<Warning>Challenge closed</Warning> Like the previous two years, I’m happy to be a media partner of the French security conference “Hack in Paris“. The schedule is now online, great talks are foreseen! As a media partner, I receive a bunch of coupons for you. They will allow you to attend the
Malicious MS Word Document not Detected by AV Software
[This blogpost has also been published as a guest diary on isc.sans.org] Like everybody, I’m receiving a lot of spam everyday but… I like it! All unsocilited received messages are stored in a dedicated folder for two purposes: An automatic processing via my tool mime2vt A manual review at regular interval
Troopers15 Wrap-Up Day #2
This is my wrap-up for the second day of Troopers15. Before the review of the talks, a few words about the conference. The venue is really nice as well as the facilities. A good WiFi coverage (IPv4/IPv6) and even a dedicated GSM network! “Troopers†SIM card were available for free
Troopers15 Wrap-Up Day #1
This is my first Troopers conference. I already heard lot of positive comments about this event but I never attended it. As I’ll start a new job position soon, I had the opportunity to take some days off to join Heidelberg in Germany. The conference is split across two days
The lack of network documentation…
[This blogpost has also been published as a guest diary on isc.sans.org] Writing documentation is a pain for most of us but… mandatory! Pentesters and auditors don’t like to write their reports once the funny stuff has been completed. It is the same for the developers. Writing code and developing
Expanding your CMS at your own risk!
CMS or “Content Management Systems” became vey common for a few years. Popular CMS are WordPress, Drupal or Joomla. You can rent some space at a hosting provider for a few bucks or even find free hosting platforms. You can deploy them in a few minutes on your own server. Then, you
phpMoAdmin 0-day Nmap Script
An 0-day vulnerability has been posted on Full-Disclosure this morning. It affects the MongoDB GUI phpMoAdmin. The GUI is similar to the well-known phpMyAdmin and allows the DB administrator to perform maintenance tasks on the MongoDB databases with the help of a nice web interface. The vulnerability is critical because it allows
The Evil CVE: CVE-666-666 – “Report Not Read”
I had an interesting discussion with a friend this morning. He explained that, when he is conducting a pentest, he does not hesitate to add sometimes in his report a specific finding regarding the lack of attention given to the previous reports. If some companies are motivated by good intentions and ask
OWASP Belgium Chapter Meeting February 2015 Wrap-Up
Tonight the first Belgium OWASP chapter meeting of the year 2015 was organized in Leuven. Next to the SecAppDev event also organised in Belgium last week, many nice speakers were present in Belgium. It was a good opportunity to ask them to present a talk at a chapter meeting. As usual,
My Little Pwnie Box
As a pentester, I’m always trying to find new gadgetstools to improve my toolbox. A few weeks ago, I received my copy of Dr Philip Polstra’s book: “Hacking and Penetration Testing with Low Power Devices” (ISBN: 978-0-12-800751-8). I had a very interesting chat with Phil during the last BruCON edition