I back in Amsterdam for the third time this month. Today, it is to participate to the Hack In The Box conference. This is already the 4th one, time flies! Like the previous editions, the event is organised at the Okura hotel, a very nice place. Thanks to the Easter
Category: Security
Review: Penetration Testing – Setting Up a Test Lab How-To
I’m just back from an Easter break with $WIFE and $KIDS but it does not mean that I was completely disconnected. Between familly activities, I read some items pending in my todo list. One of them was the book called “Penetration Testing – Setting Up a Test Lab How-To” from
HITB Amsterdam 2013 Wishlist
The next edition of Hack In The Box gets closer! It will be held next week in Amsterdam. Thank to the organizers, I get a press pass and I’ll again be back for two days at the Okura hotel to cover the conference. I’ll tweet live (follow the official #HITB2013AMS hashtag) and
Are You Using “NAC” like “No Access Control”?
An interesting reflexion about a situation I faced while performing a pentest for a customer. The scope was the internal network or “show me what an attacker could access from a rogue device“. A very wide scope indeed… The customer is using a NAC (“Network Access Control“) solution to allow
BlackHat Europe 2013 Wrap-Up Day #2
And we are back with the second wrap-up of BlackHat Europe 2013! Â After a dinner with friends and some beers at Rapid7 and IOActive parties, I went back to the hotel to finish the first day wrap-up. I woke up, tool shower, grab some coffee and I’m ready for the
BlackHat Europe 2013 Wrap-Up Day #1
Hello Everyone, it’s BlackHat time again! Here is my wrap-up for the first day. Yesterday evening, after a safe drive to Amsterdam with @corelanc0d3r, we went out for dinner and had good times with other friends and guys from the Rapid7 team who maintain the Cuckoo project. The conference is
WordPress GET Requests Flood?
Let me share this story with you. I faced a strange incident last Saturday. My web server was flooded with thousands of GET HTTP requests generated by WordPress blogs. Those connections apparently seemed legit. The “attack“, let’s call it like this in a first time even if I don’t think
BlackHat Europe 2013 Wishlist
Here we go with a new season of security conferences! BlackHat Europe is the first big event for  me this year. The conference is back in Amsterdam this week for two days full of interesting briefing sessions and workshops. Again this time, the BlackHat organization provided me a press
OWASP Belgium Chapter Wrap-Up March 2013
Here is a quick wrap-up of the first OWASP Belgium Chapter meeting of 2013 organised today in Leuven. SecAppDev is running this week so it was a good opportunity to bring some trainers for an evening meet up: Yves Younan and Steven Murdoch. Lieven, from the OWASP team, made a
Apkscan: Live Android Malware Analysis
Mobile devices are more and more seen as nice targets from attackers’ point of view. Which is easily understandable: the market is exploding and people still don’t realize that a mobile device is not only a mobile “phone” but a mobile “computer” with an operating system, I/Os and… applications! The