Frank Breedijk
Crisis manager (+ CSIRT helper)
Frank is volunteer and part of DIVD’s management team since the start. As a response to the Citrix Crisis and a fundamental flaw in the Dutch system for ‘cyber target and victim notification’ he started the DIVD CSIRT which is operational since January 2020.
After het handed over title of Head of CSIRT to Leanneard oudshoorn, Frank stayed active in the DIVD CSIRT, but transitioned to the role of Crisis Manager.
Frank puts on his crisis management cape either when there is a treat to the existance of DIVD or during high profile cases such as e.g. the SolarMan case.
Frank has over 25 years of cyber security experience, his current day-job is CISO at Schuberg Philis where he has been employed for the last 18+ years. He is very active in the Dutch community as secretary of the Nederlands Security Meldpunt, chairman of the MSP-ISAC and in DefCon Holland. He is an experienced keynote speaker and has presented at many conferences, he is also known for his balloon folding and fire breathing workshops at various hacker events. If you want him to waist your time ask him about his farmhouse form 1751, beekeeping or his telex machine.
Featured articles
- Fox-IT and DIVD cooperate to warn owners of vulnerable Citrix servers
- Fortinet sslvpnd vulnerability - update
- Closing GeyNoise Ukraine Only case
- ITarian critical vulnerabilities
- Confluence 0-day
- Kaseya Full Disclosure
- DIVD is a CVE Numbering Authority
- NMAP script for GitLab CVE-2021-22205
- Exchange ProxyShell and ProxyOracle
- Kaseya Unitrends update
- Vembu BDR Full Disclosure
- Social media consolidation
- Planned Vembu Full Disclosure
- Kaseya VSA Limited Disclosure
- Closing ProxyLogon case / Case ProxyLogon gesloten
- Additionele exchange scan script/additional exchange scan script
- Actief misbruik Exchange Zero-day / Active abuse Exchange Zero-day
- Phising slachtoffer notificatie / Victim notification phishing
- wpDiscuz kwetsbaarheid maakt het mogelijk systeem over te nemen / wpDiscuz vulnerability allows system takeover
- Datadump met informatie over vermoedelijk gehackte PulseVPN systemen gelekt / Datadump with information on hacked PulseVPN systems leaked
- Ernstige lek in Citrix ShareFile storage server / Critical vulnerability in Citrix ShareFile storage server
- Mircosoft repareert lek in SMB v3 / Microsoft patches vulnerability in SMB v3
- Ernstig ongepatched lek in SMB v3 / Critical unpatched vulnerability in SMB v3
- Citrix talk en demo bij Hackerhotel / Citrix talk and demo at Hackerhotel
- Wederom Citrix meldingen / Citrix notifications again
- BlueGate patch restart?
- DIVD Call For Volunteers
- Wildcard certificaten aangetroffen op veel kwetsbare Citrix ADC systemen / Lots of vulnerable Citrix ADCs used wildcard certificates
- Eerste Citrix patches beschikbaar, andere patches sneller / First Citrix patches available, other patches available sooner
- We gaan weer door met scannen en melden ! / We have resumed scanning and notifying !
- Citrix mitigatie blijkt niet betrouwbaar / Citrix mitigation turns out to be unreliable
- Controles voor de Citrix ADC compromittatie / Checks to see if your Citrix ADC is compromised
- Wijd verspreide kwetsbaarheid in Citrix Gateway en Citrix Application Delivery Controller
CSIRT cases
- DIVD-2024-00035 - 17 vulnerabilities in Iocharger devices
- DIVD-2024-00022 - Millions of credentials scraped from Telegram
- DIVD-2024-00019 - Victim Notification Operation Endgame
- DIVD-2024-00014 - Qlik Sense Remote Code Execution
- DIVD-2024-00011 - Six vulnerabilities in Enphase IQ Gateway devices
Show more Show less
- DIVD-2024-00001 - Auth. Bypass and Command Injection in Ivanti VPN appliance
- DIVD-2023-00001 - Citrix systems vulnerable for CVE-2022-27510 and/or CVE-2022-27518
- DIVD-2022-00068 - Multiple vulnerabilities identified within White Rabbit Switch from CERN
- DIVD-2022-00064 - Multiple injection vulnerabilities identified within Axiell Iguana CMS
- DIVD-2022-00063 - Memory overflow vulnerability in FortiOS SSL VPN
- DIVD-2022-00048 - Dossier Energy Transition
- DIVD-2022-00045 - Injection vulnerability found within Socket.io
- DIVD-2022-00033 - Atlassian Confluence 0-day unauthenticated RCE
- DIVD-2022-00020 - Inproper input validation vulnerabilities identified within Feathers.js
- DIVD-2022-00014 - GreyNoise's Ukraine only list
- DIVD-2022-00013 - The curious case of the odd update.microsoft.com certificates
- DIVD-2022-00009 - SolarMan backend administrator account/password
- DIVD-2021-00037 - Critical vulnerabilities in ITarian MSP platform and on-premise solution
- DIVD-2021-00030 - GitLab Unauthenticated RCE Flaw
- DIVD-2021-00027 - Apache HTTP 2.4.49 Path Traversal and File Disclosure
- DIVD-2021-00026 - Omigod: Microsoft Open Management Interface RCE
- DIVD-2021-00022 - Exchange ProxyShell and ProxyOracle
- DIVD-2021-00020 - OSNexsus QuantaStor limited disclosure and product warning
- DIVD-2021-00014 - Kaseya Unitrends
- DIVD-2021-00012 - Warehouse Botnet
- DIVD-2021-00011 - Kaseya VSA Disclosure
- DIVD-2021-00002 - Kaseya VSA
- DIVD-2021-00001 - Microsoft on-prem Exchange Servers
- DIVD-2020-00013 - Gelekte phishing wachtwoorden / Leaked phishing credentials
- DIVD-2020-00012 - 49 000 vulnerable Fortinet VPN devices
- DIVD-2020-00011 - Four critical vulnerabilities in Vembu BDR
- DIVD-2020-00010 - wpDiscuz plugin Remote Code Excution
- DIVD-2020-00009 - Pulse Secure VPN enterprise Leak
- DIVD-2020-00008 - 313 000 Wordpress sites scanned
- DIVD-2020-00005 - Apache Tomcat AJP File Read/Inclusion Vulnerability
- DIVD-2020-00002 - Wildcard certificaten Citrix ADC
- DIVD-2020-00001 - Citrix ADC
CVE Records
- Buffer overflow vulnerabilities in CGI scripts lead to segfault
- Authenticated arbitrary file upload to /tmp/ and /tmp/upload/
- Buffer overflow in <redacted>.so leads to DoS of OCPP service
- Arbitrary file download using <redacted>.sh
- Plaintext default credentials in firmware
Show more Show less
- Using the <redacted> action or <redacted>.sh script, arbitrary files and directories can be deleted using directory traversal.
- When uploading new firmware, a shell script inside a firmware file is executed during its processing. This can be used to craft a custom firmware file with a custom script with arbitrary code, which will then be executed on the charging station.
- A backup can be manipulated and then restored to create arbitrary files inside the <redacted> directory. A CGI script can be added to the web directory this way, allowing for full remote code execution.
- Any authenticated users can execute OS commands as root using the <redacted>.sh CGI script.
- Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station
- Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station
- Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station
- Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station
- Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station
- Authenticated command injection via <redacted>.exe <redacted> parameter
- Authenticated command injection via <redacted>.exe <redacted> parameter
- Upload of encrypted packages allows authenticated command execution in Enphase IQ Gateway v4.x and v5.x
- URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway version 4.x <= 7.x
- URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway v4.x to v8.x and < v8.2.4225
- Command Injection through Unsafe File Name Evaluation in internal script in Enphase IQ Gateway v4.x to and including 8.x
- Insecure File Generation Based on User Input in Enphase IQ Gateway version 4.x to 8.x and < 8.2.4225
- Unauthenticated Path Traversal via URL Parameter in Enphase IQ Gateway version < 8.2.4225
- DoS attack when broadcasting billboard messages
- Kaseya Unitrends Backup Software before 10.5.5-2 authenticated RCE
- Kaseya Unitrends Client/Agent through 10.5.5 allows remote attackers to execute arbitrary code
- Privilege escalation in Kaseya Unitrends Backup Software before 10.5.5-2
- Unauthenticated XML External Entity vulnerability in Kaseya VSA < v9.5.6
- (Semi-)Authenticated local file inclusion in Kaseya VSA < v9.5.6
- Authenticated Authenticated reflective XSS in Kaseya VSA <= v9.5.6
- Unauthenticated Remote Code Execution in Kaseya VSA < v9.5.5
- Authenticated SQL injection in Kaseya VSA < v9.5.6
- Unauthenticated credential leak and business logic flaw in Kaseya VSA <= v9.5.6
- UNAUTHENTICATED SERVER SIDE REQUEST FORGERY IN VEMBU PRODUCTS
- Unauthenticated arbitrary file upload and command execution in Vembu products
- Unauthenticated remote command execution with SYSTEM privileges in Vembu products
- Unauthenticated remote command execution in Vembu products