Comparing Different Tools for Threat Sharing

Posted on October 10, 2015 in internet, osint, security

1 Reply

I had a guest-posting published at IBM Security Intelligence : Comparing Different Tools for Threat Sharing.

How to use the traffic light protocol – TLP

Posted on August 21, 2015 in osint, security

1 Reply

The TLP or Traffic Light Protocol is a set of designations designed to help sharing of sensitive information. It has been widely adopted in the CSIRT and security community.

The originator of the information labels the information with one of four colours. These colours indicate what further dissemination, if any, can be undertaken by the recipient. Note that the colours only mark the level of dissemination, not the sensitivity level (although they often align).

The … Read more.

Intro to basic forensic investigation of a hard drive

Posted on August 17, 2015 in linux, security

7 Replies

For a recent project I had to do a basic forensic investigation of a hard drive. The assignment included two questions :

detect if there were viruses on the system analyzing the surf behavior of one of the users (policy related)

I want to share the steps that I took to do basic forensics on a cloned disk image. This is not an in-depth forensic investigation but it was enough for this assignment.

DNSSEC in Europe

Posted on August 8, 2015 in internet, security

2 Replies

The Domain Name System Security Extensions (DNSSEC) is a suite of specifications for securing certain kinds of information provided by the Domain Name System (DNS) used in IP networks.

It does not solve every security problem related to DNS but it will protect users from cache poisoning and other malicious DNS attacks. See DNSSEC FAQs for more info. And implementing DNSSEC is also a great excuse to finally clean up your DNS zones …

As … Read more.

Visualising IP data with CartoDB

Posted on August 2, 2015 in security

Use EvtxParser to convert Windows Event Log files to XML

Posted on July 16, 2015 in open source, security

2 Replies

For a recent project I had to convert Windows Event Log files from a Windows machine to a plain text file. To accomplish this I used the EvtxParser tools from Andreas Schuster

It is a set of Perl files that you can run against the Event Log files.

EvtxParser is written in Perl. So obviously, you need Perl. On Ubuntu you need the extra packages libdatetime-perl and libcarp-assert-perl.

You also need to install two extra … Read more.

Client side certificate authentication

Posted on July 3, 2015 in internet, linux, security

17 Replies

TLS (Transport Layer Security) and its predecessor SSL provide secure communication over a computer network. The most common use for TLS/SSL is for establishing an encrypted link between a web server and a browser. This allows you to guarantee that all data passed between the browser and the web server is private and not tampered with.

You can use certificates on both sides, the server side and the client side.

Web site certificates, or server … Read more.

Logjam vulnerable websites in Belgium

Posted on June 5, 2015 in internet, open source, security

1 Reply

Recently a group from INRIA, Microsoft Research, Johns Hopkins, the University of Michigan, and the University of Pennsylvania published an analysis of the Diffie-Hellman algorithm as used in TLS and other protocols. They reported on a downgrade attack against the TLS protocol which would allow attackers to read and possibly alter your supposedly secure communication with a website or VPN connection.

The issue is located in the EXPORT cryptography, similar to the FREAK attack (although … Read more.