Lennaert Oudshoorn
Role: Head of DIVD-CSIRTAs one of the early volunteers at DIVD Lennaert has been here for quite some time, now he heads our CSIRT and makes sure our operations run smoothly and well structured. In his day job Lennaert is Security Analyst at Zerocopter, where he identifies and validates many different vulnerabilities and security issues on a daily basis. Also, as an accomplished hacker, he has found vulnerabilities on behalf of several large organizations including the Dutch government! In addition to his professional exploits, he also reports vulnerabilities “on the side” participating in coordinated vulnerability disclosure and bug bounty programs.
Social media
Icon - @Lennaert89Icon - Lennaert Oudshoorn
Icon - https://dfirsec.nl/
Articles / cases / cves
Blog posts
CSIRT Cases
- DIVD-2024-00022 - Millions of credentials scraped from Telegram
- DIVD-2024-00019 - Victim Notification Operation Endgame
- DIVD-2024-00004 - 2024-00004 Global NGOs
- DIVD-2024-00001 - Auth. Bypass and Command Injection in Ivanti VPN appliance
- DIVD-2023-00033 - Citrix systems exploited with CVE-2023-3519
- DIVD-2023-00031 - Ivanti MobileIron vulnerable for CVE-2023-35078
- DIVD-2023-00030 - Citrix systems vulnerable for CVE-2023-3519
- DIVD-2023-00029 - Critical Fortinet SSL-VPN RCE Vulnerability
- DIVD-2023-00028 - SQL Injection in MOVEit Transfer - CVE-2023-36934
- DIVD-2023-00009 - Cisco RV Series Remote Command Execution
- DIVD-2022-00065 - Multiple Critical Vulnerabilities in multiple Zyxel EOL devices
- DIVD-2022-00063 - Memory overflow vulnerability in FortiOS SSL VPN
- DIVD-2022-00061 - KNXNet/IP gateways often left open to the internet
- DIVD-2022-00058 - ZK Framework - ZK AuUploader Servlet Upload Vulnerability
- DIVD-2022-00042 - Canon print portals facing the internet
- DIVD-2022-00030 - Exposed QNAP
- DIVD-2022-00027 - F5 BIG-IP iControl REST API remote code execution
- DIVD-2022-00025 - VMware - CVE-2022-22954
- DIVD-2022-00012 - Global Charity Vulnerabilities
- DIVD-2021-00038 - Apache Log4j2
- DIVD-2021-00036 - VMware vCenter Server arbitrary file read vulnerability
- DIVD-2021-00030 - GitLab Unauthenticated RCE Flaw
- DIVD-2021-00027 - Apache HTTP 2.4.49 Path Traversal and File Disclosure
- DIVD-2021-00026 - Omigod: Microsoft Open Management Interface RCE
- DIVD-2021-00022 - Exchange ProxyShell and ProxyOracle
- DIVD-2021-00012 - Warehouse Botnet
- DIVD-2021-00011 - Kaseya VSA Disclosure
- DIVD-2021-00010 - vCenter Server PreAuth RCE
- DIVD-2021-00006 - SmarterMail
- DIVD-2021-00005 - Pulse Secure PreAuth RCE
- DIVD-2021-00004 - Gelekte phishing gegevens / Leaked phishing credentials
- DIVD-2021-00002 - Kaseya VSA
- DIVD-2021-00001 - Microsoft on-prem Exchange Servers
- DIVD-2020-00014 - SolarWinds Orion
- DIVD-2020-00012 - 49 000 vulnerable Fortinet VPN devices
- DIVD-2020-00011 - Four critical vulnerabilities in Vembu BDR
- DIVD-2020-00010 - wpDiscuz plugin Remote Code Excution
- DIVD-2020-00009 - Pulse Secure VPN enterprise Leak
- DIVD-2020-00008 - 313 000 Wordpress sites scanned
- DIVD-2020-00007 - Citrix ShareFile
CSIRT blog posts
- 05 October 2021 - Apache HTTP 2.4.49 Path Traversal and File Disclosure
- 06 July 2021 - Kaseya Case Update 3
- 03 July 2021 - Kaseya Case Update
- 02 July 2021 - Kaseya VSA Advisory
- 09 May 2021 - Phishing slachtoffer notificatie / Victim notification phishing
- 08 March 2021 - Exchange Zero-day IoC detectie script / Exchange Zero-day detection script
- 30 December 2020 - SolarWinds Orion API authentication bypass
- 17 December 2020 - Het Security Meldpunt wordt DIVD CSIRT / This site will become DIVD CSIRT
- 27 November 2020 - Wordpress binnen het .nl domein geïndexeerd / Wordpress in .nl space indexed
- 15 November 2020 - Lijst met 49 000 kwetsbare Fortinet VPNs / List of 49 000 vulnerable Fortinet VPNs