The popular web conference platform Zoom has been in the storm for a few weeks. With the COVID19 pandemic, more and more people are working from home and the demand for web conference tools has been growing. Vulnerabilities have been discovered in the Zoom client and, based on the fact
Category: Social Engineering
[SANS ISC] Why Phishing Remains So Popular?
I published the following diary on isc.sans.edu: “Why Phishing Remains So Popular?“: Probably, some phishing emails get delivered into your mailbox every day and you ask yourself: “Why do they continue to spam us with so many emails? We are aware of phishing and it will not affect my organization!”
WiNX: The Ultra-Portable Wireless Attacking Platform
When you are performing penetration tests for your customers, you need to build your personal arsenal. Tools, pieces of hardware and software are collected here and there depending on your engagements to increase yourÂ toolbox. To perform Wireless intrusion tests, I’m a big fan of the WiFi Pineapple. I’ve one for
How to Not Send Corporate Emails?
On a daily basis, I’m looking for malicious emails. I ownÂ catch-all mailboxes that collect a huge amount of spam that I’m using to perform deeperÂ analysis: to discover new tactics used by attackers and new piece of malicious code. Basically, they are two categories of phishing campaigns: the one sent to
The Rough Life of Defenders VS. Attackers
Yesterday, It wasÂ the first time that I heard the expressionÂ “Social Engineering” in Belgian public media! If this topic came in the news, you can imagine that something weird (or juicy from a journalist perspective) happened. The Flemish administration had the good idea to test the resistance of their 15K officials
When Security Makes Users Asleep!
It’s a fact, in industries or on building sites, professional people make mistakes or, worse,Â getÂ injured. Why? Because their attention is reduced at a certain point. When you’re doing the same job all dayÂ long, you get tired and lack of concentration. The same can apply in information security! For a long
Mr Microsoft Support is Back!
In a previous post, I explained how I was happy to have been targeted by Indian phishers who called me to report an issue with my Windows computer. Last Saturday they called back. This time, my VM was ready but I had no time for them. I asked if it
Hello Sir, This is the Microsoft Support Calling…
You know what? I’m happy and proud to have received my first call from the “Microsoft Support“! When I came back at home, there was already three missed calls on my private line, all of them from a strange number (001453789410). A few minutes later, the phone started Â to ring
Bypassing Premium LinkedIn Restriction with Google
Social networks are wonderful sources of information when you need to collect data about a potential target. That’s the way humans work, just like you and me: we like to share, we like to show what we do, where we travel. In short… we exist! During some projects, it’s very