I published the following diary on isc.sans.org: “IOC’s: Risks of False Positive Alerts Flood Ahead“. Yesterday, I wrote a blog post which explained how to interconnect a Cuckoo sandbox and the MISP sharing platform. MISP has a nice REST API that allows you to extract useful IOC’s in different formats.
With the number of attacks that we are facing today, defenders are looking for more and more IOC’s (“Indicator of Compromise) to feed their security solutions (firewalls, IDS, …). It becomes impossible to manage all those IOC’s manually and automation is the key. There are two main problems with this
I published the following diary on isc.sans.org: “Malicious SVG Files in the Wild“. In November 2016, the Facebook messenger application was used to deliver malicious SVG files to people [1]. SVG files (or “Scalable Vector Graphics”) are vector images that can be displayed in most modern browsers (natively or via
I published the following diary on isc.sans.org: “Backup Files Are Good but Can Be Evil“. Since we started to work with computers, we always heard the following advice: “Make backups!”. Everytime you have to change something in a file or an application, first make a backup of the existing resources
I published the following diary on isc.sans.org: “Who’s Attacking Me?“. I started to play with a nice reconnaissance tool that could be helpful in many cases – offensive as well as defensive. “IVRE” (“DRUNK” in French) is a tool developed by the CEA, the Alternative Energies and Atomic Energy Commission
I published the following diary on isc.sans.org: “Using Security Tools to Compromize a Network“. One of our daily tasks is to assess and improve the security of our customers or colleagues. To achieve this use security tools (linked to processes). With the time, we are all building our personal toolbox
A quick blog post about a malicious VBScript macro that I analysed… Bad guys have always plenty of ideas to obfuscate their code. The macro was delivered via a classic phishing email with an attached zip archive that contained a Windows .lnk file. The link containing a simple call to
I published the following diary on isc.sans.org: “UAC Bypass in JScript Dropper“. Yesterday, one of our readers sent us a malicious piece of JScript: doc2016044457899656.pdf.js.js. It’s always interesting to have a look at samples coming from alternate sources because they may slightly differ from what we usually receive on a
It’s over! The 4th edition of Botconf just finished and I’m in the train back to Belgium writing the daily wrap-up. Yesterday, the reception was organized in a very nice place (the “Chapelle de la Trinitéâ€). Awesome place, awesome food, interesting chats as usual. To allow people to recover smoothly,
The second is over, so here is my daily wrap-up! After some welcomed coffee cups, it started sharp at 9AM with Christiaan Beek who spoke about Ransomware: “Ransomware & Beyondâ€. When I read the title, my first reaction was “What can be said in a conference like Botconf about ransomware?”.
