Skip to content
/dev/random

/dev/random

"If the enemy leaves a door open, you must rush in." – Sun Tzu

  • About Me
    • About Me
    • Online Presentations
    • PGP Public Key
  • Disclaimer
  • Tools
    • alerts2afterglow
    • hoover
    • inotes.py
    • known_hosts_bruteforcer
    • pastemon
    • oplb
    • ossec_dashboard
    • ossec2dshield
    • twittermon
    • rrhunter
    • syslog2loggly

Tag: Loki

Velociraptor & Loki

December 21, 2021 DFIR, Forensics, Security, Velociraptor Leave a comment

Velociraptor is a great DFIR tool that becomes more and more popular amongst Incident Handlers. Velociraptor works with agents that are deployed on endpoints. Once installed, the agent automatically “phones home” and keep s a connection with the server… exactly like a malware with it’s C2 server but this time

Continue reading »

Stay in Touch

RSS Twitter LinkedIn

Upcoming Events

Here is a list of events that I will attend and cover via Twitter and wrap-ups. Ping me if you want to meet! The list is regularly updated.

SANS Oslo 2022
FIRST TC Amsterdam 2022
Botconf 2022

Recent Articles

  • [SANS ISC] Malicious PowerShell Targeting Cryptocurrency Browser Extensions
  • [SANS ISC] Houdini is Back Delivered Through a JavaScript Dropper
  • [SANS ISC] Sandbox Evasion… With Just a Filename!
  • [SANS ISC] A ‘Zip Bomb’ to Bypass Security Controls & Sandboxes
  • [SANS ISC] Use Your Browser Internal Password Vault… or Not?

Popular Articles

  • Keep an Eye on SSH Forwarding! 43.3k views
  • Show me your SSID’s, I’ll Tell Who You Are! 41.5k views
  • Sending Windows Event Logs to Logstash 34.9k views
  • Check Point Firewall Logs and Logstash (ELK) Integration 31.9k views
  • Socat, Another Network Swiss Army Knife 30.4k views
  • Forensics: Reconstructing Data from Pcap Files 28k views
  • dns2tcp: How to bypass firewalls or captive portals? 25.8k views
  • Bruteforcing SSH Known_Hosts Files 22.1k views
  • Vulnerability Scanner within Nmap 21.1k views
  • Bash: History to Syslog 19.8k views

Recent Tweets

  • Hey @microsoft, any help to solve this: Your website is useless! The IP is safe, SPF & co in place! Please advice… twitter.com/i/web/status/15436…

    Yesterday at 16:19

  • On my way! #PTS22 pic.twitter.com/eLpy8He5yN

    Yesterday at 13:54

  • When you found a corporate document explaining “data confidentiality”… shared on VirusTotal! pic.twitter.com/FVtCkPc260

    July 2, 2022 09:30

  • And it started for 6h in a row! #FOR610 #SANSMunich pic.twitter.com/GuqiLJBj77

    July 2, 2022 07:07

  • Ready for the last #FOR610 day! #SANSMunich pic.twitter.com/WuyLaxTEWs

    July 2, 2022 05:16

Time Machine

RSS NVD Vulnerabilities Feed

  • CVE-2020-27509 (galaxkey) June 26, 2022
    Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the 'subject' field. The payload executes when the recipient logs into their mailbox.
  • CVE-2022-33121 (minicms) June 24, 2022
    A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link.
  • CVE-2022-33122 (eyoucms) June 24, 2022
    A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page.
  • CVE-2021-38871 (jazz_team_server) June 24, 2022
    IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208345.
  • CVE-2021-39409 (online_student_rate_system) June 24, 2022
    A vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an administrator without needing to be authenticated.
  • CVE-2021-38879 (jazz_team_server) June 24, 2022
    IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 209057.
  • CVE-2021-20544 (jazz_team_server) June 24, 2022
    IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198931.
  • CVE-2021-29865 (jazz_team_server) June 24, 2022
    IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM […]
Copyright Xavier Mertens © 2003-2022 | Powered by Xameco.
This website uses cookies to improve your experience. By using our services, you agree to our use of cookies. Accept Learn more
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT