Cornelis de Plaa
Where it all began
As a kid you could have found me quite often in the forest of the small village where I was born. Dressed up as a little soldier, in a scene that could have been a Rambo movie. When I got older these real-life wargames changed into computer gaming when my parents bought our first Intel i386 computer. Playing 3D shooters like Wolfenstein and strategic games like Dune2 were my favorites.
At that time, I also got interested in tweaking and customizing computers as I tried to squeeze out every free bit of the 640Kb conventional memory from our MS-DOS based computer. This tweaking turned into a computer technology fascination and a few years later got me into hacking as well.
Where it went to from there
After finishing my studies in IT system administration in 1999, I joined an IT deployment and consultancy agency. This allowed me to work as a system and network engineer for many different companies and helped me to develop a strong expertise in networking and security architecture. After a decade I started working for one of the biggest application hosting providers in the Netherlands. During that period, I built up an even stronger knowledge of advanced networking and security technologies and got into offensive tool development as well.
My passion for cybersecurity and hacking grew to a level which made me realize that this was my path to go. After almost nine years I chose to follow that path by joining the Infosec industry as a professional ethical hacker and red teamer.
My vast experience and knowledge on computer systems, complex network environments and cybersecurity enables me to more easily identify security weaknesses within large companies and help them to improve their overall security posture. Furthermore, my passion for low-level computer technology and development allows me to write and replicate tools and techniques being used in targeted attacks.
My coolest project ever
I had the opportunity to do many cool projects in the past. From a security perspective my coolest project so far was a black box penetration test in which the customer told me that it was impossible to attack the target systems from the inside network because they were hosted in an external datacenter and shielded of using a VPN. A custom written payload helped me to get a foothold within the internal network and allowed me to compromise a client computer from a developer, which in turn had a VPN connection to the datacenter up and running. In the end of the day I was able to compromise the target systems while pivoting through the compromised client laptop its VPN connection and a steppingstone network.