During the last edition of the Troopers security conference in March, I attended a talk about “JustMetaData”. It’s a tool developed by Chris Truncer to perform open source intelligence against IP addresses. Since then, I used this tool on a regular basis. Often when you’re using a tool, you have ideas to improve
I published the following diary on isc.sans.org: “Collecting Users Credentials from Locked Devices“. It’s a fact: When a device can be physically accessed, you may consider it as compromised. And if the device is properly hardened, it’s just a matter of time. The best hacks are the ones which use
I published the following diary on isc.sans.org: “Malware Delivered via ‘.pub’ Files“. While searching for new scenarios to deliver their malwares[1][2], attackers launched a campaign to deliver malicious code embedded in Microsoft Publisher[3] (.pub) files. The tool Publisher is less known than Word or Excel. This desktop publishing tool was released in 1991 (version
I published the following diary on isc.sans.org: “Maxmind.com (Ab)used As Anti-Analysis Technique“. A long time ago I wrote a diary[1] about malware samples which use online geolocalization services. Such services are used to target only specific victims. If the malware detects that it is executed from a specific area, it
Getting useful info from log file should be piece of cake …if the file is properly formatted! Usually, one event is written on a single line with useful info delimited by a separator or extractable using regular expressions. But it’s not always the case, welcome to the log hell…
I published the following diary on isc.sans.org: “Example of Targeted Attack Through a Proxy PAC File“. Yesterday, I discovered a nice example of targeted attack against a Brazilian bank. It started with an email sample like this …Â [Read more]
I published the following diary on isc.sans.org: “Voice Message Notifications Deliver Ransomware“. Bad guys need to constantly find new ways to lure their victims. If billing notifications were very common for a while, not all people in a company are working with such kind of documents. Which types of notification
I published the following diary on isc.sans.org: “Data Classification For the Masses“. Data classification isn’t a brand new topic. For a long time, international organizations or military are doing “data classificationâ€. It can be defined as: “A set of processes and tools to help the organization to know what data
I published the following diary on isc.sans.org: “Analyze of a Linux botnet client source code“. I like to play active-defense. Every day, I extract attacker’s IP addresses from my SSH honeypots and perform a quick Nmap scan against them. The goal is to gain more knowledge about the compromised hosts. Most
I published the following diary on isc.sans.org: “Name All the Things!“. With our more and more complex environments and processes, we have to handle a huge amount of information on a daily basis. To improve the communication with our colleagues, peers, it is mandatory to speak the same language and
