I’m proud to have been selected to give a training at DeepSec (Vienna, Austria) in November: “Hunting with OSSEC“. This training is intended for Blue Team members and system/security engineers who would like to take advantage of the OSSEC integration capabilities with other tools and increase the visibility of their infrastructure behaviour.
I published the following diary on isc.sans.org: “Using Bad Material for the Good“: There is a huge amount of information shared online by attackers. Once again, pastebin.com is a nice place to start hunting. As this material is available for free, why not use it for the good? Attackers (with
I published the following diary on isc.sans.org: “Bots Searching for Keys & Config Files“. If you don’t know our “404” project, I would definitively recommend having a look at it! The idea is to track HTTP 404 errors returned by your web servers. I like to compare the value of 404 errors
Keeping an eye on logs is boring… but mandatory! Hopefully, sometimes it can reveal funny stuffs! It looks like people at the CCC are having some fun too while their annual conference is ongoing… Here is what I got in my Apache logs this morning: 151.217.177.200 – – [30/Dec/2015:06:51:22 +0100]
A few weeks ago I blogged about “The Art of Logging” and explained why it is important to log efficiently to increase changes to catch malicious activities. They are other ways to catch bad guys, especially when they make errors, after all they are humans too! But it goes the
[This blogpost has been published as a guest diary on isc.sans.org] Handling log files is not a new topic. For a long time, people should know that taking care of your logs is a must have. They are very valuable when you need to investigate an incident. But, if collecting events
It has been a while that I did not write an article on log management. Here is a quick how-to about the integration of Check Point firewall logs into ELK. For a while, this log management framework is gaining more and more popularity. ELK is based on three core components:
Logs… We will never get rid of them! It’s a pain to manage them from a technical point of view but collecting events and using them can also introduce more issues in companies… from a legal point of view! Tonight, an ISACA Belgium Chapter meeting was organised within the context of
Today, we have powerful tools to take care of our logs. There are plenty of solutions to collect and process them in multiple ways to make them more valuable. Of course, I have one of those tools to process my logs. However, I’m still often using the old good “tail
Lot of Belgian newspapers and sites reported today (Example of  article – in French) that a project of law will be discussed soon (deriving from the EU Data Retention Directive) to request providers of telecommunications (Internet – Mobile services) to keep a trace of electronic communications. Wait, the article should say
