If you are the administrator of an online forum, a wiki or any website which accepts user data, you problably also know this feeling: Bots are a pain and fighting them looks like an endless loop! Your websites are constantly scanned by bots which try to create fake accounts then
Category: Software
Cuckoo: Increasing the Power of Malware Behavior Reporting With Signatures
The new version (0.4) of Cuckoo, the open source  malware analysis system has been released this week. That’s a great news! The list of changes and new features is very impressive. So big that an upgrade is not recommended. In my case, I just installed a brand new Cuckoo instance.
CuckooMX: Automating Email Attachments Scanning with Cuckoo
Today, classic anti-virus protections are not enough reliable to protect against modern malwares. To have a better understanding and, if possible, block them, it’s best to execute the code in a safe environment and to analyze its behaviour. Does it create new processes or files, are outbound connections performed via
Attackers Geolocation in OSSEC
If you follow my blog on a regularly basis, you probably already know that I’m a big fan of OSSEC. I’m using it to monitor all my personal systems (servers, labs, websites, etc). Being a day-to-day user, I have always new ideas to extend the product , by using 3rd
Pastemon.pl Upgrade
Just a quick blog post to announce that I just committed a new version of my pastemon.pl tool on github.com. I’ll present it (and the associated website leakedin.com) this Thursday at HITB Amsterdam during a SIGINT session. What’s new with this version? First some bug fixes! (yes, I’m writing buggy
What Are You Sharing with Dropbox?
Dropbox is a well-known online service which allows you to share files between computers. If, in the past few months, new outsiders came on the same market, Dropbox remains the number one. If files are synchronized between Dropbox software clients, they also provide features to share files with third-party who
Monitor your Monitoring Tools
We (and I’m fully part of it) deploy and use plenty of security monitoring tools daily. As our beloved data is often spread across complex infrastructures or simply across multiple physical locations, we have to collect interesting information and bring them in a central place for further analysis. That’s called
Are you Making the Most of your Security Tools?
After some wrap-ups, let’s come back with a more practical blog post. I like to keep a good balance between hands-on and wrap-ups or theoretical articles. Today, it’s almost impossible to implement a good security without buying some commercial tools. At least, you have a corporate firewall provided by a
More Granularity in Your Apache Logs
The Apache Foundation released the new version of their very popular Apache web server. Lot of interesting changes have been introduced in this release. From my point of view (and because it’s one of my favorite topics), a very interesting change is the way Apache handles now its logs. Your
Back to the “Corner Shop”?
This is just a small reflexion about the last Notepad++ story. Notepad++ is a powerful and free alternative to the original Notepad application delivered with all Windows operating systems. The Notepad++ developer reported that his application was found on a download portal wrapped with a new installer which also installed