The third day is already over! Today the regular talks were scheduled split in three tracks: offensive, defensive and a specific one dedicated to SAP. The first slot at 09:00 was, as usual, a keynote. Enno Rey presented ten years of TROOPERS. What happened during all those editions? The main
This is my wrap-up for the 2nd day of “NGI” at TROOPERS. My first choice for today was “Authenticate like a boss” by Pete Herzog. This talk was less technical than expected but interesting. It focussed on a complex problem: Identification. It’s not only relevant for users but for anything
I’m in Heidelberg (Germany) for the 10th edition of the TROOPERS conference. The regular talks are scheduled on Wednesday and Thursday. The two first days are reserved for some trainings and a pre-conference event called “NGI” for “Next Generation Internet” focusing on two hot topics: IPv6 and IoT. As said on
I published the following diary on isc.sans.org: “Searching for Base64-encoded PE Files“. When hunting for suspicious activity, it’s always a good idea to search for Microsoft Executables. They are easy to identify: They start with the characters “MZ” at the beginning of the file. But, to bypass classic controls, those
I published the following diary on isc.sans.org: “Example of Multiple Stages Dropper“. If some malware samples remain simple (see my previous diary), others try to install malicious files in a smooth way to the victim computers. Here is a nice example that my spam trap captured a few days ago. The
For the last 24 hours, the Twitter landscape has seen several official accounts hacked. The same Tweet was posted thousand times. It was about the political conflict between Turkey and Holland: Many other accounts were affected (like the one of the EU Commission). Usually, Twitter accounts are hijacked simply due
Next week, it’s already the 10th edition of the TROOPERS conference in Heidelberg, Germany. I’ll be present and cover the event via Twitter and daily wrap-ups. It will be my 3rd edition and since the beginning, I was impressed by the quality of the organization from the content point of view
I published the following diary on isc.sans.org: “Retro Hunting!“. For a while, one of the security trends is to integrate information from 3rd-party feeds to improve the detection of suspicious activities. By collecting indicators of compromize, other tools may correlate them with their own data and generate alerts on specific conditions.
I published the following diary on isc.sans.org: “The Side Effect of GeoIP Filters“. IP location, GeoIP or Geolocalization are terms used to describe techniques to assign geographic locations to IP addresses. Databases are built and maintained to link the following details to IP addresses: Country Region City Postal code Internet Service Provider Coordinates
I published the following diary on isc.sans.org: “Not All Malware Samples Are Complex“. Everyday we hear about new pieces of malware which implement new techniques to hide themselves and defeat analysts. But they are still people who write simple code that just “do the job”. The sample that I’m reviewing today had a very
