Koen Rouwhorst

personal blog

GitHub bug bounty hunting

Published on February 13, 2016

This blog post first appeared on Medium.

Last month, I went hunting for security bugs in GitHub, a popular platform for sharing and collaborating on code. After spending many hours mapping out GitHub’s infrastructure, and testing for weaknesses without any significant results or leads, I shifted my focus to the service providers. This is a write-up about two of the issues I found, which both have since been addressed.

Read more →


Dutch police are looking to buy Hacking Team spyware

Published on July 08, 2015

Hacking Team, the ethically bankrupt Milan-based company that sells surveillance technology to anyone willing to pay, got hacked. The hack was announced in a tweet last Sunday on the firm's own hacked Twitter account, accompanied with a link to a torrent file for a 400 GB archive comprising internal emails, financial documents and source code.

Read more →


FLYING PIG: GCHQ's TLS/SSL knowledge base

Published on December 17, 2013

Documents from the ICTR-NE (Information and Communications Technology Research - Network Exploitation) organization at the GCHQ show that it operates a program under the name FLYING PIG that provides analysts with information about secure communications over TLS/SSL. The primary motivation for this program was the increasing use of TLS/SSL by GCHQ targets, according to one of the documents.

The documents, originally published by Brazilian TV program Fantástico in September, provide an insightful look into the program that allows analysts to query the vast repository of metadata about the world's secure communications. In this article, I describe the program on the basis of some actual screen captures of its interface.

Read more →


No, the U.S. Army did not read the emails of a Belgian MP

Published on November 02, 2013

Today, someone pointed me at an article in Belgian newspaper De Standaard in which Karolien Grosemans, a Belgian MP of the New Flemish Alliance (N-VA), claimed the U.S. Army had read one of her emails. In this email she asked an expert for advice on a draft legislation on cyber attacks and security, hence the subject field of the email contained the words "cyberaanvallen" (cyber attacks) and "cyber security".

Read more →


No, the NSA was not behind the DigiNotar hack

Published on September 14, 2013

On Tuesday I found that former Dutch certificate authority DigiNotar, known for its security breach in 2011, was briefly mentioned in a Globo video report about NSA spying on Sunday. I documented the finding in a few tweets and put the four frames (of the same slide) that mentioned the name DigiNotar together in an album. Because the slide was only partly visible I had a difficult time making any sense of it. So, I wrote down what I considered to be plausible:

From the part of the text that is visible I suspect at least NSA's 'Flying Pig' was used in some investigation of the security breach.

Koen Rouwhorst on Twitter

Read more →