For a while, ransomware is a plague… Just by surfing to a website or by opening an invoice received by email, people get a nice popup window while their files are being encrypted. Everyday, we hear about nightmare stories with companies infected by such malicious code and which do not have a
Tag: Security
How to Not Send Corporate Emails?
On a daily basis, I’m looking for malicious emails. I own catch-all mailboxes that collect a huge amount of spam that I’m using to perform deeper analysis: to discover new tactics used by attackers and new piece of malicious code. Basically, they are two categories of phishing campaigns: the one sent to
Incident Handling with Docker Containers
Honestly, I never really played with Docker but… For a few weeks, I succumbed to the temptation of playing with Docker thanks to a friend who’s putting everything in docker containers. If you still don’t know Docker, here is a very brief introduction: Docker lets you run applications in a “container“. In this
The Best Broth is Made in The Oldest Pot
In 2014, I blogged about security awareness through proverbs. Many proverbs can be used to deliver important security messages. We are now in 2016 and I could add a new one to the long list that I already built: “The Best Broth is Made in The Oldest Pot“ A new
Physical Access == Pwn3d!
This is becoming a buzz in Belgium in this holidays period and all media are busy to relay it: One of the biggest advertising panel in Brussels has been hacked! Sitting on top of a building, Place de Broeckere, it is well known from the people of Brussels. If it is
Managing Palo Alto Firewalls Custom URL Categories
Palo Alto Networks firewalls are very popular due to the huge amount of features they provide in a unique chassis. Besides the traditional traffic inspection, they can play up to the 7th layer of the ISO model. The rule base can contain rules which inspect the web traffic and prevent users
Email Tracking for Dummies
Recently, I was involved in an incident handling mission to find how some confidential emails were being tracked. Let’s imagine a first scenario: Alice sends a mail to Bob. Bob reads Alice’s email and Alice gets notified. Nothing special, this is a standard feature offered by most commercial messaging solutions.
Developers Are (still) From Mars, Infosec People (still) From Venus
In March 2011, Brian Honan contributed to an issue of the INSECURE magazine with an article called “Management are from Mars, information security professional are from Venus“. This title comes from the John Gray’s worldwide bestseller where he presents the relations between men and women. Still today, we can reuse this subject
Black Hat Europe 2015 Wrap-Up
Here is my quick wrap-up of Black Hat Europe 2015 which just terminated today. Due to a high workload, I joined Amsterdam only today to attend the second day of briefings and… I’m not disappointed! As usual, there was very interesting sessions and other less attractive. I also missed a
Hack.lu 2015 Wrap-Up Day #3
I just drove back to home after the 11th edition of hack.lu. As always, it was an amazing event organized by, amongst others, many team members of the CIRCL. So, let’s write a quick wrap-up for this third day. Some talk will be less covered due to interesting chat sessions with