Shall we play a game? Like many tech professionals, many computer enthusiasts have been lured into the IT field through games. From wanting to know how sprites move, they evolved to wanting to know how computers work until they end up in the rabbit hole of cybersecurity. One such person is Valentin Lobstein, a.k.a Chocapikk, formerly known as Balgogan. Valentin began his career as a Junior Pentester back in 2022.
He went from playing around with hacking games on Android to becoming a true pro in digital security, all while managing to keep a level head. Like many cybersecurity professionals, he’s made it his mission to share his insights about cybersecurity, break down the barriers to entry, and offer some really handy tips for those ready to dive into this field.
Hi Valentin, In Order to Get Started, Kindly introduce yourself.
Hi, I'm Valentin Lobstein a.k.a Chocapikk and formerly Balgogan. I'm a cybersecurity work-study student and Junior Pentester since 2022 in France. If you're reading this article today, it's because I want to give you a few tips and answer some questions I get asked a lot in private messages because people don't know how to get started.
How did you get started in cybersecurity? When did you first become interested in hacking?
I got into cybersecurity quite by chance, when I was in high school I was with a close friend (Lucas if you read this :D) at boarding school in the same room, then I saw him doing "weird things" on an OS I didn't know at all, so I asked him what it was, he explained that it was Kali Linux, a powerful computer security OS, then he showed me some tools, told me about the different programming languages, etc.... Before seeing all this, around the age of 12, I was already doing a bit of Android hacking on games thanks to Lucky Patcher, Game Guardian, etc...
But the period of lockdown in 2020 really allowed me to get serious about cybersecurity from home, as times were tough then.
What is it you like about hacking/security compared to other areas of IT?
What interests me about hacking/security compared to other areas of IT is the constant evolution of hacking techniques thanks to technological developments and the growing number of companies using IT infrastructures. Today, cybersecurity is a major issue and a very important area for our society. Learning how to hack helps us understand how attackers work and helps us protect ourselves against attacks on the Internet.
What skills do you think are important to be successful in cybersecurity?
In my opinion, the most important skills for success in cybersecurity are to be curious. In cybersecurity, it's important to monitor vulnerabilities on a fairly regular basis, so we have to constantly learn new things before attackers can use these vulnerabilities maliciously.
Passion and perseverance are extremely important, because cybersecurity is a very vast field, so you need to produce a lot of work to master the different subjects, which can be very difficult if you don't take the time to invest in it.
How do you think the industry can encourage more people to pursue cybersecurity?
I think the best way for the industry to encourage more people to go into cybersecurity is to raise awareness of the field. I have a lot of people around me who don't really know the field, who think that being in cybersecurity means being a hacker, but that's not the case at all, there's work for everyone, whether you're a merchant selling antivirus solutions, or a geek doing vulnerability research, or a Blue Teamer working to detect and counter malicious behavior on a network.
A second point that the industry doesn't understand is that there are absolutely talented people looking for work in the field, but because of a lack of certification, HR doesn't look at their profile. I think the recruitment system needs to be overhauled, because it's not adapted to this field.
A third point that's already been made is to raise awareness among younger people of the dangers of the Internet and potentially of social networks. And also the organization of CTF (Capture The Flag), the aim of which is to initiate people to find vulnerabilities in the form of a challenge, which will enable people to discover cybersecurity in the form of a game and why not push these people to become tomorrow's experts.
What types of resources have you found most useful for learning security? (Videos, courses, blogs, qualifications)
When I started out, I started practicing a lot on CTF platforms such as vulnhub.com, root-me.org, tryhackme.org, hackthebox.com. All these platforms can enable you to make big progress in many fields such as forensic, pwn, reverse engineering, web, programming, cryptography and many others.
Hackers often use cheat sheets, and here are some of the ones I use:
- https://book.hacktricks.xyz/ - This site is a real gold mine that really collects a lot of methodologies in the areas I mentioned before.
- https://gtfobins.github.io/ - Is a nice little list for performing privilege elevations on Linux systems.
- https://github.com/swisskyrepo/PayloadsAllTheThings - is a list of payloads for many vulnerabilities.
- https://gchq.github.io/CyberChef/ - is a very useful webapp to encode and decode data.
- https://www.aperisolve.com/ - A great French tool to automate some steganography detection on many files.
Here's a suggestion:
To learn hacking, never learn alone. Well, you can, but it'll be more complicated. The best thing is to always work in a community that has about the same level as you, that way you'll progress, that's why I'd like to dedicate my team Balgo Security (and RiseGuard / XA21) with whom everything started, we're a dozen members of French-speaking geeks that we founded in 2020 and 2023.
When I started in 2020, I wasn't in the field at all, and I didn't think I'd be able to get any good at it. So if you're still hesitating to get started, frankly, don't. You might be surprised at yourself after 6 months of serious work.
You can find my blog at https://chocapikk.com where I regularly write about vulnerabilities, and some quite original CTF writeups.
Valentin, aka Chocapikk aka Balgogan is a good example where gaming is actually a good thing. From being a virtual hero to an actual one, both while online. And to succeed, one must have inherent passion, curiosity and perseverance, characteristics that can be seen in gamers, especially those that play today’s complex games. Those qualities properly directed, produce individuals like Valentin. He’s also the type who likes to share knowledge personally, or through his blog (chocapikk.com) and encourages anyone who will listen to join the ranks. That’s just how passionate he is.