This is my first post in 2013! Every begining of a new year, people tend to make a list of good resolution. I also did and one of them is to switch from Perl to Python to develop! Being a Perl addict for years, I don’t expect to completely abandon
Cuckoo 0.5 on OS X Mountain Lion
Claudio Guarnieri and his developers gave us a great gift to finish the year. A few days before Christmas, they released the version 0.5 of Cuckoo, the open source malware analysis system. What’s new in this release? Plenty of nice stuffs! I won’t review there here, have a look at
The Social Impact of Malware Infections
I just had a good experience today about the “social impact” of malware infections and I would like to share it with you. For most infosec people, it is part of the game to play the fireman for family and friends when they are in trouble with their computer. The
Howto: Distributed Splunk Architecture
Implementing a good log management solution is not an easy task! If your organisation decides (should I add “finally“?) to deploy “tools” to manage your huge amount of logs, it’s a very good step forward but it must be properly addressed. Devices and applications have plenty of ways to generate
First Belgian Internet Security Conference Wrap Up
Yesterday I attended the first edition of a new event: The Belgian Internet Security Conference. It was organised by some key players from Belgian Federal organisations like the CERT.be, Belnet, FedICT. The goal of this one-day conference was to provide some security awareness to managers or deciders. This time, no
SANS London 2012 Quick Wrap Up
I wrote a quick wrap-up of the SANS London 2012 edition while waiting for my train back to Belgium on Saturday evening but I published it only today… Tomorrow was an off-line day! This was my first edition and, honestly, I hope not the last one! This event was
Database Tables and Rows: Security by Obscurity Is Sometimes Helpful!
“Security by obscurity is bad!“… Most infosec professionals will tell you this. The principle is to implement security by hiding stuff in the installation of tools or solutions. Often, people using security by obscurity believe that their stuff will be properly protected (not found by the attackers). But this technique
Manage an Efficient List of Open Proxies
Open proxies… Everybody likes them! Please don’t immediately think about malicious activities… Of course, open (and chained) proxies can be useful to make you anonymous on the Internet but they can also by very interesting for “good” purposes. As a pentester, they can help you to distribute your reconnaissance phase
Are You Using Strong E-mail Addresses?
Today was a bad day for Skype Microsoft: A vulnerability was discovered on the Skype website which allowed an attacker to hijack the account of a Skype user. The Skype client itself (the software) is not affected. When successfully performed, the account was not only stolen but, worse, it looks
Hashdays Wrap-Up Day #2
Yesterday evening, I went with friends to a traditional Swiss restaurant then we passed by the party to have a few drinks. Thanks to the sponsor for the open bar! That’s why it was difficult to wake up this morning… But, anyway, I had a wrap-up to write for you!