The popular web conference platform Zoom has been in the storm for a few weeks. With the COVID19 pandemic, more and more people are working from home and the demand for web conference tools has been growing. Vulnerabilities have been discovered in the Zoom client and, based on the fact
I published the following diary on isc.sans.edu: “Why Phishing Remains So Popular?“: Probably, some phishing emails get delivered into your mailbox every day and you ask yourself: “Why do they continue to spam us with so many emails? We are aware of phishing and it will not affect my organization!”
I published the following diary on isc.sans.edu: “Phishing Kit with JavaScript Keylogger”: Here is an interesting sample! It’s a phishing page which entice the user to connect to his/her account to retrieve a potentially interesting document. As you can see, it’s a classic one… [Read more]
When you are performing penetration tests for your customers, you need to build your personal arsenal. Tools, pieces of hardware and software are collected here and there depending on your engagements to increase your toolbox. To perform Wireless intrusion tests, I’m a big fan of the WiFi Pineapple. I’ve one for
On a daily basis, I’m looking for malicious emails. I own catch-all mailboxes that collect a huge amount of spam that I’m using to perform deeper analysis: to discover new tactics used by attackers and new piece of malicious code. Basically, they are two categories of phishing campaigns: the one sent to
Yesterday, It was the first time that I heard the expression “Social Engineering” in Belgian public media! If this topic came in the news, you can imagine that something weird (or juicy from a journalist perspective) happened. The Flemish administration had the good idea to test the resistance of their 15K officials
It’s a fact, in industries or on building sites, professional people make mistakes or, worse, get injured. Why? Because their attention is reduced at a certain point. When you’re doing the same job all day long, you get tired and lack of concentration. The same can apply in information security! For a long
In a previous post, I explained how I was happy to have been targeted by Indian phishers who called me to report an issue with my Windows computer. Last Saturday they called back. This time, my VM was ready but I had no time for them. I asked if it
You know what? I’m happy and proud to have received my first call from the “Microsoft Support“! When I came back at home, there was already three missed calls on my private line, all of them from a strange number (001453789410). A few minutes later, the phone started  to ring
Social networks are wonderful sources of information when you need to collect data about a potential target. That’s the way humans work, just like you and me: we like to share, we like to show what we do, where we travel. In short… we exist! During some projects, it’s very
