I published the following diary on isc.sans.org: “Version control tools aren’t only for Developers“. When you start to work on a big project or within a team of developers, it is very useful to use a version control system. The most known are probably ’svn’ or ‘git’. For developers, such
I published the following diary on isc.sans.org: “Base64 All The Things!“. Here is an interesting maldoc sample captured with my spam trap. The attached file is “PO# 36-14673.DOC” and has a score of 6 on VT. The file contains Open XML data that refers to an invoice.. [Read more]
I published the following diary on isc.sans.org: “Investigating Security Incidents with Passive DNS“. Sometimes when you need to investigate a security incident or to check for suspicious activity, you become frustrated because the online resource that you’re trying to reach has already been cleaned. We cannot blame system administrators and
When you are performing penetration tests for your customers, you need to build your personal arsenal. Tools, pieces of hardware and software are collected here and there depending on your engagements to increase your toolbox. To perform Wireless intrusion tests, I’m a big fan of the WiFi Pineapple. I’ve one for
I published the following diary on isc.sans.org: “The easy way to analyze huge amounts of PCAP data“. When you are investigating a security incident, there are chances that, at a certain point, you will have to dive into network traffic analysis. If you’re lucky, you’ll have access to a network capture.
I published the following diary on isc.sans.org: “Getting some intelligence from malspam“. Many of us are receiving a lot of malspam every day. By “malspam”, I mean spam messages that contain a malicious document. This is one of the classic infection vectors today and aggressive campaigns are started every week.
I published the following diary on isc.sans.org: “Another webshell, another backdoor!“. I’m still busy to follow how webshells are evolving… I recently found another backdoor in another webshell called “cor0.id”. The best place to find webshells remind pastebin.com. When I’m testing a webshell, I copy it in a VM located
Here we go with a quick wrap-up of the second day. It started smoothly around 09:00 and was dedicated to more technical talks. After some refill of coffee, I was ready to follow all talks presented in the main track.
There are more and more infosec events worldwide and it’s always nice to attend new events and meet new people. This time, it is the case with FSEC. First visit to this security conference organized in Varazdin, Croatia. I had the honor to be invited as a speaker. This is already
Just a quick blog post about an interesting sample that I found today. Usually, modern pieces of malware implement anti-debugging and anti-VM techniques. They perform some checks against the target and when a positive result is found, they silently exit… Such checks might be testing the screen resolution, the activity