When my friend Didier Stevens contacted me last year to help him with a BruCON 5×5 project, I simply could not decline! Didier developed a framework to perform forensic investigations on Cisco routers. His framework is called NAFT (“Network Appliance Forensic Toolkitâ€). It is written in Python and provides a
Tag: Security
Security Appliances, Pandora’s Boxes?
No breaking news, nothing fancy in this quick blog post but it is worth to remember that security appliances can be a potential threat when deployed on your network. For years, security appliances are the “in” thing. On the paper, they are sexy: you just plug a power cable, a network
Book Review: Penetration Testing with the Bash Shell
A few weeks ago, I reviewed Georgia’s book about penetration testing. In the same topic (pentesting), I was asked to review another one which focus on shell scripting using the bash shell. Keith Makan is the author of “Penetration Testing with the Bash Shell“. Bash is the default shell on many UNIX
Password – (noun) A Reminder for Your Dog’s Name
Aaaaah… Passwords! Why write a blog article about them. Everything has alreay been said about passwords. Everybody hates them because they are hard to remember, because we should change it regularly, because we have way too much of them. They are often present in security awareness campaign (see the article
Offline Malware Analysis with Host-Only VirtualBox Networks
Following the presentation that I made at the RMLL 2014 last week, I slightly changed my malware analysis setup. The goal is to make it fully operational “offline“. Indeed, today we are always “on“, Internet is everywhere and it’s easy to get a pipe. However, sometimes it’s better to not send packets
RMLL 2014 Security Track Wrap-Up
I’m just back from Montpellier where was organised the 2014’s edition of the RMLL (“Rencontres Modiales des Logiciels Libresâ€) or LSM in English (“Libre Software Meetingâ€). This is a huge event similar to the FOSDEM in Brussels where people who love free software exchange views, researches and make some networking.
HITB Amsterdam 2014 Wrap-up Day #2
And here is the second day wrap-up. The day started with a sunny sky over Amsterdam. After a breakfast and a chat with the Help Net Security team, we moved to the rooms. Like yesterday, the main stage is dedicated to women for two keynotes. The first one should be
HITB Amsterdam 2014 Wrap-up Day #1
I’m in Amsterdam for the next two days to attend the new edition of Hack In The Box. This is a special edition with many improvements. First, it’s the fifth edition (already!) and the location changed to “De Beurs van Berlageâ€, a very nice place in the center of the
Project “AirCrack1” : Warflying
If we can put the business and some fun together, so why the hesitation? For a while, I’m playing with flying toys. I already played with different models of RC helicopters and recently, I switched to another category: I bought a quadcopter. The idea to mix the technology of drones with WiFi audits
Infosec VS. Airplane Security
In a previous post, I spoke about the importance of the “context” during a pentest. In a recent project, I faced a situation similar to airplane crashes. Let me explain this… Despites the fact that the crash of an airplane results sometimes in a huge amount of deaths once, airplaines