I published the following diary on isc.sans.edu: “Dissecting Malicious Office Documents with Linux”: A few months ago, Rob wrote a nice diary to explain how to dissect a (malicious) Office document (.docx). The approach was to use the OpenXML SDK with Powershell. This is nice but how to achieve the
I published the following diary on isc.sans.org: “Malicious Bash Script with Multiple Features“: It’s not common to find a complex malicious bash script. Usually, bash scripts are used to download a malicious executable and start it. This one has been spotted by @michalmalik who twitted about it. I had a
I published the following diary on isc.sans.org: “Analyze of a Linux botnet client source code“. I like to play active-defense. Every day, I extract attacker’s IP addresses from my SSH honeypots and perform a quick Nmap scan against them. The goal is to gain more knowledge about the compromised hosts. Most
A quick blog post about an issue I faced this morning. While drinking my morning coffee and reviewing what happened during the last night in my logs, I detected that one of my website (leakedin.com) was entirely mirrored by a guy from Brazil. I’m not against sharing information but in this case,
All modern Unix operating systems provide softwares as packages. I remember the good old times in the ’90s when you had to compile all the applications from their source code. Compiling source code has advantages: you enable only the features you need and perform configuration tweaks as you want. But
During the last months, Dropbox, the well-known synchronization tool, was hit by bad stories. First, they changed their EULA (“End User License Agreement“) which clearly stated that Dropbox employees could access your files in case of very specific cases like law enforcement procedures. I always blogged about this. Then, researchers
Ah, backups… What a nice boring topic! Everyone agrees on the fact that a strong backup procedure is mandatory for any computer (server, workstation, PDA or anything else which carry data). But lot of us also agree to say that backup are so boring to perform and, even more, maintain!
For a long time ago, I did not write about OpenBSD which remains one of my favorite operating system. The last version (4.7) was released in May and introduced, as usual, a lot of interesting changes. OpenBSD comes of course with it’s own firewall called pf (“packet filter“). Plenty of
Finally, I did it! I just upgraded my corporate laptop with the latest release of Ubuntu (9.10) aka “Karmic Koala”. Available for a few weeks, I preferred to wait for some holidays before the upgrade. First, because without laptop, I can’t work! In case of big issue, my off-days would
I’m just back from the last ISACA Belgian Chapter meeting. Topic of today was about the UNIX OS security audit process. A very large topic! The speaker was Sanjay Vaid. For years now, Linux is deployed in business environment. Linux systems can take several forms: applications servers (print, files, web,
