March 2013 - /dev/random

Are You Using “NAC” like “No Access Control”?

March 25, 2013 Pentesting, Security, Uncategorized 2 comments

An interesting reflexion about a situation I faced while performing a pentest for a customer. The scope was the internal network or “show me what an attacker could access from a rogue device“. A very wide scope indeed… The customer is using a NAC (“Network Access Control“) solution to allow

Review: Wireshark Starter

March 22, 2013 Software Leave a comment

Here is a quick review of a book about the well-known network sniffer: Wireshark. This book is part of new collection called “Instant” edited by Packt Publishing. This is an interesting idea for people who don’t have time/don’t want to read a classic 200-pages book or that need to go

BlackHat Europe 2013 Wrap-Up Day #2

March 15, 2013 Event, Security 2 comments

And we are back with the second wrap-up of BlackHat Europe 2013! Â After a dinner with friends and some beers at Rapid7 and IOActive parties, I went back to the hotel to finish the first day wrap-up. I woke up, tool shower, grab some coffee and I’m ready for the

BlackHat Europe 2013 Wrap-Up Day #1

March 14, 2013 Event, Security 11 comments

Hello Everyone, it’s BlackHat time again! Here is my wrap-up for the first day. Yesterday evening, after a safe drive to Amsterdam with @corelanc0d3r, we went out for dinner and had good times with other friends and guys from the Rapid7 team who maintain the Cuckoo project. The conference is

WordPress GET Requests Flood?

March 11, 2013 Incident Management 2 comments

Let me share this story with you. I faced a strange incident last Saturday. My web server was flooded with thousands of GET HTTP requests generated by WordPress blogs. Those connections apparently seemed legit. The “attack“, let’s call it like this in a first time even if I don’t think

BlackHat Europe 2013 Wishlist

March 10, 2013 Event, Security 4 comments

Here we go with a new season of security conferences! BlackHat Europe is the first big event for Â me this year. The conference is back in Amsterdam this week for two days full of interesting briefing sessions and workshops. Again this time, the BlackHat organization provided me a press

OWASP Belgium Chapter Wrap-Up March 2013

March 5, 2013 Belgium, Event, Security 9 comments

Here is a quick wrap-up of the first OWASP Belgium Chapter meeting of 2013 organised today in Leuven. SecAppDev is running this week so it was a good opportunity to bring some trainers for an evening meet up: Yves Younan and Steven Murdoch. Lieven, from the OWASP team, made a