Menu

~$ whoami

My name is Lennaert and I'm a student digital forensics I enjoy programming, mostly in PHP and Python, among my interests:

  • Ethical hacking / pentesting / redteaming
  • Malware analysis
  • Opensource Intelligence (OSINT)
  • The occasional CTF challenge

Volunteer & Community work

Since 2018 I've volunteered for Hack In The Box Amsterdam, a cool security conference taking place in my home town.

I also volunteer as a security researcher for the DIVD, the Dutch Institute for Vulnerability Disclosure.

With a lot of things moving online in 2020 I have helped out at multiple online conferences, such as Circle City Con and BeerCon2. I'm also part of the crew hosting Infosec Happy Hour every Friday at 20:00 GMT.

Responsible Disclosure

I do a lot responsible/coordinated vulnerability disclosure, a few examples where I've gotten recognition:

Indicted in various Hall of Fame's:
The NPO (Dutch public broadcaster)
The Information Security Service for Dutch municipalities
Carlsberg

This cool challenge coin, and handwritten note, from the Aviation ISAC:

Reported multiple vulnerabilities to the Dutch Government, and received their famous "I hacked the Dutch Government, and all I got was this lousy t-shirt" for it.

Won the 'Most Techy Hack' award during a hackathon where the Toon, a smart thermostat from Dutch energy company Eneco was hacked.

Public Speaking / Presentations & Media

On September 1st I was a guest in "BNR'S Big Five" when they had a week about cyber security, I spoke about being an ethical hacker and my work with the DIVD.

Cybersecurity | Lennaert Oudshoorn (DIVD)
Als ethisch hacker bij DIVD gaat Lennaert Oudshoorn buiten werktijd om op zoek naar zwakheden in systemen. Afgelopen juli werd daardoor mogelijk een ramp voorkomen bij softwarebeheerder Kaseya. Wat beweegt Oudshoorn om dit te doen en welke oplossingen ziet hij om cybercrime tegen te aan?
bnr.nlBNR’s Big Five

You can also listen to this on Spotify:

In July 2021 I was a guest in the NOS op 3 Tech Podcast, to talk about the big ransomware attack on Kaseya and the work we did with the DIVD in the responsible disclosure of one of the 0-days the attackers used.

‎NOS op 3 Tech Podcast: Een ongekende ransomware-aanval en nepnieuws na aanslag Peter R. de Vries on Apple Podcasts
0:00 Een ongekend grote ransomware-aanval werd afgelopen weekend losgelaten op de wereld. Een groep ethische hackers uit Nederland stond op het punt om die aanval te voorkomen, maar was net te laat. Lennaert Oudshoorn is ethisch hacker en vrijwilliger bij het DIVD, een organisatie die bedrijven waar…
Apple Podcasts

You can also listen to this on Spotify:

My first public speaking experience was at BeerCon2, which I wrote at length about on this blog. The talk I gave is available on YouTube:

I also spoke at BeerCon3:
https://www.youtube.com/watch?v=fg-35SQUnNI

MayContainHackers, a camp held in the Netherlands in 2022:
https://media.ccc.de/v/mch2022-55-scanning-and-reporting-vulnerabilities-for-the-whole-ipv4-space-how-the-dutch-institute-for-vulnerability-disclosure-scales-up-coordinated-vulnerability-disclosure

The ONE Conference, a security conference organized by the Dutch NCSC:
https://one-conference.nl/video/wf-19-kaseyavsa-and-what-divd-did-to-prevent-the-abuse-of-seven-zero-days.mp4

Hacker Hotel:
https://www.youtube.com/watch?v=a5NpYFqapUI

Other