Frank Breedijk

Phish Bait - The discovery of a massive multi-bank Phishing as a Service platform

A CC ND image by Bankenverband - Bundesverband deutscher Banken
On the 26th of October 2016 the Schuberg Philis CSIRT team received three alerts that started an investigation. During this investigation we discovered an early version of a online phishing site containing over 1200 online banking URLs with matching strings for failed login, please wait and site unavailable. In this story the technical details of the site and the investigation. read more >

Live blog Blogging live from Hack in the Box Amsterdam

Today I will be blogging live from the “Beurs van Berlage” covering the 2015 edition of Hack in the Box (hashtag #HitB2015Ams). Please watch this space as I will attempt to put the blog post up shortly after, or even before the speaker leaves the stage. read more >

Latest postings

Identity Management for dummies by @Seccubus

QCon London: How I Learned to Stop Worrying and Trust Crypto Again

Mother and Infant Bond a CC NC image by Steve Corey
By Graham Steel

The year 2013 is the year we found out that the tinfoil hat people were right and the NSA was actually listening to all our conversations.

However, even Snowden stated that properly implemented strong cryptographic systems will actually safe you.

In reality developers seldom design their own cryptographic engines and implementing your own based on a book like 'Applied cryptography ' is not recommended, so people are read more >

CsFirewall a chef cookbook to control Cloudstack firewall/network ACLs

MAN vs FIRE a CC ND ND image by Geekr
Some time ago I was approached by some colleagues who were frustrated with the Cloud Stack CL screens because:

The screens are cumbersome to use
You cannot control what port are open from your configuration management system
It is very hard to spot if somebody manually opened a firewall port

With that in mind I started to code and came up with the CsFirewall cookbook. A Cookbook to control Ingress and Egress firewall rules, NAT rules and network ACL's.

CsFirewall works read more >

Live blog RSA Conference Europe 2013 live coverage

I'm attending the RSA Conference in Amsterdam and will be live blogging some of the talks I attend. Watch my Twitter account or this blog post for more updates. read more >

Latest postings

Is my server helping DDoS-ers?

About to feel the Power of Rock a CC NC SA image from Stéfan
I was Googling for an easy online check to see if a certain DNS server is an open resolver and can be used to perform a DNS amplification attack and I couldn't find one. So here is one I wrote myself. It will give you a simple output to tell you if the server is or isn't vulnerable and what amplification factor could be obtained. DNS Amplification measurement tool read more >