Archive.org Abused to Deliver Phishing Pages

The Internet Archive is a well-known website and more precisely for its “WaybackMachine” service. It allows you to search for and display old versions of websites. The current Alexa ranking is 262 which makes it a “popular and trusted” website. Indeed, like I explained in a recent SANS ISC diary, whitelists

[The post Archive.org Abused to Deliver Phishing Pages has been first published on /dev/random]

from Archive.org Abused to Deliver Phishing Pages

HITB Amsterdam 2017 Day #2 Wrap-Up

After a nice evening with some beers and an excellent dinner with infosec peers, here is my wrap-up for the second day. Coffee? Check! Wireless? Check! Twitter? Check! As usual, the day started with a keynote. Window Snyder presented “All Fall Down: Interdependencies in the Cloud”. Window is the CSO

[The post HITB Amsterdam 2017 Day #2 Wrap-Up has been first published on /dev/random]

from HITB Amsterdam 2017 Day #2 Wrap-Up

HITB Amsterdam 2017 Day #1 Wrap-Up

I’m back in Amsterdam for the 8th edition of the security conference Hack in the Box. Last year, I was not able to attend but I’m attending it for a while (you can reread all my wrap-up’s here). What to say? It’s a very strong organisation, everything running fine, a

[The post HITB Amsterdam 2017 Day #1 Wrap-Up has been first published on /dev/random]

from HITB Amsterdam 2017 Day #1 Wrap-Up

[SANS ISC] Pro & Con of Outsourcing your SOC

I published the following diary on isc.sans.org: “Pro & Con of Outsourcing your SOC“. I’m involved in a project to deploy a SIEM (“Security Information &Event Management“) / SOC (“Security Operation Center“) for a customer. The current approach is to outsource the services to an external company also called a

[The post [SANS ISC] Pro & Con of Outsourcing your SOC has been first published on /dev/random]

from [SANS ISC] Pro & Con of Outsourcing your SOC

[SANS ISC] Nicely Obfuscated JavaScript Sample

I published the following diary on isc.sans.org: “Nicely Obfuscated JavaScript Sample“. One of our readers sent us an interesting sample that was captured by his anti-spam. The suspicious email had an HTML file attached to it. By having a look at the file manually, it is heavily obfuscated and the payload

[The post [SANS ISC] Nicely Obfuscated JavaScript Sample has been first published on /dev/random]

from [SANS ISC] Nicely Obfuscated JavaScript Sample

TROOPERS 2017 Day #3 Wrap-Up

The third day is already over! Today the regular talks were scheduled split in three tracks: offensive, defensive and a specific one dedicated to SAP. The first slot at 09:00 was, as usual, a keynote. Enno Rey presented ten years of TROOPERS. What happened during all those editions? The main

[The post TROOPERS 2017 Day #3 Wrap-Up has been first published on /dev/random]

from TROOPERS 2017 Day #3 Wrap-Up

TROOPERS 2017 Day #2 Wrap-Up

This is my wrap-up for the 2nd day of “NGI” at TROOPERS. My first choice for today was “Authenticate like a boss” by Pete Herzog. This talk was less technical than expected but interesting. It focussed on a complex problem: Identification. It’s not only relevant for users but for anything

[The post TROOPERS 2017 Day #2 Wrap-Up has been first published on /dev/random]

from TROOPERS 2017 Day #2 Wrap-Up

TROOPERS 2017 Day #1 Wrap-Up

I’m in Heidelberg (Germany) for the 10th edition of the TROOPERS conference. The regular talks are scheduled on Wednesday and Thursday. The two first days are reserved for some trainings and a pre-conference event called “NGI” for “Next Generation Internet” focusing on two hot topics: IPv6 and IoT. As said on

[The post TROOPERS 2017 Day #1 Wrap-Up has been first published on /dev/random]

from TROOPERS 2017 Day #1 Wrap-Up

[SANS ISC] Searching for Base64-encoded PE Files

I published the following diary on isc.sans.org: “Searching for Base64-encoded PE Files“. When hunting for suspicious activity, it’s always a good idea to search for Microsoft Executables. They are easy to identify: They start with the characters “MZ” at the beginning of the file. But, to bypass classic controls, those

[The post [SANS ISC] Searching for Base64-encoded PE Files has been first published on /dev/random]

from [SANS ISC] Searching for Base64-encoded PE Files