During the last edition of the Troopers security conference in March, I attended a talk about “JustMetaData”. It’s a tool developed by Chris Truncer to perform open source intelligence against IP addresses. Since then, I used this tool on a regular basis. Often when you’re using a tool, you have ideas to improve
I published the following diary on isc.sans.org: Hunting for Malicious Files with MISP + OSSEC.
Honestly, I never really played with Docker but… For a few weeks, I succumbed to the temptation of playing with Docker thanks to a friend who’s putting everything in docker containers. If you still don’t know Docker, here is a very brief introduction: Docker lets you run applications in a “container“. In this
Recently, I was involved in an incident handling mission to find how some confidential emails were being tracked. Let’s imagine a first scenario: Alice sends a mail to Bob. Bob reads Alice’s email and Alice gets notified. Nothing special, this is a standard feature offered by most commercial messaging solutions.
A quick blog post about an issue I faced this morning. While drinking my morning coffee and reviewing what happened during the last night in my logs, I detected that one of my website (leakedin.com) was entirely mirrored by a guy from Brazil. I’m not against sharing information but in this case,
[This blogpost has also been published as a guest diary on isc.sans.org] Visualisation is a key when you need to keep control of what’s happening on networks which carry daily tons of malicious files. virustotal.com is a key player in fighting malwares on a daily basis. Not only, you can submit
[This blogpost has also been published as a guest diary on isc.sans.org] When investigating incidents or searching for malicious activity in your logs, IP reputation is a nice way to increase the reliability of generated alerts. It can help to prioritize incidents. Let’s take an example with a WordPress blog. It will,
The SSL and TLS protocols have been on the front of the stage for months. Besides many vulnerabilities disclosed in the OpenSSL library, the deployment of SSL and TLS is not always easy. They are weak cyphers (like RC4), weak signatures, certificates issues (self-signed, expiration or fake ones). Other useful features are mis-understood
CMS or “Content Management Systems” became vey common for a few years. Popular CMS are WordPress, Drupal or Joomla. You can rent some space at a hosting provider for a few bucks or even find free hosting platforms. You can deploy them in a few minutes on your own server. Then, you
[This blogpost has also been published as a guest diary on isc.sans.org] Our houses and offices are more and more infested by electronic devices embedding a real computer with an operating system and storage. They are connected to network resources for remote management, statistics or data polling. This is called