I’m Koen . I live in Bruges (Belgium), a splendid medieval city also known as the Venice of the North.

I’m involved with computer security and I work as a member of a CERT (Computer Emergency Response Team).

I’m available as a freelancer (cudeso.be) -provided the freelance jobs do not interfere with my day-to-day job- for web-application development (Drupal, WordPress, Joomla and PHP applications), as a system administrator (OpenBSD and Linux mostly) and for all computer security related tasks.

My main interests in computers are security, web applications (PHP, MySQL, Apache), system administration and free software.

This site hosts a blog and I have a photo collection at Flickr.

I also have a site with (outdated) Linux information.


Latest posts

Understanding the SPF and DKIM Spam Filtering Mechanisms

I published an article on the SPF and DKIM spam filtering mechanisms on IBM Security Intelligence : Understanding the SPF and DKIM Spam Filtering Mechanisms.

The article covers the basic details of these mechanisms but also explains some of the possible pitfalls for filtering spam with SPF and DKIM.

Using the Digital First Aid Kit for Incident Response

Dealing with security incidents is always a collaborative process, involving both your constituency and external players. There are a number of tools that help you with detecting (and preventing) incidents. One of those tools is for example the MISP – Malware Information Sharing Platform & Threat Sharing

But once you have an incident … how you deal with it? Everyone has (or should have) written their own incident response procedures but did you know thatRead more.

Exploring webshells on a WordPress site

I recently had to handle a case where a website development company was hacked. This post describes some of my findings during the investigation.

All of the company websites were hosted on one virtual server running Linux. Most of these websites were WordPress powered. The management of the server was done via DirectAdmin, updating of the web files happened via FTP.

The incident was brought to the attention of the company because they received complaintsRead more.

An Introduction To Exploit Kits

I published an introduction article on exploit kits on the blog at Ipswitch : An Introduction To Exploit Kits


The article covers why attackers use exploit kits, how they can select their targets, how users get infected through exploit kits and what you can do to improve your resilience against exploit kits.

Doing open source intelligence with SpiderFoot (part 2)

I did an earlier post on gathering open source intelligence with SpiderFoot. This post is a small update to incorporate the new version of Spiderfoot that was released recently.

A new version of Spiderfoot was recently released, including some extra modules. In my earlier post I described how I adjusted and added some modules. The new release of Spiderfoot contains part of my changes to the XForce module.

My initial change to Spiderfoot included aRead more.