Benevolently malicious offensive security enthusiast || @ABNAMRO Red Team || Crappy malware author (Nimplant, Nimpackt) || Has over 0 CVEs 😎 (pls notice me)

Utrecht, The Netherlands
Joined March 2011
Got sidetracked by a fun little Terraform + Ansible project which I dubbed 'CloudLabs AD'. It provisions a small AD lab in the cloud that has some dummy data to play with and is enrolled in Elastic Endpoint Security. Just open sourced it here 👉 github.com/chvancooten/Cloud…
10
157
1
511
Show this thread
Honestly not sure why but thanks, y'all 🥰 Haven't been sharing much lately, been working on some side projects and stuff for coming conference season. If you have any ideas for blogs/tools/whatever please do let me know! 🙏
2
17
That's a close one! I expected specialism to come first tbh. Some great insights in the comments. Personally I like being a generalist too, as you can ride that wave of learning the ropes of a new skill every time 🏄
Curious about this one: in terms of learning new (infosec) skills: do you prefer going deep or going wide?
2
1
3
I do have some "focus areas" (Nim malware for example), but it's never something I consider myself to be an expert in specifically. And that's totally fine!
2
Curious about this one: in terms of learning new (infosec) skills: do you prefer going deep or going wide?
46% Deep! Gotta specialize!
54% Wide! I want to know all!
485 votes • Final results
20
4
2
18
Srsly tho look at this boi
Replying to @Bandrel
Please enjoy this majestic portrait of my doggo. Hope you feel better 😊
15
Cas van Cooten retweeted
The first blog post is here. This one covers the technical details of CVE-2022-26923 (Active Directory Domain Services Elevation of Privilege Vulnerability). The vulnerability was patched as part of the May 2022 Security Updates from Microsoft. research.ifcr.dk/9e098fe298f…
30
382
21
815
Show this thread
Cas van Cooten retweeted
Workshops program is now out! We're very happy to welcome @chvancooten @Guillaume_Lopes @ddouhine & @tijldeneut to perform their workshops during #HIP22 Check them out here ➡️hackinparis.com/workshops/ Buy your ticket here 🎫👉 hackinparis.com/store/
1
6
1
7
Impostor syndrome kicking in hard with all the names on this list 🫠
Hey All, @x33fcon team missed you! We're ready for you and looking forward to seeing you in Gdynia 😎🍹🏖️ Agenda: x33fcon.com/#!conference.md#… Workshops: x33fcon.com/#!conference.md#… Training (on-site and online!): x33fcon.com/#!training.md Register today! 🎟️
1
10
So which way do I go for the "Cool Kids With A CVE" club?
CVE-2022-27903 An OS Command Injection vulnerability in the configuration parser of Eve-NG Professional through 4.0.1-65 and Eve-NG Community through 2.0.3-112 allows a remote authenticated attacker to execute commands as root by editing virtualiz... cve.mitre.org/cgi-bin/cvenam…
2
1
25
Some good news to start the week - I have been accepted to speak at @x33fcon 2022! I have also been accepted to present my workshop on 'malware development for dummies' at @hackinparis 2022. So hyped for both of these cons! Who's gonna be around?
6
3
46
Had a blast at the first physical (!) @hackthebox_nl meetup, meeting @egre55, @RoadRunnerHacks, and a bunch of other cool folks IRL 😁. Looking forward to the next one!
1
15
Something about Crowdstrike being a pain in the behind about people testing with their product combined with their engineers freely snooping on dev machines of their clients doesn't sit right with me 🤔 I'm all for transparency but it isn't a one-way street
Replying to @polpanek @_vivami
I’m kind of bummed the sensor wasn’t configured… I wanted to just look at the telemetry 🤣
5
16
83
Spent some time last week on something entirely different - frontend development! Created a new interface for Nimplant from scratch to teach myself the ropes of Next.JS and Typescript. Not gonna lie, pretty proud of what I achieved in a week (GIF below 👇)
14
18
173
GIF
Congrats to my buddy @Jean_Maes_1994 for making it yet another year without being cancelled 🥳
1
1
28
I quite like the offsec courses that I did but it's sad to see they're going the SANS route in terms of pricing. Knowledge should be accessible, not paywalled 🥲
As a reminder, the 30- and 60-day options for all standalone courses will no longer be available as of today at 11:59 p.m HST. We aim to simplify our product offerings as we develop new courses and features for our students: offs.ec/3tNVOZo
12
3
44
Not sure what's more shocking, the "DomAdmins-LastPass.xlsx" file or that the attackers used BING to look up privilege escalation tools on a compromised machine 😅
New documents for the Okta breach: I have obtained copies of the Mandiant report detailing the embarrassing Sitel/SYKES breach timeline and the methodology of the LAPSUS$ group. 1/N
Show this thread
2
3
21
Got sidetracked by a fun little Terraform + Ansible project which I dubbed 'CloudLabs AD'. It provisions a small AD lab in the cloud that has some dummy data to play with and is enrolled in Elastic Endpoint Security. Just open sourced it here 👉 github.com/chvancooten/Cloud…
10
157
1
510
Kudos to @nodauf for most of the Ansible Elastic Endpoint Security deployment 👏
2
5
Playing with Elastic Security a bit and it's pretty dope. A lot of nice rules to play with out of the box 🤤 Would love to provision it in my labs with Ansible but automating the installation in a headless fashion is gonna be a pain lol
12
23
151