I published the following diary on isc.sans.org: “Detecting Undisclosed Vulnerabilities with Security Tools & Features“. Iâ€™m a big fan of OSSEC. This tools is an open source HIDS and log management tool.Â Although often considered asÂ the “SIEM of the poor”, it integrates a lot of interesting features and is fully configurable
I published the following diary on isc.sans.org: Hunting for Malicious Files with MISP + OSSEC.
[This blogpost has also been published as a guest diary on isc.sans.org] When investigating incidents or searchingÂ for malicious activity in your logs, IP reputation is a nice way to increase the reliability of generated alerts. It can help to prioritize incidents. Let’s takeÂ an example with a WordPress blog. It will,
Just a link to my guest diary posted today on isc.sans.edu. I briefly introduced a method to perform permanent vulnerability scanning of newly detected hosts. The solutionÂ is based on OSSEC, ArpWatch and Nmap. The article is here.
For a while, malwares are in front of the security stage and the situation is unlikely to change in the coming months.Â When I give presentations about malwares, I always like to report two interesting statistics in my slides. They come from the 2012 Verizon DBIR: In 66% of investigated incidents,
The Amazon conference “re:Invent” is taking place in Las Vegas at the moment. For a while, I’m using the Amazon cloud services (EC2) mainly to run lab and research systems. Amongst the multiple announcements they already made during the conference, one of them caught my attention: “CloudTrail“. Everything has already
FIM or “File Integrity Monitoring” can be defined as the process of validating the integrityÂ of operating systemÂ and applications filesÂ with a verification method using a hashing algorythm like MD5 or SHA1 and then comparing the currentÂ file state with a baseline. A hash will allow the detection of files content modification but
It looks that our beloved DNS protocol is again the center of interest for some security $VENDORS. For a while, I see more and more the expression “DNS Firewall” used in papers or presentations. It’s not a new buzz… The DNS protocol is well-known to be a excellent vector of
Implementing a good log management solution is not an easy task! If your organisation decides (should I add “finally“?) to deploy “tools” to manage your huge amount of logs, it’s a very good step forward but it must be properly addressed. Devices and applications have plenty of ways to generate
I’m currently attending the Hashdays security conference in LucerneÂ (Switzerland). Yesterday I attended a first round of talks (the management session). Amongst all the interesting presentations, Alexander Kornbrust got my attention with his topic: “Self-Defending Databases“. Alexander explained how databases can be configured to detect suspicious queries and prevent attacks. Great