Welcome to my domain

My name is Mick Beer. Living in The Netherlands.

DIVD

Since 2021 I am working as security researcher at the Dutch Institute of Vulnerability Disclosure. Recently I have worked on the following case:

"On February 25, 2022, GitLab published a fix for CVE-2021-4191, which is an instance of CWE-359, “Exposure of Private Personal Information to an Unauthorized Actor.” The now-patched vulnerability affected GitLab versions since 13.0. The vulnerability is the result of a missing authentication check when executing certain GitLab GraphQL API queries. A remote, unauthenticated attacker can use this vulnerability to collect registered GitLab usernames, names, and email addresses."
Link

Subject Matter Expert

Since May 2022 I started working as Subject Matter Expert at NOVI Hogeschool in the Netherlands.

Buffer Overflow

Buffer overflow. I can remember starting a few years ago with self-study on ethical hacking and the Kali Linux Course. The term "buffer overflow" intrigued me without me having any idea what it meant. Now today it is a term that I understand well and I reflect on my development. Thank you NOVI and Arjen Wiersma for the awesome curiculum and making the Ethical Hacking study possible. Note to self: keep setting goals. Before you know it, you're already there!
link

Research init.d / startup processes IoT devices

For my Ethical Hacking study I researched the init proces on IoT devices (and linux in general).
Here is the link to the report written in Dutch.link

Emulation - FirmAE

Emulation is a concept that blows my mind. Since I was young, I tried emulating iPhone exclusive apps on an android and vise versa. On ipads I tried to install android which all ended up being emulations. Now I am using amazing software called FirmAE (which my professor collaborated with in the process). FirmAE allows individuals to emulate and analyze for vulnerabilities with a success rate of 79.36% (compared to its predecessor Firmadyne). After analyzing firmware statically using the file, strace, ltrace commando's, a good idea is to start using FirmAE to dynamically
analyze the firmware and try to access it and "talk" to it as if it was a real IoT device. Router firmware (most likely linux), ip webcams and other IoT devices that make use of access to a network can be emulated! If you find handwritten encryption/software, that's probably something you should look into as it is often not adequately checked for vulnerabilities.
link

VMWare Workstation vmmon vmmnet kernel modules fix

Errors when installing VMware Workstation on Linux hosts (mostly ubuntu based, bedora and openSUSE) occur saying: modules must be compiled. When user tries to follow the steps VMware provides, installation fails. Use the script to install (and when done update when necessairy) the needed modules on your linux host. link