2022-07-24, 12:40–13:10, Abacus 🧮
DIVD researcher Jelle (aka SchizoDuckie) has a hobby. He likes to find credentials in places where they don't belong, like GitHub and Postman. And this hobby has gotten him into many places he should not have, like the Dutch Tax office and many larger company.
But, in February 2022 he found an account with an even bigger reach, an account who's abuse could mean trouble for our national critical infrastructure. His simple GitHub query uncovered a secret that could switch off a country, now what...
While Jelle is enjoying his vacation his DIVD colleagues, Chris van 't Hof, Célistine Oosting and Frank Breedijk, will present the story of one of the more significant vulnerabilities discovered by DIVD this year. The long windy but mostly slow and silent road to disclosure and remediation and how mitigation did not take away all the risks.
This talk digs into the, up to this point, untold story of case DIVD-2022-00009 and will include numbers "Doc" Brown will jealous of.
Frank is a many of many hats, luckly they are all some shade of white.
His day job is being a CISO for Schuberg Philis an IT Services company that caters for business and sociaty critical systems.
Besides that he is an early and active member of the DIVD, and currently the CSIRT and crisis manager.
He is also the secretary of the Dutch Security Information Clearing house (Het Nederlands Seurity meldpunt)
In his psare time (if any) he is a dad, has a farm, dogs, chickens, fish and horses and occasionally folds balloons.