Here we go for the second wrap-up! DeepSec is over, flying back tomorrow to Belgium. My first choice today was to attend: “How To Create a Botnet of GSM-devices†by Aleksandr Kolchanov. Don’t forget that GSM devices are not only “phonesâ€. Aleksandr covered nice devices like alarm systems, electric sockets,
Hello from Vienna where I’m at the DeepSec conference. Initially, I was scheduled to give my OSSEC training but it was canceled due to a lack of students. Anyway, the organizers proposed to me to join (huge thanks to them!). So, here is a wrap-up of the first day! After
I published the following diary on isc.sans.edu: “My Little DoH Setup“: “DoH”, this 3-letters acronym is a buzzword on the Internet in 2019! It has been implemented in Firefox, Microsoft announced that Windows will support it soon. They are pro & con about encrypting DNS requests in  HTTPS but it’s not the
I published the following diary on isc.sans.edu: “Abusing Web Filters Misconfiguration for Reconnaissance“: Yesterday, an interesting incident was detected while working at a customer SOC. They use a “next-generation†firewall that implements a web filter based on categories. This is common in many organizations today: Users’ web traffic is allowed/denied based on an
I published the following diary on isc.sans.edu: “Microsoft Apps Diverted from Their Main Use“: This week, the CERT.eu organized its yearly conference in Brussels. Across many interesting presentations, one of them covered what they called the “cat’n’mouse” game that Blue and Red teams are playing continuously. When the Blue team has
This month was the “Cyber Security Month” and I had the idea to post a security tip on Twitter for the first day. Don’t ask me why. Then, I wrote a second one and decided to tweet something every day. We are now at the end of the day and
I published the following diary on isc.sans.edu: “Generating PCAP Files from YAML“: BEC or “Business Email Compromize” is a trending thread for a while. The idea is simple: a corporate mailbox (usually from a C-level member) is compromized to send legitimate emails to other employees or partners. That’s the very first
I published the following diary on isc.sans.edu: “Quick Malicious VBS Analysis“: Let’s have a look at a VBS sample found yesterday. It started as usual with a phishing email that contained a link to a malicious ZIP archive. This technique is more and more common to deliver the first stage via
I published the following diary on isc.sans.edu: “Security Monitoring: At Network or Host Level?“: Today, to reach a decent security maturity, the keyword remains “visibility”. There is nothing more frustrating than being blind about what’s happening on a network or starting an investigation without any data (logs, events) to process.
I published the following diary on isc.sans.edu: ““Lost_Files” Ransomware“: Are good old malware still used by attackers today? Probably not running the original code but malware developers are… developers! They don’t reinvent the wheel and re-use code published here and there. I spotted a ransomware which looked like an old one… [Read
