Woooow! Today I reached 1000 posts on my blog! I started “/dev/random” in January 2003. Why? I don’t remember exactly but the name says it: a potpourri of everything coming to my mind but always related to “IT”. Months after months, posts were oriented to my favorite topic: IT security.
Category: Uncategorized
Free Caribbean Cruise? Really?
I’m excited! I received my first phishing call today 😉 I received a call from a hidden number, picked up the phone and heard a message in English saying something like: “Congratulations! You just have won a free Caribbean cruise! To reclaim your prize, press 9. That’s the nine-key on
Introduction to Nmap Scripting
All people working with networks know the wonderful tool called Nmap. Basically, Nmap is a network scanner. It allows you to detect hosts on a network and services running on them. Just type “nmap <hostname|ip>” to perform a simple port scan. But Nmap can do much more! Host discovery, multiple
This Blog Turned Six!
I just realized that this blog just turned six years old! The first article (a simple test) was posted on January 14th 2003. The oldest pictures are missing (due to a migration to WordPress a few years ago) but all articles remain on line
ISSA Belgian Chapter Event: New ISSA event: Microsoft Windows Server 2008
Back from Microsoft Belgium where occurred an ISSA Belgian Chapter event about security of Microsoft Windows Server 2008. The speaker, Ronny Bjones, started with some historical facts about the Microsoft products and security. He explained why Microsoft had lot of security issues in the past, due to the way developers
Simple DLP with Ngrep
DLP stands for “Data Loss Prevention” or sometimes, “Data Leak Protection“. Companies primary goal is to make business. And their activities rely on their data (customers, databases, research results, statistics, source code, …). DLP is a security process which takes care of: monitoring, identify and protection of the data. The
WEP – Less and Less Unsafe
Recently a buzz started on the Internet: WPA (Wi-Fi Protected Access“) was cracked! But a lot of companies still use WEP (“Wired Equivalent Privacy“) to protect their Wi-Fi networks. Unfortunately, WEP is still less secure now! According to a paper from Erik Tews and Martin Beck, only 24000 captured packets
hack.lu Part #10
Here we go! Last half-day which started with “Browser Rootkits” presented by Julien Lenoir and Christophe Devaux (both from Sogeti). As already said yesterday, browsers are now fully part of the users desktop and installed by default. They presented their rootkits developed for Internet Explorer and Firefox! First idea: “browser
hack.lu Part #7
Last presentation on the planning: Patrick Hof and Jens Liebchen, from Redteam Pentesting, presented slides about JBoss and its configuration. The goal was to explain how to exploit a JBoss server and got a shell on the server. They got it! Jboss is based on a complex architecture and is
hack.lu Part #5
Back to the presentations… Ezequiel David Gutesman from Core Security Technologies presented a web application fuzzer. Why? Because web applications are very common (used everywhere) and consequences in case of attacks can be dramatic (loss of data, data theft, …) for companies. Countermeasure are WAF’s (Web Application Firewalls) coupled with