Here we go with the last wrap-up of the 2018 edition! The first presentation was about worms: “Worms that turn: nematodes and neotodes” by Matt Wixey. The first slide contained the mention: “for educational purposes only”. What could we expect? The idea of the research performed by Matt was interesting.
The second day started early with an eye-opener talk: “IPC – the broken dream of inherent security” by Thanh Bui. IPC or “Inter-Process Communications” are everywhere. You can compare them as a network connection between a client and a server but inside the operating system. The idea of Thanh’s research was
The 14th edition (!) of hack.lu is ongoing in Luxembourg. I arrived yesterday to attend the MISP summit which was a success. It’s great to see that more and more people are using this information sharing platform to fight bad guys! Today, the conference officially started with the regular talk. I
I published the following diary on isc.sans.edu: “More Equation Editor Exploit Waves“: This morning, I spotted another wave of malicious documents that (ab)use again CVE-2017-11882 in the Equation Editor (see my yesterday’s diary). This time, malicious files are RTF files. One of the samples is SHA256:bc84bb7b07d196339c3f92933c5449e71808aa40a102774729ba6f1c152d5ee2 (VT score: 19/57)… [Read more]
I published the following diary on isc.sans.edu: “New Campaign Using Old Equation Editor Vulnerability“: Yesterday, I found a phishing sample that looked interesting: From: sales@tjzxchem[.]com To: me Subject: RE: Re: Proforma Invoice INV 075 2018-19 ’08 Reply-To: exports.sonyaceramics@gmail[.]com [Read more]
I published the following diary on isc.sans.edu: “‘OG’ Tools Remain Valuable“: For vendors, the cybersecurity landscape is a nice place to make a very lucrative business. New solutions and tools are released every day and promise you to easily detect malicious activities on your networks. And it’s a recurring story.
I published the following diary on isc.sans.edu: “More Excel DDE Code Injection“: The “DDE code injection” technique is not brand new. DDE stands for “Dynamic Data Exchange”. It has already been discussed by many security researchers. Just a quick reminder for those who missed it. In Excel, it is possible to
I received my Yubikey 4C Nano for a while (“C” because it is compatible with USB-C connectors) but I did not have time yet to configure it to be used with my PGP key. It’s now done! As you can see, it fits perfectly in my Macbook pro: I won’t
I published the following diary on isc.sans.edu: “Hunting for Suspicious Processes with OSSEC“: Here is a quick example of how OSSEC can be helpful to perform threat hunting. OSSEC is a free security monitoring tool/log management platform which has many features related to detecting malicious activity on a live system like the
I published the following diary on isc.sans.edu: “Malware Delivered Through MHT Files“: What are MHT files? Microsoft is a wonderful source of multiple file formats. MHT files are web page archives. Usually, a web page is based on a piece of HTML code with links to external resources, images and other