The “diff” command is a very nice tools in *NIX environments to compare the content of two files. But there are some situations where diff is a pain to use. The classic case is when you need to compare many files from different directory trees (by example two different releases
Automatic Extraction of Data from Excel Sheet
Excel sheetsÂ are very common files in corporate environments. It’s definitively not a security tool but it’s not rare to find useful information stored in such files. When these data must be processed for threat hunting or to collect IOC’s, it is mandatory to automate, as much as possible, the processing
[SANS ISC] Systemd Could Fallback to Google DNS?
I published the following diary on isc.sans.org: “Systemd Could Fallback to Google DNS?“. Google is everywhere and provides free services to everyone. Amongst the huge list of services publicly available, there are the Google DNS, well known as 126.96.36.199, 188.8.131.52 (IPv4) and 2001:4860:4860::8888, 2001:4860:4860::8844Â (IPv6)… [Read more]
xip.py: Executing Commands per IP Address
During a penetration test, I had to execute specific commands against some IP networks. Those networks were represented under the CIDR form (network/subnet). Being a lazy guy, I spent some time to write a small Python script to solve this problem. The idea was based on the “xargs” UNIX command
Integrating OSVDB into Ubuntu/Unity
Recently I upgraded my laptop with the latest Ubuntu release (12.04-LTS). For a few releases, Ubuntu switched from Gnome to Unity and I’m happy to use it since the 11.04 version! I know that this choice has caused a lot of debates between the aficionados of both GUI but it
Bruteforcing SSH Known_Hosts Files
OpenSSH is a common tool for most of network and system administrators. It is used daily to open remote sessions on hosts to perform administrative tasks. But, it is also used to automate tasks between trusted hosts. Based on public/private key pairs, hosts can exchange data or execute commands via
Socat, Another Network Swiss Army Knife
Infosec guys are lazy people. At least in my case! There is nothing much boring that typing long shell commands or to perform recurrent tasks. After all, computers are made to make our life easier. Let them work for us! UNIX is a wonderful environment. There are plenty ways to
Ubuntu Will Introduce the “Social” Desktop?
Some news have been disclosed about the next release of Ubuntu called “Lucid Lynx“. This new distribution is logically planned for April 2010 and will introduce, amongst a long list of new features, the “desktop socialization”. Mark Shuttleworth, the founder of Ubuntu, explained in an interview that the desktop will
UNIX Turns 40!
The very first version of the UNIX operating system was born in Augustus 1969! Its early name was Multics (“Multiplexed Information and Computing Service“). Years after years new branches started to build a huge family of different operating systems, all of them descending from the same origin. It has always
Unix OS Security Audit/Assurance Program
I’m just back from the last ISACA Belgian Chapter meeting. Topic of today was about the UNIX OS security audit process. A very large topic! The speaker was Sanjay Vaid. For years now, Linux is deployed in business environment. Linux systems can take several forms: applications servers (print, files, web,