foo.be/index.markdown

63 lines
5 KiB
Markdown
Raw Normal View History

2015-12-03 01:59:10 +00:00
---
layout: page
2016-05-05 13:11:53 +00:00
title: Alexandre Dulaunoy
2015-12-03 01:59:10 +00:00
---
2016-05-05 13:11:53 +00:00
You just found the messy place of [Alexandre Dulaunoy](./about) who enjoys when human are using machines in unexpected ways. I break stuff and I do stuff.
2015-12-03 01:59:10 +00:00
2016-05-05 13:11:53 +00:00
## Interests
2015-12-03 01:59:10 +00:00
2024-03-10 15:52:56 +00:00
My interest primarily revolves around the elegance of [computer science](https://www.cs.utexas.edu/users/EWD/transcriptions/EWD08xx/EWD896.html), especially the concept of "simple and surprisingly effective" as described by Edsger W. Dijkstra in [EWD896](https://www.cs.utexas.edu/users/EWD/transcriptions/EWD08xx/EWD896.html). I actively apply these principles in practice through [free software crafting](https://github.com/adulau/), information security, and information representation.
When I want to take a break from computers, I engage in [photography](https://flickr.com/photos/adulau), attempting to convey my photographic emotions through a [photo blog](/photoblog/) and [artistic works](https://www.instagram.com/alexandredulaunoy/). I also have an interest in understanding the tough realities of biology and ecological systems, which I explore through [gardening](/cgi-bin/wiki.pl/GardeningStuff).
2015-12-03 01:59:10 +00:00
2016-05-05 13:11:53 +00:00
## Activities
My day job is located in the information security field and especially in incident response, threat intelligence and security research.
2016-05-05 13:11:53 +00:00
Beside my day job, I'm also an intermittent security researcher in various organizations. Organizing a security conference called
2024-05-30 04:38:27 +00:00
[hack.lu](https://2024.hack.lu/) (it's the 18th edition in 2024) and [lecturing in various universities](/cours/) about information security (like [An introduction to network forensic, system forensic, memory forensic and malware analysis](/cours/dess-20172018/)) are also part of my regular activities.
2016-05-05 13:11:53 +00:00
If you're curious, you can check out a collection of my live activities on [this page](/status/) or the [archive of my Mastodon account](_mastodon).
2024-03-10 15:52:56 +00:00
2016-05-05 13:11:53 +00:00
## Projects
In my quest of free software crafting, I regularly release or contribute to free software projects. [My GitHub project page](https://github.com/adulau/) includes some current projects and contributions.
### Forban
[Forban](/forban/) is a link-local opportunistic p2p free software. You can share files with everyone in your proximity without Internet connectivity. The implementation is written in Python but can be easily implemented as the protocol is minimal.
### hotp-js
[hotp-js - A JavaScript HOTP implementation](https://github.com/adulau/hotp-js) (HMAC-Based One-Time Password Algorithm) as described in RFC4226.
### netbeacon
[netbeacon](https://github.com/adulau/netbeacon) is a set of free software tools to send beacons over the network to test the accuracy and the precision of your network capture framework.
### Passive DNS framework and standards
I implemented multiple Passive DNS frameworks including [pdns-qof-server](https://github.com/adulau/pdns-qof-server) and an experimental storage backend in memory [Passive DNS visualization and Passive DNS server toolkit ](https://github.com/adulau/pdns-toolkit). I also co-designed "[Passive DNS - Common Output Format](https://tools.ietf.org/html/draft-dulaunoy-dnsop-passive-dns-cof-01)" to help the integration of different Passive DNS infrastructures.
### Passive SSL framework
In the same scope of Passive DNS, historical monitoring of X.509 certificate per IP address is useful to better understand the current and past use of Internet resources. Code is available in [crl-monitor](https://github.com/adulau/crl-monitor). I also maintain the modern [ssldump](https://github.com/adulau/ssldump) version.
2016-05-05 13:11:53 +00:00
### cve-search
I co-develop and co-maintain [cve-search](https://github.com/adulau/cve-search), a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs. The main objective of the software is to avoid doing direct and public lookup into the public CVE database. cve-search supports multiple sources and feeds of vulnerability database to aggregate the information about software vulnerabilities.
### MISP
Being part of the core team of the [MISP Project](https://www.misp-project.org/), I'm involved in the development of the project from the early beginning and contribute on various aspects with a wonderful team. I'm also the co-author of the various Internet-Draft for the [MISP standard format](https://www.misp-standard.org/).
2016-05-05 13:11:53 +00:00
### Other software
[DomainClassifier](https://github.com/adulau/DomainClassifier), [misp-modules](https://www.github.com/MISP/misp-modules/), url-archiver... and [some more on GitHub](https://www.github.com/adulau/).
2016-05-05 13:11:53 +00:00
## Information classification, representation and sharing
While being an avid reader, I'm always interested in the topics where information classication plays a role to support readers or writers in making information more accessible. I did some work on [machine tag usage](/cgi-bin/wiki.pl/MachineTag) and also maintains a specific JSON machine tags database for information sharing like [MISP taxonomies](https://github.com/MISP/misp-taxonomies).