Frank Breedijk

Manager and initiator of the DIVD CSIRT, previous know as Dutch Security Hotline. In daily live he is the CISO of Schuberg Philis

Social media

Icon - Seccubus
Icon - Frank Breedijk

Articles / cases / cves

CSIRT Cases

• DIVD-2021-00030 - GitLab Unauthenticated RCE Flaw
• DIVD-2021-00027 - Apache HTTP 2.4.49 Path Traversal and File Disclosure
• DIVD-2021-00022 - Exchange ProxyShell and ProxyOracle
• DIVD-2021-00014 - Kaseya Unitrends
• DIVD-2021-00012 - Warehouse Botnet
• DIVD-2021-00011 - Kaseya VSA Limited Disclosure
• DIVD-2021-00002 - Kaseya VSA
• DIVD-2021-00001 - Microsoft on-prem Exchange Servers
• DIVD-2020-00013 - Gelekte phishing wachtwoorden / Leaked phishing credentials
• DIVD-2020-00012 - 49 000 vulnerable Fortinet VPN devices
• DIVD-2020-00011 - Four critical vulnerabilities in Vembu BDR
• DIVD-2020-00010 - wpDiscuz plugin Remote Code Excution
• DIVD-2020-00009 - Pulse Secure VPN enterprise Leak
• DIVD-2020-00008 - 313 000 Wordpress sites scanned
• DIVD-2020-00005 - Apache Tomcat AJP File Read/Inclusion Vulnerability
• DIVD-2020-00002 - Wildcard certificaten Citrix ADC
• DIVD-2020-00001 - Citrix ADC

CVEs contributed to

• CVE-2021-26471 - Unauthenticated remote command execution in Vembu products
• CVE-2021-26472 - Unauthenticated remote command execution with SYSTEM privileges in Vembu products
• CVE-2021-26473 - Unauthenticated arbitrary file upload and command execution in Vembu products
• CVE-2021-26474 - Unauthenticated server side request forgery in Vembu products
• CVE-2021-30116 - Unautheticated credential leak and business logic flaw in Kaseya VSA <= v9.5.6
• CVE-2021-30117 - Autheticated SQL injection in Kaseya VSA < v9.5.6
• CVE-2021-30118 - Unautheticated RCE in Kaseya VSA < v9.5.5
• CVE-2021-30119 - Authenticated Authenticated reflective XSS in Kaseya VSA <= v9.5.6
• CVE-2021-30120 - 2FA bypass in Kaseya VSA <= v9.5.6
• CVE-2021-30121 - Authenticated local file inclusion in Kaseya VSA < v9.5.6
• CVE-2021-30201 - Authenticated XML External Entity vulnerability in Kaseya VSA < v9.5.6
• CVE-2021-40385 - Privilege escalation from read-only to administrator in web interface of UniTrends Server < v10.5.5-2
• CVE-2021-40386 - Undisclosed critical vulnerability in Unitrends Client, currently unpatched
• CVE-2021-40387 - Authenticated Remote Code Execution in UniTrends Server < v10.5.5-2

CSIRT blog posts

• 27 November 2021 - NMAP script for GitLab CVE-2021-22205
• 26 August 2021 - Exchange ProxyShell and ProxyOracle
• 26 August 2021 - Kaseya Unitrends update
• 25 August 2021 - Vembu BDR Full Disclosure
• 20 August 2021 - Social media consolidation
• 20 August 2021 - Planned Vembu Full Disclosure
• 07 July 2021 - Kaseya VSA Limited Disclosure
• 14 May 2021 - Closing ProxyLogon case / Case ProxyLogon gesloten
• 16 March 2021 - Additionele exchange scan script/additional exchange scan script
• 03 March 2021 - Actief misbruik Exchange Zero-day / Active abuse Exchange Zero-day
• 01 January 2021 - Phising slachtoffer notificatie / Victim notification phishing
• 07 August 2020 - wpDiscuz kwetsbaarheid maakt het mogelijk systeem over te nemen / wpDiscuz vulnerability allows system takeover
• 05 August 2020 - Datadump met informatie over vermoedelijk gehackte PulseVPN systemen gelekt / Datadump with information on hacked PulseVPN systems leaked
• 28 May 2020 - Ernstige lek in Citrix ShareFile storage server / Critical vulnerability in Citrix ShareFile storage server
• 12 March 2020 - Mircosoft repareert lek in SMB v3 / Microsoft patches vulnerability in SMB v3
• 12 March 2020 - Ernstig ongepatched lek in SMB v3 / Critical unpatched vulnerability in SMB v3
• 15 February 2020 - Citrix talk en demo bij Hackerhotel / Citrix talk and demo at Hackerhotel
• 05 February 2020 - Wederom Citrix meldingen / Citrix notifications again
• 29 January 2020 - BlueGate patch restart?
• 26 January 2020 - DIVD Call For Volunteers
• 22 January 2020 - Wildcard certificaten aangetroffen op veel kwetsbare Citrix ADC systemen / Lots of vulnerable Citrix ADCs used wildcard certificates
• 19 January 2020 - Eerste Citrix patches beschikbaar, andere patches sneller / First Citrix patches available, other patches available sooner
• 17 January 2020 - We gaan weer door met scannen en melden ! / We have resumed scanning and notifying !
• 16 January 2020 - Citrix mitigatie blijkt niet betrouwbaar / Citrix mitigation turns out to be unreliable
• 15 January 2020 - Controles voor de Citrix ADC compromittatie / Checks to see if your Citrix ADC is compromised
• 13 January 2020 - Wijd verspreide kwetsbaarheid in Citrix Gateway en Citrix Application Delivery Controller