I published the following diary on isc.sans.org: “DNS Query Length… Because Size Does Matter“. In many cases, DNS remains a goldmine to detect potentially malicious activity. DNS can be used in multiple ways to bypass security controls. DNS tunnelling is a common way to establish connections with remote systems. It is
I published the following diary on isc.sans.org: “Hunting for Malicious Excel Sheets“. Recently, I found a malicious Excel sheet which contained a VBA macro. One particularity of this file was that useful information was stored in cells. The VBA macro read and used them to download the malicious PE file.
After a nice evening with some beers and an excellent dinner with infosec peers, here is my wrap-up for the second day. Coffee? Check! Wireless? Check! Twitter? Check! As usual, the day started with a keynote. Window Snyder presented “All Fall Down: Interdependencies in the Cloud”. Window is the CSO
I’m back in Amsterdam for the 8th edition of the security conference Hack in the Box. Last year, I was not able to attend but I’m attending it for a while (you can reread all my wrap-up’s here). What to say? It’s a very strong organisation, everything running fine, a
I published the following diary on isc.sans.org: “Tracking Website Defacers with HTTP Referers”. In a previous diary, I explained how pictures may affect your website reputation. Although a suggested recommendation was to prevent cross-linking by using the HTTP referer, this is a control that I do not implement on my personal blog,
I published the following diary on isc.sans.org: “Whitelists: The Holy Grail of Attackers“. As a defender, take the time to put yourself in the place of a bad guy for a few minutes. You’re writing some malicious code and you need to download payloads from the Internet or hide your
I published the following diary on isc.sans.org: “Pro & Con of Outsourcing your SOC“. I’m involved in a project to deploy a SIEM (“Security Information &Event Management“) / SOC (“Security Operation Center“) for a customer. The current approach is to outsource the services to an external company also called a
I published the following diary on isc.sans.org: “Logical & Physical Security Correlation“. Today, I would like to review an example how we can improve our daily security operations or, for our users, how to help in detecting suspicious content. Last week, I received the following email in my corporate mailbox.