I published the following diary on isc.sans.edu: “Generating PCAP Files from YAML“: BEC or “Business Email Compromize” is a trending thread for a while. The idea is simple: a corporate mailbox (usually from a C-level member) is compromized to send legitimate emails to other employees or partners. That’s the very first
I published the following diary on isc.sans.edu: “Generating PCAP Files from YAML“: The PCAP file format is everywhere. Many applications generate PCAP files based on information collected on the network. Then, they can be used as evidence, as another data source for investigations and much more. There exist plenty of
After the MISP Summit on Monday, hack.lu, here is a quick review of the third event I’m attending in my crazy week in Luxembourg: BSides Luxembourg! It was already the 3rd edition (and the 2nd for me). The message is clear: this event focus on the “blue team” side, don’t
And here is my third and last wrap-up for the 2019 edition of hack.lu! The last day is always harder for many people after the social event but I was on time to follow the first talk: “Beyond Windows Forensics with Built-in Microsoft Tooling” by Thomas Fischer. Thomas’s goal was
After a short night playing the CTF and a lot of morning coffee, I was ready for the second day… It started with a hot-topic: “Sensor & Logic Attack Surface of Driverless Vehicles” presented by Zoz. Even if not yet common on our roads today, self-driving cars (or cars with
Hello Readers! The first day of the hack.lu conference is already over, here is my wrap-up! The event started around 10:30, plenty of time to meet friends around a first coffee!
I’m in Luxembourg for a full week of infosec events. It started today with the MISP summit. It was already the fifth edition and, based on the number of attendees, the tool is getting more and more popularity. The event started with a recap of what happened since the last
I published the following diary on isc.sans.edu: “Quick Malicious VBS Analysis“: Let’s have a look at a VBS sample found yesterday. It started as usual with a phishing email that contained a link to a malicious ZIP archive. This technique is more and more common to deliver the first stage via
I published the following diary on isc.sans.edu: “Security Monitoring: At Network or Host Level?“: Today, to reach a decent security maturity, the keyword remains “visibility”. There is nothing more frustrating than being blind about what’s happening on a network or starting an investigation without any data (logs, events) to process.
This BruCON edition (also called “0x0B”) is already over! This year, we welcomed more than 500 hackers from many countries to follow wonderful speakers and learn new stuff with practical workshops. Like the previous editions, I played with the network deployed for our attendees. Here is a short debriefing of