Skip to content
/dev/random

/dev/random

"If the enemy leaves a door open, you must rush in." – Sun Tzu

  • About Me
    • About Me
    • Online Presentations
    • PGP Public Key
  • Disclaimer
  • Tools
    • alerts2afterglow
    • hoover
    • inotes.py
    • known_hosts_bruteforcer
    • pastemon
    • oplb
    • ossec_dashboard
    • ossec2dshield
    • twittermon
    • rrhunter
    • syslog2loggly

Tag: Threat

SANS ISC

[SANS ISC] Hunting for Suspicious Processes with OSSEC

September 20, 2018 OSSEC, SANS Internet Storm Center, Security 2 comments

I published the following diary on isc.sans.edu: “Hunting for Suspicious Processes with OSSEC“: Here is a quick example of how OSSEC can be helpful to perform threat hunting. OSSEC  is a free security monitoring tool/log management platform which has many features related to detecting malicious activity on a live system like the

Continue reading »

PaloAlto Firewall Threat Monitoring Using OSSEC

October 14, 2010 Security, Software 4 comments

Usually, I don’t speak or even try to give references to commercial security products on my blog. Why? Just because, my philosophy is the following: “First analyze the problems and then choose the right solution(s)“. The proposed solution could be commercial or free, hardware or software based, who cares? If

Continue reading »

Yellow? Green? Red? The Security Rainbow Sky…

January 18, 2010 Net, Security Leave a comment

There was an interesting post on the diary page of isc.sans.org yesterday: Some readers asked why ISC did not switch the InfoCon status to yellow due to the recent IE 0-day exploit. The on-duty ISC handler explained the situation and why they decided to stay “Green”. The following question popped

Continue reading »

Stay in Touch

RSS Twitter LinkedIn

Upcoming Events

Here is a list of events that I will attend and cover via Twitter and wrap-ups. Ping me if you want to meet! The list is regularly updated.

SANS Brussels February 2019
OSSEC Conference 2019
BruCON Spring Training

Recent Articles

  • Detecting Mobile Phones Close to Your Location
  • [SANS ISC] Old H-Worm Delivered Through GitHub
  • [SANS ISC] Suspicious PDF Connecting to a Remote SMB Share
  • [SANS ISC] Phishing Kit with JavaScript Keylogger
  • [SANS ISC] Tracking Unexpected DNS Changes

Popular Articles

  • Show me your SSID’s, I’ll Tell Who You Are! 32,621 views
  • Keep an Eye on SSH Forwarding! 29,175 views
  • Sending Windows Event Logs to Logstash 26,141 views
  • Check Point Firewall Logs and Logstash (ELK) Integration 21,455 views
  • Socat, Another Network Swiss Army Knife 19,239 views
  • Forensics: Reconstructing Data from Pcap Files 17,790 views
  • Vulnerability Scanner within Nmap 17,579 views
  • dns2tcp: How to bypass firewalls or captive portals? 17,168 views
  • Post-BruCON Experience – Running a Wall of Sheep in the Wild 15,191 views
  • Bash: History to Syslog 11,785 views

Recent Tweets

  • [/dev/random] Detecting Mobile Phones Close to Your Location blog.rootshell.be/2019/02/19/d…

    Yesterday at 22:07

  • I’ll be there! :-) twitter.com/PhilHagen/status/1…

    Yesterday at 15:29

  • "When #Splunk meets #ATT&CK": Threat Hunting with MITRE’s ATT&CK using Splunk securityaffairs.co/wordpress/8…

    Yesterday at 07:21

  • This HTML page is more than 20y old!? #PreviousTweet #JurassicWeb pic.twitter.com/pgl8P0BPvl

    February 18, 2019 23:47

  • I’m trying to understand the purpose of this output… bug? /Cc @certbe pic.twitter.com/0BUAUij3lP

    February 18, 2019 23:42

Time Machine

RSS NVD Vulnerabilities Feed

  • CVE-2019-0256 (business_one) February 15, 2019
    Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would otherwise be restricted.
  • CVE-2019-6974 (linux_kernel) February 15, 2019
    In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
  • CVE-2019-8347 (beescms) February 15, 2019
    BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user URI.
  • CVE-2019-8345 (es_file_explorer_file_manager) February 15, 2019
    The Help feature in the ES File Explorer File Manager application 4.1.9.7.4 for Android allows session hijacking by a Man-in-the-middle attacker on the local network because HTTPS is not used, and an attacker's web site is displayed in a WebView with no information about the URL.
  • CVE-2019-8341 (jinja2) February 15, 2019
    An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI.
  • CVE-2019-8343 (netwide_assembler) February 15, 2019
    In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.
  • CVE-2019-6589 (big-ip_access_policy_manager, big-ip_advanced_firewall_manager, big-ip_analytics, big-ip_application_acceleration_manager, big-ip_application_security_manager, big-ip_domain_name_system, big-ip_edge_gateway, big-ip_fraud_protection_service, big-ip_global_traffic_manager, big-ip_link_controller, big-ip_local_traffic_manager, big-ip_policy_enforcement_manager, big-ip_webaccelerator) February 14, 2019
    On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP configuration utility.
  • CVE-2018-6271 (android) February 13, 2019
    NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software delivers extra data with the buffer and does not properly validated the extra data, which may lead to denial of service or escalation of privileges. Android ID: A-80198474.
Copyright Xavier Mertens © 2003-2018 | Powered by Xavier Mertens Consulting.
This website uses cookies to improve your experience. By using our services, you agree to our use of cookies. Accept Learn more