Midnight Blue is a boutique security consultancy firm specializing in embedded systems security. We provide various consultancy services ranging from reverse engineering and security assessments to defensive design in order to help our clients mitigate a wide variety of threats such as unauthorized access, tampering and theft of confidential data or intellectual property.
We have years of experience in IT and OT security and have found numerous vulnerabilities in everything from the Programmable Logic Controllers (PLCs) used in critical infrastructure environments to enterprise firewalls and state-of-the-art intrusion detection systems.
Jos Wetzels holds a Master's Degree in Computer Science & Engineering from Eindhoven University of Technology (TU/e). He previously worked as a researcher at the Distributed and Embedded Security group (DIES) at the University of Twente (UT) where he developed exploit mitigation solutions for constrained Industrial Control Systems (ICS) used in critical infrastructure, performed various security analyses of state-of-the-art network and host-based intrusion detection systems and has been involved in the AVATAR research project regarding on-the-fly detection and containment of unknown malware and Advanced Persistent Threats.
He has spoken at various international security conferences such as Black Hat, USENIX Enigma, Chaos Communication Congress, REcon, OffensiveCon, CanSecWest, Infiltrate, hardwear.io and Swiss Cyber Storm and has assisted teaching hands-on offensive security classes for graduate students at the Dutch Kerckhoffs Institute for several years.
Carlo Meijer is a PhD student at Radboud University Nijmegen (RU). His research focuses on the analysis of cryptographic systems deployed in the wild. He is known for his work on the security of so-called Self-Encrypting Drives (SEDs). Furthermore, he is known for breaking a hardened variant of Crypto1, the cipher used in the Mifare Classic family of cryptographic RFID tags. Finally, he co-authored research into default passwords in consumer routers as deployed by ISPs in the Netherlands. All three studies have uncovered major security shortcomings with widespread impact.
At RU, he is an exercise class teacher for two courses, namely Hacking in C and Operating System Security. Both of which aim to give students hands-on practical experience with binary exploitation, in-depth knowledge of several mitigation schemes and their respective bypasses.