I love MISP, Malware Information Sharing Platform & Threat Sharing. I did three earlier posts on how to use and setup MISP. part 1, part 2 and part 3.
One of the nice new features by MISP is including feeds from different open source intelligence feed providers.
How does it work? Basically the feeds are provided as a JSON feed, you can browse them within MISP, import them individually or subscribe to the feed to … Read more.
I had a guest post published on Security Training for Incident Handlers: The New Glibc Getaddrinfo Vulnerability: Is It GHOST 2.0?.
The post describes the critical issue found in glibc getaddrinfo (CVE-2015-7547) and gives you advice on patch management to deal with current (and future) issues in glibc.
I had a guest post published on Security Training for Incident Handlers: What’s Out There? on the blog of IBM’s Security Intelligence.
The post describes the different types of security trainings that are available for incident handlers, including vendor-specific training, general training and community driven training.
I had a guest post published about 9 Things To Know When Using The GDPR To Your Advantage on the blog of Ipswitch.com.
The post focuses on important things in the GDPR, General Data Protection Regulation, that can have an influence on how you deal with some of your user -personal- data.
According to isc.org “Passive DNS” or “passive DNS replication” is a technique invented by Florian Weimer in 2004 to opportunistically reconstruct a partial view of the data available in the global Domain Name System into a central database where it can be indexed and queried.
In practical terms passive DNS describes an historical database of DNS resolutions. What does this all mean? It means that you can lookup to what IP address a domain resolved … Read more.
DDoS prevention is a hot topic. DDoS attacks have become a weapon of choice for malicious actors to conduct cyberattacks. I did a posting on Defending Against Apache Web Server DDoS Attacks and contributed to a DDoS: Proactive and reactive measures document from CERT.be.
One of the mitigation measures that you can apply is doing country based IP filtering. This basically limits access to your network from a limited set of prefixes. I consider this … Read more.
I recently had a presentation and information session for human right activists on how to secure their group communication and data sharing.
The target audience was non-technical using different operating systems (Windows, Linux and OSX) and using both default laptops and mobile devices (primarily Android based).
I uploaded the presentation to SlideShare.
Secure Communication from Koen Van Impe
Open source intelligence is collecting information from publicly available resources. If you are doing incident handling it’s one of the things that will use up a lot of your time. And it can quickly become very tedious. Imagine a list of IPs that you found hosts on your network connecting to. Query different public available resources (VirusTotal, Shodan, SANS, Cymon, XForce Exchange, …) for each and every IP and then converting that data into one … Read more.
The short answer : no, TOR exit nodes do not alter your content.
A recent post by @adrellias got my attention. The link in the post refers to an article where a user spots a case of content (Javascript) injection by Vodafone. The details can be found in the blogpost Am I hacked? Oh, it’s just Vodafone. Needless to say this is very bad behavior by Vodafone.
Vodafone eavesdrops on your conversation, causing this to … Read more.
This is the second part of a post on doing open source intel with recon-ng. The first part focused on gathering open source information for user accounts. This second part focuses on gathering domain and host information.
I started with one single domain. I’m interested in what other hosts related to this domain can be found. To do this I use the search command SEARCH domains-hosts.
The list shows modules that use for example Baidu, … Read more.
Graphs made with cudeso posts stats
By continuing to use the site, you agree to the use of cookies. more information
An HTTP cookie, is a small piece of text sent from a website and stored in your web browser. Cookies are a reliable mechanism for websites to remember your preferences and improve your browsing experience.
If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.