Lectures 2020


Edwin van Andel
Fails (Tales) from the trenches…

A collection of short hacking and bug-bounty related  stories, written up throughout the years of working with the awesome security community and it’s ‘(n)ever learning’ clients.

Edwin van Andel will take you on a ride through the beautiful, but sometimes scary, woods of bugs, fails and wonders, located in the misty valley of infosec.

There will be tales of misdirected focus. There will be burning arrows flying towards the anonymous clientele of Zerocopter’s bug-bounty and coordinated vulnerability disclosure platform. And we will gaze at the sunset over the immortal fields of stupidity.

Edwin will discuss and gives examples of beautifully chained exploits, utterly stupid designs, fails and the always funny owner’s responses.  Fun, laughter and tears as we cool off and swim together in IoT infested waters. While always reflecting back to the key of all his presentations: Hackers can help.

Will you hop on for a 45 minute ride through these hidden woods? Visual stupidity included as always!

Edwin van Andel

Edwin van Andel, better known as @Yafsec, was born on a late November day in the excellent wine year 1970 and immediately started pushing buttons from his crib. During his early years no device was safe for him, and his adolescence was described by his neighbors as a “very disastrous period”, mainly because of his discovery of computers, modems and the hack-tic.

After working with different companies around the globe, he in 2003 started his own company called Yafsec, with the sole purpose of guiding companies and IT dealers through the dark woods of the ever evolving security forest. As of 2016 he joined Qbit Cyber Security and Zerocopter, where he’s mostly working on publicly expanding their continuous security platform. In 2017 he became CEO of Zerocopter.

Walter Belgers
Hacking in the Netherlands in the 1980s

What did the computer hacking scene look like in the Netherlands in the late 1980s and early 1990s? Walter will tell about his personal experiences during that period. This is a no-press talk (TLP Red).

About Walter
Walter Belgers is a hacker who got internet access 6 year before there was a computer crime law in the Netherlands. He is a member of The TimeWasters.

foto: Dennis van Zuijlekom ( CC-BY-SA)

Helma de Boer

Privacy adventures in vocational education

An educational institution like Deltion College with over 18,000 students and a staff of 1,500 is like a village on it’s own. A creative place where lots and lots of personal data is stored, exchanged and used
in over 200 applications (that the I&A department is aware of). If we want to do this in a safe way, we need security. Or actually: we need to involve you, technologists, as well as the legal experts and the staff.
Helma shares problems, solutions and best practices to help you understand what you – techy – can do to help.

About Helma
(foto Dennis van Zuijlekom ( CC-BY-SA)
Helma de Boer (cDPO/CIPT/BSe) is Privacy Officer for Deltion College in Zwolle, a large educational institution with over 18,000 students. She  is responsible for the dataprotection of students and personnel and GDPR compliance. She is dedicated to performing (D)PIA’s, privacychecks and awareness trainings amongst other cool privacy things. In addition she helps developing a course for students. Helma is also owner of Artheos, where she has a history of developing websites and databases. Nowadays it’s all about privacy. In 2017 she worked for Bits of Freedom as guest writer.

Daniella de Nijs
Phishing and emotions

We all know the concept of phishingmails and probably receive a bunch too everyday. Some of these faux e-mails seem too easy to fall for (Nigerian prince, really?) whereas others look so real even us, hackerminded individuals, might fall for it. But they all have one thing in common: they seduce us to click, download or pay money or bitcoins. How? By triggering certain emotions through embedding smart psychological features which causes our judgement to become temporarily blurred.

Daniella de Nijs has tested the use of four different emotions in phishingmails during a large-scale phishingcampaign in the Netherlands, sending out almost 4000 phishingmails containing either a link to a fake log-in page or malicious .exe download. Which emotion has pwned the most: fear, authority, greed or helpfulness? Come and find out!

About Daniella
Daniella de Nijs, 23, graduated in Safety & Security took the cybersecurity path during the third year of her studies starting at Fox-IT as a security specialist and graduated with a thesis report on phishing and emotions at the Audits department. Currently working at Stedin, a grid operator within the Netherlands as Cyber Defence Specialist securing the operational network of Stedin, making sure the lights stay on.

Nemty: the story of a free ransomware decryptor

We will tell you the story of how our analysis of a new ransomware led to the publicly available Nemty decryptor at nomoreransom.org. A journey where we worked with Europol, received compliments from the attacker in a newer version of the malware and helped many civilians and companies in quite a few countries by decrypting their files for free. We will also dive into the encryption algorithm, and the bug that overwrites data in large files. This bug makes sure that no-one – not even the bad guys – will ever be able to give the victims back all their data. This is a no-press talk (TLP Red).

About Saskia:

Saskia Hoogma is a data analyst at Tesorion, a Managed Security Service Provider in The Netherlands. Her main focus in the Research Team is threat intelligence and data analysis.

About Gijs:

Gijs Rijnders is a malware researcher at Tesorion. He focuses on reverse engineering malware and also works for the CSIRT of Tesorion.