http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2016-03-03 21:46:48 - dev random : MISP Malware Information Sharing Platform is a free software which was initially created by the Belgian Defence to exchange IOC s with partners like the NCIRC NATO Today it became an independent project and is mainly developed by a group of motivated people MISP is mainly used by CERT s Computer Emergency Response Team but also private companies to exchange thousands on IOC s on a daily basis MISP Read More The post Running MISP in a Docker Container has been first published on dev random http://www.secuobs.com/revue/news/600094.shtmlhttp://www.secuobs.com/revue/news/600094.shtml Secuobs.com : 2016-02-29 23:20:44 - dev random - On a daily basis, I m looking for malicious emails I own catch-all mailboxes that collect a huge amount of spam that I m using to perform deeper analysis to discover new tactics used by attackers and new piece of malicious code Basically, they are two categories of phishing campaigns the one sent to a large base of potential victims and the one targeting only one victim one person Read More The post How to Not Send Corporate Emails has been first published on dev random http://www.secuobs.com/revue/news/599701.shtmlhttp://www.secuobs.com/revue/news/599701.shtml Secuobs.com : 2016-02-22 20:52:12 - dev random - Honestly, I never really played with Docker but For a few weeks, I succumbed to the temptation of playing with Docker thanks to a friend who s putting everything in docker containers If you still don t know Docker, here is a very brief introduction Docker lets you run applications in a container In this container, the application will find all its required components to run smoothly code, scripts, libraries, Read More The post Incident Handling with Docker Containers has been first published on dev random http://www.secuobs.com/revue/news/599017.shtmlhttp://www.secuobs.com/revue/news/599017.shtml Secuobs.com : 2016-02-22 15:52:57 - dev random - The following diary was published on iscsansorg Reducing False Positives with Open Data Sources The post SANS ISC Diary Reducing False Positives with Open Data Sources has been first published on dev random http://www.secuobs.com/revue/news/598988.shtmlhttp://www.secuobs.com/revue/news/598988.shtml Secuobs.com : 2016-02-19 15:36:53 - dev random - The following diary was published on iscsansorg Hunting for Executable Code in Windows Environments The post SANS ISC Diary Hunting for Executable Code in Windows Environments has been first published on dev random http://www.secuobs.com/revue/news/598806.shtmlhttp://www.secuobs.com/revue/news/598806.shtml Secuobs.com : 2016-02-08 21:12:23 - dev random - The following diary was published on iscsansorg More Malicious JavaScript Obfuscation The post SANS ISC Diary More Malicious JavaScript Obfuscation has been first published on dev random http://www.secuobs.com/revue/news/597678.shtmlhttp://www.secuobs.com/revue/news/597678.shtml Secuobs.com : 2016-02-08 16:59:25 - dev random - The post The Best Broth is Made in The Oldest Pot has been first published on dev random In 2014, I blogged about security awareness through proverbs Many proverbs can be used to deliver important security messages We are now in 2016 and I could add a new one to the long list that I already built The Best Broth is Made in The Oldest Pot A new malware, called T9000, has been recently discovered by Palo Alto Networks It specifically targets Skype users Read More The post The Best Broth is Made in The Oldest Pot has been first published on dev random http://www.secuobs.com/revue/news/597662.shtmlhttp://www.secuobs.com/revue/news/597662.shtml Secuobs.com : 2016-02-03 10:04:20 - dev random - The post SANS ISC Diary Automating Vulnerability Scans has been first published on dev random The following diary was published on iscsansorg Automating Vulnerability Scans The post SANS ISC Diary Automating Vulnerability Scans has been first published on dev random http://www.secuobs.com/revue/news/597202.shtmlhttp://www.secuobs.com/revue/news/597202.shtml Secuobs.com : 2016-01-29 10:34:43 - dev random - The post SANS ISC Diary Scripting Web Categorization has been first published on dev random The following diary was published on iscsansorg Scripting Web Categorization The post SANS ISC Diary Scripting Web Categorization has been first published on dev random http://www.secuobs.com/revue/news/596838.shtmlhttp://www.secuobs.com/revue/news/596838.shtml Secuobs.com : 2016-01-15 13:51:43 - dev random - The post SANS ISC Diary JavaScript Deobfuscation Tool has been first published on dev random The following diary was published on iscsansorg JavaScript Deobfuscation Tool The post SANS ISC Diary JavaScript Deobfuscation Tool has been first published on dev random http://www.secuobs.com/revue/news/595706.shtmlhttp://www.secuobs.com/revue/news/595706.shtml Secuobs.com : 2016-01-11 09:08:38 - dev random - The post SANS ISC Diary Virtual Bitlocker Containers has been first published on dev random The following diary was published on iscsansorg Virtual Bitlocker Containers The post SANS ISC Diary Virtual Bitlocker Containers has been first published on dev random http://www.secuobs.com/revue/news/595304.shtmlhttp://www.secuobs.com/revue/news/595304.shtml Secuobs.com : 2016-01-08 23:40:50 - dev random - The post Refugees Need Some Help Also From Techies has been first published on dev random Everybody is aware of the massive amount of refugees crossing Europe borders to try to find a better life I won t start a debate about this, it s not the goal of this blog But, when I was contacted by a friend who asked me if I could help some refugees in Belgium, I decided to make my very little contribution to help them The world Read More The post Refugees Need Some Help Also From Techies has been first published on dev random http://www.secuobs.com/revue/news/595217.shtmlhttp://www.secuobs.com/revue/news/595217.shtml Secuobs.com : 2015-12-31 16:31:00 - dev random - The post SANS ISC Diary Hunting for Juicy Information has been first published on dev random The following diary was published on iscsansorg Hunting for Juicy Information The post SANS ISC Diary Hunting for Juicy Information has been first published on dev random http://www.secuobs.com/revue/news/594601.shtmlhttp://www.secuobs.com/revue/news/594601.shtml Secuobs.com : 2015-12-30 09:03:09 - dev random - The post The Truth is in Your Logs has been first published on dev random Keeping an eye on logs is boring but mandatory Hopefully, sometimes it can reveal funny stuffs It looks like people at the CCC are having some fun too while their annual conference is ongoing Here is what I got in my Apache logs this morning 151217177200 - - 30 Dec 2015 06 51 22 0100 DELETE your logs Delete your installations Wipe everything clean Walk out into the Read More The post The Truth is in Your Logs has been first published on dev random http://www.secuobs.com/revue/news/594459.shtmlhttp://www.secuobs.com/revue/news/594459.shtml Secuobs.com : 2015-12-28 18:05:46 - dev random - The post Physical Access Pwn3d has been first published on dev random This is becoming a buzz in Belgium in this holidays period and all media are busy to relay it One of the biggest advertising panel in Brussels has been hacked Sitting on top of a building, Place de Broeckere, it is well known from the people of Brussels If it is usually displaying Coca-Cola ads, it started to display funny pictures on the 8th of December Read More The post Physical Access Pwn3d has been first published on dev random http://www.secuobs.com/revue/news/594266.shtmlhttp://www.secuobs.com/revue/news/594266.shtml Secuobs.com : 2015-12-24 12:46:40 - dev random - The post SANS ISC Diary Unity Makes Strength has been first published on dev random The following diary was published on iscsansorg Unity Makes Strength The post SANS ISC Diary Unity Makes Strength has been first published on dev random http://www.secuobs.com/revue/news/594154.shtmlhttp://www.secuobs.com/revue/news/594154.shtml Secuobs.com : 2015-12-24 00:00:11 - dev random - The post Managing Palo Alto Firewalls Custom URL Categories has been first published on dev random Palo Alto Networks firewalls are very popular due to the huge amount of features they provide in a unique chassis Besides the traditional traffic inspection, they can play up to the 7th layer of the ISO model The rule base can contain rules which inspect the web traffic and prevent users to access specific URLs The classic model used is the URLs categorization in multiple topics Read More The post Managing Palo Alto Firewalls Custom URL Categories has been first published on dev random http://www.secuobs.com/revue/news/594112.shtmlhttp://www.secuobs.com/revue/news/594112.shtml Secuobs.com : 2015-12-10 00:09:02 - dev random - The post SANS ISC Diary Enforcing USB Storage Policy with PowerShell has been first published on dev random The following diary was published on iscsansorg Enforcing USB Storage Policy with PowerShell The post SANS ISC Diary Enforcing USB Storage Policy with PowerShell has been first published on dev random http://www.secuobs.com/revue/news/592676.shtmlhttp://www.secuobs.com/revue/news/592676.shtml Secuobs.com : 2015-12-07 21:40:18 - dev random - The post Email Tracking for Dummies has been first published on dev random Recently, I was involved in an incident handling mission to find how some confidential emails were being tracked Let s imagine a first scenario Alice sends a mail to Bob Bob reads Alice s email and Alice gets notified Nothing special, this is a standard feature offered by most commercial messaging solutions But the second scenario is more interesting Bob forwards Alice s email to Chris Chris reads Read More The post Email Tracking for Dummies has been first published on dev random http://www.secuobs.com/revue/news/592347.shtmlhttp://www.secuobs.com/revue/news/592347.shtml Secuobs.com : 2015-12-04 21:29:48 - dev random - The post Botconf 2015 Wrap-Up Day 3 has been first published on dev random And here is my wrap-up for the third day of the conference Again a bunch of interesting talks The first to join the floor was Yonathan Klijnsma who presented a nice history of the famous ransomware Cryptowall This ransomware has already multiple versions and involved after each of them It started to spread in November 2013 and implemented a unique ID, HTTP based communication with the Read More The post Botconf 2015 Wrap-Up Day 3 has been first published on dev random http://www.secuobs.com/revue/news/592156.shtmlhttp://www.secuobs.com/revue/news/592156.shtml Secuobs.com : 2015-12-04 01:53:59 - dev random - The post Automatic MIME Attachments Triage has been first published on dev random A few weeks ago I posted a diary on the ISC SANS website about a script to automate the extraction and analyze of MIME attachments in emails Being the happy owner of an old domain 15y , this domain is present in all spammer s mailing lists I m receiving a lot of spam and I like it It helps me to collect interesting files and URLs But Read More The post Automatic MIME Attachments Triage has been first published on dev random http://www.secuobs.com/revue/news/592048.shtmlhttp://www.secuobs.com/revue/news/592048.shtml Secuobs.com : 2015-12-04 01:13:14 - dev random - The post Botconf 2015 Wrap-Up Day 2 has been first published on dev random After a short night due to social events and business related tasks, I joined the Google offices to follow a bunch of interesting presentations If Botconf offers a great set of presentations, that s also a good place for networking and to talk about infosecurity topics while having very nice food Here is my wrap-up for the second day which was of the same quality as Read More The post Botconf 2015 Wrap-Up Day 2 has been first published on dev random http://www.secuobs.com/revue/news/592043.shtmlhttp://www.secuobs.com/revue/news/592043.shtml Secuobs.com : 2015-12-02 23:00:59 - dev random - The post Botconf 2015 Wrap-Up Day 1 has been first published on dev random Here we go for a new edition of the Botconf edition Already the third one This conference is moving every year across France and, after Nantes and Nancy, the organizers chose Paris and more precisely the Google France venue Really a nice one, typically in the Google atmosphere I commuted from Belgium early and arrived in time to grab some coffee and attend the opening session by Read More The post Botconf 2015 Wrap-Up Day 1 has been first published on dev random http://www.secuobs.com/revue/news/591908.shtmlhttp://www.secuobs.com/revue/news/591908.shtml Secuobs.com : 2015-11-17 17:47:18 - dev random - The post Developers Are still From Mars, Infosec People still From Venus has been first published on dev random In March 2011, Brian Honan contributed to an issue of the INSECURE magazine with an article called Management are from Mars, information security professional are from Venus This title comes from the John Gray s worldwide bestseller where he presents the relations between men and women Still today, we can reuse this subject for many purposes Last week, I had the opportunity to attend two major events, both in Read More The post Developers Are still From Mars, Infosec People still From Venus has been first published on dev random http://www.secuobs.com/revue/news/590317.shtmlhttp://www.secuobs.com/revue/news/590317.shtml Secuobs.com : 2015-11-13 23:05:12 - dev random - The post Black Hat Europe 2015 Wrap-Up has been first published on dev random Here is my quick wrap-up of Black Hat Europe 2015 which just terminated today Due to a high workload, I joined Amsterdam only today to attend the second day of briefings and I m not disappointed As usual, there was very interesting sessions and other less attractive I also missed a very nice one based on friends feedback That s always the same issue with multi-tracks events Read More The post Black Hat Europe 2015 Wrap-Up has been first published on dev random http://www.secuobs.com/revue/news/590035.shtmlhttp://www.secuobs.com/revue/news/590035.shtml Secuobs.com : 2015-11-05 08:39:39 - dev random - The post The Mobile Network Iceberg has been first published on dev random This is not a breaking news The Internet of Things or connected objects is growing at the speed of the light To convince the skeptics, just have a look at shodanio to easily find plenty of devices that are or should not be online A few days ago, I was discussing with a customer about an incident he faced A corporate laptop was compromized via its 3G connectivity Read More The post The Mobile Network Iceberg has been first published on dev random http://www.secuobs.com/revue/news/589119.shtmlhttp://www.secuobs.com/revue/news/589119.shtml Secuobs.com : 2015-10-22 21:07:55 - dev random - The post Hacklu 2015 Wrap-Up Day 3 has been first published on dev random I just drove back to home after the 11th edition of hacklu As always, it was an amazing event organized by, amongst others, many team members of the CIRCL So, let s write a quick wrap-up for this third day Some talk will be less covered due to interesting chat sessions with a lot of infosec peers Like yesterday, this day started with a high level talk Why Read More The post Hacklu 2015 Wrap-Up Day 3 has been first published on dev random http://www.secuobs.com/revue/news/587670.shtmlhttp://www.secuobs.com/revue/news/587670.shtml Secuobs.com : 2015-10-22 00:40:30 - dev random - The post Hacklu 2015 Wrap-Up Day 2 has been first published on dev random Here we go with my wrap-up for the second day After some coffee and pastries, the day started hardly with a very technical talk Samuel Chevet Clément Rouault presented their research about Windows local kernel debugging Kernel debugging does not mean always being used for the bad, it can also be used for good purposes When For reverse engineering, exploit or driver development or for Read More The post Hacklu 2015 Wrap-Up Day 2 has been first published on dev random http://www.secuobs.com/revue/news/587566.shtmlhttp://www.secuobs.com/revue/news/587566.shtml Secuobs.com : 2015-10-20 23:32:19 - dev random - The post Hacklu 2015 Wrap-Up Day 1 has been first published on dev random Today started the 11th edition of hacklu in Luxembourg Being one of my preferred event, I drove to Luxembourg this morning direction to the Alvisse Parc hotel The first day started with a security breakfast and a round table Marie Moe talked about medical devices The topic was How to improve cyber safety of medical devices Marie talked more precisely about pacemakers She has one and her life Read More The post Hacklu 2015 Wrap-Up Day 1 has been first published on dev random http://www.secuobs.com/revue/news/587425.shtmlhttp://www.secuobs.com/revue/news/587425.shtml Secuobs.com : 2015-09-24 12:02:33 - dev random - The post Tracking Administrator Sessions in Windows Environments has been first published on dev random Tracking users with privileged access is a critical task in your security policy SANS Critical Security Control 12 If the key point is to restrict the number of power users to the lowest, it s not always easy Most of them will argue that they need administrator rights to be able to perform their job in a convenient way Really Tell me more The goal of this Read More The post Tracking Administrator Sessions in Windows Environments has been first published on dev random http://www.secuobs.com/revue/news/584534.shtmlhttp://www.secuobs.com/revue/news/584534.shtml Secuobs.com : 2015-09-21 20:14:10 - dev random - The post Good IOC VS Bad IOC When Automation Fails has been first published on dev random A few days ago, I wrote a diary on the SANS ISC website about automating the search for IOC s Indicator of Compromise The use of tools to collect such information IP addresses, domains, hashes, is very useful to build a list of interesting IOC s or not Today, I wrote another diary about the recent threat that Apple faced with hundreds of malicious apps accepted on the Read More The post Good IOC VS Bad IOC When Automation Fails has been first published on dev random http://www.secuobs.com/revue/news/584199.shtmlhttp://www.secuobs.com/revue/news/584199.shtml Secuobs.com : 2015-09-18 18:44:33 - dev random - The post Hacklu Is Coming has been first published on dev random The next edition of the hacklu conference is coming soon In approximatively one month, many infosec professionals will join Luxembourg to attend this event and I ll also be there I m attending Hacklu since 2008 and it remains one of my preferred event What can we expect from the 2015 edition Here is a quick overview of all the scheduled activities The event starts always with Read More The post Hacklu Is Coming has been first published on dev random http://www.secuobs.com/revue/news/583980.shtmlhttp://www.secuobs.com/revue/news/583980.shtml Secuobs.com : 2015-09-04 09:27:10 - dev random - The post How to Kick-Out the Bad Guy has been first published on dev random A quick blog post about an issue I faced this morning While drinking my morning coffee and reviewing what happened during the last night in my logs, I detected that one of my website leakedincom was entirely mirrored by a guy from Brazil I m not against sharing information but in this case, it was consuming bandwidth and server resources for nothing I was time to kick him Read More The post How to Kick-Out the Bad Guy has been first published on dev random http://www.secuobs.com/revue/news/582412.shtmlhttp://www.secuobs.com/revue/news/582412.shtml Secuobs.com : 2015-08-24 14:47:52 - dev random - The post Sending Windows Event Logs to Logstash has been first published on dev random This topic is not brand new, there exists plenty of solutions to forward Windows event logs to Logstash OSSEC, Snare or NXlog amongst many others They perform a decent job to collect events on running systems but they need to deploy extra piece of software on the target operating systems For a specific case, I was looking for a solution to quickly transfer event logs from a live Read More The post Sending Windows Event Logs to Logstash has been first published on dev random http://www.secuobs.com/revue/news/581136.shtmlhttp://www.secuobs.com/revue/news/581136.shtml Secuobs.com : 2015-07-28 20:36:40 - dev random - This blogpost has also been published as a guest diary on iscsansorg Visualisation is a key when you need to keep control of what s happening on networks which carry daily tons of malicious files virustotalcom is a key player in fighting malwares on a daily basis Not only, you can submit and search for samples on their website but they also provide an API to integrate Read More http://www.secuobs.com/revue/news/578629.shtmlhttp://www.secuobs.com/revue/news/578629.shtml Secuobs.com : 2015-07-28 10:57:11 - dev random - Yesterday, It was the first time that I heard the expression Social Engineering in Belgian public media If this topic came in the news, you can imagine that something weird or juicy from a journalist perspective happened The Flemish administration had the good idea to test the resistance of their 15K officials against a phishing attack As people remain the weakest link, it sounds a good initiative Read More http://www.secuobs.com/revue/news/578556.shtmlhttp://www.secuobs.com/revue/news/578556.shtml Secuobs.com : 2015-07-14 18:18:05 - dev random - Often, as security professionals, we tend to blame our users Not all people are security aware and take the right decision when facing a potential security issue Yes, we know they click, they open, they answer questions, they trust, But let s be realistic, sometimes they make bad actions just because of us Our mission is to protect our employer s or customer s data and their team members against more Read More http://www.secuobs.com/revue/news/577044.shtmlhttp://www.secuobs.com/revue/news/577044.shtml Secuobs.com : 2015-07-08 09:49:45 - dev random - Yesterday, I talked at RMLL Rencontres Mondiales du Logiciel Libre or LSM in English Libre Sofware Meeting held in Beauvais, France The presentation title was HOME Sweet HOME and covered the security of our home networks regarding the invasion of connected gadgets also known as the Internet of Things I gave some tips tricks to improve your security when you connect such devices on your Read More http://www.secuobs.com/revue/news/576440.shtmlhttp://www.secuobs.com/revue/news/576440.shtml Secuobs.com : 2015-07-04 02:18:50 - dev random - Here is a quick wrap-up about the just-ended BSidesLisbon event This is the second edition of this BSides event organized in Portugal The philosophy of those events is well known organized by and for the community, free, open and creating a lot of opportunities to meet peers A classic but effective organization talks, lightning talks, a CTF but two tracks in parallel Here is a Read More http://www.secuobs.com/revue/news/576163.shtmlhttp://www.secuobs.com/revue/news/576163.shtml Secuobs.com : 2015-06-27 00:49:48 - dev random - A few weeks ago I blogged about The Art of Logging and explained why it is important to log efficiently to increase changes to catch malicious activities They are other ways to catch bad guys, especially when they make errors, after all they are humans too But it goes the other way around too with system administrators Last week, a customer asked me to investigate Read More http://www.secuobs.com/revue/news/575631.shtmlhttp://www.secuobs.com/revue/news/575631.shtml Secuobs.com : 2015-06-04 02:14:41 - dev random - Here is a quick wrap-up of the just finished BSidesLondon It was already the 5th edition and my 5th participation This year, they moved to a new location close to Earls Court where is organized InfoSec Europe at the same time, good idea for those who want to attend both worlds Hackers wearing t-shirts VS Vendors wearing ties This year, it was just a one-day Read More http://www.secuobs.com/revue/news/572953.shtmlhttp://www.secuobs.com/revue/news/572953.shtml Secuobs.com : 2015-06-02 16:23:33 - dev random - This blogpost has also been published as a guest diary on iscsansorg When investigating incidents or searching for malicious activity in your logs, IP reputation is a nice way to increase the reliability of generated alerts It can help to prioritize incidents Let s take an example with a WordPress blog It will, sooner or later, be targeted by a brute-force attack on the default wp-admin page In Read More http://www.secuobs.com/revue/news/572798.shtmlhttp://www.secuobs.com/revue/news/572798.shtml Secuobs.com : 2015-05-22 15:04:20 - dev random - It s a fact, in industries or on building sites, professional people make mistakes or, worse, get injured Why Because their attention is reduced at a certain point When you re doing the same job all day long, you get tired and lack of concentration The same can apply in information security For a long time, more and more solutions are deployed in companies to protect their data and users Just Read More http://www.secuobs.com/revue/news/571675.shtmlhttp://www.secuobs.com/revue/news/571675.shtml Secuobs.com : 2015-05-18 19:02:35 - dev random - The SSL and TLS protocols have been on the front of the stage for months Besides many vulnerabilities disclosed in the OpenSSL library, the deployment of SSL and TLS is not always easy They are weak cyphers like RC4 , weak signatures, certificates issues self-signed, expiration or fake ones Other useful features are mis-understood and not often not configured like PFS Perfect Forward Secrecy Encryption effectiveness is directly related Read More http://www.secuobs.com/revue/news/571122.shtmlhttp://www.secuobs.com/revue/news/571122.shtml Secuobs.com : 2015-05-08 17:20:15 - dev random - Just a quick post about a problem that security analysts are facing daily For a while, malicious Office documents are delivered with OLE objects containing VBA macros Bad guys are always using obfuscation techniques to make the analysis more difficult and try to bypass basic filters This makes the analysis not impossible but boring and time consuming As example, we see more and more VBA Read More http://www.secuobs.com/revue/news/570174.shtmlhttp://www.secuobs.com/revue/news/570174.shtml Secuobs.com : 2015-05-07 19:27:29 - dev random - This blogpost has been published as a guest diary on iscsansorg Handling log files is not a new topic For a long time, people should know that taking care of your logs is a must have They are very valuable when you need to investigate an incident But, if collecting events and storing them for later processing is one point, events must be properly generated to Read More http://www.secuobs.com/revue/news/570074.shtmlhttp://www.secuobs.com/revue/news/570074.shtml Secuobs.com : 2015-04-29 22:59:27 - dev random - A few days ago, I proposed a challenge to solve The first ten people, who solved it, won a free ticket to attend the security conference Hack in Paris in June Thanks to all the players If all tickets were assigned after a few days, some people did not solve the challenge and asked me to publish a small wrap-up with the solution The challenge Read More http://www.secuobs.com/revue/news/569194.shtmlhttp://www.secuobs.com/revue/news/569194.shtml Secuobs.com : 2015-04-24 18:56:06 - dev random - Like the previous two years, I m happy to be a media partner of the French security conference Hack in Paris The schedule is now online, great talks are foreseen As a media partner, I receive a bunch of coupons for you They will allow you to attend the two-days event for free Wanna play The challenge starts by downloading this file Be curious As usual, every Read More http://www.secuobs.com/revue/news/568705.shtmlhttp://www.secuobs.com/revue/news/568705.shtml Secuobs.com : 2015-04-07 21:00:17 - dev random - This blogpost has also been published as a guest diary on iscsansorg Like everybody, I m receiving a lot of spam everyday but I like it All unsocilited received messages are stored in a dedicated folder for two purposes An automatic processing via my tool mime2vt A manual review at regular interval This helps me to find new types of spams or new techniques used by attackers Read More http://www.secuobs.com/revue/news/566395.shtmlhttp://www.secuobs.com/revue/news/566395.shtml Secuobs.com : 2015-03-20 00:30:42 - dev random - This is my wrap-up for the second day of Troopers15 Before the review of the talks, a few words about the conference The venue is really nice as well as the facilities A good WiFi coverage IPv4 IPv6 and even a dedicated GSM network Troopers SIM card were available for free at the reception desk Besides the classic activities, a charity auction was also organized to Read More http://www.secuobs.com/revue/news/564151.shtmlhttp://www.secuobs.com/revue/news/564151.shtml Secuobs.com : 2015-03-19 04:27:17 - dev random - This is my first Troopers conference I already heard lot of positive comƒments about this event but I never attended it As I ll start a new job position soon, I had the opportunity to take some days off to join Heidelberg in Germany The conference is split across two days and three tracks attack research , defence management and a special one dedicated to Read More http://www.secuobs.com/revue/news/564008.shtmlhttp://www.secuobs.com/revue/news/564008.shtml Secuobs.com : 2015-03-17 09:53:14 - dev random - This blogpost has also been published as a guest diary on iscsansorg Writing documentation is a pain for most of us but mandatory Pentesters and auditors don t like to write their reports once the funny stuff has been completed It is the same for the developers Writing code and developing new products is fun but good documentation is often missing By documentation, I mean network documentation Read More http://www.secuobs.com/revue/news/563715.shtmlhttp://www.secuobs.com/revue/news/563715.shtml Secuobs.com : 2015-03-13 11:48:04 - dev random - CMS or Content Management Systems became vey common for a few years Popular CMS are WordPress, Drupal or Joomla You can rent some space at a hosting provider for a few bucks or even find free hosting platforms You can deploy them in a few minutes on your own server Then, you just have to focus on the content No need to learn CSS HTML For me, modern Read More http://www.secuobs.com/revue/news/563307.shtmlhttp://www.secuobs.com/revue/news/563307.shtml Secuobs.com : 2015-03-04 11:28:26 - dev random - An 0-day vulnerability has been posted on Full-Disclosure this morning It affects the MongoDB GUI phpMoAdmin The GUI is similar to the well-known phpMyAdmin and allows the DB administrator to perform maintenance tasks on the MongoDB databases with the help of a nice web interface The vulnerability is critical because it allows to perform remote code execution without being authenticated All details are available in this Full-Disclosure Read More http://www.secuobs.com/revue/news/562079.shtmlhttp://www.secuobs.com/revue/news/562079.shtml Secuobs.com : 2015-02-26 23:21:15 - dev random - I had an interesting discussion with a friend this morning He explained that, when he is conducting a pentest, he does not hesitate to add sometimes in his report a specific finding regarding the lack of attention given to the previous reports If some companies are motivated by good intentions and ask for regular pentests against their infrastructure or a specific application, what if they even don t Read More http://www.secuobs.com/revue/news/561377.shtmlhttp://www.secuobs.com/revue/news/561377.shtml Secuobs.com : 2015-02-25 00:03:57 - dev random - Tonight the first Belgium OWASP chapter meeting of the year 2015 was organized in Leuven Next to the SecAppDev event also organised in Belgium last week, many nice speakers were present in Belgium It was a good opportunity to ask them to present a talk at a chapter meeting As usual, Seba opened the event and reviewed the latest OWASP Belgium news before giving the word to Read More http://www.secuobs.com/revue/news/560985.shtmlhttp://www.secuobs.com/revue/news/560985.shtml Secuobs.com : 2015-02-19 16:47:08 - dev random - As a pentester, I m always trying to find new gadgetstools to improve my toolbox A few weeks ago, I received my copy of Dr Philip Polstra s book Hacking and Penetration Testing with Low Power Devices ISBN 978-0-12-800751-8 I had a very interesting chat with Phil during the last BruCON edition and I was impressed by his lunch box That s why I decided to buy his Read More http://www.secuobs.com/revue/news/560252.shtmlhttp://www.secuobs.com/revue/news/560252.shtml Secuobs.com : 2015-02-04 23:49:15 - dev random - Is swf the new wtf What s happening with the Flash player The Adobe s multimedia platform has been targeted by multiple 0-days since the beginning of 2015 Just have a look on cvedetailscom Two days ago, security researchers at TrendMicro found another one It is identified as CVE-2015-0313 Bored by the multiple patches released by Adobe and the impact on the deployment, many security people are brainstorming Read More http://www.secuobs.com/revue/news/558099.shtmlhttp://www.secuobs.com/revue/news/558099.shtml Secuobs.com : 2015-01-08 23:24:16 - dev random - A quick blog post which popped up in my mind after a friend posted a question on Twitter this afternoon How to search for Office documents containing macros on a NAS This is a good idea to search for such documents as VBA macros are known to be a good infection vector and come back regularly in the news like the Rocket Kitten campaign My first Read More http://www.secuobs.com/revue/news/553702.shtmlhttp://www.secuobs.com/revue/news/553702.shtml Secuobs.com : 2014-12-31 17:21:33 - dev random - Waiting for the new year party, this is a last quick post in 2014 It s not the first time that I see a peak of rogue authentication requests against some of the WordPress websites But for a while, there is a constant flood of IP addresses trying to bruteforce the WordPress login page This kind of attack is very common and bots are constantly looking for weak Read More http://www.secuobs.com/revue/news/552528.shtmlhttp://www.secuobs.com/revue/news/552528.shtml Secuobs.com : 2014-12-23 01:04:19 - dev random - For me, Twitter is not only a social network, it s also a tool that I use daily to track and exchange news about information security with a large worldwide community of infosec profesionals For a while, Twitter is my main source of information When you are relying on a service like Twitter to collect information, you must have the right tools to handle the huge Read More http://www.secuobs.com/revue/news/551511.shtmlhttp://www.secuobs.com/revue/news/551511.shtml Secuobs.com : 2014-12-19 18:13:01 - dev random - There is a black market for vulnerabilities, nothing new with this fact A brand new 0-day can be sold for huge amounts of money The goal of this blog post is not to cover this market of vulnerabilities but the way some of them are disclosed today It s just a reflexion I had when reading some news about the Rompager 2014 is almost behind us and we Read More http://www.secuobs.com/revue/news/551113.shtmlhttp://www.secuobs.com/revue/news/551113.shtml Secuobs.com : 2014-12-15 18:17:17 - dev random - Here is a Python script that I developed for my personal use mime2vtpy I decided to release it because I think it could be helpful for many of you In 2012, I started a project called CuckooMX The goal was to automatically scan attachments in emails with Cuckoo to find for potential malicious files Unfortunately, the project never reached a milestone to use it smoothly Read More http://www.secuobs.com/revue/news/550250.shtmlhttp://www.secuobs.com/revue/news/550250.shtml Secuobs.com : 2014-12-06 01:12:41 - dev random - I m just back from Nancy and it s time to publish the wrap-up for the last day The last night was very short for most of the attendees 30 minutes before the first talk, the coffee room was almost empty This third started with A new look at Fast Flux proxy networks by Dhia Mahjoub from OpenDNS Hendrik Adrian was also involved in this research but he can t be present for Read More http://www.secuobs.com/revue/news/548756.shtmlhttp://www.secuobs.com/revue/news/548756.shtml Secuobs.com : 2014-12-05 02:11:35 - dev random - Here is my wrap-up for the second day Yesterday, we had a nice evening with some typical local food and wine then we went outside for a walk across the city of Nancy Let s go Paul Rascagnères kicked off the second day with a workshop about WinDbg debugger and some useful tips It started with Paul s questions like Who think it s a good idea to speak Read More http://www.secuobs.com/revue/news/548593.shtmlhttp://www.secuobs.com/revue/news/548593.shtml Secuobs.com : 2014-12-04 00:45:34 - dev random - Botconf is back for a second edition If the first one was held last year in Nantes, botnet fighters from many countries are back in Nancy to discuss again about botnets As the name says, Botconf is a security conference which focus only on botnets This is a very interesting topic because everybody was is will be infected and take part of a botnets The one who never found an Read More http://www.secuobs.com/revue/news/548381.shtmlhttp://www.secuobs.com/revue/news/548381.shtml Secuobs.com : 2014-11-25 21:33:34 - dev random - Just a link to my guest diary posted today on iscsansedu I briefly introduced a method to perform permanent vulnerability scanning of newly detected hosts The solution is based on OSSEC, ArpWatch and Nmap The article is here http://www.secuobs.com/revue/news/547249.shtmlhttp://www.secuobs.com/revue/news/547249.shtml Secuobs.com : 2014-11-21 23:30:10 - dev random - Here we go with a review of the last day As usual, the social event had huge impacts on some attendees but after coffee everything was almost back to normal The day started with Braden Thomas who presented Reverse engineering MSP 430 device or reverse engineering a real-estate lock box In US Canada, such devices are used by real-estate agencies to store the keys of homes Read More http://www.secuobs.com/revue/news/546733.shtmlhttp://www.secuobs.com/revue/news/546733.shtml Secuobs.com : 2014-11-21 01:39:40 - dev random - Here is my wrap-up for the second day of the conference NoSuchCon organised in Paris Where is the first wrap-up will you maybe ask Due to an important last minute change in my planning, I just drove to Paris yesterday evening and missed the first day This is the second edition of this French conference organised in Paris at the same place A very nice location even if the audio video Read More http://www.secuobs.com/revue/news/546540.shtmlhttp://www.secuobs.com/revue/news/546540.shtml Secuobs.com : 2014-11-14 18:35:49 - dev random - This morning, I retweeted a link to an article in Dutch published by a Belgian newspaper It looks that Belgian municipalities small as well as largest which do not properly secure their data could be fined in a near future Public services manage a huge amount of private data about us They know almost everything about our lifes Increasing the security around these data looks a very good Read More http://www.secuobs.com/revue/news/545538.shtmlhttp://www.secuobs.com/revue/news/545538.shtml Secuobs.com : 2014-11-10 19:35:12 - dev random - Here is a quick blogpost which might be helpful to the OpenVAS users OpenVAS is a free vulnerability scanner maintained by a German company Initiality, it was a fork of Nessus but today it has nothing in common with the commercial vulnerability scanners OpenVAS is a good alternative to commercial solutions when you need to deploy a vulnerability management process and you lack of a decent Read More http://www.secuobs.com/revue/news/544668.shtmlhttp://www.secuobs.com/revue/news/544668.shtml Secuobs.com : 2014-10-24 00:54:09 - dev random - The third day is over After the speaker dinner in a cool place and a very short night, I attended more talks today no workshops Let s go for the daily quick wrap-up The first talk was Internet scanning conducting research on 0 0 presented by Mark Schloesser from Rapid7 and is also a developer of the Cuckoo sandbox The topic focused on the IPv4 address space Read More http://www.secuobs.com/revue/news/542419.shtmlhttp://www.secuobs.com/revue/news/542419.shtml Secuobs.com : 2014-10-23 02:11:02 - dev random - The second day is over I m just back from a great speaker dinner in Esch s Alzette It s time to write a quick wrap-up There was again some Cisco forensics workshops on the schedule, that s why I was not able to attend all today s talks The second day opened with Marion Marshalek s keynote called TS NOFORM This title is derived from the document classification used by the Read More http://www.secuobs.com/revue/news/542216.shtmlhttp://www.secuobs.com/revue/news/542216.shtml Secuobs.com : 2014-10-22 01:21:44 - dev random - Hello Dear Readers, my agenda is quite hot at the moment, after attending BlackHat last week in Amsterdam, I m now in Luxembourg until Friday to attend the 10th edition of Hacklu The conference organized in Luxembourg has already reached a decade Congratulations to the organizers for the event that I m attending since 2008 It remained since the beginning in my favorite top-three for the following reasons nice Read More http://www.secuobs.com/revue/news/541872.shtmlhttp://www.secuobs.com/revue/news/541872.shtml Secuobs.com : 2014-10-18 00:14:33 - dev random - Yesterday evening, I had a nice dinner with awesome infosec folks We faced a massive Deny of Sushi attack but we survived So, I m just back from Amsterdam and here is my small wrap-up for the second BlackHat day My first choice was to attend a talk about IPv6 Antonio Atlasis, Enno Rey and Rafael Schaefer presented Evasion of high-end IDPS devices at the IPv6 Read More http://www.secuobs.com/revue/news/540995.shtmlhttp://www.secuobs.com/revue/news/540995.shtml Secuobs.com : 2014-10-17 01:32:40 - dev random - BlackHat is back in Amsterdam and here is my wrap-up for the first day It rained all my way to Amsterdam this morning but it will not prevent motivated people to join the Amsterdam RAI where is organised this 2014 edition of BlackHat Europe They moved from the center of the city to a bigger conference center Nice place, but far away from bars and restaurants Read More http://www.secuobs.com/revue/news/540709.shtmlhttp://www.secuobs.com/revue/news/540709.shtml Secuobs.com : 2014-10-01 00:11:27 - dev random - Once again, here is my quick review about the BruCON network that we deployed for our beloved attendees Yes, we are glad to take care of your packets during the conference Nothing changed since the last edition, we deployed the same network in the same venue with the same controls in place But this year, the biggest change was our brand new wall of sheep Read More http://www.secuobs.com/revue/news/537756.shtmlhttp://www.secuobs.com/revue/news/537756.shtml Secuobs.com : 2014-09-30 18:08:26 - dev random - When my friend Didier Stevens contacted me last year to help him with a BruCON 5 5 project, I simply could not decline Didier developed a framework to perform forensic investigations on Cisco routers His framework is called NAFT Network Appliance Forensic Tooklit It is written in Python and provides a good toolbox to extract juicy information from routers memory From a development point of view, Read More http://www.secuobs.com/revue/news/537646.shtmlhttp://www.secuobs.com/revue/news/537646.shtml Secuobs.com : 2014-09-29 21:53:20 - dev random - In April 2014, the Internet shivered when we faced the heartbleed bug in the OpenSSL library It makes lot of noise across the security community and was even covered by regular media Such issue could never happen again, right Never say never Last week, a new storm in the Internet with shellsock or best known as CVE-2014-6271 This new bug affects the bash UNIX shell The difference Read More http://www.secuobs.com/revue/news/537456.shtmlhttp://www.secuobs.com/revue/news/537456.shtml Secuobs.com : 2014-09-17 01:11:24 - dev random - No breaking news, nothing fancy in this quick blog post but it is worth to remember that security appliances can be a potential threat when deployed on your network For years, security appliances are the in thing On the paper, they are sexy you just plug a power cable, a network cable, 4 screws if you install them in a 19 rach under a table isn t the Read More http://www.secuobs.com/revue/news/535234.shtmlhttp://www.secuobs.com/revue/news/535234.shtml Secuobs.com : 2014-09-09 00:05:38 - dev random - For a while I left Dropbox and other cloud storage solutions and decided to host my own file exchange service based on owncloudorg I m using it to exchange files with my partners and customers and keep a full control of the service from A to Z A major advantage of ownCloud is its modular architecture which allows third party applications to be installed to extend its Read More http://www.secuobs.com/revue/news/533561.shtmlhttp://www.secuobs.com/revue/news/533561.shtml Secuobs.com : 2014-09-03 05:20:45 - dev random - A few weeks ago, I reviewed Georgia s book about penetration testing In the same topic pentesting , I was asked to review another one which focus on shell scripting using the bash shell Keith Makan is the author of Penetration Testing with the Bash Shell Bash is the default shell on many UNIX distributions and is also the primary interface between the operating system and the user when Read More http://www.secuobs.com/revue/news/532714.shtmlhttp://www.secuobs.com/revue/news/532714.shtml Secuobs.com : 2014-08-28 19:24:15 - dev random - It has been a while that I did not write an article on log management Here is a quick how-to about the integration of Check Point firewall logs into ELK For a while, this log management framework is gaining more and more popularity ELK is based on three core components ElasticSearch, Logstrack and Kibana Google is your best friend to find information about ELK But Read More http://www.secuobs.com/revue/news/532034.shtmlhttp://www.secuobs.com/revue/news/532034.shtml Secuobs.com : 2014-07-30 16:21:53 - dev random - Aaaaah Passwords Why write a blog article about them Everything has alreay been said about passwords Everybody hates them because they are hard to remember, because we should change it regularly, because we have way too much of them They are often present in security awareness campaign see the article introduction picture And despite this, people are still managing their passwords no matter how I Read More http://www.secuobs.com/revue/news/527618.shtmlhttp://www.secuobs.com/revue/news/527618.shtml Secuobs.com : 2014-07-30 13:06:26 - dev random - A few weeks ago I bought Georgia Weidman s book about penetration testing A Hands-On Introduction to Hacking Being overloaded by many projects, I finally finished reading it and it s now time to write a quick review Georgia is an awesome person There are not many recognized women in the information security landscape and Georgia is definitively one of them, I already met her a few times Read More http://www.secuobs.com/revue/news/527575.shtmlhttp://www.secuobs.com/revue/news/527575.shtml Secuobs.com : 2014-07-16 02:01:11 - dev random - Following the presentation that I made at the RMLL 2014 last week, I slightly changed my malware analysis setup The goal is to make it fully operational offline Indeed, today we are always on , Internet is everywhere and it s easy to get a pipe However, sometimes it s better to not send packets to the wild Internet, even more when playing with malwares We can be connected to a Read More http://www.secuobs.com/revue/news/525330.shtmlhttp://www.secuobs.com/revue/news/525330.shtml Secuobs.com : 2014-07-09 15:09:20 - dev random - I m just back from Montpellier where was organised the 2014 s edition of the RMLL Rencontres Modiales des Logiciels Libres or LSM in English Libre Software Meeting This is a huge event similar to the FOSDEM in Brussels where people who love free software exchange views, researches and make some networking The event location changes every year and this edition was organised in the south of Read More http://www.secuobs.com/revue/news/524377.shtmlhttp://www.secuobs.com/revue/news/524377.shtml Secuobs.com : 2014-06-28 01:15:34 - dev random - And we are back to the Disneyland conference centre for the second day of Hack in Paris It looks that the night was very short for many people who hacked all night long because the planning started with a delay The second keynote was presented by Jayson E Street Like Winn who presented the opening keynote yesterday, Jayson is a regular speaker and comes always Read More http://www.secuobs.com/revue/news/522648.shtmlhttp://www.secuobs.com/revue/news/522648.shtml Secuobs.com : 2014-06-26 21:12:24 - dev random - Today started the 2014 edition of Hack in Paris, a French security conference held in Disneyland Resort Paris a very nice place for such kind of event The conference started with a sunny sky over the conference centre in the New York hotel I arrived just in time to register and to grab some coffee Here is my wrap-up for the first day Happy Read More http://www.secuobs.com/revue/news/520915.shtmlhttp://www.secuobs.com/revue/news/520915.shtml Secuobs.com : 2014-05-30 19:30:10 - dev random - And here is the second day wrap-up The day started with a sunny sky over Amsterdam After a breakfast and a chat with the Help Net Security team, we moved to the rooms Like yesterday, the main stage is dedicated to women for two keynotes The first one should be Pamelo Fusco with her keynote title Behind the Crosswire but she never arrived No news Read More http://www.secuobs.com/revue/news/516342.shtmlhttp://www.secuobs.com/revue/news/516342.shtml Secuobs.com : 2014-05-30 01:41:03 - dev random - I m in Amsterdam for the next two days to attend the new edition of Hack In The Box This is a special edition with many improvements First, it s the fifth edition already and the location changed to De Beurs van Berlage , a very nice place in the center of the city Second, the normal conference is also held alongside with HITB Haxpo, a technology and Read More http://www.secuobs.com/revue/news/516202.shtmlhttp://www.secuobs.com/revue/news/516202.shtml Secuobs.com : 2014-05-24 19:26:55 - dev random - If we can put the business and some fun together, so why the hesitation For a while, I m playing with flying toys I already played with different models of RC helicopters and recently, I switched to another category I bought a quadcopter The idea to mix the technology of drones with WiFi audits popped up in my mind for a while First of all, this is not something news Read More http://www.secuobs.com/revue/news/515329.shtmlhttp://www.secuobs.com/revue/news/515329.shtml Secuobs.com : 2014-05-22 11:51:09 - dev random - With a little delay, here is my wrap-up of the last OWASP Belgium chapter meeting It was held at NVISO, an information security company located in Brussels which is known for its ApkScan tool After some pizzas, drinks and chats with peers, two speakers came on stage Amongst known faces, a lot of new people were present That s good to have fresh blood in such events Read More http://www.secuobs.com/revue/news/514900.shtmlhttp://www.secuobs.com/revue/news/514900.shtml Secuobs.com : 2014-05-19 20:49:00 - dev random - In a previous post, I spoke about the importance of the context during a pentest In a recent project, I faced a situation similar to airplane crashes Let me explain this Despites the fact that the crash of an airplane results sometimes in a huge amount of deaths once, airplaines can be considered as safe Statistically, flying is less dangerous than driving to the airport with your car Read More http://www.secuobs.com/revue/news/514304.shtmlhttp://www.secuobs.com/revue/news/514304.shtml Secuobs.com : 2014-05-12 23:52:51 - dev random - Warning In a few weeks, hackers will be back in Disney Land Resort Paris for two events Hack in Paris and La Nuit du Hack I should be present to both events to do some live coverage and write wrap-up s The two agenda have been published here here In the mean time, the organizers kindly give me some gifts for my readers The first event is Read More http://www.secuobs.com/revue/news/513142.shtmlhttp://www.secuobs.com/revue/news/513142.shtml Secuobs.com : 2014-04-29 23:31:17 - dev random - The fourth edition of BSidesLondon is already over I remember the first one in 2011, things have changed Year after yesar, it looks more and more professional As usual, here is my quick wrap-up I arrived a bit late due to a strike in the London tube Bad timeing but it s not a strike which will prevent hackers to meet According to a tweet from Read More http://www.secuobs.com/revue/news/510999.shtmlhttp://www.secuobs.com/revue/news/510999.shtml Secuobs.com : 2014-04-22 18:41:02 - dev random - Heartbleed Probably one of the top queries typed in search engines for a few weeks Of course, I followed the story but I did not blog yet about it until today Why repeat again and again what has been said Some bloggers and analysts wrote very good overviews about this modern nightmare The bug was even covered as a breaking news by medias Some of Read More http://www.secuobs.com/revue/news/509630.shtmlhttp://www.secuobs.com/revue/news/509630.shtml Secuobs.com : 2014-04-21 22:16:30 - dev random - I spent the end of the week somewhere in Switzerland to attend a nice security event called DahuCon or perhaps not Who knows The event was organized by two Swiss guys They successfully attracted 50 security professionals to a very nice place Attendees came from Switzerland, France, Germany, Austria and Belgium of course only with a personal invitation The challenge was not to bring them all Read More http://www.secuobs.com/revue/news/509469.shtmlhttp://www.secuobs.com/revue/news/509469.shtml Secuobs.com : 2014-04-14 21:50:12 - dev random - During a penetration test, I had to execute specific commands against some IP networks Those networks were represented under the CIDR form network subnet Being a lazy guy, I spent some time to write a small Python script to solve this problem The idea was based on the xargs UNIX command which is used to build complex command lines From the xargs man page xargs reads Read More http://www.secuobs.com/revue/news/508231.shtmlhttp://www.secuobs.com/revue/news/508231.shtml Secuobs.com : 2014-04-11 12:33:50 - dev random - More and more companies organize security awareness trainings for their team members With the growing threats faced by people while using their computers or any connected device, it is definitively a good idea The goal of such trainings is to make people open their eyes and change their attitude towards security If the goal of an awareness training is to change the attitude of people, why Read More http://www.secuobs.com/revue/news/507758.shtmlhttp://www.secuobs.com/revue/news/507758.shtml Secuobs.com : 2014-04-08 07:51:09 - dev random - Tuesday 8th of April 2014, a page of the computer industry has been turned Windows XP is dead Of course, I had to write a blog post about this event For months now, Microsoft warned its customers that XP won t be supported starting from today Do you remember Windows XP was available on floppies and had in the beginning no native USB support What does Read More http://www.secuobs.com/revue/news/506951.shtmlhttp://www.secuobs.com/revue/news/506951.shtml Secuobs.com : 2014-03-25 22:05:55 - dev random - Just before the announce of the Full-Disclosure shutdown a few days ago, a thread generated a lot of traffic and finally turned into a small flame war In the beginning of the month, a security researcher reported a vulnerability found on Youtube According to him, the Google service was suffering of a file upload vulnerability Reading such kind of post is juicy Accepting files sent by Read More http://www.secuobs.com/revue/news/504826.shtmlhttp://www.secuobs.com/revue/news/504826.shtml Secuobs.com : 2014-03-21 00:52:42 - dev random - Today, Brian Honan announced on his blog the second European edition of the Security Bloggers Awards In a few weeks, many infosec guys will join London to attend BSidesLondon and or InfoSecurity Europe This is the perfect time to organize a meet-up on Wednesday 30rd April Security bloggers are welcome to have drinks and chats in a relaxed atmosphere Bad timing for me, I won t be able Read More http://www.secuobs.com/revue/news/504093.shtmlhttp://www.secuobs.com/revue/news/504093.shtml Secuobs.com : 2014-03-19 18:01:49 - dev random - Sad news received today, a last message was posted in the Full-Disclosure mailing-list John Cartwright, one of the founder and owner, anounced the end of the list copy here Personally, I subscribed in December 2006 more than seven years ago I was a passive reader but learned so many interesting stuff I was surprised to read John s announce but I can fully understand and respect his Read More http://www.secuobs.com/revue/news/503804.shtmlhttp://www.secuobs.com/revue/news/503804.shtml Secuobs.com : 2014-03-12 00:02:57 - dev random - All modern Unix operating systems provide softwares as packages I remember the good old times in the 90s when you had to compile all the applications from their source code Compiling source code has advantages you enable only the features you need and perform configuration tweaks as you want But it s also a pain to manage dependencies You should have all the required libraries and Read More http://www.secuobs.com/revue/news/502375.shtmlhttp://www.secuobs.com/revue/news/502375.shtml Secuobs.com : 2014-03-10 17:00:41 - dev random - In a previous post, I explained how I was happy to have been targeted by Indian phishers who called me to report an issue with my Windows computer Last Saturday they called back This time, my VM was ready but I had no time for them I asked if it was possible to call me back later and they approved This morning, they called back Read More http://www.secuobs.com/revue/news/502078.shtmlhttp://www.secuobs.com/revue/news/502078.shtml Secuobs.com : 2014-03-03 20:16:39 - dev random - I m a Cuckoo user for a long time therefore it was a good opportunity to read the book Cuckoo Malware Analysis and write a quick review The book is published by Packt Publishing For the readers who don t know what Cuckoo is, here is a brief introduction Malwares are a real pain today Just by visiting a website or by opening a file attached to Read More http://www.secuobs.com/revue/news/500865.shtmlhttp://www.secuobs.com/revue/news/500865.shtml Secuobs.com : 2014-02-27 17:08:22 - dev random - You know what I m happy and proud to have received my first call from the Microsoft Support When I came back at home, there was already three missed calls on my private line, all of them from a strange number 001453789410 A few minutes later, the phone started to ring again I picked up the phone and, amongst the noise of a call-center, I heard Read More http://www.secuobs.com/revue/news/500264.shtmlhttp://www.secuobs.com/revue/news/500264.shtml Secuobs.com : 2014-02-21 00:37:10 - dev random - Logs We will never get rid of them It s a pain to manage them from a technical point of view but collecting events and using them can also introduce more issues in companies from a legal point of view Tonight, an ISACA Belgium Chapter meeting was organised within the context of the Open Privacy Forum If log management remains a hot topic, the legal issues could Read More http://www.secuobs.com/revue/news/499028.shtmlhttp://www.secuobs.com/revue/news/499028.shtml Secuobs.com : 2014-02-13 00:29:38 - dev random - Tonight was organized the first OWASP Belgium Chapter of the year Two speakers were invited, George Danezis and Jim Manico Same place, same faces and classic introduction by Seba with news about the OWASP foundation and the local chapter Did you know that the chapter had ten years old last year Congratulations Here is my quick wrap-up The first speaker was George with a presentation Read More http://www.secuobs.com/revue/news/497560.shtmlhttp://www.secuobs.com/revue/news/497560.shtml Secuobs.com : 2014-02-10 09:30:35 - dev random - For a while, malwares are in front of the security stage and the situation is unlikely to change in the coming months When I give presentations about malwares, I always like to report two interesting statistics in my slides They come from the 2012 Verizon DBIR In 66pourcents of investigated incidents, detection was a matter of months or even more and 69pourcents of data breaches are Read More http://www.secuobs.com/revue/news/496830.shtmlhttp://www.secuobs.com/revue/news/496830.shtml Secuobs.com : 2014-02-06 22:31:55 - dev random - When talking about security to small companies the SME market as the business says their reaction is often Me Why should I care I m so small and my business is not relevant for cyber-criminals This is a big fail As a proof, I like to ask them for a top-10 or top-20 of their customers There are chances that a big name will Read More http://www.secuobs.com/revue/news/496439.shtmlhttp://www.secuobs.com/revue/news/496439.shtml Secuobs.com : 2014-02-06 02:40:07 - dev random - If there is a gold principle in IT, that s the one called KISS Keep It Simple and Stupid It says that systems will work best if they are kept simple rather than complex Simplicity must be a key goal during the design phase This sounds logical Keep in mind that information systems must be maintained, patched, debugged, monitoring When a problem will occur and that Read More http://www.secuobs.com/revue/news/496209.shtmlhttp://www.secuobs.com/revue/news/496209.shtml Secuobs.com : 2014-02-01 00:23:46 - dev random - Today, the second edition of Security Friday was held in Brussels As mentioned on the website, the goal is a gathering of people in the IT security field Getting together for a drink on the last Friday of the month in a bar near you we talk amongst peers about IT security, non-tech hobbies, favorite beers, and much more I like such initiatives because sharing Read More http://www.secuobs.com/revue/news/495402.shtmlhttp://www.secuobs.com/revue/news/495402.shtml Secuobs.com : 2014-01-15 21:56:40 - dev random - This is not new but it still happens in 2014 Hijacking a website with just a small e-mail Here are the facts For a while, I m hosting a friend s website His website is quite old and it already moved from servers to servers depending on my deployed infrastructure A few weeks ago, I notified my friend that a new change should occur asap The website Read More http://www.secuobs.com/revue/news/491836.shtmlhttp://www.secuobs.com/revue/news/491836.shtml Secuobs.com : 2014-01-13 22:22:58 - dev random - We are already in 2014 for a few days and this is my first blog post for this year So, let me wish you a wonderful 2014 for you and you family Let s start with a quick post about building IP addresses reputation list This topic was discussed on a mailing list today Where to find good sources for IP reputation services Indeed, IP addresses Read More http://www.secuobs.com/revue/news/491355.shtmlhttp://www.secuobs.com/revue/news/491355.shtml Secuobs.com : 2013-12-20 17:26:48 - dev random - I received a copy of a new book published by Packt publishing about mobile security As mobile devices are more and more targeted by attackers, it was a good idea to publish a book on this hot topic Written by a group of people working for IBM, the book covers a broad range of topics that can be grouped in two main sections A review Read More http://www.secuobs.com/revue/news/487718.shtmlhttp://www.secuobs.com/revue/news/487718.shtml Secuobs.com : 2013-12-18 03:05:01 - dev random - We are already very close to the EOY and we are all expecting the Christmas break in a few days Tonight, the last OWASP Belgium chapter meeting for 2013 was organised with the help of another local chapter which was created in 2013 the ISC2 one Thanks to the F5 Belgium team who sponsored the pizzas Two very interesting presentations tonight about browser or more Read More http://www.secuobs.com/revue/news/487047.shtmlhttp://www.secuobs.com/revue/news/487047.shtml Secuobs.com : 2013-12-11 23:15:19 - dev random - Yesterday a new trend started on Twitter with the hashtag FiveWordTechHorrors I don t know exactly who started it and why but it became quickly relayed and populated by many people working in IT Everybody started to report some horror stories of ideas in all IT domains security, development, hardware, software, etc It was really viral and, honestly, I had a good laugh while reading some Read More http://www.secuobs.com/revue/news/485773.shtmlhttp://www.secuobs.com/revue/news/485773.shtml Secuobs.com : 2013-12-09 23:00:18 - dev random - A few days ago, I attended an event organized by the Chamber of Commerce in Belgium ICC Belgium and the Federation of Enterprises FEB to announce with great ceremony the release of the first Belgian Cyber Security Guide Honestly, this is a great initiative In the audience, many many infosec professionals were present but not many business owners That s not a surprise Ok, I ll mitigate, it s also Read More http://www.secuobs.com/revue/news/485221.shtmlhttp://www.secuobs.com/revue/news/485221.shtml Secuobs.com : 2013-12-07 20:24:26 - dev random - I m back in Belgium after driving a few hours back to Belgium and it s time to give you my wrap-up of the second day After a short night, we were back at the Chamber of Commerce in Nantes The venue was located closed to the Maillé-Brézé , an old French military boat converted into a museum For some of the attendees, the night was very short, Read More http://www.secuobs.com/revue/news/484921.shtmlhttp://www.secuobs.com/revue/news/484921.shtml Secuobs.com : 2013-12-06 02:35:53 - dev random - I m in Nantes France for two days to attend a new conference Botconf As the name says, this event is dedicated to botnets and malwares The goal is to present talks about those malicious network of computers, how to detect them, how to fight them and, finally, eradicate them I received a press pass thank to the organizers , so here is the wrap-up of the Read More http://www.secuobs.com/revue/news/484612.shtmlhttp://www.secuobs.com/revue/news/484612.shtml Secuobs.com : 2013-11-30 01:02:52 - dev random - I m just back from Amsterdam where was organized the 5th edition of the OWASP Benelux Day This was already my third visit to this event and I finished my Benelux Tour Luxembourg in 2011, Belgium in 2012 and the Netherlands this year The location was very nice, the Amsterdam RAI is a ver nice location for events but also expensive The event was reduced to Read More http://www.secuobs.com/revue/news/483632.shtmlhttp://www.secuobs.com/revue/news/483632.shtml Secuobs.com : 2013-11-28 11:21:51 - dev random - Do you remember the good old times When I put my hands on my first firewall somewhere around 1997-1998 wow, time flies , it was to kick out all the bad guys playing on the Internet And, at this epoch, not all firewalls had a default last-resort rule like Any Any Drop Later, the infosec landscape highlighted the wonderful security perimeter Your network was Read More http://www.secuobs.com/revue/news/483416.shtmlhttp://www.secuobs.com/revue/news/483416.shtml Secuobs.com : 2013-11-27 11:29:09 - dev random - A few days ago, I wrote a blog post about a Python script that I use with the new Amazon CloudTrail feature to grab logs from my Amazon cloud services Because we use more and more cloud services in our digital life, the same principle should apply to all our online services Recently, GitHub suffered of a brute force attack against accounts with weak passwords Read More http://www.secuobs.com/revue/news/483259.shtmlhttp://www.secuobs.com/revue/news/483259.shtml Secuobs.com : 2013-11-15 13:02:10 - dev random - The Amazon conference re Invent is taking place in Las Vegas at the moment For a while, I m using the Amazon cloud services EC2 mainly to run lab and research systems Amongst the multiple announcements they already made during the conference, one of them caught my attention CloudTrail Everything has already been said over the pro con of cloud computing But one of them is Read More http://www.secuobs.com/revue/news/481193.shtmlhttp://www.secuobs.com/revue/news/481193.shtml Secuobs.com : 2013-11-05 22:33:04 - dev random - For once, this article is not directly related to infosec My blog isn t called dev random for nothing, right In parallel to my dayly job as an Information Security Consultant and my blogger experience at night, I m also doing business via my own company, TrueSec Feel free to contact me if you re looking for consultancy services For a while, I m using OpenERP to keep track of my Read More http://www.secuobs.com/revue/news/479203.shtmlhttp://www.secuobs.com/revue/news/479203.shtml Secuobs.com : 2013-10-24 19:27:20 - dev random - This is already the last day We started again at 08 30 with a talk about IP cameras Do you know who s watching you An in-depth examination of IP cameras attack surface by Francisco Falcon Nahuel Riva This isn t the first time that IP cameras are used as targets for a talk What was the motivation for this presentation Found vulnerabilities in small cameras used Read More http://www.secuobs.com/revue/news/476876.shtmlhttp://www.secuobs.com/revue/news/476876.shtml Secuobs.com : 2013-10-23 19:59:14 - dev random - And we are back for the 2nd wrap-up already Today, we had a very bad weather it rained all night long but we had interesting and complex talks The first one was presented by Inbar Raz who talked about Physical in security It s not all about Cyber Inbar is malware researcher at Checkpoint He was already invited as a speaker last year and Read More http://www.secuobs.com/revue/news/476587.shtmlhttp://www.secuobs.com/revue/news/476587.shtml Secuobs.com : 2013-10-22 20:24:34 - dev random - Here is the first wrap-up of hacklu 2013 edition I m wearing today the t-shirt from 2008, this is already my sixth edition As usual, the event started with a bunch of workshops I attended the one presented by Matt and Kacper Why about Scapy I did not event a deep knowledge of this packet manipulation tool Not only, you can create, capture or manipulate packets Read More http://www.secuobs.com/revue/news/476355.shtmlhttp://www.secuobs.com/revue/news/476355.shtml Secuobs.com : 2013-10-18 20:03:56 - dev random - For a few days, I switched from DropBox to ownCloud and I m now playing more with the available apps Besides the privacy context, ownCloud seduced me with its add-on feature Is it possible to install external plug-ins called apps to add new or improve native features Of course, downloading and enabling apps read code written by 3rd parties in your applications can be risky, keep Read More http://www.secuobs.com/revue/news/475688.shtmlhttp://www.secuobs.com/revue/news/475688.shtml Secuobs.com : 2013-10-17 10:41:12 - dev random - A quick blog post about the risks associated with shared hosting solutions Today it s very easy to rent some space on the intertubes They are tons of companies which give you some gibabytes of storage and bandwidth for a few bucks per month It s easy as 1-2-3, even Granny is able to open a website Today, a web presense is a business requirement for most Read More http://www.secuobs.com/revue/news/475319.shtmlhttp://www.secuobs.com/revue/news/475319.shtml Secuobs.com : 2013-10-15 18:26:14 - dev random - There is one fact with humans once they took some habits in this case bad habits , it s very difficult to ask them change their behavior It s even true in information security Today, we have access to plenty of awesome online applications which help us in our day-to-day activities Thank to the web 20 and the cloud , we don t need to deploy local resources For Read More http://www.secuobs.com/revue/news/474749.shtmlhttp://www.secuobs.com/revue/news/474749.shtml Secuobs.com : 2013-10-08 23:36:09 - dev random - I m just back from the first OWASP Belgium Chapter meeting since the holidays are over This was already the third event in 2013 The next event will be scheduled in December This time, two great speakers were present The first one was Giorgio Maone who presented NoScript for Developers Giorgio is the author of NoScript For sure, you already heard some good feedbacks about this very popular Firefox extension Read More http://www.secuobs.com/revue/news/473377.shtmlhttp://www.secuobs.com/revue/news/473377.shtml Secuobs.com : 2013-10-03 01:50:17 - dev random - During the last BruCON edition, I grabbed some statistics about the network usage of our visitors Every years, I generate stats like the operating systems types, the top-used protocols, the numbers of unique MAC addresses, etc But this year, we also collected all traffic from the public network By public , I mean the free Wi-Fi offered to visitors during the two days The result was Read More http://www.secuobs.com/revue/news/472237.shtmlhttp://www.secuobs.com/revue/news/472237.shtml Secuobs.com : 2013-09-29 13:44:00 - dev random - BruCON 0 05 is already over What an exciting week After months of preparation, the event went very smoothly without big issues Here is my quick wrap-up This time, it s not a wrap-up about the talks I don t have time to follow them, keeping an eye on the network all the time during the conference As I like to say A network is like milk on a Read More http://www.secuobs.com/revue/news/471447.shtmlhttp://www.secuobs.com/revue/news/471447.shtml Secuobs.com : 2013-09-18 22:30:07 - dev random - With the recent buzz arround the pwnage of the fist Belgian telco operator, media are again surfing the wave of cyber- threatscriminalityespionage They know that, today, an article with the word cyber in the title will attract more people Usually, I try to not trust or at least to be very careful with the stories reported by media When I see how they treat a subject that I understand, Read More http://www.secuobs.com/revue/news/469484.shtmlhttp://www.secuobs.com/revue/news/469484.shtml Secuobs.com : 2013-09-18 00:47:11 - dev random - Today, we have powerful tools to take care of our logs There are plenty of solutions to collect and process them in multiple ways to make them more valuable Of course, I have one of those tools to process my logs However, I m still often using the old good tail -f grep combination to track interesting events live on a UNIX system This is Read More http://www.secuobs.com/revue/news/469249.shtmlhttp://www.secuobs.com/revue/news/469249.shtml Secuobs.com : 2013-09-09 23:10:29 - dev random - Blogs are made to provide valuable content to readers well, I hope for my readers This time, nothing related to security though Recently, I built a new virtualization platform at home based on XenServer 62 Why the Citrix solution Just because the box has 72GB of memory and the free version of VMware cannot address more than 36GB of physical memory so good bye VMware After the Read More http://www.secuobs.com/revue/news/467524.shtmlhttp://www.secuobs.com/revue/news/467524.shtml Secuobs.com : 2013-08-29 00:16:13 - dev random - BruCON is fast approaching In a few weeks, hackers will invade the center of Ghent This year, we will celebrate the fifth edition of this conference Already five years and our motivation remained the same, even more, it increased I m speaking here about myself but I m sure that my colleagues have the same feeling This year, instead of a CTF organized by the HexFactor during Read More http://www.secuobs.com/revue/news/465533.shtmlhttp://www.secuobs.com/revue/news/465533.shtml Secuobs.com : 2013-08-28 10:57:11 - dev random - Yesterday, I went to bed very late after writing some documentation Everythink looked quite on the Intertubes A last check on my Twitter timeline and I felt quickly asleep This morning, I woke up and started my daily ritual Coffee, mail, RSS feeds, Coffee, Twitter timeline Wooow Did I miss something The night was eventful We were flooded by information about attacks against amongst many Read More http://www.secuobs.com/revue/news/465369.shtmlhttp://www.secuobs.com/revue/news/465369.shtml Secuobs.com : 2013-08-25 11:21:44 - dev random - The guys from Packt Publishing asked me to review a new book from their Instant collection OSSEC Host-Based Intrusion Detection This collection proposes books with less than 100 pages about multiple topics The goal is to go straight forward to the topic OSSEC being one of my favorite application, I could not miss this opportunity The book author is Brad Lhotsky, a major contributor to the Read More http://www.secuobs.com/revue/news/464840.shtmlhttp://www.secuobs.com/revue/news/464840.shtml Secuobs.com : 2013-08-23 15:22:50 - dev random - Social networks are wonderful sources of information when you need to collect data about a potential target That s the way humans work, just like you and me we like to share, we like to show what we do, where we travel In short we exist During some projects, it s very useful to build a tree or chart with people inside the organization some kind of Read More http://www.secuobs.com/revue/news/464616.shtmlhttp://www.secuobs.com/revue/news/464616.shtml Secuobs.com : 2013-07-29 10:53:59 - dev random - For a while, DDoS are back on stage and one of the classic techniques still used today is the DNS Amplification attack I won t explain again the ins and outs, there are plenty of websites available which describe it like the good article from CERTbe This type of attack is well-known and can be fixed in one click or by changing one line on a Read More http://www.secuobs.com/revue/news/459743.shtmlhttp://www.secuobs.com/revue/news/459743.shtml Secuobs.com : 2013-07-18 12:07:47 - dev random - I don t know if you already noticed but it looks to be a never-ending story Companies got pwned and data leaked on the Internet pastebincom Then starts the game of press releases Most companies try to reduce the impact of the breach they suffered and it looks like Holliwood movies with animals involved in stunt scenes No Animals Were Harmed in the Making of This Read More http://www.secuobs.com/revue/news/457698.shtmlhttp://www.secuobs.com/revue/news/457698.shtml Secuobs.com : 2013-07-11 20:16:48 - dev random - A few days weeks ago, I wrote a blog post link about a unsuccessful WordPress bruteforce attack agains this site I captured the attackers traffic in a big pcap file It was a good opportunity to perform a quick analysis to try to extract some statistics Here follow more details about the attackers I extracted the offending IP addresses 15K and fired a big Nmap Read More http://www.secuobs.com/revue/news/456440.shtmlhttp://www.secuobs.com/revue/news/456440.shtml Secuobs.com : 2013-07-09 21:38:44 - dev random - Lot of Belgian newspapers and sites reported today Example of article - in French that a project of law will be discussed soon deriving from the EU Data Retention Directive to request providers of telecommunications Internet Mobile services to keep a trace of electronic communications Wait, the article should say will be discussed again soon , Belgium being very slow to address this topic I m not a Read More http://www.secuobs.com/revue/news/455528.shtmlhttp://www.secuobs.com/revue/news/455528.shtml Secuobs.com : 2013-07-04 00:25:31 - dev random - Today I read an interesting document which landed into my mailbox It s about a call for proposals initiated by the European Commission Home Affairs DG The document was a CFP Call For Participation part of the programme called Prevention, Preparedness and Consequence Management of Terrorism and other Security related Risks for the Period 2007-2013 called the CIPS Programme Here is a quoted definition extracted from the descriptive Read More http://www.secuobs.com/revue/news/455358.shtmlhttp://www.secuobs.com/revue/news/455358.shtml Secuobs.com : 2013-07-01 23:54:35 - dev random - Do you remember the Pass The Bomb game All kids played this game at least once The principle is simple and funny There is bomb which is programmed to explode after a random time Players must pass the bomb from hand to hand and say a new word which must contain letters from a chosen card The player who has the bomb when it explodes loses Read More http://www.secuobs.com/revue/news/454861.shtmlhttp://www.secuobs.com/revue/news/454861.shtml Secuobs.com : 2013-06-26 23:46:50 - dev random - A reflexion about the multiple SIEM Security Information and Event Management products available on the market I m currently working with a customer on a big SIEM implementation in an environment that must be PCI compliant and integrates a multitude of devices coming from non-heterogenous security vendors big-players Security visualization being one of my favorite topics, people often ask me what the best-SIEM-solution-ever or I m contacted Read More http://www.secuobs.com/revue/news/453887.shtmlhttp://www.secuobs.com/revue/news/453887.shtml Secuobs.com : 2013-06-23 09:09:05 - dev random - My clock tower is completed I left home yesterday at 6AM to Disneyland Ressort Paris and I m just back at 6AM It s too late to go to bed so I finished to write my Nuit du Hack wrap-up This was the first time I attended this event During the last years, I always attended Hack in Paris which is organised at the same place the Read More http://www.secuobs.com/revue/news/453100.shtmlhttp://www.secuobs.com/revue/news/453100.shtml Secuobs.com : 2013-06-20 18:50:58 - dev random - Connecting a server to the Intertubes is like connecting it to the wild There are plenty of bots thousands millions scanning IP addresses for vulnerable services Once a service is enabled on an IP address, you don t have to wait a long time before detecting incoming traffic One of the most common ports is HTTP 80 There are plenty of outdated or unpatched applications still Read More http://www.secuobs.com/revue/news/452688.shtmlhttp://www.secuobs.com/revue/news/452688.shtml Secuobs.com : 2013-06-18 01:58:32 - dev random - Convergence isn t a new fact in information security For a while, we re speaking about security convergence while two, at the beginning, distinct principles or functions are mixed to tend toward or achieve union or a common conclusion or result as defined by Wikipedia A good example is the combination of physical and logical security controls to improve the authentication and authorization processes, we can use Read More http://www.secuobs.com/revue/news/451985.shtmlhttp://www.secuobs.com/revue/news/451985.shtml Secuobs.com : 2013-06-10 23:02:02 - dev random - For most organizations, security has a huge impact on budgets except if you re called the NSA and must deploy a massive surveillance program Every time you need money, you have to fight with your boss or finance guys to get some bucks after explaining why a new piece of software, appliance or consultant will help you to improve the security of their data But sometimes, Read More http://www.secuobs.com/revue/news/450580.shtmlhttp://www.secuobs.com/revue/news/450580.shtml Secuobs.com : 2013-06-06 23:52:01 - dev random - I m back from the last OWASP Belgium chapter meeting Here is a quick wrap-up Classic scenario, the event started with Seba who gave some updates about the OWASP foundation Today s event was part of a bigger one called the OWASP European Tour During a few weeks, all European chapters organise a local event There is also a CTF organised Some interesting new projects where Read More http://www.secuobs.com/revue/news/449920.shtmlhttp://www.secuobs.com/revue/news/449920.shtml Secuobs.com : 2013-06-03 17:11:20 - dev random - Last week, a vulnerability regarding Apache was disclosed More precisely, the issue was located on the mod_rewrite module This module rewrites now, you understand its name URLs on the fly This is very useful during web page migrations, attacks migitations etc The security flaw does not affect the core feature of this module but the way it writes events in the Apache log file The Read More http://www.secuobs.com/revue/news/449053.shtmlhttp://www.secuobs.com/revue/news/449053.shtml Secuobs.com : 2013-05-24 20:58:25 - dev random - I m writing this wrap-up from the Dublin airport, waiting my flight back to Belgium This new edition of SOURCE is already over What did we learn today This second day started with Vincenzo Lozzo s keynote Lorenzo gave first, some facts From an economic point of view, Internet will generate nice business in the coming years 2012 60B, in 2016 86B according to Gartner Another Read More http://www.secuobs.com/revue/news/447620.shtmlhttp://www.secuobs.com/revue/news/447620.shtml Secuobs.com : 2013-05-24 11:16:11 - dev random - I flew on Wednesday evening to Dublin, Ireland to attend the SOURCE conference previously, it was organised in Barcelona The conference was held in the Trinity College, in the centre of the city This is a really nice place where we slept in student bedrooms a kot like we say in Belgium , this reminded my good old years as a student Nice atmosphere The first Read More http://www.secuobs.com/revue/news/447498.shtmlhttp://www.secuobs.com/revue/news/447498.shtml Secuobs.com : 2013-05-18 00:04:58 - dev random - There are so many security conferences around the world Some people already debated about this Is it better to restrict the annual agenda to well-known events or let people start their own IMHO, we need initiatives like this It s good to have a broad agenda with local conferences where local people can attend without spending huge amounts of money for travels and lodging If you Read More http://www.secuobs.com/revue/news/446227.shtmlhttp://www.secuobs.com/revue/news/446227.shtml Secuobs.com : 2013-05-13 18:02:38 - dev random - FIM or File Integrity Monitoring can be defined as the process of validating the integrity of operating system and applications files with a verification method using a hashing algorythm like MD5 or SHA1 and then comparing the current file state with a baseline A hash will allow the detection of files content modification but other information can be checked too owner, permissions, modification time Implemeting file integrity monitoring is Read More http://www.secuobs.com/revue/news/445094.shtmlhttp://www.secuobs.com/revue/news/445094.shtml Secuobs.com : 2013-05-09 00:01:39 - dev random - Today, disk space is not an issue for most of us I remember when my father came back at home with my first hard drive 80MB for my Amiga in the Nineties My reaction was Wow, we will never fill it Today, if I make a sum of all my storage at home, I m above 10TB And I m sure that I will have to add Read More http://www.secuobs.com/revue/news/444315.shtmlhttp://www.secuobs.com/revue/news/444315.shtml Secuobs.com : 2013-05-06 23:38:07 - dev random - Everybody already faced the same situation Children like to compare with each others Put kids in the same room and let them play Comparisons will start soon My dad has a bigger car than yours , My plane flies better than yours , I can run faster than you , etc Sometimes, I m feeling exactly the same during conversations about infosec products and I m pissed of this My Read More http://www.secuobs.com/revue/news/443832.shtmlhttp://www.secuobs.com/revue/news/443832.shtml Secuobs.com : 2013-04-25 01:25:04 - dev random - This was already the third edition of BSidesLondon today Time flies Being busy yesterday, I just reached London in the morning and arrived just in time for the administrative tasks registration, pick-up a t-shirt, goodies , grabbing some coffee and shaking some hands BSidesLondon is definitively growing in size and quality A huge number of attendees, http://www.secuobs.com/revue/news/441695.shtmlhttp://www.secuobs.com/revue/news/441695.shtml Secuobs.com : 2013-04-22 18:39:57 - dev random - The last weekend, an ethical hacking event was organised in Belgium The Hacknowledge Contest joined Charleroi and was hosted at the CPEHN This event was previously organised only in France thanks to the initiative of the ACISSI Last year, they decided to open their challenges to other countries The current list of participating countries is http://www.secuobs.com/revue/news/441051.shtmlhttp://www.secuobs.com/revue/news/441051.shtml Secuobs.com : 2013-04-19 18:59:15 - dev random - A quick post to share with you my feedback about an issue I faced after a SET Social Engineering Toolkit upgrade to the latest version 503 SET is a wonderful tool that you must master I m using SET on a EC2 instance because it does not interfere with my other IP addresses and I can http://www.secuobs.com/revue/news/440672.shtmlhttp://www.secuobs.com/revue/news/440672.shtml Secuobs.com : 2013-04-17 15:05:28 - dev random - Dear readers, I ve some gifts for you I m very proud and surprised to have been nominated to the European Security Bloggers Awards in two categories Best Personal Security Blog and Best Security EU Twitter To thank you for these nominiations and first of all for reading following me , I ve some tickets to distribute for two nice security http://www.secuobs.com/revue/news/439995.shtmlhttp://www.secuobs.com/revue/news/439995.shtml Secuobs.com : 2013-04-15 18:21:23 - dev random - I m not a number, I m a free man said Number 6 in the serie called The Prisoner for the oldest amongst us The serie was broadcasted in the Sixties but we have to admit that, still today, we are only numbers And this will be worse in the coming years Personally, I m not against being http://www.secuobs.com/revue/news/439557.shtmlhttp://www.secuobs.com/revue/news/439557.shtml Secuobs.com : 2013-04-11 18:53:38 - dev random - And we are back for a second day full of fun and pwnage It was a rainy day on Amsterdam today but water will not prevent hackers to meet again I joined the hotel for the breakfast in time The keynote to open the second day was presented by Bob Lord, Director of Information Security http://www.secuobs.com/revue/news/438953.shtmlhttp://www.secuobs.com/revue/news/438953.shtml Secuobs.com : 2013-04-10 23:00:17 - dev random - I back in Amsterdam for the third time this month Today, it is to participate to the Hack In The Box conference This is already the 4th one, time flies Like the previous editions, the event is organised at the Okura hotel, a very nice place Thanks to the Easter break, roads were clear to http://www.secuobs.com/revue/news/438765.shtmlhttp://www.secuobs.com/revue/news/438765.shtml Secuobs.com : 2013-04-08 18:35:54 - dev random - I m just back from an Easter break with WIFE and KIDS but it does not mean that I was completely disconnected Between familly activities, I read some items pending in my todo list One of them was the book called Penetration Testing Setting Up a Test Lab How-To from Packt Publishing This is the http://www.secuobs.com/revue/news/438199.shtmlhttp://www.secuobs.com/revue/news/438199.shtml Secuobs.com : 2013-04-04 11:17:09 - dev random - The next edition of Hack In The Box gets closer It will be held next week in Amsterdam Thank to the organizers, I get a press pass and I ll again be back for two days at the Okura hotel to cover the conference I ll tweet live follow the official HITB2012AMS hashtag and write wrap-ups The conference is http://www.secuobs.com/revue/news/437548.shtmlhttp://www.secuobs.com/revue/news/437548.shtml Secuobs.com : 2013-03-25 22:18:30 - dev random - An interesting reflexion about a situation I faced while performing a pentest for a customer The scope was the internal network or show me what an attacker could access from a rogue device A very wide scope indeed The customer is using a NAC Network Access Control solution to allow only corporate devices to connect http://www.secuobs.com/revue/news/435732.shtmlhttp://www.secuobs.com/revue/news/435732.shtml Secuobs.com : 2013-03-22 15:48:00 - dev random - Here is a quick review of a book about the well-known network sniffer Wireshark This book is part of new collection called Instant edited by Packt Publishing This is an interesting idea for people who don t have time don t want to read a classic 200-pages book or that need to go straight forward to the minimum http://www.secuobs.com/revue/news/435275.shtmlhttp://www.secuobs.com/revue/news/435275.shtml Secuobs.com : 2013-03-15 18:45:42 - dev random - And we are back with the second wrap-up of BlackHat Europe 2013 After a dinner with friends and some beers at Rapid7 and IOActive parties, I went back to the hotel to finish the first day wrap-up I woke up, tool shower, grab some coffee and I m ready for the second day No workshop planned http://www.secuobs.com/revue/news/433845.shtmlhttp://www.secuobs.com/revue/news/433845.shtml Secuobs.com : 2013-03-15 00:16:02 - dev random - Hello Everyone, it s BlackHat time again Here is my wrap-up for the first day Yesterday evening, after a safe drive to Amsterdam with corelanc0d3r, we went out for dinner and had good times with other friends and guys from the Rapid7 team who maintain the Cuckoo project The conference is organized at the same location http://www.secuobs.com/revue/news/433656.shtmlhttp://www.secuobs.com/revue/news/433656.shtml Secuobs.com : 2013-03-11 18:17:55 - dev random - Let me share this story with you I faced a strange incident last Saturday My web server was flooded with thousands of GET HTTP requests generated by WordPress blogs Those connections apparently seemed legit The attack , let s call it like this in a first time even if I don t think it was one, occurred Saturday http://www.secuobs.com/revue/news/432779.shtmlhttp://www.secuobs.com/revue/news/432779.shtml Secuobs.com : 2013-03-10 13:09:48 - dev random - Here we go with a new season of security conferences BlackHat Europe is the first big event for me this year The conference is back in Amsterdam this week for two days full of interesting briefing sessions and workshops Again this time, the BlackHat organization provided me a press pass thank again to them http://www.secuobs.com/revue/news/432593.shtmlhttp://www.secuobs.com/revue/news/432593.shtml Secuobs.com : 2013-03-05 23:43:21 - dev random - Here is a quick wrap-up of the first OWASP Belgium Chapter meeting of 2013 organised today in Leuven SecAppDev is running this week so it was a good opportunity to bring some trainers for an evening meet up Yves Younan and Steven Murdoch Lieven, from the OWASP team, made a small review of the current http://www.secuobs.com/revue/news/431612.shtmlhttp://www.secuobs.com/revue/news/431612.shtml Secuobs.com : 2013-02-22 17:58:49 - dev random - Mobile devices are more and more seen as nice targets from attackers point of view Which is easily understandable the market is exploding and people still don t realize that a mobile device is not only a mobile phone but a mobile computer with an operating system, I Os and applications The mobile OS landscape is spread http://www.secuobs.com/revue/news/429424.shtmlhttp://www.secuobs.com/revue/news/429424.shtml Secuobs.com : 2013-02-14 22:53:25 - dev random - http://www.secuobs.com/revue/news/427870.shtmlhttp://www.secuobs.com/revue/news/427870.shtml Secuobs.com : 2013-02-08 17:43:45 - dev random - Since it s already Friday, just before leaving for the weekend, here is a quick hack for all MacOS X infosec guys and the others I m not afraid to admit it I m lazy We are using computers all day long and they have been created usually to automate tasks Let them do our boring job One http://www.secuobs.com/revue/news/426582.shtmlhttp://www.secuobs.com/revue/news/426582.shtml Secuobs.com : 2013-02-07 22:51:32 - dev random - In the series of gadgets that we must bring with us, let me present the NI-707537 of ICUDU I m always traveling with a big backpack containing plenty of useful stuff Working often at customer premises, I don t have a fixed place in my company offices I m always carrying all my gadgets with me Two laptops, http://www.secuobs.com/revue/news/426437.shtmlhttp://www.secuobs.com/revue/news/426437.shtml Secuobs.com : 2013-02-06 14:11:52 - dev random - Belgium is strange country at various levels For years, Belgium is known as a country which quickly developed and distributed electronic identity cards eID to its citizens Your eID can be used in multiple applications to perform citizen s authentication and to sign documents The number of applications and web sites keeps growing constantly Private organizations http://www.secuobs.com/revue/news/426064.shtmlhttp://www.secuobs.com/revue/news/426064.shtml Secuobs.com : 2013-02-01 15:35:35 - dev random - Two days ago, I attended an event about big data yeah, another buzz word and how to use it for security purposes One of the presented talks was very interesting and almost changed my mind about our best friends or nightmare logs When I m talking about log management with customers, I always insist on the http://www.secuobs.com/revue/news/425236.shtmlhttp://www.secuobs.com/revue/news/425236.shtml Secuobs.com : 2013-01-30 22:35:49 - dev random - The title of this quick post says all evenmore in the security field This story has been reported by a friend of mine His wife would like to dispute a transaction made with her credit card Never a funny story but it may always happen my own card was also compromized two years ago even http://www.secuobs.com/revue/news/424859.shtmlhttp://www.secuobs.com/revue/news/424859.shtml Secuobs.com : 2013-01-29 00:08:49 - dev random - It looks that our beloved DNS protocol is again the center of interest for some security VENDORS For a while, I see more and more the expression DNS Firewall used in papers or presentations It s not a new buzz The DNS protocol is well-known to be a excellent vector of infection and or data exfiltration But http://www.secuobs.com/revue/news/424339.shtmlhttp://www.secuobs.com/revue/news/424339.shtml Secuobs.com : 2013-01-11 18:18:47 - dev random - This is my first post in 2013 Every begining of a new year, people tend to make a list of good resolution I also did and one of them is to switch from Perl to Python to develop Being a Perl addict for years, I don t expect to completely abandon my beloved language but I http://www.secuobs.com/revue/news/421266.shtmlhttp://www.secuobs.com/revue/news/421266.shtml Secuobs.com : 2012-12-31 12:18:24 - dev random - Claudio Guarnieri and his developers gave us a great gift to finish the year A few days before Christmas, they released the version 05 of Cuckoo, the open source malware analysis system What s new in this release Plenty of nice stuffs I won t review there here, have a look at the blog post published to http://www.secuobs.com/revue/news/419237.shtmlhttp://www.secuobs.com/revue/news/419237.shtml Secuobs.com : 2012-12-23 18:47:56 - dev random - I just had a good experience today about the social impact of malware infections and I would like to share it with you For most infosec people, it is part of the game to play the fireman for family and friends when they are in trouble with their computer The term computer is used by http://www.secuobs.com/revue/news/418481.shtmlhttp://www.secuobs.com/revue/news/418481.shtml Secuobs.com : 2012-12-22 17:20:04 - dev random - Implementing a good log management solution is not an easy task If your organisation decides should I add finally to deploy tools to manage your huge amount of logs, it s a very good step forward but it must be properly addressed Devices and applications have plenty of ways to generate logs They could send SNMP http://www.secuobs.com/revue/news/418427.shtmlhttp://www.secuobs.com/revue/news/418427.shtml Secuobs.com : 2012-12-08 00:16:13 - dev random - Yesterday I attended the first edition of a new event The Belgian Internet Security Conference It was organised by some key players from Belgian Federal organisations like the CERTbe, Belnet, FedICT The goal of this one-day conference was to provide some security awareness to managers or deciders This time, no hacking or technical presentations but http://www.secuobs.com/revue/news/415806.shtmlhttp://www.secuobs.com/revue/news/415806.shtml Secuobs.com : 2012-12-03 17:45:57 - dev random - I wrote a quick wrap-up of the SANS London 2012 edition while waiting for my train back to Belgium on Saturday evening but I published it only today Tomorrow was an off-line day This was my first edition and, honestly, I hope not the last one This event was not a conference like others http://www.secuobs.com/revue/news/414784.shtmlhttp://www.secuobs.com/revue/news/414784.shtml Secuobs.com : 2012-11-27 00:21:17 - dev random - Security by obscurity is bad Most infosec professionals will tell you this The principle is to implement security by hiding stuff in the installation of tools or solutions Often, people using security by obscurity believe that their stuff will be properly protected not found by the attackers But this technique will protect you only during http://www.secuobs.com/revue/news/413522.shtmlhttp://www.secuobs.com/revue/news/413522.shtml Secuobs.com : 2012-11-21 22:26:16 - dev random - Open proxies Everybody likes them Please don t immediately think about malicious activities Of course, open and chained proxies can be useful to make you anonymous on the Internet but they can also by very interesting for good purposes As a pentester, they can help you to distribute your reconnaissance phase across multiple IP addresses and http://www.secuobs.com/revue/news/412815.shtmlhttp://www.secuobs.com/revue/news/412815.shtml Secuobs.com : 2012-11-14 15:03:44 - dev random - Today was a bad day for Skype Microsoft A vulnerability was discovered on the Skype website which allowed an attacker to hijack the account of a Skype user The Skype client itself the software is not affected When successfully performed, the account was not only stolen but, worse, it looks like it was possible to http://www.secuobs.com/revue/news/411390.shtmlhttp://www.secuobs.com/revue/news/411390.shtml Secuobs.com : 2012-11-04 00:41:53 - dev random - Yesterday evening, I went with friends to a traditional Swiss restaurant then we passed by the party to have a few drinks Thanks to the sponsor for the open bar That s why it was difficult to wake up this morning But, anyway, I had a wrap-up to write for you This is a good opportunity http://www.secuobs.com/revue/news/409366.shtmlhttp://www.secuobs.com/revue/news/409366.shtml Secuobs.com : 2012-11-02 19:38:49 - dev random - I m in Luzern for a few days but the Hashdays security conference started today w00t This is the first edition for me A very nice opening session performed by the defcon-switzerland group which organises this event They gave funny stats about this edition in terms of registration, paper used, exchanged emails, etc After the classic http://www.secuobs.com/revue/news/409260.shtmlhttp://www.secuobs.com/revue/news/409260.shtml Secuobs.com : 2012-11-01 17:52:30 - dev random - I m currently attending the Hashdays security conference in Lucerne Switzerland Yesterday I attended a first round of talks the management session Amongst all the interesting presentations, Alexander Kornbrust got my attention with his topic Self-Defending Databases Alexander explained how databases can be configured to detect suspicious queries and prevent attacks Great ideas but there was only http://www.secuobs.com/revue/news/409031.shtmlhttp://www.secuobs.com/revue/news/409031.shtml Secuobs.com : 2012-10-25 18:01:46 - dev random - The 2012 edition of hacklu is already over for a few minutes Here is my wrap-up posted just before driving back to HOME Yesterday, we had a nice dinner with Belgian friends This is some kind of tradition during the conference, meet friends and exchange ideas, positions around a table with good food This morning, http://www.secuobs.com/revue/news/407763.shtmlhttp://www.secuobs.com/revue/news/407763.shtml Secuobs.com : 2012-10-24 20:20:32 - dev random - Here we go for the wrap-up of the second day After a short night and some 0xC0FFEE, the schedule started with a keynote by Sharon Conheady about the future of social engineering Sharon is a specialist in social extreme engineering read with physical access to facilities Did you know The term social engineering was introduced http://www.secuobs.com/revue/news/407542.shtmlhttp://www.secuobs.com/revue/news/407542.shtml