[SANS ISC] Increase of phpMyAdmin scans

I published the following diary on isc.sans.org: “Increase of phpMyAdmin scans“. PMA (or “phpMyAdmin”) is a well-known MySQL front-end written in PHP that “brings MySQL to the web” as stated on the web site. The tool is very popular amongst web developers because it helps to maintain databases just by using

[The post [SANS ISC] Increase of phpMyAdmin scans has been first published on /dev/random]

from [SANS ISC] Increase of phpMyAdmin scans

Advertisements

[SANS ISC] Backup Scripts, the FIM of the Poor

I published the following diary on isc.sans.org: “Backup Scripts, the FIM of the Poor“. File Integrity Management or “FIM” is an interesting security control that can help to detect unusual changes in a file system. By example, on a server, they are directories that do not change often. Example with

[The post [SANS ISC] Backup Scripts, the FIM of the Poor has been first published on /dev/random]

from [SANS ISC] Backup Scripts, the FIM of the Poor

[SANS ISC] A VBScript with Obfuscated Base64 Data

I published the following diary on isc.sans.org: “A VBScript with Obfuscated Base64 Data“. A few months ago, I posted a diary to explain how to search for (malicious) PE files in Base64 data. Base64 is indeed a common way to distribute binary content in an ASCII form. There are plenty

[The post [SANS ISC] A VBScript with Obfuscated Base64 Data has been first published on /dev/random]

from [SANS ISC] A VBScript with Obfuscated Base64 Data

SSTIC 2017 Wrap-Up Day #3

Here is my wrap-up for the last day. Hopefully, after the yesterday’s social event, the organisers had the good idea to start later… The first set of talks was dedicated to presentation tools. The first slot was assigned to Florian Maury, Sébastien Mainand: “Réutilisez vos scripts d’audit avec PacketWeaver”. When you

[The post SSTIC 2017 Wrap-Up Day #3 has been first published on /dev/random]

from SSTIC 2017 Wrap-Up Day #3

SSTIC 2017 Wrap-Up Day #2

Here is my wrap-up for the second day. From my point of view, the morning sessions were quite hard with a lot of papers based on hardware research. Anaïs Gantet started with “CrashOS : recherche de vulnérabilités système dans les hyperviseurs”. The motivations behind this research are multiple: virtualization of computers

[The post SSTIC 2017 Wrap-Up Day #2 has been first published on /dev/random]

from SSTIC 2017 Wrap-Up Day #2

SSTIC 2017 Wrap-Up Day #1

I’m in Rennes, France to attend my very first edition of the SSTIC conference. SSTIC is an event organised in France, by and for French people. The acronym means “Symposium sur la sécurité des technologies de l’information et des communications“. The event has a good reputation about its content but

[The post SSTIC 2017 Wrap-Up Day #1 has been first published on /dev/random]

from SSTIC 2017 Wrap-Up Day #1

HTTP… For the Good or the Bad

Tonight, I was invited by the OWASP Belgium Chapter (thank you again!) to present “something“. When I accepted the invitation, I did not really have an idea so I decided to compile the findings around my research about webshells. They are common tools used by bad guys: Once they compromized

[The post HTTP… For the Good or the Bad has been first published on /dev/random]

from HTTP… For the Good or the Bad

[SANS ISC] The story of the CFO and CEO…

I published the following diary on isc.sans.org: “The story of the CFO and CEO…“. I read an interesting article in a Belgian IT magazine[1]. Every year, they organise a big survey to collect feelings from people working in the IT field (not only security). It is very broad and covers their

[The post [SANS ISC] The story of the CFO and CEO… has been first published on /dev/random]

from [SANS ISC] The story of the CFO and CEO…

Who’s Visiting the Phishing Site?

Today, while hunting, I found a malicious HTML page in my spam trap. The page was a fake JP Morgan Chase bank. Nothing fancy. When I found such material, I usually search for “POST” HTTP requests to collect URLs and visit the websites that receive the victim’s data. As usual, the

[The post Who’s Visiting the Phishing Site? has been first published on /dev/random]

from Who’s Visiting the Phishing Site?