DIVD researcher Jelle (aka SchizoDuckie) has a hobby. He likes to find credentials in places where they don't belong, like GitHub and Postman. And this hobby has gotten him into many places he should not have, like the Dutch Tax office and many larger company.
But, in February 2022 he found an account with an even bigger reach, an account who's abuse could mean trouble for our national critical infrastructure. His simple GitHub query uncovered a secret that could switch off a country, now what...
While Jelle is enjoying his vacation his DIVD colleagues, Chris van 't Hof, Célistine Oosting and Frank Breedijk, will present the story of one of the more significant vulnerabilities discovered by DIVD this year. The long windy but mostly slow and silent road to disclosure and remediation and how mitigation did not take away all the risks.
This talk digs into the, up to this point, untold story of case DIVD-2022-00009 and will include numbers "Doc" Brown will jealous of.