I published the following diary on isc.sans.edu: “How Safe Are Your Docker Images?“: Today, I don’t know any organization that is not using Docker today. For only test and development only or to full production systems, containers are deployed everywhere! In the same way, most popular tools today have a
[SANS ISC] New Waves of Scans Detected by an Old Rule
I published the following diary on isc.sans.edu: “New Waves of Scans Detected by an Old Rule“: Who remembers the famous ShellShock (CVE-2014-6271)? This bug affected the bash shell in 2014 and was critical due to the facts that it was easy to exploit and that bash is a widespread shell
[SANS ISC] How are Your Vulnerabilities?
I published the following diary on isc.sans.org: “How are Your Vulnerabilities?“: Scanning assets for known vulnerabilities is a mandatory process in many organisations. This topic comes in the third position of the CIS Top-20. The major issue with a vulnerability scanning process is not on the technical side but more
[SANS ISC] My Little CVE Bot
I published the following diary on isc.sans.org: “My Little CVE Bot“. The massive spread of the WannaCry ransomware last Friday was another good proof that many organisations still fail to patch their systems. Everybody admits that patching is a boring task. They are many constraints that make this process very
[SANS ISC Diary] Detecting Undisclosed Vulnerabilities with Security Tools & Features
I published the following diary on isc.sans.org: “Detecting Undisclosed Vulnerabilities with Security Tools & Features“. Iâ€™m a big fan of OSSEC. This tools is an open source HIDS and log management tool.Â Although often considered asÂ the “SIEM of the poor”, it integrates a lot of interesting features and is fully configurable
The Best Broth is Made in The Oldest Pot
In 2014, I blogged about security awareness through proverbs. Many proverbs can be used to deliver important security messages. We are now in 2016 and I could add a new one to the long list that I already built: “The Best Broth is Made in The Oldest Pot“ A new
Detecting Suspicious Devices On-The-Fly
Just a link to my guest diary posted today on isc.sans.edu. I briefly introduced a method to perform permanent vulnerability scanning of newly detected hosts. The solutionÂ is based on OSSEC, ArpWatch and Nmap. The article is here.
Heartbleed Impact in Belgium?
“Heartbleed“… Probably one of the top queries typed in search engines for a few weeks! Of course, I followed the story but I did not blog (yet) about it until today. Why repeat again and again what has been said? Some bloggers and analysts wrote very good overviews about this
Pwned or not Pwned?
Just before the announce of the Full-Disclosure shutdown a few days ago, a threadÂ generated a lot of traffic and finally turned into a small flame war. In the beginning of the month, a security researcher reported a vulnerability found on Youtube. According to him, the Google service was suffering of
Logs: For Better or For Worse?
Last week, a vulnerability regarding Apache was disclosed. More precisely, the issue was located on the mod_rewrite module. This module rewrites (now, you understand its name) URLs on the fly. This is very useful during web page migrations, attacks migitations etc. The security flaw does not affect the core feature