We (and I’m fully part of it) deploy and use plenty of security monitoring tools daily. As our beloved data is often spread across complex infrastructures or simply across multiple physical locations, we have to collect interesting information and bring them in a central place for further analysis. That’s called
Search Results for: ossec
Monitoring pastebin.com within your SIEM
For those who (still) don’t know pastebin.com, it’s a website mainly for developers. Its purpose is very simple: You can “paste” text on the website to share it with other developers, friends, etc. You paste it, optionally define an expiration date, if it’s public or private data and your are
Top-10 Blog Posts for 2011
That’s the Christmas break for most of us! Let’s spend some good times with friends and family. That’s also the period when people like to ask to their crystal ball or their favorite mascot what will happen in the coming months. This is not an exercise for me. I don’t
SOURCE Barcelona 2011 Wrap-Up
The conference SOURCE Barcelona 2011 is already over. Waiting for my flight back to Belgium, it’s time for my wrap-up! This year, an OSSEC training was initially scheduled with my friend Wim Remes but it was cancelled due to the lack of registrations. It looks that “defensive” security trainings do
Use the Ports, Luke!
Last week, I went to London to attend the RSA Conference Europe (my wrap up is here). One of the sessions I followed was presented by Eric Vyncke about “forensics in a post IPv4 exhaustion“. You should live on another planet if you’re not aware of the coming IPv4 exhaustion.
Implementing Security Controls via Nagios
In my last post, I gave some inputs about the implementation of basic security. It can be increased by following simple rules and procedures. This was purely theoretical. So, I decided to continue on this topic and show you how basic security checks can be implemented without spending too much
Suspicious WordPress Plugins Scan
Here is an interesting example I would like to share with you. It proves how log management is important. If you read my blog, you already know that I’m addicted to logs. They can be very useful to trace incidents or suspicious activities. Today I received several alerts from my
#BlackHatEU Day-1 Wrap-up
The first day started (too) early with Rafal Los’s (@Wh1t3Rabbit) briefing about “Defying Logic – Theory, Design, and Implementation of Complex Systems for Testing Application Logic“. Rafal explained some techniques not “brand new” but which are really interesting. The goal of application logic testing is to discover what an application
BlackHat Europe 2011
BlackHat stopped in Barcelona for the 2011 European edition. Second time at the same place, the “Palau de Congressos de Catalunya“. Same format as the previous editions: two days of trainings and two days of briefings. Strange, lot of trainings were canceled! Is it due to the crisis and less
Developers, IPv6 is also a Challenge for You!
I hate situations like the one I faced this afternoon… I’ve a daemon, written in Perl, running on a Linux box for months now. When I say for months, it means: Without restarting the process or the host except regular upgrades. But, for maintenance reasons, I had to reboot the