Skip to content
/dev/random

/dev/random

"If the enemy leaves a door open, you must rush in." – Sun Tzu

  • About Me
    • About Me
    • Online Presentations
    • PGP Public Key
  • Disclaimer
  • Tools
    • alerts2afterglow
    • hoover
    • inotes.py
    • known_hosts_bruteforcer
    • pastemon
    • oplb
    • ossec_dashboard
    • ossec2dshield
    • twittermon
    • rrhunter
    • syslog2loggly

Tag: Mail

myMail Manages Your Mailbox… in a Strange Way!

February 19, 2021 Mobile Devices, Security, Software 5 comments

myMail is a popular (10M+ downloads!) alternative email client for mobile devices. Available for iOS and Android, it is a powerful email client compatible with most of the mail providers (POP3/IMAP, Gmail, Yahoo!, Outlook, and even ActiveSync). Recently, I was involved in an incident that was related to a malicious

Continue reading »

How to Not Send Corporate Emails?

February 29, 2016 Malware, Security, Social Engineering 6 comments

On a daily basis, I’m looking for malicious emails. I own catch-all mailboxes that collect a huge amount of spam that I’m using to perform deeper analysis: to discover new tactics used by attackers and new piece of malicious code. Basically, they are two categories of phishing campaigns: the one sent to

Continue reading »

Automatic MIME Attachments Triage

December 4, 2015 Malware, Security Leave a comment

A few weeks ago I posted a diary on the ISC SANS website about a script to automate the extraction and analyze of MIME attachments in emails. Being the happy owner of an old domain (15y), this domain is present in all spammer’s mailing lists. I’m receiving a lot of

Continue reading »

Automatic MIME Parts Scanning with VirusTotal

December 15, 2014 ELK, Security 11 comments

Here is a Python script that I developed for my personal use: mime2vt.py. I decided to release it because I think it could be helpful for many of you. In 2012, I started a project called CuckooMX. The goal was to automatically scan attachments in emails with Cuckoo to find

Continue reading »

CuckooMX: Automating Email Attachments Scanning with Cuckoo

June 20, 2012 Security, Software 19 comments

Today,  classic anti-virus protections are not enough reliable to protect against modern malwares. To have a better understanding and, if possible, block them, it’s best to execute the code in a safe environment and to analyze its behaviour. Does it create new processes or files, are outbound connections performed via

Continue reading »

Honeymail: Track Who’s Leaking Your E-mail Addresses

December 21, 2011 Privacy, Security, Websites 2 comments

“E-mail”… What a wonderful online service! When I first connected to the Internet around 1994 (I’m feeling old writing this!), I was so exited to receive my first e-mail! Today, I’m very happy when I received less than 50 e-mails per day! E-mail has been, for years, associated with spam.

Continue reading »

Stay in Touch

RSS Twitter LinkedIn

Upcoming Events

Here is a list of events that I will attend and cover via Twitter and wrap-ups. Ping me if you want to meet! The list is regularly updated.

SANS Oslo 2022
FIRST TC Amsterdam 2022
Botconf 2022

Recent Articles

  • [SANS ISC] Malicious Python Script Behaving Like a Rubber Ducky
  • Pass-The-Salt 2022 Wrap-Up
  • [SANS ISC] Malicious PowerShell Targeting Cryptocurrency Browser Extensions
  • [SANS ISC] Houdini is Back Delivered Through a JavaScript Dropper
  • [SANS ISC] Sandbox Evasion… With Just a Filename!

Popular Articles

  • Keep an Eye on SSH Forwarding! 43.4k views
  • Show me your SSID’s, I’ll Tell Who You Are! 41.6k views
  • Sending Windows Event Logs to Logstash 35k views
  • Check Point Firewall Logs and Logstash (ELK) Integration 32.1k views
  • Socat, Another Network Swiss Army Knife 30.5k views
  • Forensics: Reconstructing Data from Pcap Files 28.2k views
  • dns2tcp: How to bypass firewalls or captive portals? 26k views
  • Bruteforcing SSH Known_Hosts Files 22.4k views
  • Vulnerability Scanner within Nmap 21.1k views
  • Bash: History to Syslog 20k views

Recent Tweets

  • Back in Amsterdam! pic.twitter.com/xbbvVUGkuM

    Yesterday at 13:51

  • Hey Twitter, if you have to start from zero with a fresh #YARA rules repository, which one would your recommend? #LazyTweet

    August 12, 2022 17:30

  • Major electricity maintenance at home this morning… Dear UPS God, be with me! pic.twitter.com/loGdSGFj2x

    August 8, 2022 05:49

  • Interesting script: Looking for persistence artefacts left by #malware? Try “PersistenceSniper” github.com/last-byte/Persisten… #dfir #powershell

    August 4, 2022 07:18

  • The place was nice so I dropped a GoogleMap pin! pic.twitter.com/NIk4lzaFmf

    July 30, 2022 09:57

Time Machine

RSS NVD Vulnerabilities Feed

  • CVE-2022-20407 (android) August 11, 2022
    Product: AndroidVersions: Android kernelAndroid ID: A-210916981References: N/A
  • CVE-2022-20406 (android) August 11, 2022
    Product: AndroidVersions: Android kernelAndroid ID: A-184676385References: N/A
  • CVE-2022-20408 (android) August 11, 2022
    Product: AndroidVersions: Android kernelAndroid ID: A-204782372References: N/A
  • CVE-2022-20405 (android) August 11, 2022
    Product: AndroidVersions: Android kernelAndroid ID: A-216363416References: N/A
  • CVE-2022-20381 (android) August 11, 2022
    Product: AndroidVersions: Android kernelAndroid ID: A-188935887References: N/A
  • CVE-2022-20383 (android) August 11, 2022
    In AllocateInternalBuffers of g3aa_buffer_allocator.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222408847References: N/A
  • CVE-2022-20403 (android) August 11, 2022
    Product: AndroidVersions: Android kernelAndroid ID: A-207975764References: N/A
  • CVE-2022-20401 (android) August 11, 2022
    In SAEMM_RetrievEPLMNList of SAEMM_ContextManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post-authentication with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-226446030References: N/A
Copyright Xavier Mertens © 2003-2022 | Powered by Xameco.
This website uses cookies to improve your experience. By using our services, you agree to our use of cookies. Accept Learn more
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT