I published the following diary on isc.sans.org: “How was your stay at the Hotel La Playa?“. I made the following demo for a customer in the scope of a security awareness event. When speaking to non-technical people, it’s always difficult to demonstrate how easily attackers can abuse of their devices and
Category: SANS Internet Storm Center
[SANS ISC Diary] Analysis of a Suspicious Piece of JavaScript
I published the following diary on isc.sans.org: “Analysis of a Suspicious Piece of JavaScript“. What to do on a cloudy lazy Sunday? You go hunting and review some alerts generated by your robots. Pastebin remains one of my favourite playground and you always find interesting stuff there. In a recent
[SANS ISC Diary] Many Malware Samples Found on Pastebin
I published the following diary on isc.sans.org: “Many Malware Samples Found on Pastebin“. pastebin.com is a wonderful website. I’m scrapping all posted pasties (not only from pastebin.com) and pass them to a bunch of regular expressions. As I said in a previous diary, it is a good way to perform
[SANS ISC Diary] Detecting Undisclosed Vulnerabilities with Security Tools & Features
I published the following diary on isc.sans.org: “Detecting Undisclosed Vulnerabilities with Security Tools & Features“. I’m a big fan of OSSEC. This tools is an open source HIDS and log management tool. Although often considered as the “SIEM of the poor”, it integrates a lot of interesting features and is fully configurable
[SANS ISC Diary] Quick Analysis of Data Left Available by Attackers
I published the following diary on isc.sans.org: “Quick Analysis of Data Left Available by Attackers“. While hunting for interesting cases, I found the following phishing email mimicking an UPS delivery notification… [Read more]
[SANS ISC Diary] IOC’s: Risks of False Positive Alerts Flood Ahead
I published the following diary on isc.sans.org: “IOC’s: Risks of False Positive Alerts Flood Ahead“. Yesterday, I wrote a blog post which explained how to interconnect a Cuckoo sandbox and the MISP sharing platform. MISP has a nice REST API that allows you to extract useful IOC’s in different formats.
[SANS ISC Diary] Malicious SVG Files in the Wild
I published the following diary on isc.sans.org: “Malicious SVG Files in the Wild“. In November 2016, the Facebook messenger application was used to deliver malicious SVG files to people [1]. SVG files (or “Scalable Vector Graphics”) are vector images that can be displayed in most modern browsers (natively or via
[SANS ISC Diary] Backup Files Are Good but Can Be Evil
I published the following diary on isc.sans.org: “Backup Files Are Good but Can Be Evil“. Since we started to work with computers, we always heard the following advice: “Make backups!”. Everytime you have to change something in a file or an application, first make a backup of the existing resources
[SANS ISC Diary] Who’s Attacking Me?
I published the following diary on isc.sans.org: “Who’s Attacking Me?“. I started to play with a nice reconnaissance tool that could be helpful in many cases – offensive as well as defensive. “IVRE” (“DRUNK” in French) is a tool developed by the CEA, the Alternative Energies and Atomic Energy Commission
[SANS ISC Diary] Using Security Tools to Compromize a Network
I published the following diary on isc.sans.org: “Using Security Tools to Compromize a Network“. One of our daily tasks is to assess and improve the security of our customers or colleagues. To achieve this use security tools (linked to processes). With the time, we are all building our personal toolbox