Because of my Wintel background, I know Active Directory security inside out
Where it all began
After jobs at various computer shops, an online gaming adventure got quite serious: ending up playing Unreal Tournament capture the flag on a high level. Being frustrated by the instable game servers being hosted at that time, I decided I could do it better, founding a game hosting company in 2003.
Getting the best out of a system means totally understanding a system. This is also how I got more interested in the security of a system. For example: how do gamers abuse client-side weaknesses to take advantage over others, and how can you stop this?
Where it went to from there
Optimizing latency and performance for gamers all over Europe is one of the reasons I decided to do a BSc in Network Infrastructure Design back in 2005-2008.
After finishing my BSc and earning industry certificates like MCSE and CCNP/CCDP, I worked for a Wintel consultancy company where I focused on design and implementation of Windows domains/Citrix/VMware/RES infrastructures as well as 2nd/3rd line troubleshooting at clients. During the latter, I could use my creativity to the fullest, debugging issues that sometimes had taken an entire Windows domain down. At that time, I was amazed how security was neglected by a lot of colleagues and clients: default passwords, password reuse, domain admin privileges for all application administrators and third-party suppliers, seriously?
To freshen my mind, I moved to Amsterdam in 2009 and got my master’s degree in System and Network Engineering (OS3). After this I broadened my horizon, travelling around Asia for 1.5 years, volunteering here and there.
Once back in Netherlands, I joined KPMG, where I worked a little over 6 years, starting off with ethical hacking, later specializing in red teaming and Active Directory security. I was also responsible for the hacking lab of KPMG Netherlands. I helped clients in all sorts of sectors, ranging from banking to military and large industry/retail clients. Next to leading engagements in Netherlands, I got to train and help out KPMG member firms in supporting clients all over the world.
My years of offensive knowledge combined with my Wintel/infrastructure background enable me to identify (and abuse) risks in a client’s network. Because of my Wintel background I know Active Directory inside out, as well as common mistakes and the shortcuts taken by admins. This helps in identifying real risks and coming up with no-nonsense recommendations on how to improve preventive and detective controls of a client.
My coolest project ever
I’ve been involved in quite some cool projects over the years. When I have to choose one, it would be hacking an international drone manufacturer. I was able to gain full control over the drone production network. After some digging, I also managed to gain access to the command and control center from which airborne drones (and their payloads) could be controlled.