I published the following diary on isc.sans.edu: “Security Monitoring: At Network or Host Level?“: Today, to reach a decent security maturity, the keyword remains “visibility”. There is nothing more frustrating than being blind about what’s happening on a network or starting an investigation without any data (logs, events) to process.
I published the following diary on isc.sans.org: “The easy way to analyze huge amounts of PCAP data“. When you are investigating aÂ security incident, there are chances that, at a certain point, you will have to dive into network traffic analysis. If youâ€™re lucky, youâ€™ll have access to a network capture.
I published the following diary on isc.sans.org: “Full Packet Capture for Dummies” When a security incident occurred and must be investigated, the Incident Handler’s Holy Grail is a network capture file. It contains all communications between the hosts on the network. These metadata are already in goldmine: source and destination
The eighth BruCON edition is already over! Don’t expect a wrap-up because I just don’t have time. I’m always keeping an eye on the attendees’ bits & bytes! Based on the first feedback that I received from attendees and speakers, it was another good edition but, from a network point
I’m in Washington DC atÂ the SANSFIRE event. I’m following a training and meeting fellow SANS ISC Handlers. I also gave a talk tonight about the risks of the Internet of Things and quick tips to protect your home network against their invasion. Here is a copy of the slides: Link:Â http://www.slideshare.net/xme/home-sweet-home-sansfire-edition.
Yesterday, I talked atÂ RMLL (“Rencontres Mondiales du Logiciel Libre“) or LSM in English (“Libre Sofware Meeting“) held in Beauvais, France. The presentation title was “$HOME Sweet $HOME” and covered the security of our home networks regarding the invasion of connected gadgets also known as the Internet of Things. I gave
[This blogpost has also been published as a guest diary on isc.sans.org] Writing documentation is a pain for most of us but… mandatory! Pentesters and auditors don’t like to write their reports once the funny stuff has been completed. It is the same for the developers. Writing code and developing
Once again, here is my quick review about the BruCON network that we deployed for our beloved attendees! Yes, we are glad to take care of your packets during the conference. Nothing changed since the last edition, we deployed the same network in the same venue with the same controls
Today, the second edition of “Security Friday” was held in Brussels. As mentioned on the website, the goal is “a gathering of people in the IT security field. Getting together for a drink on the last Friday of the month in a bar near you we talk amongst peers about
BruCON 0x05 is already over! What an exciting week! After months of preparation, the event went very smoothly without big issues. Here is my quick wrap-up. This time, it’s not a wrap-up about the talks. I don’t have time to follow them, keeping an eye on the network all the