design for satellites, to the relevant information about ASAT, geopolitical aspects of space cybersecurity, and cybersecurity in the ground segment for space industry.

It is a great compendium of knowledge provided by the practitioners in the field. Special thanks to all the contributors, reviewers, and proofreaders involved in the creation of this issue.

Let’s launch and dive in the reading process.


The Future of Satellite Communication: Optical Communication and Lasers. Is it Secure? from Angelina Tsuboi

Although there are a plethora of benefits that emerge from migrating to optical- based communications infrastructure, it still has some drawbacks. Firstly, optical communications rely on high precision since information is sent via a narrow beam pointed at the receiver. This significantly reduces the margin for error as even a slight deviation of the beam could result in signal disruption. Moreover, optical signals are highly vulnerable to interference found in external light emissions from various sources like the sun and other optical signals. Both of these factors make optical communications vulnerable to interception, spoofing, jamming, and physical attacks.

Cybersecurity Measures in Modern Space Exploration from Sylvester Kaczmarek

As with any computerized system, autonomous space systems are vulnerable to software-based attacks. Malicious entities could potentially introduce rogue software into these systems. Such software could subtly alter the system’s behavior, making it perform unintended actions or even sabotage its mission. For instance, a malicious software injection could alter a satellite’s data collection parameters, leading it to transmit false or corrupted data back to Earth. In the case of an autonomous rover on a distant planet, such an attack could result in it straying into hazardous terrain or failing to carry out its scientific objectives. Moreover, the specific security risks vary between different types of autonomous space systems. For instance, autonomous satellites managing Earth observation may be targeted to manipulate environmental data, while rovers exploring extraterrestrial surfaces could be commandeered to disrupt scientific discovery or misrepresent findings.

S-WAN: Simulate the Test of Space systems from Jamel Metmati

The simulation doesn’t replace the test on the real chambers once the satellite’s assembled. It provides support on the process between the preliminary design and the assembly, integration and test phase, the operational activity in space. The simulation gives an environment test to monitor and control the satellites to understand anomalies to be studied and to be corrected on short notice.

Space Threats and Operational Risks to Mission (STORM) from William Ferguson

There is a clear need for space cybersecurity workforce development that will require public, private, and international government cooperation. Significant progress is already being made with the ongoing efforts to build space cybersecurity skills through cutting-edge platforms like Moonlighter, an on-orbit cybersecurity training platform, Hack-a-Sat, and established communities like the Aerospace Village that have existed for some time. But there is still more work to be done.

End-to-End Security Management of Space Systems using COSMOS2 from Dr Jordan Plotnek

This article provides an overview of the outcomes of a multi-year research project resulting in the novel COSMOS2 (Contemporary Ontology for the Security Management of Space Systems) framework, developed through iterative feedback from space security experts across 10 countries. The framework includes a definition for space systems security and a tabular taxonomy encompassing the protection of five segments (Ground, Space, Communications, Human, and Governance) against four threat categories (Non-Malicious, Cyber, Electromagnetic, and Kinetic).

Safeguarding Earth’s Frontline: The Crucial Role of Cybersecurity in Space Operations from Olga Nasibullina

To fortify cybersecurity in space operations, there is a need for increased education. Initiatives like the European Space Agency’s collaboration with Rhea Group have led to the development of dedicated Space Operations Cyber Ranges. These ranges offer services such as preparation, testing, and training for cyberattacks, along with 24/7 managed Security Operations Centre (SOC) support. Two consortia consisting of Estonian companies are developing a concept for a space cyber training range. The first consortium includes Spaceit, CybExer, and CGI; the second includes Nortal and Talgen. Foundation CR14, established by the Estonian defense ministry, is also a member of both consortia. The new range should, among other things, allow us to simulate specific space-related environments and potential threats, validate various industry-specific components and processes, and contribute to the development of know-how related to space cyber defense.

Space Cybersecurity: a Strategic Issue in the Current Geopolitical Context from Anais Shay-Lynn Videlingum

The security of space infrastructures is a geopolitical issue, as space-based resources are increasingly used by our societies in all fields, from construction and financial markets to military capabilities. The rapid development of objects and services powered by satellites is contributing to a growing dependence on space in all fields. Being present in space has become a strategic issue over time, depending on the interest of decision-makers in the use of space. Protecting satellites in low, medium, or geostationary orbit is now a strategic asset for governments, the military, and commercial operators alike, to ensure continuity of service and guarantee a degree of resilience.

Space Oddities: What is ‘Secure-by-Design’ and Why Does it Matter for Satellites? from Mikols Tomka and Isabela Leandersson, Pasimoni and Tarides

In response to the cybersecurity agencies’ advice, some people may argue that the risks are mitigated in the context of Space IoT and edge computing because satellites are more difficult to attack. Unfortunately, this could not be further from the truth. Not only are satellites vulnerable to attack, but the infrastructure they provide is critical to many fundamental systems across the globe. Much of that critical infrastructure is, as of today, relatively unprotected!

To know more

  • Read whole article HERE!
  • Check a preview here


“Introduction to Cybersecurity in Space Systems” with Tim Fowler is coming up during the march summit, The Most Offensive Con that Ever Offensived – Bypass Edition!


Tim Fowler will provide a training course called “Introduction to Cybersecurity in Space Systems” at “The Most Offensive Con that Ever Offensived – Bypass Edition” event.

This event is organized by Antisyphon Training. This event will take place from 13 to 15 March, 2024.

  • Summit: March 13, 2024
  • Summit Training: March 14-15, 2024

About the course “Introduction to Cybersecurity in Space Systems”

Introduction to Cybersecurity in Space Systems is a course designed to expose cybersecurity professionals to the concepts and implementations of space systems including the ramification and impacts security can have on a mission.

In this course each element is broken down into its most basic components and we look at how proper security can be applied; what tradeoffs must be made and many of the operational constraints governing every design decision.

This course walks students through each of the segments that make up a space system, the subsystems that comprise a spacecraft, and ways that each need to be defended from attacks.

This course also includes multiple hands-on labs that will walk students through the process of implementing a custom ground station solution, a virtual satellite with simulated subsystems, and executing simulated attacks against both.

At the completion of this course, students will have a fundamental knowledge and understanding of space systems, how and where security can be implemented and have a set of tools, they can use to further their knowledge and experience.

If you wan to know what you will learn in thi scourse, check the Antisyphon Training website here.

About Tim Fowler

Tim Fowler is an offensive security analyst and penetration tester that joined the team at Black Hills Information Security in 2021.

Tim has obtained and maintains multiple industry certifications (OSCE, OSCP, OSWE, CRTO, CRTL, CISSP) and has leveraged his skills and knowledge both in consulting as well as working internally in multiple security roles within Fortune 100 financial institutions.

He frequently contributes to the infosec community by speaking con conferences, writing blogs, and participating in webcasts. He continues to hone his skills and abilities by having a research minded focus and not being afraid to fail in the process of learning.

Tim previously did a presentation at BSIDES St. Louis 2023 hacking education conference.

BSIDES St. Louis 2023 is a hacking education conference that took place on Oct 14, 2023 at St. Charles Community College in Missouri state (United States).

The presentation of Tim Fowler was called: A brief introduction to cybersecurity in Space; The Past, Present, & Future.

I was very proud to be featured by Tim Fowler in his presentation about my work about the Viasat attack analysis

About the summit, The Most Offensive Con that Ever Offensived – Bypass Edition!

Is it the best defense is a good offense or the best offense is a good defense? For all the defenders out there, wouldn’t it be nice to understand the mind of an offensive security professional? And for all the offensive security professionals, wouldn’t it be amazing to learn from others who think about all the best ways to bypass defenses.

Join the Antisyphon Training team for hours of stimulating offensive talks, panels, and hopefully rants about what we can do to keep this arms race from growing cold.

This is a free event, where you can connect with your fellow attendees through Discord and Zoom chat! Keep the comments and memes flowing as our speakers share their knowledge with the community.

Learn to throw and take a punch at The Most Offensive Summit that Ever Offensived… again.

Find below my certificate of completion

To know more

Aerospace cybersecurity manuals bundle : satellites, drones, airplanes, and signals intelligence systems


Angelina Tsuboi is a programmer, mechatronics developer and Engineer, a pilot, a Scientific Researcher and cybersecurity researcher. She is currently working for NASA. She is interested in educating others about the exciting field of aerospace cybersecurity in conjunction with developing her own programs and research in the field.

She is dedicated to advancing technology by developing inventions and conducting eclectic scientific research.

She is focused on applying computational and artificial intelligence to research fields such as electromagnetism, astrophysics, quantum mechanics, and biology.

To celebrate the holiday season, Angelina created comprehensive guides centered around aerospace cybersecurity, exploring concepts across satellites, drones, aircraft, and beyond — all at a special holiday discount.

Complete Aerospace Cybersecurity Bundle

This is a four extensive step-by-step manuals covering aerospace cybersecurity.

This bundle includes : Aerospace Cybersecurity: Satellite, Aerospace Cybersecurity: Drones, Aerospace Cybersecurity: Airplanes, Aerospace Cybersecurity: Signals Intelligence

Learn about aerospace cybersecurity, with this interactive step-by-step aerospace cybersecurity bundle. This bundle contains four manuals covering different subfields in aerospace security: satellites, drones, airplanes, and signals intelligence systems.

Topics Covered :

  1. Satellites: Learn about satellite communications systems and common vulnerabilities found within satellite firmware and programs.
  2. Drones: Uncover the vulnerabilities and intricacies of drone communication systems. Explore how malicious actors might exploit UAV and learn about defensive strategies.
  3. Airplanes: Navigate the cybersecurity challenges in aircraft systems. Gain insights into the unique complexities of aviation networks, from in-flight data transmission to ground-based communications.
  4. Signals Intelligence: Dive into modern electronic warfare with a focus on signals intelligence. Understand how SIGINT plays a role in deciphering, intercepting, and analyzing communications, offering a crucial advantage in safeguarding aerospace systems.

Aerospace Cybersecurity: Satellites

Learn more about aerospace cybersecurity, with this interactive step-by-step satellite security manual. This guide walks you through satellite communication basics to advanced satellite signal analysis and protocol exploitation via programs and immersive labs.

Topics Covered :

  1. Satellite Communication Basics: Build a strong foundation in satellite communication, exploring frequency bands, modulation techniques, and transmission protocols.
  2. Satellite Tracking and Identification: Master advanced methods like orbital parameter analysis, radio frequency monitoring, and optical tracking. Understand the critical role of accurate tracking for defense and attack scenarios.
  3. Satellite Vulnerabilities and Threats: Delve into the vulnerabilities satellites face, from weak encryption to physical attacks. Learn to defend against potential threats effectively.
  4. Satellite Signal Analysis: Acquire skills in decoding and interpreting satellite signals, including telemetry, tracking, and control signals. Understand hacker techniques and how to thwart them.
  5. Satellite Protocol Exploitation: Uncover security weaknesses in communication protocols like TCP/IP, DVB-S, and CCSDS. Gain practical experience in exploiting and mitigating these vulnerabilities.

Aerospace Cybersecurity: Drones

Learn more about aerospace cybersecurity, with this interactive step-by-step drone security manual. This guide walks you through UAV communication basics to advanced digital forensics and RF communication exploitation via programs and immersive labs.

Topics Covered :

  1. Drone Systems and Threat Modeling: Decode the fundamental components, architecture, and threat modeling techniques, providing insights into potential vulnerabilities.
  2. Drone Identification and Tracking: Master the art of recognizing drone identifiers and implementing tracking methods, including RF triangulation, GPS tracking, and radar systems.
  3. Ground Control System: Uncover the pivotal role of ground control systems, identifying vulnerabilities and fortifying security measures.
  4. Drone Digital Forensics: Navigate the realm of digital forensics tailored to drone incidents. Acquire skills to investigate, analyze digital evidence, and reconstruct events.
  5. Radio Communications and Protocols: Gain proficiency in wireless communication protocols such as Wi-Fi, radio control, and cellular networks. Learn to intercept and analyze drone communications.
  6. Countermeasures and Defense: Arm yourself with knowledge to safeguard drones against potential threats. Explore encryption, authentication, RF signal jamming, and other defense techniques.

Aerospace Cybersecurity: Signals Intelligence

Learn more about aerospace cybersecurity, with this interactive step-by-step signals intelligence for aerospace security manual. This guide walks you through aerospace signals communication basics to advanced modulation techniques via programs and immersive labs.

Topics Covered :

  1. Conceptual Understanding of Satellite, Drone, and Aircraft Communication Systems: Gain a deep insight into the communication frameworks of satellites, drones, and aircraft, laying a robust conceptual foundation for further exploration.
  2. Decoding Aerospace Transmissions: Acquire practical skills in decoding complex transmissions, unraveling the intricacies of communication protocols employed in aerospace systems.
  3. Relevant RF Analysis Tools for Enhanced Cybersecurity: Familiarize yourself with essential tools such as GNU Radio, SatDump, and Fissure, honing your ability to perform precise and effective RF analysis.
  4. Packet Decoding and Reverse Engineering: Master the art of packet decoding and reverse engineering, crucial skills for understanding and manipulating data within aerospace communications.
  5. Emerging Prevalence of SIGINT in Modern Electronic Warfare: Explore the evolving landscape of signals intelligence in the context of modern electronic warfare, understanding its growing significance.
  6. Defensive Strategies to Safeguard Aerospace Systems: Equip yourself with defensive strategies to fortify aerospace systems against common RF attacks, ensuring the resilience of critical communication infrastructure.

Aerospace Cybersecurity: Airplanes

Learn more about aerospace cybersecurity, with this interactive step-by-step airplane security manual. This guide walks you through airplane telemetry and subsystem basics to radar interpretation and in-flight entertainment system firmware analysis via programs and immersive labs.

Topics Covered :

  1. Aircraft Attack Surfaces and Threat Modeling : Uncover vulnerabilities in aviation systems and build threat models to proactively identify potential risks.
  2. Internet of Wings (IoW): Navigate the connectivity landscape of aviation and learn to secure the Internet of Things (IoT) soaring through the skies.
  3. Threat Modeling and Mitigation : Delve into aviation-specific threat modeling techniques and mitigation strategies to fortify aerospace systems.
  4. Secure Communication with Ground Control : Master the art of ensuring secure and reliable communication between aircraft and ground control.
  5. Securing Passenger Wi-Fi and Inflight Entertainment Systems : Explore the challenges of securing passenger amenities while ensuring a safe and enjoyable flying experience.
  6. ADS-B and Radar Systems : Gain insight into vulnerabilities associated with Automatic Dependent Surveillance–Broadcast (ADS-B) and radar systems.
  7. Regulatory Framework and Compliance : Navigate the complex landscape of aviation regulations, including FAA and ICAO standards, to ensure compliance.
  8. Data Encryption and Protection : Master the intricacies of encrypting and protecting sensitive aviation data against cyber threats.
  9. Incident Response and Recovery Planning : Develop comprehensive incident response and recovery plans tailored to aviation cybersecurity incidents.

More Information

All these guides and manuals are created by and written by Angelina Tsuboi for the Stellaryx Labs team.

Stellaryx Labs provides high quality training, consulting, education, and development services at the nexus of software, security, and aerospace

You can either purchase each individually or get all of them as a bundle at a special discount !

« Aerospace Cybersecurity: Satellite Hacking » course review


I just successfully completed the comprehensive course on « Aerospace Cybersecurity: Satellite Hacking » and passed successfully the final exam with a result of 90%.

This course is led by Angelina Tsuboi in collaboration with PenTest Magazine. This course was for me an incredible journey that I started in September 2023.

In this course, I developed my skills in: Satellite reconnaissance, Communication Analysis and Eavesdropping, Reverse Engineering and Decoding Communication, Vulnerabilities and Attacks.

The final exam was very challenging. There was purely cybersecurity questions that were easy for me to answer. But there was also questions of a more general nature that ware very challenging.

In this course, I covered the following topics: Orbital Mechanics, Satellite Reconnaissance, Decoding Satellite Communication, Satellite On-Board Systems, Listening to Satellites via Radio Frequencies, Vulnerability Analysis of Satellites, Common Attacks employed against satellites, Detection of satellite hacking.

I got skills about: OSINT for satellite systems and Operations, Satellite Tracking, Satellite Eavesdropping and Packet Decoding, Satellite Signals Intelligence, Satellite Attack Understanding, Satellite File and Data Forensics, Attack Mitigation and Threat Modeling.

At the end of the course, we explored the Future of Satellite Cybersecurity like SpaceOS, 5G satellite, Quantum Cryptography, Quantum Encryption.

In conclusion, this Satellite Cybersecurity course will provide a comprehensive understanding of satellite hacking techniques, along with the tools and strategies required to defend against them using digital forensics and attack vector detection.

I highly recommend this course to anyone interested in exploring the fascinating realm of satellite cybersecurity. It offers a comprehensive learning experience that equips you with the tools and knowledge necessary to navigate and safeguard satellite systems effectively.

A special thank’s to the amazing instructor Angelina Tsuboi and the entire course team with Bartłomiej Adach for their dedication and expertise in curating such an enriching educational experience.

To know more about this course : here

ethicallyHackingspace (eHs)® h4ck32n4u75™ (Hackernauts) Community Member


I’m very proud to have been choosen as ethicallyHackingspace(eHs)® h4ck32n4u75™ (Hackernauts) Community Member. Thank’s to William Ferguson for this distinction.

The “h4ck32n4u75™” badge, pronounced “hackernauts,” symbolizes a dedication to evaluating, safeguarding, and pioneering avant-garde solutions for conventional and emerging hashtag#space platforms.

As a proud member of the ethicallyHackingspace(eHs)® Community, this badge underscores a commitment to ethical hacking practices and innovation in space technology.

I’m very proud to officially joined the innovative ethicallyHackingspace(eHs)® community and to become one of the enthusiastic community h4ck32n4u75™ (Hackernauts).

Credential Verification : https://app.certifyme.online/verify/e733db9410690

My cybersecurity review for 2023


What an incredible end to 2023. I’ve had some wonderful experiences. I’ve successfully met many challenges in cybersecurity.

  • I did an analysis of the Viasat cyber attack with the MITRE ATT&CK® framework (more here) and I wrote a post mortem investigation. More here
  • My work about the analysis of the Viasat Cyber Attack has been quoted and highlighted by Tim Fowler in his presentation at BSIDES St. Louis 2023 hacking education conference (more here).

  • I was interviewed by The Interstellar Integrity (i2) magazine released by ethicallyHackingspace(eHs)® about my passion for space and cybersecurity. Thank’s to William Ferguson. More here

I’d like to thank everyone who follows me and supports me. I hope all the information I share with you is interesting and helps you keep up to date and learn more.

Stay tuned because 2024 promises to be just as incredible. See you next year. Until then, take care.

23 Tips to Pass CCSK (Certificate of Cloud Security Knowledge) from CSA at the first attempt


At the beginning of April 2020, I successfully passed the CCSK certification (Certificate of Cloud Security Knowledge). Now, I give you some tips and tricks below so that you can also pass the exam on the first try.

What is CCSK certification ?

The CCSK is a “vendor neutral” certification on Cloud security. It is considered to be the “state of the art” in Cloud security. It was created in 2010 by the CSA (Cloud Security Alliance) an organization that pilots the STAR (Security, Trust & Assurance Registry) program whose objective is to provide and maintain a high standard to enable independent auditing bodies to deliver certification levels to the different Clouds on the market.

The CSA regularly publishes reference documents to promote best practices in Cloud security. The CSA also leads and organizes several working groups and research projects in which member companies can participate to advance the field of Cloud security.

How do I register for the CCSK exam ?

The CCSK is a distance exam (not in an exam centre), online on the web and “open book” (study material available). Unlike most other certifications, the CCSK, in its past version (currently v4), is valid for life. It is not necessary to prove any experience to take the exam. There is also no annual payment or CPE (Continuous Professional Education) to maintain certification.

The cost of the exam is $395 USD and allows for two attempts. If you pass the first attempt, you will be able to use the second attempt when a new version of the CCSK is released. An exam token is valid for two years from the date of purchase.

To register for the exam, go to https://ccsk.cloudsecurityalliance.org/en

What is the content of the CCSK ?

The current CCSK v4 version exists since December 1, 2017. It underwent an important update compared to the previous version v3 including the latest technologies of the Cloud (micro-service, serverless, container, SDN, Big Data, IOT, etc …).

The exam is composed of 60 questions to be completed in 90 minutes. Questions are of type A/B/C/D/E or True/False. Once the exam is launched, it is not possible to pause it. The minimum score to pass the exam and obtain certification is 80%. The pass rate for the exam is 62%.

You get your result immediately at the end of the exam with your overall score and by domain to identify your areas for improvement. If you pass the exam, you can even download your certificate. However, answers to questions are not provided in order to preserve the integrity of the exam. There is an exam preparation kit and FAQs available for download from the CSA website : https://ccsk.cloudsecurityalliance.org/en/faq

What is the CCSK study material?

The CCSK exam tests the candidate on the content of 3 documents that can be downloaded free of charge from the CSA website : https://cloudsecurityalliance.org/education/ccsk/#_prepare

Together, these 3 documents represent the CBK (Common Body of Knowledge) of the CCSK exam. They are:

  1. CSA Security Guidance for Critical Areas of Focus in Cloud Computing v4
  2. CSA Cloud Controls Matrix (CCM)
  3. ENISA (European Network and Information Security Agency) Whitepaper Cloud Computing: Benefits, Risks and Recommendations for Information Security

The 14 areas of the CSA Security Guidance are as follows:

Domaine 01 : Cloud Computing Concepts and Architectures
Domaine 02 : Governance and Enterprise Risk Management
Domaine 03 : Legal Issues, Contracts and Electronic Discovery
Domaine 04 : Compliance and Audit Management
Domaine 05 : Information Governance
Domaine 06 : Management Plane and Business Continuity
Domaine 07 : Infrastructure Security
Domaine 08 : Virtualization and Containers
Domaine 09 : Incident Response
Domaine 10 : Application Security
Domaine 11 : Data Security and Encryption
Domaine 12 : Identity, Entitlement, and Access Management
Domaine 13 : Security as a Service
Domaine 14 : Related Technologies

The important concepts of the ENISA document are as follows:

- Information Security
- Isolation failure
- Economic Denial of Service
- Licensing Risks
- VM hopping
- Five key legal issues common across all scenarios
- Top security risks in ENISA research
- Underlying vulnerability in Loss of Governance
- User provisioning vulnerability
- Risk concerns of a cloud provider being acquired
- Security benefits of cloud
- Risks R.1 – R.35 and underlying vulnerabilities
- Data controller versus data processor definitions
- In IaaS, who is responsible for guest systems monitoring

The important elements of the CSA CCM (Cloud Controls Matrix) to be aware of are the following:

- CCM Domains
- CCM Controls
- Architectural Relevance
- Delivery Model Applicability
- Scope Applicability
- Mapped Standards and Frameworks

By far the most important document is the CSA Security Guidance. It alone accounts for 87% of the questions in the exam. The CSA CCM represents 7% and the ENISA report 6%.

The exact distribution of the number of questions per domain is as follows:

My preparation for the CCSK

My study material

In addition to the official study material, I also used two other documents that helped me a lot:

  • « CSA Guidance Summary in 6O minutes » : This is a very good 25-page summary of the CSA Security Guidance v4. I printed it for review and had it in PDF during the exam.

  • « CCSK All-in-One Exam Guide » from Graham Thompson : It is an excellent review guide that I highly recommend and which Peter van Eijk with whom I had the honour of discussing. Peter is also an official trainer for the CSA CCSK and I believe he is involved in the drafting committee for the questions. The book reviews with very good explanations the 14 areas of the CBK but also the ENISA and CCM document. At the end of each chapter, there is a “Chapter Review” which includes the essentials for the review. The book also includes 150 test questions which are very similar to those of the exam in terms of wording and difficulty. And finally, at the end of the book, there is a code to access an online simulator on the TotalSem site which contains 200 additional questions. (link to the book on Amazon)

  • I’d also like to mention Verisafe’s CCSK e-learning course with Boris Motylewski. I’ve had very good feedback on Boris’s training courses, and he’s very committed to helping you pass your certifications (CISSP, CCSK and soon CCSP). Two videos explain what CCSK is, the benefits of CCSK and how to become CCSK in 30 days. The example slides demonstrate the quality of the course material. They helped me understand the 35 risks identified by ENISA, the 11 major risks, the 23 assets potentially impacted (including those most at risk) and the top 7 vulnerabilities.

My study Plan

My passage of the CCSK certification was done under rather special conditions. Indeed, initially, I had to pass the CCSP (Certified Cloud Security Professional) certification. I had been revising the material for two and a half months when I learned that my exam in early April was postponed due to the Covid-19 pandemic that was circulating in France. In order to make the most of my study and the acquired knowledge, I decided around mid-March to try the CCSK exam which is done online and at home. The lock down period was convenient for the revisions: 1 hour in the morning before starting to telework (replacing travel time), 1 hour during the lunch break and 2 to 3 hours in the late afternoon, after the telework day and in the evening.

In two and a half weeks, I managed to read all the official study material plus additional study material. I tried more than 700 test questions (those in the book but also others on Udemy or found on the internet). I made about 100 Flashcards. I have viewed some videos on Youtube. I mostly took a lot of personal notes. As far as I’m concerned, it’s essential because it allows me to make last minute revisions but it also allows me to better remember everything I learn.

23 Tips to Pass CCSK at the First attempt

Link to the sheet (PDF).

  • #01 : Read all the material
  • #02 : Watch some training videos and read (e)books to better understand concepts
  • #03 : Read the « CSA Guidance Summary in 60 mn »
  • #04 : Write your personal notes (it’s better to memorize)
  • #05 : Understand well how cloud impact processes
  • #06 : Understand benefits but also concerns of the cloud for each domain
  • #07 : Practice test questions to test your understanding and to train to use the material
  • #08 : Create a study plan and follow it
  • #09 : Read the question twice, read the answers and read again the question
  • #10 : Be careful about specific technology answers: They are oftenthe wrong answer
  • #11 : Identify answers that are not cloud specific : They are often the wrong answer
  • #12 : Eliminate answers that are not related to the question
  • #13 : Always answer from a business perspective (Business drives Security)
  • #14 : Be careful with negative questions with NOT
  • #15 : Be careful with questions with words like “the MOST”, “the LEAST”, “IS”, “ARE”
  • #16 : If you don’t know the right answer, try to eliminate the bad anwers
  • #17 : Identify key words in the question to search within the material
  • #18 : Use and practice « Advanced Search » function in your PDF reader to search key phrases throughout all the material
  • #19 : Know the structure of the material to find quickly the relavant domain to each question
  • #20 : It’s more comfortable to use two screens during the exam
  • #21 : Use Google Translate (or other) to translate difficult words in your native language
  • #22 : Test and rehearse your method and logistics for the exam
  • #23 : If you failed, don’t use your 2nd attempt in the same day or same week

What is the difference between CCSK and CCSP certifications

CCSP is the “Certified Cloud Security Professional”. It is a certification that was created in 2015 jointly by CSA, the organization that created CCSK and (ISC)², the organization that created the very famous and sought-after CISSP certification.

CCSP certification covers the following 6 areas:

- Domain 1 : Cloud Concepts, Architecture and Design
- Domain 2 : Cloud Data Security
- Domain 3 : Cloud Platform and Infrastructure Security
- Domain 4 : Cloud Application Security
- Domain 5 : Cloud Security Operations  
- Domain 6 : Legal, Risk and Compliance

If we were to do a mathematical operation, it would be this:

CCSP = CCSK + Expanded Governance Items + Traditional Security + Privacy – DevOps

Find below the articles to read to understand the difference between the 2 certifications:


Good luck and good studies to all. Keep in mind the following quote:

“In a journey it’s not the destination that counts but always the road travelled”

It is not the certification itself that is important but the knowledge you will acquire that will make you more competent. Certification is the icing on the cake or proof of the pudding.

Top des comptes #Cyber à suivre sur Linkedin


Souvent on pense à Twitter pour réaliser sa veille sécu. Mais Linkedin reste une excellente source d’information dans le domaine du cyber. Je vous présente ci-dessous une liste de comptes Linkedin à suivre que j’ai sélectionnée pour la qualité de leurs posts et la pertinence des informations qu’ils diffusent. N’hésitez pas à me signaler en commentaires si vous en connaissez d’autres et qui pourraient compléter cette liste. Je vous invite à la diffuser très largement pour les faire connaitre et participer à votre niveau à la diffusion de l’information et de la culture cyber.

Martial Gervaise

Martial Gervaise est le directeur Cyber Sécurité Adjoint du groupe Orange. C’est un passionné des technologies digitales et de leurs usages. Il publie régulièrement sur Linkedin des informations très pertinentes sur le thème de la cybersécurité et ses posts sont souvent très commentés et republiés.

Matthieu Garin

Matthieu Garin est Senior Manager et responsable du développement commercial de la ligne de services cybersécurité chez Wavestone. Il conseille depuis plus de 10 ans les CISO sur leurs enjeux de cybersécurité principalement dans le secteur financier. Il a construit l’équipe CERT-W (ex CERT-Solucom) en charge de la réponse aux incidents de sécurité. Il se concentre actuellement sur l’impact des récentes innovations sur la sécurité (machine learning, IA, Blockchain, …) dans un objectif de construire de nouveaux modèles de sécurité. Ses publications sont toujours à la pointe de l’actualité et même souvent premier sur l’information. Matthieu va à l’essentiel avec un résumé pertinent et toujours bien mis en valeur visuellement pour être agréable à lire.

Damien Bancal

Damien Bancal est un expert en cybersécurité et journaliste spécialisé. Il travaille sur les sujets high-tech, cybercriminalité, cybersécurité depuis les années 90. Il est le fondateur du blog Zataz.com et du protocole d’alerte Zataz qui œuvre depuis des années dans le domaine de la cybersécurité. Il anime également une chronique « cybersécurité » lancée depuis septembre 2019 sur WEO TV, la télévision des Hauts-de-France. Il partage régulièrement des articles de son blog Zataz.com liés à l’actualité cyber dont les thèmes font souvent référence au RGPD, Data Breach, Ransomware, …

Gérôme Billois

Gérôme Billois est associé cybersécurité chez Wavestone. Il est en charge du business et du développement international de l’offre globale de cybersécurité du cabinet. Il est membre du conseil d’administration du CLUSIF et du comité ISO chargé de la normalisation de la sécurité de l’information. Il est co-fondateur du Club27001 dédiée à la promotion de la norme ISO 27001. Il intervient régulièrement dans les médias pour parler de cybersécurité.

Brian Krebs

Brian Krebs est un professionnel de la sécurité. Il est l’auteur du site KrebsOnSecurity.com sur lequel il écrit quotidiennement des articles sur la sécurité de l’information et la cybercriminalité. Son principale objectif en tant que professionnel est de rendre les questions de sécurité informatique compréhensibles, intéressantes et opportunes auprès de ses lecteurs.

The Cyber Security Hub

The Cyber Security Hub est un compte d’entreprise Linkedin anglais. Leurs publications sont très fréquentes (plusieurs fois par jour) et sont souvent accès sur des infographies, des guides, des ebook, …. D’après leur propos, ils visent à inciter les échanges et les discussions ainsi qu’à multiplier les conversations sur la cybersécurité afin d’améliorer la culture cyber. Ils visent à augmenter les compétences en sécurité et à élargir le bassin de compétences et de talents.

Cyber Security NewsGBHackers On Cyber Security et Ethical Hackers Academy

Les 3 comptes Cyber Security News, GBHackers On Cyber Security et Ethical Hackers Academy semblent être des comptes liés car on y retrouve à très peu de différence près les mêmes informations. GBHackers on Security se définit comme une plateforme en ligne sur la cybersécurité. Elle publie des tuto, des enquêtes, fait des recherches et des tests sur les applications. Cyber Security News se définit comme un canal indépendant de news cyber. Elle publie les dernières nouvelles sur les hackers, la cybercriminalité, les incidents de sécurité, les violations de sécurité, les vulnérabilités, les logiciels malveillants, …

ANSSI (Agence nationale de la sécurité des systèmes d’information)

On ne présente plus l’ANSSI, l’Agence Nationale de la Sécurité des Systèmes d’Information. C’est l’autorité nationale chargée d’assurer la sécurité des systèmes d’information de l’État et de contribuer à celle des opérateurs nationaux d’importance vitale (OIV). L’ANSSI apporte également ses conseils, son expertise et son assistance technique pour prévenir la menace et traiter les incidents portant atteinte à la sécurité du numérique. Son objectif est de promouvoir la confiance numérique ainsi que le développement de la filière de cybersécurité. Elle publie régulièrement des informations sur la prévention de la menace des études sur des modes d’attaques, des informations sur des mesures de protection. Ses guides sont largement diffusés auprès des différents publics sur la nécessaire protection des environnements numériques par la promotion de bonnes pratiques de cybersécurité et la diffusion de recommandations techniques et méthodologiques tout en participant au développement de la formation à la sécurité des systèmes d’information.

The Hacker News

The Hacker News est la page linkedin du site thehackernews.com. Connu aussi sous le trigramme THN, The Hacker News se définit comme une plateforme d’information sur la cybersécurité réputée auprès des professionnels de la sécurité mais aussi des chercheurs, des hackers, des technologues et d’une façon générale des passionnés. Leurs posts présentent les dernières nouvelles en matière de cybersécurité et une couverture approfondie des tendances actuelles et futures en matière d’infosec.

Mais aussi

Philippe VynckierHervé SchauerLionel GUILLETDominique BourraBenjamin DelpyGérard PELIKSFrederic GOUTHVincent CHAPELET, …

Et les autres

J’aurais aimé suivre sur Linkedin les comptes ci-dessous mais ceux-ci n’y sont pas activement présents. Il reste Twitter pour les suivre : Korbenx0rzSwitHackBruce Schneier, …

Last Posts

Hacktivism Goes Orbital: Investigating NB65’s Breach of ROSCOSMOS

In March of 2022, Network battalion 65 (NB65), a hacktivist affiliate of Anonymous, publicly asserted its successful breach of ROSCOSMOS’s satellite imaging capabilities in...

Successfully passed the “Certificate of Competence in Zero Trust” (CCZT), the first Zero Trust...

I february 2024, I successfully passed the Certificate of Competence in Zero Trust (CCZT) from the Cloud Security Alliance (CSA). This certificate is a logical...

“Space Cybersecurity” magazine special edition from PenTest and Hakin9

PenTest and Hakin9 are very proud to present with a special edition, created in a collaborative process between experts in the field of space...

“Introduction to Cybersecurity in Space Systems” with Tim Fowler is coming up during the...

Tim Fowler will provide a training course called "Introduction to Cybersecurity in Space Systems" at "The Most Offensive Con that Ever Offensived – Bypass...

Aerospace cybersecurity manuals bundle : satellites, drones, airplanes, and signals intelligence systems

Angelina Tsuboi is a programmer, mechatronics developer and Engineer, a pilot, a Scientific Researcher and cybersecurity researcher. She is currently working for NASA. She...

Popular posts

Description of the Elements of a Satellite Command and Control System

In order to be able to analyse the various threats and identify the risks facing a space system, it is necessary to describe precisely...

Cartographie des acteurs étatiques du cyber en France

Avec l'aimable autorisation de Martial Le Guédard, nous reproduisons ci-dessous sa cartographie au sujet des différents acteurs étatiques évoluant dans le domaine du Cyber...

Install KYPO Cyber Range Platform on Openstack and Ubuntu in AWS cloud

KYPO is a Cyber Range Platform (KYPO CRP) developed by Masaryk University since 2013. KYPO CRP is entirely based on state-of-the-art approaches such as...

Qu’est-ce que le grand Commandement De l’Espace (CDE) créé par la France pour la...

Le Commandement De l’Espace (CDE) a été créé par arrêté le 3 septembre 2019. Il succède au Commandement interarmées de l’espace (CIE). Il rassemble...

What are the threats to space systems?

In this article, we will try to identify the various threats to space systems. This article is a synthesis of the CSIS (Center for Strategic...