During a penetration test, I had to execute specific commands against some IP networks. Those networks were represented under the CIDR form (network/subnet). Being a lazy guy, I spent some time to write a small Python script to solve this problem. The idea was based on the “xargs” UNIX command
Tag: Software
Log Awareness Trainings?
More and more companies organize “security awareness” trainings for their team members. With the growing threats faced by people while using their computers or any connected device, it is definitively a good idea. The goal of such trainings is to make people open their eyes and change their attitude towards security.
The Day Windows XP Died!
Tuesday 8th of April 2014, a page of the computer industry has been turned! Windows XP is dead! Of course, I had to write a blog post about this event. For months now, Microsoft warned its customers that XP won’t be supported starting from today. Do you remember: Windows XPÂ was
OS X: How to Avoid the VPN “Grey Zone”?
Today, the second edition of “Security Friday” was held in Brussels. As mentioned on the website, the goal is “a gathering of people in the IT security field. Getting together for a drink on the last Friday of the month in a bar near you we talk amongst peers about
Integrating OpenERP Within a Cisco IP Phone
For once, this article is not directly related to “infosec“. My blog  isn’t called “/dev/random” for nothing, right? In parallel to my dayly job as an Information Security Consultant and my blogger experience at night, I’m also doing business via my own company, TrueSec (<advertising>Feel free to contact me if you’re
ownCloud and VirusTotal Integration
For a few days, I switched from DropBox to ownCloud and I’m now playing more with the available ‘apps‘. Besides the privacy context, ownCloud seduced me with its add-on feature. Is it possible to install external plug-ins (called ‘apps‘) to add new or improve native features. Of course, downloading and
Goodbye Dropbox!
There is one fact with humans: once they took some habits (in this case – bad habits), it’s very difficult to ask them change their behavior! It’s even true in information security. Today, we have access to plenty of awesome online applications which help us in our day-to-day activities. Thank
Review: Instant OSSEC Host-Based Intrusion Detection System
The guys from Packt Publishing asked me to review a new book from their “Instant” collection: “OSSEC Host-Based Intrusion Detection“. This collection proposes books with less than 100 pages about multiple topics. The goal is to go straight forward to the topic. OSSEC being one of my favorite application, I
“Out of the Box” SIEM? Never…
A reflexion about the multiple SIEM (“Security Information and Event Management“) products available on the market… I’m currently working with a customer on a big SIEM implementation in an environment that must be PCI compliant and integrates a multitude of devices coming from non-heterogenous security vendors (big-players). Security visualization being
Improving File Integrity Monitoring with OSSEC
FIM or “File Integrity Monitoring” can be defined as the process of validating the integrity of operating system and applications files with a verification method using a hashing algorythm like MD5 or SHA1 and then comparing the current file state with a baseline. A hash will allow the detection of files content modification but