I published the following diary on isc.sans.edu: “Dissecting Malicious Office Documents with Linux”: A few months ago, Rob wrote a nice diary to explain how to dissect a (malicious) Office document (.docx). The approach was to use the OpenXML SDK with Powershell. This is nice but how to achieve the
I published the following diary on isc.sans.org: “A Suspicious Use of certutil.exe“: The Microsoft operating system is full of command line tools that help to perform administrative tasks. Some can be easily installed, like the SysInternal suite[1] and psexec.exe, others are builtin in Windows and available to everybody. The presence of
Who said that all computers are connected today? They are many classified environments where computers can simply never connect to the wild Internet. But sometimes, you need to install some pieces of software from online resources. The classic case is Python modules. Let’s take a practical example with the PyMISPÂ which
Tracking users with privileged access is a critical task in your security policy (SANS Critical Security Control #12). If the key point is to restrict the number of “power users” to the lowest, it’s not always easy. Most of them will argue that they need administrator rights “to be able to
All modern Unix operating systems provide softwares as packages. I remember the good old times in the ’90s when you had to compile all the applications from their source code. Compiling source code has advantages: you enable only the features you need and perform configuration tweaks as you want. But
Today, we have powerful tools to take care of our logs. There are plenty of solutions to collect and process them in multiple ways to make them more valuable. Of course, I have one of those tools to process my logs. However, I’m still often using the old good “tail
Blogs are made to provide valuable content to readers (well, I hope for my readers). This time, nothing related to security though… Recently, I built a new virtualization platform at home based on XenServer 6.2. Why the Citrix solution? Just because the box has 72GB of memory and the free version
Recently I upgraded my laptop with the latest Ubuntu release (12.04-LTS). For a few releases, Ubuntu switched from Gnome to Unity and I’m happy to use it since the 11.04 version! I know that this choice has caused a lot of debates between the aficionados of both GUI but it
“Vulnerability Management“… This is an important topic for your corporate security. One of the steps in this process is the monitoring of your applications and operating systems. With hundreds (thousands?) of devices connected to your network, how to keep an eye on the applications and patches installed on all of
Yesterday, I faced a very strange story that I would like to tell you to prove the importance of “integrity” in information security. Wikipedia defines data integrity as following: “Data Integrity in its broadest meaning refers to the trustworthiness of system resources over their entire life cycle.“ The “entire life
