WebFr33

your mind is the only limit

Security research. Breach analysis. Self-hosting guides. The armory for people who want to own their data, their systems, and their freedom. We break things responsibly so you don't have to learn the hard way.

the irony writes itself

The Dutch government spent millions on cybersecurity infrastructure. Then Odido leaked 3.7 million customer records because someone clicked a phishing link. The CJIB — the agency that collects your fines — got spoofed so convincingly that victims paid fake penalties. The DJI — the prison service — got hacked through an Ivanti VPN they were told to patch six months earlier.

Meanwhile, they tell citizens to "use strong passwords" and "be careful online."

The systems designed to protect you are broken. The people running them know they're broken. And the security vendors selling the fixes are the same ones who built the broken parts.

"The biggest joke in cybersecurity is the people telling you they have it under control."

INTEL files

INTEL-001

Tycoon 2FA phishing attack on GEA Family

A targeted phishing campaign against our own infrastructure. We caught it, documented it, and published the full analysis. Attack vector, indicators of compromise, and what we learned.

INTEL-002

CJIB phishing — when the government gets spoofed

The Dutch Central Judicial Collection Agency impersonated so well that citizens paid fake fines. How the attack worked, why it succeeded, and what it says about government email security.

INTEL-003

DJI Ivanti hack — the patch they didn't apply

The Dutch prison service breached through a VPN vulnerability that had a patch available for months. Timeline, impact, and the pattern of institutional negligence.

INTEL-004

Dutch breach master timeline — Odido + DJI + FBI correlation

Connecting the dots. Odido's 3.7 million records, DJI's Ivanti breach, and FBI's infrastructure warnings — same timeline, same patterns, same country. Not coincidence. Negligence.

the armory

Tools, templates, and guides for people who want to take control. Everything we use, we publish. Everything we build, we document.

self-host your email — full guide, no third-party dependencies
self-host your analytics — no Google required
file a Woo request — template + step-by-step
file a GDPR inzageverzoek — demand your data back
build your evidence chain — adapted for any breach
harden your server — intrusion detection, kernel hardening, access control
deploy with zero cloud — TLS, reverse proxy, sovereign stack

Coming soon. We're building it live. Watch us.