Max
@disclosing.observer
PhD Candidate in Anti-Abuse Strategy & Ethics @ TU Delft
CSIRT Operations Lead @ https://divd.nl
Virtual Routes Fellowship Alumnus '24-'25
Writing about it all on https://disclosing.observer
CSIRT Operations Lead @ https://divd.nl
Virtual Routes Fellowship Alumnus '24-'25
Writing about it all on https://disclosing.observer
Way too often for various reasons, operators patch-and-forget whenever the newest edge device vulnerability is actively being exploited. I've written up some of our experience when it comes to edge device web shells and how we find them through attacker slip-ups.
disclosing.observer/2025/06/14/p...
disclosing.observer/2025/06/14/p...
Scanning Beyond the Patch: A Public-Interest Hunt for Hidden Shells - Disclosing.Observer
Even after patching, many edge devices remain compromised. This post explores how to ethically scan for backdoors left behind.
disclosing.observer
June 16, 2025 at 8:24 AM
Way too often for various reasons, operators patch-and-forget whenever the newest edge device vulnerability is actively being exploited. I've written up some of our experience when it comes to edge device web shells and how we find them through attacker slip-ups.
disclosing.observer/2025/06/14/p...
disclosing.observer/2025/06/14/p...
Zero-days come with responsibility, and we've learned in the past years that states don’t always live up to that responsibility. Lately, I’ve been thinking about how one government in particular handles them…
Brain dump here, any feedback and discussion welcome!
disclosing.observer/2025/05/30/u...
Brain dump here, any feedback and discussion welcome!
disclosing.observer/2025/05/30/u...
Ready, Retain, Fire? The Quiet Fallout of U.S. Offensive Cyber Policy - Disclosing.Observer
When one nation hoards weapons, others feel compelled to follow. The U.S. posture on zero-day retention risks global insecurity through a dynamic we've seen ...
disclosing.observer
May 30, 2025 at 8:56 PM
Zero-days come with responsibility, and we've learned in the past years that states don’t always live up to that responsibility. Lately, I’ve been thinking about how one government in particular handles them…
Brain dump here, any feedback and discussion welcome!
disclosing.observer/2025/05/30/u...
Brain dump here, any feedback and discussion welcome!
disclosing.observer/2025/05/30/u...
Not really one to make frequent posts. But with the continuous decline of Twitter/X, I figured I might as well give this a go.
A nice way to start would be with the news that I'll be speaking at both USENIX Security in Seattle and the ONE Conference in The Hague this year, in case anyone is around!
A nice way to start would be with the news that I'll be speaking at both USENIX Security in Seattle and the ONE Conference in The Hague this year, in case anyone is around!
May 28, 2025 at 8:53 PM
Not really one to make frequent posts. But with the continuous decline of Twitter/X, I figured I might as well give this a go.
A nice way to start would be with the news that I'll be speaking at both USENIX Security in Seattle and the ONE Conference in The Hague this year, in case anyone is around!
A nice way to start would be with the news that I'll be speaking at both USENIX Security in Seattle and the ONE Conference in The Hague this year, in case anyone is around!