Skip to content
/dev/random

/dev/random

"If the enemy leaves a door open, you must rush in." – Sun Tzu

  • About Me
    • About Me
    • Online Presentations
    • PGP Public Key
  • Disclaimer
  • Tools
    • alerts2afterglow
    • hoover
    • inotes.py
    • known_hosts_bruteforcer
    • pastemon
    • oplb
    • ossec_dashboard
    • ossec2dshield
    • twittermon
    • rrhunter
    • syslog2loggly

Category: ELK

Integrating VirusTotal within ELK

July 28, 2015 ELK, Security 2 comments

[This blogpost has also been published as a guest diary on isc.sans.org] Visualisation is a key when you need to keep control of what’s happening on networks which carry daily tons of malicious files. virustotal.com is a key player in fighting malwares on a daily basis. Not only, you can submit

Continue reading »

TweetSniff.py – a Python Tweets Grabber

December 23, 2014 ELK, Software 23 comments

For me, Twitter is not only a social network, it’s also a tool that I use daily to track and exchange news about information security with a large worldwide community of infosec profesionals. For a while, Twitter is my main source of information. When you are relying on a service

Continue reading »

Automatic MIME Parts Scanning with VirusTotal

December 15, 2014 ELK, Security 11 comments

Here is a Python script that I developed for my personal use: mime2vt.py. I decided to release it because I think it could be helpful for many of you. In 2012, I started a project called CuckooMX. The goal was to automatically scan attachments in emails with Cuckoo to find

Continue reading »

ownCloud & Elasticsearch Integration

September 8, 2014 ELK, Software 7 comments

For a while I left Dropbox and other cloud storage solutions and decided to host my own file exchange service based on owncloud.org. I’m using it to exchange files with my partners and customers and keep a full control of the service from A to Z. A major advantage of

Continue reading »

Check Point Firewall Logs and Logstash (ELK) Integration

August 28, 2014 ELK, Logs Management / SIEM 13 comments

It has been a while that I did not write an article on log management. Here is a quick how-to about the integration of Check Point firewall logs into ELK. For a while, this log management framework is gaining more and more popularity. ELK is based on three core components:

Continue reading »

Stay in Touch

RSS Twitter LinkedIn

Upcoming Events

Here is a list of events that I will attend and cover via Twitter and wrap-ups. Ping me if you want to meet! The list is regularly updated.

SANS Oslo 2022
FIRST TC Amsterdam 2022
Botconf 2022

Recent Articles

  • [SANS ISC] Malicious PowerShell Targeting Cryptocurrency Browser Extensions
  • [SANS ISC] Houdini is Back Delivered Through a JavaScript Dropper
  • [SANS ISC] Sandbox Evasion… With Just a Filename!
  • [SANS ISC] A ‘Zip Bomb’ to Bypass Security Controls & Sandboxes
  • [SANS ISC] Use Your Browser Internal Password Vault… or Not?

Popular Articles

  • Keep an Eye on SSH Forwarding! 43.3k views
  • Show me your SSID’s, I’ll Tell Who You Are! 41.5k views
  • Sending Windows Event Logs to Logstash 34.9k views
  • Check Point Firewall Logs and Logstash (ELK) Integration 31.9k views
  • Socat, Another Network Swiss Army Knife 30.4k views
  • Forensics: Reconstructing Data from Pcap Files 28k views
  • dns2tcp: How to bypass firewalls or captive portals? 25.8k views
  • Bruteforcing SSH Known_Hosts Files 22.1k views
  • Vulnerability Scanner within Nmap 21.1k views
  • Bash: History to Syslog 19.8k views

Recent Tweets

  • Hey @microsoft, any help to solve this: Your website is useless! The IP is safe, SPF & co in place! Please advice… twitter.com/i/web/status/15436…

    Yesterday at 16:19

  • On my way! #PTS22 pic.twitter.com/eLpy8He5yN

    Yesterday at 13:54

  • When you found a corporate document explaining “data confidentiality”… shared on VirusTotal! pic.twitter.com/FVtCkPc260

    July 2, 2022 09:30

  • And it started for 6h in a row! #FOR610 #SANSMunich pic.twitter.com/GuqiLJBj77

    July 2, 2022 07:07

  • Ready for the last #FOR610 day! #SANSMunich pic.twitter.com/WuyLaxTEWs

    July 2, 2022 05:16

Time Machine

RSS NVD Vulnerabilities Feed

  • CVE-2020-27509 (galaxkey) June 26, 2022
    Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the 'subject' field. The payload executes when the recipient logs into their mailbox.
  • CVE-2022-33122 (eyoucms) June 24, 2022
    A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page.
  • CVE-2022-33121 (minicms) June 24, 2022
    A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link.
  • CVE-2021-38879 (jazz_team_server) June 24, 2022
    IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 209057.
  • CVE-2021-39408 (online_student_rate_system) June 24, 2022
    Cross Site Scripting (XSS) vulnerability exists in Online Student Rate System 1.0 via the page parameter on the index.php file
  • CVE-2021-39409 (online_student_rate_system) June 24, 2022
    A vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an administrator without needing to be authenticated.
  • CVE-2021-29865 (jazz_team_server) June 24, 2022
    IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM […]
  • CVE-2021-20551 (jazz_team_server) June 24, 2022
    IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149.
Copyright Xavier Mertens © 2003-2022 | Powered by Xameco.
This website uses cookies to improve your experience. By using our services, you agree to our use of cookies. Accept Learn more
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT