I published the following diary on isc.sans.org: “Are Your Hunting Rules Still Working?“: You are working in an organization which implemented good security practices: log events are collected then indexed by a nice powerful tool. The next step is usually to enrich this (huge) amount of data with external sources. You
I published the following diary on isc.sans.org: “DNS Query Length… Because Size Does Matter“. In many cases, DNS remains a goldmine to detect potentially malicious activity. DNS can be used in multiple ways to bypass security controls. DNS tunnelling is a common way to establish connections with remote systems. It is
Getting useful info from log file should be piece of cake …if the file is properly formatted! Usually, one event is written on a single line with useful info delimited by a separator or extractable using regular expressions. But it’s not always the case, welcome to the log hell…
More and more companies organize “security awareness” trainings for their team members. With the growing threats faced by people while using their computers or any connected device, it is definitively a good idea. The goal of such trainings is to make people open their eyes and change their attitude towards security.
Logs… We will never get rid of them! It’s a pain to manage them from a technical point of view but collecting events and using them can also introduce more issues in companies… from a legal point of view! Tonight, an ISACA Belgium Chapter meeting was organised within the context of
For a while, malwares are in front of the security stage and the situation is unlikely to change in the coming months. When I give presentations about malwares, I always like to report two interesting statistics in my slides. They come from the 2012 Verizon DBIR: In 66% of investigated incidents,
If there is a gold principle in IT, that’s the one called “KISS“: “Keep It Simple and Stupid“. It says that systems will work best if they are kept simple rather than complex. Simplicity must be a key goal during the design phase. This sounds logical: Keep in mind that
We are already in 2014 for a few days and this is my first blog post for this year! So, let me wish you a wonderful 2014 for you and you family! Let’s start with a quick post about building IP addresses reputation list. This topic was discussed on a
A few days ago, I wrote a blog post about a Python script that I use with the new Amazon CloudTrail feature to grab logs from my Amazon cloud services. Because we use more and more cloud services in our digital life, the same principle should apply to all our
The Amazon conference “re:Invent” is taking place in Las Vegas at the moment. For a while, I’m using the Amazon cloud services (EC2) mainly to run lab and research systems. Amongst the multiple announcements they already made during the conference, one of them caught my attention: “CloudTrail“. Everything has already
