Skip to content
/dev/random

/dev/random

"If the enemy leaves a door open, you must rush in." – Sun Tzu

  • About Me
    • About Me
    • Online Presentations
    • PGP Public Key
  • Disclaimer
  • Tools
    • alerts2afterglow
    • hoover
    • inotes.py
    • known_hosts_bruteforcer
    • pastemon
    • oplb
    • ossec_dashboard
    • ossec2dshield
    • twittermon
    • rrhunter
    • syslog2loggly

Category: Splunk

SANS ISC

[SANS ISC] Using Bad Material for the Good

December 2, 2017 Logs Management / SIEM, SANS Internet Storm Center, Security, Splunk One comment

I published the following diary on isc.sans.org: “Using Bad Material for the Good“: There is a huge amount of information shared online by attackers. Once again, pastebin.com is a nice place to start hunting. As this material is available for free, why not use it for the good? Attackers (with

Continue reading »
MISP-Splunk Logo

Splunk Custom Search Command: Searching for MISP IOC’s

October 31, 2017 MISP, Security, Splunk 11 comments

While you use a tool every day, you get more and more knowledge about it but you also have plenty of ideas to improve it. I’m using Splunk on a daily basis within many customers’ environments as well as for personal purposes. When you have a big database of events,

Continue reading »
SANS ISC

[SANS ISC] Getting some intelligence from malspam

September 18, 2017 Malware, Security, Splunk One comment

I published the following diary on isc.sans.org: “Getting some intelligence from malspam“. Many of us are receiving a lot of malspam every day. By “malspam”, I mean spam messages that contain a malicious document. This is one of the classic infection vectors today and aggressive campaigns are started every week.

Continue reading »

KISS… Your Logs Too!

February 6, 2014 Logs Management / SIEM, Security, Splunk, Uncategorized 3 comments

If there is a gold principle in IT, that’s the one called “KISS“: “Keep It Simple and Stupid“. It says that systems will work best if they are kept simple rather than complex. Simplicity must be a key goal during the design phase. This sounds logical: Keep in mind that

Continue reading »

Stay in Touch

RSS Twitter LinkedIn

Upcoming Events

Here is a list of events that I will attend and cover via Twitter and wrap-ups. Ping me if you want to meet! The list is regularly updated.

SANS Oslo 2022
FIRST TC Amsterdam 2022
Botconf 2022

Recent Articles

  • [SANS ISC] Malicious Python Script Behaving Like a Rubber Ducky
  • Pass-The-Salt 2022 Wrap-Up
  • [SANS ISC] Malicious PowerShell Targeting Cryptocurrency Browser Extensions
  • [SANS ISC] Houdini is Back Delivered Through a JavaScript Dropper
  • [SANS ISC] Sandbox Evasion… With Just a Filename!

Popular Articles

  • Keep an Eye on SSH Forwarding! 43.4k views
  • Show me your SSID’s, I’ll Tell Who You Are! 41.6k views
  • Sending Windows Event Logs to Logstash 35k views
  • Check Point Firewall Logs and Logstash (ELK) Integration 32.1k views
  • Socat, Another Network Swiss Army Knife 30.5k views
  • Forensics: Reconstructing Data from Pcap Files 28.2k views
  • dns2tcp: How to bypass firewalls or captive portals? 26k views
  • Bruteforcing SSH Known_Hosts Files 22.4k views
  • Vulnerability Scanner within Nmap 21.1k views
  • Bash: History to Syslog 20k views

Recent Tweets

  • Back in Amsterdam! pic.twitter.com/xbbvVUGkuM

    Yesterday at 13:51

  • Hey Twitter, if you have to start from zero with a fresh #YARA rules repository, which one would your recommend? #LazyTweet

    August 12, 2022 17:30

  • Major electricity maintenance at home this morning… Dear UPS God, be with me! pic.twitter.com/loGdSGFj2x

    August 8, 2022 05:49

  • Interesting script: Looking for persistence artefacts left by #malware? Try “PersistenceSniper” github.com/last-byte/Persisten… #dfir #powershell

    August 4, 2022 07:18

  • The place was nice so I dropped a GoogleMap pin! pic.twitter.com/NIk4lzaFmf

    July 30, 2022 09:57

Time Machine

RSS NVD Vulnerabilities Feed

  • CVE-2022-20407 (android) August 11, 2022
    Product: AndroidVersions: Android kernelAndroid ID: A-210916981References: N/A
  • CVE-2022-20406 (android) August 11, 2022
    Product: AndroidVersions: Android kernelAndroid ID: A-184676385References: N/A
  • CVE-2022-20408 (android) August 11, 2022
    Product: AndroidVersions: Android kernelAndroid ID: A-204782372References: N/A
  • CVE-2022-20405 (android) August 11, 2022
    Product: AndroidVersions: Android kernelAndroid ID: A-216363416References: N/A
  • CVE-2022-20381 (android) August 11, 2022
    Product: AndroidVersions: Android kernelAndroid ID: A-188935887References: N/A
  • CVE-2022-20383 (android) August 11, 2022
    In AllocateInternalBuffers of g3aa_buffer_allocator.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222408847References: N/A
  • CVE-2022-20403 (android) August 11, 2022
    Product: AndroidVersions: Android kernelAndroid ID: A-207975764References: N/A
  • CVE-2022-20401 (android) August 11, 2022
    In SAEMM_RetrievEPLMNList of SAEMM_ContextManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post-authentication with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-226446030References: N/A
Copyright Xavier Mertens © 2003-2022 | Powered by Xameco.
This website uses cookies to improve your experience. By using our services, you agree to our use of cookies. Accept Learn more
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT