From college dropout to Senior Red Team Operator: Olivier Laflamme’s story

Olivier Laflamme (or "Boschko”) is a 24-year-old French Canadian from Quebec who, at one point, dropped out of college after struggling with a sense of direction.

Fortunately, discovering the world of CTFs triggered an obsession with offensive security that transformed his career trajectory. 

Olivier is now a Senior Security Specialist at the Royal Bank of Canada, where he performs red team exercises. This includes hypothesis-led testing, zero-day research, and developing private specialized toolkits (Implants/Loaders/Agents/Harnesses/C2 Dev). 

Fun facts about Olivier Favorite movie: The Lord of The Rings.  Favorite game: The Legend of Zelda (the Minish Cap is my favorite). Favorite tech: Shambles and Incinerator by LianSecurity. Hobbies: Bouldering, running, weightlifting, and wakeboarding.  Education: College Diploma in networking. Certifications: CISSP, BSCP, CRTL, OSCP, CRTO, eWPTX, eCCPT, and eJPT.  💡Note: Olivier has completed all of the Hack The Box (HTB) ProLabs: APTLabs, Cybernetics, Rastalabs, Offshore, Dante, and Zephyr. He also achieved the highest HTB rank (Omniscient), becoming the #2 HTB player in Canada and #4 on the global leaderboard. Kudos Olivier! 👏

Email newsletter form:

 

You went from dropping out of college to becoming a pentester. How did that happen? 

It's a long story. When I was 16 I had no sense of purpose or direction, and no particular interests I excelled at. I didn't know what I wanted to do with my life and I was quite unhappy academically.

I was enrolled in a “pure-and-applied” CEGEP program (pre-university studies in the province of Quebec) and ended up dropping out after my first year.

Not long after dropping out, I stumbled on PicoCTF by Carnegie Mellon and over the span of two months solved every challenge. I was hooked. During that time I met some great people and shortly after got hooked on RingZer0 CTF and Hack The Box. 

I dedicated thousands of hours to solving Boxes, Challenges, and Pro Labs. Those hours were undeniably well spent, in my opinion.

I was hyper-focused on CTFs for around two years. Over time, I found that failing and getting stuck was extremely motivating. Especially when the weight of success and finding solutions relied solely on my problem-solving abilities. 

Through CTFs, I met a lot of local people in my area and landed my first consulting job after two and a half years. I have to admit that securing the job felt like an accomplishment based on luck at the time.

However, I’ve come to realize that the harder you work, the luckier you get. 

What have you gained from playing CTFs?

The impact CTFs have isn't immediately apparent. What matters is that they allow you to flex and exercise your problem-solving muscles. I think CTFs build confidence and instill a sense of calm and “cool-headedness” when faced with new and unfamiliar problems.

As cheesy as this might sound, CTFs have taught me that it doesn't matter how fancy someone's education is or how much experience they have. They have a brain, I have a brain, and we’re both humans. 

If they were able to solve, create, or break something, then I have no excuse not to be able to do the same. It might take me 10 times longer. But I know that if I persevere, stay calm, ask questions, and work through a problem, I’ll succeed. 

You won't be able to solve every CTF challenge in any category within the first few hours. These days, I only focus on categories I am horrible at which means I don't submit many flags. 

I got Omniscient on Hack The Box (100% ownership of active Boxes and Challenges) after about a year and a half. And I had to solve categories that I was completely unfamiliar with. 

This resulted in a ton of beautiful connections and excellent interactions with community members.

The number of individuals available to rubber-duck with on the HTB Discord is fantastic. All of this to say, I appreciate high scores, and honestly believe that challenges and categories you’re not familiar with are there for you to learn, not scare you away. 

Congrats on reaching the Omniscient rank. Having peaked as the #2 HTB player in Canada (& #4 Globally!), what’s your secret?

Thank you! Honestly, if it wasn't for the friends I made through Hack The Box and a French team known as HideAndSec, I wouldn't have had the motivation and encouragement to finish and climb as far as I did. 

All the Pwn Dream Diary and Poly challenges almost made me quit on my way to Omniscient. If I remember correctly I achieved rank #4 on the global leaderboards when a new Fortress or Endgame was released. 

I'd give everyone who helped me along the way a shoutout if I didn't fear leaving someone out. I have tremendous love for my friends; they know who they are.

Why did you specialize in adversary emulation over pentesting? 

I love the growth and challenge. 

I'm fortunate enough to work in an organization that spends close to a billion dollars in cybersecurity a year. I get to absorb so much and do some insanely cool and sophisticated operations in one of the most modern and sophisticated networks. 

For the first two years, I didn't perform any adversarial emulation (AE). It was just your typical internals, externals, or web apps. AE operations are what I’d call red teaming. I do internal red teaming, which is very different from consulting red team exercises. 

Long story short: you’re behaving like an APT, but with much more sophistication. 

I'm not a fan of how the phrase red teaming is being thrown around these days. I could talk about this all day. But I like to explain the difference between penetration testing and red teaming by explaining the difference between Rambo vs. James Bond.

I see penetration testing as sending out Rambo. You go in guns blazing, you likely have Active Directory (AD) credentials and some type of seeded access provided by the client. Minutes after you land on the network, you’re already running Aquatone, BloodHound, Responder, CME, GetUserSPNS, etc. You typically don't care how loud you are, and the client knows you’re there. 

Red Teaming is like hiring James Bond. The objectives and targets are much more critical to the business function. There are a lot of unknowns and a whole team of individuals working together. 

Some team members are building out custom in-house tradecraft, infrastructure, zero-day research, etc. It's not a one-person show. You don't have ceded access, the blue team/client shouldn't know you’re there, and you have to think out of the box in sophisticated environments to land a beacon within the first few weeks. 

Your payloads are cutting edge and have already been tested in EDR environments on with cloud and local sensor ML tuned to extra aggressive mode. It's a different game. There's much more time, sophistication, and effort that goes into this kind of service. 

However, their value to organizations that need it is unmatched.

Before you say you're doing full-fledged red teaming maybe take a second to think if you’re Rambo or James Bond? 

In my opinion, very few organizations actually benefit or have the maturity to get good value from a real adversarial emulation that is performing at what I’d consider a higher level of sophistication than most known APTs.  

What HTB content would you recommend for somebody who wants to get into red teaming? 

I don't think there is any single platform that can truly get anyone prepared for running red team operations in modern and sophisticated environments. However, all the necessary fundamentals are there for you to build from. 

With regards to HTB content, I absolutely loved APTLabs; it was, from start to finish, an amazing challenge, and I walked away from it learning a lot! If someone is starting off in offensive security, I would genuinely recommend the Zypher Lab. 

It's a seriously solid Active Directory lab, and I was very impressed with it. There are no unrealistic super CTF-like exploit paths and attacks performed to obtain the flags. These are all attacks and vectors I would honestly see and perform during an internal pentest. 

It's realistic, which is where I think the bulk of the value is from. I'd recommend anyone with 2-4 internal active directory penetration tests under their belts to give it a try.

How do you stay aware of the latest vulnerabilities and keep your skills sharp? 

You need to have the appetite to perpetually learn. 

Honestly, Twitter is great. It’s where I consume a lot of my infosec news and updates. I also enjoy my GitHub "Following" page, where the people I’ve followed stumble on nice and interesting projects. I try and look at both daily.

Anyone who knows me knows I'm a huge fan of blogs. I have one myself (https://boschko.ca), where I mainly blog about IoT/ICS hacking and reverse engineering. I truly wish more people maintained some type of blog. 

Here is a list of blogs I love reading.

• https://www.crisprx.top/#blog 

• https://www.arashparsa.com/ 

• https://thinkloveshare.com/

• https://pre.empt.blog/

• https://www.x86matthew.com/

• https://0xsp.com/

Advice for beginners starting their careers? 

Be curious! You're just starting off, so for now, find something that interests you and focus on just that. 

Things might get tough along the way, so I’d recommend you have a no retreat, no surrender attitude and an almost obsessive need to conquer problems you face. You’ll truly grow from it.

Also, no one is expecting you to be an SME in everything. Red teams are teams of individuals with different strengths who come together to accomplish truly impressive feats. Start off small; it's just like walking; all you have to find is the step in front of you.

Just remember that the harder you work, the luckier you get. You’ll land a job in the field of your dreams, so please don't stop working towards your goals. 

Author bio: Hassan Ud-deen (hassassin), Content Marketing Manager, Hack The Box Hassan Ud-deen is the Content Marketing Manager at Hack The Box. Combining thought leadership and SEO to fuel demand generation is his jam. Hassan's also fascinated by cybersecurity, enjoys interviewing tech professionals, and when the mood strikes him occasionally tinkers within a Linux terminal in a dark room with his (HTB) hoodie on. #noob. Feel free to connect with him on LinkedIn.