I published the following diary on isc.sans.org: “Backup Files Are Good but Can Be Evil“. Since we started to work with computers, we always heard the following advice: “Make backups!”. Everytime you have to change something in a file or an application, first make a backup of the existing resources
I published the following diary on isc.sans.org: “Who’s Attacking Me?“. I started to play with a nice reconnaissance tool that could be helpful in many cases – offensive as well as defensive. “IVRE” (“DRUNK” in French) is a tool developed by the CEA, the Alternative Energies and Atomic Energy Commission
I published the following diary on isc.sans.org: “Using Security Tools to Compromize a Network“. One of our daily tasks is to assess and improve the security of our customers or colleagues. To achieve this use security tools (linked to processes). With the time, we are all building our personal toolbox
A quick blog post about a malicious VBScript macro that I analysed… Bad guys have always plenty of ideas to obfuscate their code. The macro was delivered via a classic phishing email with an attached zip archive that contained a Windows .lnk file. The link containing a simple call to
I published the following diary on isc.sans.org: “UAC Bypass in JScript Dropper“. Yesterday, one of our readers sent us a malicious piece of JScript: doc2016044457899656.pdf.js.js. It’s always interesting to have a look at samples coming from alternate sources because they may slightly differ from what we usually receive on a
It’s over! The 4th edition of Botconf just finished and I’m in the train back to Belgium writing the daily wrap-up. Yesterday, the reception was organized in a very nice place (the “Chapelle de la Trinitéâ€). Awesome place, awesome food, interesting chats as usual. To allow people to recover smoothly,
The second is over, so here is my daily wrap-up! After some welcomed coffee cups, it started sharp at 9AM with Christiaan Beek who spoke about Ransomware: “Ransomware & Beyondâ€. When I read the title, my first reaction was “What can be said in a conference like Botconf about ransomware?”.
This is already the fourth edition of the Botconf security conference, fully dedicated to fighting malware and botnets. Since the first edition, the event location changed every year and it allowed me to visit nice cities in France. After Nantes, Nancy and Paris, the conference invaded Lyon. I arrived yesterday in
I published the following diary on isc.sans.org: “Free Software Quick Security Checklist“. Free software (open source or not) is interesting for many reasons. It can be adapted to your own needs, it can be easily integrated within complex architectures but the most important remains, of course, the price. Even if
I published the following diary on isc.sans.org: “Example of Getting Analysts & Researchers Away“. It is well-known that bad guys implement pieces of code to defeat security analysts and researchers. Modern malware’s have VM evasion techniques to detect as soon as possible if they are executed in a sandbox environment. The same applies
