I break/fix computer security, uh, stuff! Currently freelance (whoo!). You can trust me (to break stuff).


You can e-mail me at (my first name) at zall.org. (key)


I've escaped academia; most recently, I was a student at the Vrije Universiteit Amsterdam, working with the security group there. My MSc thesis proposed automatically mitigating uninitialized value vulnerabilities.

I'm narcoleptic. Please let me stand when possible; sitting down makes me sleepy.

My native tongue is English; I also speak Dutch. (In fact, I am Dutch.)

stuff I like

I enjoy low-level computing, particularly compilers (including working with LLVM/gcc), kernel-level work and embedded platforms.

Did I mention breaking stuff? As well as boring ol' web security stuff (please don't use Wordpress), I've reported vulnerabilities in open source projects ranging from low-level memory overflow/disclosures (CVE-2013-1861 in MySQL) through simple TOCTOU problems (CVE-2015-8239 in sudo).

ScummVM logoI'm fascinated by old computer games. I'm involved in various open source projects in this vein, in particular ScummVM, GemRB and openc2e.

I love explaining stuff. I like giving talks! In 2015/2016, I helped teach a few CS bachelor program courses, and helped TA others.

Reverse engineering is great fun too; as well as taking apart old computer games, I've also applied my skills for analyzing embedded firmware, and for security work.

You, if you read all of that without closing your browser tab. Have a stroopwafel!