Back to the presentations… Ezequiel David Gutesman from Core Security Technologies presented a web application fuzzer. Why? Because web applications are very common (used everywhere) and consequences in case of attacks can be dramatic (loss of data, data theft, …) for companies. Countermeasure are WAF’s (Web Application Firewalls) coupled with
Tag: Security
hack.lu Part #4
We’re back for the second day @ hack.lu. I need coffee! First presentation was made by Frank Boldewin. He presented the rootkit Rustock.C aka Ntldrbot. Like a lot of malwares, there was several versions were spread from 2005 to 2008 (when a new version was discovered – version .C). It
hack.lu Part #3
Last presentation of today, Joffrey Czarny presented how to go outside a Citrix context. As a pen-tester and maintainer of the Elsenet project, he explained how a pen-test was performed against a Citrix environment. First, it looked very easy to get a list of published applications! Amazing! Then ICA files
hack.lu Part #2
Back from a coffee break, let’s start the next part! Adam Laurie presented its Python library used to explore RFID devices. RFID devices becomes part of our daily life. Adam focused on ePassports. He made a demo with a passport grabbed from the audience (he had to ask several times,
hack.lu Part #1
hack.lu just started! The first talk was Malware of the future – When mathematics work for the dark side. To be honest, it was very hard in the morning! The speaker, Eric Filiol, flooded the audience with mathematical formulas. I didn’t practice maths for a while! But, and maybe the
Strong(er) Authentication
To perform strong authentication, you need to combine two or more of the following factors: Something you know (a password or PIN code), something you have (a token or a grid card), something you are (your finger print, voice or retina). By mixing those three factors, you can increase your
Don’t Trust Your (Wired) Keyboard Anymore!
Don’t trust your wire keyboard anymore! Computer keyboards, like other components generate electromagnetic waves. “Waves” means that they can be received by a third-party device and analyzed. It’s now done! Check out: Compromising Electromagnetic Emanations Of Wired Keyboards.
NIST: Two New Publications
NIST released two new documents: #1: FIPS Publication 180-3 Secure Hash Standard (SHS) has been released The National Institute of Standards and Technology (NIST) is pleased to announce the approval of Federal Information Processing Standard (FIPS) Publication 180-3, Secure Hash Standard (SHS), a revision of FIPS 180-2. The Federal Register
Do we have a CERT in Belgium?
A few weeks ago, there was some kind debate in Belgium about the need of a CERT (Computer Emergency Response Team). With the growing number of computers and networks incidents reported today, everybody agree to request the setup of a strong CERT infrastructure per country and managed by legal authorities!
Asset Management Using Nmap
Nmap is probably the most known and used open source port scanner on the Internet. I’ll explain how to use this wonderful network toolbox to automate a simple asset management solution. “Know your network!” This is the main focus of this post. Today, having a global and up-to-date overview of