Basic www.foo.be migration done

This commit is contained in:
Alexandre Dulaunoy 2016-05-05 15:11:53 +02:00
parent de04cfdf62
commit 0c8219dccc
20 changed files with 3602 additions and 64 deletions

View file

@ -1,16 +1,15 @@
# Site settings
title: Alex Carpenter
email: your-email@domain.com
title: Alexandre Dulaunoy - adulau - Home Page
email: a@foo.be
description: >
Write an awesome description for your new site here. You can edit this
line in _config.yml. It will appear in your document head meta (for
Google search results) and in your feed.xml site description.
baseurl: "/material-jekyll-theme"
url: "http://alexcarpenter.me"
baseurl: "https://www.foo.be"
url: "https://www.foo.be"
fixedNav: 'true' # true or false
theme: purple # green, blue, orange, purple, grey
twitterUsername: hybrid_alex
githubUsername: alexcarpenter
theme: grey # green, blue, orange, purple, grey
twitterUsername: adulau
githubUsername: adulau
flickrUsername: adulau
dribbbleUsername:
codepenUsername:
@ -21,3 +20,8 @@ include: [_pages]
exclude: [_site, CHANGELOG.md, LICENSE, README.md]
sass:
style: compressed
kramdown:
# Enable GitHub Flavored Markdown (fenced code blocks)
input: GFM
# Disable auto-generated ID's for headings
auto_ids: true

View file

@ -1,10 +1,10 @@
<footer class="c-footer">
<div class="u-container c-footer__container">
<p>&copy; {{ site.title }} {{ site.time | date: '%Y' }}</p>
<p>&copy; Alexandre Dulaunoy - licensed under the version 2 of the GNU General Public License or any later version.</p>
<p>
{% if site.twitterUsername %}<a href="https://twitter.com/{{ site.twitterUsername }}">Twitter</a>{% endif %}
{% if site.githubUsername %}<a href="https://github.com/{{ site.githubUsername }}">Github</a>{% endif %}
{% if site.dribbbleUsername %}<a href="https://dribbble.com/{{ site.dribbbleUsername }}">Dribbble</a>{% endif %}
{% if site.flickrUsername %}<a href="https://flickr.com/photos/{{ site.flickrUsername }}">Flickr</a>{% endif %}
{% if site.codepenUsername %}<a href="http://codepen.io/{{ site.codepenUsername }}">CodePen</a>{% endif %}
</p>
</div>

View file

@ -6,7 +6,8 @@
<title>{% if page.title %}{{ page.title }}{% else %}{{ site.title }}{% endif %}</title>
<meta name="description" content="{% if page.excerpt %}{{ page.excerpt | strip_html | strip_newlines | truncate: 160 }}{% else %}{{ site.description }}{% endif %}">
<link href='https://fonts.googleapis.com/css?family=Roboto:400,400italic,700|Roboto+Mono:400,500' rel='stylesheet' type='text/css'>
<link href='https://fonts.googleapis.com/css?family=Titillium+Web' rel='stylesheet' type='text/css'>
<!-- <link href='https://fonts.googleapis.com/css?family=Roboto:400,400italic,700|Roboto+Mono:400,500' rel='stylesheet' type='text/css'> -->
<link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
<link rel="stylesheet" href="{{ "/css/main.css" | prepend: site.baseurl }}">
<link rel="canonical" href="{{ page.url | replace:'index.html','' | prepend: site.baseurl | prepend: site.url }}">

View file

@ -1,7 +1,10 @@
<nav class="c-navigation {% if site.fixedNav == 'true' %}is-fixed{% endif %}">
<div class="c-navigation__container u-container">
<a class="c-navigation__item {% if page.url == '/' %}is-active{% endif %}" href="{{ "/" | prepend: site.baseurl }}">Home</a>
<a class="c-navigation__item {% if page.url == '/#projects' %}is-active{% endif %}" href="{{ "/#projects" | prepend: site.baseurl }}">Projects</a>
<a class="c-navigation__item {% if page.url == '/articles/' %}is-active{% endif %}" href="{{ "/articles/" | prepend: site.baseurl }}">Articles</a>
<a class="c-navigation__item {% if page.url == '/photoblog/' %}is-active{% endif %}" href="{{ "/photoblog/" | prepend: site.url }}">Photography</a>
<a class="c-navigation__item {% if page.url == '/about/' %}is-active{% endif %}" href="{{ "/about/" | prepend: site.baseurl }}">About</a>
<a class="c-navigation__item {% if page.url == '/contact/' %}is-active{% endif %}" href="{{ "/contact/" | prepend: site.baseurl }}">Contact</a>
</div>
</nav>

View file

@ -2,3 +2,4 @@
layout: page
---
{{ content }}

View file

@ -3,6 +3,23 @@ layout: page
title: About
permalink: /about/
---
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
# Who is Alexandre Dulaunoy?
> "Every program has (at least) two purposes: the one for which it was written and another for which it wasn't."
>
> -- <cite>[Alan J. Perlis](https://en.wikipedia.org/wiki/Alan_Perlis)</cite>
![Alexandre Dulaunoy]({{ site.baseurl }}/assets/adulau-photo.jpg)
## More or less official biography
Alexandre encountered his first computer in the eighties, and he disassembled it to know how the thing works. While pursuing his logical path towards information security and free software, he worked as senior security network consultant at different places (e.g. Ubizen, now Cybertrust). He co-founded a startup called Conostix specialized in information security management, and the past 6 years, he was the manager of global information security at SES, a leading international satellite operator. He is now working at the Luxembourgian Computer Security Incident Response Team (CSIRT) called CIRCL in the research and operational fields. He is also lecturer in information security at Paul-Verlaine University in Metz and the University of Luxembourg. Alexandre enjoys working on projects where there is a blend of “free information”, innovation and a direct social improvement. When not gardening binary streams, he likes facing the reality of ecosystems while gardening or doing photography.
## Real biography
Enjoy when human are using machines in unexpected ways. I break stuff and I do stuff.
## Why foo.be?
> First on the standard list of metasyntactic variables used in syntax examples (bar, baz, qux, quux, corge, grault, garply, waldo, fred, plugh, xyzzy, thud). [Etymology of "Foo"](https://www.ietf.org/rfc/rfc3092.txt)

View file

@ -25,3 +25,6 @@ permalink: /articles/
{% endif %}
{% endif %}
{% endfor %}
<p>
My old blog is <a href="/cgi-bin/wiki.pl/Diary">still available</a>.
</p>

25
_pages/contact.markdown Executable file
View file

@ -0,0 +1,25 @@
---
layout: page
title: Contact
permalink: /contact/
---
# Contact
~~~~
Alexandre Dulaunoy
10, rue du faubourg
B6811 Les Bulles - Chiny
Belgium (Europe)
Phone : +32(0)61460742
~~~~
# PGP
My current (and historical) OpenPGP key [can be downloaded]({{ site.baseurl }}/assets/key.pgp) and has the following fingerprint:
~~~~
3B12 DCC2 82FA 2931 2F5B 709A 09E2 CD49 44E6 CBCD
~~~~

View file

@ -1,7 +0,0 @@
---
layout: post
title: "Two Thousand Fourteen"
date: 2014-01-03 18:52:21
categories: jekyll update
---
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

View file

@ -0,0 +1,44 @@
---
layout: post
title: "Eavesdropping of Internet - What Can We Do? A Revolution?"
date: 2014-03-02 18:52:21
categories: infosec
---
# Eavesdropping of Internet - What Can We Do? A Revolution?
Alexandre Dulaunoy <a@foo.be>
**version 1 - 2014-03-02**
In the past months, facts have been accumulating about the existence of constant eavesdropping on Internet. Not only targeted eavesdropping but the general and large scale interception of electronic communications. The various revelation from the selected leaks from Edward Snowden is maybe just the tip of the iceberg (the perspective of a single national intelligence entity based in the US and their direct partners).
- What about the other intelligence organisations (e.g. just the check the list of operational (and known) intelligence agencies[^1])?
- What about the private organizations (e.g. ISP targeted advertising doing interception like Phorm[^2]?
- Or any organized groups doing eavesdropping of electronic communications for various reasons (e.g. News international was the most notorious[^3]).
[![Driving From B to G]({{ site.baseurl }}/assets/interception.jpg)](https://www.flickr.com/photos/adulau/10381598453/)
What is currently proposed? Stacking new laws? Signing new agreement between intelligence agencies? Creating a new motion for resolution like [EU did for Echelon in 2001](http://cryptome.org/echelon-ep-fin.htm). And nothing changed? Eavesdropping is even much more active than it was ten years ago.
A solution is maybe mentioned in the [Unabomber manifesto](http://www.washingtonpost.com/wp-srv/national/longterm/unabomber/manifesto.text.htm). The solution seems to be a bit radical after a first reading.
>"130. Technology advances with great rapidity and threatens freedom at many different points at the same time (crowding, rules and regulations, increasing dependence of individuals on large organizations, propaganda and other psychological techniques, genetic engineering, invasion of privacy through surveillance devices and computers, etc.). To hold back any ONE of the threats to freedom would require a long and difficult social struggle. Those who want to protect freedom are overwhelmed by the sheer number of new attacks and the rapidity with which they develop, hence they become apathetic and no longer resist. To fight each of the threats separately would be futile. Success can be hoped for only by fighting the technological system as a whole; but that is revolution, not reform."
>-- <cite>[INDUSTRIAL SOCIETY AND ITS FUTURE](https://archive.org/stream/IndustrialSocietyAndItsFuture-TheUnabombersManifesto/IndustrialSocietyAndItsFuture-theUnabombersManifesto_djvu.txt) Ted kaczynski</cite>
Fighting the threats might be futile like creating new laws that intelligence agencies will subvert[^4]. It is clearly not the path we would like to try again. A revolution in technology can have different forms but against the case of interception from electronic communication, we have already the [cypherpunk](http://www.activism.net/cypherpunk/manifesto.html) created in late eighties. The movement did some important achievement by providing a good ground of free cryptographic tools and removing the legal boundaries of using cryptography[^5].
Now why all the internet users or private organizations are not adopting cryptography after the recent revelations? Just because the threat seems so distant for them that they don't bother to adopt cryptography. What would be the way to "force" everyone to use more crypto? Is there a technique to move the threat closer to all the Internet users? Maybe and it's a kind of revolution:
> *Legalize and promote eavesdropping on electronic communication for everyone.*
My point is the following. If the number of eavesdroppers increase and the number of public techniques are publicized, it will render the threat more real to the users. Then it will increase the people to use countermeasures to protect their electronic communication. Knowing your enemies and his techniques is a source to gain better information on how to design more resilient system to interception.
This is maybe a wrong path but until now, the other solutions were unsuccessful.
[^1]: [List of (known) intelligence agencies](http://en.wikipedia.org/wiki/List_of_intelligence_agencies)
[^2]: [Phorm - interception and advertising](http://www.fipr.org/080423phormlegal.pdf)
[^3]: [News International phone hacking scandal](http://en.wikipedia.org/wiki/News_International_phone_hacking_scandal)
[^4]: [FISA updated to match the interception practices](http://en.wikipedia.org/wiki/Foreign_Intelligence_Surveillance_Act_of_1978_Amendments_Act_of_2008)
[^5]: Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act. The act of encryption, in fact, removes information from the public realm. Even laws against cryptography reach only so far as a nation's border and the arm of its violence. Cryptography will ineluctably spread over the whole globe, and with it the anonymous transactions systems that it makes possible.

View file

@ -1,25 +0,0 @@
---
layout: post
title: "Welcome to Jekyll!"
date: 2015-12-01 18:52:21 -0500
categories: jekyll update
---
Youll find this post in your `_posts` directory. Go ahead and edit it and re-build the site to see your changes. You can rebuild the site in many different ways, but the most common way is to run `jekyll serve`, which launches a web server and auto-regenerates your site when a file is updated.
To add new posts, simply add a file in the `_posts` directory that follows the convention `YYYY-MM-DD-name-of-post.ext` and includes the necessary front matter. Take a look at the source for this post to get an idea about how it works.
Jekyll also offers powerful support for code snippets:
{% highlight ruby %}
def print_hi(name)
puts "Hi, #{name}"
end
print_hi('Tom')
#=> prints 'Hi, Tom' to STDOUT.
{% endhighlight %}
Check out the [Jekyll docs][jekyll-docs] for more info on how to get the most out of Jekyll. File all bugs/feature requests at [Jekylls GitHub repo][jekyll-gh]. If you have questions, you can ask them on [Jekyll Talk][jekyll-talk].
[jekyll-docs]: http://jekyllrb.com/docs/home
[jekyll-gh]: https://github.com/jekyll/jekyll
[jekyll-talk]: https://talk.jekyllrb.com/

View file

@ -0,0 +1,64 @@
---
layout: post
title: "The Myth of Software and Hardware Vulnerability Management"
date: 2016-05-04 18:52:21
categories: infosec
---
# The Myth of Software and Hardware Vulnerability Management
Alexandre Dulaunoy <a@foo.be>
**version 1 - 2016-05-04**
Software and Hardware Vulnerability Management is often mentioned in any good information security policy or even in a dedicated vulnerability management procedure. This is great, you have a wonderful procedure but is this the reality? Do you know what software or hardware you are relying on? Is the version clearly mentioned in the product I recently acquired? Can you easily find the vulnerabilities targeting the software on which you depends? __If you can list your software in your enterprise in a single sheet of paper, you might be far away from the reality__. How many OpenSSL variants are you running in your infrastructure? Are the OpenSSL version embedded in your devices included? How many different C runtime libraries run in your infrastructure? Do you know the current firmwares version in use in your infrastructure?
[![The icelandic way to stack books at a window.]({{ site.baseurl }}/assets/books.jpg)](https://www.flickr.com/photos/adulau/14776685031/)
Practical software and hardware vulnerability management is inherently difficult and painful. But even if you have a great vulnerability management procedure in place, _we make a huge assumption which is the ability to know about those vulnerabilities_.
While developing [cve-search](https://github.com/cve-search/cve-search) confirmed my fear that we have a really narrow view on the real vulnerability landscape of the software, hardware and embedded devices.
Just to expose my point regarding our very limited view on the software vulnerability, we can simply focus on free software (which is often seen as a commodity software included in many proprietary or embedded devices).
Software vulnerability types in the free software community could be summarised in four categories:
- (1) Software where security vulnerabilities are fixed and CVEs are attributed.
- (2) Software where vulnerabilities are silently fixed (e.g. bugs versus security bugs).
- (3) Software where security vulnerabilities are never fixed (e.g. unmaintained software).
- (4) Software not very popular and vulnerabilities are rarely discovered (e.g. software used by a very limited set of users).
While trying to do some statistics about the popularity of free software packages using the [popularity-contest](http://popcon.ubuntu.com) database, there is a fundamental problem in the inventory of the software. Vulnerable software, with a CVE (category (1) in the list above) assigned, usually have one or more CPE (Common Platform Enumeration[^1]) associated.
A CPE helps to know which software version or packages are affected by the vulnerability with the assigned CVE. CPE are often used to find back which of your software are impacted by a certain vulnerability. In cve-search, we have an interface to search per CPE in order to find the vulnerable packages (check the [cve-search presentation at BruCON 2015](https://www.circl.lu/assets/files/brucon2015-cve-search.pdf) for more details).
In the category 1 which is the best case scenario for vulnerability management, we should be able to find easily vulnerable version? But the mapping between CPE and software is not so obvious. In the top software being used in the popularity contest, we have "ncurses" which is listed under the following package name in Ubuntu:
- ncurses-base
- ncurses-bin
- libncurses5
What are the CPE names for ncurses?
CPE are formated in the following format:
~~~~
cpe:/{part}:{vendor}:{product}:{version}:{update}:{edition}:{language}
~~~~
Assuming the vendor is the core developer team of the package, for ncurses it should be the GNU project (discarding the cases where there is maintained version by Debian or Ubuntu with backports). So we should easily find the related vulnerabilities to ncurses if we look at the [GNU project vendor](https://cve.circl.lu/browse/gnu) in the CPE... there are many of the software developed by the GNU project but there is no ncurses. But if you do a full-text search on all CVE assigned you'll find the following CVE: [CVE-2000-0963](https://cve.circl.lu/cve/CVE-2000-0963) - [CVE-2005-1796](https://cve.circl.lu/cve/CVE-2005-1796) - [CVE-2002-0062](https://cve.circl.lu/cve/CVE-2002-0062).
The CPE listed only some of the vulnerable distributions including the vulnerable ncurses version but not the ncurses library itself as being vulnerable.
As there is no parsable automatic cross-references between the vulnerabilities and the software name used in their deployment, it's very hard to build automatic tools which follow vulnerability management procedure. This example covers the case where CVEs are properly assigned and vulnerabilities are properly documented.
__To summarize, if you solely rely on automatic tools to find your exposure to software vulnerabilities, your view is obviously narrowed. So please careful and don't underestimate the attack surface that you are not aware of__.
## Recommendations or some random ideas for improvement
Linux distributions (like Debian or Ubuntu) should introduce the possibility to add the CPE names for their software packages. The mapping should include a proper mapping of the package names with version number and the respective CPE version (e.g. libglib:2.0 instead of libglib2.0-0). An automatic generation of the CPE name could be done to help the package maintainer to refine or keep the generated CPE name.
CPE references in vulnerable_configuration (in CVEs) tend to include the vulnerable operating system but not the vulnerable software itself. cpe:/a: is not always defined and only the vulnerable operating systems are mentioned. There are many potential improvements but the CPE management could be slightly improved with a collaborative approach to add or updates CPE entries.
[^1]: CPE is a structured naming scheme for information technology systems, software, and packages. Based upon the generic syntax for Uniform Resource Identifiers (URI), CPE includes a formal name format, a method for checking names against a system, and a description format for binding text and tests to a name. [https://nvd.nist.gov/cpe.cfm](https://nvd.nist.gov/cpe.cfm)

View file

@ -18,13 +18,19 @@
> * {
margin-bottom: 1.8rem;
color: rgba($c__black, .7);
color: rgba($c__black, 1);
}
a:not(.c-btn) {
text-decoration: underline;
}
ul {
margin: 0.2 em;
list-style: square;
padding: 0.2 em;
}
blockquote {
margin-left: -2.5rem;
width: calc(100% + 5rem);

View file

@ -4,12 +4,12 @@
// Font families
@mixin ff--sans-serif($font-weight: normal) {
font-family: 'Roboto', 'Helvetica Neue', Helvetica, sans-serif;
font-family: 'Titillium Web', 'Helvetica Neue', Helvetica, sans-serif;
font-weight: $font-weight;
}
@mixin ff--mono($font-weight: normal) {
font-family: 'Roboto Mono', monospace;
font-family: 'Inconsolata', monospace;
font-weight: $font-weight;
}
@ -31,7 +31,7 @@
@mixin fs--body {
line-height: 1.5;
font-size: 1.8rem; // 18px
font-size: 2rem;
}
@mixin fs--meta {

BIN
assets/adulau-photo.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 95 KiB

BIN
assets/books.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 60 KiB

BIN
assets/interception.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 63 KiB

3363
assets/key.pgp Normal file

File diff suppressed because it is too large Load diff

4
build.sh Normal file
View file

@ -0,0 +1,4 @@
#!/bin/bash
jekyll build
rsync -v -rz --checksum _site/ adulau@kb.quuxlabs.com:/home/adulau/website/foo/

View file

@ -1,21 +1,56 @@
---
layout: page
title: Material Jekyll Theme
title: Alexandre Dulaunoy
---
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis [nostrud exercitation](http://alexcarpenter.me) ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
## Heading Level 2
You just found the messy place of [Alexandre Dulaunoy](./about) who enjoys when human are using machines in unexpected ways. I break stuff and I do stuff.
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
{% highlight scss %}
.header {
font-size: 100px;
}
{% endhighlight %}
## Interests
### Heading Level 3
My interest is mainly focus around elegant [computer science](https://www.cs.utexas.edu/users/EWD/transcriptions/EWD08xx/EWD896.html) "simple and surprisingly effective" as described by Edsger W. Dijkstra in [EWD896](https://www.cs.utexas.edu/users/EWD/transcriptions/EWD08xx/EWD896.html). I'm practically experimenting the model into [free software crafting](https://github.com/adulau/), information security and information representation.
> Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris.
When I want to stay away from computers, I do [photography](https://flickr.com/photos/adulau) and tries to express some photographic feelings in a [photo blog](/photoblog/). Facing the hard reality of biology and ecological system with [gardening](/cgi-bin/wiki.pl/GardeningStuff) is also one of my interest.
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
## Activities
My day job is located in the information security field and especially in incident response and security research.
Beside my day job, I'm also an intermittent security researcher in various organizations. Organizing a security conference called
[hack.lu](https://2016.hack.lu/) (it's the 12th edition in 2016) and [lecturing in various universities](/cours/) about information security (like [An introduction to network forensic, system forensic, memory forensic and malware analysis](/cours/dess-20152016/)) are also part of my regular activities.
## Projects
In my quest of free software crafting, I regularly release or contribute to free software projects. [My GitHub project page](https://github.com/adulau/) includes some current projects and contributions.
### Forban
[Forban](/forban/) is a link-local opportunistic p2p free software. You can share files with everyone in your proximity without Internet connectivity. The implementation is written in Python but can be easily implemented as the protocol is minimal.
### hotp-js
[hotp-js - A JavaScript HOTP implementation](https://github.com/adulau/hotp-js) (HMAC-Based One-Time Password Algorithm) as described in RFC4226.
### netbeacon
[netbeacon](https://github.com/adulau/netbeacon) is a set of free software tools to send beacons over the network to test the accuracy and the precision of your network capture framework.
### Passive DNS framework and standards
I implemented multiple Passive DNS frameworks including [pdns-qof-server](https://github.com/adulau/pdns-qof-server) and an experimental storage backend in memory [Passive DNS visualization and Passive DNS server toolkit ](https://github.com/adulau/pdns-toolkit). I also co-designed "[Passive DNS - Common Output Format](https://tools.ietf.org/html/draft-dulaunoy-dnsop-passive-dns-cof-01)" to help the integration of different Passive DNS infrastructures.
### Passive SSL framework
In the same scope of Passive DNS, historical monitoring of X.509 certificate per IP address is useful to better understand the current and past use of Internet resources. Code is available in [crl-monitor](https://github.com/adulau/crl-monitor).
### cve-search
I co-develop and co-maintain [cve-search](https://github.com/adulau/cve-search), a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs. The main objective of the software is to avoid doing direct and public lookup into the public CVE database. cve-search supports multiple sources and feeds of vulnerability database to aggregate the information about software vulnerabilities.
### Other software
DomainClassifier, misp-modules, url-archiver... and [some more on GitHub](https://www.github.com/adulau/).
## Information classification, representation and sharing
While being an avid reader, I'm always interested in the topics where information classication plays a role to support readers or writers in making information more accessible. I did some work on [machine tag usage](/cgi-bin/wiki.pl/MachineTag) and also maintains a specific JSON machine tags database for information sharing like [MISP taxonomies](https://github.com/MISP/misp-taxonomies).