For a while, DDoS are back on stage and one of the classic techniques still used today is the DNS Amplification attack. I won’t explain again the ins and outs, there are plenty of websites available which describe it – like the good article from CERT.be. This type of attack is
Tag: Security
No Customers Were Harmed In This Attack…
I don’t know if you already noticed but it looks to be a never-ending story: Companies got pwned and data leaked on the Internet pastebin.com. Then starts the game of press releases… Most companies try to reduce the impact of the breach they suffered and it looks like Holliwood movies
Post-Analysis of My WordPress Bruteforce Attack
A few days weeks ago, I wrote a blog post (link) about a (unsuccessful) WordPress bruteforce attack agains this site. I captured the attackers’ traffic in a big pcap file. It was a good opportunity to perform a quick analysis to try to extract some statistics. Here follow more details
CIPS: EU Sponsorship to Protect Against Terrorism & Security Risks
Today I read an interesting document which landed into my mailbox. It’s about a call for proposals initiated by the European Commission “Home Affairs” DG. The document was a CFP (“Call For Participation“) part of the programme called “Prevention, Preparedness and Consequence Management of  Terrorism and other Security related Risks
Playing The “Pass The Bomb” Game?
Do you remember the “Pass The Bomb” game? All kids played this game at least once. The principle is simple and funny. There is bomb which is programmed to explode after a random time. Players must pass the bomb from hand to hand and say a new word which must contain
La Nuit du Hack 2013 Wrap-Up
My clock tower is completed! I left home yesterday at 6AM to Disneyland Ressort Paris and I’m just back at 6AM. It’s too late to go to bed so I finished to write my Nuit du Hack wrap-up. This was the first time I attended this event. During the last
Proud of My First Targeted Attack… or Not!
Connecting a server to the Intertubes is like connecting it to the wild. There are plenty of bots (thousands? millions?) scanning IP addresses for vulnerable services. Once a service is enabled on an IP address, you don’t have to wait a long time before detecting incoming traffic! One of the
Crime Convergence
Convergence isn’t a new fact in information security. For a while, we’re speaking about “security convergence” while two, at the beginning, distinct principles or functions are mixed to tend toward or achieve union or a common conclusion or result (as defined by Wikipedia). A good example is the combination of
File Integrity Monitoring for the Poor
For most organizations, security has a huge impact on budgets… except if you’re called the NSA and must deploy a massive surveillance program! Every time you need money, you have to fight with your boss or finance guys to get some bucks after explaining why a new piece of software,
June 2013 OWASP Belgium Chapter Meeting Wrap-Up
I’m back from the last OWASP Belgium chapter meeting. Here is a quick wrap-up. Classic scenario, the event started with Seba who gave some updates about the OWASP foundation. Today’s event was part of a bigger one called the OWASP European Tour. During a few weeks, all European chapters organise