I published the following diary on isc.sans.org: “Example of Targeted Attack Through a Proxy PAC File“. Yesterday, I discovered a nice example of targeted attack against a Brazilian bank. It started with an email sample like this …Â [Read more]
Tag: Security
[SANS ISC Diary] Voice Message Notifications Deliver Ransomware
I published the following diary on isc.sans.org: “Voice Message Notifications Deliver Ransomware“. Bad guys need to constantly find new ways to lure their victims. If billing notifications were very common for a while, not all people in a company are working with such kind of documents. Which types of notification
[SANS ISC Diary] Data Classification For the Masses
I published the following diary on isc.sans.org: “Data Classification For the Masses“. Data classification isn’t a brand new topic. For a long time, international organizations or military are doing “data classificationâ€. It can be defined as: “A set of processes and tools to help the organization to know what data
[SANS ISC Diary] The Power of Web Shells
I published the following diary on isc.sans.org: “The Power of Web Shells“. Web shells are not new in the threats landscape. A web shell is a script (written in PHP, ASL, Perl, … – depending on the available environment) that can be uploaded to a web server to enable remote administration.
RMLL Security Track 2016 Wrap-Up
I’m in the train from Paris where I attended the RMLL Security Track version 2016. The RMLL or “Rencontres Mondiales du Logiciel Libre” is an annual event around free software. Amongst multiple tracks, there is always one dedicated to information security (around free software of course). The global event was
Book Review: Sécurité Informatique et Malwares
In 2013, Paul Rascagnères (aka “@r00tbsd“) wrote a book titled “Malware: Identification, analyse et éradication“. Paul being a friend but especially a renowned security researcher in the field of malware analysis and incident investigations, I bought the first edition of his book which was a very good introduction to malware.
[SANS ISC Diary] Phishing Campaign with Blurred Images
I published the following diary was published on isc.sans.org: Phishing Campaign with Blurred Images.
BSidesAthens 2016 Wrap-Up
Here is my wrap-up for the first edition of BSidesAthens. There are more and more BSides events organized across the world and the Greek capital has now one! It was also a good opportunity to spend the weekend in this nice city. Grigorios Fragkos kicked off the event a few
$HOME Sweet $HOME – SANSFIRE Edition
I’m in Washington DC at the SANSFIRE event. I’m following a training and meeting fellow SANS ISC Handlers. I also gave a talk tonight about the risks of the Internet of Things and quick tips to protect your home network against their invasion. Here is a copy of the slides: Link: http://www.slideshare.net/xme/home-sweet-home-sansfire-edition.
[SANS ISC Diary] Offensive or Defensive Security? Both!
I published the following diary was published on isc.sans.org:Â Offensive or Defensive Security? Both!