Kris Oosthoek

PhD Candidate Cyber Threat Intelligence

Delft University of Technology

Biography

Kris Oosthoek is CTI lead at a government agency in The Netherlands. He is a part-time PhD candidate with the Cyber Threat Intelligence Lab at Delft University of Technology. His research focuses on the extraction of CTI from host and network artifacts. Kris has worked in various technical positions based from the US, UK and Afghanistan. He holds an MSc from Erasmus University and several commercial cyber security certifications such as CISSP, GICSP, GCTI, GXPN, GRID.

Interests

Cyber Security
Threat Intelligence
Penetration Testing

Education

PhD in Cyber Threat Intelligence, current
Delft University of Technology
MSc in Strategic Management, 2012
Erasmus University Rotterdam
BSc in Informatics, 2010
Rotterdam University of Applied Sciences

Experience

PhD Candidate

Delft University of Technology

Sep 2018 – Present Delft

Research into cyber threat intelligence from network and host artifacts at the Delft Cyber Threat Intelligence Lab with Christian Doerr.

Senior SOC Cyber Threat Intelligence Analyst

Dutch National Government

Jan 2015 – Present The Netherlands

Responsibilities include:

Threat Intelligence
Security Operations
TIP Management

Accomplishments

GIAC Cyber Threat Intelligence (GCTI)

GIAC May 2018

Cyber Threat Intelligence practitioner certification from SANS. Covers the basics of CTI (fundamentals of strategic, operational, tactical analysis).

See certificate

GIAC Advanced Penetration Testing and Exploit Development (GXPN)

GIAC Aug 2017

Advanced penetration testing and exploiting certification from SANS. Covers cryptography exploitation, escaping restricted environments and advanced stack overflows for Windows and Linux.

See certificate

GIAC Response and Industrial Defense (GRID)

GIAC Jul 2017

Industrial cyber security and threat intelligence certification from SANS. Focuses on forensics, incident response and malware in industrial control environments. Also covers threat analysis for ICS-oriented threats.

See certificate

GIAC Global Industrial Cyber Security Professional (GICSP)

GIAC Jul 2015

Foundational industrial cyber security certification from SANS around architecture of industrial control systems.

See certificate

Certified Information Systems Security Professional

ISC2 May 2015

Managerial certification; bare cyber security fundamentals.

Recent Posts

Security Recommendations for Bitcoin hodlers

As follow-up on my Cryptocast appearance, some security recommendations for Bitcoin hodlers that don’t break the bank (your own bank).

Kris Oosthoek

Last updated on Apr 8, 2020 7 min read Blog

BNR Cryptocast

Cryptocasters! Het valt voor @Misssbitcoin en @hmblank @BNR niet altijd mee een podcast te maken vanuit huis, met gasten op afstand. Maar toch weer mooi als het lukt. Met @f00th0ld, die onderzoek deed @tudelft naar gehackte #exchanges.

Last updated on Apr 3, 2020 1 min read Media

From Hodl to Heist

How and where do you buy your Bitcoin? Via a P2P marketplace, decentralized exchange, or rather through Coinbase, Binance and the likes? Most people do so via the latter ones. Centralized exchange platforms are compelling to most users as they are easy to use.

Kris Oosthoek

Last updated on Mar 31, 2020 3 min read Original Research

ATT&CK Techniques and Trends in Windows Malware

Most cyber security practitioners are by now aware of the Mitre ATT&CK framework and the tremendous potential it holds for increasing the understanding and mitigation of adversary TTPs. Within the Computer Science realm however, the framework has caught less altitude than in the infosec blogosphere.

Kris Oosthoek

Last updated on Apr 1, 2020 2 min read Original Research