CTF Event BSides Limburg
Built the full infrastructure for a real-world Capture The Flag competition platform for BSides Limburg on a self-hosted Kubernetes cluster.
Try DemoBachelor of Electronics-ICT student at Thomas More Geel, passionate about IT infrastructure, cybersecurity, and building systems that scale. I turn complex problems into clean, reliable solutions.
A curious mind driven by technology, creativity, and a love for building things.
I am a final-year Bachelor of Electronics-ICT student (specialisation ICT) at Thomas More in Geel. My passion for technology and problem-solving has driven me to explore various aspects of IT, including infrastructure engineering, cybersecurity, networking, and software development. I enjoy tackling challenges and continuously improving my skills to stay ahead in the ever-evolving tech industry.
Outside of my studies, I have a variety of hobbies that help me maintain a balanced and creative lifestyle. I enjoy photography, capturing unique moments and landscapes. I also have a strong interest in strategy games and board games, which help me develop critical thinking and teamwork skills.
These hobbies, combined with my passion for IT, make me a well-rounded individual who is dedicated to achieving academic and professional success while also valuing creativity, teamwork, and personal growth.
Bachelor of Electronics-ICT, specialisation ICT
Thomas More Geel · 2023–2026 (expected)
Pentesting · Cybersecurity · Infrastructure · Kubernetes · Networking
Photography · Strategy & board games · Homelab tinkering · Building things
During my final year I completed a full-time cyber security internship where I designed and delivered a production-grade detection engineering project around Active Directory.
Resilix · Cyber Security Internship · 2026
For my internship at Resilix I built an end-to-end detection engineering project around Active Directory. I deployed a deliberately vulnerable AD lab (GOAD, Game of Active Directory) and a Microsoft Sentinel SIEM, then worked through a full attack chain from reconnaissance and enumeration all the way to domain compromise, so that every offensive technique could be paired with a reliable detection.
On the offensive side I executed and documented techniques such as Kerberoasting and AS REP roasting, password spraying, NTLM relay and coercion (PetitPotam), LLMNR and NBT NS poisoning, MITM6, Bloodhound enumeration, AD CS abuse, LSASS and LSA secret dumping, DCSync, SMB-based code execution, and DNS A record injection (CVE‑2025‑33073). For each technique I engineered KQL analytics rules in Microsoft Sentinel, calibrated thresholds against baseline traffic to limit false positives, and verified that each rule fired against live attack traffic.
Alongside the detections I wrote a remediation guide covering hardening measures for every attack class, and delivered a full realization document as the formal internship deliverable.
This internship taught me that a detection only has value once it survives contact with real attack traffic and real background noise. Writing the queries was the easy part. The hard part was calibrating thresholds so a password spray rule alerts on an actual attack without drowning the analyst in failed logon noise from everyday users. Forcing myself to attack first and detect second changed how I think. I stopped writing rules for the textbook version of a technique and started writing them for the messy events that Windows actually logs. I also learned how much the deliverable itself matters, because a finding that a colleague cannot reproduce or remediate from my documentation simply does not exist. That is why I paired every detection with a concrete remediation and clear evidence.
A selection of projects I've built, contributed to, or am proud of. Click any card to read more.
Built the full infrastructure for a real-world Capture The Flag competition platform for BSides Limburg on a self-hosted Kubernetes cluster.
Try Demo
Designed and built a full Security Operations Center on a home lab with Security Onion, OPNsense, TLS inspection, and custom alerting software.
A complete hosting platform with automated deployments, containerised services, and scalable infrastructure built from the ground up.
Try Demo
A secure NFC-based digital voting system with card authentication, a management dashboard, and real-time result tallying.
Try Demo
A demo project showing how REST APIs can be consumed in Windows PowerShell to retrieve real-time public transport data.
Designed and assembled a custom drone from scratch, including electronics, soldering, flight controller programming, and calibration.
A custom Kubernetes monitoring dashboard with real-time cluster visibility, per-user isolated instance management, and automated docker-compose-to-Kubernetes conversion.
Try Demo
A fully local security scanner that runs inside VS Code, active web scanning, a Burp-style HTTPS recording proxy, and static analysis (SAST/SCA/IaC/container) driven through a custom MCP server.
Self-hosted infrastructure running Proxmox with multiple VMs and containers, used for learning, experimentation, and as the backbone for other projects.
Select a domain below to explore my technical competences in depth.
This section documents my independent security research, conducted in my own time outside of coursework and employment. All findings are responsibly disclosed to vendors before publication.
A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME (Windows 64-bit) allows a local attacker to escalate privileges via DLL side-loading. The application loads DLL dependencies using the default Windows search order, which includes directories writable by unprivileged users. Because the application always executes with administrative privileges and performs no integrity or signature verification on loaded libraries, an attacker can plant a crafted DLL in a user-writable path that is searched before trusted system locations, causing attacker-controlled code to run with elevated privileges. Affects all versions up to and including 2.0.5.
Beyond the published CVE, I actively research Windows desktop software attack surfaces, focusing on privilege escalation chains, insecure service configurations, and DLL loading weaknesses in consumer applications.
Several additional findings are currently in active vendor coordination and have not yet been publicly disclosed. Details will be published here once the responsible disclosure process is complete.
All research follows responsible disclosure practices: vendors are contacted privately and given adequate time to patch before any public release.
My academic path from secondary school through to my Bachelor's degree, along with the skills and competences I developed along the way.
Thomas More Hogeschool, Geel
Thomas More Hogeschool, Geel
Thomas More Hogeschool, Geel
Interested in working together or just want to say hi? Feel free to reach out.
Interested in collaborating or want to know more? Feel free to reach out via email or connect with me on LinkedIn.
Send an Email Download PGP