I published the following diary on isc.sans.org: “Tracking Website Defacers with HTTP Referers”. In a previous diary, I explained how pictures may affect your website reputation. Although a suggested recommendation was to prevent cross-linking by using the HTTP referer, this is a control that I do not implement on my personal blog,
I published the following diary on isc.sans.org: “Whitelists: The Holy Grail of Attackers“. As a defender, take the time to put yourself in the place of a bad guy for a few minutes. You’re writing some malicious code and you need to download payloads from the Internet or hide your
I published the following diary on isc.sans.org: “Pro & Con of Outsourcing your SOC“. I’m involved in a project to deploy a SIEM (“Security Information &Event Management“) / SOC (“Security Operation Center“) for a customer. The current approach is to outsource the services to an external company also called a
I published the following diary on isc.sans.org: “Diverting built-in features for the bad“. Sometimes you may find very small pieces of malicious code. Yesterday, I caught this very small Javascript sample with only 2 lines of code… [Read more]
I published the following diary on isc.sans.org: “Logical & Physical Security Correlation“. Today, I would like to review an example how we can improve our daily security operations or, for our users, how to help in detecting suspicious content. Last week, I received the following email in my corporate mailbox.
I published the following diary on isc.sans.org: “Nicely Obfuscated JavaScript Sample“. One of our readers sent us an interesting sample that was captured by his anti-spam. The suspicious email had an HTML file attached to it. By having a look at the file manually, it is heavily obfuscated and the payload
I’m just back from Heidelberg so here is the last wrap-up for the TROOPERS 2017 edition. This day was a little bit more difficult due to the fatigue and the social event of yesterday. That’s why the wrap-up will be shorter…  The second keynote was presented by Mara Tam: “Magical
The third day is already over! Today the regular talks were scheduled split in three tracks: offensive, defensive and a specific one dedicated to SAP. The first slot at 09:00 was, as usual, a keynote. Enno Rey presented ten years of TROOPERS. What happened during all those editions? The main
This is my wrap-up for the 2nd day of “NGI†at TROOPERS. My first choice for today was “Authenticate like a boss†by Pete Herzog. This talk was less technical than expected but interesting. It focussed on a complex problem: Identification. It’s not only relevant for users but for anything
I’m in Heidelberg (Germany) for the 10th edition of the TROOPERS conference. The regular talks are scheduled on Wednesday and Thursday. The two first days are reserved for some trainings and a pre-conference event called “NGI†for “Next Generation Internet†focusing on two hot topics: IPv6 and IoT. As said on
