I published the following diary on isc.sans.org: “Analysis of a Paypal phishing kit“. They are plenty of phishing kits in the wild that try to lure victims to provide their credentials. Services like Paypal are nice targets and we can find new fake pages almost daily. Sometimes, the web server isn’t
I published the following diary on isc.sans.org: “Increase of phpMyAdmin scans“. PMA (or “phpMyAdmin”) is a well-known MySQL front-end written in PHP that “brings MySQL to the web” as stated on the web site. The tool is very popular amongst web developers because it helps to maintain databases just by using
Many infosec professionals joined Las Vegas to attend the BlackHat security conference. As I’m not part of those lucky people so I’m waiting for the presentations (they are published when the talk is completed). But I don’t have time to lose sitting in front of my computer and pressing F5… So let’s
I published the following diary on isc.sans.org: “TinyPot, My Small Honeypot“. Running honeypots is always interesting to get an overview of what’s happening on the Internet in terms of scanners or new threats. Honeypots are useful not only in the Wild but also on your internal networks. There are plenty
I published the following diary on isc.sans.org: “Bots Searching for Keys & Config Files“. If you don’t know our “404” project, I would definitively recommend having a look at it! The idea is to track HTTP 404 errors returned by your web servers. I like to compare the value of 404 errors
I published the following diary on isc.sans.org: “Backup Scripts, the FIM of the Poor“. File Integrity Management or “FIM” is an interesting security control that can help to detect unusual changes in a file system. By example, on a server, they are directories that do not change often. Example with
I published the following diary on isc.sans.org: “A VBScript with Obfuscated Base64 Data“. A few months ago, I posted a diary to explain how to search for (malicious) PE files in Base64 data. Base64 is indeed a common way to distribute binary content in an ASCII form. There are plenty
The second edition of BSides Athens was planned this Saturday. I already attended the first edition (my wrap-up is here) and I was happy to be accepted as a speaker for the second time!  This edition moved to a new location which was great. Good wireless, air conditioning and food. The
I published the following diary on isc.sans.org: “Obfuscating without XOR“. Malicious files are generated and spread over the wild Internet daily (read: “hourly”). The goal of the attackers is to use files that are: not know by signature-based solutions not easy to read for the human eye That’s why many
I published the following diary on isc.sans.org: “Systemd Could Fallback to Google DNS?“. Google is everywhere and provides free services to everyone. Amongst the huge list of services publicly available, there are the Google DNS, well known as 8.8.8.8, 8.8.4.4 (IPv4) and 2001:4860:4860::8888, 2001:4860:4860::8844Â (IPv6)… [Read more]
