I’m proud to have been selected to give a training at DeepSecÂ (Vienna, Austria) in November: “Hunting with OSSEC“. This training is intendedÂ for Blue Team members and system/security engineers who would like to take advantage of the OSSEC integration capabilities with other tools and increase the visibility of their infrastructure behaviour.
[SANS ISC] Using Bad Material for the Good
I published the following diary on isc.sans.org: “Using Bad Material for the Good“: There is a huge amount of information shared online by attackers. Once again, pastebin.com is a nice place to start hunting. As this material is available for free, why not use it for the good? Attackers (with
[SANS ISC] Bots Searching for Keys & Config Files
I published the following diary on isc.sans.org: “Bots Searching for Keys & Config Files“. If youÂ donâ€™t know our “404”Â project, I would definitively recommend having a look at it! The idea is to track HTTP 404 errors returned by your web servers. I like to compare the value of 404 errors
The Truth is in Your Logs!
Keeping an eye on logs is boring… but mandatory! Hopefully, sometimes it can reveal funny stuffs! It looks like people at the CCC are having some fun too while their annual conference is ongoing… Here is what I got in my Apache logs this morning: 220.127.116.11 – – [30/Dec/2015:06:51:22 +0100]
Attackers Make Mistakes But SysAdmins Too!
A few weeks ago I blogged about “The Art of Logging” and explained why it is important to log efficiently to increase changes to catch malicious activities. They are other ways to catch bad guys, especially when they make errors, after all they are humans too! But it goes the
The Art of Logging
[This blogpost has been published as a guest diary on isc.sans.org] HandlingÂ log files is not a new topic. For a long time, people should know that taking care of your logs is a must have. They are very valuable when you need to investigate an incident. But, if collecting events
Check Point Firewall Logs and Logstash (ELK) Integration
It has been a while that I did not write an article on log management. Here is a quick how-to about the integration of Check Point firewall logs into ELK. For a while, this log management framework is gaining more and more popularity. ELK is based on three core components:
Logs… Privacy Issues?
Logs… We will never get rid of them! It’s a pain to manage them from a technical point of view but collecting events and using them can also introduce more issues in companies… from a legal point of view!Â Tonight, an ISACA Belgium Chapter meeting was organised within the context of
Grepping Live Windows Events
Today, we have powerful tools to take care of our logs. There are plenty of solutions to collect and process them in multiple ways to make them more valuable. Of course, I have one of those tools to process my logs. However, I’m still often using the old good “tail
The Belgian SIEM… wounds my heart with a monotonous languor!
Lot of Belgian newspapers and sites reported today (Example of Â articleÂ – in French) that a project of law will be discussed soon (deriving from the EU Data Retention Directive) to request providers of telecommunications (Internet – Mobile services) to keep a trace of electronic communications. Wait, the article should say