I published the following diary on isc.sans.edu: “Offensive Tools Are For Blue Teams Too“: Many offensive tools can be very useful for defenders too. Indeed, if they can help to gather more visibility about the environment that must be protected, why not use them? More information you get, more you
I published the following diary on isc.sans.edu: “Generating PCAP Files from YAML“: The PCAP file format is everywhere. Many applications generate PCAP files based on information collected on the network. Then, they can be used as evidence, as another data source for investigations and much more. There exist plenty of
I’m in Luxembourg for a full week of infosec events. It started today with the MISP summit. It was already the fifth edition and, based on the number of attendees, the tool is getting more and more popularity. The event started with a recap of what happened since the last
I published the following diary on isc.sans.edu: “Blocking Firefox DoH with Bind“: For a few days, huge debates have started on forums and mailing lists regarding the announce of Mozilla to enable DoH (DNS over HTTPS) by default in its Firefox browser. Since this announcement, Google also scheduled a move
After the 2018 DeepSec edition in November and the BruCON Spring Training in April, I’m happy to come back on the DeepSec 2019 schedule! OSSEC is sometimes described as a low-cost log management solution but it has many interesting features which, when combined with external sources of information, may help
I published the following diary on isc.sans.edu: “DSSuite – A Docker Container with Didier’s Tools“: If you follow us and read our daily diaries, you probably already know some famous tools developed by Didier (like oledump.py, translate.py and many more). Didier is using them all the time to analyze malicious
I’m in Washington, waiting for my flight back to Belgium. I just attended the 2019 edition of the OSSEC Conference, well more precisely, close to Washington in Herndon, VA. This was my first one and I’ve been honoured to be invited to speak at the event. OSSEC is a very
I published the following diary on isc.sans.edu: “Tracking Unexpected DNS Changes”: DNS is a key element of the Internet and, regularly, we read new bad stories. One of the last one was the Department of Homeland Security warning about recent DNS hijacking attacks. Indeed, when you want to visit the website ‘isc.sans.org’, you
I published the following diary on isc.sans.edu: “Using OSSEC Active-Response as a DFIR Framework”: In most of our networks, endpoints are often the weakest link because there are more difficult to control (example: laptops are travelling, used at home, etc).They can also be located in different locations even countries for
My training submission has been accepted at the BruCON Spring Training session in April 2019. This training is intended for Blue Team members and system/security engineers who would like to take advantage of the OSSEC integration capabilities with other tools and increase the visibility of their infrastructure behaviour. OSSEC is sometimes described as
