From ac4d60722663e3acc7fded15784e1534c77a2b2b Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Sat, 12 Nov 2022 10:31:51 +0100 Subject: [PATCH] new: [page] Twitter archive added --- _pages/twitter-archive.markdown | 57650 ++++++++++++++++++++++++++++++ 1 file changed, 57650 insertions(+) create mode 100644 _pages/twitter-archive.markdown diff --git a/_pages/twitter-archive.markdown b/_pages/twitter-archive.markdown new file mode 100644 index 0000000..f8a377b --- /dev/null +++ b/_pages/twitter-archive.markdown @@ -0,0 +1,57650 @@ +--- +layout: page +title: Twitter archive +permalink: /twitter-archive/ +--- + +Testing twitter. Especially for http://www.communitywiki.org/en/Twitter2Wiki + +(Originally on Twitter: [Thu Jun 19 17:38:31 +0000 2008](https://twitter.com/adulau/status/838836847)) +---- +Fixing script to generate the Wiki Creativity Index : http://tinyurl.com/6fjf6f + +(Originally on Twitter: [Sat Jun 21 20:01:00 +0000 2008](https://twitter.com/adulau/status/840475182)) +---- +Found an interesting way to graph #wiki and #wikinet content : http://graphingwiki.python-hosting.com/ + +(Originally on Twitter: [Sun Jun 22 07:27:09 +0000 2008](https://twitter.com/adulau/status/840774295)) +---- +#hacklu hack.lu 2008 poster updated http://tinyurl.com/6m3ua5 + +(Originally on Twitter: [Mon Jun 23 14:58:54 +0000 2008](https://twitter.com/adulau/status/841696666)) +---- +@mattis http://taint.org/wk/PulseSource a kind planetplanet for twitter - any use for twitter2wiki ? + +(Originally on Twitter: [Mon Jun 23 17:43:42 +0000 2008](https://twitter.com/adulau/status/841812702)) +---- +moving existing wikiri experiment to use the brand new gitpython interface. + +(Originally on Twitter: [Fri Jun 27 20:40:10 +0000 2008](https://twitter.com/adulau/status/845193842)) +---- +sparkline version of the wiki creative index added : http://tinyurl.com/6cyerx + +(Originally on Twitter: [Sat Jun 28 08:30:38 +0000 2008](https://twitter.com/adulau/status/845508074)) +---- +I hate the car industry. Buying a new car because my 4-years Ford broke Yesterday... I'm still waiting for 100% remote working policy ;-) + +(Originally on Twitter: [Fri Jul 04 15:23:49 +0000 2008](https://twitter.com/adulau/status/850107960)) +---- +"nothing that we experiment is ever lost" I found back an old Perl script that solve a today's problem.. + +(Originally on Twitter: [Sat Jul 05 12:10:34 +0000 2008](https://twitter.com/adulau/status/850656314)) +---- +Can we expect Twitter to release their source code under a free software license ? + +(Originally on Twitter: [Sat Jul 05 19:57:22 +0000 2008](https://twitter.com/adulau/status/850865489)) +---- +@jepoirrier I checked http://laconi.ca/ but the missing part is the model to keep the service running with a small amount of money. + +(Originally on Twitter: [Sun Jul 13 18:57:18 +0000 2008](https://twitter.com/adulau/status/857398613)) +---- +Currently listening to "B4 Wuz Then"... this is remembering me some very good old days. + +(Originally on Twitter: [Mon Jul 14 20:45:26 +0000 2008](https://twitter.com/adulau/status/858368987)) +---- +t:idea - portable wiki device - should be as flexible as a moleskine ;-) + +(Originally on Twitter: [Tue Jul 15 19:40:41 +0000 2008](https://twitter.com/adulau/status/859311308)) +---- +making some cosmetic changes on agendajardin.be based on feedback received. + +(Originally on Twitter: [Tue Jul 15 20:51:48 +0000 2008](https://twitter.com/adulau/status/859370058)) +---- +free alternative to tinyurl : http://ur1.ca/ with full source code - @jepoirrier #autonomo.us #autonomous + +(Originally on Twitter: [Thu Jul 17 16:09:34 +0000 2008](https://twitter.com/adulau/status/861037057)) +---- +Are you sure that you are running the latest git ? oh yes man. oh yes... "git version 1.5.6.3.439.g1e10" - the latest commit ;-) + +(Originally on Twitter: [Sat Jul 19 14:13:17 +0000 2008](https://twitter.com/adulau/status/862739279)) +---- +Finishing reading "The Visual Display of Quantitative Information" I should have read it before... + +(Originally on Twitter: [Wed Jul 23 20:24:58 +0000 2008](https://twitter.com/adulau/status/866475449)) +---- +twitter reliability is down compared to identi.ca - scripting a dual post between twitter and identi.ca + +(Originally on Twitter: [Thu Jul 24 21:27:24 +0000 2008](https://twitter.com/adulau/status/867490062)) +---- +Perl is very handy and always saves your life. + +(Originally on Twitter: [Mon Jul 28 18:47:00 +0000 2008](https://twitter.com/adulau/status/870819005)) +---- +grrr a computer without GNU Screen is like a computer without a cpu + +(Originally on Twitter: [Mon Jul 28 19:06:41 +0000 2008](https://twitter.com/adulau/status/870835037)) +---- +HAR2009 in preparation - http://har2009.org/ looks very promising + +(Originally on Twitter: [Tue Jul 29 20:23:46 +0000 2008](https://twitter.com/adulau/status/871904785)) +---- +Just saw two foxes playing in my garden... nice + +(Originally on Twitter: [Tue Jul 29 21:48:53 +0000 2008](https://twitter.com/adulau/status/871979417)) +---- +@security4all preparation is going well... always little surprise that you never expect. Are you also planning to give a hand at HAR2009? + +(Originally on Twitter: [Tue Jul 29 21:52:58 +0000 2008](https://twitter.com/adulau/status/871981623)) +---- +reading I-Ds especially expired SSDP/1.0 - good arguments but complex protocol + +(Originally on Twitter: [Wed Jul 30 19:39:59 +0000 2008](https://twitter.com/adulau/status/872905563)) +---- +t:idea using microblogging for timesheet - with start/stop and tags + +(Originally on Twitter: [Fri Aug 01 19:33:53 +0000 2008](https://twitter.com/adulau/status/875018123)) +---- +Just gave my input for the butterfly survey in Belgium - http://www.papillonsaujardin.be/ + +(Originally on Twitter: [Sun Aug 03 16:21:30 +0000 2008](https://twitter.com/adulau/status/876466689)) +---- +First time, I see a practical use of rfc4838... but DTN implementation are still very alpha. + +(Originally on Twitter: [Wed Aug 06 06:03:19 +0000 2008](https://twitter.com/adulau/status/879050170)) +---- +#har2009 graphic design contest http://tinyurl.com/5zob3p time to participate + +(Originally on Twitter: [Fri Aug 15 15:59:07 +0000 2008](https://twitter.com/adulau/status/888585665)) +---- +Just installed #WiGit http://el-tramo.be/software/wigit for an internal #wiki... looks promising + +(Originally on Twitter: [Fri Aug 22 22:25:03 +0000 2008](https://twitter.com/adulau/status/895986080)) +---- +Fixing Sleuth Kit icat to read data from a really broken ext2 dump...forensic is nice but not on Saturday morning. + +(Originally on Twitter: [Sat Aug 30 10:35:41 +0000 2008](https://twitter.com/adulau/status/903865563)) +---- +Just added #ipv6 and an AAAA record set to my homepage - http://www.foo.be/ - we'll see how popular is ipv6... + +(Originally on Twitter: [Sun Aug 31 13:07:06 +0000 2008](https://twitter.com/adulau/status/904783847)) +---- +@roessler Funny. My home is IPv6/IPv4 for around year. My hosted server is now IPv4/IPv6 via SixXS until hosting company is fully #IPv6. + +(Originally on Twitter: [Sun Aug 31 13:20:24 +0000 2008](https://twitter.com/adulau/status/904791354)) +---- +@roessler I'm more lucky... I use a Soerkis ;-) Hurricane Electric is also a great service. + +(Originally on Twitter: [Sun Aug 31 14:06:48 +0000 2008](https://twitter.com/adulau/status/904819719)) +---- +#mediawiki is nice except on two parts : customization and authentication. grrr + +(Originally on Twitter: [Sat Sep 06 08:17:21 +0000 2008](https://twitter.com/adulau/status/911666244)) +---- +irc.hack.lu is now active and join #hack.lu (available in ipv6 and ipv4) + +(Originally on Twitter: [Sat Sep 06 11:21:52 +0000 2008](https://twitter.com/adulau/status/911743875)) +---- +#hack.lu - irc.hack.lu is working. reminder to self : never use the git repo version of ngIRCd but always the release ;-) + +(Originally on Twitter: [Sat Sep 06 11:48:50 +0000 2008](https://twitter.com/adulau/status/911756313)) +---- +@security4all #hack.lu is the irc channel on irc.hack.lu ;-) but #hacklu is fine as hashtag ... hacklu is used as tag on flickr + +(Originally on Twitter: [Sat Sep 06 12:37:46 +0000 2008](https://twitter.com/adulau/status/911782387)) +---- +experimenting #secviz while the radius is time... looks nice. + +(Originally on Twitter: [Sat Sep 06 20:06:05 +0000 2008](https://twitter.com/adulau/status/912135050)) +---- +Just saw #Eldorado a great belgian road movie made by Bouli Lanners but we were only 6... + +(Originally on Twitter: [Sun Sep 07 20:42:35 +0000 2008](https://twitter.com/adulau/status/913091281)) +---- +@security4all I found strange that ISACA is using Word document for making press-release ;-) + +(Originally on Twitter: [Mon Sep 08 19:25:38 +0000 2008](https://twitter.com/adulau/status/914198754)) +---- +http://www.librarything.com/work/57924 - a good criticism of #television and journalism + +(Originally on Twitter: [Wed Sep 10 19:23:50 +0000 2008](https://twitter.com/adulau/status/916779878)) +---- +@rbidule there is only one cookiemonster : http://tinyurl.com/4xcya6 ;-) + +(Originally on Twitter: [Fri Sep 12 05:53:16 +0000 2008](https://twitter.com/adulau/status/918589316)) +---- +sad news http://www.searchlores.org/illness.htm We really hope he will go better very soon. + +(Originally on Twitter: [Sat Sep 13 10:07:06 +0000 2008](https://twitter.com/adulau/status/919961973)) +---- +http://tinyurl.com/6errj4 #blog + +(Originally on Twitter: [Sat Sep 13 16:22:24 +0000 2008](https://twitter.com/adulau/status/920214946)) +---- +#X.509 sucks but when it's made by #MSFT, it's worst. I got the proof today... + +(Originally on Twitter: [Wed Sep 17 18:33:07 +0000 2008](https://twitter.com/adulau/status/924959389)) +---- +Reading a nice interview of Donald #Knuth in Communication of the ACM... + +(Originally on Twitter: [Thu Sep 18 19:44:02 +0000 2008](https://twitter.com/adulau/status/926317529)) +---- +awk '{print $1}' www.foo.be-access.log.* | grep ":" | sort | uniq | wc -l --> 49 ;-) + +(Originally on Twitter: [Thu Sep 18 20:52:38 +0000 2008](https://twitter.com/adulau/status/926389588)) +---- +would it possible to use #lanonica as an interface to a social bookmarking tool? + +(Originally on Twitter: [Sat Sep 20 08:01:36 +0000 2008](https://twitter.com/adulau/status/928210234)) +---- +all evening at PCDR for #Chiny,#Belgium hope this can be helpful for the commune - http://www.chinyrural.net/ + +(Originally on Twitter: [Mon Sep 22 20:53:52 +0000 2008](https://twitter.com/adulau/status/930864780)) +---- +wondering why Springer or any other editors are not publishing scientific papers for free after a one or two years period... + +(Originally on Twitter: [Thu Sep 25 21:59:15 +0000 2008](https://twitter.com/adulau/status/934937010)) +---- +@security4all seeing the article about p2p and Sabam... remind me of the current inquisition led by Sabam to get money from Belgian B&B. + +(Originally on Twitter: [Sun Sep 28 17:56:29 +0000 2008](https://twitter.com/adulau/status/938299480)) +---- +@security4all Bed&Breakfast / Gîte + +(Originally on Twitter: [Sun Sep 28 20:39:36 +0000 2008](https://twitter.com/adulau/status/938429295)) +---- +#Chomsky was right... economy is only sustainable with public/state funding. + +(Originally on Twitter: [Mon Sep 29 21:05:14 +0000 2008](https://twitter.com/adulau/status/939738412)) +---- +Fixing code that has been already fixed yesterday... the only disadvantage of git while working offline ;-) + +(Originally on Twitter: [Sun Oct 05 20:41:32 +0000 2008](https://twitter.com/adulau/status/947468795)) +---- +I don't like to prepare presentation the hour before to make it... + +(Originally on Twitter: [Sun Oct 12 19:28:58 +0000 2008](https://twitter.com/adulau/status/956768720)) +---- +@hack_lu Internet connectivity ok but the wireless/switching infrastructure is still in my living room for testing ;-) + +(Originally on Twitter: [Mon Oct 20 19:38:51 +0000 2008](https://twitter.com/adulau/status/967906118)) +---- +@security4all fun should be an important part of life... I work on it. + +(Originally on Twitter: [Mon Oct 20 20:17:02 +0000 2008](https://twitter.com/adulau/status/967952527)) +---- +@security4all it was a great pleasure to see you at #hack.lu + +(Originally on Twitter: [Sat Oct 25 07:59:46 +0000 2008](https://twitter.com/adulau/status/974763554)) +---- +Back from #Barcelona I need some sleep... + +(Originally on Twitter: [Thu Oct 30 20:09:56 +0000 2008](https://twitter.com/adulau/status/982726898)) +---- +Stupid #museum #photography policy : http://www.flickr.com/photos/adulau/2988208855/ + +(Originally on Twitter: [Fri Oct 31 11:30:25 +0000 2008](https://twitter.com/adulau/status/983597391)) +---- +@security4all fixing malware infected laptop? the only way is to install a free and real operating system ;-) + +(Originally on Twitter: [Sun Nov 02 17:20:14 +0000 2008](https://twitter.com/adulau/status/986516069)) +---- +@patrickvw that's the weak point of IPv6, peering is still an issue and finding tier-1 with IPv6 is a day-to-day battle (at least for me). + +(Originally on Twitter: [Sun Nov 02 20:12:03 +0000 2008](https://twitter.com/adulau/status/986693318)) +---- +We enter the age of #Cyberpunk - http://tinyurl.com/6q58yf + +(Originally on Twitter: [Sun Nov 02 20:44:21 +0000 2008](https://twitter.com/adulau/status/986722447)) +---- +I don't like #slideshare , sharing what a joke... It's impossible to download a presentation automatically + +(Originally on Twitter: [Wed Nov 05 22:17:22 +0000 2008](https://twitter.com/adulau/status/992391093)) +---- +@security4all - "You need to be logged into your SlideShare account to download a presentation file." This sucks... + +(Originally on Twitter: [Wed Nov 05 23:13:52 +0000 2008](https://twitter.com/adulau/status/992460920)) +---- +Copylefted works should use the same license... http://tinyurl.com/5oqyxb + +(Originally on Twitter: [Sat Nov 08 11:39:56 +0000 2008](https://twitter.com/adulau/status/996225726)) +---- +Seen today at an European movie festival : #Seraphine and #Rumba ... interesting + +(Originally on Twitter: [Sun Nov 09 19:55:07 +0000 2008](https://twitter.com/adulau/status/997803971)) +---- +Every second is the beginning of something new... #electronicmusic + +(Originally on Twitter: [Tue Nov 11 21:09:39 +0000 2008](https://twitter.com/adulau/status/1001018541)) +---- +Note to myself : always read the release notes even for #Ubuntu... + +(Originally on Twitter: [Sat Nov 15 08:40:49 +0000 2008](https://twitter.com/adulau/status/1006796262)) +---- +Today I'll give a session about Forensic Analysis - http://www.foo.be/cours/mssi-20072008/ + +(Originally on Twitter: [Sat Nov 15 10:31:14 +0000 2008](https://twitter.com/adulau/status/1006859021)) +---- +Sorting 1PB in 6 hours, impressive http://tinyurl.com/6z6cmr + +(Originally on Twitter: [Sat Nov 22 09:24:26 +0000 2008](https://twitter.com/adulau/status/1017928104)) +---- +@thierryzoller thanks for the link. We will test the TCP reassembly part..;-) + +(Originally on Twitter: [Sun Nov 23 10:36:57 +0000 2008](https://twitter.com/adulau/status/1019273300)) +---- +#machinetags are great... http://tinyurl.com/6ah96b + +(Originally on Twitter: [Sun Nov 23 15:45:48 +0000 2008](https://twitter.com/adulau/status/1019503712)) +---- +Just moved my streaming server (#icecast+#liquidsoap) #electronicmusic http://www.foo.be:8000/ + +(Originally on Twitter: [Sun Nov 23 16:17:05 +0000 2008](https://twitter.com/adulau/status/1019536507)) +---- +@security4all http://tinyurl.com/5zmpg5 + +(Originally on Twitter: [Wed Nov 26 22:18:02 +0000 2008](https://twitter.com/adulau/status/1025353416)) +---- +http://tinyurl.com/5j7td6 2020 FLOSS Roadmap what a joke... + +(Originally on Twitter: [Sat Dec 13 12:13:09 +0000 2008](https://twitter.com/adulau/status/1055172930)) +---- +0day in IE again a good reason to move to Free Software + +(Originally on Twitter: [Tue Dec 16 16:40:02 +0000 2008](https://twitter.com/adulau/status/1060913675)) +---- +@security4all arghhhhhhh ;-) The only free software is http://tinyurl.com/4zrk3 + +(Originally on Twitter: [Tue Dec 16 17:55:35 +0000 2008](https://twitter.com/adulau/status/1061060214)) +---- +http://tinyurl.com/7yx72f - Scientific Publication + +(Originally on Twitter: [Sun Dec 21 11:01:52 +0000 2008](https://twitter.com/adulau/status/1070390047)) +---- +current experiment : importing communitywiki.org in git using my dirty #oddmuse2git + +(Originally on Twitter: [Sat Dec 27 17:27:30 +0000 2008](https://twitter.com/adulau/status/1081033012)) +---- +PKI (and Comodo CA) model is so broken... http://tinyurl.com/845myo + +(Originally on Twitter: [Mon Dec 29 10:24:36 +0000 2008](https://twitter.com/adulau/status/1083733750)) +---- +@roessler are the GSM guys? The same guys behind OpenBTS and who made the test during last Burning Man? + +(Originally on Twitter: [Mon Dec 29 11:02:02 +0000 2008](https://twitter.com/adulau/status/1083761499)) +---- +@roessler Nice to see more and more people working on an open GSM implementation (even of the broken A-layers ;-) + +(Originally on Twitter: [Mon Dec 29 11:10:47 +0000 2008](https://twitter.com/adulau/status/1083768622)) +---- +@roessler thanks. Regarding IMEI, around 15% of the IMEI numbers are not unique... if I remember correctly. + +(Originally on Twitter: [Mon Dec 29 11:18:43 +0000 2008](https://twitter.com/adulau/status/1083774848)) +---- +@rbidule no. at a hackathon. Should be back at home this afternoon. + +(Originally on Twitter: [Mon Dec 29 14:47:56 +0000 2008](https://twitter.com/adulau/status/1084000449)) +---- +@rbidule http://en.wikipedia.org/wiki/Hackathon - we worked on distributed wiki and annotation. + +(Originally on Twitter: [Tue Dec 30 09:07:08 +0000 2008](https://twitter.com/adulau/status/1085613001)) +---- +http://enigmaco.de/enigma/enigma.swf Enigma #cipher in flash... nice remind me the other animation of Rijndael/AES + +(Originally on Twitter: [Thu Jan 01 14:27:27 +0000 2009](https://twitter.com/adulau/status/1089963798)) +---- +@security4all I really like the "Not a CISSP" tag. + +(Originally on Twitter: [Thu Jan 01 16:24:27 +0000 2009](https://twitter.com/adulau/status/1090091868)) +---- +@thierryzoller Sure but that always reminded me of the Paul Graham quote about why there are high salaries in Java (replace with CISSP).... + +(Originally on Twitter: [Thu Jan 01 16:56:45 +0000 2009](https://twitter.com/adulau/status/1090131503)) +---- +@security4all thx -) are you planning to attend FOSDEM'09? I will be there. + +(Originally on Twitter: [Thu Jan 01 21:54:04 +0000 2009](https://twitter.com/adulau/status/1090527199)) +---- +@security4all just contacted Alain about it. thanks for the notification. + +(Originally on Twitter: [Fri Jan 02 08:06:06 +0000 2009](https://twitter.com/adulau/status/1091261992)) +---- +A simple way to crash User Mode Linux ;-) : http://tinyurl.com/88zkxq + +(Originally on Twitter: [Fri Jan 02 10:45:17 +0000 2009](https://twitter.com/adulau/status/1091380050)) +---- +Fighting with nroff/troff conversion to wiki markup... grrr + +(Originally on Twitter: [Sat Jan 03 17:24:21 +0000 2009](https://twitter.com/adulau/status/1093658031)) +---- +@rbidule I don't read mail every day but you already know that... ;-) + +(Originally on Twitter: [Sat Jan 03 18:26:35 +0000 2009](https://twitter.com/adulau/status/1093754638)) +---- +I hope to receive my #lensbaby quite soon http://www.lensbaby.com/ + +(Originally on Twitter: [Sun Jan 04 17:16:14 +0000 2009](https://twitter.com/adulau/status/1095399247)) +---- +@thierryzoler protecting the OS is nice (PKR seems a good idea) but if you have any privileged function in user-space software... + +(Originally on Twitter: [Mon Jan 05 21:38:09 +0000 2009](https://twitter.com/adulau/status/1098014823)) +---- +@security4all you made an excellent comment... in the blog post of "Spire Security". + +(Originally on Twitter: [Mon Jan 05 21:53:16 +0000 2009](https://twitter.com/adulau/status/1098045981)) +---- +@security4all http://tinyurl.com/8m897q + +(Originally on Twitter: [Sat Jan 10 17:20:34 +0000 2009](https://twitter.com/adulau/status/1109318690)) +---- +@security4all http://tinyurl.com/wump + +(Originally on Twitter: [Sun Jan 11 18:19:25 +0000 2009](https://twitter.com/adulau/status/1111323707)) +---- +Listening to Richard D. James (#AFX) : Boxing Day - #AFX is a brilliant artist. + +(Originally on Twitter: [Sun Jan 18 15:48:14 +0000 2009](https://twitter.com/adulau/status/1128318930)) +---- +Too many #malware and so less time to do their analysis... even with broken automatization techniques. + +(Originally on Twitter: [Sat Jan 24 17:08:31 +0000 2009](https://twitter.com/adulau/status/1144879637)) +---- +iptables -A INPUT -j DROP -p udp --dport domain -m u32 --u32 \ +"0>>22&0x3C@12>>16=1&&0>>22&0x3C@20>>24=0&&0>>22&0x3C@21=0x00020001" + +(Originally on Twitter: [Wed Jan 28 21:08:23 +0000 2009](https://twitter.com/adulau/status/1156480809)) +---- +Quick way to drop recursive IN NS queriess... using netfilter... + +(Originally on Twitter: [Wed Jan 28 21:13:10 +0000 2009](https://twitter.com/adulau/status/1156494160)) +---- +@gillis57 what's the price of haircut in your area ? ;-) + +(Originally on Twitter: [Wed Jan 28 21:24:09 +0000 2009](https://twitter.com/adulau/status/1156526112)) +---- +Discovered #imgfave - http://imgfave.com - an interesting use of #laconica license:affero + +(Originally on Twitter: [Sun Feb 01 15:37:13 +0000 2009](https://twitter.com/adulau/status/1167023207)) +---- +If you like #electronicmusic with a 303 and dark touch... here is a small torrent : http://www.foo.be/cthulhu303.torrent license:undefined + +(Originally on Twitter: [Sun Feb 01 20:57:57 +0000 2009](https://twitter.com/adulau/status/1167691587)) +---- +My visa is blocked due to http://tinyurl.com/7au5jh another proof that (PCI) certification sucks + +(Originally on Twitter: [Mon Feb 02 10:18:29 +0000 2009](https://twitter.com/adulau/status/1169419063)) +---- +http://www.unwieldy.net/projects/moowheel/ Nice javascript circular visualization... without using #circos + +(Originally on Twitter: [Fri Feb 06 20:54:45 +0000 2009](https://twitter.com/adulau/status/1184456193)) +---- +http://dev.europeana.eu/jobs.php everything is fine but Java ;-) + +(Originally on Twitter: [Thu Feb 12 06:31:00 +0000 2009](https://twitter.com/adulau/status/1201840884)) +---- +@security4all http://tinyurl.com/bffnqq - static analysis report... I'm curious of what's inside. + +(Originally on Twitter: [Thu Feb 12 06:33:44 +0000 2009](https://twitter.com/adulau/status/1201845623)) +---- +@pcapr (http://www.pcapr.net/) is nice... just wondering what do they use or made for TCP reassembly. + +(Originally on Twitter: [Tue Feb 17 07:29:15 +0000 2009](https://twitter.com/adulau/status/1218159501)) +---- +Grrr... Why JSON is using single quote that's #awk hates with a passion + +(Originally on Twitter: [Sun Feb 22 11:10:48 +0000 2009](https://twitter.com/adulau/status/1236909606)) +---- +Andre Gorz was right... we need #metrics. http://tinyurl.com/btwh4v + +(Originally on Twitter: [Sun Feb 22 17:03:16 +0000 2009](https://twitter.com/adulau/status/1237567583)) +---- +An ipv4/v6 #bittorrent tracker is running on onpeuttoutcopier.be... another experiment + +(Originally on Twitter: [Sun Feb 22 17:22:05 +0000 2009](https://twitter.com/adulau/status/1237613385)) +---- +Experiment in the garden for 2009 : a partial green roof + +(Originally on Twitter: [Sun Feb 22 18:30:51 +0000 2009](https://twitter.com/adulau/status/1237788812)) +---- +@xme do you have a homonym at Cisco Bxl ? ;-) + +(Originally on Twitter: [Wed Feb 25 20:13:59 +0000 2009](https://twitter.com/adulau/status/1250648230)) +---- +#circos (http://mkweb.bcgsc.ca/circos/) is so great... discovering again another ways to use it. + +(Originally on Twitter: [Sat Feb 28 06:10:52 +0000 2009](https://twitter.com/adulau/status/1261301892)) +---- +binblast (http://code.google.com/p/binblast/)... an implementation of phylogenic analysis/classification for malware and binary software. + +(Originally on Twitter: [Fri Mar 06 07:38:11 +0000 2009](https://twitter.com/adulau/status/1287386824)) +---- +Some more tests with my #oddmuse #wiki #git import - http://tinyurl.com/astoqn + +(Originally on Twitter: [Sun Mar 08 10:24:21 +0000 2009](https://twitter.com/adulau/status/1295972610)) +---- +#belgium #liege a nice diy electro band : http://www.playboysbend.net/ + +(Originally on Twitter: [Sun Mar 08 11:16:03 +0000 2009](https://twitter.com/adulau/status/1296055129)) +---- +@security4all the report from Secunia is quite clear... but the security myth is just fact in any (proprietary or free) software. it sucks. + +(Originally on Twitter: [Sun Mar 08 12:03:10 +0000 2009](https://twitter.com/adulau/status/1296135840)) +---- +The law of the two feet : http://www.flickr.com/photos/debschultz/189582943/ - a critical concept while attending a conference + +(Originally on Twitter: [Sun Mar 08 15:07:51 +0000 2009](https://twitter.com/adulau/status/1296539242)) +---- +I don't like to reverse engineer a security device and discover that a weak point was so obvious after 10 hours on the wrong path... grrr. + +(Originally on Twitter: [Thu Mar 12 22:58:54 +0000 2009](https://twitter.com/adulau/status/1318804620)) +---- +@security4all : I saw last week a compromised system on a virtualized system but the compromised os was the home os ;-) + +(Originally on Twitter: [Fri Mar 13 17:20:31 +0000 2009](https://twitter.com/adulau/status/1322777023)) +---- +I have a bloody wireless user at home matching this bpf filter : "tcp[13] &41 = 41"... even if we are not in the Christmas period ;-) + +(Originally on Twitter: [Fri Mar 13 21:11:29 +0000 2009](https://twitter.com/adulau/status/1323984100)) +---- +@security4all. @rbidule Good point. Where will be the meeting in Brussels next Friday? + +(Originally on Twitter: [Sun Mar 15 15:21:08 +0000 2009](https://twitter.com/adulau/status/1331637332)) +---- +@johndcook What are the good reason(s) to use Word instead of LaTeX? ;-) I recently used tufte-latex : http://code.google.com/p/tufte-latex/ + +(Originally on Twitter: [Fri Mar 20 20:53:36 +0000 2009](https://twitter.com/adulau/status/1362584065)) +---- +@Gillis57 "Claiming that sex education leads to irresponsible sex is like claiming that driver education leads to car accidents" Laurie M + +(Originally on Twitter: [Fri Mar 20 22:12:26 +0000 2009](https://twitter.com/adulau/status/1362992638)) +---- +@gillis57 security, knowledge... some companies are claiming that's irresponsible to make reverse engineering... a variation is possible ;-) + +(Originally on Twitter: [Fri Mar 20 22:15:51 +0000 2009](https://twitter.com/adulau/status/1363008801)) +---- +@Gillis57 sorry, always difficult to keep context with 140 characters. don't forget to use a good typeface for your business card... + +(Originally on Twitter: [Fri Mar 20 22:20:22 +0000 2009](https://twitter.com/adulau/status/1363029960)) +---- +Just discovered list.it - a firefox extension for #notes taking http://code.google.com/p/list-it/ + +(Originally on Twitter: [Sat Mar 21 09:20:03 +0000 2009](https://twitter.com/adulau/status/1365231826)) +---- +http://ether.gtisc.gatech.edu/index.html - #Ether Malware analysis using intel VT - interesting + +(Originally on Twitter: [Sun Mar 22 11:14:42 +0000 2009](https://twitter.com/adulau/status/1370018318)) +---- +Listening to Finale, Para One from the soundtrack "La Naissance Des Pieuvres" + +(Originally on Twitter: [Sun Mar 22 18:14:59 +0000 2009](https://twitter.com/adulau/status/1371345773)) +---- +@security4all http://tinyurl.com/clcw8h - Sometime a good and old implementation of RFC2196 is better + +(Originally on Twitter: [Tue Mar 24 07:48:02 +0000 2009](https://twitter.com/adulau/status/1380654273)) +---- +http://tinyurl.com/c85pw4 Marcus is again right... + +(Originally on Twitter: [Sat Mar 28 08:49:56 +0000 2009](https://twitter.com/adulau/status/1406165223)) +---- +Looking for an obscure bio e-book, impossible to find it (even from the publisher) except using IPv6 and NNTP + +(Originally on Twitter: [Sat Mar 28 11:27:05 +0000 2009](https://twitter.com/adulau/status/1406480496)) +---- +Nice way to visualize browsing activities http://www.flickr.com/photos/rooreynolds/3414633703/ #infovis + +(Originally on Twitter: [Fri Apr 10 17:28:54 +0000 2009](https://twitter.com/adulau/status/1491741120)) +---- +My 4th PSU from #Antec, just died. I hate those PSUs with a passion + +(Originally on Twitter: [Sun Apr 12 17:56:19 +0000 2009](https://twitter.com/adulau/status/1504064908)) +---- +Virtualization is not security... another nice example : http://tinyurl.com/clzznh but it's hard to sell. + +(Originally on Twitter: [Fri Apr 17 07:07:57 +0000 2009](https://twitter.com/adulau/status/1540371814)) +---- +NH4C5H8NO4 is not my favorite... especially when there is too much in the recipe ;-) + +(Originally on Twitter: [Fri Apr 17 13:24:45 +0000 2009](https://twitter.com/adulau/status/1541888110)) +---- +Voted yes for the license update in Wikipedia. Even if I'm not a big fan of the CC-license but FDL / CC-SA are sharing the same objectives. + +(Originally on Twitter: [Fri Apr 17 20:09:28 +0000 2009](https://twitter.com/adulau/status/1545128454)) +---- +Can you spot the frogs? http://www.flickr.com/photos/adulau/3438813367/ - I took the picture in a marsh located in #Belgium + +(Originally on Twitter: [Sat Apr 18 08:03:04 +0000 2009](https://twitter.com/adulau/status/1549538168)) +---- +Even with xml2 or xsh, #xml is often not very friendly to the Unix philosophy. + +(Originally on Twitter: [Sun Apr 19 16:58:08 +0000 2009](https://twitter.com/adulau/status/1558992866)) +---- +I was looking for a reason to use MariaDB, Oracle buying Sun is a good reason to use more MariaDB... + +(Originally on Twitter: [Mon Apr 20 20:01:47 +0000 2009](https://twitter.com/adulau/status/1568403230)) +---- +Don't forget "les journées du libres" 8th and 9th May in Brussels. http://journeesdulibre.bxlug.be/ organized by #bxlug + +(Originally on Twitter: [Wed Apr 22 05:49:49 +0000 2009](https://twitter.com/adulau/status/1582514777)) +---- +License proliferation is a risk and the #EUPL is not helping the case... + +(Originally on Twitter: [Fri Apr 24 06:38:47 +0000 2009](https://twitter.com/adulau/status/1601722654)) +---- +Listening to the excellent Legowelt, "Chokolectricity" and "Gotoburg Jacks"... simple & efficient electronic music. + +(Originally on Twitter: [Fri Apr 24 21:37:38 +0000 2009](https://twitter.com/adulau/status/1607697856)) +---- +http://arxiv.org/abs/0904.4058 - Security impact ratings considered harmful - interesting + +(Originally on Twitter: [Tue Apr 28 06:48:08 +0000 2009](https://twitter.com/adulau/status/1636977740)) +---- +back from Munich... now fixing Perl code while drinking assam tea in the garden. + +(Originally on Twitter: [Fri May 01 09:05:04 +0000 2009](https://twitter.com/adulau/status/1667773954)) +---- +@rommelfs nope but #Dilbert is far away from that reality. + +(Originally on Twitter: [Fri May 01 18:05:33 +0000 2009](https://twitter.com/adulau/status/1671358056)) +---- +http://news.bbc.co.uk/2/hi/technology/8026964.stm I really liked when it's "heavily classified"... & especially when it's useless security + +(Originally on Twitter: [Sat May 02 06:41:52 +0000 2009](https://twitter.com/adulau/status/1676915825)) +---- +@xme maybe this kd85.com mirror discussion is somehow linked to this story : http://accounting.kd85.com/ + +(Originally on Twitter: [Sat May 02 07:31:56 +0000 2009](https://twitter.com/adulau/status/1677117220)) +---- +http://arxiv.org/abs/0905.0363 - #stegano - "Hiding Information in Retransmissions" using TCP retransmission + +(Originally on Twitter: [Tue May 05 20:29:01 +0000 2009](https://twitter.com/adulau/status/1709667957)) +---- +I'm again debugging C code from junkies... using xmalloc macros is evil. + +(Originally on Twitter: [Wed May 06 21:59:49 +0000 2009](https://twitter.com/adulau/status/1721033790)) +---- +#alfa-matrix is a great belgian label... last albums of Krystal System and a Tribute to #depechemode are nice and soft (for #ebm fans) + +(Originally on Twitter: [Sat May 09 08:22:43 +0000 2009](https://twitter.com/adulau/status/1744990409)) +---- +#git is a content tracker not a file tracker but the db git backup is interesting : http://bit.ly/xN9Kh + +(Originally on Twitter: [Sat May 09 12:59:37 +0000 2009](https://twitter.com/adulau/status/1745992867)) +---- +If you are a student and are looking for a good internship, the #fsf is a good place : http://www.fsf.org/volunteer/internships + +(Originally on Twitter: [Sun May 10 19:51:55 +0000 2009](https://twitter.com/adulau/status/1756819680)) +---- +http://bit.ly/BHkpP + #hadopi who voted for and against... + +(Originally on Twitter: [Wed May 13 05:55:27 +0000 2009](https://twitter.com/adulau/status/1781924323)) +---- +http://bit.ly/T919B + - a good overview of security implication of Google NaCl + +(Originally on Twitter: [Fri May 15 13:58:50 +0000 2009](https://twitter.com/adulau/status/1806130003)) +---- +Insider threat myth come back... but should be replaced by Internet user threat. #infosec + +(Originally on Twitter: [Sat May 16 13:22:34 +0000 2009](https://twitter.com/adulau/status/1816312795)) +---- +@thierryzoller : "(how old are you?) minus 11 hours" is also working #wolframalpha + +(Originally on Twitter: [Sat May 16 13:31:08 +0000 2009](https://twitter.com/adulau/status/1816360015)) +---- +http://bit.ly/W7T2b + - Diversity and Stability + +(Originally on Twitter: [Sat May 16 14:35:38 +0000 2009](https://twitter.com/adulau/status/1816762378)) +---- +http://bit.ly/16OCPO + - Fred Cohen about A/V + +(Originally on Twitter: [Sun May 17 09:13:18 +0000 2009](https://twitter.com/adulau/status/1824629308)) +---- +I don't like when ip transit providers got the idea to enable "application firewall" for DNS especially with #Juniper and the "bug" KB12312 + +(Originally on Twitter: [Mon May 18 21:15:35 +0000 2009](https://twitter.com/adulau/status/1840061898)) +---- +http://bgpmon.net/blog/?p=166 - global #ipv6 deployment statistics - #lu in good position + +(Originally on Twitter: [Tue May 19 05:48:12 +0000 2009](https://twitter.com/adulau/status/1844571099)) +---- +http://code.google.com/p/vss2git/ - Ouf... proprietary and dangerous visual source safe is now safe with #git ;-) + +(Originally on Twitter: [Tue May 19 21:21:03 +0000 2009](https://twitter.com/adulau/status/1851766371)) +---- +http://myf00.net/?p=18 #malware PoC data interception using Javascript in Firefox + +(Originally on Twitter: [Wed May 20 05:46:15 +0000 2009](https://twitter.com/adulau/status/1856522051)) +---- +Just found the bug in my tonight ugly #Python hack... this is called a typo. grrrr + +(Originally on Twitter: [Wed May 20 21:04:15 +0000 2009](https://twitter.com/adulau/status/1863535995)) +---- +#belgium if you have milk or cream (organic or not) with the following producer (circular label) : BE M322 A EG - check http://www.afsca.be/ + +(Originally on Twitter: [Thu May 21 10:52:08 +0000 2009](https://twitter.com/adulau/status/1869769102)) +---- +#belgium #election instead of their head on postesr, why don't we have their ideas on a poster? maybe they are lacking ideas. + +(Originally on Twitter: [Thu May 21 15:17:23 +0000 2009](https://twitter.com/adulau/status/1871819390)) +---- +@elise_huard a good choice. #munin is stable, easy to customize, light and distributed. + +(Originally on Twitter: [Thu May 21 15:23:36 +0000 2009](https://twitter.com/adulau/status/1871883953)) +---- +@rbidule Usenix woot. The deadline for CfP is for Tuesday... we hope to finish before. + +(Originally on Twitter: [Fri May 22 13:35:36 +0000 2009](https://twitter.com/adulau/status/1882286439)) +---- +A funky bug report (about #glibc) http://bit.ly/NKkAS + +(Originally on Twitter: [Fri May 22 20:06:25 +0000 2009](https://twitter.com/adulau/status/1886239709)) +---- +@rbidule I hope so too... depends if the paper is finished in time. + +(Originally on Twitter: [Fri May 22 21:08:59 +0000 2009](https://twitter.com/adulau/status/1886849877)) +---- +@kabel Type `help' to see this list... + +(Originally on Twitter: [Sat May 23 19:16:24 +0000 2009](https://twitter.com/adulau/status/1895763170)) +---- +Interesting NIST draft 800-118... but my favorite is still 800-57 + +(Originally on Twitter: [Sun May 24 19:33:14 +0000 2009](https://twitter.com/adulau/status/1905141562)) +---- +http://bit.ly/JaQGD + #lasfm and privacy... -> #librefm http://libre.fm/ + +(Originally on Twitter: [Mon May 25 06:23:13 +0000 2009](https://twitter.com/adulau/status/1910138656)) +---- +#tb303 #electro http://bit.ly/13ZUPI + #soundcloud another great acid set + +(Originally on Twitter: [Mon May 25 20:53:35 +0000 2009](https://twitter.com/adulau/status/1916218130)) +---- +#ubuntu #gnulinux #netbook installation on #lenovo s10e in less than 20 minutes... impressive + +(Originally on Twitter: [Fri May 29 07:44:30 +0000 2009](https://twitter.com/adulau/status/1957514206)) +---- +White-Box #Cryptography #wbc , a PhD thesis : http://bit.ly/VrtQ4 + +(Originally on Twitter: [Sat May 30 16:04:03 +0000 2009](https://twitter.com/adulau/status/1972354174)) +---- +@rbidule got one for testing... keyboard is very very small right-shift and enter also very small beside that a good deal for the price. + +(Originally on Twitter: [Sat May 30 21:17:52 +0000 2009](https://twitter.com/adulau/status/1975028919)) +---- +@rbidule around 300 EUR... + +(Originally on Twitter: [Sun May 31 06:04:10 +0000 2009](https://twitter.com/adulau/status/1978339610)) +---- +#belgium #belgique #copyright Tintin et le droit d'auteur... http://onpeuttoutcopier.be/?p=32 + +(Originally on Twitter: [Mon Jun 01 08:40:56 +0000 2009](https://twitter.com/adulau/status/1989475748)) +---- +After 2 days of #computation, my scripts failed miserably... next try in 5 minutes. + +(Originally on Twitter: [Wed Jun 03 21:03:39 +0000 2009](https://twitter.com/adulau/status/2021186570)) +---- +By the way, don't trust any code claiming to do #TCP #reassembly from #pcap. This is often a joke. + +(Originally on Twitter: [Wed Jun 03 21:07:15 +0000 2009](https://twitter.com/adulau/status/2021228757)) +---- +Nice to see #EFF doing #TOSBack http://www.tosback.org/, looks very similar to our 3 years old project : #GooDiff http://www.goodiff.org/ + +(Originally on Twitter: [Thu Jun 04 20:59:00 +0000 2009](https://twitter.com/adulau/status/2034372227)) +---- +@gillis57 looks like the definition of a meeting. + +(Originally on Twitter: [Thu Jun 04 21:31:08 +0000 2009](https://twitter.com/adulau/status/2034764552)) +---- +Patience always wins... 5 years to get back an org domain used by a spammer ;-) + +(Originally on Twitter: [Fri Jun 05 21:30:33 +0000 2009](https://twitter.com/adulau/status/2048001543)) +---- +Still time to ask your candidates #belgium #election - the free software pact : http://bit.ly/dqK2u + +(Originally on Twitter: [Sat Jun 06 09:34:14 +0000 2009](https://twitter.com/adulau/status/2052925189)) +---- +@AlainGerlache audace et rigueur... demander les contributions/"updates" des téléspectateurs sur des contenus existant. équilibre possible + +(Originally on Twitter: [Sat Jun 06 10:57:22 +0000 2009](https://twitter.com/adulau/status/2053274623)) +---- +An original edition of James Joyce for 310000 EUR, http://bit.ly/11fgbH + #ouf + +(Originally on Twitter: [Sat Jun 06 20:18:14 +0000 2009](https://twitter.com/adulau/status/2057598931)) +---- +Counting and counting voting ballot... but at least this is real paper. #belgium #election + +(Originally on Twitter: [Sun Jun 07 18:53:51 +0000 2009](https://twitter.com/adulau/status/2067182540)) +---- +#p2p #bittorrent Anomos, an interesting pseudonymous bittorrent http://anomos.info/ + +(Originally on Twitter: [Mon Jun 08 20:36:33 +0000 2009](https://twitter.com/adulau/status/2080878547)) +---- +#unbound dns #python binding works great for dns modification (handy for blacklisting C&C) + +(Originally on Twitter: [Fri Jun 12 21:15:32 +0000 2009](https://twitter.com/adulau/status/2136812528)) +---- +Do you know a #NAT64 free software implementation? Maybe it's the time for a sponsored contest to make one... + +(Originally on Twitter: [Sun Jun 14 20:45:50 +0000 2009](https://twitter.com/adulau/status/2168977875)) +---- +#iran election and Benford Law - http://arxiv.org/abs/0906.2789 + +(Originally on Twitter: [Wed Jun 17 19:32:43 +0000 2009](https://twitter.com/adulau/status/2211188011)) +---- +@zoobab But that's the application of the silly patent system. in US 35 U.S.C. 122 and in EU Article 130. Confidential until publication. + +(Originally on Twitter: [Mon Jun 22 13:33:00 +0000 2009](https://twitter.com/adulau/status/2278772306)) +---- +a note for farmers in #belgium : instead of blocking the highway, sell your milk directly to us. better for you and me. + +(Originally on Twitter: [Mon Jun 22 20:20:40 +0000 2009](https://twitter.com/adulau/status/2284007188)) +---- +Added taxonomy in my #machinetag collection - http://bit.ly/pXum7 + +(Originally on Twitter: [Tue Jun 23 09:18:09 +0000 2009](https://twitter.com/adulau/status/2292432081)) +---- +@xme software is just another way to describe a bag of bugs. + +(Originally on Twitter: [Tue Jun 23 13:32:23 +0000 2009](https://twitter.com/adulau/status/2294426181)) +---- +(ttl=64 time=377 ms) via DNS tunneling in a Hotel in Munich. But #ziproxy improved the experience a bit. + +(Originally on Twitter: [Wed Jun 24 20:39:38 +0000 2009](https://twitter.com/adulau/status/2315939913)) +---- +In information security, companies should target for security not just a compliance to a mythical certification. + +(Originally on Twitter: [Sat Jun 27 07:08:12 +0000 2009](https://twitter.com/adulau/status/2356375893)) +---- +#hadopi After a quick experiment in Perl, you don't need Internet to share automatically copyrighted works... + +(Originally on Twitter: [Sun Jun 28 07:12:22 +0000 2009](https://twitter.com/adulau/status/2369250329)) +---- +@xme routing domain (VRF-lite like) started in 4.6... it seems very promising especially in conjunction with PF. + +(Originally on Twitter: [Mon Jun 29 20:58:09 +0000 2009](https://twitter.com/adulau/status/2393290605)) +---- +Don't forget the C3L summer camp #lu http://bit.ly/mX0V8 + +(Originally on Twitter: [Mon Jun 29 21:44:27 +0000 2009](https://twitter.com/adulau/status/2393933952)) +---- +geolocal journalism software released as free software - http://www.everyblock.com/code/ + +(Originally on Twitter: [Wed Jul 01 22:06:46 +0000 2009](https://twitter.com/adulau/status/2427028392)) +---- +Fault Attacks on RSA Signatures with Partially Unknown Messages - http://eprint.iacr.org/2009/309 + +(Originally on Twitter: [Thu Jul 02 05:47:35 +0000 2009](https://twitter.com/adulau/status/2433019844)) +---- +#fail I don't like when a reviewer say that I missed a good reference and I really missed it + +(Originally on Twitter: [Sat Jul 04 07:47:09 +0000 2009](https://twitter.com/adulau/status/2466862941)) +---- +@security4all thanks a lot for the invitation, I'm in another Country today... + +(Originally on Twitter: [Sat Jul 04 07:50:59 +0000 2009](https://twitter.com/adulau/status/2466890319)) +---- +The day of butterflies in my #garden - http://www.flickr.com/photos/adulau/3686025005/ + +(Originally on Twitter: [Sat Jul 04 09:25:04 +0000 2009](https://twitter.com/adulau/status/2467479789)) +---- +Back to life - Just saw the latest Woody Allen - Whatever Works - a great movie + +(Originally on Twitter: [Sun Jul 12 19:15:09 +0000 2009](https://twitter.com/adulau/status/2602183086)) +---- +@miguno thx, the garden is just there to attract the butterfly and the wild life ;-) hope life is wonderful. + +(Originally on Twitter: [Sun Jul 12 19:21:45 +0000 2009](https://twitter.com/adulau/status/2602265057)) +---- +is writing legal letter while listening to Lost Vessel from #Drexciya + +(Originally on Twitter: [Tue Jul 14 21:14:51 +0000 2009](https://twitter.com/adulau/status/2639085890)) +---- +cool URIs don't change but for Microsoft is different #wtf http://bit.ly/u2mrF + +(Originally on Twitter: [Wed Jul 15 20:23:09 +0000 2009](https://twitter.com/adulau/status/2657180121)) +---- +@davanac but newspapers don't know how to use robots.txt : http://bit.ly/eE3DK + +(Originally on Twitter: [Wed Jul 15 20:27:09 +0000 2009](https://twitter.com/adulau/status/2657244250)) +---- +@zedshaw thanks for using/supporting copyleft-type license. That's a way to preserve the biotope of free software. + +(Originally on Twitter: [Wed Jul 15 21:57:06 +0000 2009](https://twitter.com/adulau/status/2658630072)) +---- +@alfamatrix when do you plan to make a full set of cds with the archive of front 242? + +(Originally on Twitter: [Thu Jul 16 17:39:44 +0000 2009](https://twitter.com/adulau/status/2672966402)) +---- +@cases_lu @roessler another good reason to disable the unauthenticated pin-to-pin messaging on your proprietary blackberry enterprise server + +(Originally on Twitter: [Fri Jul 17 08:49:44 +0000 2009](https://twitter.com/adulau/status/2685536391)) +---- +@xme Ken Thompson is still right... http://bit.ly/eeFcH + - Don't trust compilers, firmware or even flow of electron. + +(Originally on Twitter: [Fri Jul 17 15:08:00 +0000 2009](https://twitter.com/adulau/status/2689575710)) +---- +@etychon do you know a page at Cisco showing all the platforms/sw rev really supporting/populating the TCP flags export in Netflow/IPFIX? + +(Originally on Twitter: [Sat Jul 18 07:07:38 +0000 2009](https://twitter.com/adulau/status/2703212153)) +---- +Kung fu fighting with PHP code of the #hacklu website while still dreaming of mediawiki written in Python or Perl... + +(Originally on Twitter: [Sat Jul 18 14:58:31 +0000 2009](https://twitter.com/adulau/status/2706958633)) +---- +@rbidule Is there a belt scheme in Kung Fu? For PHP, it's more the goo belt. + +(Originally on Twitter: [Sat Jul 18 16:55:27 +0000 2009](https://twitter.com/adulau/status/2708424046)) +---- +ICANN IRT http://bit.ly/7enZB + what's that? + +(Originally on Twitter: [Tue Jul 21 06:29:58 +0000 2009](https://twitter.com/adulau/status/2753787984)) +---- +@FunkySteph national holiday in my home country and we are force to work ;-) + +(Originally on Twitter: [Tue Jul 21 15:28:21 +0000 2009](https://twitter.com/adulau/status/2759490384)) +---- +-Barings bank would have been saved with #PCI audit- They must be joking + +(Originally on Twitter: [Sat Jul 25 09:37:26 +0000 2009](https://twitter.com/adulau/status/2835369751)) +---- +@DidierStevens Yep. Wondering if his talk is really interesting... his book is ok but not going into much details. + +(Originally on Twitter: [Sat Jul 25 14:07:40 +0000 2009](https://twitter.com/adulau/status/2837479585)) +---- +Why #CVE and #OVAL are still not able to have a single element for product and a single element for version? now is just #regexp madness + +(Originally on Twitter: [Sat Jul 25 14:19:06 +0000 2009](https://twitter.com/adulau/status/2837601237)) +---- +@thierryzoller How many financial/card companies with #PCI DSS certification in Luxembourg? don't know. + +(Originally on Twitter: [Sat Jul 25 14:27:52 +0000 2009](https://twitter.com/adulau/status/2837696242)) +---- +Electronic music streaming back to life http://www.foo.be:8000/ + +(Originally on Twitter: [Sat Jul 25 15:02:56 +0000 2009](https://twitter.com/adulau/status/2838099488)) +---- +Yin and Yang of #InfoSec - http://bit.ly/44YvAa + +(Originally on Twitter: [Fri Jul 31 08:40:11 +0000 2009](https://twitter.com/adulau/status/2948086591)) +---- +#Apple censoring a dictionary http://daringfireball.net/2009/08/ninjawords - Lucky that we have some real libraries left + +(Originally on Twitter: [Sat Aug 08 07:36:36 +0000 2009](https://twitter.com/adulau/status/3190652138)) +---- +#hacklu - if you want to print promo leaflets for hack.lu http://bit.ly/bKvqy + +(Originally on Twitter: [Sun Aug 09 19:35:10 +0000 2009](https://twitter.com/adulau/status/3212173297)) +---- +@jepoirrier c'est un peu notre mascotte... mais il ne faut pas lui dire ;-) + +(Originally on Twitter: [Sun Aug 09 19:57:31 +0000 2009](https://twitter.com/adulau/status/3212503557)) +---- +flute from experimental to standard track(?)... good news - http://bit.ly/3pBMnz + +(Originally on Twitter: [Sun Aug 09 20:20:02 +0000 2009](https://twitter.com/adulau/status/3212835341)) +---- +@rbidule enjoy #usenix trip. + +(Originally on Twitter: [Tue Aug 11 05:18:13 +0000 2009](https://twitter.com/adulau/status/3240497307)) +---- +Today quote "Sorry, we don't have (security) guidelines but we have white lines" + +(Originally on Twitter: [Wed Aug 12 11:53:41 +0000 2009](https://twitter.com/adulau/status/3263944333)) +---- +Interesting article - a lesson in timing attacks #hmac - http://bit.ly/Zlids + +(Originally on Twitter: [Fri Aug 14 07:09:09 +0000 2009](https://twitter.com/adulau/status/3303589605)) +---- +Still have credits for the pdf version of lesoir (#belgium #newspaper), I will use them if numb. of pages in culture is higher than sport + +(Originally on Twitter: [Sat Aug 15 14:14:22 +0000 2009](https://twitter.com/adulau/status/3328417372)) +---- +quickly added memcached to python safebrowsing api - http://bit.ly/CFE7T + +(Originally on Twitter: [Sun Aug 16 06:42:42 +0000 2009](https://twitter.com/adulau/status/3341154850)) +---- +made a #wikipedia proposal for an universal user page - http://bit.ly/Gvwcm + +(Originally on Twitter: [Sun Aug 16 09:33:07 +0000 2009](https://twitter.com/adulau/status/3342434106)) +---- +just finishing review for #hack.lu #hacklu 2009 - some very good submissions this year. + +(Originally on Twitter: [Mon Aug 17 15:11:04 +0000 2009](https://twitter.com/adulau/status/3362818329)) +---- +Considerations of SHA-3 candidate's name - http://rump2009.cr.yp.to/685d6734bee2d982254687349c947af7.pdf #fun #crypto + +(Originally on Twitter: [Thu Aug 20 11:46:37 +0000 2009](https://twitter.com/adulau/status/3425939397)) +---- +is AES having an issue or just an implementation issue in PolarSSL? http://rump2009.cr.yp.to/bdac99ea43729bcfa1a5f22f1e132ae4.pdf + +(Originally on Twitter: [Thu Aug 20 12:41:17 +0000 2009](https://twitter.com/adulau/status/3426595490)) +---- +Factoring RSA 512 bits in 73 days on a single PC with ggnfs http://bit.ly/ndtOB + +(Originally on Twitter: [Thu Aug 20 20:45:48 +0000 2009](https://twitter.com/adulau/status/3435050885)) +---- +@boskabout Cisco IOS SSH key default is still 512 bits and you have still plenty of legacy 512 bits RSA keys (like TI calc keys, scard...) + +(Originally on Twitter: [Thu Aug 20 20:54:48 +0000 2009](https://twitter.com/adulau/status/3435218204)) +---- +@boskabout as long as the source on randomness from the card is good enough or/and the sieving step is not improved in a very short time ;-) + +(Originally on Twitter: [Thu Aug 20 21:03:03 +0000 2009](https://twitter.com/adulau/status/3435375369)) +---- +a good Keith Haring weekend, positive #art is always refreshing and giving new #ideas... + +(Originally on Twitter: [Sun Aug 23 19:44:15 +0000 2009](https://twitter.com/adulau/status/3497249581)) +---- +If you are #GTD fan and loving command line, a nice free software http://taskwarrior.orgp + +(Originally on Twitter: [Thu Aug 27 22:10:21 +0000 2009](https://twitter.com/adulau/status/3589056784)) +---- +Don't forget NNTP in IPv6, a never ending source of knowledge... + +(Originally on Twitter: [Sat Aug 29 19:40:40 +0000 2009](https://twitter.com/adulau/status/3630746687)) +---- +@guido_steenkamp Tegenaria atrica most probably for the spider you showed us last time + +(Originally on Twitter: [Sun Aug 30 12:25:23 +0000 2009](https://twitter.com/adulau/status/3644212478)) +---- +A patent for TV watching while blogging : 7,519,658... I need to sleep. + +(Originally on Twitter: [Wed Sep 02 21:11:43 +0000 2009](https://twitter.com/adulau/status/3719001707)) +---- +@xme I'm often using the #anti-telemarketing script... very efficient. http://www.xs4all.nl/~egbg/frans.html + +(Originally on Twitter: [Fri Sep 04 19:45:50 +0000 2009](https://twitter.com/adulau/status/3763818092)) +---- +u_int32_t for the #IPv6 flow label... pffffff + +(Originally on Twitter: [Fri Sep 04 20:41:56 +0000 2009](https://twitter.com/adulau/status/3764914930)) +---- +My 28-135 lens smacked violently... but still works. + +(Originally on Twitter: [Sun Sep 06 14:38:42 +0000 2009](https://twitter.com/adulau/status/3799003703)) +---- +A real Fahrenheit 451 http://bit.ly/d5KaP + +(Originally on Twitter: [Sun Sep 06 17:07:17 +0000 2009](https://twitter.com/adulau/status/3801253725)) +---- +@kabel @cases_lu there is a mixture in the press about it. Those web sites are not directly related to the online banking services... + +(Originally on Twitter: [Mon Sep 07 15:58:30 +0000 2009](https://twitter.com/adulau/status/3820582701)) +---- +Today an empirical proof of 'The usefulness of a meeting is inversely proportional to its attendance' + +(Originally on Twitter: [Wed Sep 09 19:46:21 +0000 2009](https://twitter.com/adulau/status/3869990998)) +---- +@FunkySteph I just said "a lot"... not too much ;-) Enjoy your evening. + +(Originally on Twitter: [Thu Sep 10 21:03:58 +0000 2009](https://twitter.com/adulau/status/3896038730)) +---- +http://www.eff.org/press/archives/2009/09/08 Is #EFF providing arguments against public domain digitalization? it looks like. I'm lost. + +(Originally on Twitter: [Fri Sep 11 11:08:23 +0000 2009](https://twitter.com/adulau/status/3909039964)) +---- +#infosec a French phishing e-mail with a real physical address in Luxembourg... + +(Originally on Twitter: [Sat Sep 12 15:28:24 +0000 2009](https://twitter.com/adulau/status/3935297475)) +---- +a quick hack for a binomial search #machinetag http://bit.ly/wbVPC + +(Originally on Twitter: [Sun Sep 13 13:59:59 +0000 2009](https://twitter.com/adulau/status/3954755792)) +---- +vim in visual studio... they must be sick. http://code.google.com/p/vivim/ + +(Originally on Twitter: [Sun Sep 13 20:27:54 +0000 2009](https://twitter.com/adulau/status/3961342730)) +---- +@Fotopedia Why do you require a proprietary client to contribute on fotopedia? a simple flickr<->fotopedia web interface would be easier. + +(Originally on Twitter: [Tue Sep 15 05:39:20 +0000 2009](https://twitter.com/adulau/status/3999029815)) +---- +@fotopedia Thanks. This is an excellent news for people willing to share already uploaded CC-licences photos. + +(Originally on Twitter: [Wed Sep 16 05:48:08 +0000 2009](https://twitter.com/adulau/status/4023680749)) +---- +http://vimeo.com/6595148 #security vmware host exploitation using the VGA bug... it seems to be based on K. Kortchinsky work. + +(Originally on Twitter: [Wed Sep 16 20:47:30 +0000 2009](https://twitter.com/adulau/status/4037895850)) +---- +an updated Internet-Draft about P2P architecture and Security http://bit.ly/vyD6S a good overview... + +(Originally on Twitter: [Wed Sep 16 21:19:42 +0000 2009](https://twitter.com/adulau/status/4038570185)) +---- +Achetez son lait en Gaume #belgique #milk http://tiny.cc/milk750 si vous avez des autres adresses... n'hésitez pas. + +(Originally on Twitter: [Sat Sep 19 07:20:57 +0000 2009](https://twitter.com/adulau/status/4098432352)) +---- +http://tiny.cc/privacy292 Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization - an interesting reading + +(Originally on Twitter: [Sun Sep 20 13:56:42 +0000 2009](https://twitter.com/adulau/status/4123737312)) +---- +@aaaarg Congrats. A great idea (AAAARG) with a cool implementation (A)... + +(Originally on Twitter: [Sun Sep 20 17:35:27 +0000 2009](https://twitter.com/adulau/status/4127411830)) +---- +@elise_huard The right time for a lapsong souchong or dark strong assam... #tea + +(Originally on Twitter: [Sun Sep 20 17:38:59 +0000 2009](https://twitter.com/adulau/status/4127475957)) +---- +Information Security Visualization Contest for hack.lu 2009 - http://2009.hack.lu/index.php/InfoVisContest + +(Originally on Twitter: [Tue Sep 22 08:18:13 +0000 2009](https://twitter.com/adulau/status/4167980215)) +---- +@secviz Information Security Visualization Contest - http://2009.hack.lu/index.php/InfoVisContest #hacklu + +(Originally on Twitter: [Tue Sep 22 08:38:53 +0000 2009](https://twitter.com/adulau/status/4168186026)) +---- +www.opencongress.org is very interesting... maybe this could be adapted for other countries? especially #belgium #belgique + +(Originally on Twitter: [Wed Sep 23 06:10:11 +0000 2009](https://twitter.com/adulau/status/4309695807)) +---- +@arebentisch Interesting. Have you tried to run opencongress (using ruby on rails) for something else than the US congress? + +(Originally on Twitter: [Wed Sep 23 19:49:40 +0000 2009](https://twitter.com/adulau/status/4323477522)) +---- +Just fixed the serial interface to "SkyTraq venus 6 chipset". The read-at-once now works properly. + +(Originally on Twitter: [Thu Sep 24 22:19:48 +0000 2009](https://twitter.com/adulau/status/4353000359)) +---- +@xme http://bit.ly/M1qsI About #BSA in Belgium + +(Originally on Twitter: [Mon Sep 28 20:11:17 +0000 2009](https://twitter.com/adulau/status/4451418212)) +---- +http://opensource.dyc.edu/tor-ramdisk #Tor running from RAM. Useful when your tor routing node is seized. + +(Originally on Twitter: [Tue Sep 29 06:13:33 +0000 2009](https://twitter.com/adulau/status/4464325325)) +---- +http://bit.ly/bLYUQ Game theory for P2P in ISP networks. A nice paper. + +(Originally on Twitter: [Wed Sep 30 20:14:39 +0000 2009](https://twitter.com/adulau/status/4505996898)) +---- +@pcapr Can I upload the full pcap of InfoVis contest for hack.lu 2009? http://2009.hack.lu/index.php/InfoVisContest + +(Originally on Twitter: [Fri Oct 02 08:02:35 +0000 2009](https://twitter.com/adulau/status/4548102636)) +---- +@pcapr great. Let me know when it's indexed. I'll publish the info on the hack.lu website. + +(Originally on Twitter: [Fri Oct 02 13:42:26 +0000 2009](https://twitter.com/adulau/status/4552664711)) +---- +#pcapr added the InfoVis Contest capture http://www.pcapr.net/forensics/ for http://2009.hack.lu/index.php/InfoVisContest #hacklu + +(Originally on Twitter: [Sat Oct 03 05:58:12 +0000 2009](https://twitter.com/adulau/status/4573565619)) +---- +Image Approximation with Genetically Selected Cosines - http://bit.ly/zoWhQ + +(Originally on Twitter: [Sat Oct 03 08:09:49 +0000 2009](https://twitter.com/adulau/status/4575082223)) +---- +@AlainGerlache on vient juste de le rallumer. mais le #twitpoll pourrait-être plus précis avec une approximation géographique. #gaume + +(Originally on Twitter: [Sat Oct 03 08:15:37 +0000 2009](https://twitter.com/adulau/status/4575141512)) +---- +http://www.laquadrature.net/en/node/2369 -- Will the European Parliament take its last chance to save citizens' rights? + +(Originally on Twitter: [Sat Oct 03 08:33:31 +0000 2009](https://twitter.com/adulau/status/4575321071)) +---- +@patrickc Interesting. what kind of machine for printing public domain works? a custom or a branded one? + +(Originally on Twitter: [Sat Oct 03 17:03:22 +0000 2009](https://twitter.com/adulau/status/4582679971)) +---- +#booksmag je ne comprends pas le "Wikipedia bashing" du magazine... il est possible que l'édition n'aime pas trop la concurrence extérieur. + +(Originally on Twitter: [Sat Oct 03 20:24:16 +0000 2009](https://twitter.com/adulau/status/4586736591)) +---- +@HowardLovecraft Have you consulted the obscure records of Sir Ligotti from the small village in the Adirondacks? The one labelled : Curwen + +(Originally on Twitter: [Sat Oct 03 20:36:42 +0000 2009](https://twitter.com/adulau/status/4586974161)) +---- +Jurispedia (http://en.jurispedia.org/) a good idea but a non-free license (a CC but with NonCommercial) and incompatible with #Wikipedia + +(Originally on Twitter: [Sun Oct 04 07:10:00 +0000 2009](https://twitter.com/adulau/status/4598449864)) +---- +@wikid Do you plan to make an open source hardware token? Maybe an arduino mini would be a good start? + +(Originally on Twitter: [Sun Oct 04 15:00:15 +0000 2009](https://twitter.com/adulau/status/4604105855)) +---- +"les forbans , au contraire , sont gens désavoués de toutes les nations " trouvé dans le dictionnaire des sciences et des arts. + +(Originally on Twitter: [Tue Oct 06 21:45:09 +0000 2009](https://twitter.com/adulau/status/4665580488)) +---- +http://bit.ly/11k6dz @rbidule @superlol a good example of the powerpoint disaster... + +(Originally on Twitter: [Fri Oct 09 21:00:05 +0000 2009](https://twitter.com/adulau/status/4744558080)) +---- +#gnu #gdb - 'reverse-finish' works great, impressive. http://www.gnu.org/software/gdb/news/reversible.html + +(Originally on Twitter: [Fri Oct 09 21:41:32 +0000 2009](https://twitter.com/adulau/status/4745468802)) +---- +@sam280 right but SoftICE is more a ring-0 kernel debugger than a versatile user-level debugger. But yes the backtrace was not far away.... + +(Originally on Twitter: [Sun Oct 11 08:54:46 +0000 2009](https://twitter.com/adulau/status/4780942124)) +---- +went to a good organic food restaurant in #liege #belgique called "como en casa" / place saint Etienne ... they have a nice photo expo too. + +(Originally on Twitter: [Sun Oct 11 09:04:06 +0000 2009](https://twitter.com/adulau/status/4781033402)) +---- +http://bit.ly/bu8ZK fruitiers résistant en Ardenne #belge - compilation basée sur le verger du Tronquoy + +(Originally on Twitter: [Sun Oct 11 11:20:19 +0000 2009](https://twitter.com/adulau/status/4782350401)) +---- +http://nastyoldpeople.org/ a CC-BY-NC-SA licensed movie distributed by thepiratebay... who say that you can't distribute movies via p2p? ;-) + +(Originally on Twitter: [Sun Oct 11 14:05:40 +0000 2009](https://twitter.com/adulau/status/4784390575)) +---- +My current outbound rate : [Rate 6879.5/ 0.0 KB] [Port: 6901] ... yes in KB/s with rTorrent. + +(Originally on Twitter: [Sun Oct 11 16:45:33 +0000 2009](https://twitter.com/adulau/status/4787269552)) +---- +@superlol The joys of remote hosting... usually they don't mind outbound bandwidth especially when it's CC-licensed or legal/free torrent. + +(Originally on Twitter: [Sun Oct 11 20:43:49 +0000 2009](https://twitter.com/adulau/status/4792168350)) +---- +"Security Flaws in a Recent Ultralightweight #RFID Protocol" http://arxiv.org/abs/0910.2115 (right now it's just a cryptanalysis) + +(Originally on Twitter: [Tue Oct 13 05:55:10 +0000 2009](https://twitter.com/adulau/status/4828844569)) +---- +I'm wondering why I always looking for textual/typographic transcription before watching a video... maybe text is more accessible to me. + +(Originally on Twitter: [Wed Oct 14 20:13:21 +0000 2009](https://twitter.com/adulau/status/4870539343)) +---- +@FunkySteph good luck. + +(Originally on Twitter: [Thu Oct 15 06:20:58 +0000 2009](https://twitter.com/adulau/status/4882995207)) +---- +A quick-and-dirty EMF detector with #Arduino : http://bit.ly/QW65J + +(Originally on Twitter: [Fri Oct 16 06:34:22 +0000 2009](https://twitter.com/adulau/status/4910168572)) +---- +@miguno Right. Text can be "analyzed" faster and textual representation is often more meaningful than a video. + +(Originally on Twitter: [Fri Oct 16 06:44:39 +0000 2009](https://twitter.com/adulau/status/4910291770)) +---- +#DNSSEC Why using RSA (signature) with short term root keys for the root servers? Is there a specific reason? compared to DSA or ECC. ref? + +(Originally on Twitter: [Sat Oct 17 06:46:04 +0000 2009](https://twitter.com/adulau/status/4937466010)) +---- +made a quick review of Amusing Ourselves to Death...the Age of Show Business at #LibraryThing www.librarything.com/review/52143736 + +(Originally on Twitter: [Sun Oct 18 15:58:47 +0000 2009](https://twitter.com/adulau/status/4968302310)) +---- +@bortzmeyer right. just wondering about the size of packets. as RSA signing is not "always" space efficient compared to DSA. #DNSSEC + +(Originally on Twitter: [Sun Oct 18 16:00:59 +0000 2009](https://twitter.com/adulau/status/4968340463)) +---- +http://2009.hack.lu/index.php/InfoVisContest #infovis #hacklu contest deadline extended to 25th October. So it's time to submit... + +(Originally on Twitter: [Sun Oct 18 16:50:40 +0000 2009](https://twitter.com/adulau/status/4969185434)) +---- +A nice lcd-based EMF detector http://www.flickr.com/photos/doegox/4027089931/ using #arduino. + +(Originally on Twitter: [Tue Oct 20 06:10:18 +0000 2009](https://twitter.com/adulau/status/5012617600)) +---- +#openlibrary waiting for the new version - http://bit.ly/14WDOB + +(Originally on Twitter: [Thu Oct 22 06:07:58 +0000 2009](https://twitter.com/adulau/status/5063230343)) +---- +http://upcoming.yahoo.com/event/4721526/ upcoming entry for #hacklu ... if you are coming just tell everyone ;-) + +(Originally on Twitter: [Thu Oct 22 21:32:56 +0000 2009](https://twitter.com/adulau/status/5079961997)) +---- +A good media is where information-action (cf. Neil Postman) ratio is high and anyone can make real action based on the information captured. + +(Originally on Twitter: [Sat Oct 24 07:24:29 +0000 2009](https://twitter.com/adulau/status/5118372954)) +---- +@xme again Dilbert is so true... thanks for the link. + +(Originally on Twitter: [Sat Oct 24 07:45:27 +0000 2009](https://twitter.com/adulau/status/5118600478)) +---- +http://trac.transmissionbt.com/ticket/1731 Again they forgot the IPv6-only host... dual-stack is just a temporary state not a final one. + +(Originally on Twitter: [Sat Oct 24 11:21:36 +0000 2009](https://twitter.com/adulau/status/5120734101)) +---- +I don't like #del.icio.us entries without notes. it won't help anyone and especially the one who bookmarked the URL... + +(Originally on Twitter: [Sat Oct 24 22:01:19 +0000 2009](https://twitter.com/adulau/status/5132387381)) +---- +Why I still read paper-based books : http://bit.ly/NOYzx + +(Originally on Twitter: [Sun Oct 25 18:12:00 +0000 2009](https://twitter.com/adulau/status/5152095514)) +---- +@FunkySteph #hacklu was a lot of fun with interesting people and great topics. Enjoy your week-end. + +(Originally on Twitter: [Sat Oct 31 07:24:48 +0000 2009](https://twitter.com/adulau/status/5309416318)) +---- +#hacklu a small note to all speakers including lightning talks or workshop : feel free to send me your presentation for archiving. thx. + +(Originally on Twitter: [Sat Oct 31 14:16:42 +0000 2009](https://twitter.com/adulau/status/5314294169)) +---- +The today useless mail header : "Sensitivity: Private" and looks the effect in a Lotus Client... A cool way to make phishing more efficient. + +(Originally on Twitter: [Mon Nov 02 09:16:47 +0000 2009](https://twitter.com/adulau/status/5359519183)) +---- +"By Data We Mean" VJ12 - #art #technology in #belgium http://www.constantvzw.org/vj12/ - hope to see you there. + +(Originally on Twitter: [Mon Nov 02 20:57:50 +0000 2009](https://twitter.com/adulau/status/5372685533)) +---- +I was surprised by the old remembering of a trance track, usually it smells the old but one track from the #platipus label was still modern. + +(Originally on Twitter: [Tue Nov 03 21:31:07 +0000 2009](https://twitter.com/adulau/status/5402220327)) +---- +More presentations added to the #hacklu 2009 archive : http://2009.hack.lu/archive/2009/ - You'll enjoy the "defeating SSL in practice"... + +(Originally on Twitter: [Tue Nov 03 21:42:08 +0000 2009](https://twitter.com/adulau/status/5402484120)) +---- +#ACTA distributed under a NDA : http://keionline.org/node/660 - If the document leaked, where is the document on Internet? + +(Originally on Twitter: [Thu Nov 05 07:43:57 +0000 2009](https://twitter.com/adulau/status/5444552919)) +---- +#ACTA, a summary with the structure of the ACTA document : http://bit.ly/1qpJ4z (found on ip4all.ch) but still looking for the complete one + +(Originally on Twitter: [Thu Nov 05 07:47:56 +0000 2009](https://twitter.com/adulau/status/5444598737)) +---- +http://bit.ly/4opVgW How to kill CC-licensed images in #flickr? it's easy, submit them to "Getty Images". #wtf + +(Originally on Twitter: [Sat Nov 07 09:44:15 +0000 2009](https://twitter.com/adulau/status/5503170980)) +---- +posted about getty images dangerous proposal and #flickr http://www.flickr.com/groups/callforartists/discuss/72157622629518905/ + +(Originally on Twitter: [Sat Nov 07 16:13:13 +0000 2009](https://twitter.com/adulau/status/5508968941)) +---- +#Decapod une solution libre pour numériser les livres, je voudrais la tester pour numériser le patrimoine gaumais... http://bit.ly/334IlO + +(Originally on Twitter: [Sun Nov 08 11:21:11 +0000 2009](https://twitter.com/adulau/status/5529968635)) +---- +http://bit.ly/lNdPB - my today's random mess especially or indirectly about #copyright + +(Originally on Twitter: [Sun Nov 08 14:32:54 +0000 2009](https://twitter.com/adulau/status/5532656950)) +---- +Just saw fish tank http://www.fishtankmovie.com/ in the European Film festival in #virton, #belgium - a surprising movie + +(Originally on Twitter: [Mon Nov 09 23:23:35 +0000 2009](https://twitter.com/adulau/status/5572482431)) +---- +RT @Wikimedia: Wikipedia kicks-off 6th Annual Fundraiser. Help protect Wikipedia. Share, everybody! http://bit.ly/WikipediaForever #wiki ... + +(Originally on Twitter: [Wed Nov 11 07:52:41 +0000 2009](https://twitter.com/adulau/status/5613480281)) +---- +"git rebase -i HEAD~10" is nifty tool but the implication of its use can be very strange... especially with different upstream. + +(Originally on Twitter: [Thu Nov 12 22:08:58 +0000 2009](https://twitter.com/adulau/status/5661250322)) +---- +L'AFP (et Le Soir) mélange(nt) #Wikia et #Wikipedia : http://bit.ly/4pqCRE + +(Originally on Twitter: [Fri Nov 13 10:15:27 +0000 2009](https://twitter.com/adulau/status/5676152288)) +---- +Received a tentative of web forgery as direct message via #Twitter pointing to a fake Twitter website. A good argument against shorten url. + +(Originally on Twitter: [Sat Nov 14 08:57:19 +0000 2009](https://twitter.com/adulau/status/5705337494)) +---- +Literature visualization with colors... #infovis http://bit.ly/4C3eSj #books + +(Originally on Twitter: [Sat Nov 14 10:11:34 +0000 2009](https://twitter.com/adulau/status/5706173324)) +---- +http://www.301works.org/ - a work-group for preserving shorten URLs. We must not use short URL ;-) especially if we want a web for human too + +(Originally on Twitter: [Sat Nov 14 10:42:44 +0000 2009](https://twitter.com/adulau/status/5706518059)) +---- +Logiciel libre et Région wallone : http://bit.ly/1YXzC3 - cela reste des déclarations - #belgique + +(Originally on Twitter: [Sat Nov 14 12:55:45 +0000 2009](https://twitter.com/adulau/status/5708193524)) +---- +hit again the bug "missing sendfile() call" with Apache and unionfs. The drawback of writing portable free software... + +(Originally on Twitter: [Sun Nov 15 13:06:33 +0000 2009](https://twitter.com/adulau/status/5735652627)) +---- +#igf2009 "Internet Governance" what a strange concept... as useless as the "Ecosystem Governance". We don't need machinery for #cyberspace + +(Originally on Twitter: [Sun Nov 15 18:26:56 +0000 2009](https://twitter.com/adulau/status/5741980845)) +---- +RT @librarythingtim: Amazed by bookstores with robots.txt exclusions, so search engines can't visit. Why not just brick up the door and ... + +(Originally on Twitter: [Sun Nov 15 18:47:38 +0000 2009](https://twitter.com/adulau/status/5742439047)) +---- +@thierryzoller ESMTP with TLS is mainly used for opportunistic encryption and not checking remote end. So the mitm is part of the design. + +(Originally on Twitter: [Mon Nov 16 12:58:57 +0000 2009](https://twitter.com/adulau/status/5764194281)) +---- +@thierryzoller but they are not really used... and when used, X.509 key management is missing. So TLS renegotiation is not the main issue.. + +(Originally on Twitter: [Mon Nov 16 13:08:46 +0000 2009](https://twitter.com/adulau/status/5764384591)) +---- +@thierryzoller you should have a look at http://bit.ly/1DzM43 Wietse made a good summary about it. + +(Originally on Twitter: [Mon Nov 16 13:22:14 +0000 2009](https://twitter.com/adulau/status/5764642538)) +---- +I'm still looking for any good security/cryptography analysis of CMAC/One-Key CBC message authentication code... + +(Originally on Twitter: [Tue Nov 17 22:14:38 +0000 2009](https://twitter.com/adulau/status/5808031967)) +---- +tmux is great but GNU Screen has some advantages for old, odd and broken terminals. + +(Originally on Twitter: [Tue Nov 17 22:34:14 +0000 2009](https://twitter.com/adulau/status/5808565358)) +---- +#belgique S'il ferme la caserne d'Arlon, Il devrait transformer la caserne d'Arlon avec l'ensemble de ses terrains en réserve naturelle... + +(Originally on Twitter: [Wed Nov 18 12:23:00 +0000 2009](https://twitter.com/adulau/status/5824786901)) +---- +@rbidule je les utilise déjà beaucoup... mais en effet, cela une nouvelle réserve plus proche ;-) + +(Originally on Twitter: [Wed Nov 18 12:42:20 +0000 2009](https://twitter.com/adulau/status/5825129121)) +---- +RT @fcouchet: Plus de 1 000 m² pour la future Hadopi http://u.mavrev.com/09e1m soit 10 fois plus que les locaux de l'ARMT + +(Originally on Twitter: [Wed Nov 18 15:52:50 +0000 2009](https://twitter.com/adulau/status/5829388462)) +---- +#hadopi Les "journalistes" d'Envoyé Spécial font une jolie démonstration de la société du spectacle de Guy Debord. TV et journalisme aie aie + +(Originally on Twitter: [Fri Nov 20 07:20:54 +0000 2009](https://twitter.com/adulau/status/5883181341)) +---- +will be in Bruxelles next week-end for Verbindingen/Jonctions #12 - http://www.constantvzw.org/vj12/ mainly for #goodiff you're welcome + +(Originally on Twitter: [Sat Nov 21 11:18:05 +0000 2009](https://twitter.com/adulau/status/5916504483)) +---- +#goodiff #hackathon at hackerspace bruxelles - http://hackerspace.be/Goodiff_Hackathon + +(Originally on Twitter: [Sat Nov 21 11:35:56 +0000 2009](https://twitter.com/adulau/status/5916725962)) +---- +@security4all sure... but it's the next week-end. + +(Originally on Twitter: [Sat Nov 21 13:37:27 +0000 2009](https://twitter.com/adulau/status/5918493213)) +---- +http://www.arabidopsis.org/ TAIR (Arabidopsis Information Resource) is loosing his funding... free genetic databases of plants are required. + +(Originally on Twitter: [Sat Nov 21 14:02:31 +0000 2009](https://twitter.com/adulau/status/5918931726)) +---- +XHTML parsing with shell tools : starting with grep, awk, xlstproc and now I'm using Python minidom parser. XML & Unix are not friends. + +(Originally on Twitter: [Sun Nov 22 10:56:23 +0000 2009](https://twitter.com/adulau/status/5943531486)) +---- +@DidierStevens Thanks. Yes but it's (was?) very buggy (crashing on XHTML is not uncommon). + +(Originally on Twitter: [Sun Nov 22 11:12:31 +0000 2009](https://twitter.com/adulau/status/5943729087)) +---- +@alfamatrix I:scintilla , the new EP seems interesting but my preference clearly goes to Seize and their latest album "Constant fight"... + +(Originally on Twitter: [Sun Nov 22 11:21:50 +0000 2009](https://twitter.com/adulau/status/5943843723)) +---- +#Librarything - SantaThing a nice concept for book lovers : http://www.librarything.com/blog/2009/11/santathing-has-arrived.php + +(Originally on Twitter: [Sun Nov 22 17:59:54 +0000 2009](https://twitter.com/adulau/status/5951050574)) +---- +@davanac étrange surtout que O'Reilly plaide pour l'utilisation de flash (propriétaire et tueur du web) sur son nouveau "Safari Book Online" + +(Originally on Twitter: [Sun Nov 22 21:13:20 +0000 2009](https://twitter.com/adulau/status/5955779979)) +---- +@FFII A good database dump of patents including application : http://bulk.resource.org/patent/intellectual_ventures/ + +(Originally on Twitter: [Tue Nov 24 18:49:29 +0000 2009](https://twitter.com/adulau/status/6015742769)) +---- +http://www.laquadrature.net/fr/node/2609 -- [LeMonde] Le "paquet télécom" adopté par le Parlement européen + +(Originally on Twitter: [Tue Nov 24 18:57:03 +0000 2009](https://twitter.com/adulau/status/6015927700)) +---- +@kabel the equilibrium of a good cipher is something surreal until someone (or something) discover the confusion and diffusion are weak. + +(Originally on Twitter: [Wed Nov 25 22:22:43 +0000 2009](https://twitter.com/adulau/status/6063003399)) +---- +BeautifulSoup moved from SGMLParser to HTMLParser. So if you are planning to use goodiff-core, please use the version 3.0.7a... grrr + +(Originally on Twitter: [Thu Nov 26 16:52:24 +0000 2009](https://twitter.com/adulau/status/6086189308)) +---- +RT @bortzmeyer: #ARIN customers will have to change their AS numbers in the AS conflict case http://bit.ly/5qZnhw + +(Originally on Twitter: [Thu Nov 26 17:50:04 +0000 2009](https://twitter.com/adulau/status/6087732060)) +---- +GooDiff released today as free software under the AGPL3 - http://www.gitorious.org/goodiff #goodiff - datasets will follow. + +(Originally on Twitter: [Thu Nov 26 18:56:29 +0000 2009](https://twitter.com/adulau/status/6089410338)) +---- +@security4all stacking and stacking software on the access layer... a lot of potential for future vulnerabilities. + +(Originally on Twitter: [Thu Nov 26 19:06:51 +0000 2009](https://twitter.com/adulau/status/6089669630)) +---- +Do you know that Google is keeping track of your SMS in Google Talk? http://www.goodiff.org/changeset/563 #goodiff + +(Originally on Twitter: [Fri Nov 27 07:58:25 +0000 2009](https://twitter.com/adulau/status/6106461362)) +---- +@antirez do you really want to rely on NSObject/retainCount ? I'm not sure it' reliable. + +(Originally on Twitter: [Fri Nov 27 09:59:16 +0000 2009](https://twitter.com/adulau/status/6108200609)) +---- +@antirez for "black-box" analysis of objects that could make sense. retainCount seems to be a valid choice in such case. + +(Originally on Twitter: [Fri Nov 27 10:06:02 +0000 2009](https://twitter.com/adulau/status/6108302126)) +---- +Another good social experiment in the train Today : books are clearly better than ebooks. + +(Originally on Twitter: [Sun Nov 29 22:16:35 +0000 2009](https://twitter.com/adulau/status/6181720127)) +---- +@mikebem Have a look at the theories from "Guy Debord"? This could be applicable to Twitter inner operation. + +(Originally on Twitter: [Mon Nov 30 16:30:41 +0000 2009](https://twitter.com/adulau/status/6205858594)) +---- +http://www.foo.be/goodiff/GooDiff-FreeSoftwareAgainstLegalGrayGoo.pdf #goodiff slides of the presentation given this Sunday at VJ12. + +(Originally on Twitter: [Tue Dec 01 22:45:17 +0000 2009](https://twitter.com/adulau/status/6249671931)) +---- +@elise_huard Is ActiveRecord still not including the root by default when exporting as JSON? This drove me crazy some months ago... + +(Originally on Twitter: [Thu Dec 03 17:22:36 +0000 2009](https://twitter.com/adulau/status/6309245737)) +---- +I especially enjoyed giving the statistical definition of "mean" when a French guy asked me for "what's mean"... he expected something else. + +(Originally on Twitter: [Fri Dec 04 17:00:20 +0000 2009](https://twitter.com/adulau/status/6342405185)) +---- +Why is the Magritte museum http://www.musee-magritte-museum.be/ not allowing photo? for security reason... what a joke. #belgique #belgium + +(Originally on Twitter: [Fri Dec 04 21:35:02 +0000 2009](https://twitter.com/adulau/status/6349977013)) +---- +@obra we should... #etherpad as free software would be very nice. Especially to follow http://autonomo.us/ rules. + +(Originally on Twitter: [Fri Dec 04 22:10:01 +0000 2009](https://twitter.com/adulau/status/6350875413)) +---- +Why is difficult to beat paper : "discovered a 10 years note in a book and I updated the note with today's pencil" e-paper can do that? + +(Originally on Twitter: [Sun Dec 06 22:48:57 +0000 2009](https://twitter.com/adulau/status/6413214130)) +---- +won't do it any more... "BEGIN { $SIG{'__WARN__'} = sub {} }" but sometime it's needed. #perl + +(Originally on Twitter: [Tue Dec 08 18:01:05 +0000 2009](https://twitter.com/adulau/status/6470182530)) +---- +@fcouchet Monty lost the dual-licensing possibility when he transferred the author-rights to Sun...he just broke the viable duality in 2008. + +(Originally on Twitter: [Tue Dec 08 22:13:09 +0000 2009](https://twitter.com/adulau/status/6476699945)) +---- +is looking for an HOTP (RFC 4226) implementation on #arduino . If you know something like that let me know... + +(Originally on Twitter: [Tue Dec 08 22:44:27 +0000 2009](https://twitter.com/adulau/status/6477406850)) +---- +Maybe it's time to join the FSF : https://my.fsf.org/associate/support_freedom?referrer=53 - free software for a free society... + +(Originally on Twitter: [Fri Dec 11 00:04:24 +0000 2009](https://twitter.com/adulau/status/6548625159)) +---- +Netnews and #NNTP are not dead... RFC5537 and RFC5536 recently published covering transport and message format aspect. #ietf + +(Originally on Twitter: [Sat Dec 12 11:12:01 +0000 2009](https://twitter.com/adulau/status/6596884322)) +---- +@superlol p=1? cela veut dire que cela arrive (presque) à chaque fois, donc tu partages la même voiture pour les 300 bornes. mais... + +(Originally on Twitter: [Sat Dec 12 11:44:03 +0000 2009](https://twitter.com/adulau/status/6597308252)) +---- +@superlol mais la formule me semble plus compliquée qu'un simple 1-(1/n) où n est le nombre de collègues sur la route en même temps ;-) + +(Originally on Twitter: [Sat Dec 12 11:48:34 +0000 2009](https://twitter.com/adulau/status/6597371320)) +---- +I just released a free javascript library for HOTP (RFC4226) : http://gitorious.org/hotp-js next step is to write a friendly js-soft token. + +(Originally on Twitter: [Sun Dec 13 18:34:23 +0000 2009](https://twitter.com/adulau/status/6635538466)) +---- +Maybe it's the time for the #FSF to sponsor and build a free hardware e-book reader? if we want to keep the control on access to e-books. + +(Originally on Twitter: [Tue Dec 15 06:59:02 +0000 2009](https://twitter.com/adulau/status/6689157251)) +---- +I just ordered a WikiReader (http://thewikireader.com/)... it's running free software : http://github.com/wikireader/wikireader we'll see. + +(Originally on Twitter: [Wed Dec 16 20:20:23 +0000 2009](https://twitter.com/adulau/status/6740838835)) +---- +a good summary why current image encryption scheme must not be used #crypto http://arxiv.org/abs/0912.3050 + +(Originally on Twitter: [Thu Dec 17 09:08:32 +0000 2009](https://twitter.com/adulau/status/6759261044)) +---- +@41414141 http://th.informatik.uni-mannheim.de/People/Lucks/reject.pdf don't worry, even Turing or Shannon were rejected... + +(Originally on Twitter: [Fri Dec 18 09:40:13 +0000 2009](https://twitter.com/adulau/status/6791746024)) +---- +@bortzmeyer the article of the year "...la nécessité de nationaliser ce réseau..." remind me of the "She's a witch!" made by Monty Python. + +(Originally on Twitter: [Fri Dec 18 16:23:04 +0000 2009](https://twitter.com/adulau/status/6800669390)) +---- +Great, etherpad is now released as free software. But the back-end is written in Java/Scala... I admit it, I'm a bit difficult today. + +(Originally on Twitter: [Sat Dec 19 07:26:26 +0000 2009](https://twitter.com/adulau/status/6823425749)) +---- +What do recursion in C programming and Howard P. Lovecraft have in common? http://www.bobhobbs.com/files/kr_lovecraft.html #Lovecraft #k&r + +(Originally on Twitter: [Sun Dec 20 09:53:14 +0000 2009](https://twitter.com/adulau/status/6856844813)) +---- +RT @bortzmeyer: Java, plus facile que dig ? Le #RIPE-NCC est tombé bien bas :-( http://labs.ripe.net/content/testing-your-resolver-dns-r ... + +(Originally on Twitter: [Tue Dec 22 08:34:19 +0000 2009](https://twitter.com/adulau/status/6923578573)) +---- +committed some works on #Forban (http://www.gitorious.org/forban) and is working on the opportunistic file sharing functionality #p2p + +(Originally on Twitter: [Tue Dec 22 18:18:52 +0000 2009](https://twitter.com/adulau/status/6936811925)) +---- +first successful opportunistic file exchange in #Forban... http://www.gitorious.org/forban + +(Originally on Twitter: [Wed Dec 23 09:21:38 +0000 2009](https://twitter.com/adulau/status/6959636355)) +---- +Again while doing backup of my data to my external hard drive, I give money to Salvatore Adamo pff.... http://bit.ly/4W4Eu3 #belgium #wtf + +(Originally on Twitter: [Thu Dec 24 11:43:25 +0000 2009](https://twitter.com/adulau/status/6997276682)) +---- +@sam280 the halting model assumes an infinite time of processing or even an infinite state storage. We can't blindly use the model in sec... + +(Originally on Twitter: [Fri Dec 25 22:04:37 +0000 2009](https://twitter.com/adulau/status/7043167870)) +---- +made a quick review of Coders at Work at #LibraryThing www.librarything.com/review/54554769 + +(Originally on Twitter: [Mon Dec 28 08:57:57 +0000 2009](https://twitter.com/adulau/status/7117972188)) +---- +just experienced a local #p2p exchange of an e-book shelve with a friend in less than 10 minutes using #forban http://www.foo.be/forban/ + +(Originally on Twitter: [Wed Dec 30 23:07:35 +0000 2009](https://twitter.com/adulau/status/7212163858)) +---- +found an interesting free hardware project to make an universal bridge interface to unknown chips http://code.google.com/p/the-bus-pirate/ + +(Originally on Twitter: [Wed Dec 30 23:13:46 +0000 2009](https://twitter.com/adulau/status/7212336297)) +---- +Google Android: A State-of-the-Art Review of Security Mechanisms - http://arxiv.org/abs/0912.5101 - a good security review of the android + +(Originally on Twitter: [Thu Dec 31 09:20:10 +0000 2009](https://twitter.com/adulau/status/7228883035)) +---- +@hubertguillaud Une piste pour les futures librairies électroniques... ou les clubs de lectures électroniques? http://a.aaaarg.org/ + +(Originally on Twitter: [Thu Dec 31 15:11:09 +0000 2009](https://twitter.com/adulau/status/7236488022)) +---- +@hubertguillaud cool. le code de Forban est assez alpha (tag 0.0.2) mais cela fonctionne relativement bien. + +(Originally on Twitter: [Thu Dec 31 15:40:44 +0000 2009](https://twitter.com/adulau/status/7237434311)) +---- +just saw "inspired by MetaPost but with an improved C++-like syntax." should be a kind of joke. I hope so. + +(Originally on Twitter: [Thu Dec 31 16:30:11 +0000 2009](https://twitter.com/adulau/status/7239048830)) +---- +for people in world.datastore: year2010.happy(people) + +(Originally on Twitter: [Fri Jan 01 11:20:55 +0000 2010](https://twitter.com/adulau/status/7267224505)) +---- +Cornell is looking after a funding scheme of arXiv.org in 2010 : http://arxiv.org/help/support #openaccess + +(Originally on Twitter: [Fri Jan 01 11:32:36 +0000 2010](https://twitter.com/adulau/status/7267385230)) +---- +Maybe #ACM should support Cornell University Library in the funding of arXiv.org instead of their non-openaccess digital library... + +(Originally on Twitter: [Fri Jan 01 11:38:35 +0000 2010](https://twitter.com/adulau/status/7267466096)) +---- +blog posted "Sharing e-Books with your Neighbours" - http://www.foo.be/cgi-bin/wiki.pl/2010-01-01_Sharing_e-Books_with_your_Neighbours + +(Originally on Twitter: [Fri Jan 01 16:42:24 +0000 2010](https://twitter.com/adulau/status/7272858777)) +---- +An interesting malware analysis tool called "Malheur" - http://www.mlsec.org/malheur/ relying on the execution behaviour of the malware. + +(Originally on Twitter: [Sat Jan 02 09:58:31 +0000 2010](https://twitter.com/adulau/status/7296329114)) +---- +just released GooDiff datasets (git bundle) of raw and processed HTML pages (ToS, Privacy, EULA...) - http://www.gitorious.org/goodiff/ + +(Originally on Twitter: [Sat Jan 02 11:29:16 +0000 2010](https://twitter.com/adulau/status/7297609011)) +---- +I hate to read peer-reviewed academic papers including pseudocode that is broken and can't be obviously expressed in any computer language. + +(Originally on Twitter: [Sat Jan 02 17:07:52 +0000 2010](https://twitter.com/adulau/status/7304092997)) +---- +@security4all for #FOSDEM, usually a good place to hack is enough. If they offer the possibility to sleep a little bit, it's even better... + +(Originally on Twitter: [Sat Jan 02 20:21:44 +0000 2010](https://twitter.com/adulau/status/7308784998)) +---- +http://blog.gowildchild.com/2010/01/protest-auvibel-tax-2010/ Protest against the #Auvibel and #SABAM extended tax #belgium + +(Originally on Twitter: [Tue Jan 05 18:34:25 +0000 2010](https://twitter.com/adulau/status/7411157820)) +---- +A colleague wanted to try #Forban on his iPhone... a brilliant idea. After an installation of Python (and a small bug fix), it worked. + +(Originally on Twitter: [Tue Jan 05 23:04:52 +0000 2010](https://twitter.com/adulau/status/7418826601)) +---- +My second cat is officially stupid. I spent the last 15 minutes to fetch him at the top of a pine tree in the neighbour garden. + +(Originally on Twitter: [Wed Jan 06 22:22:08 +0000 2010](https://twitter.com/adulau/status/7455939451)) +---- +@guido_steenkamp Happy new year to you too. I especially enjoyed your last photos on flickr. nice work. + +(Originally on Twitter: [Wed Jan 06 22:26:44 +0000 2010](https://twitter.com/adulau/status/7456080645)) +---- +http://eprint.iacr.org/2010/006 - 6 months for polynomial selection (80 CPUs) + 2 years for sieving the 768-bit RSA on n100 CPUs interesting + +(Originally on Twitter: [Thu Jan 07 12:52:45 +0000 2010](https://twitter.com/adulau/status/7477647655)) +---- +@rbidule arf ;-) but the cat was already in the pine tree before I came back ;-) + +(Originally on Twitter: [Thu Jan 07 12:58:39 +0000 2010](https://twitter.com/adulau/status/7477785705)) +---- +@lseltzer SSL/TLS is a hybrid cryptosystem. Symmetric encryption (e.g. AES) is using smaller key size than the asymmetric part (e.g. RSA). + +(Originally on Twitter: [Thu Jan 07 13:56:32 +0000 2010](https://twitter.com/adulau/status/7479283546)) +---- +@lseltzer small RSA keys are quite commonly used on smart-card or embedded system. Like the TI calculators http://bit.ly/1q6lE5 + +(Originally on Twitter: [Thu Jan 07 13:59:00 +0000 2010](https://twitter.com/adulau/status/7479346898)) +---- +@FunkySteph #IT "Doing it wrong" http://www.tbray.org/ongoing/When/201x/2010/01/02/Doing-It-Wrong - interesting article and also comments + +(Originally on Twitter: [Thu Jan 07 18:32:42 +0000 2010](https://twitter.com/adulau/status/7487575993)) +---- +Pi computation record http://bellard.org/pi/pi2700e9/announce.html using a single computer. (compared to the previous record) + +(Originally on Twitter: [Thu Jan 07 22:11:01 +0000 2010](https://twitter.com/adulau/status/7494090193)) +---- +Another PDF extractor (http://www.inreverse.net/?p=731) but one of my favorite is still origami (http://security-labs.org/origami/) #infosec + +(Originally on Twitter: [Fri Jan 08 20:56:12 +0000 2010](https://twitter.com/adulau/status/7532284159)) +---- +http://fr.readwriteweb.com/2010/01/09/nouveautes/concours-remix-logo-hadopi/ - c'est le moment d'exprimer votre créativité contre #HADOPI + +(Originally on Twitter: [Sat Jan 09 16:34:01 +0000 2010](https://twitter.com/adulau/status/7561513010)) +---- +Finally we have an SMS URI scheme standardized... the #RFC5724 has been recently published. http://tools.ietf.org/html/rfc5724 + +(Originally on Twitter: [Sat Jan 09 17:46:37 +0000 2010](https://twitter.com/adulau/status/7563570653)) +---- +@bortzmeyer ah, tu vas être obligé... j'imagine déjà le blog : Utiliser la RFC5724 comme interface REST pour Twitter et identi.ca. + +(Originally on Twitter: [Sat Jan 09 17:53:19 +0000 2010](https://twitter.com/adulau/status/7563756561)) +---- +Looks like that Jaron Lanier is lost http://bit.ly/7dXPvU maybe virtual reality is not too good for health... #freesoftware + +(Originally on Twitter: [Sat Jan 09 21:06:23 +0000 2010](https://twitter.com/adulau/status/7569067694)) +---- +fixed some bugs in Forban and git tagged as 0.0.4 : http://www.foo.be/forban/ #p2p #forban + +(Originally on Twitter: [Sun Jan 10 19:16:16 +0000 2010](https://twitter.com/adulau/status/7601513937)) +---- +A simple Python script for generating a ChangeLog from git log : http://bit.ly/7pnHBG - simple and very handy when doing a release. + +(Originally on Twitter: [Sun Jan 10 22:08:44 +0000 2010](https://twitter.com/adulau/status/7606449203)) +---- +@xme same case for me. I will be at #FOSDEM only on Sunday. + +(Originally on Twitter: [Sun Jan 10 22:18:53 +0000 2010](https://twitter.com/adulau/status/7606739928)) +---- +http://arxiv.org/abs/1001.1195 "Title: Characterizing Internet Worm Infection Structure" A good paper on the infection capability per host. + +(Originally on Twitter: [Mon Jan 11 12:39:22 +0000 2010](https://twitter.com/adulau/status/7628020137)) +---- +@nk_m la taxation des revenus publicitaires sur Internet n'est pas un financement fiable -> l'activité numérique doit se faire +localement. + +(Originally on Twitter: [Mon Jan 11 13:31:04 +0000 2010](https://twitter.com/adulau/status/7629312495)) +---- +Wikipedia network just reach the 10Gbit/s http://bit.ly/7cUvdC #wikipedia I'm pretty sure that Britannica network is below ;-) + +(Originally on Twitter: [Mon Jan 11 20:50:13 +0000 2010](https://twitter.com/adulau/status/7642419749)) +---- +@tyw7 right... this is just the outbound network traffic but it's still impressive for a project like wikipedia. ~everyone love metrics... + +(Originally on Twitter: [Mon Jan 11 21:10:52 +0000 2010](https://twitter.com/adulau/status/7643054134)) +---- +Icon explanation of free software licensing - http://www.bionicmutton.org/ade/licenses/ nice idea but maybe too much possibilities? + +(Originally on Twitter: [Mon Jan 11 21:47:07 +0000 2010](https://twitter.com/adulau/status/7644159770)) +---- +fixed a stupid bug in forban : http://www.foo.be/forban/ and worked on the duplicate content detection protocol in the opportunistic mode + +(Originally on Twitter: [Tue Jan 12 22:59:23 +0000 2010](https://twitter.com/adulau/status/7686349282)) +---- +@wikireader Tested recently the wikireader... this is really a great product : simple and efficient. Still inline with W. Cunningham vision + +(Originally on Twitter: [Tue Jan 12 23:42:44 +0000 2010](https://twitter.com/adulau/status/7687831009)) +---- +@patrickvw By the way, Netbios/CIFS/SMFS blocked... is always a good news even on a local area network. + +(Originally on Twitter: [Wed Jan 13 21:13:26 +0000 2010](https://twitter.com/adulau/status/7722148683)) +---- +@aaaarg this is silly that Verso is sending a cease-and-desist letter. I purchased a book from them due to aaaarg... #copyrightdelirium + +(Originally on Twitter: [Wed Jan 13 21:36:13 +0000 2010](https://twitter.com/adulau/status/7722843190)) +---- +@security4all http://www.gmfreeireland.org/health/SeraliniPaper2007.pdf an even more disturbing, especially for a maize on market #MON863 + +(Originally on Twitter: [Fri Jan 15 07:17:54 +0000 2010](https://twitter.com/adulau/status/7779799334)) +---- +The workaround (using DEP) recommended by Microsoft for the current IE vulnerability is not working (tested with a simple heap) pffff.... + +(Originally on Twitter: [Fri Jan 15 16:20:00 +0000 2010](https://twitter.com/adulau/status/7792762880)) +---- +a nice analysis of a Java exploit kit malware : http://www.inreverse.net/?p=804 + +(Originally on Twitter: [Fri Jan 15 22:08:12 +0000 2010](https://twitter.com/adulau/status/7803695859)) +---- +http://bit.ly/6MfiF4 Metasploit now includes a module for the recent IE 6-8 vulnerability. Very nifty... + +(Originally on Twitter: [Sat Jan 16 06:05:56 +0000 2010](https://twitter.com/adulau/status/7817905662)) +---- +How dolphins are doing hunting? an interesting technique using "mud-rings" to capture fishes http://bit.ly/5BQuiV #nature #dolphins + +(Originally on Twitter: [Sat Jan 16 15:46:55 +0000 2010](https://twitter.com/adulau/status/7829806442)) +---- +just posted a submission for the CfP of the Breizh Entropy Congress http://www.breizh-entropy.org/ #forban + +(Originally on Twitter: [Sat Jan 16 17:25:43 +0000 2010](https://twitter.com/adulau/status/7832738275)) +---- +@DidierStevens yep, it looks like and plenty of interesting people. Are you joining? ;-) + +(Originally on Twitter: [Sat Jan 16 17:55:10 +0000 2010](https://twitter.com/adulau/status/7833604253)) +---- +@DidierStevens My favourite museum in Barcelona is the Joan Miro Fondation museum. A great one. #art + +(Originally on Twitter: [Sat Jan 16 19:58:27 +0000 2010](https://twitter.com/adulau/status/7837128757)) +---- +released Forban 0.0.5 - http://www.foo.be/forban/ (mainly bug fixes for issues kindly reported by current users) + +(Originally on Twitter: [Sun Jan 17 10:58:45 +0000 2010](https://twitter.com/adulau/status/7860878619)) +---- +RT @thorstenholz: Challenge 1 of the Honeynet Forensic Challenge 2010 - pcap attack trace: http://bit.ly/4XxS1N + +(Originally on Twitter: [Mon Jan 18 07:55:36 +0000 2010](https://twitter.com/adulau/status/7896751246)) +---- +@AlainGerlache Au lieu de pleurer les "produits" InBev, je me demande pourquoi les médias n'aiment pas les producteurs belges indépendants + +(Originally on Twitter: [Mon Jan 18 21:24:46 +0000 2010](https://twitter.com/adulau/status/7918925070)) +---- +a classical corporate culture : "It's easy to provide feedback but near impossible to contribute something useful" + +(Originally on Twitter: [Wed Jan 20 14:35:24 +0000 2010](https://twitter.com/adulau/status/7987334882)) +---- +@security4all retooled is not even required. just make a test .exe doing a heap executed with a simple ActiveX, DEP is not catching it ;-) + +(Originally on Twitter: [Wed Jan 20 15:02:06 +0000 2010](https://twitter.com/adulau/status/7988204439)) +---- +@security4all good. Maybe some corporate IT dept. should deploy the IE theme of Firefox... just to give an impression to users loving IE ;-) + +(Originally on Twitter: [Wed Jan 20 18:06:05 +0000 2010](https://twitter.com/adulau/status/7994158419)) +---- +released Forban 0.0.6 : http://www.foo.be/forban/ - search interface added and clarification of the simple gossip protocol. + +(Originally on Twitter: [Sat Jan 23 22:34:23 +0000 2010](https://twitter.com/adulau/status/8126302397)) +---- +#fun, finding funky recruiter looking for PCI-DSS people in the Application Security Specialist (ASS) linkedin grp http://www.asscert.com/ + +(Originally on Twitter: [Sun Jan 24 08:05:30 +0000 2010](https://twitter.com/adulau/status/8143009679)) +---- +@bortzmeyer je pensais voir une entrée de blog concernant AFTR https://www.isc.org/software/aftr mais je suppose que c'est dans le tuyau ;-) + +(Originally on Twitter: [Sun Jan 24 20:55:01 +0000 2010](https://twitter.com/adulau/status/8162498850)) +---- +http://onpeuttoutcopier.be/ - #HADOPI en Belgique : Monfils et le débit de... + +(Originally on Twitter: [Mon Jan 25 21:56:27 +0000 2010](https://twitter.com/adulau/status/8208590223)) +---- +Nice to see a good blog post : http://bit.ly/aWZGv1 about the closed and proprietary iPad... and they even use good pictures ;-) + +(Originally on Twitter: [Wed Jan 27 21:24:05 +0000 2010](https://twitter.com/adulau/status/8295003642)) +---- +http://unhappyhipsters.com/ - Seeing all those house interior, I'm always wondering if people are living there... where is the bookshelf? + +(Originally on Twitter: [Fri Jan 29 21:32:39 +0000 2010](https://twitter.com/adulau/status/8384807098)) +---- +Forban 0.0.7 released - http://www.foo.be/forban/ Fixed 2 major bugs encountered with large files and added a FAQ regarding the protocol. + +(Originally on Twitter: [Sat Jan 30 15:11:19 +0000 2010](https://twitter.com/adulau/status/8414034789)) +---- +I'm a fan of #wikileaks but I have the impression to be in "hostage" right now. + +(Originally on Twitter: [Sun Jan 31 10:11:50 +0000 2010](https://twitter.com/adulau/status/8447870150)) +---- +#belgium #belgique petition regarding the Auvibel copy tax http://www.petitiononline.com/copytax/petition.html + +(Originally on Twitter: [Sun Jan 31 10:55:30 +0000 2010](https://twitter.com/adulau/status/8448702288)) +---- +@timoreilly security theatre is often more the security circus. Healthfood circus looks also more appropriate, seeing their techniques ;-) + +(Originally on Twitter: [Sun Jan 31 18:58:34 +0000 2010](https://twitter.com/adulau/status/8461859558)) +---- +#huisclosnet #8clos mais il me semblait les journaux belges étaient déjà en huis-clos avec Belga ;-) @davanac @AlainGerlache + +(Originally on Twitter: [Sun Jan 31 20:18:16 +0000 2010](https://twitter.com/adulau/status/8464398512)) +---- +Google changed a bit his privacy FAQ for email ads - http://bit.ly/aBeYbj can you understand the difference? @nitot #GooDiff + +(Originally on Twitter: [Tue Feb 02 06:21:12 +0000 2010](https://twitter.com/adulau/status/8532451707)) +---- +RT @41414141: Apple iPhone certificate #facepalm: http://cryptopath.wordpress.com/2010/01/29/iphone-certificate-flaws/ Muuuulti-Fail! + +(Originally on Twitter: [Tue Feb 02 10:23:50 +0000 2010](https://twitter.com/adulau/status/8537421476)) +---- +http://bit.ly/9BBhQC - Belgique HADOPI/Licence globale une copie lisible de la session de discussion du journal le soir avec Ecolo et MR. + +(Originally on Twitter: [Tue Feb 02 13:20:30 +0000 2010](https://twitter.com/adulau/status/8541843319)) +---- +@at0mium le document vient de chez Belga? l'utilisateur qui a fait la conversion de Word à PDF est cpetit (Cédric Petit?) #hadopi #belgique + +(Originally on Twitter: [Tue Feb 02 16:11:41 +0000 2010](https://twitter.com/adulau/status/8547869311)) +---- +http://onpeuttoutcopier.be/?p=85 - HADOPI Belgique – La proposition Monfils promouvoir en interdisant… un étrange concept. + +(Originally on Twitter: [Tue Feb 02 17:34:03 +0000 2010](https://twitter.com/adulau/status/8550777057)) +---- +saw that PF in OpenBSD 4.7-current has now a divert(4) function call to queue raw packet from kernel-space to user-space. great news. + +(Originally on Twitter: [Wed Feb 03 21:46:17 +0000 2010](https://twitter.com/adulau/status/8604569214)) +---- +made a short presentation about "The Attackers’ Principles"- http://bit.ly/9HJT6z - shortest path to compromise security design + +(Originally on Twitter: [Thu Feb 04 20:32:19 +0000 2010](https://twitter.com/adulau/status/8646563325)) +---- +@rbidule thanks a lot. It was nice to see you there. + +(Originally on Twitter: [Thu Feb 04 20:47:39 +0000 2010](https://twitter.com/adulau/status/8647068383)) +---- +@rbidule as discussed the excellent exefilter http://www.decalage.info/exefilter/ - to remove active content from any stream + +(Originally on Twitter: [Thu Feb 04 20:51:57 +0000 2010](https://twitter.com/adulau/status/8647210201)) +---- +See you tomorrow at #fosdem. + +(Originally on Twitter: [Sat Feb 06 18:04:07 +0000 2010](https://twitter.com/adulau/status/8730616210)) +---- +The key-signing at #fosdem : http://www.flickr.com/photos/itkovian/4337983404/ - we must be crazy to be in the cold just for signing keys. + +(Originally on Twitter: [Sun Feb 07 19:17:54 +0000 2010](https://twitter.com/adulau/status/8775170747)) +---- +Un excellent article sur le "Coût de l'Open Access en sciences" - http://www.bortzmeyer.org/cout-open-access.html #openaccess + +(Originally on Twitter: [Sun Feb 07 20:29:39 +0000 2010](https://twitter.com/adulau/status/8777552300)) +---- +if you fear xml2rfc, there is now rst2rfc - http://code.google.com/p/rst2rfc/ - doing ReStructuredText to the complex RFC XML. #ietf + +(Originally on Twitter: [Sun Feb 07 20:56:11 +0000 2010](https://twitter.com/adulau/status/8778457101)) +---- +Is Buzz breaking my public privacy? I don't explicitly want to share public notices among services (buzz and twitter). #privacy wtf + +(Originally on Twitter: [Thu Feb 11 12:13:37 +0000 2010](https://twitter.com/adulau/status/8958310933)) +---- +@KrisBuytaert arf arf... Everyone knew before me. I'm still waiting to get it. + +(Originally on Twitter: [Thu Feb 11 12:19:21 +0000 2010](https://twitter.com/adulau/status/8958467592)) +---- +trying to implement a Zeroconf (DNS-SD) extension in Forban but this is too complex and broken especially for gossip/opportunistic protocols + +(Originally on Twitter: [Fri Feb 12 21:50:26 +0000 2010](https://twitter.com/adulau/status/9027256135)) +---- +why is the #belgium federal laws so difficult to fetch? moniteur.be is a horror to fetch. do you know a good raw source of the belgium law? + +(Originally on Twitter: [Fri Feb 12 22:21:26 +0000 2010](https://twitter.com/adulau/status/9028354085)) +---- +http://bit.ly/7Zw3O - ConneXions (published between 1987 and 1996) is now fully online a nice historical flashback to Internet and networks + +(Originally on Twitter: [Sun Feb 14 10:05:59 +0000 2010](https://twitter.com/adulau/status/9093292732)) +---- +"ls -rt1 | tail -100 | xargs gpg --import" crude but works with extracted attachment generated from the wonderful caff(1). + +(Originally on Twitter: [Sun Feb 14 18:23:27 +0000 2010](https://twitter.com/adulau/status/9107093724)) +---- +made a bug fix release : Forban 0.0.8 http://www.foo.be/forban/ and also working on an opportunistic hardware box for mobile peer2peer #p2p + +(Originally on Twitter: [Sun Feb 14 18:50:31 +0000 2010](https://twitter.com/adulau/status/9107927233)) +---- +@bortzmeyer le pire c'est d'utiliser un #moleskine pour #chatroulette alors que cela pourrait servir pour décrire un nouveau logiciel libre + +(Originally on Twitter: [Sun Feb 14 20:38:16 +0000 2010](https://twitter.com/adulau/status/9111252086)) +---- +posted a blog post - Contribute or die? - http://www.foo.be/cgi-bin/wiki.pl/2010-02-14_Contribute_Or_Die + +(Originally on Twitter: [Sun Feb 14 21:48:41 +0000 2010](https://twitter.com/adulau/status/9113420375)) +---- +@wikileaks When do you plan to put back online the content? Will you wait for the parliament approval in Iceland? + +(Originally on Twitter: [Mon Feb 15 05:46:08 +0000 2010](https://twitter.com/adulau/status/9129101527)) +---- +@karlpro la licence de la bnf privatise toujours le domaine public comme Google books... c'est vraiment dommage. + +(Originally on Twitter: [Mon Feb 15 20:26:49 +0000 2010](https://twitter.com/adulau/status/9154679728)) +---- +Elliptics network is a fault tolerant distributed hash table object storage. http://www.ioremap.net/projects/elliptics very interesting + +(Originally on Twitter: [Mon Feb 15 21:04:57 +0000 2010](https://twitter.com/adulau/status/9155961564)) +---- +For the fans of Y Combinator #HN, there is now a nifty search engine : http://www.searchyc.com/ + +(Originally on Twitter: [Tue Feb 16 22:02:15 +0000 2010](https://twitter.com/adulau/status/9204139955)) +---- +forum sur "La Libre" "Faut-il une loi Hadopi en Belgique?" http://bit.ly/bFGmTl #hadopi c'est une bonne occasion... @hadopimayo + +(Originally on Twitter: [Wed Feb 17 07:04:59 +0000 2010](https://twitter.com/adulau/status/9223998322)) +---- +RT @thorstenholz: Honeynet Challenge 2 of the Forensic Challenge 2010 - browsers under attack (http://bit.ly/b3A8aF) + +(Originally on Twitter: [Wed Feb 17 07:08:56 +0000 2010](https://twitter.com/adulau/status/9224092275)) +---- +@security4all they are using emails from LinkedIn groups ;-) + +(Originally on Twitter: [Wed Feb 17 09:38:09 +0000 2010](https://twitter.com/adulau/status/9227406163)) +---- +@security4all at least they grab it there for me. as the email is only used at that place... strange. maybe the classical spammer database + +(Originally on Twitter: [Wed Feb 17 09:45:43 +0000 2010](https://twitter.com/adulau/status/9227575083)) +---- +http://pleaserobme.com/ Using twitter to know where people are and where empty houses are... #fun #privacy + +(Originally on Twitter: [Wed Feb 17 17:44:53 +0000 2010](https://twitter.com/adulau/status/9243532369)) +---- +@bortzmeyer RFC 5572 bel article. C'est dommage qu'il manque encore un serveur libre... j'en suis toujours à utiliser tinc comme serveur. + +(Originally on Twitter: [Fri Feb 19 11:26:56 +0000 2010](https://twitter.com/adulau/status/9330534671)) +---- +Experimented today fast security assessment (of DokuWiki and MojoMojo) with my students : 4 hours is too short especially for MoJoMojo ;-) + +(Originally on Twitter: [Sat Feb 20 15:53:06 +0000 2010](https://twitter.com/adulau/status/9387895093)) +---- +Tor project server compromised (20 Jan 2010) : http://archives.seul.org/or/talk/Jan-2010/msg00161.html - I missed that info/news. + +(Originally on Twitter: [Sun Feb 21 17:57:27 +0000 2010](https://twitter.com/adulau/status/9437875346)) +---- +Just finish the reading of Keith Haring Journals http://www.librarything.com/work/326947 an interesting journal if you are a fan like me. + +(Originally on Twitter: [Mon Feb 22 22:16:20 +0000 2010](https://twitter.com/adulau/status/9496001827)) +---- +@kabel they should look for "cheap satellite card" ;-) + +(Originally on Twitter: [Tue Feb 23 17:02:12 +0000 2010](https://twitter.com/adulau/status/9533665131)) +---- +http://bit.ly/9tFOw1 an open source logic analyzer - guys at dangerousprototypes are crazy... #diy + +(Originally on Twitter: [Thu Feb 25 23:07:34 +0000 2010](https://twitter.com/adulau/status/9648054603)) +---- +Living stories released as free software - http://code.google.com/p/living-stories/ - maybe a good way to improve journalism and deep news + +(Originally on Twitter: [Thu Feb 25 23:25:29 +0000 2010](https://twitter.com/adulau/status/9648781832)) +---- +If you don't want the ITU to run the Internet - http://www.ripe.net/news/2010-be-heard.html - it's time to be heard... + +(Originally on Twitter: [Fri Feb 26 16:56:17 +0000 2010](https://twitter.com/adulau/status/9686282611)) +---- +@bortzmeyer Are you willing to give ITU the possibility to be a RIR? messing up RIR processes it's one way to control more the Internet.... + +(Originally on Twitter: [Fri Feb 26 17:29:19 +0000 2010](https://twitter.com/adulau/status/9687729135)) +---- +RT @xme: Hitler rails against #cloud #security! http://bit.ly/cwgHX9 + +(Originally on Twitter: [Sat Feb 27 08:19:52 +0000 2010](https://twitter.com/adulau/status/9721172813)) +---- +@bortzmeyer right but I'm just very dubious for #ITU becoming a RIR while they are not even able to provide free access to their standards. + +(Originally on Twitter: [Sat Feb 27 21:30:22 +0000 2010](https://twitter.com/adulau/status/9746410706)) +---- +@bortzmeyer Yes but not ITU-R and ITU-D except if I missed the interface ;-) + +(Originally on Twitter: [Sat Feb 27 22:25:47 +0000 2010](https://twitter.com/adulau/status/9748353259)) +---- +agendajardin.be ajout d'un forum de discussion pour les jardins naturels en #Belgique et ailleurs http://www.agendajardin.be/ #jardin + +(Originally on Twitter: [Sun Feb 28 15:46:43 +0000 2010](https://twitter.com/adulau/status/9780703364)) +---- +"L’économie du domaine public… Freud peut nous aider" sur onpeuttoutcopier.be - http://bit.ly/bAzTGW #copyright #droit #belgique + +(Originally on Twitter: [Sun Feb 28 17:25:26 +0000 2010](https://twitter.com/adulau/status/9784092076)) +---- +@rtbf @rtbflabs C'est bien de mettre les videos en streaming mais un download serait mieux... surtout à des fins pédagogiques @AlainGerlache + +(Originally on Twitter: [Sun Feb 28 19:08:53 +0000 2010](https://twitter.com/adulau/status/9787580346)) +---- +Today, a colleague installed X11 on an OpenBSD machine on the public Internet. The machine is not a honeypot just a regular router... hmmmm + +(Originally on Twitter: [Tue Mar 02 15:00:22 +0000 2010](https://twitter.com/adulau/status/9877559660)) +---- +@xme #SCADA security can be resumed in plenty of TCP/UDP raw socket with just undocumented protocol... At least, I seen this in 3 cases ;-) + +(Originally on Twitter: [Wed Mar 03 12:45:44 +0000 2010](https://twitter.com/adulau/status/9922402906)) +---- +Why DRM doesn't work? a nice visual explanation of an user experience downloading an audio-book : http://bit.ly/a44xAm #copyright #drmsucks + +(Originally on Twitter: [Wed Mar 03 21:16:27 +0000 2010](https://twitter.com/adulau/status/9941060827)) +---- +Google removed some interesting questions from their #Privacy FAQ and made some updates http://bit.ly/92fUcK #goodiff #google + +(Originally on Twitter: [Thu Mar 04 07:13:23 +0000 2010](https://twitter.com/adulau/status/9963499746)) +---- +First #NAT64 test, works nice but Bittorrent doesn't work as seeders are using IPv4 addresses and not hostname... note : NAT64 is DNS based. + +(Originally on Twitter: [Thu Mar 04 16:20:12 +0000 2010](https://twitter.com/adulau/status/9979891237)) +---- +Un bel exemple de l'indépendance de la presse en #Belgique francophone : http://bit.ly/99C9QB Elle attaque quoi après? Les blogueurs? #press + +(Originally on Twitter: [Fri Mar 05 13:37:25 +0000 2010](https://twitter.com/adulau/status/10024082314)) +---- +Fault-Based Attack of #RSA Authentication http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf nice one... + +(Originally on Twitter: [Fri Mar 05 13:43:33 +0000 2010](https://twitter.com/adulau/status/10024314392)) +---- +RT @fcouchet: "Logiciel libre et économie de la contribution : le temps de la déprolétarisation" c'est samedi à Paris http://ur1.ca/ogxx + +(Originally on Twitter: [Fri Mar 05 14:17:50 +0000 2010](https://twitter.com/adulau/status/10025685616)) +---- +@bortzmeyer impressionnant surtout Finkielkraut... c'est marrant sa dernière œuvre "Un cœur intelligent" est un condensé d'autres œuvres. + +(Originally on Twitter: [Fri Mar 05 17:19:46 +0000 2010](https://twitter.com/adulau/status/10033367127)) +---- +@elise_huard looks like that you are engaging yourself into experimental political activism... + +(Originally on Twitter: [Fri Mar 05 20:51:30 +0000 2010](https://twitter.com/adulau/status/10041457274)) +---- +@bortzmeyer sur le même sujet : http://www.flickr.com/photos/adulau/4137514619/ ma préférence se dirige clairement vers Ivan Illich + +(Originally on Twitter: [Sat Mar 06 17:53:27 +0000 2010](https://twitter.com/adulau/status/10083042037)) +---- +just released Forban 0.0.9 - http://www.foo.be/forban/ mainly bug fixes but the time to discover and share content is greatly improved #p2p + +(Originally on Twitter: [Sun Mar 07 15:46:22 +0000 2010](https://twitter.com/adulau/status/10124590347)) +---- +If you want to demo your #p2p software at #USENIX IPTPS '10, it's still the time : http://www.usenix.org/event/iptps10/cfp/#demo + +(Originally on Twitter: [Sun Mar 07 17:08:11 +0000 2010](https://twitter.com/adulau/status/10127555697)) +---- +For the nostalgic, the source code of NCSA Mosaic : http://github.com/alandipert/ncsa-mosaic (you can even compile it on GNU/Linux) + +(Originally on Twitter: [Tue Mar 09 07:23:21 +0000 2010](https://twitter.com/adulau/status/10210734703)) +---- +Je viens encore de voir ma photo de thon rouge dans un magazine : http://www.flickr.com/photos/adulau/3723695257/ mais sans mention... + +(Originally on Twitter: [Sat Mar 13 12:29:03 +0000 2010](https://twitter.com/adulau/status/10419877182)) +---- +@cloudsecurite Le plus souvent avec un Canon 50D et du EF 28-135 ou du EF 35mm f/1.4L (mes favoris ;-) + +(Originally on Twitter: [Sat Mar 13 21:41:10 +0000 2010](https://twitter.com/adulau/status/10439526654)) +---- +Comment combattre l’abus du droit d’auteur? http://onpeuttoutcopier.be/?p=147 sur #onpeuttoutcopier #copyright + +(Originally on Twitter: [Sun Mar 14 19:47:04 +0000 2010](https://twitter.com/adulau/status/10482088446)) +---- +"The Brave New World of Bodacious Assumptions in Cryptography" a very interesting article about "proofs of security" http://bit.ly/aqEPqI + +(Originally on Twitter: [Wed Mar 17 07:07:40 +0000 2010](https://twitter.com/adulau/status/10610557226)) +---- +RFC5830-5832 is now covering GOST (the Russian cryptographic algorithm suite) not standard just informational but still very interesting + +(Originally on Twitter: [Wed Mar 17 21:11:32 +0000 2010](https://twitter.com/adulau/status/10638867466)) +---- +with git, you can learn a new command every day (hour?), like the nifty "git replace" - http://progit.org/2010/03/17/replace.html + +(Originally on Twitter: [Wed Mar 17 21:54:28 +0000 2010](https://twitter.com/adulau/status/10640477323)) +---- +@mikebem You could make a hack to add Bayesian filtering to your log collection mechanism and make @theodric and I happy. + +(Originally on Twitter: [Thu Mar 18 06:36:03 +0000 2010](https://twitter.com/adulau/status/10659421392)) +---- +"Superfast Scanner Lets You Digitize a Book By Rapidly Flipping Pages" http://bit.ly/at9AS2 handy for saving the public domain books + +(Originally on Twitter: [Thu Mar 18 17:54:35 +0000 2010](https://twitter.com/adulau/status/10682150306)) +---- +#ACTA, the point of view of the European commissioner for trade http://bit.ly/9BKOaa shows us that they don't understand the implication + +(Originally on Twitter: [Fri Mar 19 06:24:03 +0000 2010](https://twitter.com/adulau/status/10710366438)) +---- +@superlol from the article "Virtualization itself is not inherently insecure..." already disqualified the article along with Gartner quote. + +(Originally on Twitter: [Sat Mar 20 08:04:03 +0000 2010](https://twitter.com/adulau/status/10764309283)) +---- +objgraph is a great tool especially to visualize when you have some ugly memory leak in an obscure lib - #python http://mg.pov.lt/objgraph/ + +(Originally on Twitter: [Sun Mar 21 09:46:21 +0000 2010](https://twitter.com/adulau/status/10814736735)) +---- +released Forban 0.0.10 #p2p - more bug fixed and a slight update in the protocol. http://www.foo.be/forban/ works but still experimental + +(Originally on Twitter: [Sun Mar 21 19:56:35 +0000 2010](https://twitter.com/adulau/status/10835438762)) +---- +http://www.laquadrature.net/en/node/3100 -- ACTA and the European Commission: The great escape + +(Originally on Twitter: [Mon Mar 22 17:01:02 +0000 2010](https://twitter.com/adulau/status/10880989055)) +---- +http://www.laquadrature.net/en/node/3098 -- New ACTA leak: 01/18 version of consolidated text + +(Originally on Twitter: [Tue Mar 23 17:24:37 +0000 2010](https://twitter.com/adulau/status/10935285177)) +---- +http://bit.ly/d7ULtm Private Information Disclosure from Web Searches (or why Google suspended personalized suggestions…) #privacy + +(Originally on Twitter: [Wed Mar 24 06:53:57 +0000 2010](https://twitter.com/adulau/status/10967680120)) +---- +will be the 16/04 at Breizh Entropy for giving a talk about #forban #p2p - http://www.breizh-entropy.org/ + +(Originally on Twitter: [Wed Mar 24 17:08:32 +0000 2010](https://twitter.com/adulau/status/10988708278)) +---- +Yesterday, we saw a very nice "Circular Halo"/"22° halo" around the moon #belgium #belgique #gaume + +(Originally on Twitter: [Thu Mar 25 06:37:50 +0000 2010](https://twitter.com/adulau/status/11022019138)) +---- +Why PKI (X.509) designs are so broken, another good example : http://files.cloudprivacy.net/ssl-mitm.pdf #itoldyouso + +(Originally on Twitter: [Thu Mar 25 13:07:50 +0000 2010](https://twitter.com/adulau/status/11032956540)) +---- +released Forban 0.0.11 - http://www.foo.be/forban/ - the silly caching bug is now fixed. #p2p + +(Originally on Twitter: [Thu Mar 25 15:51:56 +0000 2010](https://twitter.com/adulau/status/11040321206)) +---- +http://labs.moto.com/robot_touchscreen_analysis/ Robot versus Touchscreen - an interesting way to evaluate touchscreen + +(Originally on Twitter: [Thu Mar 25 18:49:43 +0000 2010](https://twitter.com/adulau/status/11047959563)) +---- +Another good example where rekeying is often a bad idea #cryptography http://www.educatedguesswork.org/2010/03/against_rekeying.html + +(Originally on Twitter: [Sat Mar 27 08:05:47 +0000 2010](https://twitter.com/adulau/status/11134936414)) +---- +@xme it's the TCF server. + +(Originally on Twitter: [Sat Mar 27 09:10:26 +0000 2010](https://twitter.com/adulau/status/11136463509)) +---- +@xme it's Thin Client Framework used for some java apps. But Oracle has the ugly habit to change the default ports to meaningless port num. + +(Originally on Twitter: [Sat Mar 27 09:13:30 +0000 2010](https://twitter.com/adulau/status/11136531538)) +---- +@xme I read 15000 (this is the TCF) but you wrote 12500 (rmi) ;-) sorry. + +(Originally on Twitter: [Sat Mar 27 09:25:08 +0000 2010](https://twitter.com/adulau/status/11136790184)) +---- +RT @DidierStevens: RT: @wimremes: RT @torproject: Life without a CA: https://blog.torproject.org/blog/life-without-ca < yeah that ! + +(Originally on Twitter: [Sat Mar 27 09:39:51 +0000 2010](https://twitter.com/adulau/status/11137115836)) +---- +@fcouchet http://www.flickr.com/photos/caterina/3270176074/ single tasking and #gtd - some nice rules + +(Originally on Twitter: [Sat Mar 27 16:36:50 +0000 2010](https://twitter.com/adulau/status/11151526011)) +---- +@karlpro could this be one of the factor for the strong electronic music movement in Detroit? + +(Originally on Twitter: [Sat Mar 27 23:28:55 +0000 2010](https://twitter.com/adulau/status/11166876472)) +---- +Forban is now running on the #OLPC (XO-1/8.2.1) without external dependencies http://www.foo.be/forban/ to be available in version 0.0.12 + +(Originally on Twitter: [Sun Mar 28 07:20:01 +0000 2010](https://twitter.com/adulau/status/11184596267)) +---- +Where can I officially buy FLAC or mp3 of Laurent Garnier latest album? without the stupid #DRM of 7digital... #pias still someone on-board? + +(Originally on Twitter: [Sun Mar 28 14:59:27 +0000 2010](https://twitter.com/adulau/status/11197757634)) +---- +@piasrecordings Can we buy somewhere (even at a higher price) tracks from your artists without #DRM? + +(Originally on Twitter: [Sun Mar 28 15:04:34 +0000 2010](https://twitter.com/adulau/status/11197998054)) +---- +Enjoying the sounds of New York on http://twestival-fm.com/cities/17001 - a track by Moby @twestival + +(Originally on Twitter: [Sun Mar 28 20:27:29 +0000 2010](https://twitter.com/adulau/status/11211114911)) +---- +"EphCOM: Practical Ephemeral Communications" - allowing a user to assign an expiration time to her private data http://bit.ly/bYbBNq + +(Originally on Twitter: [Wed Mar 31 09:08:04 +0000 2010](https://twitter.com/adulau/status/11357839927)) +---- +Forban (git master branch) is now able to run on the Nokia N900 - http://www.foo.be/forban/ #p2p #filesharing + +(Originally on Twitter: [Wed Mar 31 13:42:37 +0000 2010](https://twitter.com/adulau/status/11366829937)) +---- +Why EU Commissioners are focusing on blocking Internet? http://www.edri.org/edrigram/number8.5/edri-open-letter-internet-blocking + +(Originally on Twitter: [Wed Mar 31 14:18:40 +0000 2010](https://twitter.com/adulau/status/11368507605)) +---- +@0x58 I hope this is just a lack of knowledge and not an attempt to extent control in the cyberspace. Maybe we could callback John P. Barlow + +(Originally on Twitter: [Wed Mar 31 14:52:37 +0000 2010](https://twitter.com/adulau/status/11370133168)) +---- +OpenAMQ is now discarded in favour of ZeroMQ - another example of "design by committee" failure... http://bit.ly/bKDEgE + +(Originally on Twitter: [Wed Mar 31 16:54:17 +0000 2010](https://twitter.com/adulau/status/11376054597)) +---- +Have you read "Reality Hunger" from David Shields? Is it an interesting reading? Or something to avoid? #Books + +(Originally on Twitter: [Wed Mar 31 17:57:31 +0000 2010](https://twitter.com/adulau/status/11378912588)) +---- +RT @ls01: Bon Gallimard attaque Google, on le sait, on s'en doutait... Mais au fait quid de Gallimard vs Wikisource? ( @wikimedia_fr, news?) + +(Originally on Twitter: [Wed Mar 31 18:48:25 +0000 2010](https://twitter.com/adulau/status/11381077038)) +---- +@challpiri http://identi.ca/adulau je "cross-poste" entre les deux... + +(Originally on Twitter: [Thu Apr 01 15:06:04 +0000 2010](https://twitter.com/adulau/status/11428783129)) +---- +If you are using softraid(4) on OpenBSD, the format changed after 4.7 - http://www.undeadly.org/cgi?action=article&sid=20100326172808 + +(Originally on Twitter: [Thu Apr 01 18:49:23 +0000 2010](https://twitter.com/adulau/status/11439227546)) +---- +Time Division Multiple Access (TDMA) process as a Perl module - crazy but useful for testing : http://search.cpan.org/~alex/Net-TDMA/ + +(Originally on Twitter: [Fri Apr 02 12:44:16 +0000 2010](https://twitter.com/adulau/status/11478392317)) +---- +If you are using tcpdump -X/-x with 'cut/sed/awk', maybe you should consider using the -A option in tcpdump... + +(Originally on Twitter: [Sat Apr 03 11:12:12 +0000 2010](https://twitter.com/adulau/status/11529983872)) +---- +#hacklu hack.lu 2010 CfP (Call for Papers) will be released this weekend. The conference will take place 27-29 October 2010 in Luxembourg. + +(Originally on Twitter: [Sat Apr 03 11:24:58 +0000 2010](https://twitter.com/adulau/status/11530314094)) +---- +Vu dans lemonde "En inventant l'ordinateur, Alan Turin ne se doutait pas qu'il jouait à l'apprenti sorcier " Turing... http://bit.ly/cFfw0y + +(Originally on Twitter: [Sat Apr 03 20:24:39 +0000 2010](https://twitter.com/adulau/status/11551580284)) +---- +@DidierStevens Arf, en effet et si je peux ajouter : "Le poids de l'ennui, le choc des paupières et le fardeau de l'abonnement"... #lemonde + +(Originally on Twitter: [Sat Apr 03 20:42:44 +0000 2010](https://twitter.com/adulau/status/11552211142)) +---- +hack.lu 2010 call for papers - http://2010.hack.lu/cfp-hacklu2010.txt - http://2010.hack.lu/cfp/ #hacklu #cfp + +(Originally on Twitter: [Sun Apr 04 16:40:34 +0000 2010](https://twitter.com/adulau/status/11595608361)) +---- +A couple of common magpie is building a nest in our garden but the nest looks more the Marsupilami's nest than the traditional magpie nest. + +(Originally on Twitter: [Mon Apr 05 08:08:02 +0000 2010](https://twitter.com/adulau/status/11631326705)) +---- +RT @ppinternational: Final Version of "Copying Is Not Theft" Released! #video http://questioncopyright.org/ + +(Originally on Twitter: [Mon Apr 05 09:41:20 +0000 2010](https://twitter.com/adulau/status/11633663158)) +---- +radio panik - http://www.radiopanik.org/ if you want to listen something different with a touch of art. + +(Originally on Twitter: [Mon Apr 05 10:34:22 +0000 2010](https://twitter.com/adulau/status/11635076346)) +---- +@pp_belgium panel 1 and 2 are just there to congratulate themselves about the need of collective rights organizations. a strange world. + +(Originally on Twitter: [Mon Apr 05 10:49:43 +0000 2010](https://twitter.com/adulau/status/11635513171)) +---- +Vangelis and collective rights organization, an interesting point of view regarding the transfer of rights http://bit.ly/aaxqFJ #copyright + +(Originally on Twitter: [Mon Apr 05 10:57:09 +0000 2010](https://twitter.com/adulau/status/11635727479)) +---- +Discussions about "the Research Non-Assertion Pledge and the Public Patent License." at #CC http://bit.ly/dbyR0U + +(Originally on Twitter: [Tue Apr 06 17:33:35 +0000 2010](https://twitter.com/adulau/status/11709442065)) +---- +RFC 5785 "Defining Well-Known Uniform Resource Identifiers (URIs)" seems a good move - what will be the first application in the registry? + +(Originally on Twitter: [Wed Apr 07 17:06:24 +0000 2010](https://twitter.com/adulau/status/11766231249)) +---- +A CVE tracker for Ubuntu - very handy to know the security state of your current release : http://bit.ly/9SS8pT + +(Originally on Twitter: [Thu Apr 08 06:31:48 +0000 2010](https://twitter.com/adulau/status/11810341622)) +---- +RT @HowardLovecraft: Hours spent securing the basement door to prevent a unspeakable fiend from gnawing its way into my living quarters. + +(Originally on Twitter: [Fri Apr 09 05:50:46 +0000 2010](https://twitter.com/adulau/status/11866227935)) +---- +"Bluebear: Exploring Privacy Threats in BitTorrent" - http://bit.ly/ckLKfq + +(Originally on Twitter: [Fri Apr 09 14:02:09 +0000 2010](https://twitter.com/adulau/status/11882005254)) +---- +Have you ever seen flies in a Cisco router? http://www.chronix.org/muchy/ + +(Originally on Twitter: [Fri Apr 09 15:33:25 +0000 2010](https://twitter.com/adulau/status/11886416376)) +---- +@KrisBuytaert No. The equipment with the bugs is much more modern than yours ;-) + +(Originally on Twitter: [Fri Apr 09 15:47:14 +0000 2010](https://twitter.com/adulau/status/11887063283)) +---- +@0x58 We tested Ecdysis NAT64 (the OpenBSD/pf version + unbound patched). Works great except for protocols with hardcoded v4 addr... + +(Originally on Twitter: [Sun Apr 11 08:24:37 +0000 2010](https://twitter.com/adulau/status/11981937929)) +---- +I just released Forban 0.0.14 (an opportunistic p2p file-sharing application for personal/local area networks) - http://www.foo.be/forban/ + +(Originally on Twitter: [Sun Apr 11 14:07:17 +0000 2010](https://twitter.com/adulau/status/11992241329)) +---- +posted a comment "Composting McDonald Happy Meal" This could have been a better experiment http://news.ycombinator.com/item?id=1256516 + +(Originally on Twitter: [Sun Apr 11 15:03:58 +0000 2010](https://twitter.com/adulau/status/11994701687)) +---- +is preparing his presentation for the Breizh Entropy Congress - http://www.breizh-entropy.org/ + +(Originally on Twitter: [Sun Apr 11 17:03:09 +0000 2010](https://twitter.com/adulau/status/11999933042)) +---- +@raphaelhenry la situation est même pire pour la sécurité du "cloud computing", les certifications (ex. PCI DSS) -> une fausse perception + +(Originally on Twitter: [Mon Apr 12 09:05:02 +0000 2010](https://twitter.com/adulau/status/12036967776)) +---- +@mikebem @FunkySteph and don't forget the sneakers. 2 pink pastel air max and yellow air jordan for the staff ;-) -> michael-import/export + +(Originally on Twitter: [Mon Apr 12 11:04:54 +0000 2010](https://twitter.com/adulau/status/12040379405)) +---- +#ACTA and the search in the Council of the European Union - http://bit.ly/di1NaY gives a good overview of the "transparency" about it + +(Originally on Twitter: [Mon Apr 12 12:29:08 +0000 2010](https://twitter.com/adulau/status/12043511584)) +---- +RT @arbornetworks: Fake ICPP violation alert due to malcode, affects BitTorrent users. http://is.gd/bpyQH More from @FSLabs http://is.gd ... + +(Originally on Twitter: [Mon Apr 12 12:49:42 +0000 2010](https://twitter.com/adulau/status/12044363924)) +---- +a list of twitter account about information security : http://www.security-faqs.com/infosec-on-twitter good but not exhaustive + +(Originally on Twitter: [Mon Apr 12 16:45:31 +0000 2010](https://twitter.com/adulau/status/12055190014)) +---- +Comparison of Python cryptographic modules : http://mikeivanov.com/pc/python-crypto.pdf #crypto #python + +(Originally on Twitter: [Tue Apr 13 05:47:47 +0000 2010](https://twitter.com/adulau/status/12089176447)) +---- +Full history dump for English Wikipedia is back - http://bit.ly/cGgmZe - #wikipedia #dataset #research + +(Originally on Twitter: [Wed Apr 14 08:12:05 +0000 2010](https://twitter.com/adulau/status/12152242060)) +---- +"If the data structure can’t be explained on a beer coaster, it’s too complex." see in Felix von Leitner presentation - http://bit.ly/2FYaPY + +(Originally on Twitter: [Wed Apr 14 08:32:40 +0000 2010](https://twitter.com/adulau/status/12152795409)) +---- +RT @pp_belgium: Droits de qui ? Merci SABAM : http://ping.fm/F6Xnh + +(Originally on Twitter: [Wed Apr 14 08:57:26 +0000 2010](https://twitter.com/adulau/status/12153457718)) +---- +@jennamcjenna like that, they are ready to get up for work too. Maybe I read too much of Ivan Illich - "Deschooling Society" + +(Originally on Twitter: [Wed Apr 14 11:21:30 +0000 2010](https://twitter.com/adulau/status/12157762448)) +---- +"Cryptanalysis of the DECT Standard Cipher" + practical attack - http://bit.ly/aYQK5d #crypto + +(Originally on Twitter: [Wed Apr 14 14:29:35 +0000 2010](https://twitter.com/adulau/status/12166033616)) +---- +The presentation given at Breizh Entropy about Forban : http://bit.ly/akPjEk - forban an opportunistic link-local p2p free software + +(Originally on Twitter: [Fri Apr 16 10:06:49 +0000 2010](https://twitter.com/adulau/status/12274780552)) +---- +@mikebem if you have an issue with the cat, let us know... We could eat^H^H^H move the cat in Belgium ;-) + +(Originally on Twitter: [Mon Apr 19 11:47:51 +0000 2010](https://twitter.com/adulau/status/12451264485)) +---- +street art in Rennes or again walking in the streets to find the unexpected... - http://www.bit.ly/b6vaTM + +(Originally on Twitter: [Mon Apr 19 21:49:50 +0000 2010](https://twitter.com/adulau/status/12477742249)) +---- +"Government requests directed to Google and YouTube" - http://www.google.com/governmentrequests/ #censorship + +(Originally on Twitter: [Wed Apr 21 05:37:59 +0000 2010](https://twitter.com/adulau/status/12560702838)) +---- +a good course and overview about "Probabilistic Modeling " http://bit.ly/9vRtfG + +(Originally on Twitter: [Thu Apr 22 21:31:59 +0000 2010](https://twitter.com/adulau/status/12662248141)) +---- +Belgium doesn't exist as a country but as an art performance. It's better to love art than a country. #belgium #belgique #art + +(Originally on Twitter: [Sat Apr 24 07:31:56 +0000 2010](https://twitter.com/adulau/status/12751360284)) +---- +Le logiciel libre pour une société libre et conviviale - http://bit.ly/9FXPhX - dernière présentation du jour... + +(Originally on Twitter: [Sat Apr 24 20:41:33 +0000 2010](https://twitter.com/adulau/status/12782552701)) +---- +@TheCopia Would it possible to put my existing (and non-DRM) e-books into copia? + +(Originally on Twitter: [Sun Apr 25 05:25:06 +0000 2010](https://twitter.com/adulau/status/12805638765)) +---- +For the book lovers that like to carry books everywhere in the house or office, http://www.lebouc.be/ a nice (Belgian) design. + +(Originally on Twitter: [Sun Apr 25 08:13:09 +0000 2010](https://twitter.com/adulau/status/12811336908)) +---- +@davanac "Killed by ppt" http://www.edwardtufte.com/bboard/q-and-a-fetch-msg?msg_id=0001yB the nice article from Edward Tufte + +(Originally on Twitter: [Tue Apr 27 15:00:32 +0000 2010](https://twitter.com/adulau/status/12949305960)) +---- +http://mixtapeamnesty.ie/ "The amnesty was created in an effort to finally rid the country of illegally taped music." #fun #copyright + +(Originally on Twitter: [Wed Apr 28 11:39:32 +0000 2010](https://twitter.com/adulau/status/13001448115)) +---- +Forban 0.0.15 released (mainly bug fixes) http://www.foo.be/forban/ - an epidemic p2p file-sharing free software. + +(Originally on Twitter: [Wed Apr 28 20:31:58 +0000 2010](https://twitter.com/adulau/status/13026701435)) +---- +spock is now intelius http://bit.ly/duFJg5 #goodiff #privacy - privacy policy updated according to that change. + +(Originally on Twitter: [Thu Apr 29 06:52:39 +0000 2010](https://twitter.com/adulau/status/13055230202)) +---- +Do you want to black-hole a product and the OpenPGP standard? easy, you'll just need to be acquired by Symantec. #pgp + +(Originally on Twitter: [Thu Apr 29 14:48:56 +0000 2010](https://twitter.com/adulau/status/13072536102)) +---- +just released Forban 0.0.17 (protocol slightly improved with HMAC in announce to avoid recurring index download) http://foo.be/forban/ #p2p + +(Originally on Twitter: [Sun May 02 15:07:53 +0000 2010](https://twitter.com/adulau/status/13250142690)) +---- +hiking in the woods, saw a young fox next to a Canada goose... and guess what? I didn't took my camera coz I never see anything at that time + +(Originally on Twitter: [Sun May 02 20:40:05 +0000 2010](https://twitter.com/adulau/status/13265092301)) +---- +@rbidule next to each other? that would make a great shot too... + +(Originally on Twitter: [Sun May 02 21:06:27 +0000 2010](https://twitter.com/adulau/status/13266239758)) +---- +@zoobab The FUD is coming from this silly post of ZDNet. It would more wise to distribute the FSF argumented facts than the ZDNet "news"... + +(Originally on Twitter: [Mon May 03 09:47:12 +0000 2010](https://twitter.com/adulau/status/13296939394)) +---- +@AlainGerlache en plus c'est toujours les mêmes qui doivent tenir le bureau de vote. j'ai envie dire "il fallait les prévoir plus tôt"... + +(Originally on Twitter: [Mon May 03 09:50:59 +0000 2010](https://twitter.com/adulau/status/13297046607)) +---- +@fboule at the edge of the Chiny forest in Gaume. That why I was disgusted to not have my camera with me (usually not the case ;-). + +(Originally on Twitter: [Mon May 03 15:27:22 +0000 2010](https://twitter.com/adulau/status/13311036895)) +---- +RT @bortzmeyer: "99 % of routing accidents on the Internet are origination errors. Fixing them with the RPKI will fix a lot of problems. ... + +(Originally on Twitter: [Mon May 03 15:31:53 +0000 2010](https://twitter.com/adulau/status/13311255225)) +---- +"Information-action Ratio or What's Your Opinion About Belgian Politics?" #belgium #media http://bit.ly/a9QLIV + +(Originally on Twitter: [Mon May 03 20:23:49 +0000 2010](https://twitter.com/adulau/status/13324145063)) +---- +Deletable Bloom filter, useful when you want to delete an element without affecting the rest of the set. http://arxiv.org/abs/1005.0352 + +(Originally on Twitter: [Tue May 04 05:53:01 +0000 2010](https://twitter.com/adulau/status/13349906547)) +---- +Fuzzdb - a database for fuzzing including patterns to fuzz and expected response format - great idea http://code.google.com/p/fuzzdb/ + +(Originally on Twitter: [Tue May 04 13:44:14 +0000 2010](https://twitter.com/adulau/status/13365298950)) +---- +The pirate party in Belgium is looking for signature for the election to come - http://bit.ly/dlyimj #belgium #belgique + +(Originally on Twitter: [Tue May 04 18:40:43 +0000 2010](https://twitter.com/adulau/status/13378203926)) +---- +Today, I encountered again a "deletionist" on Wikipedia. Would it possible to delete a "deletionist"? #wikipedia + +(Originally on Twitter: [Tue May 04 21:39:44 +0000 2010](https://twitter.com/adulau/status/13385832517)) +---- +@challpiri http://meta.wikimedia.org/wiki/Deletionist http://meta.wikimedia.org/wiki/Deletionism + +(Originally on Twitter: [Tue May 04 21:42:27 +0000 2010](https://twitter.com/adulau/status/13385955314)) +---- +"A fast, fuzzy, full-text index using Redis" - http://bit.ly/bXZIVc + +(Originally on Twitter: [Wed May 05 20:52:51 +0000 2010](https://twitter.com/adulau/status/13446726585)) +---- +Comparing genomes from Escherichia Coli to the Linux kernel call graph - http://bit.ly/ajoNVD + +(Originally on Twitter: [Thu May 06 08:24:32 +0000 2010](https://twitter.com/adulau/status/13476014383)) +---- +@xme great, good news. Could we have a copy of the slides? + +(Originally on Twitter: [Thu May 06 11:52:22 +0000 2010](https://twitter.com/adulau/status/13482912665)) +---- +Ryzom Core is finally released as free software (AGPLv3) including artistic asset (CC-BY-SA) - http://dev.ryzom.com/news/13 + +(Originally on Twitter: [Thu May 06 13:19:52 +0000 2010](https://twitter.com/adulau/status/13486929501)) +---- +Lost in a lemma proof... where the array gets also lost with an impossible index. Reading papers could sometimes affect your health... + +(Originally on Twitter: [Fri May 07 20:58:12 +0000 2010](https://twitter.com/adulau/status/13569210976)) +---- +@ChrisJohnRiley if this is for Python data structure, there is pprint (pretty print) part of the standard library. + +(Originally on Twitter: [Sat May 08 20:49:58 +0000 2010](https://twitter.com/adulau/status/13628262545)) +---- +@roessler I like the idea of Ignite... By the way, the #01 in Brussels was last February. So it's not too late for the Luxembourg. + +(Originally on Twitter: [Sat May 08 20:54:07 +0000 2010](https://twitter.com/adulau/status/13628420398)) +---- +RT @_ddenis_: La Sabam veut faire payer le web: http://bit.ly/csezpj #etraces + +(Originally on Twitter: [Mon May 10 08:55:05 +0000 2010](https://twitter.com/adulau/status/13716378717)) +---- +RT @pp_belgium: Non seulement nous ne pouvons pas nous présenter mais apparament nous ne pouvons pas parler non plus : http://bit.ly/c3phHY + +(Originally on Twitter: [Tue May 11 10:50:57 +0000 2010](https://twitter.com/adulau/status/13781868892)) +---- +Just saw a scammer using Google Docs to fill form...those scammers, they are very trendy, they use SaaS. #security #scam #cloud + +(Originally on Twitter: [Tue May 11 11:55:57 +0000 2010](https://twitter.com/adulau/status/13784341213)) +---- +.de TLD seems accessible for domains starting from a-e but not after... just tested with a simple "dig -t NS <X> @a.nic.de" hmmmm @i0n1c + +(Originally on Twitter: [Wed May 12 12:30:23 +0000 2010](https://twitter.com/adulau/status/13848297294)) +---- +@bortzmeyer Thanks. this is matching. do you know if #DENIC is working on it? I suppose so... + +(Originally on Twitter: [Wed May 12 12:43:23 +0000 2010](https://twitter.com/adulau/status/13848891187)) +---- +@pp_belgium where can I send the scan of my signature? + +(Originally on Twitter: [Wed May 12 15:16:36 +0000 2010](https://twitter.com/adulau/status/13856329577)) +---- +@wikireader http://thewikireader.com/update.html FYI, The URLs for the update are broken. Could you check? Thank you. + +(Originally on Twitter: [Thu May 13 11:54:21 +0000 2010](https://twitter.com/adulau/status/13909549267)) +---- +Looking back to old (2002) slides from #Microsoft about the GNU #GPL, this is so ludicrous... - http://bit.ly/9BBnVM + +(Originally on Twitter: [Thu May 13 13:14:26 +0000 2010](https://twitter.com/adulau/status/13913209839)) +---- +@0x58 Sometime I'm calling them (if there is a phone number) and you can have fun... & at the same time, it's blocking their scam business. + +(Originally on Twitter: [Thu May 13 13:45:11 +0000 2010](https://twitter.com/adulau/status/13914725897)) +---- +If I have to name the free software of the year, it will be redis ! http://code.google.com/p/redis/ #redis "intersection rules" + +(Originally on Twitter: [Thu May 13 14:41:46 +0000 2010](https://twitter.com/adulau/status/13917488643)) +---- +Forban 0.0.18 released - Win32 support added. #p2p opportunistic over lan - http://www.foo.be/forban/ + +(Originally on Twitter: [Fri May 14 17:58:02 +0000 2010](https://twitter.com/adulau/status/13989117724)) +---- +RFC 5848 is published - "Signed Syslog Messages" - an excellent news. + +(Originally on Twitter: [Fri May 14 18:08:56 +0000 2010](https://twitter.com/adulau/status/13989618713)) +---- +"git fast-import" saved again my life #git + +(Originally on Twitter: [Sat May 15 22:11:07 +0000 2010](https://twitter.com/adulau/status/14061091864)) +---- +Libre Graphics Meeting 2010 Brussels 27-30 May - feel free to make a donation #lgm - http://pledgie.com/campaigns/8926 + +(Originally on Twitter: [Sun May 16 11:52:17 +0000 2010](https://twitter.com/adulau/status/14094147491)) +---- +@nitot même un tcpdump peut enregistrer une partie du payload dans une même capture avec une petite valeur de "-s". #medium-fail #google + +(Originally on Twitter: [Sun May 16 15:17:36 +0000 2010](https://twitter.com/adulau/status/14103644802)) +---- +@patrickvw Le vote électronique? le vote papier fonctionne mieux, plus facilement contrôlable par tous et pour un coût moindre. + +(Originally on Twitter: [Mon May 17 11:05:28 +0000 2010](https://twitter.com/adulau/status/14154569390)) +---- +@patrickvw le vote électronique n'est pas une solution valide quand il existe déjà le vote papier. Quelle est la position du pirate party? + +(Originally on Twitter: [Mon May 17 11:18:11 +0000 2010](https://twitter.com/adulau/status/14155063929)) +---- +@patrickvw Merci pour l'info. J'ai une grosse préférence pour le vote papier uniquement... mais je n'ai rien dit. + +(Originally on Twitter: [Mon May 17 11:37:27 +0000 2010](https://twitter.com/adulau/status/14155838271)) +---- +@patrickvw Je connais le mécanisme de contrôle : une impression sur papier. Comme quoi un bon vote papier, c'est imbattable. @bortzmeyer + +(Originally on Twitter: [Mon May 17 12:08:04 +0000 2010](https://twitter.com/adulau/status/14157154318)) +---- +finds silly a media website talking about insecurity of web browsing when they have external links in flash and js to untrusted sites... + +(Originally on Twitter: [Tue May 18 12:13:01 +0000 2010](https://twitter.com/adulau/status/14223682554)) +---- +Spammer trick of the day : "using Google Picasa notification for spamming" handy as you don't have a X-Originating-Ip header... + +(Originally on Twitter: [Tue May 18 12:33:32 +0000 2010](https://twitter.com/adulau/status/14224689685)) +---- +@xme how can you do risk management of an iPhone? if any application from the AppleStore can be installed by the user ;-) + +(Originally on Twitter: [Tue May 18 13:00:20 +0000 2010](https://twitter.com/adulau/status/14226039144)) +---- +@xme right but the reality is often far away from any formal risk analysis but you know better than me. + +(Originally on Twitter: [Tue May 18 13:12:18 +0000 2010](https://twitter.com/adulau/status/14226668271)) +---- +RT @rommelfs: R.I.P. newzbin.com - we've had a good time + +(Originally on Twitter: [Wed May 19 05:46:31 +0000 2010](https://twitter.com/adulau/status/14277338999)) +---- +@theodric You're right. The bar picture looks like michael... but you know he is so used to be lost in underground activities. + +(Originally on Twitter: [Wed May 19 15:53:14 +0000 2010](https://twitter.com/adulau/status/14301927660)) +---- +More than 20 minutes for a survey from #ACM, I gave up.... + +(Originally on Twitter: [Thu May 20 22:22:07 +0000 2010](https://twitter.com/adulau/status/14388748653)) +---- +The today's bug report in Firefox : http://support.mozilla.com/en-US/forum/1/677839 #fun + +(Originally on Twitter: [Fri May 21 19:24:04 +0000 2010](https://twitter.com/adulau/status/14447920769)) +---- +WebSDR - real-time tuning on a radio from a 80m antenna http://websdr.ewi.utwente.nl:8901/ #SDR Impressive ! + +(Originally on Twitter: [Fri May 21 19:34:29 +0000 2010](https://twitter.com/adulau/status/14448401596)) +---- +Why I like to keep wild grasses in my garden http://bit.ly/cFsYmm http://bit.ly/aFcXnV - #biodiversity + +(Originally on Twitter: [Sat May 22 10:33:54 +0000 2010](https://twitter.com/adulau/status/14486576212)) +---- +Does someone know the HTTP crawler ""P.Arthur 1.1" and especially using IPv6? It's from China (PKU6-CERNET2)... looks strange + +(Originally on Twitter: [Mon May 24 09:13:59 +0000 2010](https://twitter.com/adulau/status/14612074578)) +---- +@cvandeplas I want to vote for a party who is not brandishing flags and leaving people freedom. But does this exist? #belgium + +(Originally on Twitter: [Mon May 24 09:37:34 +0000 2010](https://twitter.com/adulau/status/14612859798)) +---- +good point... RT @HSGhent Roundtable Workshop Format http://post.ly/cJH0 + +(Originally on Twitter: [Mon May 24 09:44:05 +0000 2010](https://twitter.com/adulau/status/14613077037)) +---- +@jmjavaux @AlainGerlache L'enjeux c'est de rester libre et d'avoir un équilibre pour toutes les communautés et sans brandir des drapeaux... + +(Originally on Twitter: [Mon May 24 10:55:46 +0000 2010](https://twitter.com/adulau/status/14615688276)) +---- +just posted "Information wants to be free" is now becoming an axiom - http://bit.ly/c4AlG4 + +(Originally on Twitter: [Mon May 24 16:58:46 +0000 2010](https://twitter.com/adulau/status/14635123607)) +---- +@wragge Some more machine tags - http://www.foo.be/cgi-bin/wiki.pl/MachineTag #fmtc + +(Originally on Twitter: [Mon May 24 18:09:08 +0000 2010](https://twitter.com/adulau/status/14638705544)) +---- +Tabbing in a browser can be dangerous - a simple way to make a phishing attack... - http://bit.ly/b6c0ov + +(Originally on Twitter: [Tue May 25 05:52:28 +0000 2010](https://twitter.com/adulau/status/14674882017)) +---- +@pbeyssac old pictures from #rms ... but without the glasses ;-) http://www.foo.be/photo/rms/ + +(Originally on Twitter: [Wed May 26 11:34:34 +0000 2010](https://twitter.com/adulau/status/14757161254)) +---- +loves to rewrite an ugly software from Java to Python especially when the code is reduced by 10 and it's 4 times faster... + +(Originally on Twitter: [Wed May 26 21:25:57 +0000 2010](https://twitter.com/adulau/status/14789230566)) +---- +In the series, #git is wonderful : "git-notes allows to add notes on an object without touching the object/commit" nice for annotation... + +(Originally on Twitter: [Wed May 26 22:05:23 +0000 2010](https://twitter.com/adulau/status/14791177867)) +---- +Protest #ACTA http://www.acta-action.eu - contact your #MEP + +(Originally on Twitter: [Thu May 27 12:03:58 +0000 2010](https://twitter.com/adulau/status/14829758083)) +---- +Does someone know a vendor selling HOTP-compatible token alone? the majority of the vendors are bound to their proprietary software... + +(Originally on Twitter: [Thu May 27 13:59:53 +0000 2010](https://twitter.com/adulau/status/14836228317)) +---- +Today's calculation : each iPad owner needs to read at least 15 books/year to amortize the cost of the iPad within 1 year. Amortized? hahaha + +(Originally on Twitter: [Thu May 27 16:35:13 +0000 2010](https://twitter.com/adulau/status/14845520936)) +---- +Will be tomorrow at #lgm #lgm2010, if you want to have a chat or hack something with me... let me know. + +(Originally on Twitter: [Fri May 28 15:04:55 +0000 2010](https://twitter.com/adulau/status/14911942103)) +---- +@0x58 This is indeed a bad news... Dennis Hopper was really a great photographer too. + +(Originally on Twitter: [Sat May 29 19:03:06 +0000 2010](https://twitter.com/adulau/status/14992728904)) +---- +Seeing all the tweets about the #eurovision #EV, I ended up on the alfa-matrix website - http://alfa-matrix.com/ #EBM is so much better. + +(Originally on Twitter: [Sat May 29 20:37:00 +0000 2010](https://twitter.com/adulau/status/14997200059)) +---- +Calculating Pi with #HADOOP http://gist.github.com/406824 + +(Originally on Twitter: [Sat May 29 22:11:03 +0000 2010](https://twitter.com/adulau/status/15001538886)) +---- +@pbeyssac very nice play word... + +(Originally on Twitter: [Sun May 30 06:43:26 +0000 2010](https://twitter.com/adulau/status/15025692383)) +---- +RT @BPGlobalPR: We are very upset that Operation: Top Kill has failed. We are running out of cool names for these things. + +(Originally on Twitter: [Sun May 30 12:30:13 +0000 2010](https://twitter.com/adulau/status/15038170995)) +---- +Very rainy today but sometime this can be helpful : http://www.flickr.com/photos/adulau/4653170204/ #photography #photo #wildlife + +(Originally on Twitter: [Sun May 30 17:08:27 +0000 2010](https://twitter.com/adulau/status/15053604190)) +---- +Registration is now open for the GNU Hackers Meeting (Den Haag, NL 24-25/07 : http://www.gnu.org/ghm/2010/denhaag/ #ghm + +(Originally on Twitter: [Sun May 30 17:31:11 +0000 2010](https://twitter.com/adulau/status/15054759979)) +---- +WTF? Are they smoking crack? GCC Steering Committee approved the use of C++ in GCC (http://article.gmane.org/gmane.comp.gcc.devel/114407) + +(Originally on Twitter: [Mon May 31 19:10:39 +0000 2010](https://twitter.com/adulau/status/15126708822)) +---- +"Use This LATEX Class File to Pwn Your Computer" - http://cseweb.ucsd.edu/~hovav/dist/texhack.pdf #latex #infosec + +(Originally on Twitter: [Mon May 31 21:22:31 +0000 2010](https://twitter.com/adulau/status/15132764694)) +---- +@roessler or could be 5 years in advance until we have a full-blown LaTeX in the browser or Metafont embedded ;-) + +(Originally on Twitter: [Tue Jun 01 06:00:18 +0000 2010](https://twitter.com/adulau/status/15159458246)) +---- +@security4all any reference document? + +(Originally on Twitter: [Tue Jun 01 09:31:42 +0000 2010](https://twitter.com/adulau/status/15166851483)) +---- +@PascClau Ce n'est pas les outils qui manquent mais la maîtrise de ces outils... développement de logiciels libres. cf. Ivan Illich + +(Originally on Twitter: [Tue Jun 01 10:13:00 +0000 2010](https://twitter.com/adulau/status/15168371926)) +---- +@fcouchet http://code.google.com/p/foodle/ + +(Originally on Twitter: [Tue Jun 01 11:52:57 +0000 2010](https://twitter.com/adulau/status/15172548970)) +---- +@bortzmeyer right but feide.no is pointing to http://code.google.com/p/foodle ... Pfff, the Internet is full of links ;-) @fcouchet + +(Originally on Twitter: [Tue Jun 01 12:07:38 +0000 2010](https://twitter.com/adulau/status/15173285879)) +---- +RFC 5854 - "The Metalink Download Description Format" - waiting for curl to support it but looks good (even if this is again XML) + +(Originally on Twitter: [Tue Jun 01 21:24:22 +0000 2010](https://twitter.com/adulau/status/15204294986)) +---- +Is there anyone using nodebox or nodebox 2 to randomly generate stencils for street-art? + +(Originally on Twitter: [Tue Jun 01 22:17:51 +0000 2010](https://twitter.com/adulau/status/15207030497)) +---- +@pp_belgium In your program, point 30) -> should be abolition of the electronic voting and replaced by paper ballot only. + +(Originally on Twitter: [Wed Jun 02 08:44:52 +0000 2010](https://twitter.com/adulau/status/15238602487)) +---- +@pp_belgium this was a suggestion ;-) thanks. + +(Originally on Twitter: [Wed Jun 02 10:51:04 +0000 2010](https://twitter.com/adulau/status/15243251151)) +---- +RT @xach: Erik Naggum's library is for sale. http://xach.livejournal.com/257931.html #naggum + +(Originally on Twitter: [Wed Jun 02 16:31:55 +0000 2010](https://twitter.com/adulau/status/15262845076)) +---- +Misunderstanding in the office today : someone said "Is it a beach party here?" and someone else "A bitch party?" + +(Originally on Twitter: [Thu Jun 03 13:29:15 +0000 2010](https://twitter.com/adulau/status/15324906341)) +---- +@rbidule it's more difficult to find a beach in Luxembourg... + +(Originally on Twitter: [Thu Jun 03 13:37:06 +0000 2010](https://twitter.com/adulau/status/15325388289)) +---- +RT @seldaek: Introducing Slippy - HTML Presentations http://goo.gl/fb/lqn3E #news #php #javascript + +(Originally on Twitter: [Thu Jun 03 16:50:15 +0000 2010](https://twitter.com/adulau/status/15337922487)) +---- +@xme I'm jealous. Still stuck at the office in a conf-call reviewing security of an uncertain software. + +(Originally on Twitter: [Thu Jun 03 17:11:27 +0000 2010](https://twitter.com/adulau/status/15339208553)) +---- +@PascClau Pourquoi la Wallonie ne pourrait pas devenir un "Delaware" pour la création des entreprises si impôts des entreprises -> région ? + +(Originally on Twitter: [Thu Jun 03 17:20:23 +0000 2010](https://twitter.com/adulau/status/15339739070)) +---- +An interesting paper about Stream Control Transmission Protocol (SCTP) Steganography - http://arxiv.org/abs/1006.0247 #stegano + +(Originally on Twitter: [Thu Jun 03 17:54:31 +0000 2010](https://twitter.com/adulau/status/15341692221)) +---- +@zedshaw a clone is nice but I'm always coming back to the roots when needed : http://www.flickr.com/photos/adulau/2163385152/ + +(Originally on Twitter: [Thu Jun 03 21:22:52 +0000 2010](https://twitter.com/adulau/status/15352439510)) +---- +Note for the cdH party in Belgium, it's not because you have some green color on your poster that you are ecologists.... #election #belgium + +(Originally on Twitter: [Fri Jun 04 22:13:44 +0000 2010](https://twitter.com/adulau/status/15445630174)) +---- +released Forban 0.0.19 - http://www.foo.be/forban/ #p2p #epidemic #filesharing + +(Originally on Twitter: [Sat Jun 05 07:34:34 +0000 2010](https://twitter.com/adulau/status/15473716550)) +---- +just released a paper-based OTP token - http://github.com/adulau/paper-token why to use hardware when we can use a pencil ;-) + +(Originally on Twitter: [Sun Jun 06 17:56:37 +0000 2010](https://twitter.com/adulau/status/15570809537)) +---- +The #git of the night "git log --decorate --graph --pretty=oneline --abbrev-commit --all" nice in a terminal and cleaner than gitk + +(Originally on Twitter: [Sun Jun 06 21:26:03 +0000 2010](https://twitter.com/adulau/status/15581292111)) +---- +#IEEE group is working on malware XML schema to help for classification and sharing malware sample http://bit.ly/cU31y0 to look at... + +(Originally on Twitter: [Mon Jun 07 19:50:37 +0000 2010](https://twitter.com/adulau/status/15652163769)) +---- +I officially hate spammer, they grab random PDF on the Internet and insert infective payload and send the infected PDF in your name. + +(Originally on Twitter: [Tue Jun 08 05:52:17 +0000 2010](https://twitter.com/adulau/status/15686507385)) +---- +Seeing so many people going into my web page, they open the infected PDF made by those criminals. I put a warning on my home page... + +(Originally on Twitter: [Tue Jun 08 06:13:21 +0000 2010](https://twitter.com/adulau/status/15687405321)) +---- +@zoobab the remaining 88% of people using the proprietary Windows platform and (as you said) the Acroread trojan... + +(Originally on Twitter: [Tue Jun 08 07:01:26 +0000 2010](https://twitter.com/adulau/status/15689329577)) +---- +@zoobab Sure I can give a hand. + +(Originally on Twitter: [Tue Jun 08 08:43:29 +0000 2010](https://twitter.com/adulau/status/15693133818)) +---- +@zoobab if you want to carry people between train station (Marbehan), I could give a hand. I'll update the wiki. + +(Originally on Twitter: [Tue Jun 08 08:48:14 +0000 2010](https://twitter.com/adulau/status/15693306233)) +---- +@miguno it's really annoying... especially when they use your CV to include malware using WScript.CreateObject("WScript.Shell")... #PDF + +(Originally on Twitter: [Tue Jun 08 10:01:15 +0000 2010](https://twitter.com/adulau/status/15696067764)) +---- +@mikkohypponen they used the "/Launch" function as described by @DidierStevens 2 months ago but it's still very effective... + +(Originally on Twitter: [Tue Jun 08 10:33:04 +0000 2010](https://twitter.com/adulau/status/15697319259)) +---- +@z0nbi Right. That means a lot of people are even opening the files with the Launch warning... looking at the email received... #socialworks + +(Originally on Twitter: [Tue Jun 08 10:48:38 +0000 2010](https://twitter.com/adulau/status/15697942965)) +---- +@z0nbi Yep. This will install a dns resolver hook trojan + nasty misc called Win32/Alureon + +(Originally on Twitter: [Tue Jun 08 10:59:21 +0000 2010](https://twitter.com/adulau/status/15698393709)) +---- +RT @tommiesunshine: The Recording Industry wants $1 billion from LimeWire. Our Government's asking $69 million of BP. Modern priorities ... + +(Originally on Twitter: [Wed Jun 09 06:04:14 +0000 2010](https://twitter.com/adulau/status/15762535862)) +---- +RT @npettiaux: Through http://lepacte.be 69 belgian politicians support free software, free data and free internet + +(Originally on Twitter: [Wed Jun 09 06:11:12 +0000 2010](https://twitter.com/adulau/status/15762818174)) +---- +For the nostalgic, "A penetration analysis of the Michigan terminal system" #pentest in 1980... http://bit.ly/9mA26P + +(Originally on Twitter: [Wed Jun 09 19:35:49 +0000 2010](https://twitter.com/adulau/status/15797488028)) +---- +@xme in OpenPGP key signing parties, the picture is often the only way to link a guy/lady to his/her official documents... + +(Originally on Twitter: [Wed Jun 09 20:53:21 +0000 2010](https://twitter.com/adulau/status/15801664323)) +---- +@jimmy_wales maybe the action of a deletionist... ah no, except if the deletionist also delete the Deletion log ;-) + +(Originally on Twitter: [Thu Jun 10 21:10:56 +0000 2010](https://twitter.com/adulau/status/15878775853)) +---- +More background information on flash issue CVE-2010-2189? "issue occurs only on VMWare systems with VMWare Tools enabled." + +(Originally on Twitter: [Fri Jun 11 09:31:37 +0000 2010](https://twitter.com/adulau/status/15916581903)) +---- +Slides of the Google IPv6 implementor conference - https://sites.google.com/site/ipv6implementors/2010/agenda + +(Originally on Twitter: [Fri Jun 11 20:58:10 +0000 2010](https://twitter.com/adulau/status/15955247463)) +---- +#Foo is a meta-syntactic variable and this is not the root of Football. Just a kind reminder for an email received about my domain name... + +(Originally on Twitter: [Fri Jun 11 21:49:59 +0000 2010](https://twitter.com/adulau/status/15957706878)) +---- +#Belgium #election Benjamin Constant was right about the majority rule in democracy... A patchwork is not controlled by a majority. + +(Originally on Twitter: [Sun Jun 13 20:45:51 +0000 2010](https://twitter.com/adulau/status/16096783303)) +---- +@npettiaux p283 du "Principes de politique, applicables à tous les gouvernements représentatifs" - version domaine public sur googlebooks + +(Originally on Twitter: [Mon Jun 14 05:36:38 +0000 2010](https://twitter.com/adulau/status/16126101697)) +---- +Why ARF and X-ARF is not including source and destination port? would be useful for tracing abuse behind NAT logged pools. + +(Originally on Twitter: [Mon Jun 14 08:26:38 +0000 2010](https://twitter.com/adulau/status/16132845805)) +---- +"#define DEBUG3_DOLOG_SYSTEM(x) system(x)" so simple but so efficient... When will be the GCC à la "Trusting trust" of K. Thompson? + +(Originally on Twitter: [Mon Jun 14 12:20:44 +0000 2010](https://twitter.com/adulau/status/16142896196)) +---- +RT @raf_iot: ♺ @fo0_: RT @_dzen: Bonjour hadopi bonjour orange http://seclists.org/fulldisclosure/2010/Jun/346 #risee #de #tout #interne ... + +(Originally on Twitter: [Tue Jun 15 19:37:08 +0000 2010](https://twitter.com/adulau/status/16248971814)) +---- +@xme funny we made that for the first edition of hack.lu : http://www.foo.be/hacklu2005/p/hacklu2005-pegs.jpg + +(Originally on Twitter: [Tue Jun 15 19:42:01 +0000 2010](https://twitter.com/adulau/status/16249365221)) +---- +@sam280 thanks, interesting especially if you have control on the device doing AES-128 encryption like a STU or STB... + +(Originally on Twitter: [Wed Jun 16 19:53:53 +0000 2010](https://twitter.com/adulau/status/16330933642)) +---- +@sam280 right but a lot of STB designer assumed the encryption algorithm even interrupted or rolled back being safe... + +(Originally on Twitter: [Wed Jun 16 20:15:49 +0000 2010](https://twitter.com/adulau/status/16332207514)) +---- +An old classic "Foundations of Computer Science" from Al Aho and Jeff Ullman http://infolab.stanford.edu/~ullman/focs.html freely available + +(Originally on Twitter: [Wed Jun 16 21:17:13 +0000 2010](https://twitter.com/adulau/status/16335770992)) +---- +Flickr and getty are killing creative commons images with this stupid Getty images deal - http://bit.ly/4opVgW #cc + +(Originally on Twitter: [Fri Jun 18 21:57:11 +0000 2010](https://twitter.com/adulau/status/16500727000)) +---- +"Reputation Reporting Protocol" - http://tools.ietf.org/html/draft-dskoll-reputation-reporting-01 - an I-D to report about event IP history + +(Originally on Twitter: [Fri Jun 18 22:17:34 +0000 2010](https://twitter.com/adulau/status/16501748764)) +---- +made a quick blog entry - Searching Google using standard Unix tools - http://bit.ly/adj0zz + +(Originally on Twitter: [Sat Jun 19 10:17:15 +0000 2010](https://twitter.com/adulau/status/16536265851)) +---- +Just bought the tickets to see (and obviously listen) #bauchklang at Esperanzah! 2010 #belgium #belgique + +(Originally on Twitter: [Sat Jun 19 20:16:56 +0000 2010](https://twitter.com/adulau/status/16569165956)) +---- +I passively fuzzed while just feeding "standard" XHTML documents. I just crashed 3 different parsers with the same document... not good. + +(Originally on Twitter: [Sat Jun 19 20:48:33 +0000 2010](https://twitter.com/adulau/status/16570592608)) +---- +DNS Skinhole ISO image available - http://isc.sans.edu/diary.html?storyid=9037 relying on SRI, ZeuS and dom malware blocklist. + +(Originally on Twitter: [Sun Jun 20 13:51:05 +0000 2010](https://twitter.com/adulau/status/16617804759)) +---- +thinking of replacing my aging whiteboard with @ideapaint http://www.ideapaint.com/ any experience with the durability? + +(Originally on Twitter: [Sat Jun 26 06:56:23 +0000 2010](https://twitter.com/adulau/status/17075209957)) +---- +RT @matrosov: Our report about TDSS v3: "TDL3: The Rootkit of All Evil?" http://www.eset.com/resources/white-papers/TDL3-Analysis.pdf #e ... + +(Originally on Twitter: [Sat Jun 26 07:08:38 +0000 2010](https://twitter.com/adulau/status/17075722196)) +---- +Apple updated his privacy policy, if you want to see the diff: http://bit.ly/dgsav4 #goodiff #quuxlabs #privacy #tos + +(Originally on Twitter: [Sat Jun 26 07:26:15 +0000 2010](https://twitter.com/adulau/status/17076432849)) +---- +Telemarketer called me on my private mobile phone and they got this number by randomly composing numbers... key space is small. + +(Originally on Twitter: [Sat Jun 26 08:21:02 +0000 2010](https://twitter.com/adulau/status/17078554729)) +---- +@xtcsh Thanks. The reason behind the "his" - We know that Apple is an "one-man show"... + +(Originally on Twitter: [Sat Jun 26 17:23:43 +0000 2010](https://twitter.com/adulau/status/17105970393)) +---- +@superbus You are right, usually a Terms of Services (ToS) is more close to Terms of Slavery. That's why we made goodiff.org + +(Originally on Twitter: [Sat Jun 26 17:39:38 +0000 2010](https://twitter.com/adulau/status/17106887904)) +---- +RT @deputetardy: Tout chaud ... le compte-rendu officiel de l'audition de la Hadopi à l'Assemblée nationale (en bas de ma note) http://b ... + +(Originally on Twitter: [Sat Jun 26 21:21:35 +0000 2010](https://twitter.com/adulau/status/17118677547)) +---- +@linuxfoundation the platypus is still my favorite by when I saw the Larry Ewing penguin with the 2.0 kernel, I knew it will stay. + +(Originally on Twitter: [Mon Jun 28 21:20:47 +0000 2010](https://twitter.com/adulau/status/17280785425)) +---- +Radio regulatory is nonsense, you cannot have a FM transmitter to change easily the frequency... you open the box and use the dial switch + +(Originally on Twitter: [Tue Jun 29 21:02:33 +0000 2010](https://twitter.com/adulau/status/17362521452)) +---- +Twitter is keeping track and also sharing "click statistics" - http://bit.ly/92xa5n #goodiff #quuxlabs #privacy + +(Originally on Twitter: [Wed Jun 30 05:27:28 +0000 2010](https://twitter.com/adulau/status/17392097276)) +---- +"...we recommend that the functionality be re-enabled." from Adobe about "/Launch" - http://bit.ly/aXyqXy - until next circumvent I assume + +(Originally on Twitter: [Wed Jun 30 06:26:20 +0000 2010](https://twitter.com/adulau/status/17394921265)) +---- +In HackerMonthly issue #2, I enjoyed the article "Worst-Case Thinking" by Bruce Schneier. http://hackermonthly.com/ #infosec + +(Originally on Twitter: [Wed Jun 30 20:04:39 +0000 2010](https://twitter.com/adulau/status/17438358574)) +---- +@eromang and then, the clever move from insurance companies was to legally force people to be insured. from low risks to legal risks... + +(Originally on Twitter: [Wed Jun 30 20:37:42 +0000 2010](https://twitter.com/adulau/status/17440080575)) +---- +I hope that you like as much as I like those bookshelves http://bookshelfporn.com/ @bookshelfporn #bookworm + +(Originally on Twitter: [Thu Jul 01 21:45:58 +0000 2010](https://twitter.com/adulau/status/17522644039)) +---- +PDF "Launch" Saga... It was faster than expected. #lessisbetter http://bit.ly/bXo6Al + +(Originally on Twitter: [Fri Jul 02 05:49:27 +0000 2010](https://twitter.com/adulau/status/17550551141)) +---- +@joindiaspora Thanks for the monthly report. Why not already publishing your source code repository? even if this is very alpha. + +(Originally on Twitter: [Fri Jul 02 14:47:37 +0000 2010](https://twitter.com/adulau/status/17577662158)) +---- +What's my most frequent command while IPv6 connected? "nget -g alt.binaries.e-book.technical -r "pdf"" -> just testing connectivity. + +(Originally on Twitter: [Sat Jul 03 08:14:54 +0000 2010](https://twitter.com/adulau/status/17635153996)) +---- +RT @ioerror: Are you interested in Tor and DNS? Here's the most comprehensive document written on the subject as of today: http://bit.ly ... + +(Originally on Twitter: [Sat Jul 03 08:21:40 +0000 2010](https://twitter.com/adulau/status/17635405255)) +---- +If you want to watch "Star Wars", just "telnet towel.blinkenlights.nl" #ascii #art #asciiart + +(Originally on Twitter: [Sat Jul 03 21:17:00 +0000 2010](https://twitter.com/adulau/status/17677520685)) +---- +RT @dloss: .@enkido has put his muXTCP userland TCP/IP stack from 2005 on github http://github.com/enki/muXTCP/ #scapy #python + +(Originally on Twitter: [Sun Jul 04 15:16:19 +0000 2010](https://twitter.com/adulau/status/17726448577)) +---- +Another good reason to have lacy phacelia in your garden : http://www.flickr.com/photos/adulau/4760962012/ #biodiversity + +(Originally on Twitter: [Sun Jul 04 19:28:07 +0000 2010](https://twitter.com/adulau/status/17739987760)) +---- +@security4all if you want to have fun with #ATM, the Gas Protection Unit is a good start to dig into... simple physical attacks work great 2 + +(Originally on Twitter: [Mon Jul 05 19:30:38 +0000 2010](https://twitter.com/adulau/status/17812232270)) +---- +looking @MonsantoCo mantra "to help farmers produce more while conserving more" I suppose this is a fake account making fun of them... + +(Originally on Twitter: [Mon Jul 05 21:32:44 +0000 2010](https://twitter.com/adulau/status/17818453398)) +---- +happy to see the "dictionary and set comprehensions" imported in Python 2.7 but such power comes with responsibilities... + +(Originally on Twitter: [Tue Jul 06 20:48:42 +0000 2010](https://twitter.com/adulau/status/17895494724)) +---- +Reading a Bash book forgetting about the existence of "fmt", the simple text formatter. A fast way to make 1 line out of multilines #unix + +(Originally on Twitter: [Tue Jul 06 21:30:25 +0000 2010](https://twitter.com/adulau/status/17897612548)) +---- +RT @joswr1ght: Some progress on a WiMAX scanner: http://www.willhackforsushi.com/?p=484 Wish we had Clear in RI + +(Originally on Twitter: [Wed Jul 07 05:14:12 +0000 2010](https://twitter.com/adulau/status/17925487856)) +---- +http://bit.ly/cokkGj Any feedback on the Origin: header proposal in HTTP? A realistic mitigation against Cross-Site Request Forgery? + +(Originally on Twitter: [Wed Jul 07 21:06:19 +0000 2010](https://twitter.com/adulau/status/17981407270)) +---- +@pbeyssac thanks for the feedback. The js generated is indeed a good point... and obviously breaking the current HTTP Origin: model. + +(Originally on Twitter: [Thu Jul 08 12:23:16 +0000 2010](https://twitter.com/adulau/status/18030342082)) +---- +Skype RC4 key expansion : http://cryptolib.com/ciphers/skype/ - Maybe this would increase the Skype analysis and its attack surface ? + +(Originally on Twitter: [Thu Jul 08 21:45:44 +0000 2010](https://twitter.com/adulau/status/18064966837)) +---- +RT @AlainGerlache: Encenser ou démolir un journal parce qui'il est en ligne n'a aucun sens. Ce n'est pas le support qui fait la qualité ... + +(Originally on Twitter: [Thu Jul 08 22:03:08 +0000 2010](https://twitter.com/adulau/status/18065935755)) +---- +http://bit.ly/d3lz9w - skip BNF grammar and define the grammar in Python. Codetalker approach seems very elegant... + +(Originally on Twitter: [Fri Jul 09 05:56:06 +0000 2010](https://twitter.com/adulau/status/18096138994)) +---- +Backdoor or debugging tool on 4G and HTC Hero? http://bit.ly/cL54Nf seems more like a simple and vulnerable debugging tool... + +(Originally on Twitter: [Sat Jul 10 09:17:06 +0000 2010](https://twitter.com/adulau/status/18185816891)) +---- +RT @roessler: All 34 position papers for the W3C privacy workshop in one download: http://www.w3.org/2010/api-privacy-ws/papers.zip + +(Originally on Twitter: [Sat Jul 10 09:38:42 +0000 2010](https://twitter.com/adulau/status/18186617524)) +---- +Notification of PCI de-listing for Visa/MC card reader/POS : http://bit.ly/aLs2vR why? easy to hook PIN skimmer... + +(Originally on Twitter: [Sat Jul 10 10:10:57 +0000 2010](https://twitter.com/adulau/status/18187789953)) +---- +Happy to hear feedback from users using quick-and-dirty OddmuseGit - http://www.foo.be/cgi-bin/wiki.pl/OddmuseGit #oddmuse #git + +(Originally on Twitter: [Sat Jul 10 14:12:43 +0000 2010](https://twitter.com/adulau/status/18198598228)) +---- +just released Forban 0.0.20 - bug fix release - http://www.foo.be/forban/ #p2p #epidemicp2p #mobile + +(Originally on Twitter: [Sat Jul 10 14:55:24 +0000 2010](https://twitter.com/adulau/status/18201213649)) +---- +@_ddenis_ Le contrôle des dispositifs CCTV c'est uniquement pour avoir un monopole d’État sur la vidéo surveillance... + +(Originally on Twitter: [Sat Jul 10 16:02:44 +0000 2010](https://twitter.com/adulau/status/18205577708)) +---- +EFF Celebrates 20th Anniversary With New Animation by Nina Paley - https://w2.eff.org/ninapaley/ #EFF #freedom + +(Originally on Twitter: [Sat Jul 10 20:50:43 +0000 2010](https://twitter.com/adulau/status/18222503487)) +---- +some discussed synthetic life but we are still not able to make safe and secure software. Imagine synthetic life just like today's software. + +(Originally on Twitter: [Sun Jul 11 07:50:58 +0000 2010](https://twitter.com/adulau/status/18256255789)) +---- +A distributed alternative to Wikileaks? Maybe the beginning of something ... http://news.ycombinator.com/item?id=1505291 + +(Originally on Twitter: [Sun Jul 11 10:48:31 +0000 2010](https://twitter.com/adulau/status/18263419897)) +---- +@mikkohypponen if you like dataset from honeypots with attacker keystrokes : http://2010.hack.lu/archive/2009/InfoVisContest/ + +(Originally on Twitter: [Sun Jul 11 13:37:36 +0000 2010](https://twitter.com/adulau/status/18271729365)) +---- +@ChrisJohnRiley especially compared to the cost of a library. Remind me of Andrew Carnegie model for public libraries... + +(Originally on Twitter: [Sun Jul 11 15:58:31 +0000 2010](https://twitter.com/adulau/status/18280441234)) +---- +@ChrisJohnRiley Great, I would go more often to the stadium if it was a giant library... + +(Originally on Twitter: [Sun Jul 11 16:04:57 +0000 2010](https://twitter.com/adulau/status/18280863951)) +---- +eBay changed its user agreement and added a "Listing conditions" section http://bit.ly/cMr8T8 #eula #goodiff #quuxlabs #legal + +(Originally on Twitter: [Thu Jul 22 09:05:39 +0000 2010](https://twitter.com/adulau/status/19241120341)) +---- +RT @fcouchet: Projets sous licence libre (dev, doc, culture...), candidatez aux H@ckWeeks http://hackweeks.epplug.org/fr/ #epplug #picardie + +(Originally on Twitter: [Thu Jul 22 10:14:41 +0000 2010](https://twitter.com/adulau/status/19244033329)) +---- +For the Kraken source code -> http://reflextor.com/trac/a51/browser/tinkering/Kraken #gsm #a51 + +(Originally on Twitter: [Thu Jul 22 12:55:28 +0000 2010](https://twitter.com/adulau/status/19252271501)) +---- +Want to see the mess of subjectAltName use in TLS/SSL? a nice example found by Peter Gutmann http://bit.ly/aUYFSK #infosec #tls #pki + +(Originally on Twitter: [Thu Jul 22 19:01:27 +0000 2010](https://twitter.com/adulau/status/19276649456)) +---- +Pluri-lateral (ACTA) - Chapter 2 Section 3 "Criminal Enforcement" http://bit.ly/9ZFP01 EU Council has the document but they don't share... + +(Originally on Twitter: [Fri Jul 23 07:43:20 +0000 2010](https://twitter.com/adulau/status/19321745300)) +---- +@bortzmeyer What's the most painful? Unicode programming or programming at 40° C? + +(Originally on Twitter: [Fri Jul 23 09:08:46 +0000 2010](https://twitter.com/adulau/status/19325421070)) +---- +OVH propose d'héberger france.fr gratuitement pour une année : http://forum.ovh.com/showthread.php?t=61597 + +(Originally on Twitter: [Fri Jul 23 09:25:03 +0000 2010](https://twitter.com/adulau/status/19326116016)) +---- +RT @doctorow: For the 1st time in human history, all the works produced by our contemporaries are inaccessible to us #orgcon @thepublicd ... + +(Originally on Twitter: [Sat Jul 24 12:12:52 +0000 2010](https://twitter.com/adulau/status/19416690302)) +---- +@davanac @SLE06 la politique est simplement le reflet de la société du spectacle - http://bit.ly/cdwtb7 + +(Originally on Twitter: [Sat Jul 24 12:19:23 +0000 2010](https://twitter.com/adulau/status/19417003871)) +---- +@roessler I would be afraid if someone jump on you at final movement of 9th Symphony... #AClockworkOrange + +(Originally on Twitter: [Sun Jul 25 09:20:43 +0000 2010](https://twitter.com/adulau/status/19485076625)) +---- +RT @teamcymru: UK launching "Cyber Security Challenge" as a way to locate, invigorate the next gen of security talent http://bit.ly/9oVNTI + +(Originally on Twitter: [Mon Jul 26 20:42:32 +0000 2010](https://twitter.com/adulau/status/19600849245)) +---- +Take a paper model for a dice (http://bit.ly/c1koGq), replace the numbers with QR Code and now, you have a dice-based random generator... + +(Originally on Twitter: [Mon Jul 26 21:12:09 +0000 2010](https://twitter.com/adulau/status/19602501975)) +---- +RT @gchampeau: #EpicFAIL Pour arrêter le terrorisme, interdisons la programmation C++ (@Numerama) http://bt.io/FhkU + +(Originally on Twitter: [Tue Jul 27 11:10:42 +0000 2010](https://twitter.com/adulau/status/19648444645)) +---- +ARKit an free/open-source rootkit detection library for win32 http://code.google.com/p/arkitlib/ looks quite good #win32 #infosec #malware + +(Originally on Twitter: [Tue Jul 27 12:11:44 +0000 2010](https://twitter.com/adulau/status/19651626511)) +---- +RT @jeremiahg: Interesting timing on Disclosure statements from GOOG, MOZ, & MSFT. GOOG adds patch deadline. GOOG & MOZ up bug bounty. M ... + +(Originally on Twitter: [Tue Jul 27 15:29:26 +0000 2010](https://twitter.com/adulau/status/19665220107)) +---- +2010 Sort Benchmark winners - http://sortbenchmark.org/ #hadoop + +(Originally on Twitter: [Wed Jul 28 12:43:04 +0000 2010](https://twitter.com/adulau/status/19737486406)) +---- +RT @0xcharlie: @ChrisJohnRiley I guess the fact nobody cares about reader 0-days is more interesting than a reader 0-day. It's a reaso ... + +(Originally on Twitter: [Thu Jul 29 09:06:53 +0000 2010](https://twitter.com/adulau/status/19812210554)) +---- +"don't blame the cryptographic protocol if no one is able to make a proper implementation" wait... maybe the protocol is so badly designed. + +(Originally on Twitter: [Thu Jul 29 21:01:44 +0000 2010](https://twitter.com/adulau/status/19854700853)) +---- +one possible use of the Facebook profile information: generating a good dictionary from fabebook-names-original.txt to brute-force password + +(Originally on Twitter: [Fri Jul 30 09:14:30 +0000 2010](https://twitter.com/adulau/status/19896972021)) +---- +1984 will be in France... a governmental end-point security software http://bit.ly/bVzzPy #hadopi + +(Originally on Twitter: [Fri Jul 30 09:51:14 +0000 2010](https://twitter.com/adulau/status/19898534328)) +---- +@bortzmeyer http://bit.ly/cwmdxG an interesting DNSSEC comment in HN... + +(Originally on Twitter: [Fri Jul 30 11:56:16 +0000 2010](https://twitter.com/adulau/status/19904218715)) +---- +RT @elise_huard: Whoever still harbors the delusion that French is a romantic language should spend some time with these folks + +(Originally on Twitter: [Sat Jul 31 09:07:46 +0000 2010](https://twitter.com/adulau/status/19979974493)) +---- +@z0nbi decent tripod - giottos vt 806 - cheap - I recently cleaned it with a Karcher. Light enough for wild nature photography... + +(Originally on Twitter: [Sat Jul 31 09:22:43 +0000 2010](https://twitter.com/adulau/status/19980550665)) +---- +We are still nowhere with e-book readers why the Kindle can't read ePub? again nothing beat a paper book regarding e-book format... + +(Originally on Twitter: [Sun Aug 01 18:03:02 +0000 2010](https://twitter.com/adulau/status/20078304216)) +---- +"Invasive species" is just a term to hide the activity of the real invasive specie : "Homo sapiens sapiens" #biology #biodiversity + +(Originally on Twitter: [Sun Aug 01 19:28:50 +0000 2010](https://twitter.com/adulau/status/20082752408)) +---- +RT @wikileaks: Hilarious WikiLeaks rap gets it right. Is comedy the only honest commentary? http://bit.ly/9d60V3 + +(Originally on Twitter: [Tue Aug 03 05:49:35 +0000 2010](https://twitter.com/adulau/status/20199929893)) +---- +Per-site, theft-resistant passwords in Python (based on HMAC) http://lunaryorn.de/code/pwdhash.html #infosec + +(Originally on Twitter: [Wed Aug 04 06:16:29 +0000 2010](https://twitter.com/adulau/status/20283942278)) +---- +An interesting analysis of Internet X.509 certificates - http://www.eff.org/observatory #pki #x509 they plan to release the dataset. + +(Originally on Twitter: [Thu Aug 05 07:54:43 +0000 2010](https://twitter.com/adulau/status/20371333864)) +---- +http://bit.ly/9oW3aj - want to see Belgian activities in Afghan War Diaries Explorer - software used behind is free software #belgium + +(Originally on Twitter: [Thu Aug 05 08:59:27 +0000 2010](https://twitter.com/adulau/status/20373969752)) +---- +"returning electronic documents" - a new DoD concept - http://cs.pn/a3PkQl #internet + +(Originally on Twitter: [Thu Aug 05 20:55:18 +0000 2010](https://twitter.com/adulau/status/20415938456)) +---- +@FunkySteph @treehugger "New Belgium Brewery" is not even producing organic beer... strange for the "greenest brewery" + +(Originally on Twitter: [Fri Aug 06 15:02:59 +0000 2010](https://twitter.com/adulau/status/20475566027)) +---- +Internet-Draft about EAP Support in Smartcard / Section 10 is an interesting read - http://bit.ly/ahkBiT + +(Originally on Twitter: [Sat Aug 07 06:50:37 +0000 2010](https://twitter.com/adulau/status/20533540044)) +---- +Another example of deletionist misbehavior on Wikipedia. The Base62 page has been removed... + +(Originally on Twitter: [Sat Aug 07 11:06:08 +0000 2010](https://twitter.com/adulau/status/20544205749)) +---- +@z0nbi that's an art by itself especially with a 35mm close to people... + +(Originally on Twitter: [Sat Aug 07 13:56:47 +0000 2010](https://twitter.com/adulau/status/20553083439)) +---- +RT @DNSMadeEasy: This is flooding the provider's backbones. By far the largest attack we have had to fight in history. + +(Originally on Twitter: [Sat Aug 07 20:15:39 +0000 2010](https://twitter.com/adulau/status/20575688086)) +---- +Negroponte said "physical books dead in 5 years" ? Interesting comments on HN http://fo.vc/2 #books #ebooks + +(Originally on Twitter: [Sat Aug 07 20:44:50 +0000 2010](https://twitter.com/adulau/status/20577061466)) +---- +RT @russnelson: When you're young, you worry about people stealing your ideas. When you're old, you worry about people NOT stealing your ... + +(Originally on Twitter: [Sun Aug 08 06:44:51 +0000 2010](https://twitter.com/adulau/status/20610551671)) +---- +Maybe a partially good news for cryptography if "P is not equal to NP" under review paper is correct http://fo.vc/3 + +(Originally on Twitter: [Mon Aug 09 07:08:07 +0000 2010](https://twitter.com/adulau/status/20689185821)) +---- +@p4ula I would agree. IMHO this is a parallel to the "Mistrust authority, promote decentralization" mantra in various hacker ethic ref. + +(Originally on Twitter: [Mon Aug 09 07:20:10 +0000 2010](https://twitter.com/adulau/status/20689699857)) +---- +Arbor networks acquired by Tektronix... What's next? + +(Originally on Twitter: [Tue Aug 10 08:32:12 +0000 2010](https://twitter.com/adulau/status/20779195361)) +---- +@xme right... perl -e 'print "".localtime $_' is always useful ;-) + +(Originally on Twitter: [Tue Aug 10 14:54:54 +0000 2010](https://twitter.com/adulau/status/20800720867)) +---- +Do you like cryptographic challenge? http://fo.vc/4 you could win an entrance for #hacklu 2010... + +(Originally on Twitter: [Tue Aug 10 20:33:11 +0000 2010](https://twitter.com/adulau/status/20823225130)) +---- +"TP packets can be intercepted up to 40 meters from a passing car using GNU Radio with a basic low-noise amplifier. " http://fo.vc/5 + +(Originally on Twitter: [Wed Aug 11 07:07:16 +0000 2010](https://twitter.com/adulau/status/20865569830)) +---- +RT @xme: Registration for #hacklu completed! + +(Originally on Twitter: [Wed Aug 11 09:33:34 +0000 2010](https://twitter.com/adulau/status/20872481297)) +---- +@rbidule do you advise us to install a Trojan on our PC? @rommelfs gave me the EULA of Colasoft Capsa and that's bloody scary... + +(Originally on Twitter: [Wed Aug 11 12:36:30 +0000 2010](https://twitter.com/adulau/status/20881989029)) +---- +@rbidule I like it. So you are doing indirect drive-by download... it's even more clever. What percentage do you get from that malware? ;-) + +(Originally on Twitter: [Wed Aug 11 15:01:55 +0000 2010](https://twitter.com/adulau/status/20892327815)) +---- +Bug #626593 for Gnome is fun... https://bugzilla.gnome.org/show_bug.cgi?id=626593 + +(Originally on Twitter: [Thu Aug 12 09:46:48 +0000 2010](https://twitter.com/adulau/status/20962709970)) +---- +RT @jmason: hey, not nice! delicious no longer provides URLs older than 2008 in its backups -- I have another 4 years of links! + +(Originally on Twitter: [Thu Aug 12 11:15:48 +0000 2010](https://twitter.com/adulau/status/20966973444)) +---- +@ChrisJohnRiley I coincidently won a N900 at #FOSDEM and I'm using it. That's a great portable computer but still a minimal phone.... + +(Originally on Twitter: [Thu Aug 12 12:06:53 +0000 2010](https://twitter.com/adulau/status/20969759448)) +---- +"Collisions in PDF Signatures" I like those standards and implementation "interpretations" leading to funny issues - http://fo.vc/6 + +(Originally on Twitter: [Fri Aug 13 05:56:47 +0000 2010](https://twitter.com/adulau/status/21040568804)) +---- +After SCO FUD, we have the Oracle FUD... maybe the end will be similar for Oracle. + +(Originally on Twitter: [Fri Aug 13 08:45:14 +0000 2010](https://twitter.com/adulau/status/21048604237)) +---- +@patrickvw right but it's really pity to see Oracle jumping and following the litigation path. + +(Originally on Twitter: [Fri Aug 13 09:02:05 +0000 2010](https://twitter.com/adulau/status/21049357536)) +---- +@theodric right, a man can hope, especially if you are regularly going to HOPE (http://thenexthope.org/) or similar events... + +(Originally on Twitter: [Fri Aug 13 12:17:50 +0000 2010](https://twitter.com/adulau/status/21059105135)) +---- +Maybe the patent mess is an opportunity for Google to standardize around Python or Go and finally use a decent language for Android... + +(Originally on Twitter: [Fri Aug 13 13:59:31 +0000 2010](https://twitter.com/adulau/status/21065920992)) +---- +Listening to "Greyhawk - Boiled Acid", I especially enjoy "Trance Elevator" even if the track name is misleading... the bass line is a must + +(Originally on Twitter: [Fri Aug 13 21:32:28 +0000 2010](https://twitter.com/adulau/status/21097040257)) +---- +#hacklu I finally finished my reviews for http://2010.hack.lu and there are some real pearls, it will be announced in the next days. + +(Originally on Twitter: [Sat Aug 14 07:03:41 +0000 2010](https://twitter.com/adulau/status/21131951471)) +---- +Forban announce discovery in 1 line -> tcpdump -c 1 -t -p -n -l -A -s0 -iany "udp and port 12555 and udp[8:2]==0x666f" + +(Originally on Twitter: [Sat Aug 14 07:24:57 +0000 2010](https://twitter.com/adulau/status/21132923924)) +---- +just made a new blog post "Free Software Is Beyond Companies" - http://fo.vc/7 + +(Originally on Twitter: [Sun Aug 15 09:56:42 +0000 2010](https://twitter.com/adulau/status/21220700049)) +---- +0.13 μSv/H (Monday) -> 0.19 μSv/H (Sunday) in the south of Belgium when raining - my air measurements are surely broken... #radioactivity + +(Originally on Twitter: [Sun Aug 15 13:42:55 +0000 2010](https://twitter.com/adulau/status/21231480747)) +---- +@rommelfs maybe it's also related to the Chooz A nuclear plant dismantlement in Ardennes, France... #radioactivity #belgium http://fo.vc/8 + +(Originally on Twitter: [Sun Aug 15 14:54:44 +0000 2010](https://twitter.com/adulau/status/21236232944)) +---- +@roessler an opportunity to be creative with the remaining ingredients at home + +(Originally on Twitter: [Sun Aug 15 15:46:05 +0000 2010](https://twitter.com/adulau/status/21239994160)) +---- +OpenSSL just crashed violently when parsing an X.509 certificate #accidentalfuzzing + +(Originally on Twitter: [Sun Aug 15 20:06:05 +0000 2010](https://twitter.com/adulau/status/21255899783)) +---- +NTMLv2 presentation - Usenix 2010 (if you are curious about old and recurring protocol bugs) - http://fo.vc/9 + +(Originally on Twitter: [Mon Aug 16 15:25:45 +0000 2010](https://twitter.com/adulau/status/21323175392)) +---- +@ITnation For your new thriller, it would be nicer to use the Steven Levy definition of a Hacker... + +(Originally on Twitter: [Mon Aug 16 15:33:38 +0000 2010](https://twitter.com/adulau/status/21323743310)) +---- +RT @feliam: Parse hard. Why parsing PDF is hard? I think it's because of this... http://bit.ly/coRMtc . Basically the spec is broken.... ... + +(Originally on Twitter: [Mon Aug 16 20:44:37 +0000 2010](https://twitter.com/adulau/status/21343443428)) +---- +Don't fall into the trap. If you see a book updated "25th Anniversary Edition", there is nothing new and the older version is still better. + +(Originally on Twitter: [Mon Aug 16 20:49:16 +0000 2010](https://twitter.com/adulau/status/21343729349)) +---- +RT @librarythingtim: Maximum times the "cyberpunk" tag has been applied to a book: OCLC 2. LibraryThing 1,321. There's a lesson here. + +(Originally on Twitter: [Tue Aug 17 06:06:53 +0000 2010](https://twitter.com/adulau/status/21380649034)) +---- +@Phonoelit @joernchen the stream works well. by the way, nice mix. is the track listing available? + +(Originally on Twitter: [Tue Aug 17 20:19:21 +0000 2010](https://twitter.com/adulau/status/21430235235)) +---- +RT @esizkur: Sorry for the confusion everyone. Clarification from Tanja: #CRYPTO2010 rump session commences in 1:10h, at 19:30 PDT (webs ... + +(Originally on Twitter: [Wed Aug 18 05:17:17 +0000 2010](https://twitter.com/adulau/status/21465204016)) +---- +@joernchen Thank you for the track list, nice mix. You are obviously not member of MATOS (movement against tracklistings of sets) ;-) + +(Originally on Twitter: [Thu Aug 19 22:40:55 +0000 2010](https://twitter.com/adulau/status/21613696695)) +---- +@mir_ripe_labs do you know why the private Bezeqint ASN 65024 show up in the RIS table recently? thank you. + +(Originally on Twitter: [Fri Aug 20 12:52:31 +0000 2010](https://twitter.com/adulau/status/21661789132)) +---- +RT @mgeist: ACTA countries pledge to release final text before signing. Too late - once deal is done, take it/leave it http://bit.ly/aR0scE + +(Originally on Twitter: [Sun Aug 22 10:07:45 +0000 2010](https://twitter.com/adulau/status/21819915500)) +---- +A bat likes my underwear (don't worry it's safe for work ;-) - http://fo.vc/A + +(Originally on Twitter: [Sun Aug 22 14:52:07 +0000 2010](https://twitter.com/adulau/status/21835044731)) +---- +RFC 5953 - Transport Layer Security (TLS) Transport Model for SNMP - looks nice on paper... but read 4.1.1. -> X.509 craziness #security + +(Originally on Twitter: [Mon Aug 23 21:31:59 +0000 2010](https://twitter.com/adulau/status/21944713155)) +---- +"Vulnerability Analysis of PAP for RFID Tags" - http://arxiv.org/abs/1008.3625 #rfid #infosec + +(Originally on Twitter: [Tue Aug 24 08:16:55 +0000 2010](https://twitter.com/adulau/status/21984176442)) +---- +@mikebem and it's even an understatement. #Godwinlaw + +(Originally on Twitter: [Tue Aug 24 12:15:49 +0000 2010](https://twitter.com/adulau/status/21995804484)) +---- +RT @security4all: For the people that asked me about the IPv6 UTP cables in Akihabara, I found some pics http://bit.ly/9GBVo4 + +(Originally on Twitter: [Tue Aug 24 16:00:17 +0000 2010](https://twitter.com/adulau/status/22011590855)) +---- +"Security Mitigations for Return-Oriented Programming Attacks" - http://arxiv.org/abs/1008.4099 leak of virtual addresses is still an issue + +(Originally on Twitter: [Wed Aug 25 07:45:47 +0000 2010](https://twitter.com/adulau/status/22070612850)) +---- +The illusion of diversity: visualizing ownership in the soft drink industry +https://www.msu.edu/~howardp/softdrinks.html #infovis #food + +(Originally on Twitter: [Fri Aug 27 20:54:48 +0000 2010](https://twitter.com/adulau/status/22297483544)) +---- +5$ won't stop attackers to put malicious extensions in the Chrome extension gallery... remember spammers buying EV certificate. #infosec + +(Originally on Twitter: [Sat Aug 28 08:13:08 +0000 2010](https://twitter.com/adulau/status/22338034815)) +---- +saw the scary warning of the day when compiling a cryptographic library "warning: value computed is not used"... + +(Originally on Twitter: [Sat Aug 28 08:36:28 +0000 2010](https://twitter.com/adulau/status/22339008767)) +---- +@fboule thx, another interesting one for "auth-rsa.c" but the one seen is in AES function of some embedded code... + +(Originally on Twitter: [Sat Aug 28 09:04:56 +0000 2010](https://twitter.com/adulau/status/22340185921)) +---- +@fboule but the one for the AES function is real... it's an array declaration at the wrong place... + +(Originally on Twitter: [Sat Aug 28 09:27:52 +0000 2010](https://twitter.com/adulau/status/22341126380)) +---- +Experimenting HN free software back-end for information security news http://news.hack.lu/ #HN #infosec #arc #lisp + +(Originally on Twitter: [Sat Aug 28 09:35:58 +0000 2010](https://twitter.com/adulau/status/22341460566)) +---- +RT @laurentchemla: Par une coincidence troublante, les gamins d'en face apprennent à jouer de la vuvuzela pile le jour où je commence le ... + +(Originally on Twitter: [Sat Aug 28 13:53:34 +0000 2010](https://twitter.com/adulau/status/22354383173)) +---- +RT @xme: Just noticed that the #FOSDEM 2011 dates have been released: 5-6 Feb 2011. Blocked! + +(Originally on Twitter: [Sat Aug 28 19:20:25 +0000 2010](https://twitter.com/adulau/status/22377242991)) +---- +Parsing is difficult even for BGP messages especially when you are Cisco and make a carrier-grade platform called CRS ;-) + +(Originally on Twitter: [Sat Aug 28 20:38:32 +0000 2010](https://twitter.com/adulau/status/22381590096)) +---- +just released Forban 0.0.21 (bug fix release) - opportunistic p2p for local area/wireless network. http://www.foo.be/forban/ #p2p #sharing + +(Originally on Twitter: [Sat Aug 28 22:10:54 +0000 2010](https://twitter.com/adulau/status/22386870975)) +---- +RT @jepoirrier: Quelqu'un d'autre a également l'impression que Test-Achats devient très mercantile ? http://ur1.ca/1crd3 #testachats #ve ... + +(Originally on Twitter: [Mon Aug 30 08:02:59 +0000 2010](https://twitter.com/adulau/status/22506618170)) +---- +a representative from #ACTA discussion just told me that their secret technique is called "belgian negotiation" #BeGov #belgium + +(Originally on Twitter: [Mon Aug 30 14:58:08 +0000 2010](https://twitter.com/adulau/status/22531056042)) +---- +RT @msftsecresponse: Status update on the DLL preloading issue > http://bit.ly/cy4p8C and additional guidance on deploying mitigation ... + +(Originally on Twitter: [Tue Aug 31 21:31:06 +0000 2010](https://twitter.com/adulau/status/22650545765)) +---- +RT @thorstenholz: Now live: Challenge 5 of the Forensic Challenge 2010: "Log Mysteries" - http://bit.ly/d0n17H + +(Originally on Twitter: [Wed Sep 01 06:12:42 +0000 2010](https://twitter.com/adulau/status/22684230754)) +---- +Just saw a third-order emergent structure in an old tea cup lying on my desk. In other words, my desk was a bit messy... #biology #nature + +(Originally on Twitter: [Wed Sep 01 20:56:52 +0000 2010](https://twitter.com/adulau/status/22739939340)) +---- +RT @damienmiller: Just landed support for elliptic curve crypto in OpenSSH - ECDH KEX and ECDSA host/user keys: http://bit.ly/9AFLGj + +(Originally on Twitter: [Wed Sep 01 21:03:46 +0000 2010](https://twitter.com/adulau/status/22740393414)) +---- +@raf_iot great... a technical howto to mashup your own data source would be nice too #bgp_ranking @ccc_trier + +(Originally on Twitter: [Wed Sep 01 21:22:17 +0000 2010](https://twitter.com/adulau/status/22741635556)) +---- +RT @chriseng: RT @mckt_: RT @packetwerks You know what's more wack? Directory indexing and sql files http://is.gd/eRXzK < How embarra ... + +(Originally on Twitter: [Thu Sep 02 19:50:38 +0000 2010](https://twitter.com/adulau/status/22825328990)) +---- +http://arxiv.org/abs/1008.4960 - "Growth and replication of red rain cells at 121 oC and their red fluorescence" #biology + +(Originally on Twitter: [Fri Sep 03 14:26:30 +0000 2010](https://twitter.com/adulau/status/22891386612)) +---- +Acheter Son lait à la Ferme en Gaume - Google Maps http://fo.vc/B #belgique #belgium + +(Originally on Twitter: [Sun Sep 05 09:22:03 +0000 2010](https://twitter.com/adulau/status/23046235937)) +---- +RT @quuxlabs: #Hadoop tutorials available on quuxlabs.com: http://fo.vc/a + +(Originally on Twitter: [Sun Sep 05 10:28:41 +0000 2010](https://twitter.com/adulau/status/23049031877)) +---- +RT @quuxlabs: New blog post "Location and Friendship - Data Mining in #Facebook" : http://fo.vc/b #research #www #geolocation #geo + +(Originally on Twitter: [Sun Sep 05 10:30:20 +0000 2010](https://twitter.com/adulau/status/23049102495)) +---- +RT @fluxfingers: the #hacklu prologue crackme will be released at 0.00 cet - less than two hours to go. + +(Originally on Twitter: [Sun Sep 05 20:56:44 +0000 2010](https://twitter.com/adulau/status/23087818450)) +---- +RT @FFII: HOPE conf audio on ACTA etc. http://c2047862.cdn.cloudfiles.rackspacecloud.com/tnha27.mp3 + +(Originally on Twitter: [Mon Sep 06 21:26:52 +0000 2010](https://twitter.com/adulau/status/23178615561)) +---- +"Where they have burned books, they will end in burning human beings." Heinrich Heine - still appropriate in today's world. + +(Originally on Twitter: [Tue Sep 07 20:37:03 +0000 2010](https://twitter.com/adulau/status/23268788950)) +---- +jsunpack-n emulates browser functionality when visiting an URL https://code.google.com/p/jsunpack-n/ #malware #security #analysis + +(Originally on Twitter: [Thu Sep 09 16:55:12 +0000 2010](https://twitter.com/adulau/status/24026732883)) +---- +Finally the X-Frame-Options header is now part of Firefox 3.6.9 http://fo.vc/C #clickjacking #security + +(Originally on Twitter: [Fri Sep 10 12:02:03 +0000 2010](https://twitter.com/adulau/status/24098239159)) +---- +http://code.google.com/p/abusehelper/ could improve abuse-handler community and seems quite handy #CSIRT #CERT + +(Originally on Twitter: [Fri Sep 10 13:41:49 +0000 2010](https://twitter.com/adulau/status/24105169432)) +---- +saw "Exit Through The Gift Shop", another proof of #Banksy capability to break the rules... #rat with #art + +(Originally on Twitter: [Fri Sep 10 21:45:40 +0000 2010](https://twitter.com/adulau/status/24139821214)) +---- +RT @lrz: Cashier at Whole Foods pointed at my camembert and asked what it was, then if it was similar to the "laughing cow". + +(Originally on Twitter: [Sat Sep 11 07:45:41 +0000 2010](https://twitter.com/adulau/status/24177435629)) +---- +@lanyrd Do you have an alternative login method than using the Twitter login? That would be appreciated for the security minded ppl thx + +(Originally on Twitter: [Sat Sep 11 07:49:10 +0000 2010](https://twitter.com/adulau/status/24177586591)) +---- +Using EMET 2.0 to block Adobe 0-day - http://fo.vc/D nifty but until there are again new funky ways to avoid ASLR or EAF... + +(Originally on Twitter: [Sun Sep 12 14:32:40 +0000 2010](https://twitter.com/adulau/status/24287926605)) +---- +@bortzmeyer RPKI pq pas mais une partie des LIR ne sont pas tjs capables de maintenir des entrées en RPSL correctes pour leur ASN... + +(Originally on Twitter: [Sun Sep 12 16:27:58 +0000 2010](https://twitter.com/adulau/status/24297062110)) +---- +@eromang yes, it looks like but luckily, http://www.openvas.org/ is accessible... #infosec #nessis + +(Originally on Twitter: [Sun Sep 12 17:38:16 +0000 2010](https://twitter.com/adulau/status/24302376976)) +---- +RT @loggly: Introducing a HTTP to Syslog proxy written in Node.js: http://bit.ly/cJPnHt #nodejs #syslog #opensource + +(Originally on Twitter: [Mon Sep 13 05:37:17 +0000 2010](https://twitter.com/adulau/status/24357974776)) +---- +Cross-platform vulnerability in Adobe Flash Player #CVE-2010-2884 - http://fo.vc/E a fix to be available... + +(Originally on Twitter: [Tue Sep 14 07:29:19 +0000 2010](https://twitter.com/adulau/status/24456627914)) +---- +using proprietary technologies to protect privacy is a non sense... and we got again a proof the past days... + +(Originally on Twitter: [Wed Sep 15 11:54:31 +0000 2010](https://twitter.com/adulau/status/24562897142)) +---- +@pbeyssac #haystack is/was a proprietary "technology" trying to protect privacy... + +(Originally on Twitter: [Wed Sep 15 20:08:56 +0000 2010](https://twitter.com/adulau/status/24599813510)) +---- +RT @pierreneo: 215 000 étrangers au Luxembourg soit 44% de la population alors quelques Roms de plus ça devrait aller... + +(Originally on Twitter: [Wed Sep 15 21:24:14 +0000 2010](https://twitter.com/adulau/status/24604717161)) +---- +RT @go_nuts: You can now write and run Go code from your browser! http://tinyurl.com/24rqdz4 Check out the new http://golang.org/ #golang + +(Originally on Twitter: [Thu Sep 16 05:42:57 +0000 2010](https://twitter.com/adulau/status/24639583874)) +---- +Actively using TV-B-Gone is a matter of public health... http://www.youtube.com/watch?v=YJRwZMG5GQ4 #thesocietyofthespectacle + +(Originally on Twitter: [Thu Sep 16 14:47:43 +0000 2010](https://twitter.com/adulau/status/24670050236)) +---- +RT @quuxlabs: New blog post "Matrix Factorization: A Simple Tutorial and Implementation in Python" : http://fo.vc/c #python #recommender ... + +(Originally on Twitter: [Thu Sep 16 21:46:43 +0000 2010](https://twitter.com/adulau/status/24700014051)) +---- +RT @SophianF: Ça déconne pas sur les watermarkés chez Warner. J'ai peur de déclencher une attaque chimique en ouvrant le CD. http://plix ... + +(Originally on Twitter: [Fri Sep 17 12:54:51 +0000 2010](https://twitter.com/adulau/status/24755121749)) +---- +@karlpro I share the same feelings when I want to write with my pencil in a e-book or give it to my neighbours... The e-book is a jail too. + +(Originally on Twitter: [Fri Sep 17 12:58:49 +0000 2010](https://twitter.com/adulau/status/24755402817)) +---- +#begov #belgique J-J Viseur doit fumer trop la moquette... http://fo.vc/F n'oublions pas -> "Le nationalisme c'est la haine des autres". + +(Originally on Twitter: [Fri Sep 17 14:51:18 +0000 2010](https://twitter.com/adulau/status/24764491650)) +---- +I love the DF_RETURN_FC_ONLY in diStorm even if I was lost at the next offset... #rce http://code.google.com/p/distorm/ + +(Originally on Twitter: [Fri Sep 17 20:44:04 +0000 2010](https://twitter.com/adulau/status/24790432297)) +---- +Do you want to make a lightning talk during #hack.lu 2010? you can tweet me your proposal http://2010.hack.lu/ + +(Originally on Twitter: [Sat Sep 18 08:51:37 +0000 2010](https://twitter.com/adulau/status/24834342324)) +---- +CryptoAPI Tracer Script http://fo.vc/G #win32 very handy and just relying on "bm" to add breakpoints on Crypt32.dll + +(Originally on Twitter: [Tue Sep 21 06:29:43 +0000 2010](https://twitter.com/adulau/status/25095790891)) +---- +@xme regarding risks and standards, a lot of companies should read (more) the RFC2196... instead of relying on complex risks analysis. + +(Originally on Twitter: [Tue Sep 21 09:39:56 +0000 2010](https://twitter.com/adulau/status/25103597097)) +---- +evercookie is a javascript API available that produces extremely persistent cookies in a browser -> http://samy.pl/evercookie/ + +(Originally on Twitter: [Wed Sep 22 05:19:36 +0000 2010](https://twitter.com/adulau/status/25186444359)) +---- +http://fo.vc/H European Commission proposal about GMO summarized : boundaries stop the pollen at the border of each member state #GMO #fail + +(Originally on Twitter: [Thu Sep 23 05:10:58 +0000 2010](https://twitter.com/adulau/status/25280669874)) +---- +The High Security Top Level Domain Verification at #ICANN http://fo.vc/I is this really useful? + +(Originally on Twitter: [Fri Sep 24 05:44:22 +0000 2010](https://twitter.com/adulau/status/25379094539)) +---- +RT @hack_lu: a little bit more than 4 weeks to go until hack.lu 2010. #hacklu + +(Originally on Twitter: [Fri Sep 24 08:05:11 +0000 2010](https://twitter.com/adulau/status/25385494789)) +---- +Google clarified its Froogle EULA http://fo.vc/J more inline with Google general search policy? #goodiff #quuxlabs + +(Originally on Twitter: [Fri Sep 24 08:43:38 +0000 2010](https://twitter.com/adulau/status/25387149645)) +---- +@stephvg as long as the first to register is not abusing #HSTLD just like spammers are doing with X.509 certificate with extended validation + +(Originally on Twitter: [Fri Sep 24 08:50:02 +0000 2010](https://twitter.com/adulau/status/25387420747)) +---- +RT @mov_ebp_esp: Exploring Stuxnet’s PLC Infection Process http://bit.ly/8WWEVg @symantec + +(Originally on Twitter: [Fri Sep 24 10:16:57 +0000 2010](https://twitter.com/adulau/status/25391435164)) +---- +Paper Token: Gutenberg’s version of One Time Passwords http://fo.vc/K #infosec #simple + +(Originally on Twitter: [Mon Sep 27 20:56:32 +0000 2010](https://twitter.com/adulau/status/25720389633)) +---- +RT @TeamARIN: Have you checked out our microsite (http://teamarin.net)? There is a multitude of educational information to learn about IPv6! + +(Originally on Twitter: [Tue Sep 28 16:03:10 +0000 2010](https://twitter.com/adulau/status/25797831149)) +---- +@beist we were thinking of you for this year at #hack.lu 2010. There will be "beer tasting" workshop... http://fo.vc/d + +(Originally on Twitter: [Fri Oct 01 21:04:05 +0000 2010](https://twitter.com/adulau/status/26114977344)) +---- +@FunkySteph thank you for all your support. I hope we will invent a bright and new future as mentioned by Alan Kay. + +(Originally on Twitter: [Fri Oct 01 21:12:32 +0000 2010](https://twitter.com/adulau/status/26115558247)) +---- +#HN What's your favorite window manager for X11? http://fo.vc/e + +(Originally on Twitter: [Sat Oct 02 08:34:08 +0000 2010](https://twitter.com/adulau/status/26158630022)) +---- +PAM module for face "authentication" looks fun but it's still just a public and weak identifier... http://fo.vc/f #infosec + +(Originally on Twitter: [Sat Oct 02 14:13:05 +0000 2010](https://twitter.com/adulau/status/26177235303)) +---- +RT @joshu: my mother used the phrase "social media" earlier today. that's it folks, it's over. + +(Originally on Twitter: [Sun Oct 03 08:10:33 +0000 2010](https://twitter.com/adulau/status/26249301786)) +---- +“You’re Stealing it Wrong: 30 Years of Inter-Pirate Battles” http://ascii.textfiles.com/archives/2714 #copyrightdelirium + +(Originally on Twitter: [Sun Oct 03 09:46:08 +0000 2010](https://twitter.com/adulau/status/26253783956)) +---- +Time to register for hack.lu 2010 and don't forget to register to the beer and chocolate tasting... http://2010.hack.lu/ #infosec + +(Originally on Twitter: [Tue Oct 05 20:06:25 +0000 2010](https://twitter.com/adulau/status/26486326637)) +---- +RT @hack_lu: Be prepared, as announced, the CTF registration for the hack.lu CTF will start in 1 hour #hacklu #fluxfingers #ctf (via @kabel) + +(Originally on Twitter: [Tue Oct 05 21:03:25 +0000 2010](https://twitter.com/adulau/status/26490116040)) +---- +5 years ago, we made a honeypot with modbus over TCP/IP and everyone said : "useless"... and nowadays? #infosec + +(Originally on Twitter: [Thu Oct 07 18:05:57 +0000 2010](https://twitter.com/adulau/status/26673145524)) +---- +RT @jeremyjarvis: OH: "we don't have VC but we're on our second round of freedom" + +(Originally on Twitter: [Fri Oct 08 19:18:41 +0000 2010](https://twitter.com/adulau/status/26777695324)) +---- +Just saw the Data Acquisition API (DAQ) 0.2 made for Snort 2.9.0... a clever API and also supporting OpenBSD IPFW... #nids + +(Originally on Twitter: [Fri Oct 08 19:40:31 +0000 2010](https://twitter.com/adulau/status/26779142078)) +---- +De Wever is now appointed for clarification... It's sure, they just legalized drugs in Belgium. #belgium #begov + +(Originally on Twitter: [Fri Oct 08 20:01:42 +0000 2010](https://twitter.com/adulau/status/26780532697)) +---- +Looks like ISOC (http://fo.vc/g) is not aware of GooDiff (http://www.goodiff.org/) #goodiff #tos-tracking + +(Originally on Twitter: [Fri Oct 08 20:30:42 +0000 2010](https://twitter.com/adulau/status/26782440118)) +---- +@bookshelfporn http://fo.vc/h The Humanist Library of Beatus Rhenanus - 600 years old manuscripts bookshelf. #books + +(Originally on Twitter: [Sun Oct 10 17:00:04 +0000 2010](https://twitter.com/adulau/status/26953491612)) +---- +@niCRO Do you join us at hack.lu 2010? #hacklu + +(Originally on Twitter: [Wed Oct 13 20:12:43 +0000 2010](https://twitter.com/adulau/status/27272765414)) +---- +"Origapy - a Python module to sanitize PDF files" http://fo.vc/i #infosec relying on Origami and it seems promising. + +(Originally on Twitter: [Wed Oct 13 20:17:01 +0000 2010](https://twitter.com/adulau/status/27273054112)) +---- +http://2010.hack.lu/ - Agenda and workshops finalized... time to register. #hacklu #luxembourg #hack.lu + +(Originally on Twitter: [Thu Oct 14 14:26:56 +0000 2010](https://twitter.com/adulau/status/27345568349)) +---- +"radare, the reverse engineering framework" http://www.radare.org/ #rce #infosec + +(Originally on Twitter: [Thu Oct 14 19:27:53 +0000 2010](https://twitter.com/adulau/status/27369610393)) +---- +Perl Scrappy module is so great that I finally parsed the really crappy moniteur.be website to get new legal text http://fo.vc/j #perl + +(Originally on Twitter: [Thu Oct 14 20:30:34 +0000 2010](https://twitter.com/adulau/status/27373905666)) +---- +RT @newsycombinator: Land of Lisp (Learn to Program in Lisp, One Game at a Time) http://j.mp/aBfX2K + +(Originally on Twitter: [Fri Oct 15 20:04:34 +0000 2010](https://twitter.com/adulau/status/27473894068)) +---- +A paper Internet - how to preserve digital documents on the long-term? use paper... #papernet http://fo.vc/k + +(Originally on Twitter: [Sat Oct 16 10:31:30 +0000 2010](https://twitter.com/adulau/status/27529679250)) +---- +What's the definition of REST? I'm tempted to say: "easy to use from the command line with curl only". #rest + +(Originally on Twitter: [Sat Oct 16 10:47:00 +0000 2010](https://twitter.com/adulau/status/27530430254)) +---- +Starting with XML::IODEF parser not able to parse basic IODEF files and ending it up to make my own parser in Perl... yes, XML is just ASCII + +(Originally on Twitter: [Sun Oct 17 09:35:12 +0000 2010](https://twitter.com/adulau/status/27623422069)) +---- +@niCRO Thank you. Anyway, next time you come in the region, we can arrange a gastronomic reverse engineering challenge... + +(Originally on Twitter: [Sun Oct 17 17:45:04 +0000 2010](https://twitter.com/adulau/status/27657722282)) +---- +@kabel @rbidule We really need a workshop "growing Ilex paraguariensis at home" during hack.lu #hacklu... + +(Originally on Twitter: [Sun Oct 17 18:44:33 +0000 2010](https://twitter.com/adulau/status/27661922882)) +---- +@kabel It seems that planting it indoor with regular watering is fine in our latitudes #gardening4geeks We need young plants or seeds.. + +(Originally on Twitter: [Sun Oct 17 18:58:27 +0000 2010](https://twitter.com/adulau/status/27662890424)) +---- +RT @hack_lu: Hurry up and register for hack.lu. Only some few places left and prices won't change until Friday 22.10. +#hacklu + +(Originally on Twitter: [Tue Oct 19 04:42:15 +0000 2010](https://twitter.com/adulau/status/27803871856)) +---- +Il y a des talks sur les évasions logicielles : "escaping from protected mode" ou le workshop "Dive in to ROP " #hacklu @eromang + +(Originally on Twitter: [Tue Oct 19 11:05:04 +0000 2010](https://twitter.com/adulau/status/27822178835)) +---- +CVE-2010-3904 interesting bug and interesting notes from Linus about the use kmap_atomic() #security #kernel #linux http://fo.vc/l + +(Originally on Twitter: [Tue Oct 19 19:10:32 +0000 2010](https://twitter.com/adulau/status/27860477578)) +---- +@zoobab FRAND or RAND are incompatibles with free software. http://fo.vc/m I don't buy the "competition" arguments showed by lobbyist. + +(Originally on Twitter: [Tue Oct 19 20:43:02 +0000 2010](https://twitter.com/adulau/status/27866763491)) +---- +@FOSSpatents the main issue with (F)RAND is the vagueness. Look at the IETF IPR statement, the successful protocols are the royalty-free... + +(Originally on Twitter: [Wed Oct 20 04:45:47 +0000 2010](https://twitter.com/adulau/status/27902506589)) +---- +RFC2338 versus RFC 5023 (look at IETF IPR declaration). Flexibility? Legal uncertainty is just a way to kill competition. @FOSSpatents + +(Originally on Twitter: [Wed Oct 20 07:22:07 +0000 2010](https://twitter.com/adulau/status/27909731922)) +---- +@FOSSpatents That's the position of the BSA and they even exclude proprietary software interoperability. Excluding their own members... + +(Originally on Twitter: [Wed Oct 20 08:14:12 +0000 2010](https://twitter.com/adulau/status/27911916139)) +---- +We just received the prices for the CTF at #hacklu #hack.lu - from iPad to Kindle and even USRP classic, bus pirates... http://hack.lu + +(Originally on Twitter: [Thu Oct 21 16:29:27 +0000 2010](https://twitter.com/adulau/status/28041801583)) +---- +RT @ddurvaux: Thanks to @adulau there will be a #abusehelper workshop at #hacklu #hack.lu :-D http://bit.ly/aiq35g + +(Originally on Twitter: [Thu Oct 21 16:30:07 +0000 2010](https://twitter.com/adulau/status/28041852803)) +---- +RT @esizkur: even though I'm a reverse-engineer and do cellphone security, I can be a real noob about how to turn on unknown devices of ... + +(Originally on Twitter: [Fri Oct 22 05:04:54 +0000 2010](https://twitter.com/adulau/status/28375753219)) +---- +http://fo.vc/n A document leaked by La Quadrature du Net shows Nicolas Sarkozy hijacking a conference promoting their view of Internet + +(Originally on Twitter: [Sat Oct 23 06:39:43 +0000 2010](https://twitter.com/adulau/status/28478361922)) +---- +Maybe arXiv.org should release their dataset along with the back-end as free software to support even more open access? #arXiv #freesoftware + +(Originally on Twitter: [Sun Oct 24 11:22:31 +0000 2010](https://twitter.com/adulau/status/28586622161)) +---- +@AcidRampage a possible definition of "exploit" : A computer program abusing one or more unexpected purpose for a given computer program. + +(Originally on Twitter: [Sun Oct 24 13:32:39 +0000 2010](https://twitter.com/adulau/status/28595183085)) +---- +just posted - The "Open Access Movement" depends on Free Software http://fo.vc/o #openaccess #OAW2010 #science + +(Originally on Twitter: [Sun Oct 24 14:35:41 +0000 2010](https://twitter.com/adulau/status/28600419888)) +---- +Finally, an academic paper calls into question the merit of continuing the practice of password expiration. - http://fo.vc/p #infosec + +(Originally on Twitter: [Sun Oct 24 16:56:26 +0000 2010](https://twitter.com/adulau/status/28611242303)) +---- +want to make a lightning talk during hack.lu 2010 send us the title at info AT hack.lu... #hacklu #infosec #hack.lu + +(Originally on Twitter: [Mon Oct 25 20:38:47 +0000 2010](https://twitter.com/adulau/status/28723102051)) +---- +Agenda PDF updated for hack.lu 2010 #hacklu #hack.lu http://2010.hack.lu/archive/2010/hacklu2010.pdf + +(Originally on Twitter: [Wed Oct 27 08:26:08 +0000 2010](https://twitter.com/adulau/status/28870982193)) +---- +PDF Malware analysis workshop today at 11:00 AM and in the main Europe room (more space) #hack.lu #hacklu + +(Originally on Twitter: [Wed Oct 27 08:28:41 +0000 2010](https://twitter.com/adulau/status/28871094092)) +---- +Back from hack.lu 2010 and already discussing planning for hack.lu 2011.... Very fun and thanks to everyone for their support. #hacklu + +(Originally on Twitter: [Fri Oct 29 18:58:33 +0000 2010](https://twitter.com/adulau/status/29114368183)) +---- +@xme @raf_iot thank you too for your great contribution and good mood. #hacklu Hope to see you soon or at the next infosec conf... + +(Originally on Twitter: [Fri Oct 29 19:03:58 +0000 2010](https://twitter.com/adulau/status/29114739767)) +---- +@esizkur thank you. It's now in http://2010.hack.lu/archive/2010/ - Could you publish the lightning talk slides too? see you #hacklu + +(Originally on Twitter: [Fri Oct 29 19:22:28 +0000 2010](https://twitter.com/adulau/status/29115960386)) +---- +RT @indi303: #hacklu watching a talk on WWW.netglub.org ! Badass fully opensource Intel gathering framework like Maltego but free. + +(Originally on Twitter: [Fri Oct 29 19:46:59 +0000 2010](https://twitter.com/adulau/status/29117556356)) +---- +RT @xme: [/dev/random]: Hack.lu Day #3 Wrap-up http://blog.rootshell.be/2010/10/29/hack-lu-day-3-wrap-up/ + +(Originally on Twitter: [Fri Oct 29 20:16:43 +0000 2010](https://twitter.com/adulau/status/29119487980)) +---- +http://2010.hack.lu/archive/2010/ is slowly populated with the slides #hacklu #hack.lu + +(Originally on Twitter: [Fri Oct 29 20:26:06 +0000 2010](https://twitter.com/adulau/status/29120100035)) +---- +@fluxfingers Thanks too. This was a great pleasure for us. We hope that we can host another crazy CTF from fluxfingers at #hacklu 2011... + +(Originally on Twitter: [Sun Oct 31 07:27:40 +0000 2010](https://twitter.com/adulau/status/29256581423)) +---- +Facebook change quelques termes de son contrat d'utilisation... vie privée est maintenant confidentialité http://fo.vc/q #goodiff #quuxlabs + +(Originally on Twitter: [Sun Oct 31 08:53:02 +0000 2010](https://twitter.com/adulau/status/29260708820)) +---- +RT @xme: Dear V€ndor$, I just would like to watch your documents or webcasts anonymously and not after filling a 25-fields form! #DontBugMe + +(Originally on Twitter: [Sun Oct 31 10:20:55 +0000 2010](https://twitter.com/adulau/status/29264926722)) +---- +What the heck is truetwit.com? looks like another kind of phishing for Twitter users... #infosec #security #phishing + +(Originally on Twitter: [Sun Oct 31 10:36:42 +0000 2010](https://twitter.com/adulau/status/29265713799)) +---- +Just 10,- YER (for someone to pick-and-carry again) + the carrier cost... The scheme is handy to avoid abusive custom taxes. @thierryzoller + +(Originally on Twitter: [Sun Oct 31 10:53:46 +0000 2010](https://twitter.com/adulau/status/29266589652)) +---- +@thierryzoller As long as you can carry something from one place to another place, the scheme can be used for anything. What's your point? + +(Originally on Twitter: [Sun Oct 31 10:58:22 +0000 2010](https://twitter.com/adulau/status/29266830395)) +---- +@thierryzoller All the media articles are very vague on the topic... carrying explosive is very different than carrying an activated bomb. + +(Originally on Twitter: [Sun Oct 31 11:07:59 +0000 2010](https://twitter.com/adulau/status/29267359458)) +---- +@eromang @thierryzoller "Amusing Ourselves to Death" of Neil Postman a good reading about the media and why we should not care about it... + +(Originally on Twitter: [Sun Oct 31 11:30:29 +0000 2010](https://twitter.com/adulau/status/29268597632)) +---- +New flickr group for #hacklu - http://www.flickr.com/groups/1559269@N23/ feel free to post your photos there. + +(Originally on Twitter: [Sun Oct 31 13:39:22 +0000 2010](https://twitter.com/adulau/status/29277405323)) +---- +just released Forban 0.0.22 ( fixing the silly start-up opportunistic bug ) http://foo.be/forban/ #p2p #lan #proximity + +(Originally on Twitter: [Mon Nov 01 14:15:37 +0000 2010](https://twitter.com/adulau/status/29375857633)) +---- +RT @ProjectHoneynet: Project Honeynet releases Analyzing Malicious Portable Destructive Files Challenge (FC6): http://bit.ly/bOhDt7 #hon ... + +(Originally on Twitter: [Mon Nov 01 14:45:54 +0000 2010](https://twitter.com/adulau/status/29378506041)) +---- +FTC named Ed Felten as Agency's Chief Technologist - http://www.ftc.gov/opa/2010/11/cted.shtm - excellent news... + +(Originally on Twitter: [Thu Nov 04 19:28:20 +0000 2010](https://twitter.com/adulau/status/29694443567)) +---- +The Streisand effect will hit Microsoft regarding the free software driver bounty for the Kinect... http://fo.vc/r #interoperability #dmca + +(Originally on Twitter: [Sat Nov 06 07:16:19 +0000 2010](https://twitter.com/adulau/status/808683873247232)) +---- +Just received my Kindle and my first stupid question : "Why epub is not supported by default on the Kindle?" the reason is not technical... + +(Originally on Twitter: [Mon Nov 08 21:27:28 +0000 2010](https://twitter.com/adulau/status/1747654837014528)) +---- +Don't trust a barcamp named "collaborative hacking" when the organizer told you that "git" has nothing to do with collaboration... #fail + +(Originally on Twitter: [Tue Nov 09 20:02:04 +0000 2010](https://twitter.com/adulau/status/2088552892473344)) +---- +Si vous voulez le dernier Michel Houellebecq en version électronique, il y a une version en CC-BY-SA. http://fo.vc/s #copyrightdelirium + +(Originally on Twitter: [Tue Nov 09 20:14:32 +0000 2010](https://twitter.com/adulau/status/2091690638712832)) +---- +RT @cdaffara: It must be divine justice, after all the talk during our ISO sessions that IPR in standards is a good thing. + +(Originally on Twitter: [Tue Nov 09 21:48:20 +0000 2010](https://twitter.com/adulau/status/2115297842565120)) +---- +and hop... there is now a minimal free driver done in 3 hours for the Kinect - http://fo.vc/t - #reversing + +(Originally on Twitter: [Wed Nov 10 21:17:27 +0000 2010](https://twitter.com/adulau/status/2469913276981248)) +---- +@raf_iot Funny, I recently implemented a ssh black list merger to analyze recurring offending hosts... we should share the techniques. + +(Originally on Twitter: [Fri Nov 12 22:16:06 +0000 2010](https://twitter.com/adulau/status/3209448516489216)) +---- +quickly made a Perl module to access RIPE RIS - Net::Whois::RIS - to have an accurate IP-to-ASN mapping... http://fo.vc/u + +(Originally on Twitter: [Sat Nov 13 09:00:48 +0000 2010](https://twitter.com/adulau/status/3371691149369344)) +---- +@kabel I made a quick&ugly one : https://gist.github.com/676046 showing ASN and Country using IP::Country::Fast and Net::Whois::RIS #perl + +(Originally on Twitter: [Sun Nov 14 09:51:40 +0000 2010](https://twitter.com/adulau/status/3746878671818753)) +---- +@AlainGerlache Il serait bon d'expliquer aux journalistes de la RTBF l'utilité des zones inondables au lieu de faire du direct pour rien... + +(Originally on Twitter: [Sun Nov 14 10:13:26 +0000 2010](https://twitter.com/adulau/status/3752356483170304)) +---- +@xme Very interesting. I see an use of GNU Parallel to split the IPv4 space/hostname space on manyjobs/hosts. Just need an arg in your file + +(Originally on Twitter: [Sun Nov 14 11:28:37 +0000 2010](https://twitter.com/adulau/status/3771276795576320)) +---- +http://phrack.org/issues.html?issue=67 The new Phrack 67 is out and again it's a piece of art... #infosec #phrack + +(Originally on Twitter: [Wed Nov 17 20:44:56 +0000 2010](https://twitter.com/adulau/status/4998441633579009)) +---- +Again today, the Banksy's quote is verified : "People who enjoy waving flags don't deserve to have one" #belgium #belgique + +(Originally on Twitter: [Thu Nov 18 19:38:44 +0000 2010](https://twitter.com/adulau/status/5344170130546688)) +---- +@rbidule The Stuxnet effect is going beyond its technical implication. Stuxnet is even more efficient on the psychological aspect... + +(Originally on Twitter: [Thu Nov 18 19:44:08 +0000 2010](https://twitter.com/adulau/status/5345532583084032)) +---- +@rbidule except if this is the whole purpose of their sponsors.. look at the C&C proto easy to detect (compared to Zeus or alike). #stuxnet + +(Originally on Twitter: [Thu Nov 18 20:03:01 +0000 2010](https://twitter.com/adulau/status/5350280895930368)) +---- +Firefox should be able to display (and browse) xpi file content before add-ons installation... #infosec @mozillaorg + +(Originally on Twitter: [Fri Nov 19 10:26:45 +0000 2010](https://twitter.com/adulau/status/5567647294947329)) +---- +@xme maybe you should mention to your customer about RBS Worldpay case and where the logs played a vital role for restoring the service... + +(Originally on Twitter: [Sat Nov 20 09:36:00 +0000 2010](https://twitter.com/adulau/status/5917264326959104)) +---- +RT @Slate: Does the TSA ever catch terrorists? http://slate.me/aOB6vm + +(Originally on Twitter: [Sat Nov 20 10:04:17 +0000 2010](https://twitter.com/adulau/status/5924383193305088)) +---- +I took some notes about my recent acquisition/use of the Kindle 3 e-book reader - http://fo.vc/v #kindle #books #ebooks + +(Originally on Twitter: [Sat Nov 20 11:49:03 +0000 2010](https://twitter.com/adulau/status/5950747833270272)) +---- +One more time, the "gzip --rsyncable" option saves me from a never ending rsync... #whyyoushouldreadthemanpages #unix + +(Originally on Twitter: [Sun Nov 21 15:10:03 +0000 2010](https://twitter.com/adulau/status/6363718803787777)) +---- +#planB The only decision to take is to remove the boundaries and let people live freely wherever they want. A nation is an outdated concept. + +(Originally on Twitter: [Sun Nov 21 19:53:25 +0000 2010](https://twitter.com/adulau/status/6435029672534016)) +---- +@EvaRuwe Dreaming seems much more close to reality than any of the media bullsh*t like #planB, #byebyebelgium <- #Despektakelmaatschappij + +(Originally on Twitter: [Mon Nov 22 19:12:45 +0000 2010](https://twitter.com/adulau/status/6787184484941824)) +---- +If you forgot, it's time to make a donation to Wikipedia... I made one as usual. #wikipedia + +(Originally on Twitter: [Mon Nov 22 20:27:10 +0000 2010](https://twitter.com/adulau/status/6805913352540160)) +---- +Maybe I should avoid to reverse engineer an evil binary while listening to "Alien Vampies" - EBM and malware don't mix very well tonight. + +(Originally on Twitter: [Tue Nov 23 20:02:38 +0000 2010](https://twitter.com/adulau/status/7162126963572736)) +---- +@xme looks like 2600 (without the monthly letters and the payphone fun) - it seems very low tech and low quality... + +(Originally on Twitter: [Wed Nov 24 21:09:53 +0000 2010](https://twitter.com/adulau/status/7541436840943619)) +---- +Another good reason, to avoid the use of cryptography on virtual and non-virtual shared computers - http://eprint.iacr.org/2010/594 + +(Originally on Twitter: [Wed Nov 24 21:27:45 +0000 2010](https://twitter.com/adulau/status/7545932400820224)) +---- +RT @sans_isc: Local privilege escalation exploit published, affects most versions of Windows: http://goo.gl/8cmyC (via @sans_isc) + +(Originally on Twitter: [Wed Nov 24 22:00:41 +0000 2010](https://twitter.com/adulau/status/7554220874006528)) +---- +@eromang I think the prudent approach is to change the password/api key of all your account/services below the domain secunia.com + +(Originally on Twitter: [Thu Nov 25 14:39:43 +0000 2010](https://twitter.com/adulau/status/7805637232697345)) +---- +RT @hteso: New Pyew revision features "Code analyzer for x86 completely rewritten from scratch" and many bugs fixed. http://cort.as/0PjB + +(Originally on Twitter: [Thu Nov 25 15:55:36 +0000 2010](https://twitter.com/adulau/status/7824733747806208)) +---- +@xme hack.lu 2011 will be the 20-21 September + +(Originally on Twitter: [Sat Nov 27 19:59:35 +0000 2010](https://twitter.com/adulau/status/8610910209839104)) +---- +@xme a complete week of infosec pleasure... hack.lu, TF-CSIRT and BruCON. Hope to see you there. + +(Originally on Twitter: [Sat Nov 27 20:11:02 +0000 2010](https://twitter.com/adulau/status/8613792728485889)) +---- +Lecture du magazine #Rue89 qui n'aime pas Wikileaks. Il devrait promouvoir plus de Wikileaks ou cryptome dans nos sociétés... + +(Originally on Twitter: [Sat Nov 27 21:21:41 +0000 2010](https://twitter.com/adulau/status/8631572521549824)) +---- +RT @jedisct1: Quick patch in order to experiment w/ an increased TCP's initial window on #openbsd http://bit.ly/f49rvS + +(Originally on Twitter: [Sun Nov 28 09:36:16 +0000 2010](https://twitter.com/adulau/status/8816432938754048)) +---- +"De-Anonymizing Web Communities with Gravatar" http://fo.vc/w - using a pre-image hash attack to de-anonymize Gravatar hash + +(Originally on Twitter: [Sun Nov 28 09:36:56 +0000 2010](https://twitter.com/adulau/status/8816601285529602)) +---- +just posted "Why Do We Need More Wikileaks and Cryptome ?" http://fo.vc/x + +(Originally on Twitter: [Sun Nov 28 11:48:26 +0000 2010](https://twitter.com/adulau/status/8849694998396928)) +---- +@thierryzoller I suppose people will invent something new and increase the diversity of leaking platforms just like the full-disclosure list + +(Originally on Twitter: [Sun Nov 28 12:59:35 +0000 2010](https://twitter.com/adulau/status/8867602298314752)) +---- +@sam280 Yes, I think so too. Maybe it's the beginning of their diversity... by two very different technique of releasing content. + +(Originally on Twitter: [Sun Nov 28 13:08:02 +0000 2010](https://twitter.com/adulau/status/8869727388573697)) +---- +@sam280 I don't know. Maybe we need more leaking platforms operated by a community instead being only run by an "individual" + +(Originally on Twitter: [Sun Nov 28 13:41:04 +0000 2010](https://twitter.com/adulau/status/8878039551188992)) +---- +@Frederiqueries Could you explain your #ACTA vote at the parliament? http://fo.vc/y - It's not really supporting EU citizen freedom... + +(Originally on Twitter: [Sun Nov 28 15:48:50 +0000 2010](https://twitter.com/adulau/status/8910192846577664)) +---- +Reading the #cablegate and maybe, you should type "dig -t SOA sgov.gov" in your favorite vty... #wikileaks + +(Originally on Twitter: [Sun Nov 28 21:17:11 +0000 2010](https://twitter.com/adulau/status/8992824569630721)) +---- +@bortzmeyer it just exists within SIPRnet as an internal domain. Interesting, this is giving information about some IP network ops. + +(Originally on Twitter: [Sun Nov 28 21:30:52 +0000 2010](https://twitter.com/adulau/status/8996271503179776)) +---- +Still no patch for RtlQueryRegistryValues() escalation? VU#529673 #win32 + +(Originally on Twitter: [Mon Nov 29 10:53:15 +0000 2010](https://twitter.com/adulau/status/9198194747510784)) +---- +RT @Ivanlef0u: hack.lu CTF - Challenge 12 WriteUp http://bit.ly/hQoHxi + +(Originally on Twitter: [Mon Nov 29 20:12:17 +0000 2010](https://twitter.com/adulau/status/9338882613051392)) +---- +Looking at my logs, "P.Arthur 1.1" robot is a crappy HTTP bot but it is crawling in IPv6... + +(Originally on Twitter: [Mon Nov 29 20:13:46 +0000 2010](https://twitter.com/adulau/status/9339255411179520)) +---- +History is just repeating itself : Virus.DOS.Tchantches is now called Trojan-Ransom.Boot.Seftad - http://fo.vc/z #virus + +(Originally on Twitter: [Tue Nov 30 09:10:38 +0000 2010](https://twitter.com/adulau/status/9534758916726784)) +---- +@thierryzoller If you are talking about #GooDiff, it could be possible as the back-end software is just tracking web pages. http://fo.vc/L + +(Originally on Twitter: [Tue Nov 30 21:53:07 +0000 2010](https://twitter.com/adulau/status/9726643757129728)) +---- +@thorstenholz @mikkohypponen no worries just like the Adobe Flexnet license manager writing in the MBR after every launch... #fun + +(Originally on Twitter: [Wed Dec 01 12:49:14 +0000 2010](https://twitter.com/adulau/status/9952158170480640)) +---- +I like the tag #whereisjulian especially when we are just drinking a warm cup of Assam tea in the south of Belgium. + +(Originally on Twitter: [Wed Dec 01 19:32:44 +0000 2010](https://twitter.com/adulau/status/10053705688686592)) +---- +RT @laurentchemla: Quand on répond n'importe quoi aux questions indiscrètes des sites de vente, on se fait souhaiter un bon anniversaire ... + +(Originally on Twitter: [Wed Dec 01 19:38:49 +0000 2010](https://twitter.com/adulau/status/10055234231476224)) +---- +An interesting Java decompiler https://github.com/akkumar/jreversepro #reversing + +(Originally on Twitter: [Wed Dec 01 20:46:16 +0000 2010](https://twitter.com/adulau/status/10072207355023360)) +---- +RT @iseclaborg: Our paper on detecting malicious domains by passively analyzing DNS is now online: http://bit.ly/gTo7hX. Blog post to fo ... + +(Originally on Twitter: [Wed Dec 01 20:50:33 +0000 2010](https://twitter.com/adulau/status/10073285484093440)) +---- +@xme "Bulletproof providers" protecting C&C? only when requested by law enforcement or do we talk about some "underground" ISP ;-) + +(Originally on Twitter: [Thu Dec 02 15:09:27 +0000 2010](https://twitter.com/adulau/status/10349832539475968)) +---- +@xme Right, that's why they use a complete route object to have their own abuse-mailbox in the whois database. More the underground ISP... + +(Originally on Twitter: [Thu Dec 02 15:20:30 +0000 2010](https://twitter.com/adulau/status/10352613652439040)) +---- +Tip of the day : If you are a savannah.gnu.org user, reset your password. #gnu #infosec + +(Originally on Twitter: [Thu Dec 02 18:29:32 +0000 2010](https://twitter.com/adulau/status/10400186270482432)) +---- +RT @bayartb: wikileaks.fdn.fr #wikileaks done. + +(Originally on Twitter: [Fri Dec 03 15:46:40 +0000 2010](https://twitter.com/adulau/status/10721586323652608)) +---- +RT @pbeyssac: Expérience de DNS immune aux DoS : pointez wikileaks.<votre domaine> sur 46.59.1.2, 213.251.145.96, etc et annoncez- ... + +(Originally on Twitter: [Fri Dec 03 19:35:42 +0000 2010](https://twitter.com/adulau/status/10779224424054784)) +---- +is listening to "Liaisons dangereuses" - "Los niños del parque" #music #electronicmusic - so great, so simple and so in-temporal. + +(Originally on Twitter: [Fri Dec 03 20:04:52 +0000 2010](https://twitter.com/adulau/status/10786567492739072)) +---- +@xme @FunkySteph #FF Hope you enjoyed your Friday as much as I do. Cyberspace is so great those days... + +(Originally on Twitter: [Fri Dec 03 21:23:34 +0000 2010](https://twitter.com/adulau/status/10806373394685952)) +---- +RT @ViRAms: [European Central Bank] Recent Advances in Modelling Systemic Risk using Network Analysis (Jan. 2010) [PDF] http://bit.ly/h2la3E + +(Originally on Twitter: [Sat Dec 04 07:18:02 +0000 2010](https://twitter.com/adulau/status/10955975481626624)) +---- +I completely overlooked that jabber.org moved away from Free Sofware (ejabberd) to proprietary software (M-Link). What a shame.. #jabber.org + +(Originally on Twitter: [Sat Dec 04 17:13:00 +0000 2010](https://twitter.com/adulau/status/11105701829017600)) +---- +@security4all for the #wikileaks mirror, I *highly* recommend to make a chroot/jail (-> jailkit) for the wikileaks account on your server + +(Originally on Twitter: [Sun Dec 05 16:52:22 +0000 2010](https://twitter.com/adulau/status/11462897410506752)) +---- +@obra don't you miss the eInk and can we read easily "RT essentials" as we do on the Kindle 3 with strong sunlight? + +(Originally on Twitter: [Sun Dec 05 17:15:24 +0000 2010](https://twitter.com/adulau/status/11468693208825856)) +---- +@ioerror Is there already a prototyped implementation of mpOTR somewhere? #OTR + +(Originally on Twitter: [Sun Dec 05 20:53:04 +0000 2010](https://twitter.com/adulau/status/11523470894567424)) +---- +RT @ioerror: Secure group chat with Mutli party OTR: http://www.cypherpunks.ca/~iang/pubs/mpotr.pdf + +(Originally on Twitter: [Sun Dec 05 20:54:08 +0000 2010](https://twitter.com/adulau/status/11523740600893440)) +---- +RT @btabaka: #Wikileaks: pas d'autorisation judiciaire pour suspendre l'hébergement car OVH ne justifie pas de la nécessité http://bit.l ... + +(Originally on Twitter: [Mon Dec 06 19:07:25 +0000 2010](https://twitter.com/adulau/status/11859272644173824)) +---- +Even if I'm familiar about Whitfield Diffie's work for long time, I didn't know that he was also the initial inventor of #powerpoint + +(Originally on Twitter: [Mon Dec 06 19:45:41 +0000 2010](https://twitter.com/adulau/status/11868902694846464)) +---- +RT @ioerror: If any harm comes to Julian, an entire generation will be radicalized. + +(Originally on Twitter: [Tue Dec 07 10:52:26 +0000 2010](https://twitter.com/adulau/status/12097092797341696)) +---- +Changing a bit ~ubuntu-core-dev/cryptsetup/ubuntu/lib/setup.c don't worry, it's just for a proof-of-concept... + +(Originally on Twitter: [Tue Dec 07 21:25:39 +0000 2010](https://twitter.com/adulau/status/12256448910200832)) +---- +The funsec mailinglist is not fun in those days. + +(Originally on Twitter: [Tue Dec 07 21:57:30 +0000 2010](https://twitter.com/adulau/status/12264462836834304)) +---- +RT @FIRSTdotOrg: Happy Monday! 2011 Call for Speakers closes this Friday 12/10. Visit http://bit.ly/9uEJUj for more info. #cybersecurity + +(Originally on Twitter: [Wed Dec 08 12:17:34 +0000 2010](https://twitter.com/adulau/status/12480904106614784)) +---- +http://www.romab.com/ironfox/ - Sanboxed Firefox wrapper for MacOS - I hope this will be a default Firefox feature in a near future... + +(Originally on Twitter: [Wed Dec 08 19:47:10 +0000 2010](https://twitter.com/adulau/status/12594052063039488)) +---- +@peter_v The market-driven cs languages books are usually quickly outdated. Looking at my bookshelves: C, Lisp, Prolog are still there. + +(Originally on Twitter: [Wed Dec 08 20:11:34 +0000 2010](https://twitter.com/adulau/status/12600193924997121)) +---- +If you are using Exim, look at : +http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html -> apt-get install postfix #infosec + +(Originally on Twitter: [Thu Dec 09 15:52:49 +0000 2010](https://twitter.com/adulau/status/12897464885448704)) +---- +released Forban 0.0.23 http://foo.be/forban/ - some bug fixes and thanks to @SteveClement and @rommelfs for their harsh testing #p2p + +(Originally on Twitter: [Thu Dec 09 20:40:36 +0000 2010](https://twitter.com/adulau/status/12969887181832192)) +---- +It's now official Java is dead. http://fo.vc/M + +(Originally on Twitter: [Thu Dec 09 21:20:45 +0000 2010](https://twitter.com/adulau/status/12979989427257344)) +---- +@0x58 Yep, finally more space for Python, Ruby, Prolog, Lisp, Scala, Perl, Go, Arc, Scheme, Haskell or even BF... #javaisdead + +(Originally on Twitter: [Thu Dec 09 21:48:01 +0000 2010](https://twitter.com/adulau/status/12986852067770368)) +---- +@jepoirrier Good question. Can you image Hadoop and Pig relying on Python instead of Java? Maybe I'm dreaming and I should get up... + +(Originally on Twitter: [Fri Dec 10 08:01:49 +0000 2010](https://twitter.com/adulau/status/13141321011175424)) +---- +What's your bet? BLAKE, Grøstl, Keccak, JH or Skein? Maybe BLAKE? We will know in 2012... #sha-1 #crypto #hash #nist + +(Originally on Twitter: [Fri Dec 10 18:50:32 +0000 2010](https://twitter.com/adulau/status/13304576698482688)) +---- +RT @naypinya: Code source for the new IA BookReader with TTS, touch, support for full text search and more at (github) - http://bit.ly/g ... + +(Originally on Twitter: [Fri Dec 10 19:33:11 +0000 2010](https://twitter.com/adulau/status/13315308102094848)) +---- +I liked to purchase a device from a second-hand market and finding a CA's private key from the supplier in the equipment... #infosec #pki + +(Originally on Twitter: [Sun Dec 12 10:11:31 +0000 2010](https://twitter.com/adulau/status/13898736488943616)) +---- +extended traceroute-cirl to output Google Maps js code http://fo.vc/N - a sample (from BE to AU) : http://fo.vc/O #netvis + +(Originally on Twitter: [Sun Dec 12 18:51:06 +0000 2010](https://twitter.com/adulau/status/14029491596689408)) +---- +Why public libraries disappear? It's not the Internet but the editors that want to get rid of those public space. We need them on Internet. + +(Originally on Twitter: [Sun Dec 12 21:17:49 +0000 2010](https://twitter.com/adulau/status/14066416592359424)) +---- +The verified boot in Chromium OS is solving some issues to avoid the tampering of the boot process with encrypted partition http://fo.vc/P + +(Originally on Twitter: [Tue Dec 14 19:55:33 +0000 2010](https://twitter.com/adulau/status/14770490174345217)) +---- +@mikkohypponen Could be an issue but that's the only mirror remaining of the old wikileaks "database". Do you know any other old mirrors? + +(Originally on Twitter: [Tue Dec 14 21:15:45 +0000 2010](https://twitter.com/adulau/status/14790669339992064)) +---- +YouTube privacy notice changed to add advertising from other advertising companies - http://fo.vc/Q #privacy #goodiff + +(Originally on Twitter: [Tue Dec 14 22:23:18 +0000 2010](https://twitter.com/adulau/status/14807671014166528)) +---- +The watcher list of github is nifty especially for such tool like LOIC (Low Orbit Ion Cannon ) http://fo.vc/R #DoS #infosec + +(Originally on Twitter: [Wed Dec 15 10:26:19 +0000 2010](https://twitter.com/adulau/status/14989624648663041)) +---- +RT @aloria: I think @Time just got confused-- we wanted the dude whose leaks scare the government, not the one whose leaks upset 15 year ... + +(Originally on Twitter: [Wed Dec 15 14:14:59 +0000 2010](https://twitter.com/adulau/status/15047169434189825)) +---- +A clever mix between a readable language and the Erlang VM - http://reia-lang.org/ looks very promising #programming + +(Originally on Twitter: [Wed Dec 15 20:53:15 +0000 2010](https://twitter.com/adulau/status/15147398422593539)) +---- +RT @thomashawk: An open letter to Carol Bartz, CEO Yahoo Inc. http://goo.gl/YbxcY + +(Originally on Twitter: [Wed Dec 15 21:12:36 +0000 2010](https://twitter.com/adulau/status/15152264402436096)) +---- +RT @xme: [/dev/random]: Iptables Logs Mapping on GoogleMaps http://blog.rootshell.be/2010/12/15/iptables-logs-mapping-on-googlemaps/ + +(Originally on Twitter: [Thu Dec 16 09:08:24 +0000 2010](https://twitter.com/adulau/status/15332403971096576)) +---- +RT @NeelieKroesEU: Good luck to everyone joining #eurostat hackday today! In 5 cities and on IRC http://eurostat.okfn.org/ + +(Originally on Twitter: [Thu Dec 16 09:29:31 +0000 2010](https://twitter.com/adulau/status/15337719479668736)) +---- +@xme just like security certification (e.g. ISO 27001) where people focus on certification instead of doing the real work of securing... + +(Originally on Twitter: [Thu Dec 16 09:40:24 +0000 2010](https://twitter.com/adulau/status/15340455449337856)) +---- +Vulnerability in the PDF distiller of the BlackBerry Attachment Service (BES) - http://fo.vc/T #infosec #blackberry + +(Originally on Twitter: [Thu Dec 16 15:21:31 +0000 2010](https://twitter.com/adulau/status/15426303331147776)) +---- +del.icio.us is now officially killed by Yahoo! I really hope it's a winter joke... @Delicious #delicious + +(Originally on Twitter: [Thu Dec 16 19:59:28 +0000 2010](https://twitter.com/adulau/status/15496249943785472)) +---- +http://fo.vc/U - a quick comparison between "endive" and "chicon" in the new Google Labs Books Ngram viewer #nlp #googlebooks + +(Originally on Twitter: [Thu Dec 16 23:02:18 +0000 2010](https://twitter.com/adulau/status/15542259302797312)) +---- +@cryptbin Why don't you do some mcrypt-like functions in javascript already on the client side? to avoid clear-text on server side. #crypto + +(Originally on Twitter: [Thu Dec 16 23:13:45 +0000 2010](https://twitter.com/adulau/status/15545141309739008)) +---- +In front of my desk, I have two colleagues trying to plug a phone in a computer. Looks like an IT crowd scene.... + +(Originally on Twitter: [Fri Dec 17 16:06:47 +0000 2010](https://twitter.com/adulau/status/15800079742930944)) +---- +@RIPE_NCC Looking for a way to look-up prefixes announced by an ASN, I used your Ajax API at RIPE RIS - http://fo.vc/V why not the whois? + +(Originally on Twitter: [Fri Dec 17 21:44:08 +0000 2010](https://twitter.com/adulau/status/15884978558599168)) +---- +The funky Perl module of the day : "Sub::Frequency - Run code blocks according to a given probability" might be useful in some cases... + +(Originally on Twitter: [Sat Dec 18 08:49:56 +0000 2010](https://twitter.com/adulau/status/16052531457171456)) +---- +RT @_ddenis_: The move to cloud computing is unstoppable – but WikiLeaks gives us pause: http://bit.ly/hazOyQ #etraces + +(Originally on Twitter: [Sat Dec 18 09:07:09 +0000 2010](https://twitter.com/adulau/status/16056865796395008)) +---- +begins a RFC 2196 mapping and annotation project with the non-publicly accessible ISO 27001 standards - http://rfc2196.foo.be/ + +(Originally on Twitter: [Sun Dec 19 18:05:10 +0000 2010](https://twitter.com/adulau/status/16554648580136960)) +---- +RT @olg: Copie privée: la lecture de http://www.copieprivee.culture.gouv.fr/IMG/pdf/CR_15_novembre_2010.pdf est édifiante. + +(Originally on Twitter: [Mon Dec 20 11:34:25 +0000 2010](https://twitter.com/adulau/status/16818702850719744)) +---- +@__courts__ Excellent. "A free security service that audits your web.config settings." and collects your sensitive intormation too ;-) + +(Originally on Twitter: [Mon Dec 20 11:42:37 +0000 2010](https://twitter.com/adulau/status/16820763684241408)) +---- +RT @peteskomoroch: Former delicious PM: Yahoo could proactively release corpus of publicly-shared bookmarks & tags http://bit.ly/fTf1k5 + +(Originally on Twitter: [Mon Dec 20 16:31:07 +0000 2010](https://twitter.com/adulau/status/16893370110578688)) +---- +@__courts__ They should take the opportunity to review all the CBC-mode algorithms and especially Blowfish #blf_cbc_encrypt() #crypto + +(Originally on Twitter: [Mon Dec 20 16:42:32 +0000 2010](https://twitter.com/adulau/status/16896242495782912)) +---- +@elise_huard don't use hash + salting. Use either HMAC or bcrypt with a cost value for the hashing. #crypto + +(Originally on Twitter: [Mon Dec 20 16:44:53 +0000 2010](https://twitter.com/adulau/status/16896834744090624)) +---- +During a pentest, I recalled saying "if there is a rogue smart-card" and the vendor saying "No worries, we customized OpenSC" http://fo.vc/X + +(Originally on Twitter: [Mon Dec 20 17:09:24 +0000 2010](https://twitter.com/adulau/status/16903000534548480)) +---- +@Aldiko instead of promoting DRM-aware products, you should provide a nice interface to Usenet e-books download ;-) + +(Originally on Twitter: [Tue Dec 21 12:29:08 +0000 2010](https://twitter.com/adulau/status/17194856963112960)) +---- +Where's the "dislike" button? An initiative from the Free Software Foundation http://fo.vc/Y + +(Originally on Twitter: [Tue Dec 21 20:57:54 +0000 2010](https://twitter.com/adulau/status/17322893981515776)) +---- +If you have too many bitcoins, you can transfer them on my account : 1Koeg6s1eEQCBRYaP56w23sqJKiy9bfymr ;-) #p2p #bitcoin + +(Originally on Twitter: [Wed Dec 22 20:33:12 +0000 2010](https://twitter.com/adulau/status/17679065037144064)) +---- +updated Forban 0.0.24 - bug fixes release - http://www.foo.be/forban/ #p2p #lan + +(Originally on Twitter: [Wed Dec 22 21:55:36 +0000 2010](https://twitter.com/adulau/status/17699801273470976)) +---- +@bortzmeyer traceroute --with-xml-overhead ;-) + +(Originally on Twitter: [Wed Dec 22 22:21:07 +0000 2010](https://twitter.com/adulau/status/17706224288014336)) +---- +@mir_ripe_labs Nice article. Is the complete dataset of "ASN Ranking Correlations Between Spam Blocklists" publicly available? + +(Originally on Twitter: [Thu Dec 23 11:28:46 +0000 2010](https://twitter.com/adulau/status/17904444838518784)) +---- +Sur mon abonnement #SNCB, il est marqué de Luxembourg vers Marbehan. Pas "terminus à Arlon ensuite, débrouillez vous..." #fail + +(Originally on Twitter: [Fri Dec 24 10:29:33 +0000 2010](https://twitter.com/adulau/status/18251928077074432)) +---- +RT @seeedstudio: DSO Quad is amazing, it supports 4 channel, 36 MHz bandwidth, (Can be over-clock to 72 MHz). + +(Originally on Twitter: [Fri Dec 24 11:00:47 +0000 2010](https://twitter.com/adulau/status/18259787879813120)) +---- +Is this coding scheme http://arxiv.org/abs/1012.5174 the return of FHSS as a security measure? I'm scared... #infosec + +(Originally on Twitter: [Fri Dec 24 11:10:00 +0000 2010](https://twitter.com/adulau/status/18262108193955840)) +---- +Major update in the LiveJournal privacy policy http://fo.vc/Z #goodiff #privacy #livejournal #tos + +(Originally on Twitter: [Fri Dec 24 14:04:51 +0000 2010](https://twitter.com/adulau/status/18306111736119296)) +---- +Linus is right : "security bugs are not different from any other bugs" > all #bugs are about #security and Microsoft just prove it again... + +(Originally on Twitter: [Fri Dec 24 15:34:57 +0000 2010](https://twitter.com/adulau/status/18328783668903936)) +---- +@eromang Yep, it looks like. Happy holidays too. + +(Originally on Twitter: [Fri Dec 24 15:38:34 +0000 2010](https://twitter.com/adulau/status/18329693887397888)) +---- +The letter sent by Ross Anderson (Cambridge University) to UK Cards Association is a pleasure of #responsible #disclosure : http://fo.vc/10 + +(Originally on Twitter: [Sat Dec 25 16:55:22 +0000 2010](https://twitter.com/adulau/status/18711411836325888)) +---- +Advice today : "don't underestimate an old-style forum with active users, it's often more efficient than web 2.0" #internet #collaboration + +(Originally on Twitter: [Sat Dec 25 21:36:55 +0000 2010](https://twitter.com/adulau/status/18782264716435456)) +---- +Dear @oreillymedia I'm sure there is a market for an updated version of "Network security with OpenSSL" especially for ECDSA aspects #crypto + +(Originally on Twitter: [Sun Dec 26 14:07:37 +0000 2010](https://twitter.com/adulau/status/19031580588646400)) +---- +@i0n1c "The Rootkit arsenal" (2009) is still very interesting even if the sample code is sometimes very buggy. #infosec #malware + +(Originally on Twitter: [Sun Dec 26 14:23:29 +0000 2010](https://twitter.com/adulau/status/19035576846000128)) +---- +"The Transistor level 6502 Hardware Simulation in Javascript" http://fo.vc/12 - an incredible beast made in Javascript #6502 #cpuhistory + +(Originally on Twitter: [Sun Dec 26 20:02:24 +0000 2010](https://twitter.com/adulau/status/19120867711655936)) +---- +is wondering ways to improve the #bitcoin p2p bootstrap protocol - http://btc.fo.vc/ (current experiment via HTTP) + +(Originally on Twitter: [Sun Dec 26 21:33:53 +0000 2010](https://twitter.com/adulau/status/19143887037669376)) +---- +"Analysis of Computer Science Communities Based on DBLP" - http://arxiv.org/abs/1012.5396 a nice and concise paper about #cs communities + +(Originally on Twitter: [Mon Dec 27 09:01:37 +0000 2010](https://twitter.com/adulau/status/19316962605666304)) +---- +@venturehacks Just because large sites provide services but don't provide privacy services... http://www.goodiff.org/ #privacy + +(Originally on Twitter: [Mon Dec 27 21:34:32 +0000 2010](https://twitter.com/adulau/status/19506441962397697)) +---- +Any proud user of a nVidia TESLA C2050 board for hashing (SHA-256)? I'm looking for SHA-256 benchmarks #crypto #cuda #gpu + +(Originally on Twitter: [Mon Dec 27 22:40:37 +0000 2010](https://twitter.com/adulau/status/19523070075076610)) +---- +By using the leak feed API ( http://api.leakfeed.com ), I saw a cable about US government support of Monsanto (MON810) http://fo.vc/13 #GMO + +(Originally on Twitter: [Tue Dec 28 09:21:38 +0000 2010](https://twitter.com/adulau/status/19684388555984896)) +---- +Finally an Internet-Draft for enforcing HTTP over TLS at the client side "HTTP Strict Transport Security (HSTS)" http://fo.vc/14 + +(Originally on Twitter: [Tue Dec 28 18:57:22 +0000 2010](https://twitter.com/adulau/status/19829277675495425)) +---- +Looking at my notes, Tor exit node model improvement : "every Tor client should be an exit at a random interval for a short time' #tor #wth + +(Originally on Twitter: [Tue Dec 28 19:08:04 +0000 2010](https://twitter.com/adulau/status/19831966882856960)) +---- +@kabel yes but the objective is privacy not speed and that would limit the incentive to run a stable Tor exit node for interception. + +(Originally on Twitter: [Tue Dec 28 19:13:32 +0000 2010](https://twitter.com/adulau/status/19833343193382912)) +---- +Expérience du jour dans un magasin "Avez-vous la carte de réduction" - " Non, ma vie privée est mieux qu'une carte de réduction !" #privacy + +(Originally on Twitter: [Tue Dec 28 20:03:11 +0000 2010](https://twitter.com/adulau/status/19845839652397056)) +---- +@fboule It's pretty clear. Instead of having to set explicity in your Tor configuration that you are an exit node, it's randomly allocated. + +(Originally on Twitter: [Wed Dec 29 19:20:47 +0000 2010](https://twitter.com/adulau/status/20197558592741376)) +---- +with this bloody BCM4322 proprietary driver, I got a satellite link latency while being at 2 meters of my 802.11 access-point. #broadcom + +(Originally on Twitter: [Wed Dec 29 21:12:55 +0000 2010](https://twitter.com/adulau/status/20225777886830592)) +---- +@rfc1149 ;-) Right, a CAT5-E cable is very handy to download one of those binary object for those brain damaged wireless chipsets... + +(Originally on Twitter: [Wed Dec 29 21:28:47 +0000 2010](https://twitter.com/adulau/status/20229767290687489)) +---- +RT @xme: New NIST document released: Guidelines for the secure deployment of IPv6 - http://bit.ly/hBVRKF <- a must read before IPv4ca ... + +(Originally on Twitter: [Wed Dec 29 21:35:19 +0000 2010](https://twitter.com/adulau/status/20231411952779264)) +---- +Mentioning the ECDSA updates required for the OpenSSL book, It seems that Sony is anxiously waiting for its publishing #crypto #crypoishard + +(Originally on Twitter: [Thu Dec 30 20:30:42 +0000 2010](https://twitter.com/adulau/status/20577540787675136)) +---- +@dakami Difficult. There are some experiments like muXTCP, S3 (Scheme) and even the crazy libUTP (~TCP). @bortzmeyer + +(Originally on Twitter: [Thu Dec 30 20:43:43 +0000 2010](https://twitter.com/adulau/status/20580813779238912)) +---- +"Amazon Kindle loan" is how to create scarcity where it didn't exist. #ebooks #freesociety #kindle + +(Originally on Twitter: [Thu Dec 30 21:22:30 +0000 2010](https://twitter.com/adulau/status/20590573941424128)) +---- +@AlainGerlache "La création de richesses" devrait se nommer "les indicateurs de richesses" cf. André Gorz (L'immatériel) #PIB ~#FAIR + +(Originally on Twitter: [Fri Dec 31 08:31:53 +0000 2010](https://twitter.com/adulau/status/20759033644318721)) +---- +Software is living organism and you have to manage your software like a living organism. #infosec #patch + +(Originally on Twitter: [Fri Dec 31 08:40:15 +0000 2010](https://twitter.com/adulau/status/20761136865484800)) +---- +RT @torproject: the whole thread on the 27C3 discussion starts here, http://archives.seul.org/or/talk/Dec-2010/msg00253.html + +(Originally on Twitter: [Fri Dec 31 13:36:36 +0000 2010](https://twitter.com/adulau/status/20835714132353024)) +---- +Just before 2011, Forban 0.0.25 released (easier to use out of the box + Forban Bash client PoC) - https://github.com/adulau/Forban + +(Originally on Twitter: [Fri Dec 31 16:02:45 +0000 2010](https://twitter.com/adulau/status/20872495343079424)) +---- +posted http://fo.vc/15 "Often I'm Wrong But Not Always..." or one of my commitment for next years. #blog #innovate #doocracy #takingnotes + +(Originally on Twitter: [Sat Jan 01 11:08:00 +0000 2011](https://twitter.com/adulau/status/21160705814175744)) +---- +Why some free software dev. still use for new projects the crappy sourceforge.net website? When you have gitorious.org ? #git #freesoftware + +(Originally on Twitter: [Sat Jan 01 11:24:48 +0000 2011](https://twitter.com/adulau/status/21164934364659712)) +---- +@fcouchet Les normes ISO/IEC enfin libres, la suppression des brevets existants sur les logiciels/vivant et un droit d'auteur de 20 ans max. + +(Originally on Twitter: [Sat Jan 01 11:47:45 +0000 2011](https://twitter.com/adulau/status/21170708960776192)) +---- +@RIPE_NCC FYI, whois.ripe.net (whois.db.ipv6.ripe.net) in IPv6 is not accessible via sixxs. + +(Originally on Twitter: [Sat Jan 01 11:52:29 +0000 2011](https://twitter.com/adulau/status/21171902001184768)) +---- +@xme might be my open WiFi or the one from Bruce Schneier http://fo.vc/16 By the way, happy new year ! + +(Originally on Twitter: [Sat Jan 01 12:28:55 +0000 2011](https://twitter.com/adulau/status/21181069613076480)) +---- +140 char is not really covered by copyright... wait, seeing at DMCA takedown notices for Twitter http://fo.vc/17 -> #copyrightdelirium + +(Originally on Twitter: [Sat Jan 01 14:27:44 +0000 2011](https://twitter.com/adulau/status/21210973721329664)) +---- +@sourceforge where to start? get rid of the intrusive advertising, simplify downloading interface and improve git support. hope this helps. + +(Originally on Twitter: [Sat Jan 01 18:38:19 +0000 2011](https://twitter.com/adulau/status/21274032229851136)) +---- +just found that the YubiKey allows to reset the AES private key from the token. I need to test it with other HOTP solution if this works. + +(Originally on Twitter: [Mon Jan 03 20:33:46 +0000 2011](https://twitter.com/adulau/status/22027864253669376)) +---- +42 registry is an interesting experiment. My "dig -t A www.nic.42" just works. If you are curious, http://42registry.org/ #dns #icann #free + +(Originally on Twitter: [Mon Jan 03 21:05:01 +0000 2011](https://twitter.com/adulau/status/22035726543622144)) +---- +http://fo.vc/18 Logstash seems to be a promising free software alternative to Splunk or similar closed tools... #SIEMS #logging + +(Originally on Twitter: [Wed Jan 05 21:08:59 +0000 2011](https://twitter.com/adulau/status/22761502477914112)) +---- +#begov #nogov "Le bordel Belge est récursif mais on ne sait jamais si on va sortir de la récursion..." #surrealism + +(Originally on Twitter: [Thu Jan 06 19:38:15 +0000 2011](https://twitter.com/adulau/status/23101053524254720)) +---- +The today's quote for the software vendor who is again blaming security researchers "Fix your code and stop whining" #infosec + +(Originally on Twitter: [Thu Jan 06 20:11:54 +0000 2011](https://twitter.com/adulau/status/23109524101533696)) +---- +What's the difference between "responsible disclosure" and "coordinated vulnerability disclosure"? The last is just adding 6 months more + +(Originally on Twitter: [Fri Jan 07 08:41:36 +0000 2011](https://twitter.com/adulau/status/23298193089368064)) +---- +Want to see the differences in the legal terms after the introduction of the "Mac App Store"? http://fo.vc/1b #goodiff #apple #tos + +(Originally on Twitter: [Sat Jan 08 08:56:42 +0000 2011](https://twitter.com/adulau/status/23664380914700288)) +---- +RT @daveaitel: Two girls race to top of US-Mexico fence in 15 seconds http://dlvr.it/Cw0rG + +(Originally on Twitter: [Sat Jan 08 11:31:47 +0000 2011](https://twitter.com/adulau/status/23703409521594368)) +---- +@0x58 I'll be at FOSDEM. At least for the lightning talks, I have 15 minutes to present Forban and its crazy idea #p2p #fosdem + +(Originally on Twitter: [Sat Jan 08 13:37:55 +0000 2011](https://twitter.com/adulau/status/23735148541378560)) +---- +RT @birgittaj: Good article by Greenwald: DOJ subpoenas Twitter records of several WikiLeaks volunteers http://shar.es/XUoIT + +(Originally on Twitter: [Sat Jan 08 17:08:29 +0000 2011](https://twitter.com/adulau/status/23788139789164544)) +---- +Looking at the excellent article made by @xme about MySQL logging with UDF, I was wondering if there is an UDF extension with #redis support + +(Originally on Twitter: [Sat Jan 08 17:35:02 +0000 2011](https://twitter.com/adulau/status/23794822712131584)) +---- +@GutenbergNews How do you generate the Mobipocket files in the Gutenberg Project? PGTEI 0.4 doesn't seem to support Mobipocket. Thanks. + +(Originally on Twitter: [Sat Jan 08 22:01:46 +0000 2011](https://twitter.com/adulau/status/23861946721763328)) +---- +just committed wikirc2text to ease the sending of Wiki RC to XMPP (sendxmpp) without flooding with the same changes... http://fo.vc/1c + +(Originally on Twitter: [Sun Jan 09 17:56:03 +0000 2011](https://twitter.com/adulau/status/24162499611852800)) +---- +http://fo.vc/1d The data devroom at #FOSDEM looks very promising. From Hadoop Pig, PyF to a talk about the use of Mongo.DB for Wikileaks + +(Originally on Twitter: [Sun Jan 09 19:29:19 +0000 2011](https://twitter.com/adulau/status/24185968919576577)) +---- +http://fo.vc/1e OpenSSH-5.7 is looking for testers, this version now includes ECDH and ECDSA #openssh + +(Originally on Twitter: [Mon Jan 10 13:49:25 +0000 2011](https://twitter.com/adulau/status/24462818401058816)) +---- +@0x58 Maybe TorChat should use OTR or MP-OTR to limit traffic analysis. #tor #otr #privacy http://www.cypherpunks.ca/otr/ + +(Originally on Twitter: [Mon Jan 10 20:26:57 +0000 2011](https://twitter.com/adulau/status/24562862261280768)) +---- +@duckduckgo what do you mean by "substantively updated" in your updated privacy policy? http://fo.vc/1f thank you + +(Originally on Twitter: [Mon Jan 10 20:36:22 +0000 2011](https://twitter.com/adulau/status/24565233716563968)) +---- +@duckduckgo I think so if that is not a semantic change. By the way, could you provide a text/plain URL for GooDiff.org and others? Thanks + +(Originally on Twitter: [Mon Jan 10 21:45:13 +0000 2011](https://twitter.com/adulau/status/24582561149751296)) +---- +Why it takes so long to have a fix for the Security Advisory MS 2488013? #microsoft #infosec + +(Originally on Twitter: [Tue Jan 11 18:45:59 +0000 2011](https://twitter.com/adulau/status/24899842169896960)) +---- +@mytweet_id arf arf, exactly Microsoft should provide a link to alternative browsers when publishing their IE security advisories. + +(Originally on Twitter: [Tue Jan 11 18:52:31 +0000 2011](https://twitter.com/adulau/status/24901486223822848)) +---- +RT @ioerror: The forensic specialist (who was friendly) explained that EnCase and FTK, with a write-blocker inline were unable to see th ... + +(Originally on Twitter: [Wed Jan 12 20:39:07 +0000 2011](https://twitter.com/adulau/status/25290700186722304)) +---- +réseaux sociaux et sécurité - doit-on les réinventer pour en éviter les attaques? http://fo.vc/1g #securite #social #freedom + +(Originally on Twitter: [Wed Jan 12 21:41:18 +0000 2011](https://twitter.com/adulau/status/25306349994770432)) +---- +I really enjoy a fake /phpmyadmin/ default page especially when the attacker makes a cut-and-paste in the wrong form #infosec + +(Originally on Twitter: [Thu Jan 13 20:21:31 +0000 2011](https://twitter.com/adulau/status/25648660771512321)) +---- +Node.js starts to be very interesting with the recent inclusion of TLS #nodejs + +(Originally on Twitter: [Thu Jan 13 22:12:02 +0000 2011](https://twitter.com/adulau/status/25676471309701120)) +---- +RT @TopHackerNews: Fast Levenshtein distance using a Trie http://bit.ly/fXJ7Rz http://ff.im/-wyUjw + +(Originally on Twitter: [Sat Jan 15 16:48:10 +0000 2011](https://twitter.com/adulau/status/26319744797773825)) +---- +http://lerecorddumonde.be/ is fun but completely missing the point. There are plenty of governments in #belgium one less is a good start... + +(Originally on Twitter: [Sat Jan 15 16:54:59 +0000 2011](https://twitter.com/adulau/status/26321457466318848)) +---- +@eQuiNoX__ Good idea. hack.lu CTF at each edition of the hack.lu conference. + +(Originally on Twitter: [Sat Jan 15 19:22:23 +0000 2011](https://twitter.com/adulau/status/26358554873040896)) +---- +@NeelieKroesEU Yes and also the power of free licenses like the GNU Free Documentation License or the CC BY-SA. #freedom #wikipedia + +(Originally on Twitter: [Sat Jan 15 19:28:31 +0000 2011](https://twitter.com/adulau/status/26360097710014464)) +---- +http://fo.vc/1h Stuxnet scenario already evaluated in 2008 and 2009. Check page 55-60 of this presentation made at 2008 Automation Summit + +(Originally on Twitter: [Sun Jan 16 10:00:22 +0000 2011](https://twitter.com/adulau/status/26579504675684352)) +---- +http://www.tcpdump.org/ is updated, great now libpcap and tcpdump is using #git as SCM -> will be easier to pull patches #infosec + +(Originally on Twitter: [Sun Jan 16 11:05:00 +0000 2011](https://twitter.com/adulau/status/26595770102718464)) +---- +@fred_dela No worries, I don't. I just believe that Belgium is a work of art. Nothing more. + +(Originally on Twitter: [Sun Jan 16 21:40:41 +0000 2011](https://twitter.com/adulau/status/26755744380489728)) +---- +Forban 0.0.26 released - bug fixes - http://foo.be/forban/ - p2p -> sharing files locally with your neighbours + +(Originally on Twitter: [Mon Jan 17 21:00:28 +0000 2011](https://twitter.com/adulau/status/27108010501341185)) +---- +RT @datenkeller: Call for Papers: Web 2.0 Security and Privacy 2011 Workshop (W2SP 2011) http://www.w2spconf.com/2011/cfp.html + +(Originally on Twitter: [Mon Jan 17 21:23:29 +0000 2011](https://twitter.com/adulau/status/27113804076687360)) +---- +http://fo.vc/1i "SafeVchat: Detecting Obscene Content and Misbehaving Users in Online Video Chat Services" #chatroulette #science + +(Originally on Twitter: [Tue Jan 18 10:58:36 +0000 2011](https://twitter.com/adulau/status/27318937028919296)) +---- +What? The W3C is doing a logo page for HTML5 in fixed width. Repeat after me : "fixed width design is a mistake". + +(Originally on Twitter: [Tue Jan 18 18:37:11 +0000 2011](https://twitter.com/adulau/status/27434340518461440)) +---- +http://fo.vc/1j The Microsoft Attack Surface Analyzer looks interesting but it's only working on Windows 7 until now #infosec #malware + +(Originally on Twitter: [Tue Jan 18 18:54:53 +0000 2011](https://twitter.com/adulau/status/27438798346387456)) +---- +Why the I-D Forward Secrecy Extensions for OpenPGP was never implemented? I'm looking for some background information #openpgp #crypto + +(Originally on Twitter: [Tue Jan 18 20:14:08 +0000 2011](https://twitter.com/adulau/status/27458742245134336)) +---- +I'm sure there will be a black market for "incandescent lamp". The pseudo-economical lamps are very slow to start, toxic and too complex. + +(Originally on Twitter: [Wed Jan 19 21:09:42 +0000 2011](https://twitter.com/adulau/status/27835110019571712)) +---- +@theodric exactly. Energy efficiency is just a joke especially for short time light (as toilet light or storage room) as you have to wait... + +(Originally on Twitter: [Wed Jan 19 21:15:42 +0000 2011](https://twitter.com/adulau/status/27836622380728320)) +---- +@bortzmeyer I used Tokyo Tyrant for different projects but recently moved them to redis. Just for a matter of flexibility with the redis API + +(Originally on Twitter: [Wed Jan 19 21:19:08 +0000 2011](https://twitter.com/adulau/status/27837484364734464)) +---- +RT @s7ephen: Here is the paper for SoundMiner: a Proof-of-Concept Android trojan that uses Speech Recognition to steal CC numbers http:/ ... + +(Originally on Twitter: [Wed Jan 19 21:48:41 +0000 2011](https://twitter.com/adulau/status/27844921616506880)) +---- +@pbeyssac I'm still running my redis slave server with a SLAVEOF and a simple TCP redirector in client switching to slave when != reachable + +(Originally on Twitter: [Thu Jan 20 08:13:49 +0000 2011](https://twitter.com/adulau/status/28002240958562304)) +---- +RT @mir_ripe_labs: Public demo sessions scheduled to develop a new RIPE NCC toolbox, called RIPEstat. Read on #RIPELabs: http://bit.ly/d ... + +(Originally on Twitter: [Thu Jan 20 09:19:15 +0000 2011](https://twitter.com/adulau/status/28018711008903168)) +---- +http://fo.vc/1k "An IPv6 Geographic Global Unicast Address Format" Internet-Draft seems nice but in practice? #ipv6 #geo + +(Originally on Twitter: [Thu Jan 20 21:13:47 +0000 2011](https://twitter.com/adulau/status/28198529432293376)) +---- +@lensassaman I don't know if Jamie failed but he proved that we need many years to reverse the dangerous tendency of industrial food. + +(Originally on Twitter: [Thu Jan 20 22:14:53 +0000 2011](https://twitter.com/adulau/status/28213904060456960)) +---- +@lensassaman Right. I remember US friends visiting us saw our seeds preservation habit and asking why doing this if you can buy seeds... + +(Originally on Twitter: [Thu Jan 20 22:29:37 +0000 2011](https://twitter.com/adulau/status/28217610457841664)) +---- +RT @UnGarage: RT @DaHammerstein: EU academic experts publish excellent critique of ACTA, ask rejection of text by EP. Support needed htt ... + +(Originally on Twitter: [Fri Jan 21 07:11:24 +0000 2011](https://twitter.com/adulau/status/28348923185725440)) +---- +@AppSecEU For your information, the link of the CfP is broken on your wiki. http://www.owasp.org/index.php/AppSecEU2011#tab=CFT_.26_CFP + +(Originally on Twitter: [Fri Jan 21 19:10:18 +0000 2011](https://twitter.com/adulau/status/28529838469939202)) +---- +I now index the tweets in ElasticSearch via a Python script but it's maybe the sign that I'm following too many people... + +(Originally on Twitter: [Fri Jan 21 20:56:49 +0000 2011](https://twitter.com/adulau/status/28556643784462336)) +---- +RT @securityshell: Abusing HTTP Status Codes to Expose Private Information https://secure.grepular.com/Abusing_HTTP_Status_Codes_to_Expo ... + +(Originally on Twitter: [Fri Jan 21 21:03:35 +0000 2011](https://twitter.com/adulau/status/28558349301710848)) +---- +Sarcasm, I like those quarterly patches with a list of CVE numbers also fixing never mentioned vulnerabilities in the change log. #infosec + +(Originally on Twitter: [Sat Jan 22 18:02:29 +0000 2011](https://twitter.com/adulau/status/28875158856933376)) +---- +@humanstxt Why do you use Key:Value (e.g. Chef:Juanjo Bernabeu) if you want it for human only? "The Chef is" would be more appropriate #fun + +(Originally on Twitter: [Sun Jan 23 10:19:24 +0000 2011](https://twitter.com/adulau/status/29121011265839104)) +---- +@humanstxt I couldn't resist to mention the three laws of robotics http://news.ycombinator.com/item?id=2132190 #robots + +(Originally on Twitter: [Sun Jan 23 10:32:57 +0000 2011](https://twitter.com/adulau/status/29124418038927360)) +---- +just released Forban 0.0.27 - http://www.foo.be/forban/ - bug fixes and improvement in the bash client #p2p #sharing #local + +(Originally on Twitter: [Sun Jan 23 17:46:06 +0000 2011](https://twitter.com/adulau/status/29233425223258112)) +---- +I'm feeling a bit dizzy with all those flags. What's the use of a national flag? just to blindly follow some stupid statements. #shamebe + +(Originally on Twitter: [Sun Jan 23 17:52:47 +0000 2011](https://twitter.com/adulau/status/29235106442903554)) +---- +RT @latrive: La recette pour cracker les DRM des ebooks de la FNAC est ici: http://bit.ly/ffrNcQ + +(Originally on Twitter: [Sun Jan 23 19:34:03 +0000 2011](https://twitter.com/adulau/status/29260590870433792)) +---- +@bortzmeyer « Peut-on éteindre Internet ? » -> pour un pauvre citoyen du monde perdu dans les élucubrations politiques belges ;-) + +(Originally on Twitter: [Sun Jan 23 19:40:25 +0000 2011](https://twitter.com/adulau/status/29262194956832768)) +---- +@FOSSpatents It's not uncommon to have test case(s) shared between implementors to validate a specification. Case law exists on the topic. + +(Originally on Twitter: [Sun Jan 23 19:57:38 +0000 2011](https://twitter.com/adulau/status/29266525965787136)) +---- +@FOSSpatents Not always, especially in interoperability test case. A hint No. 99-15852 (court of appeal). The tcode was from Harmony Project + +(Originally on Twitter: [Sun Jan 23 20:14:37 +0000 2011](https://twitter.com/adulau/status/29270799701512193)) +---- +@FOSSPatents I hoped that you knew better that case. Even the infringing copies were allowed... especially to pursue the fair-use objective. + +(Originally on Twitter: [Sun Jan 23 20:20:54 +0000 2011](https://twitter.com/adulau/status/29272381969145856)) +---- +@FOSSpatents read introduction paragraph (4) of No. 99-15852. (SONY COMPUTER ENTERTAINMENT INC v. CONNECTIX CORPORATION) + +(Originally on Twitter: [Sun Jan 23 20:27:05 +0000 2011](https://twitter.com/adulau/status/29273937854603264)) +---- +RT @raf_iot: @adulau bgp ranking works. The new system is implemented and it uses less than 1Gb RAM for more than 30 days of ranks. 1/2 + +(Originally on Twitter: [Mon Jan 24 05:36:17 +0000 2011](https://twitter.com/adulau/status/29412149461778432)) +---- +@FOSSpatents Just like Android -> part of the building/reversing/testing process and even not used http://fo.vc/1l time to update your blog + +(Originally on Twitter: [Mon Jan 24 07:17:12 +0000 2011](https://twitter.com/adulau/status/29437544215089152)) +---- +@FOSSpatents Sorry for updating the state-of-the-art of your office. What we have here is a fair use more than an infringement case. IM over + +(Originally on Twitter: [Mon Jan 24 07:35:11 +0000 2011](https://twitter.com/adulau/status/29442070590521344)) +---- +@FOSSpatents Look at the specific test case suite, this is an interoperability/validating test for the policies. have a nice day. IM over + +(Originally on Twitter: [Mon Jan 24 07:44:14 +0000 2011](https://twitter.com/adulau/status/29444348416368640)) +---- +RT @DidierStevens: Nice from Microsoft to offer a feature to bypass SRP and AppLocker. Quickpost coming up next week. Wrote details here ... + +(Originally on Twitter: [Mon Jan 24 10:43:11 +0000 2011](https://twitter.com/adulau/status/29489383144947712)) +---- +RT @xme: Making a tour of existing DLP solutions... Whatever you choose: know your data and data owners! It's just a "dumb" tool! + +(Originally on Twitter: [Mon Jan 24 11:24:20 +0000 2011](https://twitter.com/adulau/status/29499737551933440)) +---- +RT @NLnetLabs: Release day at NLnet Labs: besides NSD, #ldns and #Unbound released. http://tinyurl.com/ldns-1-6-8 +http://tinyurl.com/unb ... + +(Originally on Twitter: [Mon Jan 24 15:59:59 +0000 2011](https://twitter.com/adulau/status/29569107338731521)) +---- +"The code injected to steal passwords in Tunisia" - http://fo.vc/1m - another good reason to look carefully at JS code in web pages + +(Originally on Twitter: [Mon Jan 24 20:00:57 +0000 2011](https://twitter.com/adulau/status/29629749995241473)) +---- +@lensassaman Seeing how the X.509 signatures or even PGP ones are checked we are still at Morris worm's ages. Still work for us ;-) #infosec + +(Originally on Twitter: [Mon Jan 24 20:13:56 +0000 2011](https://twitter.com/adulau/status/29633017366446081)) +---- +@lensassaman Right as long there is no OCSP response type code 3 in the process. How do you see it? a community voting signature scheme? + +(Originally on Twitter: [Mon Jan 24 20:38:35 +0000 2011](https://twitter.com/adulau/status/29639221270548480)) +---- +http://dionaea.carnivore.it/ Dionaea the low-interaction honeypot is getting better and better. I really like its XMPP interface #infosec + +(Originally on Twitter: [Mon Jan 24 21:39:25 +0000 2011](https://twitter.com/adulau/status/29654531226734592)) +---- +@kabel maybe via UML with an appropriate netfilter6 REDIRECT to not mess up with the underlying home OS. just an idea. + +(Originally on Twitter: [Mon Jan 24 21:53:15 +0000 2011](https://twitter.com/adulau/status/29658011505004544)) +---- +RT @pnoordhuis: Wow! Bump (the iPhone app) has 700GB of RAM dedicated to Redis: http://bit.ly/fMeGgU + +(Originally on Twitter: [Tue Jan 25 09:25:37 +0000 2011](https://twitter.com/adulau/status/29832250853953536)) +---- +http://piana.eu/aduc - Aduc files class action against Microsoft - #oem #proprietarysoftware #microsoft + +(Originally on Twitter: [Tue Jan 25 18:45:30 +0000 2011](https://twitter.com/adulau/status/29973150171140097)) +---- +I'm reluctant to renew my ACM membership especially if ACM doesn't go into an open access model. #acm #openaccess + +(Originally on Twitter: [Tue Jan 25 22:25:29 +0000 2011](https://twitter.com/adulau/status/30028511049682944)) +---- +Reading for the 4th time the RFC5746 , I'm really wondering why they kept the TLS renegotiation in the standard. #infosec + +(Originally on Twitter: [Wed Jan 26 15:23:58 +0000 2011](https://twitter.com/adulau/status/30284821578121216)) +---- +RT @dragosr: Caveat to intel, "Unbreakable" never works as a marketing slogan. Examples left as exercise for the reader. + +(Originally on Twitter: [Wed Jan 26 20:21:39 +0000 2011](https://twitter.com/adulau/status/30359733084880896)) +---- +@xme I saw it at the European Movie film in Virton. Not really good. Just a guy going mad.. for a hotmail stolen via wireless. #Pulsar + +(Originally on Twitter: [Wed Jan 26 20:30:11 +0000 2011](https://twitter.com/adulau/status/30361883655540736)) +---- +"Multi-Level Steganography: Improving Hidden Communication in Networks" - http://arxiv.org/abs/1101.4789 #stegano + +(Originally on Twitter: [Thu Jan 27 08:37:03 +0000 2011](https://twitter.com/adulau/status/30544802277756928)) +---- +is wondering if logstash cannot be used as a simplified Netflow ipfix collector https://github.com/logstash/logstash + +(Originally on Twitter: [Thu Jan 27 09:13:01 +0000 2011](https://twitter.com/adulau/status/30553854961524736)) +---- +@SteveClement Enjoy your stay in #SF don't forget to bring us a dedicated guitar from your favourite "artist" and a rainbow sticker #bar + +(Originally on Twitter: [Thu Jan 27 15:57:56 +0000 2011](https://twitter.com/adulau/status/30655757322035200)) +---- +New Soekris NET6501 revealed http://www.soekris.com/net6501.htm I'm curious about "GPIO connected to user programmable FPGA" + +(Originally on Twitter: [Thu Jan 27 19:38:49 +0000 2011](https://twitter.com/adulau/status/30711344944648192)) +---- +RT @xme: [/dev/random]: Keep Big Brother away from Your Privacy! http://blog.rootshell.be/2011/01/27/keep-big-brother-away-from-your-pri ... + +(Originally on Twitter: [Thu Jan 27 20:28:39 +0000 2011](https://twitter.com/adulau/status/30723883984232448)) +---- +A future dynamic duo? Forban http://foo.be/forban/ and the PirateBox http://wiki.daviddarts.com/PirateBox #p2p #sharing why not? + +(Originally on Twitter: [Thu Jan 27 22:02:44 +0000 2011](https://twitter.com/adulau/status/30747560339570688)) +---- +Even the root name server (193.227.1.1) for the .eg domain is not responding any more. Announce was withdraw yesterday night #crazy + +(Originally on Twitter: [Fri Jan 28 07:13:59 +0000 2011](https://twitter.com/adulau/status/30886286638190593)) +---- +@FunkySteph You too. Don't forget to have fun and install Tor to support Egyptian people. #privacy #tor + +(Originally on Twitter: [Fri Jan 28 11:08:34 +0000 2011](https://twitter.com/adulau/status/30945320816873472)) +---- +RT @41414141: Seriously @symantec, no less than 4 unauthenticated stack based buffer overflows + 1 command exec via msgsys.exe? Security ... + +(Originally on Twitter: [Fri Jan 28 11:09:44 +0000 2011](https://twitter.com/adulau/status/30945615424782336)) +---- +I use GNU Screen and tmux in parallel. tmux is great but has sometime strange refresh behaviour especially in large terminal... + +(Originally on Twitter: [Fri Jan 28 20:24:38 +0000 2011](https://twitter.com/adulau/status/31085263065190400)) +---- +If you pay a yearly 20%-cost of software maintenance, it doesn't mean that you'll get the maintenance. It just means that you are eligible. + +(Originally on Twitter: [Fri Jan 28 21:01:15 +0000 2011](https://twitter.com/adulau/status/31094474176204800)) +---- +RT @telecomix: Radio amateurs wanting to help #Egypt. Please join this chat http://chat.werebuild.eu/?nick=egypt..&channels=hamradio&uio=d4 + +(Originally on Twitter: [Fri Jan 28 21:04:02 +0000 2011](https://twitter.com/adulau/status/31095175254118401)) +---- +http://fo.vc/1n -> solving truncated shellcode with egg hunter , a nice example with Metasploit #infosec + +(Originally on Twitter: [Sat Jan 29 06:02:07 +0000 2011](https://twitter.com/adulau/status/31230589524779008)) +---- +Now I suppose that everyone is searching for a file named "KAV8.zip" #infosec #av + +(Originally on Twitter: [Sat Jan 29 15:00:58 +0000 2011](https://twitter.com/adulau/status/31366197354172416)) +---- +RT @doctorow: Francis Ford #Coppola is a #copyfighter! http://tinyurl.com/63h7f7p Who knew? + +(Originally on Twitter: [Sat Jan 29 18:34:37 +0000 2011](https://twitter.com/adulau/status/31419960534241280)) +---- +RT @w3c: ISOC's statement on and analysis of the Egyptian Internet shutdown: http://tinyurl.com/4tzytcj + http://tinyurl.com/6f9uhpa + +(Originally on Twitter: [Sun Jan 30 11:10:54 +0000 2011](https://twitter.com/adulau/status/31670685231226880)) +---- +traceroute-circl 0.2 released - https://github.com/CIRCL/traceroute-circl #infosec #csirt #cert + +(Originally on Twitter: [Sun Jan 30 12:10:38 +0000 2011](https://twitter.com/adulau/status/31685718887628800)) +---- +@eromang Thank you but we knew about AbuseHelper as we are already working on some (to be released) extensions... nice project. + +(Originally on Twitter: [Sun Jan 30 12:38:51 +0000 2011](https://twitter.com/adulau/status/31692817814257666)) +---- +RIPE has a live status showing the BGP updates for Egypt : http://stat.ripe.net/egypt/ #bgp #internet + +(Originally on Twitter: [Sun Jan 30 16:18:56 +0000 2011](https://twitter.com/adulau/status/31748206668812288)) +---- +RT @opexxx: DDoS Bot Infests Food Processing Firms: http://bit.ly/eYBIEX + +(Originally on Twitter: [Tue Feb 01 18:01:47 +0000 2011](https://twitter.com/adulau/status/32498862941798401)) +---- +X-ARF is going into the right direction. Using easy "parse-able" format while being human readable. http://x-arf.org/ #csirt #cert + +(Originally on Twitter: [Wed Feb 02 10:34:52 +0000 2011](https://twitter.com/adulau/status/32748779639672833)) +---- +RT @searchio: To kill boredom at hotels rooms, I've been reversing Silverlight's CLR, which is much more broken than I expected. #FUN++ + +(Originally on Twitter: [Wed Feb 02 15:10:09 +0000 2011](https://twitter.com/adulau/status/32818059026628608)) +---- +RT @torproject: Egypt is full online, http://www.renesys.com/blog/2011/02/egypt-returns-to-the-internet.shtml + +(Originally on Twitter: [Wed Feb 02 15:25:39 +0000 2011](https://twitter.com/adulau/status/32821960857616385)) +---- +is wondering if FreeBSD core development finally moved to git for its development? #freebsd + +(Originally on Twitter: [Thu Feb 03 08:15:25 +0000 2011](https://twitter.com/adulau/status/33076074631925760)) +---- +RT @glynmoody: Microsoft Fully Backs H.264 & Has 3,000 Words To Prove It - http://tcrn.ch/hxsd3y just loves smell of proprietary standar ... + +(Originally on Twitter: [Thu Feb 03 08:21:19 +0000 2011](https://twitter.com/adulau/status/33077560313118720)) +---- +Si vous êtes à Paris ce Dimanche 6 février, allez faire quelques photos au musée d'Orsay "Opération OrsayCommons n°2" http://fo.vc/1o + +(Originally on Twitter: [Thu Feb 03 08:26:22 +0000 2011](https://twitter.com/adulau/status/33078831015272449)) +---- +"Legacy certificates generated by OpenSSH might contain data from the stack" http://www.openssh.com/txt/legacy-cert.adv -> use OpenSSH 5.8 + +(Originally on Twitter: [Fri Feb 04 09:47:14 +0000 2011](https://twitter.com/adulau/status/33461570365292544)) +---- +WOOT'11 Call for Papers - http://www.usenix.org/events/woot11/cfp/ - Submissions due: May 2, 2011, 11:59 p.m. PDT #infosec #cfp #usenix + +(Originally on Twitter: [Fri Feb 04 10:10:20 +0000 2011](https://twitter.com/adulau/status/33467384274616320)) +---- +Due to the IPv4 space reaching the limit, the bogon list is now really small : http://fo.vc/1p don't forger to update your filter list... + +(Originally on Twitter: [Fri Feb 04 10:17:31 +0000 2011](https://twitter.com/adulau/status/33469191818317824)) +---- +I enjoy street art and even in Barcelona - http://fo.vc/1q - http://fo.vc/1r (by the way, I'm really sorry for the two tourists ;-) + +(Originally on Twitter: [Fri Feb 04 20:00:42 +0000 2011](https://twitter.com/adulau/status/33615954151735296)) +---- +Major changes in the Apple itunes appstore terms - section added about subscription services in apps http://fo.vc/1s #goodiff #apple #legal + +(Originally on Twitter: [Fri Feb 04 21:11:08 +0000 2011](https://twitter.com/adulau/status/33633677183291392)) +---- +At #FOSDEM lightning talks, many interesting talks with a good diversity. #freesoftware + +(Originally on Twitter: [Sat Feb 05 15:32:36 +0000 2011](https://twitter.com/adulau/status/33910870669004800)) +---- +RT @bitcoineconomy: 1 BTC = $0.86 USD, Size: 5.32M BTC, Last 24h: 0.08M BTC in 0.9K trx, Difficulty: 22.0K, Forum posts/day: 418, Nodes: ... + +(Originally on Twitter: [Sat Feb 05 22:56:48 +0000 2011](https://twitter.com/adulau/status/34022657733165056)) +---- +http://fo.vc/1t Forban "a simple link-local opportunistic p2p free software" presentation given at #FOSDEM https://github.com/adulau/Forban + +(Originally on Twitter: [Sat Feb 05 23:06:34 +0000 2011](https://twitter.com/adulau/status/34025117700997120)) +---- +Funky web crawler of the day "Logict IPv6 Crawler/1.0" but crawling in IPv4 even if my site is also reachable in IPv6... #fail + +(Originally on Twitter: [Sun Feb 06 11:04:54 +0000 2011](https://twitter.com/adulau/status/34205889938329600)) +---- +RT @HerraBRE: Forban is a very interesting take on filesharing: opportunistic over local networks. Neat! #FOSDEM + +(Originally on Twitter: [Sun Feb 06 11:22:19 +0000 2011](https://twitter.com/adulau/status/34210273053122560)) +---- +RT @p4bl0: http://uzy.me/5l Forban looks very interesting :-) #fosdem + +(Originally on Twitter: [Sun Feb 06 11:22:33 +0000 2011](https://twitter.com/adulau/status/34210332666757120)) +---- +If you are at #FOSDEM, don't forget to make a donation to #FOSDEM or any other free software projects present there and you like. + +(Originally on Twitter: [Sun Feb 06 11:27:06 +0000 2011](https://twitter.com/adulau/status/34211477149712384)) +---- +@elise_huard did you get a 'moobs' visual experience in the last days at #fosdem? + +(Originally on Twitter: [Sun Feb 06 13:35:31 +0000 2011](https://twitter.com/adulau/status/34243793075048448)) +---- +@elise_huard ;-) I won't ask if it was going beyond the visual experience. #fosdem + +(Originally on Twitter: [Sun Feb 06 13:38:23 +0000 2011](https://twitter.com/adulau/status/34244515657158657)) +---- +RT @stephaniewojcik: Updated : calls for papers (journals & conferences in FR & EN) on electronic democracy & political communication ht ... + +(Originally on Twitter: [Sun Feb 06 18:42:13 +0000 2011](https://twitter.com/adulau/status/34320976422375424)) +---- +RT @tqbf: Batshit FUD from F5 - don't do SSL on x86 servers, because RSA-1024 and RC4 is "easy pickings" for attackers. http://bit.ly/fmssMK + +(Originally on Twitter: [Sun Feb 06 20:51:06 +0000 2011](https://twitter.com/adulau/status/34353411512074240)) +---- +@0x58 upx -d greenpois0n.exe -> IDA_Pro -> interesting to see how the iBoot is patched... #fun + +(Originally on Twitter: [Mon Feb 07 12:50:33 +0000 2011](https://twitter.com/adulau/status/34594864700198912)) +---- +Some years ago, I filled the Bug #241305 at Ubuntu... just to enable security.ubuntu.com in #IPv6. http://fo.vc/1u + +(Originally on Twitter: [Mon Feb 07 22:34:35 +0000 2011](https://twitter.com/adulau/status/34741842452938753)) +---- +RT @lkratz: Générateur de start-up : http://www.ykombinator.com/ . Exactement ce que je cherchais. + +(Originally on Twitter: [Tue Feb 08 11:07:27 +0000 2011](https://twitter.com/adulau/status/34931308161531904)) +---- +With those spammers, you discover something new everyday: did you know that FBI had a lottery? #spam #stupid + +(Originally on Twitter: [Tue Feb 08 13:08:11 +0000 2011](https://twitter.com/adulau/status/34961693117259776)) +---- +RT @chaosupdates: Save the date! #CCC camp is coming up, 10-14th August 2011 +at Finowfurt. http://events.ccc.de/2010/08/10/chaos-communi ... + +(Originally on Twitter: [Tue Feb 08 16:11:18 +0000 2011](https://twitter.com/adulau/status/35007775515877376)) +---- +Just finished "Globalia" a nice and smooth book written by Jean-Christophe Rufin #utopia #book #reading #scifi + +(Originally on Twitter: [Tue Feb 08 20:39:08 +0000 2011](https://twitter.com/adulau/status/35075176345370624)) +---- +A bluetooth honeypot - bluepot http://code.google.com/p/bluepot #infosec #bluetooth #honeypot + +(Originally on Twitter: [Wed Feb 09 09:44:16 +0000 2011](https://twitter.com/adulau/status/35272762515787777)) +---- +Dear @belgacom when do you plan to add IPv6 for your ADSL customer? I would love to be a beta tester... + +(Originally on Twitter: [Wed Feb 09 09:52:14 +0000 2011](https://twitter.com/adulau/status/35274767623782400)) +---- +@0x58 Maybe @belgacom may charge for IPv6 but the current service is for Internet access and IPv6 is also Internet ;-) + +(Originally on Twitter: [Wed Feb 09 10:35:50 +0000 2011](https://twitter.com/adulau/status/35285738765565952)) +---- +@danchodanchev Do you know the method of the eurostat survey? and where the 87% is coming from? I can't find it in the eurostat source. thx. + +(Originally on Twitter: [Wed Feb 09 11:39:04 +0000 2011](https://twitter.com/adulau/status/35301650776330240)) +---- +@thorstenholz How does an end-user know when the A/V fails? Maybe they have to wait for their next bank statement... ;-) + +(Originally on Twitter: [Wed Feb 09 11:56:27 +0000 2011](https://twitter.com/adulau/status/35306028824403968)) +---- +Should we be worried if the session fingerprint is not matching in one way for TextSecure? #sms @whispersystems + +(Originally on Twitter: [Wed Feb 09 12:52:04 +0000 2011](https://twitter.com/adulau/status/35320024608546816)) +---- +@ChrisJohnRiley Good luck. I'm sure you'll rock SAP ;-) + +(Originally on Twitter: [Wed Feb 09 16:52:19 +0000 2011](https://twitter.com/adulau/status/35380483453882369)) +---- +"The Linux Programming Interface" book is a work of art. I was looking for a terminal flag and I found the only correct answer in that book. + +(Originally on Twitter: [Wed Feb 09 20:29:16 +0000 2011](https://twitter.com/adulau/status/35435079736098816)) +---- +RT @circl_lu: CIRCL published a technical report about the security of iOS based devices - http://www.circl.lu/ #ios #mobilesecurity #in ... + +(Originally on Twitter: [Thu Feb 10 14:41:35 +0000 2011](https://twitter.com/adulau/status/35709970305523712)) +---- +http://www.cuckoobox.org/ "binary analysis sandbox, designed and developed with the general purpose of automating the analysis of malware." + +(Originally on Twitter: [Thu Feb 10 15:30:15 +0000 2011](https://twitter.com/adulau/status/35722220491902976)) +---- +Why so many website (like Twitter) when changing your password, your old cookies are still valid for weeks... they should force to sign out + +(Originally on Twitter: [Thu Feb 10 18:03:01 +0000 2011](https://twitter.com/adulau/status/35760661954826240)) +---- +@eromang right. that why an "rm -rf" of "~/.macromedia/Flash_Player/#SharedObjects/" at each browser shutdown is useful. #privacy #infosec + +(Originally on Twitter: [Thu Feb 10 22:24:47 +0000 2011](https://twitter.com/adulau/status/35826540864348160)) +---- +RT @p4ula: WikiLeaks, Anonymous style: http://anonleaks.ru . Yes, *the* Anonymous. #popcorn + +(Originally on Twitter: [Sat Feb 12 16:56:24 +0000 2011](https://twitter.com/adulau/status/36468673849856000)) +---- +Another way to bypass a DLP (Data Leak Prevention) system via a faked USB keyboard... http://fo.vc/1v #infosec #dlp_snakeoil + +(Originally on Twitter: [Sat Feb 12 17:14:41 +0000 2011](https://twitter.com/adulau/status/36473276305911808)) +---- +What's the heck is the DNA Spray used in Amsterdam? http://fo.vc/1w it seems to be a joke? At least, I hope so. + +(Originally on Twitter: [Sat Feb 12 18:05:24 +0000 2011](https://twitter.com/adulau/status/36486040248131584)) +---- +@thomashawk Thank for your wonderful shots. If you had to go on an island with one lens? 24-70 f2.8 or 135 f2 or 50mm f1.2? + +(Originally on Twitter: [Sat Feb 12 18:42:39 +0000 2011](https://twitter.com/adulau/status/36495414488211456)) +---- +I'm anxiously waiting for 2054 when the copyright on Tintin will be expired. #copyrightdelirium #tintin + +(Originally on Twitter: [Sun Feb 13 09:17:28 +0000 2011](https://twitter.com/adulau/status/36715571051503616)) +---- +Did you know that @MonsantoCo is actively lobbying at EU EC "Health and Consumers DG" to weaken the current "zero tolerance" for GMO import? + +(Originally on Twitter: [Sun Feb 13 10:02:35 +0000 2011](https://twitter.com/adulau/status/36726922641674240)) +---- +@xme I hope you purchased the SSD ones. That's a real comfort especially when you travel a lot. + +(Originally on Twitter: [Sun Feb 13 17:26:48 +0000 2011](https://twitter.com/adulau/status/36838715217154048)) +---- +Now I understand Nokia's strategy, platform diversity (MeeGo, Symbian, WP7) is there to limit malware infection. + +(Originally on Twitter: [Sun Feb 13 18:13:39 +0000 2011](https://twitter.com/adulau/status/36850503103025152)) +---- +If you are looking for a great command line tool to search your Maildir mbox, Mu is great. http://www.djcbsoftware.nl/code/mu/ + +(Originally on Twitter: [Sun Feb 13 21:19:43 +0000 2011](https://twitter.com/adulau/status/36897330535858176)) +---- +@fboule To be on the safe side, I would push the update on GitHub and Gitorious. It's also better for your project visibility. #git + +(Originally on Twitter: [Mon Feb 14 15:29:32 +0000 2011](https://twitter.com/adulau/status/37171591347445760)) +---- +RT @taosecurity: If your "security program" resembles "we're going to deploy new tech like DLP," instead of building new "services" (lik ... + +(Originally on Twitter: [Mon Feb 14 20:10:55 +0000 2011](https://twitter.com/adulau/status/37242404973056000)) +---- +Working on a web-based annotation extension to GooDiff - but more complex than expected... #goodiff #quuxlabs + +(Originally on Twitter: [Mon Feb 14 22:08:05 +0000 2011](https://twitter.com/adulau/status/37271887507628032)) +---- +@lensassaman yes but usually card dumps on CC forum are from old-style skimmer (and mainly from US). US banks don't want to invest in ATM. + +(Originally on Twitter: [Tue Feb 15 09:28:00 +0000 2011](https://twitter.com/adulau/status/37442997507330048)) +---- +@securityall The volume of skimming in the US on ageing magnetic strip ATM is really important compared to EU. + +(Originally on Twitter: [Tue Feb 15 09:35:23 +0000 2011](https://twitter.com/adulau/status/37444855911292929)) +---- +@lensassaman @security4all I think it's easier to get cash via "western union" outside EU. I know it's usually used by malware casher... + +(Originally on Twitter: [Tue Feb 15 09:53:08 +0000 2011](https://twitter.com/adulau/status/37449319845986304)) +---- +@lensassaman Yep. The other way to send cash is to use an express courier... I fully agree that blocking Maestro outside EU is stupid. + +(Originally on Twitter: [Tue Feb 15 10:05:14 +0000 2011](https://twitter.com/adulau/status/37452367435665408)) +---- +RT @ochsff: @shadowserver does it for free -- RT @lcamtuf: http://goo.gl/J08oB. Hey, I'll happily monitor botnets for $1M/yr. + +(Originally on Twitter: [Tue Feb 15 19:19:36 +0000 2011](https://twitter.com/adulau/status/37591875691102208)) +---- +@fboule ssh-keydb looks interesting. How do you push and track securely the authorized_keys file? Do you have a kind of master key? + +(Originally on Twitter: [Wed Feb 16 22:14:01 +0000 2011](https://twitter.com/adulau/status/37998159296856064)) +---- +RT @thomashawk: the five new Banksys in Los Angeles from Banky's website. http://goo.gl/4NhFa + +(Originally on Twitter: [Thu Feb 17 05:43:25 +0000 2011](https://twitter.com/adulau/status/38111252421017600)) +---- +"ILSpy is the open-source .NET assembly browser and decompiler." http://wiki.sharpdevelop.net/ilspy.ashx #infosec #reversing + +(Originally on Twitter: [Thu Feb 17 08:04:04 +0000 2011](https://twitter.com/adulau/status/38146647544303616)) +---- +RT @PvdWalle: @rafik @mathieuweill @bortzmeyer le gouvt belge démissionnaire fait du bon boulot. Gestion prudente. Pas de surenchères p ... + +(Originally on Twitter: [Fri Feb 18 10:01:03 +0000 2011](https://twitter.com/adulau/status/38538478182469633)) +---- +https://github.com/akheron/sala Simple encrypted password storage relying on GnuPG symmetric encryption. #infosec + +(Originally on Twitter: [Fri Feb 18 19:55:48 +0000 2011](https://twitter.com/adulau/status/38688149584625664)) +---- +I like having a segfault while just doing a telnet to a byte stream oriented network service. #reversing #fun + +(Originally on Twitter: [Fri Feb 18 21:13:03 +0000 2011](https://twitter.com/adulau/status/38707592322756608)) +---- +@bortzmeyer I'm wondering why OARC is still using Subversion. Not easy for tracking and contributing - https://github.com/adulau/dnscap + +(Originally on Twitter: [Sat Feb 19 15:56:06 +0000 2011](https://twitter.com/adulau/status/38990214802186241)) +---- +@bortzmeyer Thank you, I really would like too but other CSIRTs activities. Do you know already when/where will be the 2012 workshop? #oarc + +(Originally on Twitter: [Sat Feb 19 16:19:53 +0000 2011](https://twitter.com/adulau/status/38996201630216192)) +---- +Thumbs up to the #AFNIC for their transparency regarding the DNSSEC incident of 12 February. http://fo.vc/1x #dnssec + +(Originally on Twitter: [Sat Feb 19 18:18:18 +0000 2011](https://twitter.com/adulau/status/39026002436947968)) +---- +love the latest "Banksy" team work in LA where Mickey Mouse and Minnie are living the "dream"... http://fo.vc/1y #art #society #consumerism + +(Originally on Twitter: [Sun Feb 20 08:39:42 +0000 2011](https://twitter.com/adulau/status/39242781754916864)) +---- +http://fo.vc/1z FIPS-180-4 Draft (SHA-2) released and introduces speed improvement for 64-bit operations. Good or bad news ;-) #crypto #fips + +(Originally on Twitter: [Sun Feb 20 09:01:00 +0000 2011](https://twitter.com/adulau/status/39248138321530880)) +---- +If you are interested in the tamperproof approach of Skype to protected its binary read section 7.2.4 of "Surreptitious Software" #reverse + +(Originally on Twitter: [Sun Feb 20 14:12:32 +0000 2011](https://twitter.com/adulau/status/39326539636019200)) +---- +https://github.com/mattsta/redisfuse Yep redis accessible as a filesystem via fusefs... It looks crazy but could be useful. #redis #fuse + +(Originally on Twitter: [Sun Feb 20 21:16:18 +0000 2011](https://twitter.com/adulau/status/39433182717681664)) +---- +ISC continues the HTTP headers project : http://isc.sans.edu/httpheaders/ not much web sites with X-XSS-Protection headers #infosec #http + +(Originally on Twitter: [Tue Feb 22 18:23:42 +0000 2011](https://twitter.com/adulau/status/40114524673675264)) +---- +@DidierStevens Nice sensor. I think I'll replace my old sensor for a similar one with humidity for my bookshelf monitoring http://fo.vc/1B + +(Originally on Twitter: [Tue Feb 22 20:24:27 +0000 2011](https://twitter.com/adulau/status/40144909881180160)) +---- +RT @circl_lu: ISC releases a BIND advisory regarding a potential denial-of-service attack on name-servers using ISC BIND http://fo.vc/1C ... + +(Originally on Twitter: [Wed Feb 23 15:52:02 +0000 2011](https://twitter.com/adulau/status/40438745215926272)) +---- +AEG - automatically finds security-critical bugs and generate exploits - http://fo.vc/1D looks very nice but where is the source code? #NDSS + +(Originally on Twitter: [Wed Feb 23 21:56:36 +0000 2011](https://twitter.com/adulau/status/40530491144667136)) +---- +@AcidRampage Yes that's often the case for academic papers with nice and shiny description until you ask where to get the code. #cs + +(Originally on Twitter: [Wed Feb 23 22:16:20 +0000 2011](https://twitter.com/adulau/status/40535456160419840)) +---- +http://fo.vc/1E "Pattern is a web mining module for the Python programming language." #nlp #datamining #python + +(Originally on Twitter: [Thu Feb 24 19:37:17 +0000 2011](https://twitter.com/adulau/status/40857818743443456)) +---- +Finally sent my email to Apple to get the refund of the never used MacOS License. My MBP is only running GNU/Linux. #freesoftware + +(Originally on Twitter: [Fri Feb 25 15:07:32 +0000 2011](https://twitter.com/adulau/status/41152322188877824)) +---- +RT @antirez: membase guys don't always behave correctly in hacker news comments IMHO. Too marketing oriented in programming forums sucks. + +(Originally on Twitter: [Fri Feb 25 19:47:21 +0000 2011](https://twitter.com/adulau/status/41222740337901568)) +---- +@antirez Thank you for Redis. This is a great free software. I solved a never ending RDBMS issue with an 1 hour Perl script and Redis. + +(Originally on Twitter: [Fri Feb 25 21:24:11 +0000 2011](https://twitter.com/adulau/status/41247106853380096)) +---- +@btwotch @0x58 My chance of success with Apple is similar to the early days where it was impossible to get a laptop without MSFT Windows. + +(Originally on Twitter: [Fri Feb 25 21:47:10 +0000 2011](https://twitter.com/adulau/status/41252892220456960)) +---- +RT @jzawodn: Redis Sharding at Craigslist: http://blog.zawodny.com/2011/02/26/redis-sharding-at-craigslist/ #redis + +(Originally on Twitter: [Sun Feb 27 08:45:41 +0000 2011](https://twitter.com/adulau/status/41780998827941888)) +---- +If I have again a student reluctant to contribute to free software because "it's too difficult", I'll show this contribution http://fo.vc/1F + +(Originally on Twitter: [Sun Feb 27 16:02:13 +0000 2011](https://twitter.com/adulau/status/41890857196064768)) +---- +SIFTR (Statistical Information For TCP Research) is included in the latest FreeBSD 8.2 -> logging stats of active TCP sessions #networking + +(Originally on Twitter: [Sun Feb 27 18:01:45 +0000 2011](https://twitter.com/adulau/status/41920941256744960)) +---- +What's the heck is the "o-o.resolver.<dotted>.clientip>.<nonce>.metricz.l.google.com" reply when you query the Google load balancer? @google + +(Originally on Twitter: [Mon Feb 28 13:50:27 +0000 2011](https://twitter.com/adulau/status/42220086458720256)) +---- +@security4all I think having an invitation from John Ripper is nicer than one from Jack the Ripper... + +(Originally on Twitter: [Mon Feb 28 19:16:11 +0000 2011](https://twitter.com/adulau/status/42302057230774272)) +---- +@kraih I really enjoy the secure by default HTML escaping in Mojolicious. By the way, really nice web framework. #perl + +(Originally on Twitter: [Mon Feb 28 20:51:43 +0000 2011](https://twitter.com/adulau/status/42326102336733184)) +---- +RT @mattblaze: My take on IEEE (& ACM) copyright coercion: http://crypto.com/blog/copywrongs/ + +(Originally on Twitter: [Tue Mar 01 05:43:40 +0000 2011](https://twitter.com/adulau/status/42459970876354560)) +---- +http://fo.vc/1G Microsoft excludes the copyleft licenses from their Windows Phone 7 store... monopolist in action... #microsoft #copyleft + +(Originally on Twitter: [Tue Mar 01 07:28:48 +0000 2011](https://twitter.com/adulau/status/42486428231413760)) +---- +Lesson learned today: "Sometime there is much more research in an irc channel with free software developers than in an university dept.". + +(Originally on Twitter: [Tue Mar 01 21:51:46 +0000 2011](https://twitter.com/adulau/status/42703599523987456)) +---- +Zynamics acquired by Google http://fo.vc/1H - What's next? Hex-Rays... Imagine BinDiff + IDA Pro as a web-based google product ;-) #infosec + +(Originally on Twitter: [Tue Mar 01 22:03:19 +0000 2011](https://twitter.com/adulau/status/42706506549960704)) +---- +RT @mattblaze: Join me in refusing to serve on PCs of conferences with closed-access proceedings: http://crypto.com/blog/copywrongs + +(Originally on Twitter: [Tue Mar 01 22:08:48 +0000 2011](https://twitter.com/adulau/status/42707886010408960)) +---- +@gandibar Could you support the SSHFP DNS Record Type in your interface? #RFC4255 #infosec + +(Originally on Twitter: [Wed Mar 02 11:01:29 +0000 2011](https://twitter.com/adulau/status/42902341388746752)) +---- +@FunkySteph We hope everything is fine for you. A nice photographic idea : http://arinfishkin.com/fishkin_delayed_gratification.html + +(Originally on Twitter: [Thu Mar 03 15:29:52 +0000 2011](https://twitter.com/adulau/status/43332270307803137)) +---- +Volatility, an advanced memory forensics Python framework is getting better and better... http://fo.vc/1I #forensic #infosec + +(Originally on Twitter: [Thu Mar 03 22:24:59 +0000 2011](https://twitter.com/adulau/status/43436736159821824)) +---- +@raf_iot Great news. By the way, a whois query interface for #bgpranking is on its way along to include the ranking in traceroute-circl. + +(Originally on Twitter: [Thu Mar 03 22:32:32 +0000 2011](https://twitter.com/adulau/status/43438635240005632)) +---- +RT @_ddenis_: L'Hadopi belge refait surface, la contre-riposte graduée s'organise: http://bit.ly/gyQ6c9 #etraces + +(Originally on Twitter: [Thu Mar 03 22:42:33 +0000 2011](https://twitter.com/adulau/status/43441157518266368)) +---- +RT @circl_lu: If you need to reverse analyze a suspicious Android Apps, androguard is very handy. http://fo.vc/1K #python #infosec + +(Originally on Twitter: [Fri Mar 04 10:38:00 +0000 2011](https://twitter.com/adulau/status/43621204459929600)) +---- +"Scheduler Vulnerabilities and Attacks in Cloud Computing" - http://arxiv.org/abs/1103.0759 #amazon #ec2 #infosec + +(Originally on Twitter: [Fri Mar 04 19:35:05 +0000 2011](https://twitter.com/adulau/status/43756368909451264)) +---- +A simple Scalar::Util::weaken() at the right place just saved me 4GB of memory on a long lasting program in Perl.... #perl + +(Originally on Twitter: [Fri Mar 04 21:51:32 +0000 2011](https://twitter.com/adulau/status/43790704782213121)) +---- +If the police ask you to give back their tracking device, ask them to provide you a written letter with the serial number of their device... + +(Originally on Twitter: [Sat Mar 05 10:22:46 +0000 2011](https://twitter.com/adulau/status/43979759549562880)) +---- +made some notes about monitoring processes who like to eat too much memory... -> http://fo.vc/1L #unix #munin #monitoring + +(Originally on Twitter: [Sat Mar 05 11:23:56 +0000 2011](https://twitter.com/adulau/status/43995154700451840)) +---- +http://fo.vc/1M Roberto Di Cosmo fait un manifeste pour les creations artistiques libres mais le livre n'est pas libre (CC-BY-NC-ND) dommage + +(Originally on Twitter: [Sun Mar 06 07:59:42 +0000 2011](https://twitter.com/adulau/status/44306142817562624)) +---- +http://fo.vc/1O NSA published a nice "Security Tips for Personally Managed Apple iPhones" #infosec #mobilephone + +(Originally on Twitter: [Mon Mar 07 11:52:01 +0000 2011](https://twitter.com/adulau/status/44726996676259840)) +---- +Wietse Venema explained the plaintext injection in STARTTLS discovered in multiple software implementation http://fo.vc/1P #infosec + +(Originally on Twitter: [Mon Mar 07 22:06:04 +0000 2011](https://twitter.com/adulau/status/44881526348972032)) +---- +The new version of arp-scan includes the ability to add 802.1q vlan tag. http://www.nta-monitor.com/tools/arp-scan/ #infosec + +(Originally on Twitter: [Tue Mar 08 08:32:24 +0000 2011](https://twitter.com/adulau/status/45039149413183488)) +---- +RT @_LarsH: Smashthestack.org just announced a new wargame! Check it out at http://amateria.smashthestack.org:89/ But first finish codeg ... + +(Originally on Twitter: [Tue Mar 08 12:21:31 +0000 2011](https://twitter.com/adulau/status/45096808577372160)) +---- +looked in a passive DNS dataset, I'm surprised to see so many NS records with RFC 1918 addresses... + +(Originally on Twitter: [Tue Mar 08 21:24:11 +0000 2011](https://twitter.com/adulau/status/45233375153360898)) +---- +"How Unique and Traceable are Usernames?" http://arxiv.org/abs/1101.5578 #privacy #infosec + +(Originally on Twitter: [Wed Mar 09 09:22:01 +0000 2011](https://twitter.com/adulau/status/45414021578498048)) +---- +RT @obra: Apple's charging for Xcode 4? So. Uh. When do we think that we're going to have to start paying to use HTML5 apps in Safari? + +(Originally on Twitter: [Wed Mar 09 21:15:28 +0000 2011](https://twitter.com/adulau/status/45593568320040960)) +---- +@mattblaze I think to convert my yearly subscription to ACM into a yearly donation to arXiv . Would this help? #copyrightdelirium + +(Originally on Twitter: [Wed Mar 09 21:59:55 +0000 2011](https://twitter.com/adulau/status/45604754503630848)) +---- +RT @alexsotirov: My new project: short reviews of the essential contributions from the latest conference presentations: http://research. ... + +(Originally on Twitter: [Thu Mar 10 20:21:09 +0000 2011](https://twitter.com/adulau/status/45942287569661952)) +---- +RT @epelboin: Les musulmans sont les nouveaux juifs de la France, je suis d'accord avec Badinter http://ow.ly/4biZy + +(Originally on Twitter: [Fri Mar 11 06:01:14 +0000 2011](https://twitter.com/adulau/status/46088271171825664)) +---- +(unofficial) delicious sold for $5 Million+? Maybe it's time to build a really free and community-driven social bookmarking -> #tagr + +(Originally on Twitter: [Fri Mar 11 16:24:53 +0000 2011](https://twitter.com/adulau/status/46245215786377216)) +---- +Very nifty ISO 8583 TLV EMV data decoder - http://iso8583.info/tools/TLVdecoder/ #smartcard #apdu #emv + +(Originally on Twitter: [Sat Mar 12 16:05:04 +0000 2011](https://twitter.com/adulau/status/46602619384377344)) +---- +hack.lu 2011 call for paper released - http://2011.hack.lu/cfp/ #hacklu #cfp #infosec #conference + +(Originally on Twitter: [Sun Mar 13 15:00:08 +0000 2011](https://twitter.com/adulau/status/46948663234277376)) +---- +Japan - official "Nuclear and Industrial Safety Agency" 19th report http://fo.vc/1Q -> do not mixup microSv/h - milliSv/h #japan #nuclear + +(Originally on Twitter: [Sun Mar 13 15:56:40 +0000 2011](https://twitter.com/adulau/status/46962889491361792)) +---- +@lensassaman Running 30+ years-old nuclear plant is also very opportunistic ;-) + +(Originally on Twitter: [Sun Mar 13 17:27:46 +0000 2011](https://twitter.com/adulau/status/46985816026791936)) +---- +@lensassaman I tend to prefer the PWR design. Maybe because it's the main design in Belgium and its surrounding.... #nuclear + +(Originally on Twitter: [Sun Mar 13 17:54:24 +0000 2011](https://twitter.com/adulau/status/46992519501852672)) +---- +@dj_juice24 @lensassaman The mixed-oxide can be indeed the most toxic part. What kind of mixed oxide is there? U/Pu + Cm? + +(Originally on Twitter: [Sun Mar 13 18:02:59 +0000 2011](https://twitter.com/adulau/status/46994679652294656)) +---- +@maradydd @lensassaman Right, CANDUs-improved would be better than nothing but the production of deuterium is not really cost effective... + +(Originally on Twitter: [Sun Mar 13 18:22:40 +0000 2011](https://twitter.com/adulau/status/46999632630382592)) +---- +Someone asked me if I'm regularly measuring radioactivity at home. Yes I do... http://www.flickr.com/photos/adulau/5523192214/ #curiosity + +(Originally on Twitter: [Sun Mar 13 18:36:14 +0000 2011](https://twitter.com/adulau/status/47003049327202304)) +---- +@security4all QUART-RAD products are designed and built in Russia. It's a simple, cheap and rock-solid device. Just missing an USB plug... + +(Originally on Twitter: [Sun Mar 13 18:53:21 +0000 2011](https://twitter.com/adulau/status/47007354193059840)) +---- +@security4all http://www.anythingradioactive.com/geiger.htm should work + +(Originally on Twitter: [Sun Mar 13 19:23:43 +0000 2011](https://twitter.com/adulau/status/47014995682263040)) +---- +@DidierStevens The Geiger-Muller tube design seems a bit different (limited?) in the DIY version. We could check with a reference source. + +(Originally on Twitter: [Sun Mar 13 20:35:09 +0000 2011](https://twitter.com/adulau/status/47032975203909632)) +---- +RT @mattblaze: Bulk of analysis of Japan situation seems to be from either nuclear apologists or anti-nuclear hysterics. #sciencedoesntw ... + +(Originally on Twitter: [Sun Mar 13 20:44:41 +0000 2011](https://twitter.com/adulau/status/47035374958166016)) +---- +@DidierStevens If you find one tube with a good detection rate for beta/gamma and a simple to interface. let me know, thx. #stickers + +(Originally on Twitter: [Sun Mar 13 20:44:56 +0000 2011](https://twitter.com/adulau/status/47035437155483648)) +---- +@maraegyt any country where the police is requesting back their tracking device ;-) + +(Originally on Twitter: [Mon Mar 14 11:12:51 +0000 2011](https://twitter.com/adulau/status/47253854810677248)) +---- +RT @p4ula: High-res satellite image of Fukushima I plant after second explosion: http://flic.kr/p/9qiBWB + +(Originally on Twitter: [Mon Mar 14 17:10:28 +0000 2011](https://twitter.com/adulau/status/47343850326466560)) +---- +http://fo.vc/1R -> Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat CVE-2011-0609 (all platform) #infosec #flash + +(Originally on Twitter: [Mon Mar 14 20:07:10 +0000 2011](https://twitter.com/adulau/status/47388318534598657)) +---- +While debugging, I like to do "while true ; do tmux next-window ; sleep 5; done" to not overload my tmux session with many "tail -F" in // + +(Originally on Twitter: [Mon Mar 14 20:48:00 +0000 2011](https://twitter.com/adulau/status/47398597486055425)) +---- +RT @raf_iot: Just add a list of IPs provided by @_MDL_ to #bgpranking it gives interesting results... http://bgpranking.circl.lu/ (cc @a ... + +(Originally on Twitter: [Mon Mar 14 21:42:04 +0000 2011](https://twitter.com/adulau/status/47412203661426688)) +---- +@thierryzoller I suppose they forgot to read the RFC 4880 and they don't do RSASSA-PSS... #crypto + +(Originally on Twitter: [Tue Mar 15 21:39:56 +0000 2011](https://twitter.com/adulau/status/47774053498503168)) +---- +RT @sam280: "The Stealthiest File Infector Ever!" http://is.gd/jU7uTI <- hmm apparently @symantec never heard of CreateFile(..., FILE ... + +(Originally on Twitter: [Tue Mar 15 22:50:28 +0000 2011](https://twitter.com/adulau/status/47791802782203904)) +---- +RT @circl_lu: Until a patch for Adobe Flash is released, US-CERT published a list of workarounds http://fo.vc/1S #infosec + +(Originally on Twitter: [Wed Mar 16 08:54:44 +0000 2011](https://twitter.com/adulau/status/47943872042631168)) +---- +@security4all The leukemogenicity of ionizing radiation has been shown and demonstrated many times... + +(Originally on Twitter: [Wed Mar 16 10:43:21 +0000 2011](https://twitter.com/adulau/status/47971204463738880)) +---- +http://www.rsa.com/node.aspx?id=3872 "RSA identified an extremely sophisticated cyber attack in progress being mounted against them" + +(Originally on Twitter: [Thu Mar 17 21:59:48 +0000 2011](https://twitter.com/adulau/status/48503829192392705)) +---- +I discover that my best thermal radiation detector is my cat, maybe I can verify the Planck's law with my cat too? #cat #physics + +(Originally on Twitter: [Sun Mar 20 08:56:37 +0000 2011](https://twitter.com/adulau/status/49393896630923264)) +---- +http://fo.vc/1U "Syslog Extension for Cloud Using Syslog Structured Data" -> show how identitier and resources exist in the "cloud" #ietf-ID + +(Originally on Twitter: [Sun Mar 20 09:09:56 +0000 2011](https://twitter.com/adulau/status/49397246755749888)) +---- +Now we have nice facts why enterprise should use their own private key for the generation scheme of their OTP tokens #HOTP #infosec #rfc4226 + +(Originally on Twitter: [Sun Mar 20 10:09:42 +0000 2011](https://twitter.com/adulau/status/49412287580217344)) +---- +@tkeetch They should, at least for hard tokens (standalone) or paper tokens. Some hard token vendors allow to change the PSK. + +(Originally on Twitter: [Sun Mar 20 14:27:40 +0000 2011](https://twitter.com/adulau/status/49477209496367105)) +---- +@tkeetch Regarding soft tokens, I would recommend to avoid them. A phone is just a operating system where it's difficult to secure a PSK... + +(Originally on Twitter: [Sun Mar 20 14:30:29 +0000 2011](https://twitter.com/adulau/status/49477919390695426)) +---- +It seems that I hit the wonderful Date::Manip memory leak by processing millions of records... grrrrrrr. http://fo.vc/1V #perl + +(Originally on Twitter: [Sun Mar 20 18:21:40 +0000 2011](https://twitter.com/adulau/status/49536095846797312)) +---- +@tkeetch http://www.yubico.com/personalization-tool - YubiKey is one example. There are other RFC4226 hard tokens where you can set the psk + +(Originally on Twitter: [Sun Mar 20 22:07:36 +0000 2011](https://twitter.com/adulau/status/49592956365193219)) +---- +a good start for the morning, a Certificate Authority compromised? http://fo.vc/1W #pki #x509 #infosec + +(Originally on Twitter: [Wed Mar 23 06:00:04 +0000 2011](https://twitter.com/adulau/status/50436630204526592)) +---- +@kaizeronion 0,16 uSv/h (not far away from you ;-) + +(Originally on Twitter: [Wed Mar 23 12:06:22 +0000 2011](https://twitter.com/adulau/status/50528814694006784)) +---- +RT @xme: How to deal with your #RSA tokens from now? http://twitpic.com/4cetx4 + +(Originally on Twitter: [Wed Mar 23 12:14:13 +0000 2011](https://twitter.com/adulau/status/50530788327948288)) +---- +RT @circl_lu: http://fo.vc/1X - "Firefox Blocking Fraudulent Certificates" - Double check any certificate issued by the mentioned certif ... + +(Originally on Twitter: [Wed Mar 23 12:24:14 +0000 2011](https://twitter.com/adulau/status/50533310857879552)) +---- +http://fo.vc/1Y - "Unsolicited Internet Traffic from Libya" #internet #ripe #caida + +(Originally on Twitter: [Wed Mar 23 17:56:34 +0000 2011](https://twitter.com/adulau/status/50616944625324032)) +---- +http://fo.vc/1Z Major changes in the eBay privacy policy mentioning "approved by a number of European Union privacy regulators" ? #privacy + +(Originally on Twitter: [Thu Mar 24 05:21:09 +0000 2011](https://twitter.com/adulau/status/50789225444016128)) +---- +I'm finally registered for #HES2011 http://hackitoergosum.org/ - see you there... #infosec + +(Originally on Twitter: [Thu Mar 24 10:45:12 +0000 2011](https://twitter.com/adulau/status/50870776852779008)) +---- +Repeat after: "Single sign-on is not a security feature, it's the opposite" #infosec #fail + +(Originally on Twitter: [Thu Mar 24 13:12:24 +0000 2011](https://twitter.com/adulau/status/50907818009698305)) +---- +@mleisi "Single sign-on" and "done right" usually don't show together... + +(Originally on Twitter: [Thu Mar 24 13:30:07 +0000 2011](https://twitter.com/adulau/status/50912276747788288)) +---- +RT @JohnDCook: Enterprise software http://bit.ly/Hr158 + +(Originally on Twitter: [Thu Mar 24 14:07:15 +0000 2011](https://twitter.com/adulau/status/50921624425340929)) +---- +RT @mattblaze: Why does IEEE want to charge authors $3K for something Usenix provides for free? + +(Originally on Twitter: [Thu Mar 24 16:09:25 +0000 2011](https://twitter.com/adulau/status/50952366127726592)) +---- +Don't forget that the free typeface "DejaVu Sans Mono" is very close to the "Apple Menlo". A good news for free terminal riders like us. + +(Originally on Twitter: [Fri Mar 25 00:13:18 +0000 2011](https://twitter.com/adulau/status/51074139901005827)) +---- +Rules are made to be broken especially when it's a PKI. #infosec + +(Originally on Twitter: [Sat Mar 26 09:15:39 +0000 2011](https://twitter.com/adulau/status/51573014390775808)) +---- +@bortzmeyer ton article "Michel Riguidel est un imposteur" est excellent, il devrait être une réponse officielle dans @lemondefr ... + +(Originally on Twitter: [Sat Mar 26 14:59:52 +0000 2011](https://twitter.com/adulau/status/51659639053496320)) +---- +Technical Analysis and Win7 Exploitation of Flash 0Day CVE-2011-0609 http://www.vupen.com/blog/ #infosec #aslr + +(Originally on Twitter: [Sun Mar 27 11:25:37 +0000 2011](https://twitter.com/adulau/status/51968111431254016)) +---- +@kraih The failraptor is great. Maybe the tail of the Velociraptor is bit longer and larger at the end... It's so #perl style. #mojolicious + +(Originally on Twitter: [Mon Mar 28 20:26:12 +0000 2011](https://twitter.com/adulau/status/52466539030528000)) +---- +is dreaming of IRT Object references not only for inetnum objects but also for domain name objects... #whois + +(Originally on Twitter: [Tue Mar 29 11:59:33 +0000 2011](https://twitter.com/adulau/status/52701424408207360)) +---- +RT @circl_lu: A kind reminder for Mac OS users, OCSP and CRL checks are not enabled by default. Don't forget to enable it in Keychain Ac ... + +(Originally on Twitter: [Tue Mar 29 15:24:45 +0000 2011](https://twitter.com/adulau/status/52753064481923072)) +---- +@mytweet_id you're very welcome. We are still wondering about the iOS devices and how the OCSP and CRL can be (de)activated... + +(Originally on Twitter: [Tue Mar 29 19:22:19 +0000 2011](https://twitter.com/adulau/status/52812851617873920)) +---- +RT @msftmmpc: Very bad news, with more bad news embedded http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad- ... + +(Originally on Twitter: [Tue Mar 29 21:33:58 +0000 2011](https://twitter.com/adulau/status/52845981246570496)) +---- +Are you TCP_TW_REUSE or TCP_TW_RECYCLE? That's the question. #tcp + +(Originally on Twitter: [Tue Mar 29 22:18:20 +0000 2011](https://twitter.com/adulau/status/52857146383151104)) +---- +"A Comparison of Link Layer Attacks on Wireless Sensor Networks" http://arxiv.org/abs/1103.5589 not highly technical but interesting... + +(Originally on Twitter: [Wed Mar 30 11:25:25 +0000 2011](https://twitter.com/adulau/status/53055223123554304)) +---- +@SteveClement @PitWenkin at least, it's Twinings... not the evil dust from Lipton. But if you really like tea bags -> Taylors of Harrogate + +(Originally on Twitter: [Wed Mar 30 20:13:29 +0000 2011](https://twitter.com/adulau/status/53188114662965248)) +---- +@PitWenkin Tea in a bag (and flavoured ones too) is really a disaster... Try a leaf tea like Assam or even better an Oolong. #tea + +(Originally on Twitter: [Wed Mar 30 20:26:25 +0000 2011](https://twitter.com/adulau/status/53191370613063681)) +---- +https://code.google.com/p/droidwall/ Interesting, you can use the standard Netfilter on Android and even filtering by application id... + +(Originally on Twitter: [Thu Mar 31 11:30:14 +0000 2011](https://twitter.com/adulau/status/53418824153841664)) +---- +@msuiche I'll need to renew my ASSCERT certificate as soon as possible. I hope #HES2011 will conduct an exam session. + +(Originally on Twitter: [Thu Mar 31 14:36:22 +0000 2011](https://twitter.com/adulau/status/53465663070670849)) +---- +RT @cdaffara: Cisco was rejected 76 times by VCs before landing Sequoia for funding. Moral: be persistent, very persistent. + +(Originally on Twitter: [Fri Apr 01 14:20:35 +0000 2011](https://twitter.com/adulau/status/53824080540999680)) +---- +@lensassaman Is it only the talk page that is hilarious or more the whole concept? #cissp + +(Originally on Twitter: [Fri Apr 01 15:49:42 +0000 2011](https://twitter.com/adulau/status/53846509556473856)) +---- +@lensassaman I agree with you. Regarding funny certification, there is still the ASSCERT - http://www.asscert.com/ + +(Originally on Twitter: [Fri Apr 01 16:07:46 +0000 2011](https://twitter.com/adulau/status/53851052432306177)) +---- +http://arxiv.org/abs/1103.6219 "The weak password problem: chaos, criticality, and encrypted p-CAPTCHAs" auto strengthening passwords mmm... + +(Originally on Twitter: [Fri Apr 01 16:15:12 +0000 2011](https://twitter.com/adulau/status/53852924224344064)) +---- +RT @BenLaurie: Improving SSL Certificate Security: http://googleonlinesecurity.blogspot.com/2011/04/improving-ssl-certificate-security.html + +(Originally on Twitter: [Fri Apr 01 16:32:11 +0000 2011](https://twitter.com/adulau/status/53857199327412224)) +---- +An impressive side channel attack (via EMF) on a smartphone on its crypto implementation using ECC http://fo.vc/20 #cryptography #infosec + +(Originally on Twitter: [Fri Apr 01 19:20:11 +0000 2011](https://twitter.com/adulau/status/53899477332918272)) +---- +RT @pbeyssac: zarbi, il faut soutenir les banques sinon tout pète, mais démolir la notation des états, par contre, c'est pas grave du to ... + +(Originally on Twitter: [Fri Apr 01 19:48:25 +0000 2011](https://twitter.com/adulau/status/53906581494042624)) +---- +@kraih Have you checked http://www.gandi.net/ @gandibar ? + +(Originally on Twitter: [Sat Apr 02 07:36:06 +0000 2011](https://twitter.com/adulau/status/54084675018293248)) +---- +Why don't we simply vote for X.509 certificate we trust? and share our votes with the rest of the world? Sorry there is no business case. + +(Originally on Twitter: [Sat Apr 02 14:30:38 +0000 2011](https://twitter.com/adulau/status/54188999769731072)) +---- +@0xtosh Somehow similar to OpenPGP WoT without its complexity. You trust a list of friends (via SPSK) only (by so their votes (->signature)) + +(Originally on Twitter: [Sat Apr 02 14:42:48 +0000 2011](https://twitter.com/adulau/status/54192061259333632)) +---- +RT @UnGarage: RT @jerezim: Who should win in #EU? The Internet or the majors? Answer #IPRED consult before Sunday night! http://j.mp/idl ... + +(Originally on Twitter: [Sat Apr 02 16:25:49 +0000 2011](https://twitter.com/adulau/status/54217984830488576)) +---- +I just sent my late response to the IPRED consultation. Did you? http://fo.vc/21 #copyright + +(Originally on Twitter: [Sat Apr 02 17:03:04 +0000 2011](https://twitter.com/adulau/status/54227356902096897)) +---- +The FBI is looking for ideas on how to break this "cipher" to solve a case... #cryptography http://fo.vc/22 + +(Originally on Twitter: [Sat Apr 02 17:11:20 +0000 2011](https://twitter.com/adulau/status/54229438904270848)) +---- +just added BGP Ranking output to traceroute-circl #csirt #cert http://fo.vc/N + +(Originally on Twitter: [Sat Apr 02 20:01:02 +0000 2011](https://twitter.com/adulau/status/54272144464543745)) +---- +The Wikimedia engineering March 2011 report is an interesting read to see where the evolution could be... http://fo.vc/23 #wikipedia #wiki + +(Originally on Twitter: [Sat Apr 02 20:26:50 +0000 2011](https://twitter.com/adulau/status/54278638463483904)) +---- +is driving crazy writing a tcpdump to Redis to seek faster in large capture set. #redis #infosec + +(Originally on Twitter: [Sat Apr 02 20:52:40 +0000 2011](https://twitter.com/adulau/status/54285140985249793)) +---- +@bortzmeyer Yep, it's from pcap files. Redis is used as as fast index in memory to reassemble filter streams or build new pcap files. + +(Originally on Twitter: [Sat Apr 02 21:10:53 +0000 2011](https://twitter.com/adulau/status/54289725149822976)) +---- +@bortzmeyer FYI, the memory footprint of Cassandra was too heavy compared to Redis in our case. + +(Originally on Twitter: [Sat Apr 02 21:19:07 +0000 2011](https://twitter.com/adulau/status/54291797479931905)) +---- +@Aissn True but sometimes it's a matter of time. HTTP/0.9 was not scaling and only some people used it. Today, masses use HTTP w/o knowing + +(Originally on Twitter: [Sun Apr 03 05:59:15 +0000 2011](https://twitter.com/adulau/status/54422693218496512)) +---- +made a small insect hotel and habitat in his garden http://www.flickr.com/photos/adulau/5584049103/ #biodiversity + +(Originally on Twitter: [Sun Apr 03 08:20:57 +0000 2011](https://twitter.com/adulau/status/54458352532602880)) +---- +http://rfc2196.foo.be/ updated and everyone can now comment on the RFC2196 with their respective ISO2700x/other annotations... #rfc #infosec + +(Originally on Twitter: [Sun Apr 03 09:57:34 +0000 2011](https://twitter.com/adulau/status/54482667068076032)) +---- +@zedshaw I like the idea but what will be officialy published to trigger the companies to fix the issues? + +(Originally on Twitter: [Sun Apr 03 16:56:08 +0000 2011](https://twitter.com/adulau/status/54587999933042688)) +---- +RT @bortzmeyer: Good morning, Teddington! First day of the #SATIN2011 conference at +the @NPL. http://conferences.npl.co.uk/satin/ #DNS + +(Originally on Twitter: [Mon Apr 04 06:49:25 +0000 2011](https://twitter.com/adulau/status/54797703334469632)) +---- +@bortzmeyer no HSM is it really worse than having a single HSM interfaced with SQL updates from third-parties? (cf. Verisign design) + +(Originally on Twitter: [Mon Apr 04 09:08:15 +0000 2011](https://twitter.com/adulau/status/54832644172677120)) +---- +RT @bortzmeyer: "Today, a #DNSSEC validation failure means almost always a +misconfiguration, not an attack" #SATIN2011 + +(Originally on Twitter: [Mon Apr 04 10:30:15 +0000 2011](https://twitter.com/adulau/status/54853279250784256)) +---- +http://fo.vc/24 GnuPG recently merged ECC support into the main branch. (based on draft-jivsov-openpgp-ecc-06) #crypto #ecdsa + +(Originally on Twitter: [Mon Apr 04 11:04:51 +0000 2011](https://twitter.com/adulau/status/54861985837350912)) +---- +A kind reminder to Jabber/XMPP users, encryption is not used when you are doing file exchange with a buddy. #infosec #weakestlink + +(Originally on Twitter: [Wed Apr 06 16:36:35 +0000 2011](https://twitter.com/adulau/status/55670247621005312)) +---- +@raf_iot I tend to avoid importing ephemeral sources of DoS activity. Especially it will increase the funky "Dshield" effect ;-) #bgpranking + +(Originally on Twitter: [Wed Apr 06 16:45:35 +0000 2011](https://twitter.com/adulau/status/55672508837404672)) +---- +@dbanes It's not the standard behaviour of many XMPP clients especially when you have different XMPP clients -> fallback to weak XEP-0066 + +(Originally on Twitter: [Wed Apr 06 16:50:33 +0000 2011](https://twitter.com/adulau/status/55673759348166657)) +---- +@raf_iot or discarding the source in the overall calculation? By the way, the daily ASN max ranking would be a nice to have... #bgpranking + +(Originally on Twitter: [Wed Apr 06 19:44:49 +0000 2011](https://twitter.com/adulau/status/55717617465438208)) +---- +#hes2011 Listening to an "inventory" talk about hardware breaking and permanent DoS.. I'm expecting a live demo but maybe expecting too much + +(Originally on Twitter: [Thu Apr 07 12:33:04 +0000 2011](https://twitter.com/adulau/status/55971351495835648)) +---- +#hes2011 van Hauser just started the 101 of IPv6 ;-) + +(Originally on Twitter: [Thu Apr 07 13:06:34 +0000 2011](https://twitter.com/adulau/status/55979780193009664)) +---- +@tricaud just points me to Nfsight (a promising extension to Nfsen) http://nfsight.sf.net/ #infosec #networkanalysis #netflow + +(Originally on Twitter: [Thu Apr 07 13:15:55 +0000 2011](https://twitter.com/adulau/status/55982133671505922)) +---- +#HES2011 Windows 7 kernel pool exploitation - an interesting approach to overwrite PoolIndex... waiting for the slides and the sample code + +(Originally on Twitter: [Thu Apr 07 15:04:04 +0000 2011](https://twitter.com/adulau/status/56009352053661696)) +---- +#HES2011 Windows 7 kernel pool exploitation paper and slides -> http://www.mista.nu/research/ + +(Originally on Twitter: [Thu Apr 07 15:08:34 +0000 2011](https://twitter.com/adulau/status/56010484880642048)) +---- +#hes2011 Current talk - Maybe Rodrigo misses the point of some Linux kernel developers -> "all bugs are security bugs"... #infosec + +(Originally on Twitter: [Fri Apr 08 08:58:47 +0000 2011](https://twitter.com/adulau/status/56279814004408320)) +---- +#hes2011 Current talk: Spending money to product certification -> certification must be always positive (as you paid for it) #infosec #fail + +(Originally on Twitter: [Fri Apr 08 09:04:12 +0000 2011](https://twitter.com/adulau/status/56281174519193600)) +---- +#hes2011 current talk : Good question "What are the features an AV has that a Rogue AV doesn't?" #infosec #antivirus + +(Originally on Twitter: [Fri Apr 08 09:15:20 +0000 2011](https://twitter.com/adulau/status/56283977597730816)) +---- +#hes2011 - current talk "Expoiting the Hard-Working DWARF" -> integrating trojan code in ELF executables without additional binary code... + +(Originally on Twitter: [Fri Apr 08 09:38:20 +0000 2011](https://twitter.com/adulau/status/56289764663496704)) +---- +#hes2011 current talk - DWARF format in ELF was completely overlooked and this an incredible place for additional computation (malware ;-) + +(Originally on Twitter: [Fri Apr 08 09:54:43 +0000 2011](https://twitter.com/adulau/status/56293886817075200)) +---- +@evilrez As far I know (and see no video camera around), I assume there is no livestream. #hes2011 + +(Originally on Twitter: [Fri Apr 08 10:11:47 +0000 2011](https://twitter.com/adulau/status/56298183545978880)) +---- +#hes2011 Crazy work, J. Oakley and S. Bratus are writing a virtual machine on top of DWARF libgcc-exception handler... impressive work. + +(Originally on Twitter: [Fri Apr 08 10:27:43 +0000 2011](https://twitter.com/adulau/status/56302192243654656)) +---- +#hes2011 - DWARF slides and code -> http://www.cs.dartmouth.edu/~electron/dwarf/ (to be updated in the next days) + +(Originally on Twitter: [Fri Apr 08 10:38:15 +0000 2011](https://twitter.com/adulau/status/56304845115752448)) +---- +#hes2011 - "A castle made of sand - Acrobat Reader X Sanbox" talk just started + +(Originally on Twitter: [Fri Apr 08 13:10:40 +0000 2011](https://twitter.com/adulau/status/56343198745899008)) +---- +@lensassaman #hes2011 sure, where are you? ;-) + +(Originally on Twitter: [Fri Apr 08 13:12:46 +0000 2011](https://twitter.com/adulau/status/56343728608124929)) +---- +@msuiche I'm surprised you didn't design a special sticker for your incredible taste in pop music... #hes2011 + +(Originally on Twitter: [Fri Apr 08 13:20:30 +0000 2011](https://twitter.com/adulau/status/56345677223043072)) +---- +RT @aumasson: MysteryTwister, the Crypto Challenge Contest by ECRYPT cryptographers http://www.mysterytwisterc3.org/ + +(Originally on Twitter: [Fri Apr 08 14:15:58 +0000 2011](https://twitter.com/adulau/status/56359635959025664)) +---- +#hes2011 Femtocell presentation showed femtocell flexibility when you own the device -> SMS and voice interception... very nifty + +(Originally on Twitter: [Fri Apr 08 15:53:50 +0000 2011](https://twitter.com/adulau/status/56384260868800512)) +---- +Very handy https://github.com/dvxhouse/jsonpipe -> Convert JSON to a UNIX-friendly line-based format + +(Originally on Twitter: [Sun Apr 10 19:42:17 +0000 2011](https://twitter.com/adulau/status/57166529065779200)) +---- +RT @gal_diskin: Summary of talks from the second day of @HackitoErgoSum up on my blog: http://bit.ly/er0pol #HES2011 #infosec + +(Originally on Twitter: [Mon Apr 11 14:28:49 +0000 2011](https://twitter.com/adulau/status/57450031699079168)) +---- +If you are looking for Critical Infrastructure Protection CIP standards http://www.nerc.com/page.php?cid=2|20 -> NERC-CIP #infosec #scada + +(Originally on Twitter: [Mon Apr 11 14:45:27 +0000 2011](https://twitter.com/adulau/status/57454218847592448)) +---- +Congratulation to @HackitoErgoSum for their excellent 2011 edition. Great people, great talks and obviously great fun too. #infosec + +(Originally on Twitter: [Mon Apr 11 15:10:15 +0000 2011](https://twitter.com/adulau/status/57460457497296896)) +---- +RT @travisgoodspeed: Photos of my tampered RSA #SecurID are up: http://tinyurl.com/goodid + +(Originally on Twitter: [Mon Apr 11 19:26:03 +0000 2011](https://twitter.com/adulau/status/57524831008202752)) +---- +typing "rm -rf \~/" and reading it four times before hitting enter... I'm wondering why ;-) #unix + +(Originally on Twitter: [Mon Apr 11 19:51:48 +0000 2011](https://twitter.com/adulau/status/57531314533974017)) +---- +My DNSSEC tentative of this evening is not resulting on some signed zones but three bugs reported... + +(Originally on Twitter: [Mon Apr 11 20:38:11 +0000 2011](https://twitter.com/adulau/status/57542985075802112)) +---- +@0x58 True, bugs are inherent to software... but I'm not a fan when they try to reach some non-existent addressing space. #infosec #dnssec + +(Originally on Twitter: [Mon Apr 11 20:45:58 +0000 2011](https://twitter.com/adulau/status/57544945187307520)) +---- +RT @circl_lu: http://fo.vc/25 "Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat" Updates to be available in the next h ... + +(Originally on Twitter: [Tue Apr 12 07:56:27 +0000 2011](https://twitter.com/adulau/status/57713674894323712)) +---- +@xme Having an NIDS without knowing your legitimate network flows... it's useless, don't you think? + +(Originally on Twitter: [Tue Apr 12 12:06:39 +0000 2011](https://twitter.com/adulau/status/57776640125710336)) +---- +RT @codepo8: Why are all European sponsored projects built on very expensive .NET solutions? Couldn't we use that money to support devel ... + +(Originally on Twitter: [Wed Apr 13 09:32:49 +0000 2011](https://twitter.com/adulau/status/58100316431843328)) +---- +RT @circl_lu: www.dnsviz.net a handy way to visualize the DNSSEC status of a DNS zone. #infosec #dns #dnssec + +(Originally on Twitter: [Wed Apr 13 11:57:30 +0000 2011](https://twitter.com/adulau/status/58136728824844288)) +---- +Dear @gandibar where can I add my DS records in your interface to update the corresponding TLD? #dnssec + +(Originally on Twitter: [Wed Apr 13 20:27:16 +0000 2011](https://twitter.com/adulau/status/58265012476719105)) +---- +Any good references for practical attacks against the NTRU public-key cryptosystem? #cryptography + +(Originally on Twitter: [Wed Apr 13 20:43:32 +0000 2011](https://twitter.com/adulau/status/58269105916084224)) +---- +https://github.com/jgarzik/pyminer miner reference implementation for bitcoin. #bitcoin #python #p2p #currency + +(Originally on Twitter: [Mon Apr 18 06:09:15 +0000 2011](https://twitter.com/adulau/status/59861024706277376)) +---- +http://fo.vc/26 Une excellente idée d'extension pour Forban - éditer et partager des fichiers bibtex en #p2p #forban + +(Originally on Twitter: [Mon Apr 18 14:12:09 +0000 2011](https://twitter.com/adulau/status/59982553196658688)) +---- +@ioerror "An investigation of geographic mapping techniques for Internet hosts" is quite old but not too bad. #geoip + +(Originally on Twitter: [Mon Apr 18 18:02:21 +0000 2011](https://twitter.com/adulau/status/60040484600561664)) +---- +@ioerror A technique that works quite well is to find the localization of the closest router with their reverse PTR record. #geoip + +(Originally on Twitter: [Mon Apr 18 18:05:07 +0000 2011](https://twitter.com/adulau/status/60041179928072192)) +---- +http://forums.grsecurity.net/viewtopic.php?f=7&t=2596 A Response in Text and Code - improved PAX_USERCOPY - #kernel #grsecurity + +(Originally on Twitter: [Mon Apr 18 18:23:59 +0000 2011](https://twitter.com/adulau/status/60045926772912128)) +---- +http://arxiv.org/abs/1104.3228 "Title: Metamorphic Virus Variants Classification Using Opcode Frequency Histogram" #infosec + +(Originally on Twitter: [Tue Apr 19 10:57:21 +0000 2011](https://twitter.com/adulau/status/60295915675725824)) +---- +Looking for a simple command line OAUTH client, I just found the nifty oauth_sign : http://acme.com/software/oauth_sign/ #oauth #rfc5849 + +(Originally on Twitter: [Tue Apr 19 20:15:54 +0000 2011](https://twitter.com/adulau/status/60436482669817856)) +---- +Don't look at the audit certificates provided by the CA to be included in the root certificate of your browser... it's really scary. #pki + +(Originally on Twitter: [Tue Apr 19 20:28:44 +0000 2011](https://twitter.com/adulau/status/60439712103534593)) +---- +@lkratz pour être proactif sur l'heure d'hiver... #customerservice + +(Originally on Twitter: [Wed Apr 20 10:18:08 +0000 2011](https://twitter.com/adulau/status/60648436566982656)) +---- +People should read privacy policy, Apple updated their privacy policy 10 months ago about the storing of the location http://fo.vc/29 + +(Originally on Twitter: [Wed Apr 20 20:12:50 +0000 2011](https://twitter.com/adulau/status/60798096757628928)) +---- +@0x58 Right but that's why we made www.goodiff.org some years ago but no one really cares... policies are even a pain to analyze. #alone + +(Originally on Twitter: [Wed Apr 20 20:24:31 +0000 2011](https://twitter.com/adulau/status/60801036671131648)) +---- +RT @0xeb: VirusTotal plugin for IDA Pro 6.1. http://bit.ly/emNLkv + +(Originally on Twitter: [Thu Apr 21 15:21:33 +0000 2011](https://twitter.com/adulau/status/61087181694967808)) +---- +FTP maybe has 40 years but sometime people should better use UUCP over SSH/SecSH #uucpiscool #infosec + +(Originally on Twitter: [Sat Apr 23 09:14:00 +0000 2011](https://twitter.com/adulau/status/61719459752194049)) +---- +Using JBIG2Decode filter to pass crafted vulnerable TIFF image in PDF is clever... http://fo.vc/2a #infosec + +(Originally on Twitter: [Sat Apr 23 09:19:30 +0000 2011](https://twitter.com/adulau/status/61720843562131456)) +---- +RT @hack_lu: Call for Papers/Presentation for hack.lu 2011 - http://2011.hack.lu/cfp/ #hacklu #cfp + +(Originally on Twitter: [Sat Apr 23 11:58:32 +0000 2011](https://twitter.com/adulau/status/61760864780435457)) +---- +@namecoin I like the idea with the practical implementation. I just hope the initial blocks won't be used to register some "spam" domains. + +(Originally on Twitter: [Sat Apr 23 21:17:44 +0000 2011](https://twitter.com/adulau/status/61901591422308352)) +---- +@cvandeplas http://fo.vc/2b A quick patch made against RT/RTIR but never introduced in the main branch of RT until now. + +(Originally on Twitter: [Sun Apr 24 09:24:22 +0000 2011](https://twitter.com/adulau/status/62084457288572928)) +---- +RT @bookshelfporn: Photo: Banned books return to shelves in Egypt and Tunisia A number of highly political titles censored by... http:// ... + +(Originally on Twitter: [Sun Apr 24 11:11:30 +0000 2011](https://twitter.com/adulau/status/62111416081059841)) +---- +RT @bestpractical: Important security announcement today if you use RT: http://blog.bestpractical.com/2011/04/security-vulnerabilities-i ... + +(Originally on Twitter: [Sun Apr 24 15:09:08 +0000 2011](https://twitter.com/adulau/status/62171220531085312)) +---- +made https://gist.github.com/939629 dumping HN user submitted URLs and sometime it's just better than the del.icio.us network... + +(Originally on Twitter: [Sun Apr 24 16:01:49 +0000 2011](https://twitter.com/adulau/status/62184479753633792)) +---- +Forban 0.0.29 released, mainly bug fixes, the Sneakernet support is foreseen for the next version #p2p #forban http://www.foo.be/forban/ + +(Originally on Twitter: [Sun Apr 24 18:50:22 +0000 2011](https://twitter.com/adulau/status/62226892903821312)) +---- +@robotcircus Beautiful video, I think the challenge is not for Nokia but for the bees to survive in such environment. We need more nature. + +(Originally on Twitter: [Mon Apr 25 10:51:23 +0000 2011](https://twitter.com/adulau/status/62468743770554369)) +---- +"Security Concerns with IP Tunneling" - RFC 6169 published #rfc6169 http://tools.ietf.org/html/rfc6169 #infosec + +(Originally on Twitter: [Mon Apr 25 12:08:26 +0000 2011](https://twitter.com/adulau/status/62488131164844032)) +---- +A nice reminder that a nuclear power plant is not only an output system it's also an input system http://fo.vc/2c + +(Originally on Twitter: [Mon Apr 25 13:04:14 +0000 2011](https://twitter.com/adulau/status/62502175284269056)) +---- +RT @hack_lu: Another incredible Capture the Flag created by @fluxfingers will take place during hack.lu 2011 #CTF http://fo.vc/2d #hacklu + +(Originally on Twitter: [Mon Apr 25 18:29:19 +0000 2011](https://twitter.com/adulau/status/62583985452220416)) +---- +Security Through Amnesia: A Software-Based Solution to the Cold Boot Attack on Disk Encryption http://arxiv.org/abs/1104.4843 #crypto + +(Originally on Twitter: [Wed Apr 27 07:37:52 +0000 2011](https://twitter.com/adulau/status/63144816392933376)) +---- +Just sent to Google a privacy question regarding their DNS answers... I hope to get an answer in the next days... @Google #privacy + +(Originally on Twitter: [Wed Apr 27 11:42:45 +0000 2011](https://twitter.com/adulau/status/63206445579112448)) +---- +RT @xme: Will be in #Luxembourg the whole next week for a customer's project. Are #infosec events foreseen in the evening? Want to meet? ... + +(Originally on Twitter: [Wed Apr 27 11:59:35 +0000 2011](https://twitter.com/adulau/status/63210683055083520)) +---- +@eromang maybe or information security hidden by a stack of paper... + +(Originally on Twitter: [Wed Apr 27 21:42:57 +0000 2011](https://twitter.com/adulau/status/63357491668463616)) +---- +just added AVOS (the new delicious acquirer) privacy and ToS policies into GooDiff #quuxlabs + +(Originally on Twitter: [Wed Apr 27 22:00:52 +0000 2011](https://twitter.com/adulau/status/63362000243269633)) +---- +@jimmy_wales now it's time to implement it... + +(Originally on Twitter: [Thu Apr 28 19:33:27 +0000 2011](https://twitter.com/adulau/status/63687288449794048)) +---- +RT @circl_lu: BGP Ranking to check online the security ranking of an Internet Service Provider ASN http://bgpranking.circl.lu/ (alpha ve ... + +(Originally on Twitter: [Fri Apr 29 09:03:23 +0000 2011](https://twitter.com/adulau/status/63891112972132352)) +---- +@xme I'm betting Belgacom/Skynet ;-) as they use the source number as a proof. #infosec + +(Originally on Twitter: [Fri Apr 29 09:48:47 +0000 2011](https://twitter.com/adulau/status/63902540626010113)) +---- +@xme so it's even a double #Fail as you didn't need to spoof the Caller ID. I'm curious about who you have called ;-) + +(Originally on Twitter: [Fri Apr 29 09:55:56 +0000 2011](https://twitter.com/adulau/status/63904339885948928)) +---- +arXiv.org is moving to Invenio http://invenio-software.org/ http://fo.vc/2f Maybe ACM digital library could do the same? #openarchive + +(Originally on Twitter: [Sat Apr 30 06:22:11 +0000 2011](https://twitter.com/adulau/status/64212936830365696)) +---- +RT @xme: A new IDS stress-testing tool: Pytbull (like that name :-) http://bit.ly/jr71ky + +(Originally on Twitter: [Sat Apr 30 07:23:04 +0000 2011](https://twitter.com/adulau/status/64228258367012864)) +---- +Everyday you discover something new in PGF/TikZ that you completely overlooked yesterday... #latex + +(Originally on Twitter: [Sat Apr 30 20:54:06 +0000 2011](https://twitter.com/adulau/status/64432359260438528)) +---- +http://fo.vc/2g CompuTrace OEM malware is back on Toshiba Laptops... Maybe Toshiba got a recent agreement with Sony ;-) + +(Originally on Twitter: [Sun May 01 06:01:04 +0000 2011](https://twitter.com/adulau/status/64570011129364480)) +---- +@zoobab "the product's overall economic value" is already the next troll too. Maybe "easier" to strictly respect the article 52 (2) c ... + +(Originally on Twitter: [Sun May 01 13:50:08 +0000 2011](https://twitter.com/adulau/status/64688053209411584)) +---- +RT @raymondh: #python pro tip: html5lib is *so* much better than BeautifulSoup it's not even funny. http://code.google.com/p/html5lib/ + +(Originally on Twitter: [Sun May 01 17:06:48 +0000 2011](https://twitter.com/adulau/status/64737548093751296)) +---- +If someone know how to attract and keep the encyrtidae wasps, you'll receive my congratulations. #wasp #biology #ecology + +(Originally on Twitter: [Sun May 01 21:03:59 +0000 2011](https://twitter.com/adulau/status/64797236399325184)) +---- +"Towards Street-Level Client-Independent IP Geolocation" http://fo.vc/2h +#USENIX #geoip #privacy + +(Originally on Twitter: [Mon May 02 09:43:41 +0000 2011](https://twitter.com/adulau/status/64988420367323137)) +---- +RT @rommelfs: $VENDOR: "The software doesn't crash." + +(Originally on Twitter: [Mon May 02 15:01:18 +0000 2011](https://twitter.com/adulau/status/65068350916669440)) +---- +On a random set of CS academic papers we noticed a strange fact, the most cited papers contain 1 or less formula. #academic #papers + +(Originally on Twitter: [Tue May 03 09:53:51 +0000 2011](https://twitter.com/adulau/status/65353367219740672)) +---- +@edarchis Yes that's exactly my point. A lot of CS papers have the bad tendency (to be accepted in conferences) to add meaningless formulae + +(Originally on Twitter: [Tue May 03 15:38:23 +0000 2011](https://twitter.com/adulau/status/65440069678403584)) +---- +RT @jeremiahg: Why would you store CC#s hashed (not key encrypted)? Aren't basically unusable in that state? (cc @KimDavisIE) + +(Originally on Twitter: [Tue May 03 16:35:12 +0000 2011](https://twitter.com/adulau/status/65454371831414785)) +---- +@bortzmeyer Hurricane Electric is quite good - http://www.he.net/ in addition, they have a clever policy for IPv4 and IPv6 peering. + +(Originally on Twitter: [Tue May 03 19:33:28 +0000 2011](https://twitter.com/adulau/status/65499232819359744)) +---- +RT @mthorbruegge: New entry in the "clearinghouse for incident handling tools":BGP Ranking http://goo.gl/j4ooF #cert #incidentresponse + +(Originally on Twitter: [Fri May 06 22:20:59 +0000 2011](https://twitter.com/adulau/status/66628554288410624)) +---- +RFC6234 is now officialy replacing the RFC4634 if you are implementing SHA, HMAC or HKDF, that's a must read. http://fo.vc/2i #infosec + +(Originally on Twitter: [Sat May 07 06:26:57 +0000 2011](https://twitter.com/adulau/status/66750850789416960)) +---- +RT @logstash: logstash 1.0.0 is released - Announcement: http://goo.gl/TSeWZ Site: http://logstash.net/ #logging #sysadmin #opensource + +(Originally on Twitter: [Sat May 07 06:34:37 +0000 2011](https://twitter.com/adulau/status/66752781322690560)) +---- +Sur lesoir.be "Copiepresse espère que Google conclura un accord" cela devrait être "Google ne négocie pas avec la mafia de la presse Belge" + +(Originally on Twitter: [Sat May 07 12:17:48 +0000 2011](https://twitter.com/adulau/status/66839143199670272)) +---- +RT @h4z3dic: tcpjunk : TCP protocols testing and hacking utility http://bit.ly/m6ZoPh + +(Originally on Twitter: [Sat May 07 16:50:12 +0000 2011](https://twitter.com/adulau/status/66907697362112512)) +---- +AVOS (del.icio.us buyer) is moving from an Inc. to an LLC - or it was a typo on their privacy policy? http://www.goodiff.org/changeset/617 + +(Originally on Twitter: [Sun May 08 07:16:43 +0000 2011](https://twitter.com/adulau/status/67125761282277376)) +---- +An interesting take on requirements for HTML escaping http://wonko.com/post/html-escaping #infosec #pentest + +(Originally on Twitter: [Sun May 08 12:44:21 +0000 2011](https://twitter.com/adulau/status/67208212390232064)) +---- +RT @DidierStevens: Not only because of security, but also because I'm curious by nature and I like to known when the systems I use change. + +(Originally on Twitter: [Sun May 08 12:59:19 +0000 2011](https://twitter.com/adulau/status/67211980368384000)) +---- +@jedisct1 LevelDB looks very interesting - how does it compare to Redis beside the limited data type available in LevelDB? @antirez + +(Originally on Twitter: [Sun May 08 15:18:20 +0000 2011](https://twitter.com/adulau/status/67246963661352960)) +---- +Note to myself : "Don't forget that man pages for GNU tools are usually not updated and always use info instead of man" #coreutils #gnu + +(Originally on Twitter: [Sun May 08 15:31:26 +0000 2011](https://twitter.com/adulau/status/67250263211261952)) +---- +@tastefulwords Great job with Readable it's very useful. Can we imagine a save button for his ebooks reader? Thank you. + +(Originally on Twitter: [Sun May 08 19:12:03 +0000 2011](https://twitter.com/adulau/status/67305783712432129)) +---- +@antirez Thank you. By the way, happy user of Redis for network security related projects... (Passive DNS, PCAP indexing and BGP Ranking) + +(Originally on Twitter: [Sun May 08 20:29:09 +0000 2011](https://twitter.com/adulau/status/67325183362482176)) +---- +"peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not." http://fo.vc/2j #infosec + +(Originally on Twitter: [Mon May 09 21:08:34 +0000 2011](https://twitter.com/adulau/status/67697492397002752)) +---- +@cvandeplas I suppose you know this scapy script to do TCP reassembly : http://malforge.com/linux/streams.py (not a real full-state machine) + +(Originally on Twitter: [Tue May 10 08:40:52 +0000 2011](https://twitter.com/adulau/status/67871712968060928)) +---- +http://fo.vc/2k "Workers Leaving the Googleplex" or did you know about the yellow badge class at Google? is that true? #society #google + +(Originally on Twitter: [Wed May 11 07:06:24 +0000 2011](https://twitter.com/adulau/status/68210329347309568)) +---- +http://fo.vc/2l A visualization of the MediaWiki 1.17 database schema with an explanation for each table. Very nifty... #mediawiki #wiki + +(Originally on Twitter: [Wed May 11 07:24:44 +0000 2011](https://twitter.com/adulau/status/68214942859403264)) +---- +A kind reminder to everyone: don't search for "access_token ...." in your favourite search engine. It's not fair. #infosec + +(Originally on Twitter: [Wed May 11 13:09:23 +0000 2011](https://twitter.com/adulau/status/68301678989946881)) +---- +At least ZeuS 2.0.8.9 is ready for the IPv6 day (at least the bcserver part). Like your network monitoring tool? #IPv6 #malware + +(Originally on Twitter: [Wed May 11 13:35:43 +0000 2011](https://twitter.com/adulau/status/68308303247192064)) +---- +RT @raymondh: The #python Bloom filter recipe has become very popular this week (750+ visitors from 58 countries). http://bit.ly/bloom_ ... + +(Originally on Twitter: [Wed May 11 20:12:42 +0000 2011](https://twitter.com/adulau/status/68408209551007744)) +---- +"What Could You Buy for $8.5 Billion?" That's an easy one: a malware. http://fo.vc/2o #infosec + +(Originally on Twitter: [Thu May 12 20:39:18 +0000 2011](https://twitter.com/adulau/status/68777292444336129)) +---- +@npua Good question. I was thinking looking for extension header 44 but what's the bpf filter for doing it? #tcpdump #bpf + +(Originally on Twitter: [Fri May 13 14:32:42 +0000 2011](https://twitter.com/adulau/status/69047418733342720)) +---- +RT @circl_lu: US-CERT warns about "Multiple Vulnerabilities In Iconics Genesis" #scada #infosec http://fo.vc/2p + +(Originally on Twitter: [Fri May 13 14:50:58 +0000 2011](https://twitter.com/adulau/status/69052018957885441)) +---- +EFF released the source code behind the SSL Observatory https://github.com/radii/observatory #infosec #tls #ssl + +(Originally on Twitter: [Fri May 13 15:02:59 +0000 2011](https://twitter.com/adulau/status/69055041427869696)) +---- +Did you know that some mobile operators in Belgium intercepts SMS to deliver their ads based on transmitted content? #privacy + +(Originally on Twitter: [Sun May 15 08:12:11 +0000 2011](https://twitter.com/adulau/status/69676434024701953)) +---- +@security4all @DidierStevens Take an unregistered Tempo card (Mobistar) send to that number "happy birthday" in Dutch or French? wait 1 hour + +(Originally on Twitter: [Sun May 15 14:17:41 +0000 2011](https://twitter.com/adulau/status/69768417678331905)) +---- +RT @ochsff: new blogpost: Hooking 32bit System Calls under WOW64 -- http://2011.5.16.hooking-32bit-system-calls-under-wow64.blog.oxff.net/ + +(Originally on Twitter: [Mon May 16 16:36:49 +0000 2011](https://twitter.com/adulau/status/70165817890844675)) +---- +RT @obra: Oracle is now dead to me. They're using Comic Sans on the web http://www.oracle.com/technetwork/systems/index.html + +(Originally on Twitter: [Mon May 16 20:37:24 +0000 2011](https://twitter.com/adulau/status/70226363361148930)) +---- +@raf_iot Maybe the real meaning of TMG is "Too Many Goatse.cx" #hadopi #fun #copyrightdelirium + +(Originally on Twitter: [Mon May 16 20:44:38 +0000 2011](https://twitter.com/adulau/status/70228183504527360)) +---- +@letoams What DNS query triggers the crash of Unbound? I'm curious... #infosec + +(Originally on Twitter: [Mon May 16 20:51:41 +0000 2011](https://twitter.com/adulau/status/70229957837717504)) +---- +RT @sclopit http://hunch.net/?p=1822 "Research Directions for Machine Learning and Algorithms" or why software implementation are important + +(Originally on Twitter: [Tue May 17 07:28:51 +0000 2011](https://twitter.com/adulau/status/70390305421139968)) +---- +Next time you are in a hotel room -> http://hidethebible.tumblr.com/ + +(Originally on Twitter: [Tue May 17 10:06:20 +0000 2011](https://twitter.com/adulau/status/70429938108469248)) +---- +In Windows 7 while using "driverquery /si", ksecdd is not signed but with sigcheck is signed... Is driverquery compatible with Win7? + +(Originally on Twitter: [Tue May 17 12:43:42 +0000 2011](https://twitter.com/adulau/status/70469541901250560)) +---- +RT @SteveClement: Quantum Dot LED #experimental http://en.wikipedia.org/wiki/Quantum_dot http://spectrum.ieee.org/semiconductors/optoelectronics/quantum-dots-enhance-led-lighting + +(Originally on Twitter: [Tue May 17 17:02:33 +0000 2011](https://twitter.com/adulau/status/70534682281918466)) +---- +@bortzmeyer how do evaluate the trust you have on those "funky" firmware? #android + +(Originally on Twitter: [Tue May 17 20:52:08 +0000 2011](https://twitter.com/adulau/status/70592461361250305)) +---- +RT @hack_lu: @securitycfp hack.lu 2011 CfP abstract submission in less than 15 days... http://2011.hack.lu/cfp/ #hacklu #cfp + +(Originally on Twitter: [Tue May 17 20:59:40 +0000 2011](https://twitter.com/adulau/status/70594354007392256)) +---- +Looking for an official feed of security advisories at Android.com and stumble upon an announce with one post in 2008. wtf? http://fo.vc/2t + +(Originally on Twitter: [Wed May 18 09:12:58 +0000 2011](https://twitter.com/adulau/status/70778897695899648)) +---- +RT @cbrocas: RMLL 2011 Security topic program is online : http://2011.rmll.info/-Securite-?lang=en . Schedule with date/hour/room coming ... + +(Originally on Twitter: [Wed May 18 12:53:30 +0000 2011](https://twitter.com/adulau/status/70834393320665088)) +---- +https://github.com/wireghoul/htshells - yet another good reason to disable .htaccess files in your production environment #infosec + +(Originally on Twitter: [Wed May 18 13:00:51 +0000 2011](https://twitter.com/adulau/status/70836243918884865)) +---- +RT @NeelieKroesEU: @clarinette02 EU firewall? The EU Commission has NO such intentions! #askneelie + +(Originally on Twitter: [Wed May 18 13:06:13 +0000 2011](https://twitter.com/adulau/status/70837595063582720)) +---- +@edarchis Right the fragmentation is funky but even Microsoft is publishing security advisories and updates for their OEM version of Windows + +(Originally on Twitter: [Wed May 18 13:42:30 +0000 2011](https://twitter.com/adulau/status/70846728462532608)) +---- +https://github.com/vecna/sniffjoke is funky but everyone is too lazy to rewrite a proper TCP reassembly per stack personality #infosec + +(Originally on Twitter: [Wed May 18 21:03:25 +0000 2011](https://twitter.com/adulau/status/70957684840599552)) +---- +RT @xme: Let's dive in the iPhone memory with Laurent Oudot #HITB2011AMS + +(Originally on Twitter: [Thu May 19 08:54:05 +0000 2011](https://twitter.com/adulau/status/71136530634252288)) +---- +RT @mthorbruegge: European Commission public consultation about reducing plastic waste http://goo.gl/pH5Rl Get rid of those bags! #fb + +(Originally on Twitter: [Thu May 19 09:13:38 +0000 2011](https://twitter.com/adulau/status/71141452889067520)) +---- +An interesting visualization of Linux kernel line update removed/added per change set http://neuling.org/linux-next-size.html #linux #kernel + +(Originally on Twitter: [Thu May 19 10:59:43 +0000 2011](https://twitter.com/adulau/status/71168148786790400)) +---- +@kwisArts #npblu Is there a web page somewhere for the event in Luxembourg? just like the one in Bruxelles. Thanks. + +(Originally on Twitter: [Thu May 19 14:52:08 +0000 2011](https://twitter.com/adulau/status/71226638939078656)) +---- +RT @jedisct1: What's new in OpenSSH? Slides from AsiaBSDcon 2011 by @damienmiller: http://bit.ly/mBDl7k + +(Originally on Twitter: [Thu May 19 14:55:49 +0000 2011](https://twitter.com/adulau/status/71227564592599041)) +---- +"When the server presents an X.509 server certificate, clients MAY use + "Certification Path Validation"..." in the new RFC6251 - MAY? + +(Originally on Twitter: [Fri May 20 05:26:18 +0000 2011](https://twitter.com/adulau/status/71446629495996417)) +---- +@AcidRampage right but I find funny that new RFCs are still putting the validation on client side as an OPTIONAL requirement #legacypain + +(Originally on Twitter: [Fri May 20 07:41:29 +0000 2011](https://twitter.com/adulau/status/71480649487355904)) +---- +I'm reading a PDF about the analysis of a malicious PDF. I'm stuck in the security recursivity. #infosec + +(Originally on Twitter: [Fri May 20 20:53:49 +0000 2011](https://twitter.com/adulau/status/71680045810331649)) +---- +http://code.google.com/p/rkanalyzer/ RKAnalyzer is a kernel level rootkit analyzer and defender using Hardware VT. -> simple SSDT Hooking + +(Originally on Twitter: [Fri May 20 21:04:16 +0000 2011](https://twitter.com/adulau/status/71682675064315904)) +---- +@raf_iot Great news. I'll update the whois interface to access and cache the JSON output. @bgpranking + +(Originally on Twitter: [Fri May 20 22:39:52 +0000 2011](https://twitter.com/adulau/status/71706734980382720)) +---- +A good reminder, don't forget old/legacy authorized_keys2 file on your OpenSSH server. http://fo.vc/2u #infosec #unix + +(Originally on Twitter: [Sat May 21 07:10:25 +0000 2011](https://twitter.com/adulau/status/71835220776726528)) +---- +Sometime it's good to remember the past especially while listening to B.W.P. Experiments tracks. Good old days. #electro #belgium + +(Originally on Twitter: [Sat May 21 20:04:36 +0000 2011](https://twitter.com/adulau/status/72030049297121281)) +---- +If you are operating an SKS server (OpenPGP key server), you should have a look at the recent commits/updates in SKS http://fo.vc/2v + +(Originally on Twitter: [Sat May 21 20:19:32 +0000 2011](https://twitter.com/adulau/status/72033805023711232)) +---- +RT @halvarflake: Me: "You're trying to sell it to me before the bubble burst. Your company has a reputation of not holding stuff when it ... + +(Originally on Twitter: [Sun May 22 10:31:31 +0000 2011](https://twitter.com/adulau/status/72248215071768576)) +---- +posted "Ease Your Log Analysis With BGP Ranking and logs-ranking" http://fo.vc/2w to explain the "logs-ranking" script @bgpranking #infosec + +(Originally on Twitter: [Sun May 22 19:26:21 +0000 2011](https://twitter.com/adulau/status/72382811117584385)) +---- +RT @sam280: Full key recovery via remote timing attack against a TLS server authenticating with ECDSA signatures: http://is.gd/puASLo + +(Originally on Twitter: [Sun May 22 20:00:56 +0000 2011](https://twitter.com/adulau/status/72391513644072961)) +---- +Just heard right now in a conf-call about a software project "we don't code early, we design first" aie aie, it starts to smell bad.... + +(Originally on Twitter: [Mon May 23 20:04:48 +0000 2011](https://twitter.com/adulau/status/72754875288653824)) +---- +RT @circl_lu: Many new blacklists added into BGP Ranking - http://bgpranking.circl.lu/ @bgpranking #infosec + +(Originally on Twitter: [Mon May 23 20:19:51 +0000 2011](https://twitter.com/adulau/status/72758660253761536)) +---- +@sam280 Scrum-kan-ban or even the waterfall model are just there to amuse people (folklore). I'm more into "Programming, Motherfucker" model + +(Originally on Twitter: [Mon May 23 20:43:07 +0000 2011](https://twitter.com/adulau/status/72764519423803392)) +---- +http://pastebin.com/9qwdL1pA Comodo has again some security issues...but they still have the AICPA audit certificate. #certificationORsec + +(Originally on Twitter: [Tue May 24 20:20:08 +0000 2011](https://twitter.com/adulau/status/73121120345276416)) +---- +Looking for hierarchical trees or graphs designed with #Redis data-structure? I found this discussion thread http://fo.vc/2z #keyvalue + +(Originally on Twitter: [Tue May 24 20:47:34 +0000 2011](https://twitter.com/adulau/status/73128024240947200)) +---- +In "WebTrust SM/TM Program for Certification Authorities", you can find the word "process" at each page but "attacker" is found one time... + +(Originally on Twitter: [Tue May 24 20:55:02 +0000 2011](https://twitter.com/adulau/status/73129904388055040)) +---- +RT @xme: "Logging is always too much until you need it, then it's never enough" #QOTD #SIEM + +(Originally on Twitter: [Wed May 25 05:00:53 +0000 2011](https://twitter.com/adulau/status/73252173416378368)) +---- +Oracle v. Google - A judge grounded in the real world http://fo.vc/2C #patentdelirium #groklaw + +(Originally on Twitter: [Thu May 26 14:35:30 +0000 2011](https://twitter.com/adulau/status/73759165331415042)) +---- +You take a cookie session from a coding example in a book and you still have access to the author account on this website... #infosec #fail + +(Originally on Twitter: [Thu May 26 20:58:02 +0000 2011](https://twitter.com/adulau/status/73855436230631426)) +---- +RT @bortzmeyer: Support freedom on the Internet: configure static #IPv6 addresses with "EFF" in one field http://www.eff.org/ T'will be ... + +(Originally on Twitter: [Fri May 27 09:40:04 +0000 2011](https://twitter.com/adulau/status/74047207434747904)) +---- +Worry about vulnerabilities in libpcap? read pcap without libcap with py-cap http://dirtbags.net/py-pcap.html #netforensic #python + +(Originally on Twitter: [Fri May 27 19:25:17 +0000 2011](https://twitter.com/adulau/status/74194482844803072)) +---- +BGP Ranking whois extended to include Today's best ranking and current malicious position - "whois -h pdns.circl.lu 15169" @bgpranking + +(Originally on Twitter: [Fri May 27 22:40:16 +0000 2011](https://twitter.com/adulau/status/74243551113904128)) +---- +http://fo.vc/2G "Where's Waldo: Matching People in Images of Crowds" Interesting research work done in pattern recognition #privacy #google + +(Originally on Twitter: [Sat May 28 07:57:13 +0000 2011](https://twitter.com/adulau/status/74383710115479552)) +---- +With the recent Google API shutdown planning, the "Franklin Street Statement on Freedom and Network Services" shows its importance. + +(Originally on Twitter: [Sat May 28 08:16:13 +0000 2011](https://twitter.com/adulau/status/74388494704852992)) +---- +"DAQ module implements "round robin" reading from network interfaces" Very handy when sniffing with cards without netbound http://fo.vc/2H + +(Originally on Twitter: [Sat May 28 15:20:24 +0000 2011](https://twitter.com/adulau/status/74495241901715456)) +---- +http://fo.vc/2I Lockheed Martin Corporation is the first buyer of the first quantum computer... mmm, it's a coincidence isn't it? #infosec + +(Originally on Twitter: [Sat May 28 15:52:31 +0000 2011](https://twitter.com/adulau/status/74503325940318208)) +---- +What are you installing first on a new Unix installation? Usually GNU Screen, git, vim/emacs.... now I added on the list Redis. + +(Originally on Twitter: [Sat May 28 21:29:23 +0000 2011](https://twitter.com/adulau/status/74588100671709184)) +---- +@lrz It's the neutrino... + +(Originally on Twitter: [Sun May 29 06:29:31 +0000 2011](https://twitter.com/adulau/status/74724027192705025)) +---- +@taskwarrior Thank you for this great tool but wondering why there is no "time spent" output per task in version 1.9.x. http://fo.vc/2J #gtd + +(Originally on Twitter: [Sun May 29 09:52:44 +0000 2011](https://twitter.com/adulau/status/74775168312025088)) +---- +@_pst SCADA SIEM why not... but a good start would be to enable logging on the SCADA devices and read them regularly... #infosec #siem + +(Originally on Twitter: [Mon May 30 15:54:36 +0000 2011](https://twitter.com/adulau/status/75228622914461696)) +---- +Are you running VBulletin? (4.0.x, 4.1.0, 4.1.1 and 4.1.2) exploits in the wild... so you know what you have to do tonight. #infosec + +(Originally on Twitter: [Mon May 30 19:17:58 +0000 2011](https://twitter.com/adulau/status/75279802948526080)) +---- +http://2011.hack.lu/cfp/ hack.lu call for paper abstract deadline is within 15 hours. It's time to submit if you want to have fun #infosec + +(Originally on Twitter: [Tue May 31 07:41:05 +0000 2011](https://twitter.com/adulau/status/75466815140143105)) +---- +@jeffreycarr Don't forget that LM was regularly infected by virii like the notorious SoBig.F malware already in 2003 http://fo.vc/2L + +(Originally on Twitter: [Tue May 31 11:34:18 +0000 2011](https://twitter.com/adulau/status/75525507474661376)) +---- +RT @security4all: Oh joy, so soon I can optin for a free massage at EU airports... + +(Originally on Twitter: [Tue May 31 11:48:03 +0000 2011](https://twitter.com/adulau/status/75528967637049344)) +---- +RT @circl_lu: To prevent the current #CookieJacking Microsoft recommends to use the private browsing mode http://fo.vc/2M should be the ... + +(Originally on Twitter: [Tue May 31 13:43:05 +0000 2011](https://twitter.com/adulau/status/75557916622585856)) +---- +RT @edarchis: Je viens de lire que le Ministre Lutgen avait fait retirer la vidéo d'origine: http://ma-tvideo.france3.fr/video/iLyROoafz-wQ.html Allez, faisons-lui un e ... + +(Originally on Twitter: [Tue May 31 20:09:10 +0000 2011](https://twitter.com/adulau/status/75655078568136704)) +---- +http://fo.vc/2O Good and recent comment in tcpdump why the snap len should be carefully chosen. or why "-s 0" is not always the best option + +(Originally on Twitter: [Tue May 31 21:02:10 +0000 2011](https://twitter.com/adulau/status/75668412352839680)) +---- +"Any simple problem can be made insoluble if enough meetings are held to discuss it." Mitchell's Law of Committees has been again proved + +(Originally on Twitter: [Tue May 31 21:15:19 +0000 2011](https://twitter.com/adulau/status/75671721880993794)) +---- +RT @DragonResearch: Security Innovation Grant Finalists! AIDE, Cuckoo Sandbox, NoScript, OpenBL.org - http://dragonresearchgroup.org/gra ... + +(Originally on Twitter: [Tue May 31 21:25:17 +0000 2011](https://twitter.com/adulau/status/75674232805265408)) +---- +Multiple fixes for the various XMPP server using "billion laughs" attack targeting XML parsers. Maybe some still vulnerable? #infosec + +(Originally on Twitter: [Tue May 31 21:32:36 +0000 2011](https://twitter.com/adulau/status/75676075220406273)) +---- +It seems that the wallet encryption for bitcoin client starts to be *really* required. #bitcoin #infosec + +(Originally on Twitter: [Wed Jun 01 12:23:04 +0000 2011](https://twitter.com/adulau/status/75900166095376384)) +---- +@eurodns ns1/ns2.eurodns.com seem to have difficulties to answer queries. Are you working on this issue right now? if not, you should... + +(Originally on Twitter: [Wed Jun 01 15:07:50 +0000 2011](https://twitter.com/adulau/status/75941632075247616)) +---- +@EuroDNS thank you for the update, this is appreciated. By the way, when do you plan to add AAAA records for ns1 and ns2? #ipv6 + +(Originally on Twitter: [Wed Jun 01 16:13:43 +0000 2011](https://twitter.com/adulau/status/75958211232014336)) +---- +http://fo.vc/2Q "RunTrace - Prospector components (part of COSEINC's BugMine)" detect writes outside the allocated heap memory #pintool + +(Originally on Twitter: [Thu Jun 02 07:20:27 +0000 2011](https://twitter.com/adulau/status/76186396267778048)) +---- +If you have Tor running, you should have a look at http://ianxz6zefk72ulzz.onion/ - Neuromancer is not far away. #bitcoin #cyberspace + +(Originally on Twitter: [Thu Jun 02 14:31:34 +0000 2011](https://twitter.com/adulau/status/76294890706829313)) +---- +http://www.spamrankings.net/ Sometimes Belgium is on top but here is Win.be operator is second place for medical spam in April #infosec + +(Originally on Twitter: [Thu Jun 02 17:03:19 +0000 2011](https://twitter.com/adulau/status/76333080658460672)) +---- +RT @jerezim: Le Rapporteur Spécial de l'ONU à la Protection de la Liberté d'Expression, défonce #Hadopi, #Loppsi, #ACTA, #G8 http://ur1. ... + +(Originally on Twitter: [Thu Jun 02 21:02:38 +0000 2011](https://twitter.com/adulau/status/76393309639159808)) +---- +RT @circl_lu: http://fo.vc/2R Privilege escalation in Plone (all version affected since 2.5) - A hotfix is available #infosec #plone CVE ... + +(Originally on Twitter: [Fri Jun 03 06:59:48 +0000 2011](https://twitter.com/adulau/status/76543591094296576)) +---- +http://zeltser.com/remnux/ REMnux, a Linux Distribution for Reverse-Engineering Malware looks very good. Just pyew is missing? #infosec + +(Originally on Twitter: [Fri Jun 03 10:07:20 +0000 2011](https://twitter.com/adulau/status/76590781967765504)) +---- +RT @cesarcer: Research tip: it's better to look for new attack vectors than vulnerabilities, if you find just one new vector you find do ... + +(Originally on Twitter: [Fri Jun 03 13:38:10 +0000 2011](https://twitter.com/adulau/status/76643840014036992)) +---- +When I'm reading a CS paper saying they have done some "TCP reassembly" in two words without ref, I always ask myself "which one?" #infosec + +(Originally on Twitter: [Fri Jun 03 13:57:51 +0000 2011](https://twitter.com/adulau/status/76648796636987392)) +---- +@fpietrosanti Thank you I saw @sniffjoke but I'm really wondering why the academic research underestimates the TCP reassembly issues. + +(Originally on Twitter: [Fri Jun 03 14:54:52 +0000 2011](https://twitter.com/adulau/status/76663144197525504)) +---- +@imrim I think I should not ask on how the key enrolment is done for this "128-bit AES encryption keyboard" or if Zbot is already installed + +(Originally on Twitter: [Fri Jun 03 14:59:18 +0000 2011](https://twitter.com/adulau/status/76664261044207616)) +---- +RT @raymondh: Updated the Bloom Filter recipe. Simpler code, cleaner APi, easily subclassable. Thx for the feedback. http://bit.ly/bloom ... + +(Originally on Twitter: [Fri Jun 03 19:57:08 +0000 2011](https://twitter.com/adulau/status/76739210446512128)) +---- +saw this excellent comment "Libraries shouldn't be closed: they should be reinvented for the XXI century. " #library #libraries + +(Originally on Twitter: [Sat Jun 04 10:04:48 +0000 2011](https://twitter.com/adulau/status/76952532173332480)) +---- +RT @fpietrosanti: @lensassaman I've been with @sniffjoke during weekend at Italian #eprivacy / #bigbrotherawards in Florence . The proje ... + +(Originally on Twitter: [Sun Jun 05 07:10:18 +0000 2011](https://twitter.com/adulau/status/77271009086013440)) +---- +PyCodin is an open source Python library that allows instrumentation of low-level code for different architectures. http://fo.vc/2U #infosec + +(Originally on Twitter: [Sun Jun 05 08:15:44 +0000 2011](https://twitter.com/adulau/status/77287476363927552)) +---- +#protolol The pity with a lawful interception joke is always unlawful to someone else. #privacy + +(Originally on Twitter: [Sun Jun 05 10:41:04 +0000 2011](https://twitter.com/adulau/status/77324048874487808)) +---- +@2600 Could you disable the DRM for your Kindle subscription? or is it only DRMized during the trial period? + +(Originally on Twitter: [Sun Jun 05 10:54:03 +0000 2011](https://twitter.com/adulau/status/77327317906632704)) +---- +@security4all but AS15169 might host malicious content too. Their current ranking is 977 over 11101 http://fo.vc/2V @bgpranking + +(Originally on Twitter: [Sun Jun 05 10:59:17 +0000 2011](https://twitter.com/adulau/status/77328635123605504)) +---- +Any user of SciEngine RIVYERA S3-5000? and especially the performance while using SHA-2? http://fo.vc/2W #crypto #fpga + +(Originally on Twitter: [Sun Jun 05 11:07:40 +0000 2011](https://twitter.com/adulau/status/77330741540823040)) +---- +kindly reminds large corporations, it's always good to have a public security point of contact with a PGP key that you can verify. #CSIRT + +(Originally on Twitter: [Sun Jun 05 15:13:41 +0000 2011](https://twitter.com/adulau/status/77392656807903233)) +---- +It's not because you add "Parliamentary" in your organization name that will become a democracy... #infosec + +(Originally on Twitter: [Sun Jun 05 16:57:21 +0000 2011](https://twitter.com/adulau/status/77418744531521536)) +---- +RT @itgirljs: The best thing about script jokes is that they start with a bang. #protolol + +(Originally on Twitter: [Sun Jun 05 17:26:43 +0000 2011](https://twitter.com/adulau/status/77426132349227008)) +---- +http://fo.vc/2X Sur ces bêtises médiatiques. je vais aller manger mes germes de luzerne avec un petit fromage de chèvre. #eatlocalorganic + +(Originally on Twitter: [Sun Jun 05 17:31:31 +0000 2011](https://twitter.com/adulau/status/77427342347206656)) +---- +RT @damienmiller: Did Redhat just "fix" OpenSSH by making it seed with only 6 bytes from /dev/random? http://goo.gl/7fT6p + +(Originally on Twitter: [Mon Jun 06 08:08:29 +0000 2011](https://twitter.com/adulau/status/77648036620275712)) +---- +"Prank on a Belgian call center" Incredible #mobistar http://www.youtube.com/watch?v=mxXlDyTD7wo + +(Originally on Twitter: [Mon Jun 06 21:09:56 +0000 2011](https://twitter.com/adulau/status/77844694775771137)) +---- +@kevinmitnick It's not a matter of encrypting the seeds of the token, customer must be able to control his token's private key #rsa + +(Originally on Twitter: [Tue Jun 07 05:24:36 +0000 2011](https://twitter.com/adulau/status/77969182544773120)) +---- +To see the list of EMC Security Advisories you need a "Powerlink" credentials. So their security advisories are not public... #fail + +(Originally on Twitter: [Tue Jun 07 08:24:12 +0000 2011](https://twitter.com/adulau/status/78014379848761344)) +---- +@y0m There will be a funky CTF during hack.lu 2011 done again by the incredible @fluxfingers #hacklu #ctf + +(Originally on Twitter: [Tue Jun 07 17:03:11 +0000 2011](https://twitter.com/adulau/status/78144988604674048)) +---- +RT @thorstenholz: Most of the PDFs of our group are now available at http://emma.rub.de/research/publications/, the Usenix papers will f ... + +(Originally on Twitter: [Tue Jun 07 19:32:07 +0000 2011](https://twitter.com/adulau/status/78182468548698112)) +---- +@syn2cat I can support you with some standard money (or even bitcoins) but next time avoid to use dynamic pages ;-) + +(Originally on Twitter: [Tue Jun 07 20:49:05 +0000 2011](https://twitter.com/adulau/status/78201837051846657)) +---- +Funny to see in the passive DNS so many IPv6 addresses terminating by "::53" for DNS server (passive scanning is more easy in IPv6). + +(Originally on Twitter: [Wed Jun 08 09:08:11 +0000 2011](https://twitter.com/adulau/status/78387836591681536)) +---- +http://fo.vc/33 [PDF] "Cybersecurity, Innovation and the Internet Economy" published by Internet Policy Task Force #infosec + +(Originally on Twitter: [Wed Jun 08 19:24:18 +0000 2011](https://twitter.com/adulau/status/78542889881313280)) +---- +@mikkohypponen I'm surprised that there are still questions about who created Stuxnet after seeing this presentation http://fo.vc/35 [PDF] + +(Originally on Twitter: [Thu Jun 09 11:49:42 +0000 2011](https://twitter.com/adulau/status/78790871125983232)) +---- +Attackers using white-space obfuscation in a PHP/JS-based malware http://fo.vc/36 old but seems still very effective. #infosec #malware + +(Originally on Twitter: [Thu Jun 09 12:13:00 +0000 2011](https://twitter.com/adulau/status/78796734561660928)) +---- +@myvonline Right, the SSIC projects were not completely stupid. I have a dump of the Oddmuse content if you want. A new version on github? + +(Originally on Twitter: [Thu Jun 09 13:01:26 +0000 2011](https://twitter.com/adulau/status/78808923485904897)) +---- +@mvyonline At least it will be useful for the attackers to have a covert channel framework.... + +(Originally on Twitter: [Thu Jun 09 13:18:36 +0000 2011](https://twitter.com/adulau/status/78813243958767616)) +---- +@HoffmannMich PET recycling is just a myth and the marketers abused that myth on their bottle. + +(Originally on Twitter: [Fri Jun 10 09:49:04 +0000 2011](https://twitter.com/adulau/status/79122903395872768)) +---- +@HoffmannMich It's a myth 70% of collected PET bottles are transformed into filaments used in non-recyclable objects. Glycolysis is not used + +(Originally on Twitter: [Fri Jun 10 11:53:38 +0000 2011](https://twitter.com/adulau/status/79154251435220992)) +---- +Major updates in the Apple iTunes ToS http://fo.vc/38 they prefixed iTunes to all products and services name. #goodiff maybe for #icloud ? + +(Originally on Twitter: [Fri Jun 10 13:27:33 +0000 2011](https://twitter.com/adulau/status/79177886908694529)) +---- +RT @circl_lu: BGP Ranking got a new worldmap with the highest malicious ranking per country http://bgpranking.circl.lu/maps #infosec #malware @bgpra ... + +(Originally on Twitter: [Sat Jun 11 11:35:08 +0000 2011](https://twitter.com/adulau/status/79511983501737984)) +---- +ospy looks interesting - "Advanced reverse-engineering tool for spying on Windows software" #windows #reversing http://fo.vc/3a + +(Originally on Twitter: [Sat Jun 11 16:33:57 +0000 2011](https://twitter.com/adulau/status/79587183673085952)) +---- +I found a winner for tonight : "a firewall layer-7 proxy not supporting gzip and passing compressed streams to the other end." #infosec + +(Originally on Twitter: [Sat Jun 11 19:25:20 +0000 2011](https://twitter.com/adulau/status/79630313977942016)) +---- +APT is Again Powned by Treating security as a certification process. #infosec + +(Originally on Twitter: [Sat Jun 11 19:45:12 +0000 2011](https://twitter.com/adulau/status/79635309528223745)) +---- +@slideshare Why a login is required to download a document on slideshare? Do you really want to break the Internet model? + +(Originally on Twitter: [Sun Jun 12 20:49:23 +0000 2011](https://twitter.com/adulau/status/80013849901797376)) +---- +http://fo.vc/3b A master's thesis proposal to move X.509 on top of DNSSEC using DANE.... In one semester for one or two students ;-) + +(Originally on Twitter: [Mon Jun 13 10:43:19 +0000 2011](https://twitter.com/adulau/status/80223717053042689)) +---- +@zoobab To summarize: FRAND sucks just like RAND licensing. That's why Royalty Free licenses is the only way to go in a free society.... + +(Originally on Twitter: [Mon Jun 13 10:48:03 +0000 2011](https://twitter.com/adulau/status/80224908365410305)) +---- +@zoobab FRAND must be ditched in favor of Royalty Free Licensing for free standards. But I think my lobbying force is near zero... + +(Originally on Twitter: [Mon Jun 13 11:09:40 +0000 2011](https://twitter.com/adulau/status/80230348474171393)) +---- +@unpacker looking at the Siemens advisory it seems there are no patches available today but the mitigation is to disable the HTTP server. + +(Originally on Twitter: [Wed Jun 15 05:54:48 +0000 2011](https://twitter.com/adulau/status/80875886190137344)) +---- +RT @circl_lu: A good reminder http://fo.vc/3d for all Bitcoin users why it's important to protect your wallet.dat (unencrypted). #bi ... + +(Originally on Twitter: [Wed Jun 15 09:17:49 +0000 2011](https://twitter.com/adulau/status/80926978928152576)) +---- +I have the impression to move a lot these past days... from #AIMS2011 to #FIRST2011 to National CSIRT meeting to what's next? + +(Originally on Twitter: [Thu Jun 16 16:30:08 +0000 2011](https://twitter.com/adulau/status/81398162367066112)) +---- +At #FIRST2011 it seems that Kenya will be the next source of attacks... looking at their cheap entry price for mobile operator. #infosec + +(Originally on Twitter: [Fri Jun 17 09:35:23 +0000 2011](https://twitter.com/adulau/status/81656173677383680)) +---- +@mikkohypponen Following your #FIRST2011 talk, what's the boundary between legitimate A/V businesses and fake A/V businesses? #virustotal + +(Originally on Twitter: [Fri Jun 17 09:38:49 +0000 2011](https://twitter.com/adulau/status/81657035590086656)) +---- +@mikkohypponen I was just wondering regarding your "mention" of some potential suspicious A/V vendors at VirusTotal. Thx. #FIRST2011 + +(Originally on Twitter: [Fri Jun 17 10:00:16 +0000 2011](https://twitter.com/adulau/status/81662436888948736)) +---- +@jcanto @bquintero Right. The question was mainly about submitting infected sensitive documents that could end up in various countries. + +(Originally on Twitter: [Sat Jun 18 09:44:45 +0000 2011](https://twitter.com/adulau/status/82020918762815488)) +---- +12 days left before the hack.lu CFP 2011 is officially closed. This year looks very promising... be part of it. #hacklu http://2011.hack.lu/cfp/ + +(Originally on Twitter: [Sat Jun 18 16:06:55 +0000 2011](https://twitter.com/adulau/status/82117094321291264)) +---- +at #metalab, listening to classical 8 bits songs. Nice #hackerspace. + +(Originally on Twitter: [Sat Jun 18 21:25:21 +0000 2011](https://twitter.com/adulau/status/82197231800827905)) +---- +@AcidRampage the performer during hack.lu 2009 was "playboy bend" #hacklu - for the preHack party on 19.09.2011 there might be some surprise + +(Originally on Twitter: [Sun Jun 19 07:14:45 +0000 2011](https://twitter.com/adulau/status/82345555858169856)) +---- +@lensassaman #metalab is indeed a kind of model for the other ones. I'm surprised there is no model reusing public librairies + #hackerspace + +(Originally on Twitter: [Sun Jun 19 07:17:27 +0000 2011](https://twitter.com/adulau/status/82346236107161600)) +---- +@AbuseHelper got a Twitter account. If you are interested in automatic incident handling, AbuseHelper is a nifty tool. #csirt #infosec #cert + +(Originally on Twitter: [Sun Jun 19 10:25:39 +0000 2011](https://twitter.com/adulau/status/82393597164523520)) +---- +After 7 successful check-in of my Leatherman by mistake in hand luggage, it failed Today. There are still some proper security check... + +(Originally on Twitter: [Mon Jun 20 15:20:11 +0000 2011](https://twitter.com/adulau/status/82830110109085696)) +---- +The GnuPG option of the day to avoid HKP requests based on key materials "--keyserver-options no-honor-keyserver-url" #pgp #gnupg + +(Originally on Twitter: [Mon Jun 20 20:21:59 +0000 2011](https://twitter.com/adulau/status/82906061056647168)) +---- +@AcidRampage 12.5% success rate is still very good for the security circus at the airport control. I didn't expect such result from a circus + +(Originally on Twitter: [Mon Jun 20 20:29:05 +0000 2011](https://twitter.com/adulau/status/82907845141606400)) +---- +Bad advice of the evening, don't type "keylogger" in the search box of pastebin.com. You'll be surprised... #infosec + +(Originally on Twitter: [Mon Jun 20 21:04:17 +0000 2011](https://twitter.com/adulau/status/82916705537503232)) +---- +@eff http://news.ycombinator.com/item?id=2677477 Why don't you use the bitcoins for the objectives of the EFF? instead of redistributing them randomly #bitcoin + +(Originally on Twitter: [Tue Jun 21 09:18:24 +0000 2011](https://twitter.com/adulau/status/83101452649766912)) +---- +RT @lennyzeltser: A reminder of the extent to which we rely on authentication: Dropbox passwords were optional for 4 hrs: http://j.mp/ka10Dd + +(Originally on Twitter: [Tue Jun 21 13:21:20 +0000 2011](https://twitter.com/adulau/status/83162589080719360)) +---- +@SteveClement It should be part of the minimal services for a "cloud" service. Providing you the logs of who accessed your account. #infosec + +(Originally on Twitter: [Tue Jun 21 13:27:18 +0000 2011](https://twitter.com/adulau/status/83164089785925633)) +---- +http://www.appseceu.org/wp-content/presentations/ OWASP AppSec presentations published #infosec + +(Originally on Twitter: [Tue Jun 21 14:33:33 +0000 2011](https://twitter.com/adulau/status/83180759644508160)) +---- +RT @adamshostack: RT @tillig: Our PCI assessor is so secure he locked himself out of his own car. Locksmith on site now. << PCI vs ... + +(Originally on Twitter: [Tue Jun 21 16:22:51 +0000 2011](https://twitter.com/adulau/status/83208266347315200)) +---- +@xme http://www.syncany.org/ is a good alternative for GNU/Linux users. + +(Originally on Twitter: [Tue Jun 21 19:05:04 +0000 2011](https://twitter.com/adulau/status/83249088983863296)) +---- +Cumulative prospect theory is a direct model for IT risk management and especially the usual mantra "we don't fix issues and wait..." + +(Originally on Twitter: [Tue Jun 21 19:37:40 +0000 2011](https://twitter.com/adulau/status/83257295064145920)) +---- +A B&W picture of @mikkohypponen at FIRST 2011 http://www.flickr.com/photos/adulau/5857551391/ #FIRST2011 + +(Originally on Twitter: [Tue Jun 21 21:21:31 +0000 2011](https://twitter.com/adulau/status/83283429327777792)) +---- +RT @unpacker: Evilcore Bootkit - Pwning Multiprocessor Systems http://bit.ly/lY49IC + +(Originally on Twitter: [Wed Jun 22 09:36:40 +0000 2011](https://twitter.com/adulau/status/83468437111840769)) +---- +http://www.openwall.com/lists/john-users/2011/06/22/1 John the Ripper 1.7.8 released including the new improved S-box expressions made by Roman Rusakov #infosec #crypto + +(Originally on Twitter: [Thu Jun 23 12:25:45 +0000 2011](https://twitter.com/adulau/status/83873373205168128)) +---- +@jaysonstreet I thought that PowerPoint is already #NSFW even without porn inside ;-) + +(Originally on Twitter: [Thu Jun 23 12:37:15 +0000 2011](https://twitter.com/adulau/status/83876267367215104)) +---- +A clever use of arxiv.org "A Novel Attack against Android Phones" as a proof for responsible disclosure http://arxiv.org/abs/1106.4184 #infosec + +(Originally on Twitter: [Thu Jun 23 12:43:22 +0000 2011](https://twitter.com/adulau/status/83877806475452416)) +---- +@Aissn I just hope that the paper will be replaced with the full paper after the graceful period. + +(Originally on Twitter: [Thu Jun 23 12:50:53 +0000 2011](https://twitter.com/adulau/status/83879701399076864)) +---- +@Aissn on arxiv.org, you can replace an article submitted http://arxiv.org/help/replace but the old one will remain accessible. + +(Originally on Twitter: [Thu Jun 23 13:06:46 +0000 2011](https://twitter.com/adulau/status/83883698574991361)) +---- +RT @circl_lu: LibreOffice 3.3 'Lotus Word Pro' document import filter contains multiple vulnerabilities -> 3.3.3/3.4.0 fixed http://t ... + +(Originally on Twitter: [Thu Jun 23 13:20:42 +0000 2011](https://twitter.com/adulau/status/83887203989721088)) +---- +What's the proportion of vulnerable applications listed n in robots.txt? It's usually very high. A good directory service for attackers... + +(Originally on Twitter: [Thu Jun 23 13:29:24 +0000 2011](https://twitter.com/adulau/status/83889391587700736)) +---- +@chux0r yes indeed robots.txt can be still used as nifty sinkholes or honeypots. Maybe they may have effects for tarpiting web malware... + +(Originally on Twitter: [Thu Jun 23 13:46:05 +0000 2011](https://twitter.com/adulau/status/83893593193979904)) +---- +"Early Phishing"-> AOL phishing attacks in 1995... #infosec #history http://arxiv.org/abs/1106.4692 + +(Originally on Twitter: [Fri Jun 24 10:35:22 +0000 2011](https://twitter.com/adulau/status/84207984594526208)) +---- +RT @teamcymru: bought anything from NATO's e-Bookshop? You may want to change your password #cybercrime http://bit.ly/kpgZM9 + +(Originally on Twitter: [Fri Jun 24 18:55:19 +0000 2011](https://twitter.com/adulau/status/84333799038648320)) +---- +RT @xme: Found this in my archives: Alternet Backbone map in 1995: http://twitpic.com/5g6ypd #collector #internet + +(Originally on Twitter: [Fri Jun 24 19:22:29 +0000 2011](https://twitter.com/adulau/status/84340638321098752)) +---- +@security4all I really enjoyed "Jamie at Home: Cook Your Way to the Good Life" #gardening and #cooking is a nice mix. + +(Originally on Twitter: [Fri Jun 24 20:03:04 +0000 2011](https://twitter.com/adulau/status/84350850973175808)) +---- +A PIN tool extension to trace malware and reimport the result into IDA pro for tagging the disassembled code nifty http://code.google.com/p/tartetatintools/ + +(Originally on Twitter: [Sat Jun 25 10:17:06 +0000 2011](https://twitter.com/adulau/status/84565775830089728)) +---- +@davanac "Facebook has become the wiring hub of the connected Web " Ah bon? Facebook c'est plutôt le nouveau AOL ou MSN classic #privateweb + +(Originally on Twitter: [Sat Jun 25 10:29:14 +0000 2011](https://twitter.com/adulau/status/84568826905247744)) +---- +I didn't know that No Starch Press just published a second edition of the "IDA Pro book" http://nostarch.com/idapro2.htm any review? + +(Originally on Twitter: [Sat Jun 25 10:46:32 +0000 2011](https://twitter.com/adulau/status/84573182236966912)) +---- +http://www.imperialviolet.org/2011/06/12/goopenpgp.html - http://golang.org/pkg/crypto/openpgp/ OpenPGP support in Go #golang + +(Originally on Twitter: [Sat Jun 25 11:09:05 +0000 2011](https://twitter.com/adulau/status/84578855574179840)) +---- +RT @hack_lu: @securitycfp last 5 days before end of CfP for #hacklu 2011 topics include network/system security, reversing but also hard ... + +(Originally on Twitter: [Sat Jun 25 11:35:31 +0000 2011](https://twitter.com/adulau/status/84585509191548928)) +---- +RT @0x58: Anybody has experience with #google map api & #geocoding where the returned #json array is truncated using #pycurl? #python (R ... + +(Originally on Twitter: [Sun Jun 26 08:21:53 +0000 2011](https://twitter.com/adulau/status/84899169340375041)) +---- +RT @rfc3849: Mac OS X 10.6 Snow Leopard Security Configuration http://bit.ly/macsec #osx #mac #security #pdf + +(Originally on Twitter: [Mon Jun 27 09:30:25 +0000 2011](https://twitter.com/adulau/status/85278801944260608)) +---- +RT @circl_lu: Remote "vulnerability"/DoS in l2cap configuration request (via Bluetooth) on Linux kernel http://marc.info/?l=linux-bluetooth&m=130891949809746&w=2 #infosec + +(Originally on Twitter: [Mon Jun 27 14:47:52 +0000 2011](https://twitter.com/adulau/status/85358692576403456)) +---- +http://www.mathieu-g.be/en/2011/05/constant-osf-family/ real furniture designs available under a free art license... free software hits the physical world #beyondfreesoftware + +(Originally on Twitter: [Mon Jun 27 15:59:06 +0000 2011](https://twitter.com/adulau/status/85376616267644928)) +---- +Ubuntu smoked crack while designing the new configuration model for Grub 2 (grub-pc) - we don't need abstraction, keep simple config files. + +(Originally on Twitter: [Wed Jun 29 13:37:38 +0000 2011](https://twitter.com/adulau/status/86065791799263232)) +---- +@Aissn The causes are diffuse (grub-pc script in Ubuntu is a bit messy). Where the broken LVM over softRAID support is more Grub 2 related. + +(Originally on Twitter: [Wed Jun 29 14:47:31 +0000 2011](https://twitter.com/adulau/status/86083379027652608)) +---- +"Common Weakness Scoring System" CWSS it's an extended CVSS including environmental context... still very approximative http://cwe.mitre.org/cwss/ + +(Originally on Twitter: [Thu Jun 30 08:24:04 +0000 2011](https://twitter.com/adulau/status/86349268528541696)) +---- +@fboule sorry to say that but that's the same shit with grub-pc ;-) + +(Originally on Twitter: [Thu Jun 30 09:18:27 +0000 2011](https://twitter.com/adulau/status/86362955079368705)) +---- +"2011 CWE/SANS Top 25 Most Dangerous Software Error" published June 29, 2011 - a good overview #infosec http://cwe.mitre.org/top25/index.html + +(Originally on Twitter: [Fri Jul 01 10:31:07 +0000 2011](https://twitter.com/adulau/status/86743630328508416)) +---- +GNUnet Emulation Framework Paper Accepted accepted at CSET'11 workshop (USENIX 2011) https://gnunet.org/node/1298 #p2p #p2ptesting #dht + +(Originally on Twitter: [Sat Jul 02 08:33:38 +0000 2011](https://twitter.com/adulau/status/87076452260003840)) +---- +http://tools.ietf.org/html/rfc6302 "Internet-Facing Server Logging" officially recommends to log the source port number along with the IP address #rfc6302 + +(Originally on Twitter: [Sat Jul 02 08:38:57 +0000 2011](https://twitter.com/adulau/status/87077789781602304)) +---- +@ndw The first programming language must be at least two programming languages. So, your nephew will build his ability to compare them. + +(Originally on Twitter: [Sat Jul 02 08:59:10 +0000 2011](https://twitter.com/adulau/status/87082877514293249)) +---- +https://github.com/inquisb/shellcodeexec "shellcodeexec is a small script to execute in memory a sequence of opcodes." not tested but looks very handy. #infosec + +(Originally on Twitter: [Sat Jul 02 15:08:26 +0000 2011](https://twitter.com/adulau/status/87175807851704322)) +---- +The 10 years old feature request in Thunderbird https://bugzilla.mozilla.org/show_bug.cgi?id=86405 being able to edit LDAP address book... + +(Originally on Twitter: [Sat Jul 02 19:12:27 +0000 2011](https://twitter.com/adulau/status/87237215758991360)) +---- +"Emails from PayPal will always address you by your first and last name." Whoaaaa that's a security measure, read in a real @paypal email. + +(Originally on Twitter: [Mon Jul 11 07:48:53 +0000 2011](https://twitter.com/adulau/status/90326679569956864)) +---- +@lensassaman We will miss you. A brilliant mind and a great human being. + +(Originally on Twitter: [Mon Jul 11 19:54:00 +0000 2011](https://twitter.com/adulau/status/90509162810851328)) +---- +RT @BoozAllen: As part of @BoozAllen security policy, we generally do not comment on specific threats or actions taken against our systems. + +(Originally on Twitter: [Mon Jul 11 20:04:53 +0000 2011](https://twitter.com/adulau/status/90511899954917376)) +---- +LiveJournal updated its privacy policy to include some "clarification" with third parties advertisers #goodiff #quuxlabs http://fo.vc/3g + +(Originally on Twitter: [Tue Jul 12 20:44:33 +0000 2011](https://twitter.com/adulau/status/90884270821879809)) +---- +http://durandal-project.org/ "Distributed CPU/GPU Hash Cracker" #infosec + +(Originally on Twitter: [Wed Jul 13 07:14:57 +0000 2011](https://twitter.com/adulau/status/91042917728256000)) +---- +Using Redis for Passive DNS - some figures with my current experiment https://plus.google.com/112095729959662313642/posts/L5ptPBvC4Gq #redis #infosec + +(Originally on Twitter: [Wed Jul 13 08:37:27 +0000 2011](https://twitter.com/adulau/status/91063679033950208)) +---- +RT @bortzmeyer: Van Jacobson et le réseau centré sur le contenu http://www.bortzmeyer.org/van-jacobson-ccn.html + +(Originally on Twitter: [Wed Jul 13 09:12:27 +0000 2011](https://twitter.com/adulau/status/91072484773855232)) +---- +A nice initiative from UCL to develop an open-source networking textbook licensed under the CC BY-SA (book in ReST) http://inl.info.ucl.ac.be/CNP3/ + +(Originally on Twitter: [Thu Jul 14 21:12:59 +0000 2011](https://twitter.com/adulau/status/91616203453374466)) +---- +RT @circl_lu: http://www.kb.cert.org/vuls/id/122054 HP ArcSight Connector Appliance XSS vulnerability #CVE-2011-0770 #siem #infosec + +(Originally on Twitter: [Mon Jul 18 13:49:52 +0000 2011](https://twitter.com/adulau/status/92954238036082688)) +---- +https://telex.cc/ "Anticensorship in the Network Infrastructure" it seems to be a complement to Tor... #privacy + +(Originally on Twitter: [Mon Jul 18 14:35:05 +0000 2011](https://twitter.com/adulau/status/92965621226143746)) +---- +RT @raf_iot: http://www.2villepin2012.fr/ == http://www.conseil-funeraire.fr (via @mourphy) + +(Originally on Twitter: [Mon Jul 18 14:45:36 +0000 2011](https://twitter.com/adulau/status/92968265936146432)) +---- +made a quick-and-dirty script to read top articles from lesoir.be on his Kindle without the advertising... https://github.com/adulau/lesoir2text/ #belgium + +(Originally on Twitter: [Mon Jul 18 20:21:13 +0000 2011](https://twitter.com/adulau/status/93052726820343808)) +---- +RT @jduck1337: Analysis of the jailbreakme v3 font exploit - Sogeti ESEC Lab http://j.mp/raw41D + +(Originally on Twitter: [Mon Jul 18 20:29:52 +0000 2011](https://twitter.com/adulau/status/93054904637202432)) +---- +http://oreilly.com/catalog/0790145316974/ "Windows Sysinternals Administrator’s Reference" book published. any good review? #infosec + +(Originally on Twitter: [Tue Jul 19 09:24:01 +0000 2011](https://twitter.com/adulau/status/93249722847989761)) +---- +RT @bortzmeyer: The ten years of the Jabber foundation: https://stpeter.im/index.php/2011/07/12/xsf-10/ #XMPP + +(Originally on Twitter: [Tue Jul 19 10:54:38 +0000 2011](https://twitter.com/adulau/status/93272530311315456)) +---- +RT @mikkohypponen: Murdoch is offended that Lulzsec broke in just to create some news. + +Hmm... Didn't his newspaper use exactly the sam ... + +(Originally on Twitter: [Tue Jul 19 11:55:26 +0000 2011](https://twitter.com/adulau/status/93287830071164928)) +---- +@Securelist I tried to reproduce the 30% rate of AXFR allowed from all the IANA TLDs without success. Did you perform the AXFR for each TLD? + +(Originally on Twitter: [Tue Jul 19 13:02:51 +0000 2011](https://twitter.com/adulau/status/93304797389783040)) +---- +RT @LaF0rge: is there no #firefox pluging for removing those stupid #google redirect URLs out of search results? + +(Originally on Twitter: [Tue Jul 19 14:23:17 +0000 2011](https://twitter.com/adulau/status/93325038949904384)) +---- +http://blog.snort.org/2011/07/snort-291-rc-is-now-available-including.html IP Reputation preprocessor in Snort 2.9.1 (maybe a nifty way to integrate BGP Ranking dataset within Snort) @bgpranking + +(Originally on Twitter: [Tue Jul 19 15:50:55 +0000 2011](https://twitter.com/adulau/status/93347091769864192)) +---- +hamake - Hadoop Make utility based on a dependency graph between each dataset to be processed http://code.google.com/p/hamake/ #mapreduce + +(Originally on Twitter: [Tue Jul 19 20:15:11 +0000 2011](https://twitter.com/adulau/status/93413597304209409)) +---- +RT @moxie__: @maradydd @sirvaliance Yes, I keep seeing research and thinking "great, another idea that will never be fully implemented." + +(Originally on Twitter: [Wed Jul 20 05:35:16 +0000 2011](https://twitter.com/adulau/status/93554546084814848)) +---- +http://arxiv.org/abs/1107.3593 "Privacy-Enhanced Methods for Comparing Compressed DNA Sequences" but still vague regarding the algo used #privacy #dna + +(Originally on Twitter: [Wed Jul 20 08:05:03 +0000 2011](https://twitter.com/adulau/status/93592238298378240)) +---- +RT @0x58: Hahah today's #xkcd cannot be more true http://xkcd.com/927/ #universalStandard + +(Originally on Twitter: [Wed Jul 20 08:06:12 +0000 2011](https://twitter.com/adulau/status/93592530536509440)) +---- +@garybernhardt Maybe a review of the key-value store libraries/interfaces for Python... #python + +(Originally on Twitter: [Wed Jul 20 19:56:26 +0000 2011](https://twitter.com/adulau/status/93771265919287296)) +---- +"Sending Hidden Data via Google Suggest" http://arxiv.org/abs/1107.4062 A clever 10bit/s steganography ... #infosec #google #stegano + +(Originally on Twitter: [Thu Jul 21 11:25:17 +0000 2011](https://twitter.com/adulau/status/94005020080615424)) +---- +@fboule You made my day. The MAC address authentication for VPN was a funny joke. Euuuh? It's not a joke? #infoseconcrack + +(Originally on Twitter: [Thu Jul 21 21:43:08 +0000 2011](https://twitter.com/adulau/status/94160503433211904)) +---- +RT @aumasson: the submission server of CT-RSA 2012 is now up https://ctrsa2012.cs.haifa.ac.il/iChair/ + +(Originally on Twitter: [Fri Jul 22 05:54:09 +0000 2011](https://twitter.com/adulau/status/94284073417191424)) +---- +@roessler out of my mind... two pencils, a book corner, a glossy paper that can cut two fingers in a row and a badly soldered arduino board. + +(Originally on Twitter: [Fri Jul 22 08:43:09 +0000 2011](https://twitter.com/adulau/status/94326604347617280)) +---- +RT @xme: Saw a security awareness msg: "Don't click on suspicious e-mails!" < Why only "suspicious"? Most dangerous ones aren't! + +(Originally on Twitter: [Mon Jul 25 09:38:34 +0000 2011](https://twitter.com/adulau/status/95427712302333952)) +---- +Don't forget if you check SSH fingerprints, that the new version of OpenSSH is not only RSA or DSA fingerprints to check but also ECDSA FP. + +(Originally on Twitter: [Mon Jul 25 14:16:21 +0000 2011](https://twitter.com/adulau/status/95497621598244864)) +---- +We have computers to automate stuff and I still can't share automatically my flickr / rss streams to google+ wtf? http://www.flickr.com/photos/adulau/ #fail + +(Originally on Twitter: [Mon Jul 25 20:38:03 +0000 2011](https://twitter.com/adulau/status/95593679087087616)) +---- +If you still use xargs, you should really have a look at GNU Parallel. http://www.gnu.org/s/parallel/ a nice piece of software #unix #distributed + +(Originally on Twitter: [Tue Jul 26 20:57:45 +0000 2011](https://twitter.com/adulau/status/95961024884260864)) +---- +RT @oletange: @guguscat @adulau If you want a package as part of the distribution, this is the bug to push: https://bugs.launchpad.net/ubuntu/+bug/740630 + +(Originally on Twitter: [Wed Jul 27 06:23:53 +0000 2011](https://twitter.com/adulau/status/96103494431416320)) +---- +RT @circl_lu: "The science of password selection" A nice and exhaustive review on how people choose their password. #infosech http://t.c ... + +(Originally on Twitter: [Thu Jul 28 07:59:19 +0000 2011](https://twitter.com/adulau/status/96489899632500736)) +---- +@superlol did you activate the Kernel dump? gdb -c "/PanicDumps/...." and dump the stack... maybe you just found a vulnerable application? + +(Originally on Twitter: [Thu Jul 28 09:46:18 +0000 2011](https://twitter.com/adulau/status/96516823377395712)) +---- +A new version of Arachni is out (0.3) - Check the modules some are quite useful for web pentesting http://arachni.segfault.gr/ #infosec + +(Originally on Twitter: [Thu Jul 28 15:16:40 +0000 2011](https://twitter.com/adulau/status/96599960627314688)) +---- +@ALDIAustralia Are the Conficker infected external hard drive distributed outside Australia? #infosec http://www.zdnet.com.au/aldi-sells-hard-drives-with-malware-inside-339319481.htm + +(Originally on Twitter: [Fri Jul 29 09:18:09 +0000 2011](https://twitter.com/adulau/status/96872128841924608)) +---- +RT @aumasson: only two days left to submit your papers to http://2011.indocrypt.org/ + +(Originally on Twitter: [Fri Jul 29 09:40:35 +0000 2011](https://twitter.com/adulau/status/96877770759606272)) +---- +RT @Ivanlef0u: I really hate when someone present a tool at a conference but doesn't publish it after. Guess I should recode it by mysel ... + +(Originally on Twitter: [Fri Jul 29 09:54:35 +0000 2011](https://twitter.com/adulau/status/96881297192001536)) +---- +I should not listen Labiur when cleaning of my desk, it's even more messy after. #electronicmusic #belgium + +(Originally on Twitter: [Sat Jul 30 09:00:53 +0000 2011](https://twitter.com/adulau/status/97230169516941313)) +---- +@sam280 Is the approach to select the appropriate parameters a common one? As BKZ security depends on the difficulty to find the SVP? + +(Originally on Twitter: [Sat Jul 30 20:47:11 +0000 2011](https://twitter.com/adulau/status/97407916776239105)) +---- +"William's miscellaneous git tools" The git-wtf looks very nifty... to be tested. http://git-wt-commit.rubyforge.org/ #gif #scm + +(Originally on Twitter: [Sat Jul 30 20:54:55 +0000 2011](https://twitter.com/adulau/status/97409860680949761)) +---- +@0x58 When I saw a Trojan named "BASH", I was expecting something really different than a fake and trojaned Flash installation ;-) + +(Originally on Twitter: [Mon Aug 01 08:02:29 +0000 2011](https://twitter.com/adulau/status/97940248369168384)) +---- +RT @jedisct1: Erlang/OTP SSH Library Random Number Generator Weakness: http://bit.ly/n5B3jH + +(Originally on Twitter: [Mon Aug 01 19:46:29 +0000 2011](https://twitter.com/adulau/status/98117415099039744)) +---- +@sam280 Thank you. For your information, there is a discussion on HN on the Homomorphic Encryption topic: http://news.ycombinator.com/item?id=2826687 #crypto + +(Originally on Twitter: [Tue Aug 02 08:52:13 +0000 2011](https://twitter.com/adulau/status/98315151983382528)) +---- +RT @circl_lu: http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/ "Zero Day Vulnerability in Many Wordpress Themes" if they use timthumb.php (an image re-sizing tool), ... + +(Originally on Twitter: [Tue Aug 02 12:22:26 +0000 2011](https://twitter.com/adulau/status/98368054085423105)) +---- +RT @gal_diskin: RT @hack_lu More speakers added to the list. See urself at http://2011.hack.lu/index.php/List#List_of_Talks #hacklu << I'll be giving #DBI workshop + +(Originally on Twitter: [Tue Aug 02 14:42:02 +0000 2011](https://twitter.com/adulau/status/98403185483464704)) +---- +RT @y0m: Forensic Challenge 9 - "Mobile Malware" - http://bit.ly/qRGimK #mobile #forensic #challenge #honeynet + +(Originally on Twitter: [Wed Aug 03 13:40:27 +0000 2011](https://twitter.com/adulau/status/98750076406611968)) +---- +RT @NolanBushnell: At Atari we hired based on hobbies and not grades in school. We ended up with he best engineering group in the world. + +(Originally on Twitter: [Wed Aug 03 19:46:19 +0000 2011](https://twitter.com/adulau/status/98842150095171584)) +---- +RT @reversemode: "Easter egg in two versions of the S7-300 PLC firmware" "html file that depicts a handful of dancing chimpanzees" http: ... + +(Originally on Twitter: [Thu Aug 04 12:48:24 +0000 2011](https://twitter.com/adulau/status/99099366194819073)) +---- +"An agile, distributed, and secure alternative to the Certificate Authority system." https://github.com/moxie0/Convergence http://convergence.io/ + +(Originally on Twitter: [Fri Aug 05 07:03:24 +0000 2011](https://twitter.com/adulau/status/99374929698496512)) +---- +Is this bug really or correctly fixed in Chrome? http://code.google.com/p/chromium/issues/detail?id=1622 or the EV validation of this certificate is still missing? #x509 + +(Originally on Twitter: [Fri Aug 05 09:04:02 +0000 2011](https://twitter.com/adulau/status/99405287441698816)) +---- +@soufron pourtant c'est le cas. La quantité des textes législatifs (avec interaction) augmente la complexité générale de leur analyse. + +(Originally on Twitter: [Fri Aug 05 09:11:19 +0000 2011](https://twitter.com/adulau/status/99407122151899136)) +---- +@soufron Je ne vois pas comment un parser peut faire mieux que des juges qui font déjà des interprétations diff. d'un même texte législatif + +(Originally on Twitter: [Fri Aug 05 09:21:13 +0000 2011](https://twitter.com/adulau/status/99409613719486465)) +---- +RT @0x58: "Unfortunately, the current generation of mail programs do not have checkers to see if the sender knows what he is talking abo ... + +(Originally on Twitter: [Fri Aug 05 09:29:14 +0000 2011](https://twitter.com/adulau/status/99411630802206720)) +---- +RT @mruef: @0x58 Not a problem at all: Screen the mail sig with a regex for CISSP, CISA, MCSE, etc. to determine lack of substance ;) + +(Originally on Twitter: [Fri Aug 05 09:33:40 +0000 2011](https://twitter.com/adulau/status/99412746445127680)) +---- +When you read in a vendor blog post "it's very hard to compromise", you should be really worried if you use their product. #infosec + +(Originally on Twitter: [Fri Aug 05 09:36:11 +0000 2011](https://twitter.com/adulau/status/99413382117081088)) +---- +@FunkySteph you too, enjoy your day and (sunny?) weekend. By the way, we still need to find a day for a lunch... (before #hacklu 2011 ;-) + +(Originally on Twitter: [Fri Aug 05 09:40:09 +0000 2011](https://twitter.com/adulau/status/99414377303773184)) +---- +RT @aumasson: perhaps the first fault analysis publication on a hash function to be presented at FDTC'11 (on SHA1) + +(Originally on Twitter: [Fri Aug 05 12:39:26 +0000 2011](https://twitter.com/adulau/status/99459496220438528)) +---- +"TCP/IP Illustrated, Volume 1, Second Edition" Nov 2011, Hardback, 1008 pages. I can't wait until November. I hope as good as the original + +(Originally on Twitter: [Fri Aug 05 13:55:59 +0000 2011](https://twitter.com/adulau/status/99478761560481792)) +---- +@mruef @y0m right, the style of R. Stevens was great and very accesible. I'll pre-order... + +(Originally on Twitter: [Fri Aug 05 14:04:26 +0000 2011](https://twitter.com/adulau/status/99480888420745216)) +---- +"(gcalcli) Google Calendar Command Line Interface" in Python and seems quite nifty... http://code.google.com/p/gcalcli/ + +(Originally on Twitter: [Fri Aug 05 20:16:51 +0000 2011](https://twitter.com/adulau/status/99574608080023552)) +---- +@snazmeister We work with with everyone even some funky Brits ;-) By the way, don't forget to say hi to the Swedish guy. + +(Originally on Twitter: [Sat Aug 06 06:40:53 +0000 2011](https://twitter.com/adulau/status/99731653248827392)) +---- +@ChrisJohnRiley What ZDI is doing with the remaining 70%? It's rejected and discarded. Or do they keep them to validate other submissions? + +(Originally on Twitter: [Sat Aug 06 06:47:11 +0000 2011](https://twitter.com/adulau/status/99733239089987585)) +---- +A small reminder the printers are vulnerable with or without search engine. Usually there is an emphasis on the search engine by the vendor. + +(Originally on Twitter: [Sat Aug 06 06:50:28 +0000 2011](https://twitter.com/adulau/status/99734064810045440)) +---- +RT @cudeso: #adobeedge fires up a local webserver at localhost:54321 #security ? + +(Originally on Twitter: [Sat Aug 06 13:21:19 +0000 2011](https://twitter.com/adulau/status/99832426641096704)) +---- +@2le_net Amapy semble sympa. Où est le code source de l'application? #organic #bio + +(Originally on Twitter: [Sat Aug 06 15:21:35 +0000 2011](https://twitter.com/adulau/status/99862689790164992)) +---- +A small note to journalists "expert" in economy: "the bond market" is not the "the stock market". #economy #finance + +(Originally on Twitter: [Sat Aug 06 16:31:43 +0000 2011](https://twitter.com/adulau/status/99880341455642624)) +---- +https://code.google.com/p/moshimoshi/ "Moshi Moshi is a VoIP Bot written in Python that uses SIP as VoIP Protocol" #infosec #malware + +(Originally on Twitter: [Sun Aug 07 06:41:51 +0000 2011](https://twitter.com/adulau/status/100094284405030912)) +---- +http://blog.mandiant.com/archives/1899 "Exploring Artifacts in Heap Memory with Heap Inspector" until now, works only with live system analysis. #infosec + +(Originally on Twitter: [Sun Aug 07 06:50:24 +0000 2011](https://twitter.com/adulau/status/100096433507676161)) +---- +@novytweety Funny. During the night, they might be even some confusion... you know "every moment is an experience". + +(Originally on Twitter: [Sun Aug 07 16:53:33 +0000 2011](https://twitter.com/adulau/status/100248221196103681)) +---- +RT @i0n1c: Last day in Vegas about to get started. 8 days in Vegas are more than enough. + +(Originally on Twitter: [Sun Aug 07 17:05:47 +0000 2011](https://twitter.com/adulau/status/100251301216133120)) +---- +@gitfr C'est simple comme le "git push" ne connait pas l'état de la branche master en checkout (ainsi que son index) sur le remote... + +(Originally on Twitter: [Sun Aug 07 20:58:24 +0000 2011](https://twitter.com/adulau/status/100309842182406144)) +---- +@gitfr mais c'est un effet de bord uniquement sur la branche master. Rien n'empeche le push sur une autre branche... + +(Originally on Twitter: [Sun Aug 07 20:59:51 +0000 2011](https://twitter.com/adulau/status/100310207552430080)) +---- +https://github.com/r0ket/r0ket the code and hardware behind the badge for the Chaos Communication Camp 2011 - what the cost of the hardware? + +(Originally on Twitter: [Sun Aug 07 21:05:43 +0000 2011](https://twitter.com/adulau/status/100311681300828160)) +---- +@imrim the recommendation should be more: "Beware of software and hardware in enterprise..." #everythingisvulnerable + +(Originally on Twitter: [Mon Aug 08 08:15:09 +0000 2011](https://twitter.com/adulau/status/100480150554157057)) +---- +@dakami Do you plan to release Phidelius source code in a near future? It looks very promising. + +(Originally on Twitter: [Mon Aug 08 08:18:37 +0000 2011](https://twitter.com/adulau/status/100481025192378368)) +---- +RT @jeffreycarr: What's ironic about Mcafee's whitepaper is that McAfee is leveraging Shady RAT for marketing value but they have no pro ... + +(Originally on Twitter: [Mon Aug 08 08:57:05 +0000 2011](https://twitter.com/adulau/status/100490702965841920)) +---- +@dakami Thank you. If you need some help for the release, don't hesitate. + +(Originally on Twitter: [Tue Aug 09 08:09:37 +0000 2011](https://twitter.com/adulau/status/100841146149908480)) +---- +RT @circl_lu: http://blog.trendmicro.com/analysis-of-bkdr_sogu-a-database-accessing-malware/ "Analysis of BKDR_SOGU.A, Database-Accessing Malware" another good reason to enable logging on ODBC co ... + +(Originally on Twitter: [Tue Aug 09 08:32:30 +0000 2011](https://twitter.com/adulau/status/100846903452905473)) +---- +RT @unpacker: [HexBlog] New feature in IDA 6.2: The proximity browser http://bit.ly/o2JCyG + +(Originally on Twitter: [Tue Aug 09 11:34:48 +0000 2011](https://twitter.com/adulau/status/100892784231329793)) +---- +https://github.com/kaepora/cryptocat/ Source code of cryptocat, an encrypted web chatroom. Nice but how do you verify the remote JS crypto code? signed JS? + +(Originally on Twitter: [Tue Aug 09 20:03:46 +0000 2011](https://twitter.com/adulau/status/101020868678909953)) +---- +http://www.social-europe.eu/2011/08/the-london-riots-on-consumerism-coming-home-to-roost/ "The London Riots – On Consumerism coming Home to Roost" the old division is still existing just in a different form + +(Originally on Twitter: [Tue Aug 09 20:11:05 +0000 2011](https://twitter.com/adulau/status/101022707709263873)) +---- +I like when my neighbour brings his laptop, I get usually more malware sample on it than on an old Nepenthes collector. #honeypot + +(Originally on Twitter: [Tue Aug 09 20:26:16 +0000 2011](https://twitter.com/adulau/status/101026529835892736)) +---- +RT @mattblaze: Our #Usenix Security paper on weaknesses in P25 2-way radios is out today. See http://crypto.com/p25 + +(Originally on Twitter: [Wed Aug 10 14:03:05 +0000 2011](https://twitter.com/adulau/status/101292486701498368)) +---- +http://git.xelerance.com/cgi-bin/gitweb.cgi?p=ldnsx.git;a=tree Frustrated with the ldns Python module? you should have a look at ldnsx... time to move to ldnsx. #python #dns + +(Originally on Twitter: [Wed Aug 10 20:24:55 +0000 2011](https://twitter.com/adulau/status/101388579955154944)) +---- +@kaizeronion Russula foetens or gyromitra esculenta? pick the right one. + +(Originally on Twitter: [Thu Aug 11 17:36:01 +0000 2011](https://twitter.com/adulau/status/101708459694768128)) +---- +RT @paulg: 2011 Startup School, October 29 at Stanford: http://startupschool.org + +(Originally on Twitter: [Thu Aug 11 17:44:13 +0000 2011](https://twitter.com/adulau/status/101710524043108352)) +---- +RT @ochsff: WTF is wrong with Damballa? SpyEye source has not been released, it was a post on how to crack the (binary) builder! Noobs! :( + +(Originally on Twitter: [Fri Aug 12 09:35:05 +0000 2011](https://twitter.com/adulau/status/101949818762571776)) +---- +RT @_saadk: Société Générale rises as a global worry #NYT http://nyti.ms/qzxMwI #economy #2008dejavu + +(Originally on Twitter: [Sat Aug 13 05:44:40 +0000 2011](https://twitter.com/adulau/status/102254220278906880)) +---- +RT @PatrickFrench2: The only shop NOT looted down the road from where I live was Waterstones. I guess the rioters have Kindles - bought ... + +(Originally on Twitter: [Sat Aug 13 05:49:35 +0000 2011](https://twitter.com/adulau/status/102255455887306752)) +---- +https://paulsparrows.wordpress.com/2011/08/11/one-year-of-android-malware-full-list/ "One Year Of Android Malware (Full List)" I'm not sure it's really the "full list", it's easy to miss a Malware. + +(Originally on Twitter: [Sat Aug 13 07:40:51 +0000 2011](https://twitter.com/adulau/status/102283458889531393)) +---- +@safecastdotorg Why user submitted European measures don't appear on the safecast map? #radioactivity + +(Originally on Twitter: [Sat Aug 13 08:03:27 +0000 2011](https://twitter.com/adulau/status/102289147036831744)) +---- +http://thc.org/thc-ipv6/ THC-IPV6 v1.8 "CCC Camp release" with more than 40 ipv6 security tools #infosec #ipv6 + +(Originally on Twitter: [Sat Aug 13 15:53:55 +0000 2011](https://twitter.com/adulau/status/102407542050791424)) +---- +@safecastdotorg The map is http://maps.safecast.org/fusion - which one is showing all the submitted values? thank you. + +(Originally on Twitter: [Sat Aug 13 23:07:42 +0000 2011](https://twitter.com/adulau/status/102516706102087681)) +---- +http://wiki.qemu.org/ChangeLog/0.15 qemu 0.15 released. Major improvement in the ARM support. + +(Originally on Twitter: [Sun Aug 14 07:54:20 +0000 2011](https://twitter.com/adulau/status/102649241498943488)) +---- +http://pandas.sourceforge.net/index.html "pandas: a python data analysis library" The DataFrame model looks very nice when handling date-based series. #python + +(Originally on Twitter: [Mon Aug 15 12:30:58 +0000 2011](https://twitter.com/adulau/status/103081244383916032)) +---- +http://blog.eset.com/2011/08/15/warming-up-for-the-autumn-conferences "Warming up for the Autumn Conferences" Pierre-Marc Bureau will also give a keynote at #hacklu 2011. #conference + +(Originally on Twitter: [Mon Aug 15 12:34:15 +0000 2011](https://twitter.com/adulau/status/103082069135065088)) +---- +RT @hack_lu: http://2011.hack.lu/index.php/List#Keynote2 second keynote announced "Security Problems in Operational Navy Systems, Industrial Point of View" by D ... + +(Originally on Twitter: [Tue Aug 16 08:15:54 +0000 2011](https://twitter.com/adulau/status/103379444068130816)) +---- +http://arxiv.org/abs/1108.2704 Attacks on Local Searching Tools like Google Desktop Search #infosec + +(Originally on Twitter: [Tue Aug 16 09:24:24 +0000 2011](https://twitter.com/adulau/status/103396679838990337)) +---- +http://article.gmane.org/gmane.linux.network/203223 "Improve sequence number generation." in Linux Kernel. Moving TCP sequence gen. from partial MD4 to MD5. #infosec + +(Originally on Twitter: [Tue Aug 16 09:56:42 +0000 2011](https://twitter.com/adulau/status/103404810979651584)) +---- +@pello "...we moved from MD5 to a cut-down version +of MD4 because it was causing significant performance issues..." in 2002 from Ted Ts'o. + +(Originally on Twitter: [Wed Aug 17 15:03:09 +0000 2011](https://twitter.com/adulau/status/103844317671604225)) +---- +https://plus.google.com/112095729959662313642/posts/JD1QUttcPvh is working on a second version of the Wiki Creativity Index #metric #creativity #wiki + +(Originally on Twitter: [Wed Aug 17 21:44:18 +0000 2011](https://twitter.com/adulau/status/103945269586038785)) +---- +http://googleonlinesecurity.blogspot.com/2011/08/four-years-of-web-malware.html "Four Years of Web Malware" interesting statistics from Google showing an increase in IP cloacking. #infosec + +(Originally on Twitter: [Thu Aug 18 05:36:00 +0000 2011](https://twitter.com/adulau/status/104063977436364801)) +---- +Call for testing: OpenSSH-5.9 (including sandboxing in pre-auth privsep process) http://www.gossamer-threads.com/lists/openssh/dev/52382 + +(Originally on Twitter: [Thu Aug 18 05:49:03 +0000 2011](https://twitter.com/adulau/status/104067263728070656)) +---- +The ArDrone corruption to be presented at hack.lu 2011 http://2011.hack.lu/index.php/List#ArDrone #hacklu #infosec + +(Originally on Twitter: [Thu Aug 18 09:49:45 +0000 2011](https://twitter.com/adulau/status/104127834661986305)) +---- +http://msmvps.com/blogs/spywaresucks/archive/2011/08/18/1797801.aspx Interesting police fine spam/malware with forged headers or compromised server? #infosec #malware + +(Originally on Twitter: [Thu Aug 18 12:29:33 +0000 2011](https://twitter.com/adulau/status/104168052286963712)) +---- +@hsf2012 @syn2cat @security4all @wimremes Why not having a rotating summer camp/festival in Benelux each year? #hackerspace + +(Originally on Twitter: [Thu Aug 18 12:46:15 +0000 2011](https://twitter.com/adulau/status/104172253473812480)) +---- +@hsf2012 great news. do you have already a fixed or foreseen date for the festival in 2012? to fix the agenda ;-) #hackerspace + +(Originally on Twitter: [Thu Aug 18 13:09:04 +0000 2011](https://twitter.com/adulau/status/104177995769577472)) +---- +RT @edarchis: When you hear thunder outside and see your lights flashing off/on, you're happy to hear the clicking sound of your UPS tak ... + +(Originally on Twitter: [Thu Aug 18 17:00:37 +0000 2011](https://twitter.com/adulau/status/104236266203254784)) +---- +RT @circl_lu: http://www.securelist.com/en/blog/208193084/The_Miner_Botnet_Bitcoin_Mining_Goes_Peer_To_Peer "The Miner Botnet: Bitcoin Mining Goes Peer-To-Peer" #bitcoin #malware #p2p + +(Originally on Twitter: [Fri Aug 19 15:41:55 +0000 2011](https://twitter.com/adulau/status/104578851232940032)) +---- +@novytweety http://www.chassepierre.be/ + +(Originally on Twitter: [Sat Aug 20 07:19:53 +0000 2011](https://twitter.com/adulau/status/104814899196203009)) +---- +http://code.google.com/p/binwalk/ "Firmware Analysis Tool" might be useful with this trend of malware trying to hide stuff at strange places... + +(Originally on Twitter: [Sat Aug 20 07:52:27 +0000 2011](https://twitter.com/adulau/status/104823092337061888)) +---- +@bortzmeyer I'll vote against because this has been requested by the Board of Trustees where the role is to support creation not filtering. + +(Originally on Twitter: [Sun Aug 21 20:14:41 +0000 2011](https://twitter.com/adulau/status/105372271429955584)) +---- +likes when a software is faster when reading and processing the LZO1X-1 compressed files than reading uncompressed files. #memoryiscool + +(Originally on Twitter: [Tue Aug 23 15:04:05 +0000 2011](https://twitter.com/adulau/status/106018878445985792)) +---- +RT @wimremes: Someone tried to make me sign a liability form for a mandated driving course. THAT didn't work the way he expected. + +(Originally on Twitter: [Wed Aug 24 09:34:51 +0000 2011](https://twitter.com/adulau/status/106298415461318656)) +---- +http://code.google.com/p/r-u-dead-yet/ "R-U-Dead-Yet, or RUDY for short, implements the generic HTTP DoS attack via long form field submissions." + +(Originally on Twitter: [Wed Aug 24 11:41:16 +0000 2011](https://twitter.com/adulau/status/106330226010755072)) +---- +At such rate ( http://wordpress.org/extend/plugins/search.php?q=security+fix&sort=updated ) of security updates for WordPress plugins... it's easier to make exploit them than update them. + +(Originally on Twitter: [Thu Aug 25 08:30:37 +0000 2011](https://twitter.com/adulau/status/106644637124538370)) +---- +RT @jedisct1: A fully functional training environment for exploring Android mobile application security: https://code.google.com/p/owasp-goatdroid/ + +(Originally on Twitter: [Thu Aug 25 14:55:16 +0000 2011](https://twitter.com/adulau/status/106741438917779456)) +---- +RT @hack_lu: http://2011.hack.lu/index.php/CaptureTheFlag The first pre CTF challenge is available - it's time to win a free entrance ! #hacklu #fluxfingers #ctf + +(Originally on Twitter: [Thu Aug 25 21:14:06 +0000 2011](https://twitter.com/adulau/status/106836774734659584)) +---- +http://www.flickr.com/photos/adulau/6090333514/in/set-72157627539996284 Some pictures from Phasme(s) played in Florenville... #art #theatre #belgium + +(Originally on Twitter: [Sun Aug 28 20:32:23 +0000 2011](https://twitter.com/adulau/status/107913440961626112)) +---- +RT @DidierStevens: Paranoid behavior: getting back in touch with childhood friend, but first check if his hotmail pwd hasn't been leaked. + +(Originally on Twitter: [Mon Aug 29 02:15:12 +0000 2011](https://twitter.com/adulau/status/107999711734149121)) +---- +RT @jedisct1: Javascript cryptography considered harmful: http://www.matasano.com/articles/javascript-cryptography/ + +(Originally on Twitter: [Mon Aug 29 02:17:02 +0000 2011](https://twitter.com/adulau/status/108000173518626816)) +---- +RT @wimremes: By the end of today we're halfway done. I swear. #wim4board http://bit.ly/r3LnjT -- Only 1 speed : GO ! #wim4isc #wimming + +(Originally on Twitter: [Mon Aug 29 08:32:13 +0000 2011](https://twitter.com/adulau/status/108094592112533504)) +---- +RT @circl_lu: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3aWin32%2fMorto.A Morto a new worm spreading by compromising administrator accounts via Remote Desktop Protocol (RDP). # ... + +(Originally on Twitter: [Mon Aug 29 08:32:32 +0000 2011](https://twitter.com/adulau/status/108094672114688001)) +---- +http://2011.hack.lu/index.php/Agenda First version of the agenda for hack.lu 2011 set-up... more to come in the next days. #hacklu #conference #infosec + +(Originally on Twitter: [Mon Aug 29 15:02:12 +0000 2011](https://twitter.com/adulau/status/108192733360955393)) +---- +RT @tqbf: Right now, when an SSL cert doesn't validate, you get a dialog box. When DNS fails, 80-90% of software just sees NULL "struct ... + +(Originally on Twitter: [Tue Aug 30 05:03:59 +0000 2011](https://twitter.com/adulau/status/108404574158716928)) +---- +RT @cudeso: hey guys, I don't mind sending out defacement notices but please update your reg-details at your registrar. + +(Originally on Twitter: [Wed Aug 31 04:54:18 +0000 2011](https://twitter.com/adulau/status/108764526077427714)) +---- +http://jessekornblum.livejournal.com/275736.html "Symantec Agrees md5deep is False Positive" #md5deep #antivirus + +(Originally on Twitter: [Wed Aug 31 05:38:20 +0000 2011](https://twitter.com/adulau/status/108775609148256256)) +---- +In Firefox the "When an OCSP server connection fails, treat the certificate as invalid" is disabled by default. What about the others? #x509 + +(Originally on Twitter: [Wed Aug 31 15:42:49 +0000 2011](https://twitter.com/adulau/status/108927729143005184)) +---- +@tkeetch You see many "sec_error_ocsp_server_error" just because the OCSP server is overloaded. TCP handshake and then timeout... #fail + +(Originally on Twitter: [Wed Aug 31 20:14:28 +0000 2011](https://twitter.com/adulau/status/108996094574342144)) +---- +Many OCSP server implementations are just not designed to be on the Internet... just looking at the random garbage that you can get. #x509 + +(Originally on Twitter: [Wed Aug 31 20:19:18 +0000 2011](https://twitter.com/adulau/status/108997308544327680)) +---- +https://bugs.launchpad.net/ubuntu/+source/linux/+bug/798858 Don't trust input from external devices even USB devices. An interesting bug with the USB Webkey... #infosec #usb + +(Originally on Twitter: [Wed Aug 31 20:30:04 +0000 2011](https://twitter.com/adulau/status/109000019494977536)) +---- +http://www.kernel.org/ "Security breach on kernel.org" Trojan/rootkit discovered from error messages of Xnest /dev/mem. check your logs too. + +(Originally on Twitter: [Thu Sep 01 05:27:34 +0000 2011](https://twitter.com/adulau/status/109135286633639936)) +---- +RT @fluxfingers: #hacklu meeting whole friday, 10am ID/401. + +(Originally on Twitter: [Thu Sep 01 05:29:31 +0000 2011](https://twitter.com/adulau/status/109135775836282881)) +---- +A gentle reminder to the media, SSL =/= X.509 and the current security issues with some CA are on the X.509 part, not SSL itself. #infosec + +(Originally on Twitter: [Thu Sep 01 12:52:49 +0000 2011](https://twitter.com/adulau/status/109247334893891584)) +---- +http://isc.sans.edu/diary.html?storyid=11500 "DigiNotar breach - the story so far" +1 for the quality of the article and the timeline. #pki #infosec + +(Originally on Twitter: [Thu Sep 01 13:15:14 +0000 2011](https://twitter.com/adulau/status/109252976585084929)) +---- +http://dank.qemfd.net/dankwiki/index.php/RDRAND "A nondeterministic hardware process provides a 3Gbps entropy source as paired 256-bit values" really? I need to test + +(Originally on Twitter: [Thu Sep 01 21:51:48 +0000 2011](https://twitter.com/adulau/status/109382974654521344)) +---- +http://arxiv.org/abs/1109.0097 "Website Detection Using Remote Traffic Analysis" side-channel attack to discover browsed website... #infosec #privacy + +(Originally on Twitter: [Fri Sep 02 07:30:34 +0000 2011](https://twitter.com/adulau/status/109528625971335168)) +---- +RT @bortzmeyer: #IETF promotes DANE (keys in DNS) by letting the X.509 cert of + www.ietf.org expire :-) + +(Originally on Twitter: [Fri Sep 02 09:39:11 +0000 2011](https://twitter.com/adulau/status/109560995973832704)) +---- +@bortzmeyer and the OCSP server for the X.509 certificate for www.ietf.org is not responding "sec_error_ocsp_unauthorized_request" + +(Originally on Twitter: [Fri Sep 02 09:40:48 +0000 2011](https://twitter.com/adulau/status/109561402854879232)) +---- +RT @circl_lu: Don't forget to register for the hack.lu 2011 conference, we hope to see you there. http://2011.hack.lu/ #hacklu #infosec ... + +(Originally on Twitter: [Fri Sep 02 12:07:12 +0000 2011](https://twitter.com/adulau/status/109598243964452864)) +---- +"The Dutch government has since audited DigiNotar’s performance and rescinded this assessment." #pki https://blog.mozilla.com/security/2011/09/02/diginotar-removal-follow-up/ + +(Originally on Twitter: [Sat Sep 03 05:45:13 +0000 2011](https://twitter.com/adulau/status/109864501729431552)) +---- +Do you think they will audit/review the firmware in the Linux kernel? a nice place to hide some stuff... #infosec http://git.kernel.org/?p=linux/kernel/git/dwmw2/linux-firmware.git;a=shortlog;h=master + +(Originally on Twitter: [Sat Sep 03 06:00:33 +0000 2011](https://twitter.com/adulau/status/109868360686256128)) +---- +@aissn as said by @bortzmeyer with the recent compromise of kernel.org, the firmware directory is a nice place to trojan the kernel. + +(Originally on Twitter: [Sun Sep 04 06:27:46 +0000 2011](https://twitter.com/adulau/status/110237598441680897)) +---- +RT @mikkohypponen: What happened at Diginotar couldn't possibly happen at any other CA. Because others are perfectly secure. Diginotar w ... + +(Originally on Twitter: [Sun Sep 04 06:38:28 +0000 2011](https://twitter.com/adulau/status/110240292476682240)) +---- +http://blog.gerv.net/2011/09/diginotar-compromise/ "...details of 247 certificates, covering 23 CNs,..." the list of CNs is scary especially addons.mozilla.org #infosec + +(Originally on Twitter: [Sun Sep 04 06:44:03 +0000 2011](https://twitter.com/adulau/status/110241698386427904)) +---- +"Diginotar broken arrow as a tour-de-force of PKI fail" from Peter Gutmann nice summary of PKI design-to-fail http://permalink.gmane.org/gmane.comp.security.cryptography.randombit/1215 + +(Originally on Twitter: [Sun Sep 04 06:46:00 +0000 2011](https://twitter.com/adulau/status/110242189694615552)) +---- +@aissn @bortzmeyer indeed the local git merge will fail but as those are binary blobs it's more difficult to find the differences. #infose + +(Originally on Twitter: [Sun Sep 04 08:01:47 +0000 2011](https://twitter.com/adulau/status/110261261509459969)) +---- +RT @mikkohypponen: Diginotar hacker created a certificate for the website of another CA: startssl.com. If I were them, I'd check my syst ... + +(Originally on Twitter: [Sun Sep 04 16:21:17 +0000 2011](https://twitter.com/adulau/status/110386962170523648)) +---- +blogged "Information Security Is Not a Matter of Compliance" http://www.foo.be/cgi-bin/wiki.pl/2011-09-04_Information_Security_Is_Not_a_Matter_of_Compliance #infosec + +(Originally on Twitter: [Sun Sep 04 16:34:57 +0000 2011](https://twitter.com/adulau/status/110390403429171201)) +---- +RT @ioerror: The worst about these certs? The attackers got *.*.com and *.*.org from Koninklijke Notariele Beroepsorganisatie CA + +(Originally on Twitter: [Sun Sep 04 16:36:55 +0000 2011](https://twitter.com/adulau/status/110390897748885505)) +---- +RT @torproject: DigiNotar Damage Disclosure: https://blog.torproject.org/blog/diginotar-damage-disclosure + +(Originally on Twitter: [Sun Sep 04 19:14:39 +0000 2011](https://twitter.com/adulau/status/110430591991820289)) +---- +@OpenAtMicrosoft As you are now more open, could you point us to the standard document for the Visio binary format? Thank you #microsoft + +(Originally on Twitter: [Mon Sep 05 12:05:26 +0000 2011](https://twitter.com/adulau/status/110684963766145024)) +---- +RT @tricaud: "64KB ought to be enough for an event record size" #cee #loganalysis http://bit.ly/q8fW6j + +(Originally on Twitter: [Mon Sep 05 12:22:18 +0000 2011](https://twitter.com/adulau/status/110689207827185664)) +---- +RT @tricaud: Since 2008 I worked on stuff you have seen and other things you haven't. I will disclose it during #hacklu in a few days. + +(Originally on Twitter: [Mon Sep 05 13:59:40 +0000 2011](https://twitter.com/adulau/status/110713712796635136)) +---- +Does someone know who is operating the 10 Tor exit nodes named Amunet1-12 (registered as Formeless Networking LLC)? answers can be off #tor + +(Originally on Twitter: [Mon Sep 05 14:47:29 +0000 2011](https://twitter.com/adulau/status/110725744593870848)) +---- +@ioerror As Tor user, can we trust those exit nodes? I'm looking for a golden set of Tor exit nodes to check/compare SSL handshakes. + +(Originally on Twitter: [Tue Sep 06 05:13:51 +0000 2011](https://twitter.com/adulau/status/110943774401765376)) +---- +@ioerror Thank you. If you have a list of golden exit nodes somewhere, might be worth to get. #tor + +(Originally on Twitter: [Tue Sep 06 09:30:27 +0000 2011](https://twitter.com/adulau/status/111008347276324864)) +---- +RT @hack_lu: #hacklu: 23 talks, 6 Workshops and some surprises and of course socializing (party, booth and…). You definitely should sign ... + +(Originally on Twitter: [Tue Sep 06 14:23:04 +0000 2011](https://twitter.com/adulau/status/111081990299717632)) +---- +@edarchis http://arxiv.org/abs/1109.0507 In the paper, the topic is a bit different "to keep security patches secret before release"... + +(Originally on Twitter: [Tue Sep 06 14:34:03 +0000 2011](https://twitter.com/adulau/status/111084753758863361)) +---- +RT @kaspersky: Why Diginotar may turn out more important than #Stuxnet http://bit.ly/mS4sWN via @schouw @securelist + +(Originally on Twitter: [Tue Sep 06 15:22:05 +0000 2011](https://twitter.com/adulau/status/111096839108960256)) +---- +RT @circl_lu: http://www.globalsign.com/company/press/090611-security-response.html " As a responsible CA, we have decided to temporarily cease issuance of all Certificates until the inv ... + +(Originally on Twitter: [Wed Sep 07 07:37:19 +0000 2011](https://twitter.com/adulau/status/111342264281874432)) +---- +RT @rommelfs: more news from ComodoHacker: http://pastebin.com/85WV10EL and http://pastebin.com/jhz20PqJ including signed binary, issued by DigiNotar + +(Originally on Twitter: [Wed Sep 07 07:41:51 +0000 2011](https://twitter.com/adulau/status/111343406306959360)) +---- +@rommelfs as the binary sig looks fine, it's a window of opportunity for infecting systems before the CA is really removed from all system. + +(Originally on Twitter: [Wed Sep 07 07:43:06 +0000 2011](https://twitter.com/adulau/status/111343722649759744)) +---- +@FunkySteph Funky hello too ;-). would you (and maybe your colleagues) join us for #hacklu 2011? http://2011.hack.lu/ + +(Originally on Twitter: [Wed Sep 07 08:08:38 +0000 2011](https://twitter.com/adulau/status/111350148730327041)) +---- +@wimremes Right and to make it worst, how many systems are running outdated OpenSSL? BTW, http://openssl.org/news/secadv_20110906.txt new security updates 1.0.0e + +(Originally on Twitter: [Wed Sep 07 08:21:54 +0000 2011](https://twitter.com/adulau/status/111353484326076417)) +---- +@wimremes funny. Remind me of Isaac Asimov "Knowledge can create problems, it is not through ignorance that we can solve them" #infosec + +(Originally on Twitter: [Wed Sep 07 08:33:31 +0000 2011](https://twitter.com/adulau/status/111356407852449792)) +---- +"Hackerspaces: The Beginning (September 2011)" http://www.archive.org/details/hackerspaces-the-beginning #ebook #hackerspace + +(Originally on Twitter: [Wed Sep 07 11:34:09 +0000 2011](https://twitter.com/adulau/status/111401867476598784)) +---- +my ugly backup policy - https://plus.google.com/112095729959662313642/posts/QFN8qJ7tydB #backup #unix #rsync #jwz + +(Originally on Twitter: [Wed Sep 07 20:10:29 +0000 2011](https://twitter.com/adulau/status/111531808323141632)) +---- +RT @AbuseHelper: First draft (= working version) of the BGP ranking bot commited #bgpranking #abusehelper + +(Originally on Twitter: [Thu Sep 08 11:21:48 +0000 2011](https://twitter.com/adulau/status/111761148793192449)) +---- +RT @SnorreFagerland: I had a look at the BIOS-flash trojan Mebromi http://bit.ly/nUuLzZ + +(Originally on Twitter: [Thu Sep 08 11:39:37 +0000 2011](https://twitter.com/adulau/status/111765631539478528)) +---- +RT @circl_lu: http://www.cisco.com/warp/public/707/cisco-sa-20110907-nexus.shtml "Cisco Nexus 5000 and 3000 Series Switches Access Control List Bypass Vulnerability" when adding a ACL ... + +(Originally on Twitter: [Thu Sep 08 12:12:38 +0000 2011](https://twitter.com/adulau/status/111773940002725888)) +---- +RT @y0m: Software updates that fix vulnerabilities in Nexus Series available. Cisco patches replicants. + +(Originally on Twitter: [Thu Sep 08 12:28:37 +0000 2011](https://twitter.com/adulau/status/111777963061682176)) +---- +Michael S. Hart died - http://www.gutenberg.org/w/index.php?title=Michael_S._Hart #ebook #freedom #gutenberg + +(Originally on Twitter: [Thu Sep 08 13:25:08 +0000 2011](https://twitter.com/adulau/status/111792185548079105)) +---- +RT @eromang: 1 week until @hack_lu and @brucon ! Register or you will regret it + +(Originally on Twitter: [Thu Sep 08 18:35:47 +0000 2011](https://twitter.com/adulau/status/111870363939512320)) +---- +"Mallory MITM proxy for application and device testing" it seems to support non standard protocols on TCP or UDP https://bitbucket.org/IntrepidusGroup/mallory + +(Originally on Twitter: [Thu Sep 08 19:20:29 +0000 2011](https://twitter.com/adulau/status/111881611938758656)) +---- +RT @pyllyukko: i wonder how many times you need to be reminded to trust your instincts, until you finally learn to do it? + +(Originally on Twitter: [Fri Sep 09 15:02:41 +0000 2011](https://twitter.com/adulau/status/112179123593543680)) +---- +My 8 hours of train was close to an anthropology trip especially "the human couple who drink "beer" (carapils) at 7:00 AM in front of you". + +(Originally on Twitter: [Sat Sep 10 20:52:01 +0000 2011](https://twitter.com/adulau/status/112629423508963328)) +---- +http://www.nicta.com.au/pub?doc=5076 (PDF) "Insecurity in Public-Safety Communications: APCO Project 25" #infosec I like the "Message-Modification Attack" + +(Originally on Twitter: [Sun Sep 11 06:15:10 +0000 2011](https://twitter.com/adulau/status/112771145723420672)) +---- +@dewtone is a great radio. If you like innovative electronic music, you should listen. I hope they will keep the same approach in future. + +(Originally on Twitter: [Sun Sep 11 08:55:52 +0000 2011](https://twitter.com/adulau/status/112811583117328384)) +---- +se demande pourquoi les éditions Exils ne republie pas "L’éthique hacker" en français, le livre est épuisé depuis plusieurs années... + +(Originally on Twitter: [Sun Sep 11 10:01:46 +0000 2011](https://twitter.com/adulau/status/112828167944814592)) +---- +@winremes http://groups.google.com/group/fa.linux.kernel/msg/52f04d4ab1121c9b reminded me of Linus pointing back that biology is a matter of sheer luck... #biology #software #errors + +(Originally on Twitter: [Sun Sep 11 10:15:05 +0000 2011](https://twitter.com/adulau/status/112831521920004096)) +---- +@Ge0bidouille Pas vraiment... l'éditeur a les droits sur la traduction française et préfère ne pas faire de réédition pour l'instant. + +(Originally on Twitter: [Sun Sep 11 12:45:31 +0000 2011](https://twitter.com/adulau/status/112869377031929856)) +---- +RT @picviz: All #infosec folks gathering in Lyon, France this week are welcome to message us to have an office visit and a drink! + +(Originally on Twitter: [Sun Sep 11 21:08:26 +0000 2011](https://twitter.com/adulau/status/112995940410982400)) +---- +RT @y0m: HoneySink : open source network sinkhole for detection and prevention of malicious traffic. http://bit.ly/pm50lZ #malware #Honey ... + +(Originally on Twitter: [Mon Sep 12 09:23:28 +0000 2011](https://twitter.com/adulau/status/113180920005144576)) +---- +I think in the next hours and days... a lot of people will look in Google maps to locate Marcoule, Gard, France #radioactivity + +(Originally on Twitter: [Mon Sep 12 11:54:51 +0000 2011](https://twitter.com/adulau/status/113219017359114240)) +---- +RT @_saadk: @adulau and of course, #France has doom proof nuclear technology as Le Canard Enchaîné keeps demonstrating #irony #radioactivity + +(Originally on Twitter: [Mon Sep 12 13:10:22 +0000 2011](https://twitter.com/adulau/status/113238018919378944)) +---- +Reading tcpdump pflog files with tshark gives different results on 32-bit systems and 64-bit systems... bug filling in progress... #infosec + +(Originally on Twitter: [Tue Sep 13 16:20:36 +0000 2011](https://twitter.com/adulau/status/113648283783667712)) +---- +RT @runasand: ShmooCon and The Shmoo Group are soliciting papers and presentations for the eighth annual ShmooCon: http://www.shmoocon.org/cfp + +(Originally on Twitter: [Tue Sep 13 16:33:02 +0000 2011](https://twitter.com/adulau/status/113651412637986816)) +---- +RT @npua: RIP Jean-Claude Asselborn (+ 10.9.2011) http://computarium.lcd.lu/photos/people/Asselborn/obituary_JCl.html + +(Originally on Twitter: [Tue Sep 13 20:08:28 +0000 2011](https://twitter.com/adulau/status/113705625594249217)) +---- +RT @fluxfingers: 2nd pre-CTF challenge released! Have a good time solving it, the first to send a mail with the correct solution wins: h ... + +(Originally on Twitter: [Tue Sep 13 20:10:14 +0000 2011](https://twitter.com/adulau/status/113706071398420480)) +---- +Want to win another free entrance for hack.lu? Time to play the second contest from @fluxfingers @hack_lu #ctf #conference #challenge + +(Originally on Twitter: [Tue Sep 13 20:12:48 +0000 2011](https://twitter.com/adulau/status/113706718055235584)) +---- +RT @indi303: RT @wimremes: unofficially, I need 8 more votes :) #wim4board < PLEASE VOTE FOR WIM! + +(Originally on Twitter: [Tue Sep 13 21:01:03 +0000 2011](https://twitter.com/adulau/status/113718857331523584)) +---- +http://www.flickr.com/photos/adulau/6144674635/ What's above Uma? still wondering... #photography #streetart #paris + +(Originally on Twitter: [Tue Sep 13 21:35:21 +0000 2011](https://twitter.com/adulau/status/113727490693935104)) +---- +RT @fluxfingers: 2nd pre-CTF challenge solved by Eloi Vanderbéken. Since he already has a ticket for hack.lu the second to send the solu ... + +(Originally on Twitter: [Tue Sep 13 21:40:45 +0000 2011](https://twitter.com/adulau/status/113728851057709056)) +---- +RT @mikkohypponen: Hackers breach the site of μTorrent - the most common Bittorrent client - replacing the download binary with malware ... + +(Originally on Twitter: [Wed Sep 14 06:42:08 +0000 2011](https://twitter.com/adulau/status/113865095272071168)) +---- +http://2011.hack.lu/index.php/Agenda hack.lu lecture and workshop agenda updated #hacklu #conference #infosec + +(Originally on Twitter: [Wed Sep 14 15:26:19 +0000 2011](https://twitter.com/adulau/status/113997008108396544)) +---- +I'm getting old when someone told me while looking at my bookshelves "cool, you have books about iOS network security but for version 12.0?" + +(Originally on Twitter: [Wed Sep 14 20:21:33 +0000 2011](https://twitter.com/adulau/status/114071307326472192)) +---- +RT @tqbf: Reddit is _way_ better with crypto topics than HN: http://bit.ly/rbiHeC + +(Originally on Twitter: [Thu Sep 15 04:41:58 +0000 2011](https://twitter.com/adulau/status/114197239009779712)) +---- +RT @kernelpool: Kernel pool quota pointer attack no longer works on Windows 8. Process pointer is XOR'ed with a random cookie (nt!ExpPoo ... + +(Originally on Twitter: [Thu Sep 15 12:07:49 +0000 2011](https://twitter.com/adulau/status/114309442966794241)) +---- +is thinking of the community voting scheme for @bgpranking and might come with a prototype for the BGP ranking meeting at @hack_lu #hacklu + +(Originally on Twitter: [Thu Sep 15 22:13:43 +0000 2011](https://twitter.com/adulau/status/114461920978939904)) +---- +RT @thinksec: "OAuth and OpenID - Securing the Insecure" with @khashkiani next week @hack_lu http://is.gd/OPYdVL + +(Originally on Twitter: [Fri Sep 16 04:58:48 +0000 2011](https://twitter.com/adulau/status/114563866272346112)) +---- +RT @hack_lu: we know that you play the CTF for the pleasure and the fun but we listed some of the geeky prices for the winners. @fluxfin ... + +(Originally on Twitter: [Fri Sep 16 05:03:51 +0000 2011](https://twitter.com/adulau/status/114565133853917184)) +---- +http://2011.hack.lu/index.php/TryandVetTshirtContest "Try and Vet T-shirt Contest" during hack.lu 2011 #hacklu #infosec #conference + +(Originally on Twitter: [Fri Sep 16 11:50:39 +0000 2011](https://twitter.com/adulau/status/114667508090417152)) +---- +RT @fluxfingers: In the meantime some more hackers solved the 2nd pre-CTF challenge, but still the ticket is available.Get to your shell ... + +(Originally on Twitter: [Fri Sep 16 16:26:46 +0000 2011](https://twitter.com/adulau/status/114736996857032704)) +---- +hack.lu 2011 agenda updates, new talk added "Scaling up DoS: taking out your mobile phone, bank and internetz" #infosec #conference #hacklu + +(Originally on Twitter: [Fri Sep 16 16:51:34 +0000 2011](https://twitter.com/adulau/status/114743238874759169)) +---- +The new delicious owner (AVOS) updated the terms of services for delicious. http://www.goodiff.org/changeset/635/avos/avos.com/terms/index.html #goodiff #delicious #eula #tos + +(Originally on Twitter: [Sat Sep 17 06:14:35 +0000 2011](https://twitter.com/adulau/status/114945324325416960)) +---- +Would you be scared? "cd /etc/ssl/certs/; ls -1 | xargs openssl verify | grep -v OK" #x509 #infosec + +(Originally on Twitter: [Sat Sep 17 09:43:46 +0000 2011](https://twitter.com/adulau/status/114997965130694656)) +---- +https://plus.google.com/112095729959662313642/posts/daLXzWEJiwn made some notes why monitoring and comparing CRLs rate is important... and why crlwatch from @ioerror is a good start + +(Originally on Twitter: [Sat Sep 17 11:04:22 +0000 2011](https://twitter.com/adulau/status/115018249208475649)) +---- +@xme @ddurvaux it's always the same dudes working on those network install. My turn is tomorrow afternoon. #hacklu #brucon + +(Originally on Twitter: [Sat Sep 17 15:20:28 +0000 2011](https://twitter.com/adulau/status/115082698955038720)) +---- +RT @jedisct1: It's kinda scary that V8 uses signed integers all over the place instead of size_t for objects sizes. + +(Originally on Twitter: [Sat Sep 17 21:10:00 +0000 2011](https://twitter.com/adulau/status/115170663391707136)) +---- +On some low-interaction HTTP honeypots, I see an increase for "admin/sqlpatch.php" access... some new SQLi in Zen Cart? #infosec + +(Originally on Twitter: [Sun Sep 18 08:37:07 +0000 2011](https://twitter.com/adulau/status/115343579949432832)) +---- +RT @gal_diskin: Heading to @hack_lu I will be giving a #DBI workshop. Come listen if you're there + +(Originally on Twitter: [Sun Sep 18 09:18:47 +0000 2011](https://twitter.com/adulau/status/115354068968407040)) +---- +RT @hack_lu: We still love some old technologies @hack_lu like IRC. You can connect to irc.hack.lu and join the channel #hack.lu and #ctf + +(Originally on Twitter: [Sun Sep 18 09:42:48 +0000 2011](https://twitter.com/adulau/status/115360109818941440)) +---- +RT @hack_lu: We still love some old technologies @hack_lu like IRC. You can connect to irc.hack.lu and join the channel #hack.lu and #ctf + +(Originally on Twitter: [Sun Sep 18 09:42:49 +0000 2011](https://twitter.com/adulau/status/115360116894728192)) +---- +RT @jaysonstreet: Watch out Luxembourg even after a 'random check' at LUX customs I'm here with USA pepperoni, a vest of doom & a slide ... + +(Originally on Twitter: [Sun Sep 18 17:18:12 +0000 2011](https://twitter.com/adulau/status/115474718278164480)) +---- +#hacklu network activated IPv4 and IPv6. + +(Originally on Twitter: [Sun Sep 18 17:19:13 +0000 2011](https://twitter.com/adulau/status/115474971232440320)) +---- +RT @fluxfingers: RT @freddyb excited about #hacklu CTF. we will start tomorrow (September 19th, 11.00 CEST)! See http://2011.hack.lu/index.php/CaptureTheFlag an ... + +(Originally on Twitter: [Sun Sep 18 21:13:15 +0000 2011](https://twitter.com/adulau/status/115533869494697984)) +---- +RT @AcidRampage: @adulau I bet many will have iptables -P INPUT DROP, but not ip6tables -P INPUT DROP... link-local #ftw + +(Originally on Twitter: [Mon Sep 19 05:15:30 +0000 2011](https://twitter.com/adulau/status/115655230791753728)) +---- +I don't like when there is a SCADA and ICS talk at #hacklu and there are some electrical problems in Bruxelles... #infosec #coincidence + +(Originally on Twitter: [Mon Sep 19 14:39:29 +0000 2011](https://twitter.com/adulau/status/115797163992301569)) +---- +RT @malc0de: Possible SpyEye sqli, vulnerable script "frm_cards_edit.php", affected version ALL - python script to test http://bit.ly/ppnQ8M + +(Originally on Twitter: [Mon Sep 19 14:47:04 +0000 2011](https://twitter.com/adulau/status/115799068587991040)) +---- +RT @FredRaynal: Talk done at #hacklu. Was amazed that only 10 people in the room knew about "Critical Infrastructures". Hope we made it ... + +(Originally on Twitter: [Mon Sep 19 14:57:02 +0000 2011](https://twitter.com/adulau/status/115801578665029632)) +---- +RT @syn2cat: Even more pictures of our stand @hack_lu: http://yfrog.com/nznfkrhj + +(Originally on Twitter: [Mon Sep 19 14:57:15 +0000 2011](https://twitter.com/adulau/status/115801632209518592)) +---- +http://2011.hack.lu/index.php/TryandVetTshirtContest Try and Vet T-shirt Contest - if you have the correct answer, you'll get additional points for your CTF team. #hacklu + +(Originally on Twitter: [Mon Sep 19 15:00:51 +0000 2011](https://twitter.com/adulau/status/115802538858651649)) +---- +@FredRaynal Next time you DoS the power grid in the European capital, we should make it live in the IRC channel ;-) #hacklu + +(Originally on Twitter: [Mon Sep 19 15:03:13 +0000 2011](https://twitter.com/adulau/status/115803132872757251)) +---- +RT @fluxfingers: there are some new challenges online =) #ctf #hacklu + +(Originally on Twitter: [Mon Sep 19 22:10:42 +0000 2011](https://twitter.com/adulau/status/115910716434825216)) +---- +http://2011.hack.lu/index.php/LightningTalk Still some slots available on Tuesday and Wednesday for the lightning talks, don't be shy. #hacklu @hack_lu + +(Originally on Twitter: [Mon Sep 19 23:06:17 +0000 2011](https://twitter.com/adulau/status/115924704405094401)) +---- +RT @fluxfingers: #hacklu #CTF will finish Wednesday on 11am CEST (~27hrs from now) - Click here to see current local time in Luxembourg ... + +(Originally on Twitter: [Tue Sep 20 07:11:11 +0000 2011](https://twitter.com/adulau/status/116046731757633536)) +---- +RT @zobiotte: Sûreté informatique: hack.lu, les informaticiens partagent leur connaissances http://tinyurl.com/6b4t86r #luxembourg @hack_lu + +(Originally on Twitter: [Tue Sep 20 07:34:09 +0000 2011](https://twitter.com/adulau/status/116052510686449664)) +---- +RT @pmbureau: Just finished my keynote at #hack_lu, heading to the DBI workshop! + +(Originally on Twitter: [Tue Sep 20 07:47:34 +0000 2011](https://twitter.com/adulau/status/116055886413307904)) +---- +an example from @jaysonstreet "They secured the docking station in a bank but not the laptop." #infosec #security #hacklu + +(Originally on Twitter: [Tue Sep 20 07:49:52 +0000 2011](https://twitter.com/adulau/status/116056467991302144)) +---- +@jaysonstreet at #hacklu - don't forget my watch is a video camera... + +(Originally on Twitter: [Tue Sep 20 08:14:37 +0000 2011](https://twitter.com/adulau/status/116062695526117376)) +---- +@gnkshot it was @jaysonstreet during his presentation at #hacklu where he showed his "camera watch" used in physical pen-testing. #infosec + +(Originally on Twitter: [Tue Sep 20 09:38:09 +0000 2011](https://twitter.com/adulau/status/116083716186574849)) +---- +PGP key signing party during #barcamp at #hacklu - (today) Tuesday 15:00 (room 2 workshop) @hack_lu + +(Originally on Twitter: [Tue Sep 20 09:39:47 +0000 2011](https://twitter.com/adulau/status/116084129073872896)) +---- +RT @tricaud: just finished my slides for #hacklu ! Had a great workshop with @adulau this afternoon where people have seen the beast :) + +(Originally on Twitter: [Wed Sep 21 06:56:37 +0000 2011](https://twitter.com/adulau/status/116405452505497600)) +---- +RT @zed_0xff: #hacklu #ctf smashing buffers on SPARC under NetBSD was really hard for me... it took ~15 HOURS to solve. was my first buf ... + +(Originally on Twitter: [Wed Sep 21 06:57:09 +0000 2011](https://twitter.com/adulau/status/116405588497403904)) +---- +RT @xme: Saumil Shah presenting it's hacking world tour, funny! #hacklu + +(Originally on Twitter: [Wed Sep 21 07:19:22 +0000 2011](https://twitter.com/adulau/status/116411177717870592)) +---- +RT @hack_lu: To the #hacklu speakers: don't forget to send your presentation or a link to it -> info(AT)hack.lu thank you for your gr ... + +(Originally on Twitter: [Wed Sep 21 09:03:58 +0000 2011](https://twitter.com/adulau/status/116437501178150912)) +---- +RT @xme: "Protocols have good intentions, that's their implementation which is weak" #hacklu #OAuth #OpenID + +(Originally on Twitter: [Wed Sep 21 12:44:25 +0000 2011](https://twitter.com/adulau/status/116492980013117440)) +---- +RT @cudeso: I'm starting to worry if #GPG returns "Unusable public key" on my own keys + +(Originally on Twitter: [Wed Sep 21 12:44:59 +0000 2011](https://twitter.com/adulau/status/116493123974209536)) +---- +RT @xme: Lightning talks are really a must. So many interesting projects/ideas! #brucon #hacklu + +(Originally on Twitter: [Wed Sep 21 12:45:19 +0000 2011](https://twitter.com/adulau/status/116493208036442113)) +---- +RT @daveaitel: MI5 recruiting digital intelligence specialists, but £27k? http://dlvr.it/mQ47P + +(Originally on Twitter: [Wed Sep 21 12:45:29 +0000 2011](https://twitter.com/adulau/status/116493248360497152)) +---- +RT @xme: [/dev/random]: Hack.lu 2011 (Quick) Wrap Up http://blog.rootshell.be/2011/09/21/hack-lu-2011-quick-wrap-up/ + +(Originally on Twitter: [Wed Sep 21 20:14:25 +0000 2011](https://twitter.com/adulau/status/116606226212716544)) +---- +RT @stalkr_: #hacklu 2011 CTF top 15 graph http://stalkr.net/hack.lu/graph.htm + +(Originally on Twitter: [Wed Sep 21 20:16:13 +0000 2011](https://twitter.com/adulau/status/116606678136397824)) +---- +Strange my TODO list before #hacklu contained 78 items and now it's more than 92 items. The world is plenty of interesting hack... #infosec + +(Originally on Twitter: [Wed Sep 21 20:27:11 +0000 2011](https://twitter.com/adulau/status/116609437694832640)) +---- +@eromang It was great to meet you too. For the next year edition, you should propose a talk and also a lightning talk "breaking glasses!" + +(Originally on Twitter: [Wed Sep 21 20:36:48 +0000 2011](https://twitter.com/adulau/status/116611858735169536)) +---- +"TrackMeNot: Enhancing the privacy of Web Search" http://arxiv.org/abs/1109.4677 #privacy infosec #TMN + +(Originally on Twitter: [Fri Sep 23 09:11:41 +0000 2011](https://twitter.com/adulau/status/117164218196836352)) +---- +@efiliol The topic looks very interesting. Did you already talk to @ioerror about the countermeasure to implement? #tor + +(Originally on Twitter: [Fri Sep 23 09:29:51 +0000 2011](https://twitter.com/adulau/status/117168789690396672)) +---- +I smell a potential measurement issue today but not for information security... + +(Originally on Twitter: [Fri Sep 23 13:06:10 +0000 2011](https://twitter.com/adulau/status/117223229222944768)) +---- +@SteveClement You should have a look "Unicode Security Considerations" at http://unicode.org/reports/tr36/ you'll love unicode even more... #infosec + +(Originally on Twitter: [Fri Sep 23 15:03:54 +0000 2011](https://twitter.com/adulau/status/117252856620384257)) +---- +RT @moxie__: Hype's law: The amount one hypes a vulnerability before releasing details is inversely proportional to the actual severity ... + +(Originally on Twitter: [Fri Sep 23 15:52:10 +0000 2011](https://twitter.com/adulau/status/117265006734749698)) +---- +http://blog.ivanristic.com/2011/09/ssl-survey-protocol-support.html and yes TLS v1.1 is not used too much... another good reason to use GnuTLS instead of OpenSSL. #gnu #infosec + +(Originally on Twitter: [Fri Sep 23 17:13:13 +0000 2011](https://twitter.com/adulau/status/117285400527118337)) +---- +The return of the wolf in Belgium that's just like the panther in Arlon last year. Hunters spreading rumors to justify their game. #belgium + +(Originally on Twitter: [Sat Sep 24 05:52:18 +0000 2011](https://twitter.com/adulau/status/117476432170582016)) +---- +https://blog.torproject.org/blog/tor-and-beast-ssl-attack "Tor and the BEAST SSL attack" a good and exhaustive summary of the CBC bad IV issue in pre-1.1 TLS #infosec #crypto + +(Originally on Twitter: [Sat Sep 24 06:02:48 +0000 2011](https://twitter.com/adulau/status/117479073609039872)) +---- +For crypto implementation vulnerabilities, it's always the same pattern. At first the attack looks not practical... http://www.openssl.org/~bodo/tls-cbc.txt + +(Originally on Twitter: [Sat Sep 24 06:44:42 +0000 2011](https://twitter.com/adulau/status/117489619599233025)) +---- +RT @i0n1c: @jduck1337 Anyway a crypto-attack sounds cooler :P + +(Originally on Twitter: [Sat Sep 24 07:19:56 +0000 2011](https://twitter.com/adulau/status/117498486097850368)) +---- +RT @Ivanlef0u: Hack.lu CTF 2011 Write-up : FluxScience http://bit.ly/nxqZgb + +(Originally on Twitter: [Mon Sep 26 12:38:36 +0000 2011](https://twitter.com/adulau/status/118303454757257216)) +---- +https://github.com/inquisb/icmpsh "icmpsh is a simple reverse ICMP shell with a win32 slave and a POSIX compatible master in C, Perl or Python" #infosec + +(Originally on Twitter: [Tue Sep 27 05:20:01 +0000 2011](https://twitter.com/adulau/status/118555469458575360)) +---- +@AVOS_com @Delicious It seems that the password reset link is currently broken... thank you. + +(Originally on Twitter: [Tue Sep 27 19:01:25 +0000 2011](https://twitter.com/adulau/status/118762184498102273)) +---- +@AVOS_com Thank you for the fix. When do you plan to bring back the network/social aspect of delicious? ./network/<username> + +(Originally on Twitter: [Wed Sep 28 15:55:15 +0000 2011](https://twitter.com/adulau/status/119077720784257024)) +---- +got some answers from some vulnerability disclosure and I just saw again a proof of the existence of the Putt's Law. #infosec + +(Originally on Twitter: [Wed Sep 28 20:44:14 +0000 2011](https://twitter.com/adulau/status/119150446056194048)) +---- +http://www.ecrypt.eu.org/documents/D.SPA.13.pdf (PDF) "ECRYPT II Yearly Report on Algorithms and Keysizes" Key size is important but check your PRNG too. + +(Originally on Twitter: [Thu Sep 29 05:04:57 +0000 2011](https://twitter.com/adulau/status/119276454331682817)) +---- +RT @joshu: i am gonna start a CS journal where to get published you have to include your code. because i don't believe this shit works h ... + +(Originally on Twitter: [Thu Sep 29 05:48:46 +0000 2011](https://twitter.com/adulau/status/119287482637500416)) +---- +Don't forget that the new version of Bitcoin 0.4.0 is finally supporting encrypted wallet. http://bitcoin.org/ #bitcoin #infosec + +(Originally on Twitter: [Thu Sep 29 05:53:45 +0000 2011](https://twitter.com/adulau/status/119288734523998208)) +---- +@AcidRampage something like "your wallet need to be unlocked to accept this bitcoin transfer" #bitcoinphishingmightbecool + +(Originally on Twitter: [Thu Sep 29 09:12:17 +0000 2011](https://twitter.com/adulau/status/119338696976769025)) +---- +RT @circl_lu: http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod "Perl - decode_xs n-byte heap-overflow and memory error with GLOB_ALTDIRFUNC" -> patched in Perl 5 ... + +(Originally on Twitter: [Thu Sep 29 09:22:35 +0000 2011](https://twitter.com/adulau/status/119341290054889472)) +---- +@andibaritchi @verizonbusiness in your PCI doc on footnote 5 "...no known atypical characteristics..." could you give an example? thank you. + +(Originally on Twitter: [Thu Sep 29 10:02:37 +0000 2011](https://twitter.com/adulau/status/119351366350143489)) +---- +Note to my past delicious network, as @delicious killed the network feature, I officially moved to @pinboard https://pinboard.in/u:adulau/ + +(Originally on Twitter: [Thu Sep 29 18:50:57 +0000 2011](https://twitter.com/adulau/status/119484325522706432)) +---- +RT @FredRaynal: Some people are laughing at rootkit in SMS (#sarcasm)… but it comes with QR code: http://goo.gl/NEdZQ + +(Originally on Twitter: [Fri Sep 30 16:37:59 +0000 2011](https://twitter.com/adulau/status/119813251683991552)) +---- +I don't why but it's always for me that people ask me "I lost my keys, could you help me?" do I have something written on my front? + +(Originally on Twitter: [Fri Sep 30 16:45:34 +0000 2011](https://twitter.com/adulau/status/119815156539727872)) +---- +@xme Very nice network analysis. I'm surprised that so many people use direct access to facebook or google while being in an infosec conf. + +(Originally on Twitter: [Fri Sep 30 16:47:00 +0000 2011](https://twitter.com/adulau/status/119815520534003712)) +---- +RT @jepoirrier: @adulau I also switched to @pinboard: http://pinboard.in/u:jepoirrier @delicious killed the mostly text-only "popular" page like ht ... + +(Originally on Twitter: [Sun Oct 02 06:47:08 +0000 2011](https://twitter.com/adulau/status/120389332988211200)) +---- +just published the solution to the cryptographic t-shirt challenge during hack.lu 2011 #ctf #hacklu http://www.foo.be/cgi-bin/wiki.pl/2011-10-02_Try_and_Vet_Tshirt_Crypto_Challenge_Hack.lu2011_The_Solution + +(Originally on Twitter: [Sun Oct 02 11:52:06 +0000 2011](https://twitter.com/adulau/status/120466079377141760)) +---- +http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt-others-exposes-phone-numbers-gps-sms-emails-addresses-much-more/ By using only the Internet permission, any app gets access to many system logs or state. #infosec #android + +(Originally on Twitter: [Sun Oct 02 12:54:01 +0000 2011](https://twitter.com/adulau/status/120481661229084673)) +---- +http://arxiv.org/PS_cache/arxiv/pdf/1109/1109.5542v1.pdf (PDF) "Gaming security by obscurity" ... actively learning attacker’s methods from their tentatives... viable? #infosec + +(Originally on Twitter: [Sun Oct 02 16:56:48 +0000 2011](https://twitter.com/adulau/status/120542760678850560)) +---- +RT @henet: The most recent DDoS attack seems to be contained; senior network admins are on standy to resolve any remaining issues (via n ... + +(Originally on Twitter: [Tue Oct 04 07:54:12 +0000 2011](https://twitter.com/adulau/status/121130987869581313)) +---- +@jberggren If you need some good "skeleton" CollabREate is a good start and idapython is very handy - let me know http://www.idabook.com/collabreate/ + +(Originally on Twitter: [Wed Oct 05 12:43:19 +0000 2011](https://twitter.com/adulau/status/121566131755560961)) +---- +RT @pello: Like @adulau, it seems @delicious killed my account. Moving to @pinboard: http://pinboard.in/u:pello/ + +(Originally on Twitter: [Wed Oct 05 20:15:15 +0000 2011](https://twitter.com/adulau/status/121679867648548864)) +---- +RT @textfiles: Mark Pilgrim is alive/annoyed we called the police. Please stand down and give the man privacy and space, and thanks ever ... + +(Originally on Twitter: [Wed Oct 05 20:31:31 +0000 2011](https://twitter.com/adulau/status/121683959208886272)) +---- +Today, I looked at my old NeXT station in a different way. A master piece of engineering that triggered everyone to innovate. + +(Originally on Twitter: [Thu Oct 06 05:06:17 +0000 2011](https://twitter.com/adulau/status/121813505983787008)) +---- +RT @vinch01: The Pirate Bay took a special .be domain name to avoid censorship from Telenet and Belgacom! http://depiraatbaai.be :-) + +(Originally on Twitter: [Thu Oct 06 11:50:46 +0000 2011](https://twitter.com/adulau/status/121915296582864896)) +---- +http://www.cymru.com/jtk/blog/2011/03/04/#juno "Have you ever wondered what all the unsolicited TCP SYN/ACK or RST packets to destination ports 1024 and 3072 are?" + +(Originally on Twitter: [Thu Oct 06 16:53:10 +0000 2011](https://twitter.com/adulau/status/121991397095112704)) +---- +RT @xme: Tx to @k4l4m4r1s for the small gift ;-) http://t.co/EZnQh4kQ + +(Originally on Twitter: [Thu Oct 06 20:59:12 +0000 2011](https://twitter.com/adulau/status/122053313041661954)) +---- +If you are a Hetzner hosting customer, change your password... and check your systems. http://hetzner-status.de/ #infosec + +(Originally on Twitter: [Thu Oct 06 21:24:15 +0000 2011](https://twitter.com/adulau/status/122059617164468224)) +---- +RT @OWASPLux: Block your agenda for #owaspbnl11, December 1-2, 2011 in Luxembourg, www.owaspbenelux.eu + +(Originally on Twitter: [Fri Oct 07 13:32:55 +0000 2011](https://twitter.com/adulau/status/122303390821785600)) +---- +@Chaos_Be La légalisation via la taxation n'est pas la pire solution. Tu proposes quoi sinon? le lance flamme dans les rues le soir? + +(Originally on Twitter: [Fri Oct 07 14:23:14 +0000 2011](https://twitter.com/adulau/status/122316056059584513)) +---- +I remembered discussion about "air gap" being much better than firewalls and properly configured software http://www.wired.com/dangerroom/2011/10/virus-hits-drone-fleet/ I'm laughing + +(Originally on Twitter: [Fri Oct 07 19:25:29 +0000 2011](https://twitter.com/adulau/status/122392116604317697)) +---- +maidsafe-dht - Kademlia DHT with NAT traversal and crypto http://code.google.com/p/maidsafe-dht/ looks quite nice even if it's c++... #p2p #dht + +(Originally on Twitter: [Fri Oct 07 20:44:17 +0000 2011](https://twitter.com/adulau/status/122411947525275648)) +---- +RT @Viss: “@michaelossmann: The ToorCon 13 badge is released. http://greatscottgadgets.com/tc13badge/ #tc13badge” + +(Originally on Twitter: [Sat Oct 08 06:20:40 +0000 2011](https://twitter.com/adulau/status/122556998431674368)) +---- +http://www.moodys.com/research/Moodys-places-Belgiums-Aa1-ratings-on-review-for-possible-downgrade--PR_227904 Moody's is abusing countries like #belgium to support the broken bank system. Rating agency showed their real supporter + +(Originally on Twitter: [Sat Oct 08 06:27:03 +0000 2011](https://twitter.com/adulau/status/122558605349224448)) +---- +@LuxNoSQL To monitor Redis, there is also the excellent Munin plugin http://exchange.munin-monitoring.org/plugins/redis/details - easy to customize to your needs. + +(Originally on Twitter: [Sat Oct 08 14:59:00 +0000 2011](https://twitter.com/adulau/status/122687443660050433)) +---- +RT @chl: the one thing more annoying than the @delicious relaunch may be the darn ben & jerry's ads displayed when searching for "@delic ... + +(Originally on Twitter: [Sat Oct 08 14:59:58 +0000 2011](https://twitter.com/adulau/status/122687687441391616)) +---- +"public key <DEADBEEF> is 27888 seconds newer than the signature" I like those warning messages. Everything is a clock issue. #pgp + +(Originally on Twitter: [Sat Oct 08 15:21:04 +0000 2011](https://twitter.com/adulau/status/122692994242592768)) +---- +@oxabad1dea right and next protip would be: don't run IDA on an already infected system. If they have drones infected, what about the rest? + +(Originally on Twitter: [Sat Oct 08 15:23:19 +0000 2011](https://twitter.com/adulau/status/122693564340776961)) +---- +@BookCourt usually I hate: lack of book shelf in a house, traffic jam, endless meeting... + +(Originally on Twitter: [Sat Oct 08 16:18:08 +0000 2011](https://twitter.com/adulau/status/122707356399304705)) +---- +RT @Rogunix: An Efficient VM–Based Software Protection http://www.cs.tau.ac.il/~kiperber/truly.pdf + +(Originally on Twitter: [Sun Oct 09 08:39:30 +0000 2011](https://twitter.com/adulau/status/122954324862177280)) +---- +RT @MartineAubry: Sur #Hadopi, la position de Martine Aubry est claire: elle s'engage à abroger la loi http://www.martineaubry.fr/mes-convictions/internet #aubry2012 + +(Originally on Twitter: [Sun Oct 09 10:52:26 +0000 2011](https://twitter.com/adulau/status/122987781927616512)) +---- +After the excellent JSLinux from Fabrice Bellard, JSModem adds Serial/PPP connectivity to JSLinux... https://github.com/ewiger/jsmodem + +(Originally on Twitter: [Sun Oct 09 11:37:05 +0000 2011](https://twitter.com/adulau/status/122999015267778560)) +---- +RT @ochsff: The #CCC analysis of the TKUE Trojan is awful. Too bad media just copied that stuff as is. + +(Originally on Twitter: [Sun Oct 09 15:35:58 +0000 2011](https://twitter.com/adulau/status/123059132336050177)) +---- +RT @alexander_band: Debate on giving #IPv4 and #IPv6 holders #geolocation control in RIPE Database: http://bit.ly/p0SeKK Will be interes ... + +(Originally on Twitter: [Mon Oct 10 08:37:20 +0000 2011](https://twitter.com/adulau/status/123316170454609920)) +---- +I like when AV vendors claim that they don't whitelist malware... Yes, right. Skype is not a malware... just uses some malware techniques. + +(Originally on Twitter: [Mon Oct 10 16:14:04 +0000 2011](https://twitter.com/adulau/status/123431110167371776)) +---- +http://code.google.com/p/weevely/ "Weevely create and manage PHP trojan designed to be hardly detectable" #infosec #malware + +(Originally on Twitter: [Mon Oct 10 16:49:15 +0000 2011](https://twitter.com/adulau/status/123439962178850817)) +---- +It's the first time I see a real use of public tender information - http://ted.europa.eu/udl?uri=TED:NOTICE:26158-2009:TEXT:DE:HTML #0zapftis #malware + +(Originally on Twitter: [Tue Oct 11 06:06:53 +0000 2011](https://twitter.com/adulau/status/123640693972410368)) +---- +@mikko "http://ted.europa.eu/udl?uri=TED:NOTICE:26158-2009:TEXT:DE:HTML" to update your blog post about the official public tender + +(Originally on Twitter: [Tue Oct 11 13:55:08 +0000 2011](https://twitter.com/adulau/status/123758535837368320)) +---- +RT @corelanc0d3r: RT @fancy__04: MonaSploit - awesome: https://community.rapid7.com/community/metasploit/blog/2011/10/11/monasploit + +(Originally on Twitter: [Tue Oct 11 14:05:25 +0000 2011](https://twitter.com/adulau/status/123761122896642048)) +---- +RT @tqbf: HN is now using bcrypt to store password hashes. + +(Originally on Twitter: [Tue Oct 11 21:13:51 +0000 2011](https://twitter.com/adulau/status/123868940848988160)) +---- +RT @eromang: New blog post: Weevely Stealth Tiny PHP Backdoor Analysis http://bit.ly/qtMtuL #zataz #infosec #malware + +(Originally on Twitter: [Tue Oct 11 21:23:05 +0000 2011](https://twitter.com/adulau/status/123871263960739841)) +---- +A compromised system -> ugly inotify script on /tmp to "git commit" everything around -> capture great and ugly malware samples #infosec + +(Originally on Twitter: [Tue Oct 11 21:29:45 +0000 2011](https://twitter.com/adulau/status/123872942118539264)) +---- +RT @esizkur: Wait, what? The iPhone4S baseband has Glonass support? I totally missed that announcement. + +(Originally on Twitter: [Wed Oct 12 20:42:37 +0000 2011](https://twitter.com/adulau/status/124223466474979329)) +---- +http://exploitshop.wordpress.com/2011/10/12/ms11-077-vulnerabilities-in-windows-kernel-mode-drivers-could-allow-remote-code-execution-2567053/ "MS11-077: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)" #infosec + +(Originally on Twitter: [Thu Oct 13 08:27:12 +0000 2011](https://twitter.com/adulau/status/124400781095997440)) +---- +Update your bogon/martian network access-list on your routers, 128.0.0.0/16 is now allocated from RIPE to ISP - https://apps.db.ripe.net/whois/lookup/ripe/inetnum/128.0.0.0-128.0.7.255.html + +(Originally on Twitter: [Thu Oct 13 09:06:44 +0000 2011](https://twitter.com/adulau/status/124410732216455168)) +---- +If you are a #quora user, you might want to have a look at the latest changes in their privacy policy http://www.goodiff.org/changeset/637/quora/www.quora.com/about/privacy #goodiff + +(Originally on Twitter: [Thu Oct 13 09:49:36 +0000 2011](https://twitter.com/adulau/status/124421520507412481)) +---- +RT @jedisct1: Google killing Google Code Search really sucks. + +(Originally on Twitter: [Fri Oct 14 19:53:52 +0000 2011](https://twitter.com/adulau/status/124935974051524608)) +---- +http://www.evilmadscientist.com/article.php/visdiff visual diff for PCB layouts... interesting post regarding the visualization of differences in hardware. #gEDA + +(Originally on Twitter: [Fri Oct 14 19:56:58 +0000 2011](https://twitter.com/adulau/status/124936757933379587)) +---- +http://www.icofcs.org/2011/papers-published-016.html "Blind Automatic Malicious Activity Detection in Honeypot Data" Based on correlation between network flows. + +(Originally on Twitter: [Sat Oct 15 06:55:50 +0000 2011](https://twitter.com/adulau/status/125102563732357120)) +---- +some notes regarding my move from @Delicious to @pinboard - https://plus.google.com/112095729959662313642/posts/5iPqiLoMb38 #machinetag #tags #folksonomy #bookmarks + +(Originally on Twitter: [Sun Oct 16 09:17:43 +0000 2011](https://twitter.com/adulau/status/125500659133980672)) +---- +@eromang Yep. It's a proprietary web scanner from http://www.mavitunasecurity.com/ #infosec + +(Originally on Twitter: [Sun Oct 16 09:19:09 +0000 2011](https://twitter.com/adulau/status/125501020217425920)) +---- +@eromang A guess... there is a dump of a scanner result for zataz somewhere. The bot crawls the urls but removed from the indexer (dup) + +(Originally on Twitter: [Sun Oct 16 16:29:31 +0000 2011](https://twitter.com/adulau/status/125609324184743938)) +---- +RT @xme: I scheduled online my electricity meter index review. Then, made my ID +1, got the 1 of my neighbor's and was able to schedule! ... + +(Originally on Twitter: [Sun Oct 16 19:35:56 +0000 2011](https://twitter.com/adulau/status/125656236724195328)) +---- +Looking for a good reference of the NTLM authentication protocol? here is a good/independent reference http://davenport.sourceforge.net/ntlm.html #infosec #ntlm + +(Originally on Twitter: [Mon Oct 17 20:15:33 +0000 2011](https://twitter.com/adulau/status/126028597294149632)) +---- +@SteveClement For me, a first flush OP assam or darjeeling will be fine ;-) + +(Originally on Twitter: [Tue Oct 18 07:16:18 +0000 2011](https://twitter.com/adulau/status/126194878282612736)) +---- +http://www.aisee.com/graph_of_the_month/http.htm "An activity diagram to describe the resolution of HTTP response status codes" very nifty. #debugging #http + +(Originally on Twitter: [Tue Oct 18 13:31:46 +0000 2011](https://twitter.com/adulau/status/126289367705722880)) +---- +@antirez Could we imagine to have a redis with a low memory overhead for small binary-expressed (e.g. IPv4 addresses) keys? #redisiscool + +(Originally on Twitter: [Tue Oct 18 21:49:26 +0000 2011](https://twitter.com/adulau/status/126414612303319040)) +---- +@antirez thank you very much for the feedback. I'll post some code in the ML for sharing the approaches tested. #redisiscool + +(Originally on Twitter: [Tue Oct 18 21:57:06 +0000 2011](https://twitter.com/adulau/status/126416539908972545)) +---- +@antirez I think our mistake was to test only with sets and not the hashes. It would be great to add in the doc the efficiency per type. thx + +(Originally on Twitter: [Tue Oct 18 21:59:41 +0000 2011](https://twitter.com/adulau/status/126417189656985600)) +---- +A small reminder when doing reversing, "you might discover the "how" it's working but not really the "why" it's done like that". #duqu + +(Originally on Twitter: [Wed Oct 19 12:19:08 +0000 2011](https://twitter.com/adulau/status/126633476173733888)) +---- +Sometime the career site of large corporation becomes their incident disclosure interface when "senior forensic analyst" ads popping up... + +(Originally on Twitter: [Thu Oct 20 05:24:35 +0000 2011](https://twitter.com/adulau/status/126891538834923520)) +---- +@FredRaynal a good search is "senior forensic analyst" or "senior forensic investigator" in Google ;-) + +(Originally on Twitter: [Thu Oct 20 08:08:46 +0000 2011](https://twitter.com/adulau/status/126932859113054208)) +---- +http://www.ccssforum.org/malware-certificates.php "Digital Certificates Used by Malware" it will be more and more useful... #infosec + +(Originally on Twitter: [Thu Oct 20 16:46:08 +0000 2011](https://twitter.com/adulau/status/127063060409106432)) +---- +https://github.com/linux-wizard/timegrep "Perform a binary search through a log file to find a range of times and print the corresponding lines" #python + +(Originally on Twitter: [Thu Oct 20 21:36:19 +0000 2011](https://twitter.com/adulau/status/127136084126744577)) +---- +ISO ratifies ISO/IEC 27035:2011 used the term of ISIRT instead of CSIRT. Is there a good reason beside adding more confusion? #infosec + +(Originally on Twitter: [Fri Oct 21 05:34:17 +0000 2011](https://twitter.com/adulau/status/127256370469797888)) +---- +@bortzmeyer Indeed. But sometimes, ISO standards are (mis)used in some reference technical document. The worst part -> ISO docs are not free + +(Originally on Twitter: [Fri Oct 21 07:22:05 +0000 2011](https://twitter.com/adulau/status/127283499458760704)) +---- +RT @circl_lu: http://pastebin.com/U7fPMxet quick analysis of the JBoss server worm #infosec + +(Originally on Twitter: [Fri Oct 21 07:52:45 +0000 2011](https://twitter.com/adulau/status/127291214025338880)) +---- +is wondering with UEFI secure boot until when a pre-Boot malware is discovered with a signed and valid and trusted certificate... #infosec + +(Originally on Twitter: [Sat Oct 22 16:07:52 +0000 2011](https://twitter.com/adulau/status/127778201954025472)) +---- +@SteveClement It looks like that you are looking for a multi-functional printer with additional services ;-) + +(Originally on Twitter: [Sun Oct 23 14:27:31 +0000 2011](https://twitter.com/adulau/status/128115336628281345)) +---- +@SteveClement the fancyvrb class is quite nifty for verbatim content or code sample. + +(Originally on Twitter: [Sun Oct 23 14:39:30 +0000 2011](https://twitter.com/adulau/status/128118352920055808)) +---- +@xme http://bgpranking.circl.lu/ is also very handy for correlation rules. If you need a specific format, let me know. #bgpranking + +(Originally on Twitter: [Sun Oct 23 14:41:14 +0000 2011](https://twitter.com/adulau/status/128118789228347392)) +---- +@xme you can also query it via whois "whois -h http://pdns.circl.lu 3" (3 is the ASN) if you want to script it for your #siem. + +(Originally on Twitter: [Sun Oct 23 14:42:54 +0000 2011](https://twitter.com/adulau/status/128119210126753794)) +---- +What's going on with @CogentCo peering with IP-Plus (Swisscom) in London? I cannot reach Cogent ASNs from @belgacom skynet? #peering + +(Originally on Twitter: [Mon Oct 24 19:59:35 +0000 2011](https://twitter.com/adulau/status/128561292033273857)) +---- +RT @torproject: For the growing storm about tor compromise. See this thread, http://ur1.ca/5hkwu + +(Originally on Twitter: [Tue Oct 25 05:44:19 +0000 2011](https://twitter.com/adulau/status/128708444504076288)) +---- +@julienvds the issue started yesterday PM for us. @belgacom users cannot reach any @cogentco net blocks (it stops in London). + +(Originally on Twitter: [Tue Oct 25 08:28:54 +0000 2011](https://twitter.com/adulau/status/128749865923657728)) +---- +RT @circl_lu: http://www.auscert.org.au/render.html?it=15005 PAM multiple vulnerabilities this is affecting the majority of operating system integrating PAM #infosec + +(Originally on Twitter: [Tue Oct 25 10:07:24 +0000 2011](https://twitter.com/adulau/status/128774652133769216)) +---- +@briankrebs Could you share the IP addresses from the ASN lookup you showed on your last blog post? #infosec + +(Originally on Twitter: [Wed Oct 26 14:29:12 +0000 2011](https://twitter.com/adulau/status/129202923912695809)) +---- +@Rick_Deckard Are you still alive? or did you discover that you are a replicant at the end... you find it to boring to tweet on a machine. + +(Originally on Twitter: [Wed Oct 26 15:51:59 +0000 2011](https://twitter.com/adulau/status/129223759528861696)) +---- +A gentle reminder for the attackers building rootkits for Linux system, don't forget to add "ss" in your trojaned command... + +(Originally on Twitter: [Wed Oct 26 16:46:05 +0000 2011](https://twitter.com/adulau/status/129237371995684864)) +---- +Sometime looking for bats or looking for side channel attacks can use the same technique... https://plus.google.com/u/0/112095729959662313642/posts/Jq92g2rx5Ua #crypto #ultrasonic + +(Originally on Twitter: [Wed Oct 26 20:31:13 +0000 2011](https://twitter.com/adulau/status/129294028415057920)) +---- +@AcidRampage ;-) We were playing with an ultrasonic microphone some months ago for finding bats and now I saw a use for crypto attacks... + +(Originally on Twitter: [Wed Oct 26 20:40:49 +0000 2011](https://twitter.com/adulau/status/129296444757774338)) +---- +RT @patrickpeiffer: tonight, 18h30, bruno racine, president french national library, speaking on "défis numériques" @ philharmonie.lu, h ... + +(Originally on Twitter: [Thu Oct 27 09:23:46 +0000 2011](https://twitter.com/adulau/status/129488446560550912)) +---- +@wimremes For Windows events, it's also random gibberish just like Syslog but with the additional feature of a brain damaged binary storage. + +(Originally on Twitter: [Thu Oct 27 14:18:57 +0000 2011](https://twitter.com/adulau/status/129562733564801025)) +---- +@wimremes yep, it's still a brain damaged binary storage ;-) I should release my ugly Python scripts for handling those broken EVT files. + +(Originally on Twitter: [Thu Oct 27 14:43:41 +0000 2011](https://twitter.com/adulau/status/129568959967150083)) +---- +https://github.com/moxie0/Convergence/wiki/TACK A clever key pinning scheme to advertise additional requirements to validate subsequent SSL connections #x509 #infosec + +(Originally on Twitter: [Thu Oct 27 22:05:39 +0000 2011](https://twitter.com/adulau/status/129680182532521984)) +---- +RT @tricaud: Boucle infinie de mon expert comptable : être facturé pour le traitement des factures :) #infiniteloop #accountancy + +(Originally on Twitter: [Fri Oct 28 13:06:10 +0000 2011](https://twitter.com/adulau/status/129906803386482688)) +---- +RT @circl_lu: https://blog.torproject.org/blog/tor-02234-released-security-patches "Tor 0.2.2.34 fixes a critical anonymity vulnerability where an attacker can deanonymize Tor users." ... + +(Originally on Twitter: [Fri Oct 28 15:11:52 +0000 2011](https://twitter.com/adulau/status/129938436332335104)) +---- +http://www.goodiff.org/changeset/639/apple/www.apple.com/legal/itunes/us/terms.html Changes in iTunes EULA especially regarding the use of "unlawfully acquired" content used in iTunes Match #copyright + +(Originally on Twitter: [Sat Oct 29 08:46:59 +0000 2011](https://twitter.com/adulau/status/130203967710953472)) +---- +I fill with typographical errors in my first name to distinguish companies selling your personal data. Today is the BE bookstore "Agora" + +(Originally on Twitter: [Mon Oct 31 17:16:17 +0000 2011](https://twitter.com/adulau/status/131056910651764736)) +---- +RT @internetplumber: "The current address allocation system is a hierarchy" is not a reason to make routing system trust a hierarchy. #R ... + +(Originally on Twitter: [Mon Oct 31 17:20:36 +0000 2011](https://twitter.com/adulau/status/131057997840515073)) +---- +@superlol it's quite logical if you see this as a zero-sum game (the stock market). The indexes increased due to the gamers' risk lowered. + +(Originally on Twitter: [Tue Nov 01 12:56:39 +0000 2011](https://twitter.com/adulau/status/131353959574147072)) +---- +@superlol the media misunderstood as "it's great" because the index increased. But that was just "play with other countries then win". + +(Originally on Twitter: [Tue Nov 01 13:00:16 +0000 2011](https://twitter.com/adulau/status/131354869582934016)) +---- +@inaturalist It seems that the handy flickr tagger is broken http://www.inaturalist.org/taxa/flickr_tagger (giving a HTTP 500 until now). + +(Originally on Twitter: [Tue Nov 01 13:40:20 +0000 2011](https://twitter.com/adulau/status/131364954447151104)) +---- +RT @ProjectHoneynet: Forensic Challenge 10 - "Attack Visualization": I am pleased to announce the next forensic challenge: Forensic C... ... + +(Originally on Twitter: [Tue Nov 01 14:53:51 +0000 2011](https://twitter.com/adulau/status/131383456310640640)) +---- +I like those HTTP redirects especially when it's from an SSL site via a non-SSL side to another SSL site with the same cookies... #infosec + +(Originally on Twitter: [Tue Nov 01 21:09:35 +0000 2011](https://twitter.com/adulau/status/131478010577686528)) +---- +RT @circl_lu: http://support.citrix.com/article/CTX131198 "Vulnerability in Citrix XenDesktop 4.0 could result in Client Drive Mapping policy bypass" #infosec ... + +(Originally on Twitter: [Thu Nov 03 10:58:33 +0000 2011](https://twitter.com/adulau/status/132049015180230656)) +---- +@bortzmeyer What are the differences between Knot http://labs.nic.cz/page/767/knot-dns/ and NSD http://www.nlnetlabs.nl/projects/nsd/? any pointers? #DNS #RIPE63 + +(Originally on Twitter: [Thu Nov 03 13:36:06 +0000 2011](https://twitter.com/adulau/status/132088663587823616)) +---- +RT @bortzmeyer: @adulau Knot is faster, according to the benchmarks made by its +authors. But NSD is production-ready and Knot is alpha ( ... + +(Originally on Twitter: [Thu Nov 03 13:42:31 +0000 2011](https://twitter.com/adulau/status/132090278269042688)) +---- +Interesting to see that malware evade more and more DMZ filtering by using CIFS protocol. Another good reason to not use CIFS between DMZ. + +(Originally on Twitter: [Thu Nov 03 16:44:45 +0000 2011](https://twitter.com/adulau/status/132136141712392192)) +---- +RT @FIRSTdotOrg: Want to be a part of #FIRST2012 #Malta? CFS is open at http://conference.first.org/cfs. #infosec #cybersec + +(Originally on Twitter: [Thu Nov 03 21:10:44 +0000 2011](https://twitter.com/adulau/status/132203077326475265)) +---- +@oreillymedia it would be great to add a way to send automatically to your Kindle email the ebooks purchased from the O'Reilly account... + +(Originally on Twitter: [Thu Nov 03 21:18:09 +0000 2011](https://twitter.com/adulau/status/132204942705430529)) +---- +Back to the eighties, street art is back, retro house and new beat are on radio and remote code execution abusing the TCP/IP stack. #infosec + +(Originally on Twitter: [Tue Nov 08 22:42:20 +0000 2011](https://twitter.com/adulau/status/134038068578627584)) +---- +http://www.digitalbond.com/2011/11/08/advantech-webaccess-first-on-insecure-products-list/comment-page-1/ "Advantech WebAccess First on Insecure Products List" #infosec #scada #ics + +(Originally on Twitter: [Wed Nov 09 06:58:51 +0000 2011](https://twitter.com/adulau/status/134163021856641024)) +---- +@fcouchet Maybe we should read "Intellectual Property is the driving force to shut down a knowledge based economy"... + +(Originally on Twitter: [Wed Nov 09 13:37:59 +0000 2011](https://twitter.com/adulau/status/134263468105805824)) +---- +RT @circl_lu: http://www.crysys.hu/duqudetector.html "CrySyS Duqu Detector Toolkit" #malware #duqu + +(Originally on Twitter: [Thu Nov 10 12:52:24 +0000 2011](https://twitter.com/adulau/status/134614383941791744)) +---- +http://www.ietf.org/mail-archive/web/mile/current/msg00177.html last call for RFC6045 and RFC6046 about Real-time Inter-network Defense (RED) - IODEF extension for incident handling + +(Originally on Twitter: [Thu Nov 10 13:49:36 +0000 2011](https://twitter.com/adulau/status/134628775580286977)) +---- +RT @rstevens: Anyone who tells you that you can't do your best work in your underwear is probably in the pocket of the pants industry. + +(Originally on Twitter: [Thu Nov 10 15:48:21 +0000 2011](https://twitter.com/adulau/status/134658663725006848)) +---- +RT @mruef: Another step backwards: After #Google killing RSS in their Reader, #Facebook is going to kill RSS imports for notes :( #fail + +(Originally on Twitter: [Thu Nov 10 19:15:31 +0000 2011](https://twitter.com/adulau/status/134710798831456256)) +---- +RT @i0n1c: guys it is no news or secret that i am/was lorian of TESO.Sorry to ruin your attempts to blackmail me. + +(Originally on Twitter: [Fri Nov 11 14:43:18 +0000 2011](https://twitter.com/adulau/status/135004680152551427)) +---- +RT @thegrugq: @i0n1c watch out nan, I heard that lorian knows about you taking credit for his bugs and his work. Heard he has access to ... + +(Originally on Twitter: [Fri Nov 11 14:55:05 +0000 2011](https://twitter.com/adulau/status/135007646884429825)) +---- +tcprstart is very handy especially to discover potential (malware) p2p protocols by looking at req/resp times http://www.percona.com/docs/wiki/tcprstat:start + +(Originally on Twitter: [Sat Nov 12 08:48:38 +0000 2011](https://twitter.com/adulau/status/135277814202118144)) +---- +An open idea to Belgian politicians instead of "closing down libraries" improve and reinvent them like in Fayetteville http://boingboing.net/2011/11/12/library-to-get-a-hackerspace.html + +(Originally on Twitter: [Sat Nov 12 16:49:01 +0000 2011](https://twitter.com/adulau/status/135398706240430080)) +---- +http://arxiv.org/abs/1111.2744 "Cryptanalysis of Song's advanced smart card based password authentication protocol" #smartcard #infosec + +(Originally on Twitter: [Mon Nov 14 10:28:54 +0000 2011](https://twitter.com/adulau/status/136027819435229185)) +---- +http://dragonresearchgroup.org/reads/ a weekly short list of good reads to enjoy your weekend with from @DragonResearch #infosec + +(Originally on Twitter: [Mon Nov 14 10:31:11 +0000 2011](https://twitter.com/adulau/status/136028394705010688)) +---- +@rop_g congrats for your talk during #govcertnl #freedom + +(Originally on Twitter: [Thu Nov 17 09:50:44 +0000 2011](https://twitter.com/adulau/status/137105381326467072)) +---- +What's the difference .bit domain http://dot-bit.orgproject and .42 https://www.42registry.org/? just the bitcoin namecoin trading? + +(Originally on Twitter: [Thu Nov 17 15:24:59 +0000 2011](https://twitter.com/adulau/status/137189497984122880)) +---- +RT @bortzmeyer: Je prêviens: compte-tenu de la gravité des attaques menées au nom de la propriété intellectuelle, je voterai en 2012 sur ... + +(Originally on Twitter: [Thu Nov 17 17:22:28 +0000 2011](https://twitter.com/adulau/status/137219062521528320)) +---- +@edarchis If the svn word is pronounced in conjunction with the DVCS word, there might be something wrong. + +(Originally on Twitter: [Thu Nov 17 17:28:34 +0000 2011](https://twitter.com/adulau/status/137220597766832130)) +---- +@wimremes the main issue with any certification (like ISO 27K) is that companies look for a certificate and not usually improved security + +(Originally on Twitter: [Fri Nov 18 13:26:31 +0000 2011](https://twitter.com/adulau/status/137522070132244481)) +---- +RT @xme: @adulau Certificate as a Checkmark on a Check list? "Completed, next one" + +(Originally on Twitter: [Fri Nov 18 13:55:04 +0000 2011](https://twitter.com/adulau/status/137529256422027264)) +---- +#worstpassword hash tag is cool. You can grab it, parse it and build a nifty list for your next worm. #infosec #malware + +(Originally on Twitter: [Fri Nov 18 17:03:43 +0000 2011](https://twitter.com/adulau/status/137576731757379584)) +---- +Reading the news about the people library's being thrown out by the police reminded me of this scene in Fahrenheit 451 http://www.youtube.com/watch?v=lW7sWqG1j_0 + +(Originally on Twitter: [Fri Nov 18 23:00:30 +0000 2011](https://twitter.com/adulau/status/137666520653373440)) +---- +@NeelieKroesEU get rid of "collecting society's" and promote a direct financing between users and authors. #copyright #forumavignon + +(Originally on Twitter: [Sat Nov 19 10:15:08 +0000 2011](https://twitter.com/adulau/status/137836296474337280)) +---- +RT @fluxfingers: hacklu2011 CTF access.log published http://www.fluxfingers.net/public/access.log.masked.bz2 #fluxfingers #ctf #hacklu + +(Originally on Twitter: [Sat Nov 19 10:18:54 +0000 2011](https://twitter.com/adulau/status/137837243845980160)) +---- +RT @NURPAbe: [EN] In order to avoid that the Web in Belgium looks like http://ur1.ca/5xr11 , help us by confirming these cases http://t ... + +(Originally on Twitter: [Sat Nov 19 12:28:39 +0000 2011](https://twitter.com/adulau/status/137869895521157121)) +---- +http://eprint.iacr.org/2011/616 "the impossible differential attack on TEA in this paper is the best single-key attack to date" #cryptography + +(Originally on Twitter: [Sat Nov 19 12:31:26 +0000 2011](https://twitter.com/adulau/status/137870596934598657)) +---- +http://news.ycombinator.com/item?id=3256317 reading this discussion about the "weak" typesetting in current ebooks showed again the bright future for TeX. + +(Originally on Twitter: [Sun Nov 20 19:49:10 +0000 2011](https://twitter.com/adulau/status/138343143941750784)) +---- +http://nakedsecurity.sophos.com/2011/09/14/windows-8-anti-virus-good-bad-news/ "Windows 8 to have built-in anti-virus" it's not the first time microsoft talked about it... #malware + +(Originally on Twitter: [Mon Nov 21 07:20:24 +0000 2011](https://twitter.com/adulau/status/138517098254172160)) +---- +@lhausermann Until now it's an ugly script to enumerate ports used in pcap and calculate/rank on the latency median per port. I'll blog post + +(Originally on Twitter: [Mon Nov 21 09:50:30 +0000 2011](https://twitter.com/adulau/status/138554872931946497)) +---- +@SteveClement Do you know the famous "t" option in tar? it's very handy before doing an extract ;-) + +(Originally on Twitter: [Tue Nov 22 13:39:28 +0000 2011](https://twitter.com/adulau/status/138974880338161664)) +---- +RT @Snort: Snort and ClamAV plugins for Wireshark! http://www.honeynet.org/node/790 + +(Originally on Twitter: [Thu Nov 24 13:42:13 +0000 2011](https://twitter.com/adulau/status/139700348309864448)) +---- +A small reminder for users of tor announcing hidden services, don't forget to secure your web application. #tor #infosec + +(Originally on Twitter: [Thu Nov 24 14:24:13 +0000 2011](https://twitter.com/adulau/status/139710920774529024)) +---- +Parsing a huge JSON file (3GB) with Python and I ended up using sed and awk with GNU parallel. Old unix tools are not so old. + +(Originally on Twitter: [Thu Nov 24 22:31:57 +0000 2011](https://twitter.com/adulau/status/139833660525383680)) +---- +WTF, I received a copy of a magazine promoting patent using my CC pictures "Patents are only for the old machine" http://www.flickr.com/photos/adulau/379303639/ + +(Originally on Twitter: [Fri Nov 25 22:10:22 +0000 2011](https://twitter.com/adulau/status/140190616788283392)) +---- +@etychon The funny part is they put in bold below the picture "Patents are only for the old machine" as large as the title of the article... + +(Originally on Twitter: [Sun Nov 27 12:33:08 +0000 2011](https://twitter.com/adulau/status/140770126051020801)) +---- +http://tools.ietf.org/html/rfc6441 "Time to Remove Filters for Previously Unallocated IPv4 /8s" but continue to filter RFC5735 IP spaces. #infosec + +(Originally on Twitter: [Tue Nov 29 17:12:42 +0000 2011](https://twitter.com/adulau/status/141565259990315008)) +---- +I like security vendors promoting the replacement of hard token for soft token running on a mobile phone where the token psk is stored too. + +(Originally on Twitter: [Tue Nov 29 20:49:24 +0000 2011](https://twitter.com/adulau/status/141619792774823938)) +---- +Does the decision from Consilium to ban "export of software intended for monitoring Internet" to Syria includes free software (eg tcpdump)? + +(Originally on Twitter: [Thu Dec 01 22:45:03 +0000 2011](https://twitter.com/adulau/status/142373673901371393)) +---- +RT @InfosecIsland: Duqu Servers Included Hacked Linux Systems - Be it brute force password hacking or another Stuxnet 0-Day, Duqu shows. ... + +(Originally on Twitter: [Fri Dec 02 06:48:10 +0000 2011](https://twitter.com/adulau/status/142495253994283009)) +---- +Enjoy your day at #owaspbnl11 with the @rommelfs talk, I'm currently travelling to the 4GH conference. Too many #infosec conferences ;-) + +(Originally on Twitter: [Fri Dec 02 08:47:49 +0000 2011](https://twitter.com/adulau/status/142525363845742592)) +---- +back from the first edition of the #4gh conference very nice concept where everyone can contribute as a speaker #infosec #collaboration + +(Originally on Twitter: [Sun Dec 04 22:55:16 +0000 2011](https://twitter.com/adulau/status/143463407142711296)) +---- +http://gchqchallenge.blogspot.com/2011/12/gchq-stage-1-commented-assembly-code-dr.html "How to solve the GCHQ challenge" @snazmeister + +(Originally on Twitter: [Mon Dec 05 13:48:14 +0000 2011](https://twitter.com/adulau/status/143688130711654402)) +---- +@snazmeister I can't do all the challenges at once... I still have plenty of other challenges to solve. #infosec + +(Originally on Twitter: [Mon Dec 05 14:13:22 +0000 2011](https://twitter.com/adulau/status/143694456862937088)) +---- +RT @Kleissner: The Art of Bootkit Development Paper: http://bit.ly/w0vaEQ Presentation: http://bit.ly/rSZ2KN Live Demo: http://bit.ly/sMUpqU + +(Originally on Twitter: [Tue Dec 06 19:37:38 +0000 2011](https://twitter.com/adulau/status/144138448759042049)) +---- +Sometime I'm just wondering if the best way to break the 0days black market, it's to promote/pay for full disclosure without delay. #infosec + +(Originally on Twitter: [Wed Dec 07 21:09:06 +0000 2011](https://twitter.com/adulau/status/144523854851751936)) +---- +RT @mikko: We've published a white paper on industrial automation security together with Vacon and Nixu: http://www.vacon.com/Vacon-White-Paper-On-Industrial-Automation-Security-In-Fieldbus-And-Field-Device-Level.pdf [pdf] + +(Originally on Twitter: [Fri Dec 09 21:23:49 +0000 2011](https://twitter.com/adulau/status/145252333775888384)) +---- +pinpoint looks very nifty to create presentations but I'll continue to use LaTeX beamer for the next weeks... http://git.gnome.org/browse/pinpoint + +(Originally on Twitter: [Sat Dec 10 21:33:56 +0000 2011](https://twitter.com/adulau/status/145617268020224000)) +---- +http://insecure.org/news/download-com-fiasco.html "Download.com Caught Adding Malware to Nmap & Other Software" #infosec #malware + +(Originally on Twitter: [Sun Dec 11 21:54:37 +0000 2011](https://twitter.com/adulau/status/145984861646225409)) +---- +http://www.goodiff.org/changeset/642/google/code.google.com/speed/public-dns/privacy.html "and improve the Google Public DNS prefetching feature." has been removed from the Google public DNS ToS. #goodiff + +(Originally on Twitter: [Tue Dec 13 12:45:28 +0000 2011](https://twitter.com/adulau/status/146571438550294528)) +---- +"Using Proximity to Predict Activity in Social Networks" http://arxiv.org/abs/1112.2755 quite interesting even if they didn't check the temporal part. + +(Originally on Twitter: [Thu Dec 15 17:00:53 +0000 2011](https://twitter.com/adulau/status/147360491218534400)) +---- +https://labs.ripe.net/Members/gih/the-curious-case-of-the-crooked-tcp-handshake "TCP_DEFER_ACCEPT" is an interesting socket option but with a small bug in the Linux version? + +(Originally on Twitter: [Thu Dec 15 18:02:31 +0000 2011](https://twitter.com/adulau/status/147375999758241792)) +---- +http://blog.snort.org/2011/12/snort-292-has-been-released.html Snort 2.9.2 released including GTP decoding, DNP3 and Modbus support and finally the HTTP js decoding. #infosec #snort + +(Originally on Twitter: [Sat Dec 17 08:26:59 +0000 2011](https://twitter.com/adulau/status/147955941319512064)) +---- +RT @mikko: General: "So, how do we get Stuxnet 2 in Iran? USB sticks won't do it any more" + +Sergeant: "What if we crash land an infecte ... + +(Originally on Twitter: [Sat Dec 17 08:31:09 +0000 2011](https://twitter.com/adulau/status/147956987433463808)) +---- +made some statistics about the certificate revocation reasons seen in the CRLs - open for discussions http://www.foo.be/cgi-bin/wiki.pl/2011-12-17_Certificate_Revocation_Reasons_2011 + +(Originally on Twitter: [Sat Dec 17 11:43:17 +0000 2011](https://twitter.com/adulau/status/148005339944587265)) +---- +@K_rho Désolé mais c'est le cas ;-) Surtout concernant le #NoFoP qui est une grosse bêtise... pour des lieux et œuvres publics. + +(Originally on Twitter: [Sat Dec 17 12:39:46 +0000 2011](https://twitter.com/adulau/status/148019552960262144)) +---- +@K_rho Je sais mais le #NoFoP en mode strict pourrait enlever 75% des photos réalisées dans les villes récentes... #wikipedia + +(Originally on Twitter: [Sat Dec 17 12:48:44 +0000 2011](https://twitter.com/adulau/status/148021812477952000)) +---- +http://www.foo.be/cgi-bin/wiki.pl/2011-12-17_Certificate_Revocation_Reasons_2011 If you are curious about the 230 entries with a revoke reason of "CA Compromise" in all the public CRLs. #infosec #pki + +(Originally on Twitter: [Sat Dec 17 14:44:03 +0000 2011](https://twitter.com/adulau/status/148050830916976640)) +---- +@alcyonsecurity Another interesting point in the DigiNotar CRL is the previously revoked certificates (before the breach). Where are they? + +(Originally on Twitter: [Sun Dec 18 09:59:37 +0000 2011](https://twitter.com/adulau/status/148341641298722816)) +---- +RT @alcyonsecurity: @adulau Good point. #diginotar revocation date should be set to date of suspected compromise, not to date of discove ... + +(Originally on Twitter: [Sun Dec 18 10:07:55 +0000 2011](https://twitter.com/adulau/status/148343729311322112)) +---- +@btabaka Ce que rms veut dire c'est que la censure n'est pas solution. + +(Originally on Twitter: [Sun Dec 18 13:37:49 +0000 2011](https://twitter.com/adulau/status/148396550031282177)) +---- +http://www.foo.be/crl/crl-synonyms.txt I generated a list of X.509 CRL list including an MD5 hash of their output to detect the CRL synonyms. #infosec #pki + +(Originally on Twitter: [Sun Dec 18 17:14:24 +0000 2011](https://twitter.com/adulau/status/148451055485726720)) +---- +RT @matthew_d_green: You should submit something to Usenix Security! The PC even reads the crypto papers these days ;) http://www.usenix.org/events/sec12/cfp/ + +(Originally on Twitter: [Sun Dec 18 19:09:16 +0000 2011](https://twitter.com/adulau/status/148479962918293504)) +---- +@verisign Is there a reason why I can't find the revoked certificate (..7FC529BB) for JMicron Technology Corp in Verisign CRLs? #duqu + +(Originally on Twitter: [Wed Dec 21 08:10:42 +0000 2011](https://twitter.com/adulau/status/149401394670084096)) +---- +" SHARCS 2012: Special-Purpose Hardware for Attacking Cryptographic Systems http://www.iacr.org/S=Rd " Maybe 2012 will be a good year? #crypto + +(Originally on Twitter: [Fri Dec 23 07:18:56 +0000 2011](https://twitter.com/adulau/status/150113142851117056)) +---- +RT @SteveClement: #NSFW but very close to work. Our legal advisor got busted and he even is a Dr. ![](media/150246873234554880-AhXIg6sCMAAyZAL.jpg) + +(Originally on Twitter: [Fri Dec 23 16:10:20 +0000 2011](https://twitter.com/adulau/status/150246873234554880)) +---- +RT @Code_Analysis: John Carmack. Static Code Analysis. http://altdevblogaday.com/2011/12/24/static-code-analysis/ + +(Originally on Twitter: [Sat Dec 24 08:49:57 +0000 2011](https://twitter.com/adulau/status/150498433021644800)) +---- +RT @ddurvaux: Nice reading: overview of revoked certificates: http://bit.ly/ulL3Wu. Thanks @adulau + +(Originally on Twitter: [Sat Dec 24 14:48:09 +0000 2011](https://twitter.com/adulau/status/150588578269904897)) +---- +RT @lferette: John Carmack on static code analysis (tx @adulau). The guy has not lost his touch! http://altdevblogaday.com/2011/12/24/static-code-analysis/ + +(Originally on Twitter: [Sat Dec 24 14:48:13 +0000 2011](https://twitter.com/adulau/status/150588595898556417)) +---- +https://lkml.org/lkml/2011/12/22/270 "possible privilege escalation via SG_IO ioctl" SCSI commands back to the host OS does this work with VMware iSCSI? + +(Originally on Twitter: [Sat Dec 24 16:38:38 +0000 2011](https://twitter.com/adulau/status/150616381971382272)) +---- +http://wrttn.in/04af1a "Institutional memory and reverse smuggling" the reality behind document management in the enterprise. #archiving + +(Originally on Twitter: [Sun Dec 25 08:59:11 +0000 2011](https://twitter.com/adulau/status/150863146008055808)) +---- +RT @cperciva: Just did some archaeology: The telnetd remote-root buffer overflow dates back to at least BSD4.4 (March 1991), but probabl ... + +(Originally on Twitter: [Sun Dec 25 09:08:48 +0000 2011](https://twitter.com/adulau/status/150865567430090752)) +---- +http://www.foo.be/cgi-bin/wiki.pl/2011-12-25_Against_SOPA_or_How_To_Do_Soap My contribution against SOAP, a free recipe on how to make soap. #freedom #sopa #soap + +(Originally on Twitter: [Sun Dec 25 15:19:04 +0000 2011](https://twitter.com/adulau/status/150958745021722624)) +---- +RT @bortzmeyer: Les destructionnistes de Wikipédia toujours aussi tarés. Voilà qu'ils +ont détruit l'article #Namecoin du Wikipédia anglo ... + +(Originally on Twitter: [Sun Dec 25 20:46:11 +0000 2011](https://twitter.com/adulau/status/151041069457473536)) +---- +@bortzmeyer Je n'hésite jamais pour faire une donation à Wikipedia mais depuis les « suppressionnistes »... j'hésite. #wikipedia + +(Originally on Twitter: [Sun Dec 25 21:00:46 +0000 2011](https://twitter.com/adulau/status/151044738617839618)) +---- +@rafi0t For short ID, it's not the first one. It's even part of the OpenPGP standard that software should know that. http://tools.ietf.org/html/rfc4880#section-3.3 + +(Originally on Twitter: [Tue Dec 27 13:51:24 +0000 2011](https://twitter.com/adulau/status/151661461427601409)) +---- +@antirez https://cryptanalysis.eu/blog/2011/12/28/effective-dos-attacks-against-web-application-plattforms-hashdos/ What's your feeling about such attacks against Redis? #hashDoS + +(Originally on Twitter: [Wed Dec 28 22:05:51 +0000 2011](https://twitter.com/adulau/status/152148281491853312)) +---- +http://be-geek.com/linux/2011/11/15/steinar-h-gunderson-ebury-a-new-ssh-trojan "Ebury, a new SSH trojan" an interesting blog post about an often underestimated Linux Trojan... #infosec + +(Originally on Twitter: [Thu Dec 29 16:31:20 +0000 2011](https://twitter.com/adulau/status/152426484911439872)) +---- +Usually when I said that I use Perl for solving problems... people laugh at me but who introduced hash randomization in 2003? #infosec + +(Originally on Twitter: [Fri Dec 30 22:01:50 +0000 2011](https://twitter.com/adulau/status/152872043942117378)) +---- +http://etbe.coker.com.au/2011/12/31/server-cracked/ "SE Linux doesn’t protect against a compromised client system" #infosec #unix + +(Originally on Twitter: [Sat Dec 31 08:36:21 +0000 2011](https://twitter.com/adulau/status/153031727256842240)) +---- +RT @DidierStevens: Just released a little Cisco IOS security tool to start the new year: http://bit.ly/vng1ZZ + +(Originally on Twitter: [Mon Jan 02 09:44:33 +0000 2012](https://twitter.com/adulau/status/153773664880431105)) +---- +https://github.com/CIRCL/pe32-cert-dump Very handy when you have large set of Windows signed PE executable and you want to extract the certificate on Unix. + +(Originally on Twitter: [Tue Jan 03 09:23:58 +0000 2012](https://twitter.com/adulau/status/154130872147251201)) +---- +A small reminder for the attackers doing bruteforce, on some BSD variants the "toor" account is also interesting. #infosec #unix + +(Originally on Twitter: [Wed Jan 04 09:25:51 +0000 2012](https://twitter.com/adulau/status/154493734497681409)) +---- +http://www.jmeds.eu/index.php/jmeds/article/view/Hiding-Malicious-Content-in-PDF-Documents "This paper is a proof-of-concept demonstration for a specific digital signatures vulnerability in PDF" #infosec + +(Originally on Twitter: [Wed Jan 04 09:29:40 +0000 2012](https://twitter.com/adulau/status/154494696218042368)) +---- +RT @fpietrosanti: Python Default SSL Cipher ticket implemented. Will be in Python 2.7 & 3.3 http://bugs.python.org/issue13636 + +(Originally on Twitter: [Wed Jan 04 09:56:34 +0000 2012](https://twitter.com/adulau/status/154501465157795840)) +---- +RT @circl_lu: http://openssl.org/news/secadv_20120104.txt "Six security flaws have been fixed in OpenSSL 1.0.0f and 0.9.8s." #infosec #ssl #tls + +(Originally on Twitter: [Thu Jan 05 14:23:04 +0000 2012](https://twitter.com/adulau/status/154930919487176704)) +---- +RT @xme: Good post by @chriseng: Vulnerability Response Done Right: http://www.veracode.com/blog/2012/01/vulnerability-response-done-right/ + +(Originally on Twitter: [Thu Jan 05 16:50:37 +0000 2012](https://twitter.com/adulau/status/154968051043930112)) +---- +http://technet.microsoft.com/en-us/library/cc162838.aspx Malware response seen in the eyes of Microsoft. Some boxes can be research topics.. + +(Originally on Twitter: [Fri Jan 06 09:15:31 +0000 2012](https://twitter.com/adulau/status/155215911844970496)) +---- +@cudeso I'm curious what you are doing in the kitchen at work... #infosec #kitchen + +(Originally on Twitter: [Fri Jan 06 09:23:15 +0000 2012](https://twitter.com/adulau/status/155217858639572992)) +---- +RT @ProjectHoneynet: Here's an interesting project : http://urlquery.net/about.php "urlQuery.net is a service for detecting and analyzing web-bas ... + +(Originally on Twitter: [Fri Jan 06 09:46:48 +0000 2012](https://twitter.com/adulau/status/155223785237266433)) +---- +http://code.google.com/p/patator/ "Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage." #pentest + +(Originally on Twitter: [Fri Jan 06 10:01:08 +0000 2012](https://twitter.com/adulau/status/155227392313528321)) +---- +http://www.csc.ncsu.edu/faculty/jiang/pubs/NDSS12_WOODPECKER.pdf "Systematic Detection of Capability Leaks in Stock Android Smartphones" #android + +(Originally on Twitter: [Fri Jan 06 14:16:42 +0000 2012](https://twitter.com/adulau/status/155291704654700545)) +---- +RT @hack_lu: hack.lu 2012 will take place the 23,24 and 25 October 2012. Update your agenda. We hope to see you there. #infosec #conference + +(Originally on Twitter: [Fri Jan 06 14:42:34 +0000 2012](https://twitter.com/adulau/status/155298213769912320)) +---- +For the curious, I will be at least at the #FOSDEM http://www.fosdem.org/ and #HES http://2012.hackitoergosum.org/ and also in the underground library. + +(Originally on Twitter: [Mon Jan 09 21:19:08 +0000 2012](https://twitter.com/adulau/status/156485179559518209)) +---- +https://grepular.com/Punching_through_The_Great_Firewall_of_TMobile So T-Mobile uses the TCP RST techniques used by China to filter the traffic. Drop RST packets and you're fine #infosec + +(Originally on Twitter: [Tue Jan 10 07:27:30 +0000 2012](https://twitter.com/adulau/status/156638279591137280)) +---- +http://msdn.microsoft.com/en-us/library/bb204084%28v=exchg.140%29.aspx Autodiscover XML Elements (POX) in Microsoft Exchange is full of (un)secure potential. #infosec + +(Originally on Twitter: [Tue Jan 10 17:07:01 +0000 2012](https://twitter.com/adulau/status/156784119924264960)) +---- +@xme it's great song and band. One of my favorite is "Headhunter". The lyrics even match for malware hunting ;-) #infosec #front242 + +(Originally on Twitter: [Wed Jan 11 10:38:53 +0000 2012](https://twitter.com/adulau/status/157048828665663489)) +---- +http://www.accuvant.com/node/5552 "Old Meets New: Microsoft Windows SafeSEH Incompatibility" interesting post on the safe structured exception handling + +(Originally on Twitter: [Wed Jan 11 13:30:11 +0000 2012](https://twitter.com/adulau/status/157091938493927424)) +---- +@xme an rsync module for http://code.google.com/p/patator/ could be added quite easily. + +(Originally on Twitter: [Wed Jan 11 14:16:50 +0000 2012](https://twitter.com/adulau/status/157103679814647808)) +---- +http://hal.inria.fr/index.php?halsid=aqjc5a1sh5vot2krcs5mcf1hm2&view_this_doc=tel-00627981&version=1 "Self-Adaptive Honeypots Coercing and Assessing Attacker Behaviour" disclaimer: I was the technical supervisor. + +(Originally on Twitter: [Wed Jan 11 20:36:43 +0000 2012](https://twitter.com/adulau/status/157199278916370432)) +---- +@searchio http://netglub.org's guy did a lightning talk during #hack.lu 2010 but everyone is still waiting for a download link... #infosec + +(Originally on Twitter: [Thu Jan 12 13:51:33 +0000 2012](https://twitter.com/adulau/status/157459702031204352)) +---- +@searchio Great, they finally released it. That's a good news. I'll give it a try too. thx + +(Originally on Twitter: [Thu Jan 12 14:22:02 +0000 2012](https://twitter.com/adulau/status/157467373664870400)) +---- +A software vendor replied to me about a vulnerability in the random generator: "...but our session keys don't need to be random". #wtf + +(Originally on Twitter: [Thu Jan 12 22:20:01 +0000 2012](https://twitter.com/adulau/status/157587661824077824)) +---- +@fboule another story but did they finally fix the DLL hijacking vulnerability? #infosec + +(Originally on Twitter: [Thu Jan 12 22:31:33 +0000 2012](https://twitter.com/adulau/status/157590564513132548)) +---- +http://www.netzob.org/ Netzob is a free software tool to support reverse engineering, evaluation and simulation of communication protocols. + +(Originally on Twitter: [Sat Jan 14 19:16:46 +0000 2012](https://twitter.com/adulau/status/158266324987031553)) +---- +RT @Kleissner: I love UEFI. Makes it easier to write bootkits / OS independent malware. + +(Originally on Twitter: [Sat Jan 14 19:25:21 +0000 2012](https://twitter.com/adulau/status/158268482184683520)) +---- +http://labs.alienvault.com/labs/index.php/2012/when-the-apt-owns-your-smart-cards-and-certs/ Another smart card proxy malware... #Sykipot #infosec + +(Originally on Twitter: [Sun Jan 15 10:58:55 +0000 2012](https://twitter.com/adulau/status/158503422243520512)) +---- +http://www.goodiff.org/changeset/648/opera/www.opera.com/security/policy/index.html Opera changed a bit their security vulnerability disclosure policy. #infosec #goodiff + +(Originally on Twitter: [Sun Jan 15 11:18:30 +0000 2012](https://twitter.com/adulau/status/158508349594406912)) +---- +It's clever. Using a BPF filter/state machine to evaluate system call to filter them. #kernel #linux #infosec https://lkml.org/lkml/2012/1/11/260 + +(Originally on Twitter: [Mon Jan 16 20:29:26 +0000 2012](https://twitter.com/adulau/status/159009387749449728)) +---- +http://arxiv.org/abs/0909.3688 "Harvesting SSL Certificate Data to Identify Web-Fraud" interesting. Classifiers are really better than brute-force? + +(Originally on Twitter: [Tue Jan 17 09:14:01 +0000 2012](https://twitter.com/adulau/status/159201801185398784)) +---- +RT @mattblaze: I was just invited to the ACM CCS pgm committee, which I declined because of ACM's copyright policies and paywall. Consid ... + +(Originally on Twitter: [Tue Jan 17 17:53:59 +0000 2012](https://twitter.com/adulau/status/159332651369627648)) +---- +"The current code generator emits no code for an assert statement" I should read more often the Python documentation instead of debugging. + +(Originally on Twitter: [Wed Jan 18 21:43:21 +0000 2012](https://twitter.com/adulau/status/159752764216459265)) +---- +RT @mylifeasageek: MS11-087 Duqu .docx embedding .ttf virustotal results 0/43. what's going on? http://www.virustotal.com/file/ad139787adab6a2f14c3bccc07b7f4401c58c4b4a2c8353cc5b5c4ca88da35d6/analysis/1326937069/ @NTarakanov + +(Originally on Twitter: [Thu Jan 19 16:34:11 +0000 2012](https://twitter.com/adulau/status/160037348598484992)) +---- +RT @circl_lu: http://tools.ietf.org/html/draft-christey-wysopal-vuln-disclosure-00 "Responsible Vulnerability Disclosure Process" was a good Internet-Draft. A pity that is not an RFC. ... + +(Originally on Twitter: [Thu Jan 19 17:26:58 +0000 2012](https://twitter.com/adulau/status/160050628293427201)) +---- +@ForumNucleaire Alors on compare les apiculteurs et les abeilles? à la fission nucléaire? Cela n'est pas très scientifique... #belgium + +(Originally on Twitter: [Thu Jan 19 20:22:08 +0000 2012](https://twitter.com/adulau/status/160094712567566337)) +---- +@ForumNucleaire Merci. Pourriez-vous publier le rapport technique détaillé sur l'incident de Doel du 18 mars 2011? #belgium + +(Originally on Twitter: [Fri Jan 20 20:11:48 +0000 2012](https://twitter.com/adulau/status/160454498949668866)) +---- +A Web Application Firewall module for Nginx https://code.google.com/p/naxsi/ looks interesting but I need to check the code #infosec #waf + +(Originally on Twitter: [Fri Jan 20 20:19:29 +0000 2012](https://twitter.com/adulau/status/160456431944990720)) +---- +RT @teamcymru: Fake sshd to log attack brute force attempts http://bit.ly/yUjGcp + +(Originally on Twitter: [Fri Jan 20 21:01:03 +0000 2012](https://twitter.com/adulau/status/160466892933435392)) +---- +Spending 8.8 million euro in Belgium for a new electronic voting system? The old paper-based was cheaper and secure an http://www.zoegenot.be/8-8-millions-pour-un-nouveau.html + +(Originally on Twitter: [Sun Jan 22 15:12:16 +0000 2012](https://twitter.com/adulau/status/161103897388257280)) +---- +RT @mruef: Was talking with my doctor about sensitivity of patient data. He underestimates the risk. Insurance companies & blackmailers ... + +(Originally on Twitter: [Sun Jan 22 16:33:38 +0000 2012](https://twitter.com/adulau/status/161124373032472576)) +---- +released Forban 0.0.30 (mainly bug fixes and updated CherryPy) https://github.com/adulau/Forban http://www.foo.be/forban/ opportunistic #p2p #forban + +(Originally on Twitter: [Sun Jan 22 16:39:30 +0000 2012](https://twitter.com/adulau/status/161125847594573824)) +---- +RT @k4l4m4r1s: This is common in the IT industry, trainers know about the products they are training in but have never used them in real ... + +(Originally on Twitter: [Sun Jan 22 19:27:00 +0000 2012](https://twitter.com/adulau/status/161168000223952896)) +---- +http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=198214a7ee50375fa71a65e518341980cfd4b2f0 I love git especially when we have good commit messages like "no longer a security hazard". #infosec #kernel + +(Originally on Twitter: [Mon Jan 23 07:36:29 +0000 2012](https://twitter.com/adulau/status/161351582317940736)) +---- +If it takes 10 months in a free software with a git repoto find a documented vulnerability. How long for a proprietary software? #infosec + +(Originally on Twitter: [Mon Jan 23 07:39:07 +0000 2012](https://twitter.com/adulau/status/161352246301429760)) +---- +I'm tempted to say "ad infinitum". #infosec + +(Originally on Twitter: [Mon Jan 23 07:42:25 +0000 2012](https://twitter.com/adulau/status/161353072860348416)) +---- +@ForumNucleaire merci mais l'AFCN n'a publié qu'un communiqué et le rapport sur cet incident n'est pas disponible au public. @greenpeace_be + +(Originally on Twitter: [Mon Jan 23 19:42:31 +0000 2012](https://twitter.com/adulau/status/161534293779288064)) +---- +RT @jeffbulljr: According to futuristic movies the GUI is dead and everything is executed via command line? Is everyone just gonna be sm ... + +(Originally on Twitter: [Tue Jan 24 13:10:52 +0000 2012](https://twitter.com/adulau/status/161798119389007873)) +---- ++2 for the serial converter from Digitus, they even include a small paper version of the GNU General Public License version 3 #gnu + +(Originally on Twitter: [Tue Jan 24 15:18:53 +0000 2012](https://twitter.com/adulau/status/161830336060342272)) +---- +https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/241305 If canonical is listening, could you resolve the bug #241305 that I reported in 2008? thank you #ipv6 #infosec + +(Originally on Twitter: [Tue Jan 24 17:05:33 +0000 2012](https://twitter.com/adulau/status/161857180641935361)) +---- +released a simple Internet domain extractor (alpha) library and classifier from any raw text. https://github.com/adulau/DomainClassifier #datamining + +(Originally on Twitter: [Tue Jan 24 22:04:21 +0000 2012](https://twitter.com/adulau/status/161932373460656128)) +---- +Everyone is looking for a definition of "cloud computing" maybe the only definition "the cloud is where no one is responsible for security" + +(Originally on Twitter: [Wed Jan 25 21:12:22 +0000 2012](https://twitter.com/adulau/status/162281680382595072)) +---- +RT @tricaud: Analysis of the 54 Gb Syrian bluecoat log files part 1 http://bit.ly/yE1xDP #picviz #secviz #bigdata #infoviz + +(Originally on Twitter: [Thu Jan 26 16:29:28 +0000 2012](https://twitter.com/adulau/status/162572873838493696)) +---- +http://www.mofa.go.jp/policy/economy/i_property/acta1201.html "Signing Ceremony of the EU for the Anti-Counterfeiting Trade Agreement" signing is voting in Today's dictionary #wtf + +(Originally on Twitter: [Thu Jan 26 19:01:15 +0000 2012](https://twitter.com/adulau/status/162611073608982528)) +---- +Standard updated today: Common Vulnerability Scoring System (CVSS) got a new range of value from 9.9 up to 10. #infosec + +(Originally on Twitter: [Thu Jan 26 22:04:05 +0000 2012](https://twitter.com/adulau/status/162657083332894720)) +---- +"Statistical analysis of emotions and opinions at Digg website" http://arxiv.org/abs/1201.5484 I would like to get the program used for the experiment + +(Originally on Twitter: [Fri Jan 27 06:01:08 +0000 2012](https://twitter.com/adulau/status/162777139500949504)) +---- +RT @circl_lu: http://www.openssh.com/txt/legacy-cert.adv Legacy certificates generated by OpenSSH might contain data from the stack thus leaking confidential ... + +(Originally on Twitter: [Fri Jan 27 16:48:59 +0000 2012](https://twitter.com/adulau/status/162940172403613696)) +---- +listens in loop the album from Austra @austratalks "Feel It Break". A masterpiece of simple and efficient electro with a great dark voice. + +(Originally on Twitter: [Sat Jan 28 16:28:10 +0000 2012](https://twitter.com/adulau/status/163297324850872320)) +---- +http://marc-stevens.nl/research/ Single-block collision attack on MD5 after the short chosen-prefix MD5 collisions (same author). #crypto #md5 #infosec + +(Originally on Twitter: [Sun Jan 29 22:22:32 +0000 2012](https://twitter.com/adulau/status/163748889483157505)) +---- +http://arxiv.org/abs/1201.5728 "Functional Programming and Security" #programming #infosec + +(Originally on Twitter: [Mon Jan 30 12:20:27 +0000 2012](https://twitter.com/adulau/status/163959759823843330)) +---- +RT @ChrisJohnRiley: #ShmooConEpilogue Technology | Products are not going to save your ass! Stop buying them… + +(Originally on Twitter: [Mon Jan 30 15:36:16 +0000 2012](https://twitter.com/adulau/status/164009038386954240)) +---- +RT @ProjectHoneynet: This looks very interesting. http://ironwasp.org/ + +(Originally on Twitter: [Mon Jan 30 22:09:41 +0000 2012](https://twitter.com/adulau/status/164108043682975744)) +---- +A small note the for http://cryptome.org operator, http://cryptome.org/2012/01/0074.htm the file format of the backup is "Microsoft Tape Format" #comodo + +(Originally on Twitter: [Tue Jan 31 08:25:07 +0000 2012](https://twitter.com/adulau/status/164262923764641793)) +---- +Thanks to @HoffmannMich for pointing me to http://www.exploit-db.com/exploits/18417/ so a "locate /wp-admin/setup-config.php | xargs chmod 000" could be useful. + +(Originally on Twitter: [Tue Jan 31 15:06:50 +0000 2012](https://twitter.com/adulau/status/164364019715682307)) +---- +@eromang @HoffmanMich for the ones I saw it's an older vulnerability. This one even applies with the current release version of WordPress. + +(Originally on Twitter: [Tue Jan 31 18:34:45 +0000 2012](https://twitter.com/adulau/status/164416340923400192)) +---- +Any Redis proxy available to limit the commands to be used? I'm close to write one to only allow read commands for security reason @antirez + +(Originally on Twitter: [Tue Jan 31 21:34:37 +0000 2012](https://twitter.com/adulau/status/164461609576701952)) +---- +@antirez Great, I really missed the rename option in the config for the past months ;-) Very nifty and a clean way to secure it. #redis + +(Originally on Twitter: [Tue Jan 31 21:40:16 +0000 2012](https://twitter.com/adulau/status/164463027553435649)) +---- +The Today's fluffy statement: "not too low, not too high but keep it high" or how to define an oscillating function in business terms. + +(Originally on Twitter: [Thu Feb 02 07:45:51 +0000 2012](https://twitter.com/adulau/status/164977816230838272)) +---- +@rommelfs That's the useful part of such business statement. They can describe many functions without giving insight about the real meaning. + +(Originally on Twitter: [Thu Feb 02 07:57:19 +0000 2012](https://twitter.com/adulau/status/164980703229001728)) +---- +http://www.sec.gov/Archives/edgar/data/1014473/000119312511285850/d219781d10q.htm "We experienced security breaches in the corporate network in 2010 which were not sufficiently reported to Management." + +(Originally on Twitter: [Thu Feb 02 17:07:21 +0000 2012](https://twitter.com/adulau/status/165119124501041152)) +---- +RT @circl_lu: http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-61-Rev.%202 "SP 800-61 Rev. 2 DRAFT Computer Security Incident Handling Guide" in current review. comments welcom ... + +(Originally on Twitter: [Thu Feb 02 17:39:16 +0000 2012](https://twitter.com/adulau/status/165127153866911744)) +---- +RT @tricaud: @adulau and I talk about passive dns analysis with Picviz was accepted for CanSecWest. + +(Originally on Twitter: [Sat Feb 04 16:24:24 +0000 2012](https://twitter.com/adulau/status/165833092446175233)) +---- +@ioerror will do a "Research Seminar: Tor network" at the University of Luxembourg Friday PM http://wwwen.uni.lu/snt/news_events/research_seminar_tor_network #infosec #tor + +(Originally on Twitter: [Mon Feb 06 12:14:51 +0000 2012](https://twitter.com/adulau/status/166495066981019648)) +---- +So Google drops CRL and OCSP in Chrome and became intermediate "CRL" maintainer... http://www.imperialviolet.org/2012/02/05/crlsets.html + +(Originally on Twitter: [Tue Feb 07 08:25:51 +0000 2012](https://twitter.com/adulau/status/166799822232354817)) +---- +"srand((unsigned int)time(NULL)); srand((unsigned int)rand());" seen in a recent source leaked on Internet. #random #infosec + +(Originally on Twitter: [Tue Feb 07 13:51:18 +0000 2012](https://twitter.com/adulau/status/166881725425782784)) +---- +@SteveClement So you leaked the login name, password, the exact location even the hostname... what's next a reverse shell? ;-) + +(Originally on Twitter: [Tue Feb 07 14:59:51 +0000 2012](https://twitter.com/adulau/status/166898977009188865)) +---- +RT @xme: When you need to leave online old content or based on outdated/unsupported software, convert it to static HTML! + +(Originally on Twitter: [Wed Feb 08 14:31:33 +0000 2012](https://twitter.com/adulau/status/167254240413237248)) +---- +@bortzmeyer If this is not an issue, why a homograph of paypal in Cyrillic is blocked at the registar level? security or trademark reason? + +(Originally on Twitter: [Wed Feb 08 15:43:00 +0000 2012](https://twitter.com/adulau/status/167272223684558848)) +---- +is tempted to start a new list of snake-oil security software. After this conf-call where I heard "yes, the keys are hard coded" #wtf. + +(Originally on Twitter: [Wed Feb 08 20:48:58 +0000 2012](https://twitter.com/adulau/status/167349221102583808)) +---- +Just submitted a proposal for #Haxogreen hope to see you there.... http://www.hackerspace.lu/2012/02/03/haxogreen-2012-call-for-proposals/ + +(Originally on Twitter: [Wed Feb 08 21:52:55 +0000 2012](https://twitter.com/adulau/status/167365316790325248)) +---- +Being in the mood tonight, I submitted a second proposal for #haxogreen. A bit more chemical than the previous one... http://www.hackerspace.lu/2012/02/03/haxogreen-2012-call-for-proposals/ + +(Originally on Twitter: [Wed Feb 08 22:12:56 +0000 2012](https://twitter.com/adulau/status/167370354145234945)) +---- +RT @maradydd: .@eqe I decided a while back I'm only going to publish in open-access venues anymore. So basically, USENIX, PLoS, and past ... + +(Originally on Twitter: [Thu Feb 09 20:43:26 +0000 2012](https://twitter.com/adulau/status/167710218141175810)) +---- +If you are using the #PirateBox and you need updates/features for Forban, let me know. http://www.foo.be/forban/ #p2p #sharing + +(Originally on Twitter: [Sat Feb 11 16:34:36 +0000 2012](https://twitter.com/adulau/status/168372373911904256)) +---- +RT @teamcymru: New targeted ActiveX attack with infected .doc in the wild, patch to MS11-073 of 9/13/11 for protection http://bit.ly/zubSX5 + +(Originally on Twitter: [Sun Feb 12 09:19:38 +0000 2012](https://twitter.com/adulau/status/168625295946031104)) +---- +Don't forget in enterprise security that any simple malware can be used as a dropper for your next or current persistent infection. #infosec + +(Originally on Twitter: [Sun Feb 12 09:29:01 +0000 2012](https://twitter.com/adulau/status/168627660073861120)) +---- +https://bugzilla.mozilla.org/show_bug.cgi?id=724929#c15 Trustwave is issuing interception X.509 certificate... what's the next CA? The CA keyring might become smaller... + +(Originally on Twitter: [Sun Feb 12 09:33:21 +0000 2012](https://twitter.com/adulau/status/168628749418512384)) +---- +RT @circl_lu: Video of @ioerror's #Tor talk at uni.lu now online at http://youtu.be/RmGeEGsfpO8 #anonymity #censorship + +(Originally on Twitter: [Tue Feb 14 12:18:32 +0000 2012](https://twitter.com/adulau/status/169395093546082304)) +---- +Just heard a phone conversation of @rommelfs with some telemarketers "Correct, we have no marketing or sales dept here. We just work here." + +(Originally on Twitter: [Tue Feb 14 12:30:05 +0000 2012](https://twitter.com/adulau/status/169398001503182848)) +---- +http://11011110.livejournal.com/241173.html "Needles in haystacks: shared factors among many large composite numbers" #crypto #infosec + +(Originally on Twitter: [Wed Feb 15 13:46:10 +0000 2012](https://twitter.com/adulau/status/169779538354638848)) +---- +RT @mthorbruegge: Kraftwerk performing 3D-enhanced retrospective concerts over 8 nights at MoMA http://j.mp/wOxSd7 + +(Originally on Twitter: [Fri Feb 17 09:20:49 +0000 2012](https://twitter.com/adulau/status/170437532604043264)) +---- +#github is not feeling well today. + +(Originally on Twitter: [Fri Feb 17 16:12:02 +0000 2012](https://twitter.com/adulau/status/170541021317443585)) +---- +https://cloudsecurityalliance.org/star/ "..allows them to submit self assessment reports that document compliance to CSA.." Just compliance not security. + +(Originally on Twitter: [Fri Feb 17 17:01:05 +0000 2012](https://twitter.com/adulau/status/170553366609526784)) +---- +Tomorrow I'm giving another courses about network forensic using Redis. Less sexy than Redis powering Youporn... http://groups.google.com/group/redis-db/browse_thread/thread/77841c595d29f983 + +(Originally on Twitter: [Fri Feb 17 20:10:12 +0000 2012](https://twitter.com/adulau/status/170600956663308288)) +---- +http://blog.mozilla.com/security/2012/02/17/message-to-certificate-authorities-about-subordinate-cas/ Message to Certificate Authorities from Firefox to revoke all subordinate CA cert used for MiTM before April 27, 2012. + +(Originally on Twitter: [Sat Feb 18 16:45:20 +0000 2012](https://twitter.com/adulau/status/170911786940379136)) +---- +@laurentchemla Hé oui, c'est dans ces moments là que tu voudrais être Theodore Kaczynski... + +(Originally on Twitter: [Sat Feb 18 17:25:05 +0000 2012](https://twitter.com/adulau/status/170921792041517057)) +---- +http://webpolicy.org/2012/02/17/safari-trackers/ A technical analysis of Safari’s cookie blocking feature and how it's circumvented by advertisers... #infosec + +(Originally on Twitter: [Sat Feb 18 17:36:44 +0000 2012](https://twitter.com/adulau/status/170924725957165056)) +---- +RT @mruef: Dear developer, please don't overwrite config files during an update. Otherwise I have to chop your head off. Sincerely + +(Originally on Twitter: [Sat Feb 18 17:48:33 +0000 2012](https://twitter.com/adulau/status/170927696195497984)) +---- +If you are a politician and you are about to shutdown a local library, read this HN post and the @tqbf comment http://news.ycombinator.com/item?id=3607217 + +(Originally on Twitter: [Sun Feb 19 16:32:43 +0000 2012](https://twitter.com/adulau/status/171271003538849793)) +---- +committed a basic "malicious' domain ranking in the DomainClassifier based on @bgpranking values https://github.com/adulau/DomainClassifier @rafi0t + +(Originally on Twitter: [Sun Feb 19 18:00:25 +0000 2012](https://twitter.com/adulau/status/171293069952557056)) +---- +@rfc1149 I used GNU screen (-x) for sharing terminal sessions with the students. Quick and functional. + +(Originally on Twitter: [Mon Feb 20 07:19:42 +0000 2012](https://twitter.com/adulau/status/171494218672521216)) +---- +http://blog.si6networks.com/2012/02/ipv6-nids-evasion-and-improvements-in.html "IPv6 NIDS evasion and improvements in IPv6 fragmentation/reassembly" #infosec #ipv6 #nids + +(Originally on Twitter: [Tue Feb 21 07:54:06 +0000 2012](https://twitter.com/adulau/status/171865264235880448)) +---- +HyperDex looks really interesting but lacking the wonderful sorted set from Redis... http://hyperdex.org/ + +(Originally on Twitter: [Wed Feb 22 22:19:58 +0000 2012](https://twitter.com/adulau/status/172445553739841536)) +---- +@rescrv How would you create a space for ZRANGEBYSCORE or ZREVRANGEBYSCORE operations in HyperDex with the same time complexity of Redis? + +(Originally on Twitter: [Thu Feb 23 11:20:32 +0000 2012](https://twitter.com/adulau/status/172641989941149696)) +---- +RT @hgascon: Dalvik Opcodes Table http://code.google.com/p/corkami/wiki/OpcodesTables?show=content + +(Originally on Twitter: [Thu Feb 23 11:24:11 +0000 2012](https://twitter.com/adulau/status/172642908900569088)) +---- +Hooking at IRP_MJ_INTERNAL_CONTROL level is clever for a malware but some AVs are doing it too. But who is hooking first? #infosec + +(Originally on Twitter: [Thu Feb 23 13:18:22 +0000 2012](https://twitter.com/adulau/status/172671645117460481)) +---- +Malware analysis or how to use advanced techniques to always stay a bit less behind. #infosec #reversing + +(Originally on Twitter: [Mon Feb 27 15:15:45 +0000 2012](https://twitter.com/adulau/status/174150736735772674)) +---- +@el33th4xor Yes, sorting on the client side might an option. In my case, (re)caching large returned dataset might waste too much memory. + +(Originally on Twitter: [Mon Feb 27 21:56:08 +0000 2012](https://twitter.com/adulau/status/174251494151950337)) +---- +RT @raffaelmarty: Lots of talk about 'security intelligence', but honestly, I don't see many new ideas compared to 5 years ago. #AGC2012 + +(Originally on Twitter: [Mon Feb 27 21:58:28 +0000 2012](https://twitter.com/adulau/status/174252081551654912)) +---- +@fredraynal feel free to knock at the door... + +(Originally on Twitter: [Wed Feb 29 11:11:28 +0000 2012](https://twitter.com/adulau/status/174814033386553344)) +---- +@tricaud great view. Mine is less nice ;-) but also coding some sample to be released at #csw12 #infosec + +(Originally on Twitter: [Fri Mar 02 19:52:03 +0000 2012](https://twitter.com/adulau/status/175669821466357760)) +---- +At least @GitHub is now fixed... I'm just wondering about all the remaining Rails application around. #infosec http://news.ycombinator.com/item?id=3663313 + +(Originally on Twitter: [Sun Mar 04 18:12:41 +0000 2012](https://twitter.com/adulau/status/176369587691065344)) +---- +@SteveClement Good to know but to ensure the quality of tea in a bag, don't forget to perform a mass spectrometry. #tea + +(Originally on Twitter: [Mon Mar 05 12:41:49 +0000 2012](https://twitter.com/adulau/status/176648711642943489)) +---- +I don't like compiling a new Python interpreter just to have the debugging symbols. and ending up to debug an ASN parser via ctypes... + +(Originally on Twitter: [Mon Mar 05 21:51:05 +0000 2012](https://twitter.com/adulau/status/176786939133960193)) +---- +Penetration testing is just like intellectual property. There are no meaning in those terms. Maybe /dev/null is more meaningful. + +(Originally on Twitter: [Wed Mar 07 21:34:10 +0000 2012](https://twitter.com/adulau/status/177507457059389440)) +---- +We just prepared some "funky" slides for the lightning talks at #csw12. @tricaud + +(Originally on Twitter: [Thu Mar 08 18:33:48 +0000 2012](https://twitter.com/adulau/status/177824456008404992)) +---- +RT @circl_lu: A good reminder to use anti-spoofing - http://home.regit.org/netfilter-en/secure-use-of-helpers/ Attacks will be presented at #csw12 + +(Originally on Twitter: [Thu Mar 08 19:48:16 +0000 2012](https://twitter.com/adulau/status/177843194334167040)) +---- +@rbidule it will be. It's a mix between APT, Stuxnet and some obscure secret sauce ;-) + +(Originally on Twitter: [Thu Mar 08 20:04:54 +0000 2012](https://twitter.com/adulau/status/177847379389718530)) +---- +http://code.google.com/p/lola-linux/ "Linux kernel module to provide low level (hardware) access" seems very nifty #csw12 + +(Originally on Twitter: [Thu Mar 08 23:50:07 +0000 2012](https://twitter.com/adulau/status/177904058735132672)) +---- +RT @Regiteric: One clever thing would be to double the reward if someone finds a zero-day *and* comes with a fix. #Pwnium #csw12 + +(Originally on Twitter: [Thu Mar 08 23:52:24 +0000 2012](https://twitter.com/adulau/status/177904631123415040)) +---- +RT @tricaud: @rbidule @adulau yeah! And pedobear is featured! #csw12 + +(Originally on Twitter: [Fri Mar 09 02:02:49 +0000 2012](https://twitter.com/adulau/status/177937454253355009)) +---- +We learn new stuff everyday. We don't say any more "scanning an IP range" but "probing the cloud". #csw12 + +(Originally on Twitter: [Fri Mar 09 17:18:43 +0000 2012](https://twitter.com/adulau/status/178167947095838720)) +---- +RT @Regiteric: "Anything free could bite you back". Yeah, Let's remove Linux from all operators equipment. #QOTD #csw12 + +(Originally on Twitter: [Fri Mar 09 18:05:29 +0000 2012](https://twitter.com/adulau/status/178179717420163073)) +---- +@Regiteric If we follow a logic, Junos was based on BSD kernel? So they should remove themself from the operator networks. #csw12 + +(Originally on Twitter: [Fri Mar 09 18:08:47 +0000 2012](https://twitter.com/adulau/status/178180548097867777)) +---- +RT @tricaud: Jun Xie downloading his presentation from http://google.com/ root dir :-) #csw12 + +(Originally on Twitter: [Fri Mar 09 21:36:14 +0000 2012](https://twitter.com/adulau/status/178232751957348352)) +---- +Currently a presentation about a p2p protocol called Thunder http://en.wikipedia.org/wiki/Xunlei that can be abused. Seems largely used in China. #csw12 + +(Originally on Twitter: [Fri Mar 09 21:42:31 +0000 2012](https://twitter.com/adulau/status/178234334631825409)) +---- +@vessial interesting topic. Do you plan to release your tools for the analysis of the Thunder network protocol (Xunlei)? #csw12 + +(Originally on Twitter: [Fri Mar 09 23:55:27 +0000 2012](https://twitter.com/adulau/status/178267787008016384)) +---- +RT @Regiteric: Christien Wojner making an interesting talk about WOW (http://en.wikipedia.org/wiki/WoW64) side effects at #cansecwest. #csw12 + +(Originally on Twitter: [Sat Mar 10 00:07:26 +0000 2012](https://twitter.com/adulau/status/178270803740205057)) +---- +RT @quarkslab: #SSTIC 2012 Paper on Windows Runtime accepted. A trip inside the new security model for applications in Windows 8 + +(Originally on Twitter: [Sat Mar 10 12:30:12 +0000 2012](https://twitter.com/adulau/status/178457728749027328)) +---- +The 0day market clearly summarized http://news.ycombinator.com/item?id=3681229 #csw12 #pwnium #pwn2own sometime being a market is not the best option... + +(Originally on Twitter: [Sat Mar 10 14:40:41 +0000 2012](https://twitter.com/adulau/status/178490564340224000)) +---- +@HackitoErgoSum congrats for the program. Very impressive. #hes2012 + +(Originally on Twitter: [Sat Mar 10 23:03:44 +0000 2012](https://twitter.com/adulau/status/178617163089838080)) +---- +http://commoncrawl.org/mapreduce-for-the-masses/ @commoncrawl I like your initiative but could you forget Java? #mapreduce + +(Originally on Twitter: [Sun Mar 11 20:44:44 +0000 2012](https://twitter.com/adulau/status/178944567192715266)) +---- +RT @i0n1c: Of course the security check had nothing todo with me... Maybe one of the other guys coming with me from #CanSecWest + +(Originally on Twitter: [Mon Mar 12 09:57:53 +0000 2012](https://twitter.com/adulau/status/179144170160656385)) +---- +@i0n1c Interesting. My passport was reviewed manually and re-encoded from NL to Vancouver at boarding. Might be a software 0day^H^H^Hbug. + +(Originally on Twitter: [Mon Mar 12 10:15:32 +0000 2012](https://twitter.com/adulau/status/179148613727956992)) +---- +RT @circl_lu: http://blogs.technet.com/b/srd/archive/2012/03/13/cve-2012-0002-a-closer-look-at-ms12-020-s-critical-issue.aspx "A closer look at MS12-020's critical issue" remote code execution in RDP #infosec + +(Originally on Twitter: [Tue Mar 13 17:54:58 +0000 2012](https://twitter.com/adulau/status/179626621689532416)) +---- +http://thenextweb.com/media/2012/03/13/belgian-rightsholders-group-wants-to-charge-libraries-for-reading-books-to-kids/ We should charge SABAM in Belgium for all the stupid stuff they do and say. A large budget increase for the State. + +(Originally on Twitter: [Tue Mar 13 17:57:21 +0000 2012](https://twitter.com/adulau/status/179627220225114113)) +---- +http://exploitshop.wordpress.com/2012/03/13/ms12-020-vulnerabilities-in-remote-desktop-could-allow-remote-code-execution/ - http://blog.binaryninjas.org/?p=58 More potential fun with MS12-020... + +(Originally on Twitter: [Wed Mar 14 08:47:52 +0000 2012](https://twitter.com/adulau/status/179851329026527232)) +---- +RT @tricaud: Our #CanSecWest slides of our talk with @adulau are available http://bit.ly/yuXkTy #csw12 + +(Originally on Twitter: [Wed Mar 14 12:22:14 +0000 2012](https://twitter.com/adulau/status/179905273526370304)) +---- +http://www-users.cs.umn.edu/~foo/research/docs/fookune_ndss_gsm.pdf "Location Leaks on the GSM Air Interface" Using the weak distribution of TMSI #privacy #gsm #mobile + +(Originally on Twitter: [Wed Mar 14 12:48:22 +0000 2012](https://twitter.com/adulau/status/179911851004530689)) +---- +@imrim "We need good code" sure on shared secure operating system, libraries, hardware and firmware. We are nowhere... #infosec + +(Originally on Twitter: [Wed Mar 14 16:48:15 +0000 2012](https://twitter.com/adulau/status/179972219768807425)) +---- +RT @pretorienx: Writing a bFLT loader for IDA Pro: http://www.devttys0.com/2012/03/writing-a-bflt-loader-for-ida/ @devttyS0 + +(Originally on Twitter: [Wed Mar 14 16:53:59 +0000 2012](https://twitter.com/adulau/status/179973661871177728)) +---- +RT @xme: XCat is available here: https://GitHub.com/orf/xcat #BlackhatEU + +(Originally on Twitter: [Wed Mar 14 16:59:32 +0000 2012](https://twitter.com/adulau/status/179975060260524032)) +---- +OpenSSL 1.0.1 just released including DTLS heartbeat and also RFC 5705 (reuse key materials for other soft) and SCTP support. Fun is ahead + +(Originally on Twitter: [Thu Mar 15 06:53:36 +0000 2012](https://twitter.com/adulau/status/180184958428643328)) +---- +@laquadrature Have you more information about this vote at JURI? http://news.ycombinator.com/item?id=3707342 about orphaned works? + +(Originally on Twitter: [Thu Mar 15 08:00:59 +0000 2012](https://twitter.com/adulau/status/180201917417394176)) +---- +RT @luigi_auriemma: ms12-020 mistery: the packet stored in the "chinese" rdpclient.exe PoC is the EXACT ONE I gave to ZDI!!! @thezdi? @m ... + +(Originally on Twitter: [Fri Mar 16 14:26:55 +0000 2012](https://twitter.com/adulau/status/180661425713328129)) +---- +Wonderful, we have a proof that the zero day market is playing a double game. I'm guessing the answer: "No, it was an APT". #infosec + +(Originally on Twitter: [Fri Mar 16 14:34:20 +0000 2012](https://twitter.com/adulau/status/180663292002451456)) +---- +RT @DragonResearch: The latest version of DRG Weekend Reads is out, find it here: https://dragonresearchgroup.org/reads/ Enjoy and send us your tips! + +(Originally on Twitter: [Fri Mar 16 15:01:00 +0000 2012](https://twitter.com/adulau/status/180670005636120579)) +---- +http://www.flickr.com/photos/adulau/6841271128/ Experimenting graphs and MCL cluster to see outliers in network flows... worked well. #infovis #infosec + +(Originally on Twitter: [Fri Mar 16 15:33:54 +0000 2012](https://twitter.com/adulau/status/180678284886032384)) +---- +@security4all http://news.ycombinator.com/item?id=3707342 I'm still wondering where the numbers are coming from. Not from an EU website until now. + +(Originally on Twitter: [Fri Mar 16 15:41:52 +0000 2012](https://twitter.com/adulau/status/180680290925166592)) +---- +@thegrugq agree. sys.stdout.write is really behaving like an old Perl print... and print becomes a function in Py 3. But wrappers die in 3. + +(Originally on Twitter: [Sat Mar 17 10:43:21 +0000 2012](https://twitter.com/adulau/status/180967550971150336)) +---- +@Pir_Box Si vous avez Python sur la #PiratePox, vous pouvez faire tourner #forban http://www.foo.be/forban/ https://github.com/adulau/Forban + +(Originally on Twitter: [Mon Mar 19 06:09:58 +0000 2012](https://twitter.com/adulau/status/181623528087494656)) +---- +http://arxiv.org/abs/1203.3866 "Computational Security Analysis of the UMTS and LTE Authentication and Key Agreement Protocols" + +(Originally on Twitter: [Tue Mar 20 08:30:03 +0000 2012](https://twitter.com/adulau/status/182021169204043778)) +---- +"segfault at 5120fc20 ip 00000000004017cc sp 000000005120fc20 error 6" Usual but not for DJB code.... + +(Originally on Twitter: [Tue Mar 20 13:42:13 +0000 2012](https://twitter.com/adulau/status/182099731709837313)) +---- +http://www.rfc-editor.org/rfc/rfc6561.txt "Recommendations for the Remediation of Bots in ISP Networks" #infosec #ietf + +(Originally on Twitter: [Tue Mar 20 15:46:58 +0000 2012](https://twitter.com/adulau/status/182131123931983874)) +---- +I should reuse this email signature "quit whining you haven't done anything wrong because frankly you haven't done much of anything" + +(Originally on Twitter: [Tue Mar 20 18:33:32 +0000 2012](https://twitter.com/adulau/status/182173040199741440)) +---- +It seems that #TEDxLuxembourgCity is far away from the original #TED talks. Where is Clifford Stoll or those crazy innovators? @tedxluxcity + +(Originally on Twitter: [Tue Mar 20 22:16:31 +0000 2012](https://twitter.com/adulau/status/182229159651717124)) +---- +@kwisArts The initial TED talks were about disruptive ideas, now it's more networking and marketing... it's time to do something else. + +(Originally on Twitter: [Tue Mar 20 22:32:15 +0000 2012](https://twitter.com/adulau/status/182233118349082624)) +---- +@kwisArts If you go there, let us know if you find some interesting "doers" between the champagne and the cocktails. + +(Originally on Twitter: [Tue Mar 20 22:35:04 +0000 2012](https://twitter.com/adulau/status/182233824904749056)) +---- +@cbuchler at least, they reach one goal. "to stimulate dialogue" #TEDx + +(Originally on Twitter: [Tue Mar 20 22:37:26 +0000 2012](https://twitter.com/adulau/status/182234422916026368)) +---- +@cbuchler On the positive side, networking is good when it's there to help creators and doers to experiment their ideas to improve society. + +(Originally on Twitter: [Tue Mar 20 22:41:27 +0000 2012](https://twitter.com/adulau/status/182235431843270656)) +---- +http://blogs.msdn.com/b/ie/archive/2012/03/12/enhanced-memory-protections-in-ie10.aspx "Enhanced Memory Protections in IE10" Curious if HEASLR has really an impact... #infosec + +(Originally on Twitter: [Tue Mar 20 22:44:27 +0000 2012](https://twitter.com/adulau/status/182236185488404480)) +---- +@cbuchler I'm always positive. You can find "doers" in a set of persons. You just need to shuffle the set regularly. + +(Originally on Twitter: [Tue Mar 20 22:46:59 +0000 2012](https://twitter.com/adulau/status/182236823811141632)) +---- +I suppose this a parody of the RSA conference? http://www.youtube.com/watch?v=I7iM5CbBLBY If this was the true one, I will stop tweeting for one day. #circus + +(Originally on Twitter: [Wed Mar 21 14:57:23 +0000 2012](https://twitter.com/adulau/status/182481034049359872)) +---- +@wimremes Right for marketing. But would you sell your 0days via the same registered company? + +(Originally on Twitter: [Wed Mar 21 15:11:22 +0000 2012](https://twitter.com/adulau/status/182484553083006977)) +---- +RT @thegrugq: People spreading FUD about 0day sales won't tell the truth: when you inform the vendor, they _will_ give the 0day to China ... + +(Originally on Twitter: [Wed Mar 21 15:23:36 +0000 2012](https://twitter.com/adulau/status/182487630343176193)) +---- +@fredraynal I'm still thinking this is a parody. Not something real. It can't be possible that the audience was so calm. #infoseccircus + +(Originally on Twitter: [Wed Mar 21 15:32:40 +0000 2012](https://twitter.com/adulau/status/182489914519203840)) +---- +Watching the stream of @TEDxLuxCity Luxembourg really needs a local initiative like @ycombinator + +(Originally on Twitter: [Wed Mar 21 15:47:36 +0000 2012](https://twitter.com/adulau/status/182493670526828544)) +---- +@DidierStevens Would be great if you put your PDF tools into git(hub)... especially for tracking their changes or for contributing. Thx. + +(Originally on Twitter: [Thu Mar 22 14:22:36 +0000 2012](https://twitter.com/adulau/status/182834668209582080)) +---- +@DidierStevens Even a HTTP git repository on your personal website is fine. Like that, we clone, merge and test in one shot ;-) + +(Originally on Twitter: [Thu Mar 22 14:37:01 +0000 2012](https://twitter.com/adulau/status/182838295825350657)) +---- +@DidierStevens and especially an official git upstream from the author from his own website. Not the unofficial ;-) https://github.com/thomcarver/pdf-tools + +(Originally on Twitter: [Thu Mar 22 14:39:15 +0000 2012](https://twitter.com/adulau/status/182838856889016320)) +---- +@DidierStevens Thank you, you are the king... A pity that we cannot vote for the king in Belgium. #infosec + +(Originally on Twitter: [Thu Mar 22 14:47:40 +0000 2012](https://twitter.com/adulau/status/182840978548334592)) +---- +RT @Deploy360: Dan Massey and Joe Gersch have a proposal for "Route Origin Verification". A testbed is available -> http://t.co/TKvzF ... + +(Originally on Twitter: [Thu Mar 22 14:58:54 +0000 2012](https://twitter.com/adulau/status/182843803391102976)) +---- +"How to Estimate Change from Samples" http://arxiv.org/abs/1203.4903 a common issue with sampled Netflow records but the paper lacks a software + +(Originally on Twitter: [Fri Mar 23 08:08:00 +0000 2012](https://twitter.com/adulau/status/183102785443725312)) +---- +If someone is going to ICDDFS 2011 next week, I'm interested to get the slides... #infosec https://www.eventsforce.net/mps/frontend/reg/thome.csp?pageID=1246&eventID=6&eventID=6 + +(Originally on Twitter: [Fri Mar 23 08:52:59 +0000 2012](https://twitter.com/adulau/status/183114103672406016)) +---- +http://waleedassar.blogspot.com/2012/03/anti-dumping-part-2.html Anti dumping memory with modified SectionAlignment in the PE file... + +(Originally on Twitter: [Sat Mar 24 06:27:22 +0000 2012](https://twitter.com/adulau/status/183439846298238976)) +---- +Usually we said,it's always a permission issue but looking at the TSC clock source mess, I tend to say, it's always a clocking issue. + +(Originally on Twitter: [Sun Mar 25 12:09:28 +0000 2012](https://twitter.com/adulau/status/183888326644858880)) +---- +Under Linux kernel if you want to know available_clocksource or the current_clocksource under /sys/devices/system/clocksource/clocksource0/ + +(Originally on Twitter: [Sun Mar 25 12:11:13 +0000 2012](https://twitter.com/adulau/status/183888769680814080)) +---- +http://blogs.technet.com/b/sysinternals/archive/2012/03/26/updates-accesschk-v-5-03-autoruns-amp-autorunsc-v-11-22-procmon-v-3-0-pslist-v-1-3.aspx If you are using systinternals/Autoruns update to the latest version, there is a buffer overflow on very long paths. + +(Originally on Twitter: [Tue Mar 27 09:42:33 +0000 2012](https://twitter.com/adulau/status/184576132157411329)) +---- +I'm sure in a train you can find more samples of malware per square meter than in a cybercafe... after seeing the screen next to me #infosec + +(Originally on Twitter: [Tue Mar 27 18:12:06 +0000 2012](https://twitter.com/adulau/status/184704364294848512)) +---- +released Forban 0.0.31 - some bug fixes. Some users of the #PirateBox using this latest version. https://github.com/adulau/Forban http://foo.be/forban/ + +(Originally on Twitter: [Tue Mar 27 19:50:23 +0000 2012](https://twitter.com/adulau/status/184729096549441536)) +---- +RT @sempersecurus: The most important component of an info-sec working group is Trust. Once that's lost, the setback to effective collab ... + +(Originally on Twitter: [Thu Mar 29 07:24:39 +0000 2012](https://twitter.com/adulau/status/185266200807342080)) +---- +@mthorbruegge Do you know if the Cyber Crime Centre of Europol is equal to the ECC previously mentioned in various reports? #infosec + +(Originally on Twitter: [Thu Mar 29 09:24:34 +0000 2012](https://twitter.com/adulau/status/185296380632379392)) +---- +https://github.com/habbie/ip6-arpa-scan/ http://7bits.nl/blog/2012/03/26/finding-v6-hosts-by-efficiently-mapping-ip6-arpa "Finding v6 hosts by efficiently mapping ip6.arpa" #infosec #ipv6 + +(Originally on Twitter: [Thu Mar 29 13:49:16 +0000 2012](https://twitter.com/adulau/status/185362994832736257)) +---- +@fredraynal Congrats. If you are missing your fly, don't hesitate to call us... to find a replacement ;-) #HITB2012KUL + +(Originally on Twitter: [Thu Mar 29 14:02:16 +0000 2012](https://twitter.com/adulau/status/185366265173520384)) +---- +RT @ochsff: My hardcore forensic challenge with sexy shellcode is available from http://honeynet.org/node/828 now! Have fun! :) + +(Originally on Twitter: [Fri Mar 30 09:19:22 +0000 2012](https://twitter.com/adulau/status/185657460185505792)) +---- +What a beautiful day? "Piping Python Through Pipes" http://code.google.com/p/pyp/ a nice and clean replacement to "perl -e" #mapreducein1line + +(Originally on Twitter: [Sat Mar 31 12:44:49 +0000 2012](https://twitter.com/adulau/status/186071551127465984)) +---- +@karlpro I'm still in love with the Unix piping/streaming approach and its future is bright with map/reduce processing... #unix + +(Originally on Twitter: [Sat Mar 31 12:54:57 +0000 2012](https://twitter.com/adulau/status/186074102321250304)) +---- +France ARCEP regulation about peering will just the move the IX peering in NL, DE, LU and BE. http://www.zdnet.fr/blogs/infra-net/l-arcep-s-attaque-au-peering-internet-39770250.htm + +(Originally on Twitter: [Sun Apr 01 06:56:55 +0000 2012](https://twitter.com/adulau/status/186346387108134912)) +---- +RT @_saadk: Et si la sécurité baissait les bras ? http://www.zdnet.fr/blogs/cybervigilance/et-si-la-securite-baissait-les-bras-39769951.htm Excellent article de Pierre Caron d'Orange Labs #DFIR #CERT. Un m ... + +(Originally on Twitter: [Sun Apr 01 07:27:13 +0000 2012](https://twitter.com/adulau/status/186354010947731456)) +---- +RT @BMairlot: @adulau If the real reason behind collecting this information is to collect more taxes it could simply void the peering pr ... + +(Originally on Twitter: [Sun Apr 01 17:40:29 +0000 2012](https://twitter.com/adulau/status/186508344285073408)) +---- +RT @kryptera: The #Hackito 2012 #Crypto #Challenge is available here: http://2012.hackitoergosum.org/blog/crypto-challenge via @HackitoErgoSum + +(Originally on Twitter: [Mon Apr 02 19:04:15 +0000 2012](https://twitter.com/adulau/status/186891813964103680)) +---- +@esizkur http://taskwarrior.org/ is quite nifty for task management especially if you like the tty too... + +(Originally on Twitter: [Mon Apr 02 19:05:18 +0000 2012](https://twitter.com/adulau/status/186892079903948801)) +---- +http://cvo-lab.blogspot.fr/2012/04/saving-private-herm1t.html Vx Heavens is closed... any mirrors or copy somewhere? the history of virology is now gone... #infosec + +(Originally on Twitter: [Mon Apr 02 20:02:36 +0000 2012](https://twitter.com/adulau/status/186906499744940032)) +---- +@DrWhax Thx. Would you share it somewhere? I'm asking @vxheavens if I could send hard-drives by post... for getting a copy. + +(Originally on Twitter: [Mon Apr 02 20:12:20 +0000 2012](https://twitter.com/adulau/status/186908948488658947)) +---- +is listening to http://soundcloud.com/cthulhu/cthulhu-the-outside-world while trying to fix bugs in #Forban... maybe I should get some sleep. TB-303 bassline and iterators... + +(Originally on Twitter: [Mon Apr 02 21:08:32 +0000 2012](https://twitter.com/adulau/status/186923090662539264)) +---- +I generated a Graphiz dot file (41MB) with all the BGP ASN paths of the day. You can use @gephi to visualize it http://www.foo.be/internet-dot/ + +(Originally on Twitter: [Tue Apr 03 15:18:28 +0000 2012](https://twitter.com/adulau/status/187197380796481536)) +---- +RT @jjarmoc: It seems the most recent build of Chrome is more aggressive about handling of certificate chains with weak signatures. http ... + +(Originally on Twitter: [Tue Apr 03 15:53:15 +0000 2012](https://twitter.com/adulau/status/187206134120198144)) +---- +@raffaelmarty @tricaud Thank you, I posted it on @secviz http://secviz.org/content/visualization-internet-bgp-paths-visualization-using-gephi-dataset-available BGP Paths visualization using @gephi + dataset available + +(Originally on Twitter: [Tue Apr 03 21:11:22 +0000 2012](https://twitter.com/adulau/status/187286192625168384)) +---- +@daviddarts FYI, Matthias Strubel is working on https://github.com/MaStr/mkPirateBox-Forban an OpenWRT package for Forban - https://github.com/adulau/Forban + +(Originally on Twitter: [Wed Apr 04 11:12:07 +0000 2012](https://twitter.com/adulau/status/187497774303035393)) +---- +When reversing some Flash exploits/malware, the archive of older Flash players is very handy... http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html + +(Originally on Twitter: [Wed Apr 04 18:42:14 +0000 2012](https://twitter.com/adulau/status/187611048046628864)) +---- +http://commandcenter.blogspot.com.ar/2012/04/byte-order-fallacy.html An excellent overview from Rob Pike why you don't have to take care of byte order except if there is a bug somewhere... + +(Originally on Twitter: [Wed Apr 04 20:47:46 +0000 2012](https://twitter.com/adulau/status/187642641750564865)) +---- +@DidierStevens right because they care about ambiguity in program execution or bugs in interpretation of byte orders ;-) + +(Originally on Twitter: [Thu Apr 05 14:15:53 +0000 2012](https://twitter.com/adulau/status/187906408300281857)) +---- +Some malware are bundled with components detected as "not-a-virus" to escape A/V detection... mixing white/black-lists wtf... #infosec + +(Originally on Twitter: [Thu Apr 05 15:07:07 +0000 2012](https://twitter.com/adulau/status/187919301360103424)) +---- +RT @pretorienx: http://bit.ly/HjaEvs (Calling IDA APIs from IDAPython with ctypes) @PhysicalDrive0 + +(Originally on Twitter: [Thu Apr 05 19:09:10 +0000 2012](https://twitter.com/adulau/status/187980217304891393)) +---- +@eff https://www.eff.org/deeplinks/2012/03/zero-day-exploit-sales-should-be-key-point-cybersecurity-debate so what's your recommendation for ethical/responsible disclosure? full and public anonymous disclosure? #infosec + +(Originally on Twitter: [Fri Apr 06 06:50:10 +0000 2012](https://twitter.com/adulau/status/188156627428450305)) +---- +RT @bortzmeyer: @btabaka De toute façon, ce genre de consortium de gros requins nationaux incompétents ne pouvait qu'échouer (cf. Quaero). + +(Originally on Twitter: [Fri Apr 06 06:53:00 +0000 2012](https://twitter.com/adulau/status/188157341324156928)) +---- +https://github.com/clearspring/stream-lib "... finding membership and top-k in streams for which it is infeasible to store all events" #infosec #datamining + +(Originally on Twitter: [Fri Apr 06 12:11:07 +0000 2012](https://twitter.com/adulau/status/188237398105268224)) +---- +http://geer.tinho.net/geer.owasp.4iv12.txt Application Security Matters by Daniel E. Geer. The must read of the weekend. #infosec + +(Originally on Twitter: [Fri Apr 06 14:00:43 +0000 2012](https://twitter.com/adulau/status/188264978116116481)) +---- +@quota_atypique It's the case, they are in an operator for some part. Look at http://www.goodiff.org/changeset/563 and check for SMS. #cispa + +(Originally on Twitter: [Fri Apr 06 14:19:22 +0000 2012](https://twitter.com/adulau/status/188269672532164610)) +---- +RT @0xabad1dea: #0x10c dev channel quote: "We'll sell software as a service... call it nebula computing" + +(Originally on Twitter: [Fri Apr 06 19:38:32 +0000 2012](https://twitter.com/adulau/status/188349993176932352)) +---- +BOFH meets SystemTap like a keylogger using SystemTap... http://stapbofh.krunch.be/ #infosec #linux #systemtap + +(Originally on Twitter: [Sat Apr 07 07:00:23 +0000 2012](https://twitter.com/adulau/status/188521584946970625)) +---- +@Piratebox_Lille @daviddarts commited 2 fixes to improve Forban on the PirateBox The symlink and a rebuild factor. https://github.com/adulau/Forban/commits/master + +(Originally on Twitter: [Sat Apr 07 09:28:58 +0000 2012](https://twitter.com/adulau/status/188558980312870912)) +---- +@aaronportnoy some "basic" component like MindshaRE: IDAception or ida2sql but no real software beside the BinCrowd service. + +(Originally on Twitter: [Sat Apr 07 18:55:33 +0000 2012](https://twitter.com/adulau/status/188701564511334400)) +---- +@aaronportnoy I'm curious to see your presentation at Hackito. As we are also looking for technical possibilities to add sharing in IDA. + +(Originally on Twitter: [Sat Apr 07 18:57:29 +0000 2012](https://twitter.com/adulau/status/188702050153009152)) +---- +@novytweety it's on layer 3 in the OSI model. It's at network layer (2) for the TCP/IP model. + +(Originally on Twitter: [Sun Apr 08 12:32:47 +0000 2012](https://twitter.com/adulau/status/188967624489697280)) +---- +The leaked password dataset market... http://dazzlepod.com/uniqpass/ if some years ago, you told me about this, I wouldn't believe you. #infosec + +(Originally on Twitter: [Sun Apr 08 17:48:37 +0000 2012](https://twitter.com/adulau/status/189047107527774208)) +---- +RT @runasand: ChatSecure is an OTR-enabled XMPP client for iOS: https://github.com/chrisballinger/Off-the-Record-iOS (can also be found in the App Store). + +(Originally on Twitter: [Mon Apr 09 07:57:06 +0000 2012](https://twitter.com/adulau/status/189260635522084865)) +---- +http://www.wired.com/threatlevel/2012/04/hacking-tools/ So I should stop to use tools to modify the execution path of malware. It's an offence against malware. #wtf #legal + +(Originally on Twitter: [Mon Apr 09 15:32:18 +0000 2012](https://twitter.com/adulau/status/189375191896428545)) +---- +@mjbrender That's fucking crazy. Tools are just tools. Banning tools, EU just supports the attackers and kicks out the security researchers. + +(Originally on Twitter: [Mon Apr 09 15:46:23 +0000 2012](https://twitter.com/adulau/status/189378734028103680)) +---- +RT @mjbrender: @adulau totally agreed. I can imagine the confusing political/nontechnical conversation, but it's like outlawing knives b ... + +(Originally on Twitter: [Mon Apr 09 15:53:20 +0000 2012](https://twitter.com/adulau/status/189380484579606531)) +---- +just released Forban 0.0.32 - https://plus.google.com/u/0/112095729959662313642/posts/AN5wz8tzLsU #p2p #forban + +(Originally on Twitter: [Mon Apr 09 18:43:27 +0000 2012](https://twitter.com/adulau/status/189423296381599744)) +---- +@BMairlot Yes but I was surprised to see people selling such dataset. By the way, if you are interested in such dataset, I might share one. + +(Originally on Twitter: [Mon Apr 09 18:45:18 +0000 2012](https://twitter.com/adulau/status/189423759394996224)) +---- +http://zhodiac.hispahack.com/ " Flash CVE-2012-0769: the case of the perfect info leak " ASLR bypass mmm... #infosec + +(Originally on Twitter: [Mon Apr 09 19:00:53 +0000 2012](https://twitter.com/adulau/status/189427682461749249)) +---- +https://www.samba.org/samba/security/CVE-2012-1182 "root" credential remote code execution in Samba. #infosec + +(Originally on Twitter: [Tue Apr 10 19:05:28 +0000 2012](https://twitter.com/adulau/status/189791222418771968)) +---- +I'm curious if anyone try to compute collision with an infected payload with the zero-length test vector of the MD5 hashing function... + +(Originally on Twitter: [Wed Apr 11 14:57:58 +0000 2012](https://twitter.com/adulau/status/190091324941271041)) +---- +Another good reason to check all the flashcard that you get from vendors or suppliers: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03249176 #infosec + +(Originally on Twitter: [Wed Apr 11 16:47:09 +0000 2012](https://twitter.com/adulau/status/190118801654812672)) +---- +@philpraxis @hackitoergosum #hes2012 was really a superb edition in an incredible place. Except the "black/white-hat" discussion ;-) #hes + +(Originally on Twitter: [Mon Apr 16 07:29:17 +0000 2012](https://twitter.com/adulau/status/191790351135158272)) +---- +Wow64RevertWow64FsRedirection "Failure to re-enable redirection should be considered a criticial failure and execution aborted." You do? + +(Originally on Twitter: [Mon Apr 16 08:28:16 +0000 2012](https://twitter.com/adulau/status/191805194642788352)) +---- +@HoffmannMich You are more than welcome to the talk... but I think the audience is a bit different than the traditional security conference. + +(Originally on Twitter: [Mon Apr 16 08:58:48 +0000 2012](https://twitter.com/adulau/status/191812879647907840)) +---- +RT @cudeso: Interesting write up from @foxit on "nu.nl" hack http://bit.ly/zoQ9C5 + +(Originally on Twitter: [Mon Apr 16 12:27:11 +0000 2012](https://twitter.com/adulau/status/191865318375821312)) +---- +http://arxiv.org/abs/1204.3543 "Functional Magnetic Resonance Imaging and the Challenge of Balancing Human Security with State Security" Aie aie... + +(Originally on Twitter: [Tue Apr 17 08:15:23 +0000 2012](https://twitter.com/adulau/status/192164338755321856)) +---- +RT @rommelfs: @julioauto @thomas_coseinc @thegrugq At @hack_lu we've had a brilliant beer tasting workshop in 2010 http://t.co/5gwFZdos :) + +(Originally on Twitter: [Tue Apr 17 15:04:01 +0000 2012](https://twitter.com/adulau/status/192267177699713025)) +---- +A kind reminder to people still using Word processor for collaboration, the new and efficient technology is a text editor and git diff. + +(Originally on Twitter: [Tue Apr 17 19:50:50 +0000 2012](https://twitter.com/adulau/status/192339354193117184)) +---- +@edarchis Sharepoint is like using a wiki while doing a heart transplantation on a moving zombie with a single finger. + +(Originally on Twitter: [Tue Apr 17 20:20:08 +0000 2012](https://twitter.com/adulau/status/192346727997648897)) +---- +@xme "tc qdisc add dev eth0 root netem delay 200ms" and "tc qdisc change dev eth0 root netem loss 0.3%" + +(Originally on Twitter: [Wed Apr 18 15:56:37 +0000 2012](https://twitter.com/adulau/status/192642799219376129)) +---- +@xme Sure. Linux Netem is designed to be used on routing or bridging interfaces. Have fun. + +(Originally on Twitter: [Thu Apr 19 06:35:02 +0000 2012](https://twitter.com/adulau/status/192863859898449921)) +---- +RT @circl_lu: http://www.openssl.org/news/secadv_20120419.txt "Any application which uses BIO or FILE based functions to read untrusted DER +format data is vulnerab ... + +(Originally on Twitter: [Thu Apr 19 15:34:47 +0000 2012](https://twitter.com/adulau/status/192999695990263808)) +---- +If you are curious about the OpenSSL vulnerability in OpenSSH, you should have a look at : http://news.ycombinator.com/item?id=3862796 #infosec + +(Originally on Twitter: [Thu Apr 19 18:44:34 +0000 2012](https://twitter.com/adulau/status/193047454344675328)) +---- +Future looks bright IEC 61850-8-1 uses ASN.1 as encoding scheme. Not worries is usually just used for power plant and alike. #infosec + +(Originally on Twitter: [Fri Apr 20 09:41:12 +0000 2012](https://twitter.com/adulau/status/193273099284791296)) +---- +RT @y0m: Last day to apply for #gsoc 2012 - http://bit.ly/HmmW2g - HoneyProxy, Wireshark, Androguard, Cuckoo, IPv6, etc. + +(Originally on Twitter: [Fri Apr 20 12:20:58 +0000 2012](https://twitter.com/adulau/status/193313306310750209)) +---- +http://conferenze.dei.polimi.it/FDTC12/ "The 9th Workshop on Fault Diagnosis and Tolerance in Cryptography will be held in Leuven, on September 9, 2012." + +(Originally on Twitter: [Fri Apr 20 13:41:13 +0000 2012](https://twitter.com/adulau/status/193333502152937473)) +---- +@cbuchler Yep, it's free software/opensource. It's released under a BSD 3 clause license - http://opensource.org/licenses/BSD-3-Clause. + +(Originally on Twitter: [Sun Apr 22 08:57:03 +0000 2012](https://twitter.com/adulau/status/193986764854136832)) +---- +https://raw.github.com/gleeda/misc-scripts/master/misc_python/mbr_parser.py works well but just need to decode the instruction in 16 bits (distorm3.Decode16Bits) @DidierStevens @gleeda + +(Originally on Twitter: [Sun Apr 22 09:59:39 +0000 2012](https://twitter.com/adulau/status/194002517871427584)) +---- +@DidierStevens @gleeda works well but just need to decode the instruction in 16 bits (distorm3.Decode16Bits) (line 128). #infosec + +(Originally on Twitter: [Sun Apr 22 10:11:09 +0000 2012](https://twitter.com/adulau/status/194005414734602240)) +---- +My summary photo shooting for the Today's weather: http://www.flickr.com/photos/adulau/6956655022/in/photostream + +(Originally on Twitter: [Sun Apr 22 17:03:26 +0000 2012](https://twitter.com/adulau/status/194109165352923138)) +---- +RT @jurajsomorovsky: Good news, our paper 'On Breaking SAML' has been accepted at USENIX: Prepare for a bunch of signature wrapping atta ... + +(Originally on Twitter: [Sun Apr 22 17:12:49 +0000 2012](https://twitter.com/adulau/status/194111530235723777)) +---- +Sometime the headhunters are not afraid to ask strange question, "Would you work for securing CVS?" Sorry? That's a joke I suppose. #infosec + +(Originally on Twitter: [Mon Apr 23 19:23:59 +0000 2012](https://twitter.com/adulau/status/194506925562535936)) +---- +@r00tbsd thank you for your support during the workshop ;-) + +(Originally on Twitter: [Tue Apr 24 14:41:38 +0000 2012](https://twitter.com/adulau/status/194798255970856962)) +---- +RT @dakami: @crypt0ad yeah, I get my weakest speaker ratings from RSA. It's an alternate universe there. + +(Originally on Twitter: [Tue Apr 24 19:29:16 +0000 2012](https://twitter.com/adulau/status/194870644591173632)) +---- +I did a quick test with the Simtec Entropy Key http://www.foo.be/cgi-bin/wiki.pl/TestingSimtecEntropyKey a good improvement compared to entropy gathering from OS state #crypto + +(Originally on Twitter: [Wed Apr 25 20:13:57 +0000 2012](https://twitter.com/adulau/status/195244277192863744)) +---- +@xme I suppose the infosec survey didn't list the AssCERT or LAMN http://www.asscert.com/ in the possible certification... ;-) + +(Originally on Twitter: [Thu Apr 26 08:26:13 +0000 2012](https://twitter.com/adulau/status/195428556912852992)) +---- +@xme Thx for the link. At least, the survey ask clearly "Are certifications useful?" I would replace the word "useful" by "dangerous"... + +(Originally on Twitter: [Thu Apr 26 08:38:43 +0000 2012](https://twitter.com/adulau/status/195431702871552000)) +---- +Repeat after me "HTTP prefetching is evil" and don't tell me you need it for speed. It's a lie, you just want its abuse. #infosec + +(Originally on Twitter: [Fri Apr 27 12:37:36 +0000 2012](https://twitter.com/adulau/status/195854206945603585)) +---- +If you still believe TCP injection is not practical, you should read this paper: http://arxiv.org/abs/1204.6623 "Off-Path Attacking the Web" #infosec + +(Originally on Twitter: [Tue May 01 08:31:18 +0000 2012](https://twitter.com/adulau/status/197241776485040128)) +---- +RT @aionescu: Got held by US authorities for 8 hours on my way back from #syscan2012. Asked me all sorts of questions. @thomas_coseinc w ... + +(Originally on Twitter: [Wed May 02 20:04:42 +0000 2012](https://twitter.com/adulau/status/197778664371388416)) +---- +Another nice example of http://armoredcode.com/blog/open-the-code-or-review-it/ why the "certification" path for proprietary software vendor is a bloody mess for security... + +(Originally on Twitter: [Fri May 04 09:42:35 +0000 2012](https://twitter.com/adulau/status/198346876154675201)) +---- +Listening to the album "Ten hymns for sorbetière" of Axiome (@Cdrk_Syrphe), I especially enjoy "Brise-Glace" nice stuff. #electro + +(Originally on Twitter: [Sun May 06 17:12:29 +0000 2012](https://twitter.com/adulau/status/199184873301344258)) +---- +https://community.rapid7.com/community/metasploit/blog/2012/05/08/eternal-sunshine-of-the-spotless-ram starting process in suspended state in memory and replacing it with another process. #metasploit #infosec + +(Originally on Twitter: [Tue May 08 16:29:57 +0000 2012](https://twitter.com/adulau/status/199898945852416001)) +---- +http://2012.hack.lu/ will be HAL style this year. CFP will be released in the next hours... #infosec #hacklu #conference #luxembourg + +(Originally on Twitter: [Tue May 08 16:44:44 +0000 2012](https://twitter.com/adulau/status/199902667265425410)) +---- +@ddurvaux indeed memory analysis is the way to go. Checking the PEB table and inconsistency might be a good start. + +(Originally on Twitter: [Tue May 08 16:49:11 +0000 2012](https://twitter.com/adulau/status/199903784942575616)) +---- +@thegrugq Exactly, when I saw it, it reminded me of your ul_exec code. Security is just how to recycle stuff ;-) #infosec + +(Originally on Twitter: [Tue May 08 19:05:31 +0000 2012](https://twitter.com/adulau/status/199938097465655296)) +---- +@gal_diskin Yop. The nice thing in Metasploit is to make it a bit more accessible for quick-and-dirty works ;-) See you soon. + +(Originally on Twitter: [Tue May 08 21:06:08 +0000 2012](https://twitter.com/adulau/status/199968452620992513)) +---- +RT @hack_lu: hack.lu 2012 call for papers is now open http://2012.hack.lu/cfp/ - http://2012.hack.lu/hacklu2012-cfp.txt don't be shy to submit your security r ... + +(Originally on Twitter: [Wed May 09 07:04:35 +0000 2012](https://twitter.com/adulau/status/200119055854739456)) +---- +RT @bortzmeyer: The ISO dinosaur rubber-stamped the DOI technique (ISO 26324, of course not online). Irrelevant organization for an irre ... + +(Originally on Twitter: [Fri May 11 08:09:00 +0000 2012](https://twitter.com/adulau/status/200860041002233856)) +---- +At #tfcsirt a presentation of a #CTF used as CSIRT training. Interesting but they should participate to public CTF like http://2012.hack.lu/index.php/CaptureTheFlag + +(Originally on Twitter: [Fri May 11 08:36:23 +0000 2012](https://twitter.com/adulau/status/200866934542176256)) +---- +@DrWhax That's a good idea. For #hacklu 2012, we could submit some additional "CERT" challenges to the @fluxfingers CTF. + +(Originally on Twitter: [Fri May 11 08:52:01 +0000 2012](https://twitter.com/adulau/status/200870865724911617)) +---- +@okoeroo The interesting part if the CTF is done by other people not in your direct field, you can be really challenged with new stuff. #fun + +(Originally on Twitter: [Fri May 11 08:55:17 +0000 2012](https://twitter.com/adulau/status/200871689704312832)) +---- +RT @circl_lu: http://www.openssl.org/news/secadv_20120510.txt Invalid TLS/DTLS record attack (CVE-2012-2333) in OpenSSL. patch to OpenSSL 1.0.1c, 1.0.0j or 0.9.8x. ... + +(Originally on Twitter: [Fri May 11 09:59:56 +0000 2012](https://twitter.com/adulau/status/200887960114171904)) +---- +RT @Kaplan_CERTat: amnesty international was serving RAT tool (drive by download): http://www.zdnet.com/blog/security/amnesty-international-uk-compromised-serving-exploits-and-malware/9861 + +(Originally on Twitter: [Fri May 11 10:32:11 +0000 2012](https://twitter.com/adulau/status/200896076516036608)) +---- +@Kaplan_CERTat it's indeed an old news but Sophos published an updated analysis http://community.websense.com/blogs/securitylabs/archive/2012/05/11/amnesty-international-uk-compromised.aspx with more details. (sample welcome) + +(Originally on Twitter: [Fri May 11 10:36:09 +0000 2012](https://twitter.com/adulau/status/200897072927481856)) +---- +RT @malwarelu: Malware.lu opens its doors today. It is a repository of #malware and technical analysis hosted in #LU. See you on http:// ... + +(Originally on Twitter: [Fri May 11 21:10:55 +0000 2012](https://twitter.com/adulau/status/201056819592962048)) +---- +I was wondering if someone already did a simple sound recording/analysis from a server in a datacenter to discover access to its own rack. + +(Originally on Twitter: [Sat May 12 21:16:19 +0000 2012](https://twitter.com/adulau/status/201420564802445313)) +---- +@kabel I was looking for previous experiments in the security field to detect motion with audio only. Not sure if this is regularly used. + +(Originally on Twitter: [Sat May 12 21:34:33 +0000 2012](https://twitter.com/adulau/status/201425152720904192)) +---- +https://github.com/droe/sslsplit "SSLsplit - transparent and scalable SSL/TLS interception" and it supports SNI. To be tested. #infosec + +(Originally on Twitter: [Sun May 13 06:41:58 +0000 2012](https://twitter.com/adulau/status/201562917022334976)) +---- +Random strike of the train drivers at the #SNCB #NMBS, I'll do a random payment of my train subscription. #wtf #belgium + +(Originally on Twitter: [Mon May 14 05:17:17 +0000 2012](https://twitter.com/adulau/status/201903993855819777)) +---- +RT @hack_lu: Usually during #hacklu, we have a Powerpoint-Karaoke, if you have good/ugly materials for the session. DM us. #infosec #fun ... + +(Originally on Twitter: [Mon May 14 14:57:22 +0000 2012](https://twitter.com/adulau/status/202049973716660227)) +---- +I really like when a malware operator recommends to install a specific rootkit detector like GMER. Can you smell something? #infosec + +(Originally on Twitter: [Mon May 14 18:33:06 +0000 2012](https://twitter.com/adulau/status/202104267723649024)) +---- +@mikko Aren't you mixing up Austria and Australia? ;-) #auscert + +(Originally on Twitter: [Tue May 15 12:15:03 +0000 2012](https://twitter.com/adulau/status/202371514954293249)) +---- +http://code.google.com/p/truecrack/ "TrueCrack is a brute-force password cracker for TrueCrypt" Works with dictionary attack or "pre-charsets" selected. + +(Originally on Twitter: [Tue May 15 12:40:33 +0000 2012](https://twitter.com/adulau/status/202377931861917696)) +---- +If you are looking for some statistics of the brand/model Android phone distribution for your next malware: http://opensignalmaps.com/reports/fragmentation.php? + +(Originally on Twitter: [Wed May 16 10:51:48 +0000 2012](https://twitter.com/adulau/status/202712952929910784)) +---- +RT @luigi_auriemma: the continuos up&down of my website are caused by the usual automatic script of my hoster. don't worry there is ... + +(Originally on Twitter: [Wed May 16 11:19:44 +0000 2012](https://twitter.com/adulau/status/202719980544995328)) +---- +@certbe Do you have any sample or MD5 values for the ransomware using the SABAM name that you could share? #malware + +(Originally on Twitter: [Wed May 16 11:47:46 +0000 2012](https://twitter.com/adulau/status/202727037750870016)) +---- +@antirez Do you know if anyone already implemented patricia tree lookup for CIDR blocks in Redis? thank you #redis + +(Originally on Twitter: [Wed May 16 14:55:08 +0000 2012](https://twitter.com/adulau/status/202774190162587648)) +---- +"Versions 3.2.0 and earlier of the pidgin-otr plugin contain a format string security flaw." Arrggghhh, you know what you can update today. + +(Originally on Twitter: [Thu May 17 06:25:08 +0000 2012](https://twitter.com/adulau/status/203008228609634304)) +---- +A reminder to the guy trying to kill my feet while jumping on Nitzer Ebb. Douglas McCarthy is also the vocalist with T. Fixmer. #ebm + +(Originally on Twitter: [Thu May 17 20:38:29 +0000 2012](https://twitter.com/adulau/status/203222984255741953)) +---- +@r00bsd Maybe a sample analysis of Mebromi especially the part testing if the BIOS has been patched and doing the POST boot. #malware + +(Originally on Twitter: [Fri May 18 16:35:40 +0000 2012](https://twitter.com/adulau/status/203524264723361793)) +---- +http://www.flickr.com/photos/adulau/7222556284/in/photostream In Amsterdam, I saw this swan with her nest. Another good reason to reduce your waste... #sooc #ecology + +(Originally on Twitter: [Fri May 18 18:22:54 +0000 2012](https://twitter.com/adulau/status/203551248316764161)) +---- +http://www.chillingeffects.org/notice.cgi?sID=200613 "Notice Unavailable +DMCA (Copyright) Complaint to Google +Sent by: Microsoft +To: Google" for a search about TCP ISN... + +(Originally on Twitter: [Sat May 19 06:12:04 +0000 2012](https://twitter.com/adulau/status/203729716589506561)) +---- +http://rce.co/why-usermode-hooking-sucks-bypassing-comodo-internet-security/ Another concrete example bypassing hooks using SysWOW64 or why cross-compatibility is wonderful for abuse. #infosec + +(Originally on Twitter: [Sun May 20 16:05:53 +0000 2012](https://twitter.com/adulau/status/204241543102607360)) +---- +@novytweety Sure, many people and organizations. @imrim @r00tbsd + +(Originally on Twitter: [Tue May 22 12:17:42 +0000 2012](https://twitter.com/adulau/status/204908896232538112)) +---- +http://windowsontheory.org/2012/05/17/factoring-rsa-moduli-part-ii/ Another good reason why you need an additional external random source for your PRNG. + +(Originally on Twitter: [Tue May 22 13:44:58 +0000 2012](https://twitter.com/adulau/status/204930858287763456)) +---- +@HoffmannMich Yep, there are some tshirts left. (it depends of your size ;-) of #hacklu 2011. I can arrange something. + +(Originally on Twitter: [Wed May 23 08:22:50 +0000 2012](https://twitter.com/adulau/status/205212176078749696)) +---- +RT @kwisArts: Now #ebrc selling their services... Would much rather like to see the #picviz talk by @tricaud before I need to leave :( + +(Originally on Twitter: [Thu May 24 19:36:37 +0000 2012](https://twitter.com/adulau/status/205744129794260994)) +---- +@sam280 For the #picviz regexp is used as a bootstrap to find the ones not matching the regexp but sharing the same geospace. AFAIK. + +(Originally on Twitter: [Fri May 25 07:39:57 +0000 2012](https://twitter.com/adulau/status/205926160989814784)) +---- +http://www.av-test.org/no_cache/en/tests/test-reports/?tx_avtestreports_pi1%5Breport_no%5D=121467 "100% protection against against 0-day malware attacks Samples used: 104" hmmm, I'm curious about the samples used + +(Originally on Twitter: [Fri May 25 12:50:33 +0000 2012](https://twitter.com/adulau/status/206004328098566144)) +---- +@sm0k_ @r00tbsd I'm pretty sure with other random malware samples, the 100% will drop significantly... but can't reproduce the experiment. + +(Originally on Twitter: [Fri May 25 14:27:15 +0000 2012](https://twitter.com/adulau/status/206028662972227585)) +---- +@sm0k_ I'm curious. do you have technical details to reproduce the test from http://av-test.org? cc: @r00tbsd + +(Originally on Twitter: [Fri May 25 14:33:34 +0000 2012](https://twitter.com/adulau/status/206030249832620032)) +---- +@avtestorg What's the process to redo your test? especially the "against 0-day malware attacks" which samples were used. thank you. + +(Originally on Twitter: [Fri May 25 14:59:09 +0000 2012](https://twitter.com/adulau/status/206036690073161729)) +---- +@sam280 yep, another DGA was found for a new Zeus variant based on the profile seen. But as you know, this requires some work in any case. + +(Originally on Twitter: [Fri May 25 19:19:47 +0000 2012](https://twitter.com/adulau/status/206102281316347904)) +---- +RT @tqbf: s/CBC/CTR, sorry. CTR is more malleable than CBC. (You're doomed w/o a MAC in both cases0. + +(Originally on Twitter: [Fri May 25 19:22:39 +0000 2012](https://twitter.com/adulau/status/206103003311251456)) +---- +http://code.google.com/p/ouspg/wiki/Radamsa Radamsa is another fuzzer but quite simple to use for rapid testing/evaluation. #infosec + +(Originally on Twitter: [Fri May 25 19:30:18 +0000 2012](https://twitter.com/adulau/status/206104925976014849)) +---- +RT @syn2cat: Registration for #haxogreen: http://www.haxogreen.lu/2012/Registration Early-bird till June 22nd. + +(Originally on Twitter: [Fri May 25 19:43:19 +0000 2012](https://twitter.com/adulau/status/206108201861648386)) +---- +As discussed in Amsterdam @Kaplan_CERTat I commited version of gitlog2timesheet https://github.com/adulau/gitlog2timesheet without the Markov chain until now. + +(Originally on Twitter: [Sat May 26 10:17:15 +0000 2012](https://twitter.com/adulau/status/206328133505400832)) +---- +@Kaplan_CERTat https://github.com/adulau/gitlog2timesheet added an "-t" option to display the total hours spent per repository/project nifty for EU projects rep. + +(Originally on Twitter: [Sat May 26 10:41:51 +0000 2012](https://twitter.com/adulau/status/206334324461674496)) +---- +will be at #haxogreen to talk about "Forban Saving the Libraries by Sharing" http://www.foo.be/forban/ #archiving #books http://www.haxogreen.lu/2012/News#May_26th.2C_2012 + +(Originally on Twitter: [Sat May 26 17:20:29 +0000 2012](https://twitter.com/adulau/status/206434646718812160)) +---- +RT @adesnos: interesting to contribute to an open source seucurity project ? Join us ! http://code.google.com/p/androguard/ + +(Originally on Twitter: [Mon May 28 00:05:40 +0000 2012](https://twitter.com/adulau/status/206898999586848768)) +---- +The substitution of the day A****/M******** P******* (P**) is "Actel Microsemi ProASIC3 (PA3)" #crypto + +(Originally on Twitter: [Mon May 28 08:03:32 +0000 2012](https://twitter.com/adulau/status/207019258012647424)) +---- +http://code.google.com/p/malware-lu/wiki/en_ripper_metasm A nifty ASM ripper relying on #metasm made by @r00tbsd + +(Originally on Twitter: [Tue May 29 10:10:41 +0000 2012](https://twitter.com/adulau/status/207413645804711937)) +---- +RT @mgroeninger: Draft paper of FPGA-silicon backdoor https://www.cl.cam.ac.uk/~sps32/Silicon_scan_draft.pdf + +(Originally on Twitter: [Tue May 29 13:06:46 +0000 2012](https://twitter.com/adulau/status/207457958228008960)) +---- +@cryptopathe "Le dépouillement s'effectue en mémoire sans journalisation." Je suppose que c'est le 1er avril ;-) #crypto #paperisstillbetter + +(Originally on Twitter: [Tue May 29 13:20:27 +0000 2012](https://twitter.com/adulau/status/207461402259095552)) +---- +There will be very soon a first challenge to win @hack_lu tickets but this time not for breaking stuff but building stuff. #infosec + +(Originally on Twitter: [Tue May 29 15:14:21 +0000 2012](https://twitter.com/adulau/status/207490067172818944)) +---- +Today I'm in the mood of leaking private keys material within the TCP ISN. I'm wondering why... #malware + +(Originally on Twitter: [Tue May 29 19:03:02 +0000 2012](https://twitter.com/adulau/status/207547614852431872)) +---- +RT @hack_lu: First challenge to win #hacklu 2012 tickets in partnership with @DragonResearch https://dragonresearchgroup.org/challenges/HOTCRP/ improving the securit ... + +(Originally on Twitter: [Wed May 30 19:44:53 +0000 2012](https://twitter.com/adulau/status/207920536871895040)) +---- +RT @sergeybratus: NYT #Stuxnet article makes no mention of the Siemens' equipment audit by INL, which NYT in http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html?_r=1&pagewanted=all allege ... + +(Originally on Twitter: [Sat Jun 02 09:18:54 +0000 2012](https://twitter.com/adulau/status/208850166923538433)) +---- +RT @SteveClement: “@syn2cat: New entry at planet syn2cat - Installing Forban on Arch#linux with dedicated user - http://bit.ly/JXNMDr” + + ... + +(Originally on Twitter: [Sat Jun 02 19:00:08 +0000 2012](https://twitter.com/adulau/status/208996439567769600)) +---- +@koenvervloesem rdiff-backup over ssh works like a charm even for pretty large file-system. + +(Originally on Twitter: [Sun Jun 03 18:46:37 +0000 2012](https://twitter.com/adulau/status/209355424359657472)) +---- +http://www.symantec.com/connect/blogs/trojantatanargb-careful An interesting trojan installing an SSL proxy via the browser. Simple and efficient. #malware + +(Originally on Twitter: [Sun Jun 03 20:00:09 +0000 2012](https://twitter.com/adulau/status/209373927846330368)) +---- +Today's in LinkedIn premises. "Nice! that the IPv6 addresses of the customer using IPv6... no, it's just their hashes". #ipv6day #infosec + +(Originally on Twitter: [Wed Jun 06 13:11:06 +0000 2012](https://twitter.com/adulau/status/210358151940280320)) +---- +If you want some stickers for @hack_lu, just ping me. I should receive them tomorrow. #infosec #hacklu + +(Originally on Twitter: [Wed Jun 06 14:29:03 +0000 2012](https://twitter.com/adulau/status/210377768821723136)) +---- +RT @ddurvaux: @adulau @hack_lu take some with you at #FIRSTCON + +(Originally on Twitter: [Wed Jun 06 14:57:11 +0000 2012](https://twitter.com/adulau/status/210384848093839360)) +---- +RT @fredraynal: Il reste 6 "places" pour le challenge Ruff #sstic. Hop hop on s active ! RT svp + +(Originally on Twitter: [Wed Jun 06 15:00:41 +0000 2012](https://twitter.com/adulau/status/210385731917578243)) +---- +http://code.google.com/p/ics-openvpn/ a port of OpenVPN for Android API level 14+, so you don't need to be root. It seems interesting, code review needed. + +(Originally on Twitter: [Thu Jun 07 08:48:26 +0000 2012](https://twitter.com/adulau/status/210654436933120000)) +---- +RT @rommelfs: I guess non-proportional typefaces in MS training presentations are against corporate identity. But I request exceptions f ... + +(Originally on Twitter: [Thu Jun 07 09:22:34 +0000 2012](https://twitter.com/adulau/status/210663026670579712)) +---- +just heard that a @hack_lu sponsor @conostix will offer some IDA licenses for the winners of the @fluxfingers CTF. #infosec + +(Originally on Twitter: [Thu Jun 07 13:21:59 +0000 2012](https://twitter.com/adulau/status/210723278002720768)) +---- +RT @Guillaume_Lopes: Et si on lancait un challenge pour retrouver l'identite de celui qui a pirate @zythom ? #sstic + +(Originally on Twitter: [Thu Jun 07 13:47:24 +0000 2012](https://twitter.com/adulau/status/210729676052758529)) +---- +http://www.bbc.com/news/technology-18351995 "UN urges co-operation to prevent global cyberwar" Cooperating avoids to have 2 different malware on the same target + +(Originally on Twitter: [Fri Jun 08 09:27:10 +0000 2012](https://twitter.com/adulau/status/211026572650614784)) +---- +@rbidule A timeshare model for malware installation, maintenance and operation could be nice. But how the clean-up is done after each owner? + +(Originally on Twitter: [Fri Jun 08 14:28:47 +0000 2012](https://twitter.com/adulau/status/211102476588425217)) +---- +http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-666.pdf "A pact with the Devil" Another way to propagate malware -> incentiveware (forget the scareware) #infosec + +(Originally on Twitter: [Sat Jun 09 06:17:15 +0000 2012](https://twitter.com/adulau/status/211341165910425600)) +---- +If you want to save the libraries, you can join me at #haxogreen https://haxogreen.lu/schedule/2012/events/1.en.html #p2p + +(Originally on Twitter: [Sat Jun 09 12:11:29 +0000 2012](https://twitter.com/adulau/status/211430311404376066)) +---- +RT @xme: Stickers! Thanks to #hack_lu /Cc @adulau ![](media/212286896909463553-AvIJI8JCEAIvvJk.jpg) + +(Originally on Twitter: [Mon Jun 11 20:55:14 +0000 2012](https://twitter.com/adulau/status/212286896909463553)) +---- +@jaysonstreet this was fast, you already received them ;-) Happy that you liked it. #hacklu + +(Originally on Twitter: [Tue Jun 12 18:08:17 +0000 2012](https://twitter.com/adulau/status/212607267974037504)) +---- +I'll be at #FIRSTCON next week. If you want to discuss, sign a PGP key or have a sticker for #hacklu. Let me know. + +(Originally on Twitter: [Tue Jun 12 18:26:44 +0000 2012](https://twitter.com/adulau/status/212611912721117184)) +---- +@Pinboard What's the 'iotop' output when you have the sudden peak load? and a 'vmstat 2' output? By the way, I love @pinboard. + +(Originally on Twitter: [Tue Jun 12 20:06:17 +0000 2012](https://twitter.com/adulau/status/212636965324062720)) +---- +@Pinboard As you are using a SAS9211-8 card, you might want to check if you got the integrated or external firmware. Are you using md RAID? + +(Originally on Twitter: [Tue Jun 12 20:17:50 +0000 2012](https://twitter.com/adulau/status/212639869791514624)) +---- +RT @alcyonsecurity: Dear vendor, not keeping promises yourself and threatening a vuln reporter with taking legal actions is not nice #re ... + +(Originally on Twitter: [Wed Jun 13 12:10:49 +0000 2012](https://twitter.com/adulau/status/212879695665037312)) +---- +http://code.google.com/p/ghost-usb-honeypot/ Ghost is a honeypot for malware that spreads via USB storage devices. #infosec #honeypot + +(Originally on Twitter: [Fri Jun 15 06:02:35 +0000 2012](https://twitter.com/adulau/status/213511803257368576)) +---- +RT @__courts__: I have to take away my colleague's geek badges. They didn't recognize HAL 9000 on hack.lu's stickers #hacklu #spaceodyseey + +(Originally on Twitter: [Fri Jun 15 10:38:59 +0000 2012](https://twitter.com/adulau/status/213581363616546817)) +---- +RT @DragonResearch: Win a free pass to hack.lu, take the DRG administered HotCRP challenge http://dragonresearchgroup.org/challenges/HOTCRP/ + +(Originally on Twitter: [Fri Jun 15 13:49:24 +0000 2012](https://twitter.com/adulau/status/213629280276594688)) +---- +#PSES I do not agree on the fact that Internet should have laws because it's part of our life. Without law is sometime better @bortzmeyer + +(Originally on Twitter: [Sat Jun 16 16:35:41 +0000 2012](https://twitter.com/adulau/status/214033514461528064)) +---- +#PSES But I do agree with the "don't" mentioned by @bortzmeyer + +(Originally on Twitter: [Sat Jun 16 16:41:02 +0000 2012](https://twitter.com/adulau/status/214034860807950337)) +---- +#PSES @bortzmeyer to have a law effective for Internet, you need to attach it to a State. So it's better to forget about the laws. + +(Originally on Twitter: [Sat Jun 16 16:47:43 +0000 2012](https://twitter.com/adulau/status/214036542736449536)) +---- +At @terena #tfcsirt listening a presentation about the implementation of an ISMS in an university. I should be outside enjoying the sun... + +(Originally on Twitter: [Sun Jun 17 12:35:16 +0000 2012](https://twitter.com/adulau/status/214335400200773632)) +---- +@JanetCSIRT Very often the money spent on an ISMS is moved from operational security towards certifications... that's a pity. #infosec + +(Originally on Twitter: [Sun Jun 17 12:53:13 +0000 2012](https://twitter.com/adulau/status/214339917961101312)) +---- +At #FIRSTCON , don't forget to join the @DragonResearch booth and register for the challenges https://dragonresearchgroup.org/challenges/FIRST2012/ + +(Originally on Twitter: [Mon Jun 18 10:09:09 +0000 2012](https://twitter.com/adulau/status/214661017400119297)) +---- +@ChrisJohnRiley Don't over estimate those lists. It's a good way to get the right contacts... it's just a starting point. #infosec #FIRSTCON + +(Originally on Twitter: [Mon Jun 18 12:09:12 +0000 2012](https://twitter.com/adulau/status/214691227264757761)) +---- +@DidierStevens @ChrisJohnRiley we can meet at the DRG lounge. I'm there the whole Wednesday and Friday morning. #FIRSTCON + +(Originally on Twitter: [Mon Jun 18 12:20:47 +0000 2012](https://twitter.com/adulau/status/214694142905827329)) +---- +RT @forensikblog: Volatility plugin to detect Poison Ivy in memory and dump run-time config: http://r.forens.is/volpi #dfir #FIRSTCON + +(Originally on Twitter: [Mon Jun 18 15:31:40 +0000 2012](https://twitter.com/adulau/status/214742183192965120)) +---- +At 16:30 in Portomaso I+II, don't forget to join our panel talk about "passive DNS implementation, mining and visualization" #firstcon + +(Originally on Twitter: [Tue Jun 19 13:09:01 +0000 2012](https://twitter.com/adulau/status/215068669376598018)) +---- +@tricaud presented furl https://github.com/stricaud/furl #firstcon - a nifty tool/library to parse ugly URLs + +(Originally on Twitter: [Wed Jun 20 14:11:06 +0000 2012](https://twitter.com/adulau/status/215446682635223040)) +---- +@rrrayfoo Good point. Maybe we should do an infosec conference with just lightning talks... then people select the 1 hour talk from those. + +(Originally on Twitter: [Wed Jun 20 14:28:15 +0000 2012](https://twitter.com/adulau/status/215450996061642755)) +---- +Tinba malware presented as a lightning talk (makes sense 20KB versus 5 minutes) at #firstcon #malware #tinba + +(Originally on Twitter: [Wed Jun 20 14:33:59 +0000 2012](https://twitter.com/adulau/status/215452439577505792)) +---- +@rrrayfoo I vote for it ;-) a FIRST lightning talk edition in a Nordic country (to avoid the air conditioning...). #firstcon + +(Originally on Twitter: [Wed Jun 20 14:41:19 +0000 2012](https://twitter.com/adulau/status/215454287357153280)) +---- +@DrWhax it seems to be the main component. So it's still quite small compared to the other bankers web inject malware. + +(Originally on Twitter: [Wed Jun 20 14:43:30 +0000 2012](https://twitter.com/adulau/status/215454836076974080)) +---- +I don't mind Alaska as long we have at least 100 lightning talks ;-) @droopydog500 #FIRSTcon + +(Originally on Twitter: [Wed Jun 20 14:48:59 +0000 2012](https://twitter.com/adulau/status/215456217034801152)) +---- +@blackswanburst presents a report about ICS - SCADA exposure at #FIRSTCON done via shodan - showing that ICS exposure is real. #infosec + +(Originally on Twitter: [Wed Jun 20 15:00:26 +0000 2012](https://twitter.com/adulau/status/215459097926057985)) +---- +@DrWhax Don't know the policy at FIRST for the slides publication, I suppose the lightning talks will be available. #FIRSTcon + +(Originally on Twitter: [Wed Jun 20 15:06:28 +0000 2012](https://twitter.com/adulau/status/215460614028525569)) +---- +Even for designing presentations slides, there are cultural differences. #FIRSTcon + +(Originally on Twitter: [Wed Jun 20 15:13:35 +0000 2012](https://twitter.com/adulau/status/215462407210938370)) +---- +Masato is ON STAGE ! at #FIRSTcon + +(Originally on Twitter: [Wed Jun 20 15:33:10 +0000 2012](https://twitter.com/adulau/status/215467335933362180)) +---- +RT @mckeay: You can tell its day 4 of the conference and that people had a lot of fun last night. Too much fun, possibly #FIRSTCON http: ... + +(Originally on Twitter: [Thu Jun 21 07:52:18 +0000 2012](https://twitter.com/adulau/status/215713740706947072)) +---- +A second bonus challenge https://www.dragonresearchgroup.org/challenges/FIRST2012/213d7f26db51e9ef7390161c87c3a70b24e9dbac/ where you'll win a special prize for limited supply! #firstcon @DragonResearch + +(Originally on Twitter: [Thu Jun 21 12:10:06 +0000 2012](https://twitter.com/adulau/status/215778620256432129)) +---- +I'll get a virtual prize from @ksv for @rommelfs and @clausoverbeck who solved one challenge remotely for #firstcon @DragonResearch + +(Originally on Twitter: [Fri Jun 22 08:05:13 +0000 2012](https://twitter.com/adulau/status/216079381829922816)) +---- +Don't forget the call for papers for hack.lu 2012 will close in 23 days. https://2012.hack.lu/cfp/ #hacklu #cfp #infosec + +(Originally on Twitter: [Fri Jun 22 10:07:13 +0000 2012](https://twitter.com/adulau/status/216110080658120704)) +---- +@DidierStevens Sure. We will glad to have you at the conference. #hacklu Thank you ! + +(Originally on Twitter: [Fri Jun 22 10:14:49 +0000 2012](https://twitter.com/adulau/status/216111994435145728)) +---- +Listening to the operation b71 presentation from Microsoft and NACHA about Zeus disruption. I'm close to ask a question... #firstcon + +(Originally on Twitter: [Fri Jun 22 12:48:54 +0000 2012](https://twitter.com/adulau/status/216150772314943489)) +---- +@rbidule I did but they didn't comment about it. It will be off-list ;-) #firstcon + +(Originally on Twitter: [Fri Jun 22 12:56:53 +0000 2012](https://twitter.com/adulau/status/216152781529153536)) +---- +http://www.president.ee/en/official-duties/speeches/7589-the-president-of-estonia-at-the-international-conference-of-cyber-conflict-8-june-2012/ Usually I don't like political declaration but this one is great. President of Estonia about cyberspace. #infosec + +(Originally on Twitter: [Sat Jun 23 16:03:16 +0000 2012](https://twitter.com/adulau/status/216562073784692738)) +---- +@erpscan Did you contact the CERTs about the vulnerable ERP found on Internet? #infosec #sap + +(Originally on Twitter: [Mon Jun 25 14:21:27 +0000 2012](https://twitter.com/adulau/status/217261226743439362)) +---- +https://www.rommelfangen.de/nucleus/item/34 @rommelfs did a small write-up of the small bonus challenge with the virtual prize by @ksv - @DragonResearch + +(Originally on Twitter: [Mon Jun 25 15:11:43 +0000 2012](https://twitter.com/adulau/status/217273874339991554)) +---- +http://users.isc.org/~edmonds/presentations/rsfcode.html#(1) ISC released as open source their whole Passive DNS replication. #infosec #dns http://rsfcode.isc.org/ + +(Originally on Twitter: [Tue Jun 26 06:01:07 +0000 2012](https://twitter.com/adulau/status/217497699958796288)) +---- +The example of the security circus: the car alarm. That costs money and annoy everyone (except the robber). + +(Originally on Twitter: [Thu Jun 28 07:18:49 +0000 2012](https://twitter.com/adulau/status/218242030281830400)) +---- +http://hal.inria.fr/docs/00/70/47/90/PDF/RR-7944.pdf Efficient Padding Oracle Attacks on Cryptographic Hardware #crypto + +(Originally on Twitter: [Thu Jun 28 13:22:14 +0000 2012](https://twitter.com/adulau/status/218333487416086528)) +---- +RT @Regiteric: Attack on application layer gateway is now available in #nmap scripting engine thanks to @kroosec : http://seclists.org/nmap-dev/2012/q2/629 ... + +(Originally on Twitter: [Fri Jun 29 07:37:12 +0000 2012](https://twitter.com/adulau/status/218609045416853504)) +---- +@bortzmeyer Je ne comprends pas. Il y a vraiment des gens qui n'utilisent pas de sac à dos pour aller travailler? + +(Originally on Twitter: [Fri Jun 29 13:52:03 +0000 2012](https://twitter.com/adulau/status/218703379315179521)) +---- +@dzidorius The email is correct... but I'm not sure that I got that one. + +(Originally on Twitter: [Fri Jun 29 14:54:34 +0000 2012](https://twitter.com/adulau/status/218719110253658113)) +---- +You touch time_t and then a whole class of software from kernel to user-space is going crazy. It's just 1 second. Now imagine the overflow. + +(Originally on Twitter: [Sun Jul 01 07:40:24 +0000 2012](https://twitter.com/adulau/status/219334626924179456)) +---- +Thanks for the FF @rrrayfoo and @blackswanburst Hope to see you during @hack_lu 2012 #hacklu + +(Originally on Twitter: [Sun Jul 01 07:45:54 +0000 2012](https://twitter.com/adulau/status/219336008460812288)) +---- +Listening to Cthulhu - Malevolent attitude by Cthulhu via #soundcloud http://soundcloud.com/cthulhu/cthulhu-malevolent-attitude?utm_source=soundcloud&utm_campaign=share&utm_medium=twitter&utm_content=http://soundcloud.com/cthulhu/cthulhu-malevolent-attitude while compiling crappy code... seems appropriate. + +(Originally on Twitter: [Sun Jul 01 10:01:58 +0000 2012](https://twitter.com/adulau/status/219370250834161665)) +---- +A new standard for #infosec information sharing but the standard is not publicly available ISO/IEC 27010:2012 pfff, this will help sharing + +(Originally on Twitter: [Mon Jul 02 12:13:50 +0000 2012](https://twitter.com/adulau/status/219765827371667456)) +---- +Teaching software engineering and you want to give a real security exercise to fix an existing software -> https://dragonresearchgroup.org/challenges/HOTCRP/ #infosec + +(Originally on Twitter: [Tue Jul 03 08:53:07 +0000 2012](https://twitter.com/adulau/status/220077699341889536)) +---- +RT @spiwit: Last hour to have your say no #ACTA before the EP plenary vote !!! http://piphone.lqdn.fr @laquadrature + +(Originally on Twitter: [Wed Jul 04 09:39:42 +0000 2012](https://twitter.com/adulau/status/220451811541270528)) +---- +https://github.com/fln/addrwatch arpwatch on steroid for ipv6/ipv4 -> a nice way to monitor the layer-2 activities. #infosec + +(Originally on Twitter: [Thu Jul 05 07:28:51 +0000 2012](https://twitter.com/adulau/status/220781271989747713)) +---- +RT @hack_lu: 10 days left until the call for paper closing for hack.lu 2012 #cfp don't forget to submit your talk/paper. #hacklu http:// ... + +(Originally on Twitter: [Thu Jul 05 11:54:48 +0000 2012](https://twitter.com/adulau/status/220848199118749696)) +---- +@jpflorent #loremipsum is usually to fill the space of someone who promised to write something and never did so. like #inusuminus + +(Originally on Twitter: [Thu Jul 05 13:54:44 +0000 2012](https://twitter.com/adulau/status/220878379560349698)) +---- +Yes I'm still a user of UUCP (over SSH) and I have no shame. UUCP is the delay tolerant networking for the mortals. #unix + +(Originally on Twitter: [Fri Jul 06 19:19:46 +0000 2012](https://twitter.com/adulau/status/221322565296205824)) +---- +RT @hackerschoice: thc-ipv6 v1.9 is now available! New tools, bugfixes ... get it at http://www.thc.org/thc-ipv6 #ipv6 + +(Originally on Twitter: [Fri Jul 06 19:53:00 +0000 2012](https://twitter.com/adulau/status/221330928847437824)) +---- +The call for paper for hack.lu 2012 will be closed in 5 days...time to submit your crazy #infosec stuff ;-) #hacklu http://2012.hack.lu/cfp/ + +(Originally on Twitter: [Tue Jul 10 20:22:34 +0000 2012](https://twitter.com/adulau/status/222787920166260737)) +---- +@xme it's an inject script for the DOM. It's not Zbot but maybe another similar malware. + +(Originally on Twitter: [Tue Jul 10 20:34:30 +0000 2012](https://twitter.com/adulau/status/222790924831428608)) +---- +https://github.com/yasm/yasm "The Yasm Modular Assembler Project" Seems not too bad as a companion to nasm. to be tested. + +(Originally on Twitter: [Tue Jul 10 20:36:49 +0000 2012](https://twitter.com/adulau/status/222791509588717568)) +---- +If you are a regular user of @Gephi, it might be worth to consider a donation to them. http://pledgie.com/campaigns/13977 #infovis #infosec + +(Originally on Twitter: [Wed Jul 11 14:26:01 +0000 2012](https://twitter.com/adulau/status/223060582302105600)) +---- +So Orange said it was a software upgrade issue that broke the mobile network... Again difficult for #infosec people to ask for upgrade. + +(Originally on Twitter: [Wed Jul 11 19:52:42 +0000 2012](https://twitter.com/adulau/status/223142792610848769)) +---- +RT @AdamWintle: Well done @github for raising a $100m investment. This also means Linus Torvalds has created two billion-dollar industri ... + +(Originally on Twitter: [Wed Jul 11 20:07:42 +0000 2012](https://twitter.com/adulau/status/223146566796574721)) +---- +RT @therealsaumil: My 14th year in a row at #Blackhat and 7th year teaching #Exploitlab - http://blog.exploitlab.net/2012/07/countdown-to-blackhat-usa-2012.html - Can't wait for the awes ... + +(Originally on Twitter: [Wed Jul 11 20:27:11 +0000 2012](https://twitter.com/adulau/status/223151471527591937)) +---- +RT @circl_lu: Important security upgrade for SPIP Users, upgrade to 3.0.3, 2.1.16 and 2.0.21 ASAP. It's exploited and abused. http://t.c ... + +(Originally on Twitter: [Thu Jul 12 12:13:11 +0000 2012](https://twitter.com/adulau/status/223389539295707139)) +---- +Trying to bring Do-Ocracy to the local election in Belgium - Probability value is 0.12 it's low but it's still 0.12 http://www.communitywiki.org/DoOcracy + +(Originally on Twitter: [Thu Jul 12 16:44:37 +0000 2012](https://twitter.com/adulau/status/223457849752301570)) +---- +RT @SteveClement: Non-Newtonian Fluid Pool Party + +http://www.youtube.com/watch?v=qFMwqGucfvw&feature=related + +#Scientists #Rockstars + +(Originally on Twitter: [Thu Jul 12 16:51:23 +0000 2012](https://twitter.com/adulau/status/223459553860268032)) +---- +RT @syssecproject: Details on the 1st #SysSec summer school announced. Its main topic will be reverse-engineering of #malware. http://t. ... + +(Originally on Twitter: [Fri Jul 13 12:30:20 +0000 2012](https://twitter.com/adulau/status/223756245864161280)) +---- +Merci pour le #FF @Giribot Viens-tu à #haxogreen 2012 (fin juillet) ou @hack_lu 2012 (fin octobre)? http://haxogreen.lu/schedule/2012/events/1.en.html + +(Originally on Twitter: [Fri Jul 13 12:42:03 +0000 2012](https://twitter.com/adulau/status/223759191775514624)) +---- +http://freehaven.net/anonbib/papers/pets2012/paper_57.pdf Spying in the Dark: TCP and Tor Traffic Analysis from Yossi Gilad and Amir Herzberg + +(Originally on Twitter: [Fri Jul 13 12:54:32 +0000 2012](https://twitter.com/adulau/status/223762335418953728)) +---- +@JackHerrick without the craziness of the deletionists it would be already above 4 millions ;-) #wikipedia #wikimania + +(Originally on Twitter: [Fri Jul 13 14:05:19 +0000 2012](https://twitter.com/adulau/status/223780147499773953)) +---- ++1 http://news.ycombinator.com/item?id=4243442 "it's too easy to flag something for deletion and too difficult to counter the deletionist argument" #wikipedia + +(Originally on Twitter: [Sat Jul 14 09:08:05 +0000 2012](https://twitter.com/adulau/status/224067734105890816)) +---- +RT @tolmasky: When software you use and rely on suddenly becomes discontinued, you begin to understand what all those GPL guys are reall ... + +(Originally on Twitter: [Sun Jul 22 19:51:53 +0000 2012](https://twitter.com/adulau/status/227128856191062016)) +---- +Back to real, after 1 week without connectivity, my UUCP over SSH will now run for the whole night to process fully its queue. + +(Originally on Twitter: [Sun Jul 22 19:52:31 +0000 2012](https://twitter.com/adulau/status/227129016283430912)) +---- +http://webstersprodigy.net/2012/07/22/metasploit-generic-ntlm-relay-module/ "Metasploit Generic NTLM Relay Module" #infosec + +(Originally on Twitter: [Sun Jul 22 20:35:08 +0000 2012](https://twitter.com/adulau/status/227139740632244224)) +---- +@pinboard Do you plan to add the for: tag and its sending functionality in your wonderful web service? That would be very nice. + +(Originally on Twitter: [Mon Jul 23 07:27:12 +0000 2012](https://twitter.com/adulau/status/227303837650808832)) +---- +RT @hack_lu: one topic in the nominee of the http://pwnies.com/nominations/ @PwnieAwards 2012 will have a slot at @hack_lu 2012... infosec can be ... + +(Originally on Twitter: [Mon Jul 23 09:45:58 +0000 2012](https://twitter.com/adulau/status/227338758427656193)) +---- +@r00tbsd Nope, I'll be at #haxogreen in the next days. + +(Originally on Twitter: [Mon Jul 23 12:36:02 +0000 2012](https://twitter.com/adulau/status/227381555994165248)) +---- +RT @mattblaze: Security excuse protip: you can't claim "the attack doesn't work" and "this is too dangerous to reveal" at the same time. + +(Originally on Twitter: [Mon Jul 23 16:39:37 +0000 2012](https://twitter.com/adulau/status/227442858238558209)) +---- +http://arxiv.org/abs/1206.6389 "Poisoning Attacks against Support Vector Machines" #infosec If you use SVM for your data analysis, be aware... + +(Originally on Twitter: [Mon Jul 23 20:10:44 +0000 2012](https://twitter.com/adulau/status/227495985167888384)) +---- +Don't read this paper http://arxiv.org/abs/1207.5627 you'll be scared by the mix RFID-Biometric System and the protocol design. + +(Originally on Twitter: [Wed Jul 25 09:31:52 +0000 2012](https://twitter.com/adulau/status/228059985916088320)) +---- +@AndreasVn The best if you are interested in doing infosec, practise is key. Take a security topic and dig into it as deep as you can do. + +(Originally on Twitter: [Wed Jul 25 15:05:10 +0000 2012](https://twitter.com/adulau/status/228143863611682816)) +---- +http://www.flickr.com/photos/adulau/sets/72157630750870918/show/ I took some pictures of a friendly group doing skate boarding in Vannes... #photography + +(Originally on Twitter: [Wed Jul 25 21:32:22 +0000 2012](https://twitter.com/adulau/status/228241305275359232)) +---- +http://www.wired.com/threatlevel/2012/07/adsb-spoofing/ "These risks are security sensitive and are not publicly available.” about ADS-B... oh it's just air traffic control. + +(Originally on Twitter: [Thu Jul 26 06:39:20 +0000 2012](https://twitter.com/adulau/status/228378953470054400)) +---- +Currently reviewing some papers for @hack_lu 2012 really nice stuff were submitted... I hope we have enough space for all of them. #hacklu + +(Originally on Twitter: [Thu Jul 26 08:48:31 +0000 2012](https://twitter.com/adulau/status/228411466615758848)) +---- +@yerden Sure slides are usually available in the archive. But the best experience is to come over at @hack_lu hope to see u there. + +(Originally on Twitter: [Thu Jul 26 17:37:10 +0000 2012](https://twitter.com/adulau/status/228544503059976192)) +---- +"NIST Guide to Malware Incident Prevention and Handling for Desktops and Laptops (Draft)" http://csrc.nist.gov/publications/drafts/800-83-rev1/draft_sp800-83-rev1.pdf + +(Originally on Twitter: [Thu Jul 26 21:23:41 +0000 2012](https://twitter.com/adulau/status/228601509422714880)) +---- +@Pinboard is so incredible that I found a research dataset with 10.000 cat faces http://137.189.35.203/WebUI/CatDatabase/catData.html #fun + +(Originally on Twitter: [Thu Jul 26 21:32:36 +0000 2012](https://twitter.com/adulau/status/228603751127212032)) +---- +http://www.mariofrank.net/touchalytics/ "Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication" + +(Originally on Twitter: [Fri Jul 27 08:30:38 +0000 2012](https://twitter.com/adulau/status/228769351245889536)) +---- +If you are @ #haxogreen, I just started a Forban node f1 on the network... http://10.42.44.83:12555/ enjoy and don't hesitate to start your. + +(Originally on Twitter: [Fri Jul 27 14:04:24 +0000 2012](https://twitter.com/adulau/status/228853349192171521)) +---- +@ForumNucleaire it's not because a nuclear plant builder is joining a legacy nuclear operator association that they talk about security... + +(Originally on Twitter: [Fri Jul 27 14:37:24 +0000 2012](https://twitter.com/adulau/status/228861652236390400)) +---- +An impressive stormy weather at #haxogreen but everyone is going well. A fallen tree blocks a small entry. See you tomorrow. + +(Originally on Twitter: [Fri Jul 27 22:23:01 +0000 2012](https://twitter.com/adulau/status/228978828897300480)) +---- +RT @fluxfingers: wolkenbruch bei #haxogreen. die #fluxfingers #partycrew hat überlebt. Ein Baum umgefallen, mehrere Zelte verschoben/zus ... + +(Originally on Twitter: [Fri Jul 27 22:23:54 +0000 2012](https://twitter.com/adulau/status/228979050696278016)) +---- +RT @push_pnx: Just blogged about the WinAPI browsing feature that I have integrated into IDAscope: http://pnx-tf.blogspot.de/2012/07/idascope-update-winapi-browsing.html #idascope + +(Originally on Twitter: [Fri Jul 27 22:26:37 +0000 2012](https://twitter.com/adulau/status/228979733923246081)) +---- +RT @Pinboard: It tickles me when brand new startups have a hiring page called 'careers'. Let's just call it 'jobs' for a while, son… + +(Originally on Twitter: [Sat Jul 28 08:02:33 +0000 2012](https://twitter.com/adulau/status/229124671252082688)) +---- +My SOAP workshop is moved at 13:00 just after the lightning talks in the same room of the lightning talks. #haxogreen + +(Originally on Twitter: [Sat Jul 28 10:19:58 +0000 2012](https://twitter.com/adulau/status/229159256224579584)) +---- +An interesting lightning talks at #haxogreen about OpenPilot, a complete ecosystem for flying or driving anything http://www.openpilot.org/ + +(Originally on Twitter: [Sat Jul 28 10:35:42 +0000 2012](https://twitter.com/adulau/status/229163214670290944)) +---- +RT @cbuchler: So we've collected +300euro to donate a present to camp orga in less than 30minutes this is awesome #haxogreen + +(Originally on Twitter: [Sat Jul 28 10:43:21 +0000 2012](https://twitter.com/adulau/status/229165140518514688)) +---- +camera http://10.42.44.155/index1.htm username is haxogreen without password #haxogreen have fun and enjoy the table ;-) + +(Originally on Twitter: [Sat Jul 28 15:42:04 +0000 2012](https://twitter.com/adulau/status/229240314995544064)) +---- +https://bugzilla.mozilla.org/show_bug.cgi?id=778686 " Blocklist npuplaypc.dll (uplaypc/Ubisoft Uplay) plugin" run executables at arbitrary paths? + +(Originally on Twitter: [Mon Jul 30 14:29:17 +0000 2012](https://twitter.com/adulau/status/229946771558772737)) +---- +https://github.com/tarcieri/cryptosphere "A global decentralized encrypted datastore with anonymous publishing" interesting #infosec + +(Originally on Twitter: [Tue Jul 31 11:21:01 +0000 2012](https://twitter.com/adulau/status/230261783737282560)) +---- +http://attrition.org/errata/plagiarism/rahul_tyagi/emails.html Very often infosec can be painful but here we have a nice example of infosec plagiarism entertainment... + +(Originally on Twitter: [Tue Jul 31 13:37:41 +0000 2012](https://twitter.com/adulau/status/230296176816189440)) +---- +http://www.ctftime.org/event/38/ Hack.lu CTF 2012 on http://ctftime.org #hacklu @fluxfingers + +(Originally on Twitter: [Tue Jul 31 14:26:11 +0000 2012](https://twitter.com/adulau/status/230308380579872768)) +---- +@mruef Yep, I would be curious to see how many Schopenhauer Stratagems he is using http://ebooks.adelaide.edu.au/s/schopenhauer/arthur/controversy/ @attritionorg + +(Originally on Twitter: [Tue Jul 31 14:29:57 +0000 2012](https://twitter.com/adulau/status/230309328773603330)) +---- +Sometime if you bet with @rommelfs regarding some advanced MacOS malware, you got 2 kilograms of dark chocolate. Thanks a zillion. + +(Originally on Twitter: [Wed Aug 01 19:23:57 +0000 2012](https://twitter.com/adulau/status/230745705180954626)) +---- +And then CVE-2012-2665 is there... + +(Originally on Twitter: [Thu Aug 02 20:36:42 +0000 2012](https://twitter.com/adulau/status/231126401061883904)) +---- +is looking for that sample MD5:d166a59e71535a42267e9fa993ca8e7e #malware + +(Originally on Twitter: [Fri Aug 03 07:29:45 +0000 2012](https://twitter.com/adulau/status/231290745351442434)) +---- +RT @angelodellaera: Honeynet Project Forensic Challenge 12 – “Hiding in Plain Sight“ starting today! Have fun! https://www.honeynet.org/node/906 + +(Originally on Twitter: [Fri Aug 03 08:43:13 +0000 2012](https://twitter.com/adulau/status/231309233688305664)) +---- +For the curious, my slides about Forban and how to do SOAP given at #haxogreen are available http://www.foo.be/haxogreen2012/ + +(Originally on Twitter: [Fri Aug 03 08:47:40 +0000 2012](https://twitter.com/adulau/status/231310352590184448)) +---- +https://github.com/bitly/dablooms A Scalable, Counting, Bloom Filter library in C with Python wrappers... + +(Originally on Twitter: [Sat Aug 04 06:44:03 +0000 2012](https://twitter.com/adulau/status/231641633672810496)) +---- +http://seclists.org/fulldisclosure/2012/Aug/4 "nvidia linux binary driver priv escalation exploit" If someone is telling me that binary blobs is not risky, I'll hit. + +(Originally on Twitter: [Sat Aug 04 14:22:43 +0000 2012](https://twitter.com/adulau/status/231757060042264578)) +---- +When shooting this picture http://www.flickr.com/photos/adulau/7712545428/ I immediately thought of the security circus... + +(Originally on Twitter: [Sat Aug 04 20:48:36 +0000 2012](https://twitter.com/adulau/status/231854169013768192)) +---- +What's next? We are lacking oxygen (O2) in the office, http://wikipedia.org is down and then what? the magma is getting crazy. + +(Originally on Twitter: [Mon Aug 06 14:00:19 +0000 2012](https://twitter.com/adulau/status/232476198104600576)) +---- +RT @adesnos: try our native decompiler DAD of android app: http://androguard.blogspot.fr/2012/08/androguard-15.html #android #decompiler #python + +(Originally on Twitter: [Tue Aug 07 07:47:23 +0000 2012](https://twitter.com/adulau/status/232744734915977216)) +---- +Interesting the next generation packet-o-matic is now on @github https://github.com/gmsoft-tuxicoman/pom-ng looks promising... + +(Originally on Twitter: [Wed Aug 08 13:39:32 +0000 2012](https://twitter.com/adulau/status/233195742997647360)) +---- +@novytweety @fvilers "Whiz Kids" that's the only one ;-) + +(Originally on Twitter: [Sun Aug 12 17:16:04 +0000 2012](https://twitter.com/adulau/status/234699789529407489)) +---- +A small reminder for the people regularly using PGP, if you BCC someone, I will see the PGP key_id of the BCCs in the OpenPGP message... + +(Originally on Twitter: [Mon Aug 13 13:04:37 +0000 2012](https://twitter.com/adulau/status/234998896705810433)) +---- +@jaceksz @wimres You're welcome. It seems that not all MUA/PGP interface warns the user when doing BCCs and PGP at the same time. #infosec + +(Originally on Twitter: [Mon Aug 13 13:15:04 +0000 2012](https://twitter.com/adulau/status/235001525561352192)) +---- +http://arxiv.org/abs/1208.2169 "Securing Speech in GSM Networks using DES with Random Permutation and Inversion Algorithm" Can this be implemented? + +(Originally on Twitter: [Mon Aug 13 13:53:30 +0000 2012](https://twitter.com/adulau/status/235011198704308224)) +---- +http://www-01.ibm.com/support/docview.wss?uid=swg21607482 "IBM WebSphere MQ File Transfer Edition Web Gateway vulnerable " @r00tbsd + +(Originally on Twitter: [Mon Aug 13 14:12:36 +0000 2012](https://twitter.com/adulau/status/235016005246660608)) +---- +Some interesting examples of the ineffectiveness of surveillance cameras http://www.notbored.org/cameras-not-effective.html #privacy #securitycircus + +(Originally on Twitter: [Mon Aug 13 19:38:50 +0000 2012](https://twitter.com/adulau/status/235098104746094592)) +---- +http://arxiv.org/abs/1208.2357 "TCP Injections for Fun and Clogging" Another good reason why SACK (selective Ack) TCP option must be enabled... + +(Originally on Twitter: [Tue Aug 14 08:26:15 +0000 2012](https://twitter.com/adulau/status/235291232182628352)) +---- +I just found back an old paper in my cellar http://www.foo.be/torinj/ "Torinj : Automated Exploitation Malware Targeting Tor Users" Yep, 2009 ;-) + +(Originally on Twitter: [Tue Aug 14 14:44:38 +0000 2012](https://twitter.com/adulau/status/235386452064743426)) +---- +http://news.ycombinator.com/item?id=4381165 If Kaspersky wants to solve the "Gauss" encrypted payload, looking into malware dropzone of .IR infected sys + +(Originally on Twitter: [Tue Aug 14 19:48:50 +0000 2012](https://twitter.com/adulau/status/235463008111980545)) +---- +to build a dataset of the most probable environment path of machine in IR/LB might an approach to reduce the exhaustive search. + +(Originally on Twitter: [Tue Aug 14 19:51:03 +0000 2012](https://twitter.com/adulau/status/235463566449311744)) +---- +@remi_laurent @william_robinet Compromised machine in those countries to gather a set of installed applications and build a probable set. + +(Originally on Twitter: [Wed Aug 15 05:47:09 +0000 2012](https://twitter.com/adulau/status/235613578126835712)) +---- +http://www.debian.org/News/weekly/2011/15/#javarm When security is weakened due to licensing.... #java #infosec + +(Originally on Twitter: [Thu Aug 16 17:15:14 +0000 2012](https://twitter.com/adulau/status/236149130530000899)) +---- +RT @SteveClement: No Mr. Officer this does not look like a dump(er) +#ChipPolice ![](media/236149546336546816-A0b4mVGCcAAIUhH.jpg) + +(Originally on Twitter: [Thu Aug 16 17:16:53 +0000 2012](https://twitter.com/adulau/status/236149546336546816)) +---- +I like those statements "This attack is not new" and then? It's not new and it's widely used. So move your ass to fix the issue? #infosec + +(Originally on Twitter: [Fri Aug 17 13:20:06 +0000 2012](https://twitter.com/adulau/status/236452344496275456)) +---- +Some people are swimming in #chassepierre http://www.flickr.com/photos/adulau/7815260190/in/photostream and some are playing cup and ball http://www.flickr.com/photos/adulau/7815330644/in/photostream/ + +(Originally on Twitter: [Sun Aug 19 14:45:20 +0000 2012](https://twitter.com/adulau/status/237198568648232961)) +---- +A note to small provider like @facebook if you provide SSL access to your website, maybe should do it for all traffic including static pages + +(Originally on Twitter: [Mon Aug 20 12:07:14 +0000 2012](https://twitter.com/adulau/status/237521168649830400)) +---- +#hacklu @hack_lu some invited talks and workshops are now announced http://2012.hack.lu/index.php/List - the accepted talks will follow in the next days.. + +(Originally on Twitter: [Mon Aug 20 14:01:45 +0000 2012](https://twitter.com/adulau/status/237549988836675584)) +---- +http://chiny-florenville.ecolo.be/?q=piquenique_compost "Un pique nique pour tout savoir sur le compost" Si vous êtes en Gaume, c'est une bonne occasion. @Ecolo + +(Originally on Twitter: [Tue Aug 21 09:22:42 +0000 2012](https://twitter.com/adulau/status/237842153626275840)) +---- +If you are operating recent Ubuntu server or desktop, you might want to disable /etc/default/whoopsie -> report_crashes=true #infosec + +(Originally on Twitter: [Tue Aug 21 12:19:36 +0000 2012](https://twitter.com/adulau/status/237886669955674112)) +---- +RT @Dinosn: Making IDA ::1 Part One – YARA Signature Creation http://blog.accuvantlabs.com/blog/case-b/making-ida-1-part-one-%E2%80%93-yara-signature-creation-1 + +(Originally on Twitter: [Tue Aug 21 21:11:56 +0000 2012](https://twitter.com/adulau/status/238020636549738496)) +---- +http://blog.ptsecurity.com/2012/08/not-so-random-numbers-take-two.html "How can we get mt_rand seed via PHPSESSID?" The easiest fix would be moving from MD5 to HMAC. no? + +(Originally on Twitter: [Wed Aug 22 14:01:54 +0000 2012](https://twitter.com/adulau/status/238274801020579840)) +---- +http://www.flickr.com/photos/adulau/7839566864/in/photostream I was impressed by the live performance and I took some pictures in the late evening. #chassepierre + +(Originally on Twitter: [Wed Aug 22 20:59:06 +0000 2012](https://twitter.com/adulau/status/238379795786891264)) +---- +http://code.google.com/p/libfvde/ "Library and tools for reading FileVault Drive Encryption (FVDE) encrypted volumes." using EncryptedRoot.plist.wipekey + +(Originally on Twitter: [Thu Aug 23 05:27:14 +0000 2012](https://twitter.com/adulau/status/238507671081340928)) +---- +@lemondefr http://www.lemonde.fr/technologies/article/2012/08/25/la-victoire-d-apple-une-percee-strategique-pas-une-offensive-thermonucleaire_1751408_651865.html Could you avoid to use a patent lobbyist as a single source for an article? #patents + +(Originally on Twitter: [Sun Aug 26 07:17:35 +0000 2012](https://twitter.com/adulau/status/239622602572836864)) +---- +https://blog.mandiant.com/archives/3189 "malware proceeds to use “certmgr.exe” to install the certificate to the local store as a root CA" back to the roots + +(Originally on Twitter: [Sun Aug 26 15:23:07 +0000 2012](https://twitter.com/adulau/status/239744793020862464)) +---- +http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html At a rhythm of one zero-day per week for Oracle/Sun Java... how do you feel? #infosec + +(Originally on Twitter: [Mon Aug 27 05:18:26 +0000 2012](https://twitter.com/adulau/status/239955005166206976)) +---- +During hack.lu 2012, A critical analysis of Dropbox software security will be presented http://2012.hack.lu/index.php/List#Nicolas_Ruff_and_Florian_Ledoux:_A_critical_analysis_of_Dropbox_software_security + +(Originally on Twitter: [Mon Aug 27 09:15:24 +0000 2012](https://twitter.com/adulau/status/240014641072324608)) +---- +RT @Fr333k: .@adulau @newsoft I'd be curious to see if they read our paper from last year, and what other issues they found (PDF): http: ... + +(Originally on Twitter: [Mon Aug 27 11:22:08 +0000 2012](https://twitter.com/adulau/status/240046535197462528)) +---- +RT @thegrugq: Let me sum up all future posts about Java, forever: “it is my recommendation to disable Java, preferably via ‘DoD 7 passes ... + +(Originally on Twitter: [Mon Aug 27 11:39:43 +0000 2012](https://twitter.com/adulau/status/240050961513594880)) +---- +RT @newsoft: @Fr333k @adulau Our research is different: we focus on software analysis & code protection - but expect some surprises ... + +(Originally on Twitter: [Mon Aug 27 20:18:21 +0000 2012](https://twitter.com/adulau/status/240181477713772546)) +---- +RT @newsoft: @Fr333k @adulau @Myst3rie We have the source :) As for the conference materials, it will be made available on http://t.co/C ... + +(Originally on Twitter: [Tue Aug 28 09:43:37 +0000 2012](https://twitter.com/adulau/status/240384131085791232)) +---- +http://2012.hack.lu/index.php/List#Igor_Skochinsky:_Sony_Reader_Hacking_Story Sony Reader Hacking Story will be presented at hack.lu 2012 by Igor Skochinsky (from Hex-Rays) @hack_lu + +(Originally on Twitter: [Tue Aug 28 14:33:27 +0000 2012](https://twitter.com/adulau/status/240457071194157056)) +---- +RT @PhysicalDrive0: MD5 0cbc25ade65bcd7a28dd8ac62ea20186 Pre.jar - Blackhole Exploit Kit + (CVE-2012-4681) + +(Originally on Twitter: [Tue Aug 28 17:27:01 +0000 2012](https://twitter.com/adulau/status/240500748293636096)) +---- +http://cseweb.ucsd.edu/~voelker/pubs/eaas-ccs12.pdf "Manufacturing Compromise: The Emergence of Exploit-as-a-Service" #infosec #exploitkit + +(Originally on Twitter: [Tue Aug 28 20:12:55 +0000 2012](https://twitter.com/adulau/status/240542499490385920)) +---- +I have the bad feelings that Oracle didn't keep the security staff working on Java security... http://www.kb.cert.org/vuls/id/MORO-8XKL37 + +(Originally on Twitter: [Wed Aug 29 09:08:48 +0000 2012](https://twitter.com/adulau/status/240737756077236224)) +---- +http://2012.hack.lu/index.php/List#Mathieu_RENARD_-_GOTO:Hack_iOS_applications_-_Does_your_company_data_are_safe_when_stored_on_iDevices_.3F "iOS applications - Does your company data are safe when stored on iDevices ?" will be at hack.lu 2012 @GotoHack + +(Originally on Twitter: [Wed Aug 29 11:52:51 +0000 2012](https://twitter.com/adulau/status/240779042264068096)) +---- +@eromang Three months old is a good estimation especially if you look a bit at that "funky" market... it won't be the last. + +(Originally on Twitter: [Wed Aug 29 12:01:32 +0000 2012](https://twitter.com/adulau/status/240781225143451649)) +---- +RT @citizenlab: Our latest report https://citizenlab.org/2012/08/the-smartphone-who-loved-me-finfisher-goes-mobile/ and Bloomberg coverage http://www.bloomberg.com/news/2012-08-29/spyware-matching-finfisher-can-take-over-iphone-and-blackberry.html @headhntr @billmarczak + +(Originally on Twitter: [Thu Aug 30 05:25:23 +0000 2012](https://twitter.com/adulau/status/241043919721361408)) +---- +http://2012.hack.lu/index.php/List#S.C3.A9bastien_Dudek_and_Guillaume_Delugr.C3.A9_-_MobiDeke:_Fuzzing_the_GSM_Protocol_Stack Interested in Fuzzing the GSM protocol stack -> this talk will be at hack.lu 2012 @hack_lu #gsm #infosec + +(Originally on Twitter: [Thu Aug 30 07:34:58 +0000 2012](https://twitter.com/adulau/status/241076528635584512)) +---- +http://msdn.microsoft.com/en-us/library/exchange/hh352638%28v=exchg.140%29.aspx Check if your MUA is properly finding and calling the Autodiscover (Exchange ActiveSync) service... #infosec + +(Originally on Twitter: [Thu Aug 30 09:33:29 +0000 2012](https://twitter.com/adulau/status/241106354306174976)) +---- +If you are curious of the origin for the Java 1.7 Expression() bug, here is the 3 years old patch introducing the bug http://hg.openjdk.java.net/jdk7/jdk7/jdk/rev/e02f2d591cd5 + +(Originally on Twitter: [Thu Aug 30 12:13:36 +0000 2012](https://twitter.com/adulau/status/241146652327546880)) +---- +@mozsec and what about CVE-2012-1723? Does the June 2012 patch really solved this vulnerability valid from 1.4 until 1.7? + +(Originally on Twitter: [Thu Aug 30 14:30:23 +0000 2012](https://twitter.com/adulau/status/241181072430346240)) +---- +RT @6e726d: Working on the presentation "One Firmware To Monitor 'em All". Hoping we impress with the demos. @tutterr #hacklu + +(Originally on Twitter: [Fri Aug 31 05:16:42 +0000 2012](https://twitter.com/adulau/status/241404120341311489)) +---- +You send an exploit to a software vendor then they send you back that is not applicable. You start to understand why there is a 0d market. + +(Originally on Twitter: [Fri Aug 31 18:12:04 +0000 2012](https://twitter.com/adulau/status/241599248985124864)) +---- +If you want to relax after your daily dose of software vulnerabilities, there is a nice dark electronic mix at http://www.analogueflex.co.uk ... + +(Originally on Twitter: [Fri Aug 31 18:37:56 +0000 2012](https://twitter.com/adulau/status/241605757332770816)) +---- +RT @0xcharlie: So java is back to how it usually is, known to be vulnerable but no public POCs. I know I feel better. + +(Originally on Twitter: [Fri Aug 31 18:42:34 +0000 2012](https://twitter.com/adulau/status/241606926885068801)) +---- +@sam280 Indeed. That's why I usually use a throw away email account when submitting to the commonly unfriendly ones. #infosecsucks + +(Originally on Twitter: [Fri Aug 31 19:26:57 +0000 2012](https://twitter.com/adulau/status/241618096744448000)) +---- +http://www.goodiff.org/changeset/659/google/froogle.google.com/froogle/intl/en_us/about.html Google Product Search moved from a free service to paid product listing... at least in their ToS #goodiff + +(Originally on Twitter: [Sat Sep 01 06:36:02 +0000 2012](https://twitter.com/adulau/status/241786473421107200)) +---- +http://cs.ucsb.edu/~chris/research/doc/dimva12_memwrite.pdf "Tracking Memory Writes for Malware Classification and Code Reuse Identification" nice idea any implementation? + +(Originally on Twitter: [Sun Sep 02 13:37:21 +0000 2012](https://twitter.com/adulau/status/242254890850713600)) +---- +http://2012.hack.lu/index.php/List#Philippe_Langlois_-_Remotely_crashing_HLR_or_why_it_took_telecom_industry_20_years_to_recognize_the_problems_with_SS7 "Remotely crashing HLR or why it took telecom industry 20 years to recognize the problems with SS7" at hack.lu 2012 + +(Originally on Twitter: [Mon Sep 03 11:53:29 +0000 2012](https://twitter.com/adulau/status/242591139805421568)) +---- +Listening to a stupid talk "this is a cyber-security weapon" hmmm it's more like a software bug that needs to be fixed.. #infosecisnull + +(Originally on Twitter: [Mon Sep 03 18:05:46 +0000 2012](https://twitter.com/adulau/status/242684826300342272)) +---- +@r00tbsd This could fall into the general category "software to be fixed" but here it's about something called "security assessment module" + +(Originally on Twitter: [Mon Sep 03 18:10:17 +0000 2012](https://twitter.com/adulau/status/242685965221638144)) +---- +@r00tbsd "the assessment module" is just crashing while giving a random file instead of an XML. I just suppose they forgot to assess it ;-) + +(Originally on Twitter: [Mon Sep 03 18:11:42 +0000 2012](https://twitter.com/adulau/status/242686319954894849)) +---- +@rbidule To remain diplomatically correct: It's a very interesting interactive session with a vendor of an incredible security product. + +(Originally on Twitter: [Mon Sep 03 18:25:11 +0000 2012](https://twitter.com/adulau/status/242689714140880896)) +---- +@ochsff You don't need to mow all the grass with a tractor. A scythe can do the job but to use it well, the learning curve is like GDB... + +(Originally on Twitter: [Tue Sep 04 06:12:34 +0000 2012](https://twitter.com/adulau/status/242867732721332226)) +---- +@ochsff I followed a Scythe training this summer http://www.foo.be/scythe/ but to master it takes some time/square meters... @sergeybratus + +(Originally on Twitter: [Tue Sep 04 06:23:53 +0000 2012](https://twitter.com/adulau/status/242870583027695616)) +---- +RT @subm3rge: Sometimes #CERT work is like trying to be a firefighter in nasty hoods: You have to do it even while the inhabitants throw ... + +(Originally on Twitter: [Tue Sep 04 14:31:23 +0000 2012](https://twitter.com/adulau/status/242993264091873280)) +---- +If you want to know more about the @malwarelu project, there will be a talk at hack.lu 2012 http://2012.hack.lu/index.php/List#Paul_Rascagn.C3.A8res_-_Hugo_Caron_Malware.lu_overview #malware #conference + +(Originally on Twitter: [Wed Sep 05 07:31:04 +0000 2012](https://twitter.com/adulau/status/243249877759451136)) +---- +RT @gal_diskin: Listening to Hovav Shacham trying to explain ROP to a lecture hall full of people clueless about security. pretty amusing + +(Originally on Twitter: [Wed Sep 05 11:45:02 +0000 2012](https://twitter.com/adulau/status/243313788705726465)) +---- +http://2012.hack.lu/index.php/List#Wil_Allsopp_-_My_Life_as_an_International_Arms_Dealer_-_Social_Engineering_and_the_Psychology_of_Anonymity "My Life as an International Arms Dealer - Social Engineering and the Psychology of Anonymity " will be at hack.lu 2012 + +(Originally on Twitter: [Wed Sep 05 12:45:34 +0000 2012](https://twitter.com/adulau/status/243329021792886784)) +---- +Another presentation and developer workshop at hack.lu 2012 about Tor http://2012.hack.lu/index.php/List#Arturo_Filast.C3.B2_-_Cypherpunks_write_code:_Hacking_on_Tor Cypherpunks write code: Hacking on Tor @hack_lu + +(Originally on Twitter: [Wed Sep 05 13:42:31 +0000 2012](https://twitter.com/adulau/status/243343356497915904)) +---- +@flxflx The list of the hack.lu 2012 CTF prizes are now available http://2012.hack.lu/index.php/CaptureTheFlag usually you do the CTF the fun or an IDA license ;-) + +(Originally on Twitter: [Wed Sep 05 14:30:10 +0000 2012](https://twitter.com/adulau/status/243355346855411714)) +---- +I will add in the glossary of a research document the following acronym: UTFW, Use The Fucking Wiki. I don't know if people will see it. + +(Originally on Twitter: [Thu Sep 06 09:13:52 +0000 2012](https://twitter.com/adulau/status/243638133428744192)) +---- +http://arxiv.org/abs/1209.0875 "Applying recent secure element relay attack scenarios to the real world: Google Wallet Relay Attack" #rfid + +(Originally on Twitter: [Thu Sep 06 13:15:09 +0000 2012](https://twitter.com/adulau/status/243698853612777472)) +---- +http://www.flavorwire.com/325194/a-brief-photo-survey-of-abandoned-video-stores "A Brief Photo Survey of Abandoned Video Stores" I hope libraries will not go in that direction... + +(Originally on Twitter: [Fri Sep 07 08:16:17 +0000 2012](https://twitter.com/adulau/status/243986029663637505)) +---- +RT @antisnatchor: The new @beefproject SocialEngineering extension is now in our repo! give it a try, it's awesome. slides: http://t.co/ ... + +(Originally on Twitter: [Sat Sep 08 06:05:07 +0000 2012](https://twitter.com/adulau/status/244315407673094144)) +---- +RT @hack_lu: https://www.dragonresearchgroup.org/challenges/HOTCRP/ If you want to win 2 free entrances for hack.lu 2012, there is the Dragon Research Group (DRG) HotCRP ... + +(Originally on Twitter: [Sun Sep 09 06:53:23 +0000 2012](https://twitter.com/adulau/status/244689942729609216)) +---- +RT @Sebdraven: registered for #hacklu \o/ + +(Originally on Twitter: [Mon Sep 10 13:43:44 +0000 2012](https://twitter.com/adulau/status/245155599313158144)) +---- +RT @Regiteric: @Sebdraven It seems we will meet at: #OSSIR #bretagne and #hacklu. Are you at #RAID ? + +(Originally on Twitter: [Mon Sep 10 13:43:49 +0000 2012](https://twitter.com/adulau/status/245155622205661184)) +---- +RT @circl_lu: http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt FreeRADIUS vulnerability (pre-auth) CVE-2012-3547 fixed in latest release FreeRadius 2.2.0 #infosec + +(Originally on Twitter: [Mon Sep 10 14:23:32 +0000 2012](https://twitter.com/adulau/status/245165616368078848)) +---- +http://2012.hack.lu/index.php/List#Eric_Vyncke_-The_Layer-2_Insecurities_of_IPv6_and_the_Mitigation_Techniques Eric Vyncke will talk about The Layer-2 Insecurities of IPv6 and the Mitigation Techniques at hack.lu 2012 + +(Originally on Twitter: [Mon Sep 10 14:52:11 +0000 2012](https://twitter.com/adulau/status/245172826657660928)) +---- +RT @blackswanburst: Looking for easy talk ideas and an chilled out workshop? Come see me at #hacklu http://goo.gl/8YSjg @IOActive @adul ... + +(Originally on Twitter: [Tue Sep 11 06:35:49 +0000 2012](https://twitter.com/adulau/status/245410300059324416)) +---- +https://github.com/blasty/ssh_rape Injecting an authorized key in a running sshd process... #infosec #ssh_rape + +(Originally on Twitter: [Tue Sep 11 12:52:42 +0000 2012](https://twitter.com/adulau/status/245505143217467392)) +---- +@mvyonline Not a vulnerability, It's a standard way of many operating systems to treat memory as a trusted input... #infosec + +(Originally on Twitter: [Tue Sep 11 13:31:22 +0000 2012](https://twitter.com/adulau/status/245514876607422466)) +---- +RT @TheRealSpaf: And today, 11 years later, I am back the DC area, for another cancelled briefing. Did the world improve for other than ... + +(Originally on Twitter: [Tue Sep 11 13:46:00 +0000 2012](https://twitter.com/adulau/status/245518558715584512)) +---- +RT @NeelieKroesEU: CERT-EU (Computer Emergency Response Team) is to be established on a permanent basis for #EU institutions. Great news ... + +(Originally on Twitter: [Wed Sep 12 07:29:11 +0000 2012](https://twitter.com/adulau/status/245786118623207424)) +---- +@rommelfs I'm tweeting you to test your interface for testing the running command line interface "rm -rf /"... + +(Originally on Twitter: [Wed Sep 12 10:50:57 +0000 2012](https://twitter.com/adulau/status/245836891969183744)) +---- +RT @nickm_tor: Some thoughts on the CRIME attack and its (apparent lack of) impact on Tor: https://blog.torproject.org/blog/some-thoughts-crime-attack + +(Originally on Twitter: [Fri Sep 14 20:18:07 +0000 2012](https://twitter.com/adulau/status/246704400314290177)) +---- +@snazmeister We are doing well. Did you register for @hack_lu 2012? There is a nice CTF during the conference. + +(Originally on Twitter: [Fri Sep 14 20:20:41 +0000 2012](https://twitter.com/adulau/status/246705046715236352)) +---- +@fvilers Indeed, everything is possible... I'm impressed by the quality of the geolocation ;-) + +(Originally on Twitter: [Fri Sep 14 20:20:50 +0000 2012](https://twitter.com/adulau/status/246705086183649281)) +---- +To summarize the past mess, compression before encryption is still a good advice especially when you don't have compression headers... + +(Originally on Twitter: [Fri Sep 14 20:29:29 +0000 2012](https://twitter.com/adulau/status/246707260741521408)) +---- +@mikko It's a good sign for the cryptanalysts to work on that. + +(Originally on Twitter: [Mon Sep 17 08:22:40 +0000 2012](https://twitter.com/adulau/status/247611516487086080)) +---- +http://2012.hack.lu/index.php/List#Beer_homebrewing_workshop Not only hardcore security stuff at @hack_lu 2012, there will be also a beer home brewing workshop... #beer #infosec + +(Originally on Twitter: [Mon Sep 17 13:56:07 +0000 2012](https://twitter.com/adulau/status/247695430601801729)) +---- +http://tools.ietf.org/html/draft-josefsson-scrypt-kdf-00 "The scrypt Password-Based Key Derivation Function" as an Internet-Draft + +(Originally on Twitter: [Mon Sep 17 21:35:09 +0000 2012](https://twitter.com/adulau/status/247810950621720576)) +---- +RT @push_pnx: Updated IDAscope to have loop awareness in crypto identification. Pretty good to narrow down candidates. http://pnx-tf.blogspot.de/2012/09/idascope-fixed.html + +(Originally on Twitter: [Tue Sep 18 12:13:28 +0000 2012](https://twitter.com/adulau/status/248031988525715457)) +---- +Tonight, I used an old CVS manual to start fire in my #tulikivi... It's the first time I feel good to use CVS ;-) #git + +(Originally on Twitter: [Tue Sep 18 22:04:30 +0000 2012](https://twitter.com/adulau/status/248180724442750976)) +---- +Reading this from an infosec company newsletter "How technology can help mitigate the risks" I want to add "and create new risks" #infosec + +(Originally on Twitter: [Wed Sep 19 09:15:35 +0000 2012](https://twitter.com/adulau/status/248349609880088576)) +---- +RT @BSidesLondon: While you wait for #BSidesLondon challenges why not try the one from @hack_lu & @DragonResearch http://t.co/RCpjA ... + +(Originally on Twitter: [Wed Sep 19 21:01:11 +0000 2012](https://twitter.com/adulau/status/248527177438617600)) +---- +A small reminder for malware authors, for the Visa 3D secure initial handshake it's very easy, just store all fields entered in the DOM. + +(Originally on Twitter: [Thu Sep 20 09:47:22 +0000 2012](https://twitter.com/adulau/status/248719994626666496)) +---- +RT @PhysicalDrive0: IE 0 Day CVE-2012-4969 - VirusTotal >>> 0/43 <<< http://goo.gl/m2kB6 #IE #0Day #execCommand #patchnow + +(Originally on Twitter: [Fri Sep 21 18:58:36 +0000 2012](https://twitter.com/adulau/status/249221105431228416)) +---- +RT @ochsff: Hillarious combination of promoted Samsung tweet and article about NFC exploit ![](media/249224450002804736-A3U-CtxCEAA9Wbn.png) + +(Originally on Twitter: [Fri Sep 21 19:11:53 +0000 2012](https://twitter.com/adulau/status/249224450002804736)) +---- +RT @hack_lu: The party is confirmed at hack.lu 2012, it's the 23th October evening... another good reason to register ;-) #hacklu #ctf # ... + +(Originally on Twitter: [Fri Sep 21 19:19:17 +0000 2012](https://twitter.com/adulau/status/249226309182558208)) +---- +"Товарищи, собрано меньше половины от требуемой суммы" for the ones part of the club. They still need some support.... #genlib + +(Originally on Twitter: [Fri Sep 21 19:50:20 +0000 2012](https://twitter.com/adulau/status/249234125393899521)) +---- +RT @ioerror: Has anyone worked on Iridium satellite pager decoding in the 1626.4375MHz space? + +(Originally on Twitter: [Sat Sep 22 07:22:56 +0000 2012](https://twitter.com/adulau/status/249408421080752128)) +---- +RT @shootingsawk: Le Figaro nous apprend que Jeff Mills fait de l'electro-pop. Non, non, non madame la journaliste, c'est de la techno. ... + +(Originally on Twitter: [Sun Sep 23 09:10:58 +0000 2012](https://twitter.com/adulau/status/249797997758664704)) +---- +http://www.cyberesi.com/2012/09/21/trojan-foxy-des/ "Trojan.Foxy-DES Analysis" It seems to be a trend for some malware authors to use slightly modified ciphers. #malware + +(Originally on Twitter: [Sun Sep 23 09:14:24 +0000 2012](https://twitter.com/adulau/status/249798861739155456)) +---- +More talks for @hack_lu 2012 Honeypot ENISA Study outcomes, abusing SystemTap and pom-ng network analysis (the successor of packet-o-matic) + +(Originally on Twitter: [Mon Sep 24 08:11:10 +0000 2012](https://twitter.com/adulau/status/250145338881626112)) +---- +RT @malwarelu: We updated our search engine by malware's name It is very fast searching among 3 millions of samples now!! Test it and gi ... + +(Originally on Twitter: [Mon Sep 24 14:21:08 +0000 2012](https://twitter.com/adulau/status/250238442737373184)) +---- +RT @circl_lu: http://seclists.org/fulldisclosure/2012/Sep/170 "[SE-2012-01] Critical security issue affectingJava SE 5/6/7" Current recommendation remove or disabl ... + +(Originally on Twitter: [Tue Sep 25 12:54:13 +0000 2012](https://twitter.com/adulau/status/250578955000758272)) +---- +RT @mcholste: Favorite malware SSL cert of the day: emailAddress=larry.page@gmail.com,CN=Larry Page,OU=Web Search Dept #ELSA query: self ... + +(Originally on Twitter: [Wed Sep 26 04:41:11 +0000 2012](https://twitter.com/adulau/status/250817266982199297)) +---- +RT @pentestit: phpmyadmin_3522_backdoor.rb - http://dev.metasploit.com/redmine/projects/framework/repository/revisions/3ade5a07e7bb1b1f915a6421f3f1df0895e6f16d/entry/modules/exploits/multi/http/phpmyadmin_3522_backdoor.rb - Need I say more? + +(Originally on Twitter: [Wed Sep 26 12:04:39 +0000 2012](https://twitter.com/adulau/status/250928871380246529)) +---- +RT @marcwickenden: Code for my Splunk admin abuse tool "spunk" can be found at https://github.com/offensivecoder/spunk #brucon + +(Originally on Twitter: [Thu Sep 27 12:39:08 +0000 2012](https://twitter.com/adulau/status/251299934643552256)) +---- +RT @hack_lu: Don't forget to register your team for the @hack_lu CTF and register onsite if you want to win the prizes @ctfcentral #ctf ... + +(Originally on Twitter: [Thu Sep 27 20:37:13 +0000 2012](https://twitter.com/adulau/status/251420252276146176)) +---- +http://blogs.adobe.com/asset/2012/09/inappropriate-use-of-adobe-code-signing-certificate.html "Inappropriate Use of Adobe Code Signing Certificate" via a compromised build server + +(Originally on Twitter: [Thu Sep 27 20:41:22 +0000 2012](https://twitter.com/adulau/status/251421292966866946)) +---- ++1 infosec fun http://seclists.org/nmap-dev/2012/q3/1050 for the "Nmap: The Internet Considered Harmful - DARPA Inference Cheking Kludge Scanning" + +(Originally on Twitter: [Sat Sep 29 10:15:00 +0000 2012](https://twitter.com/adulau/status/251988439308845056)) +---- +https://github.com/taviso/rarvmtools RarVM Toolchain is cool... wondering until when a HTML5VM will pop up as this is also close a Turing-complete machine + +(Originally on Twitter: [Sat Sep 29 10:33:01 +0000 2012](https://twitter.com/adulau/status/251992972869120000)) +---- +RT @FilipWaeytens: Amazed: not a single word about #brucon in the Belgian media. Guess they are only interested in the negative kind of ... + +(Originally on Twitter: [Sat Sep 29 10:49:54 +0000 2012](https://twitter.com/adulau/status/251997221829103616)) +---- +https://github.com/gurgeh/selfspy a nice example with selfspy why sometime malware functionalities can be useful for everyone or is it the reverse? + +(Originally on Twitter: [Sun Sep 30 07:32:33 +0000 2012](https://twitter.com/adulau/status/252309945452724225)) +---- +@adobe where is your exhaustive list of CRL URLs for Adobe products? for example FlashAccessIndividualizationCA never revoke a cert #infosec + +(Originally on Twitter: [Sun Sep 30 08:39:10 +0000 2012](https://twitter.com/adulau/status/252326709221814272)) +---- +@endrazine @msuiche I'm close to replace the "powerpoint" karaoke at @hack_lu with your funny "SCIgen" paper ;-) + +(Originally on Twitter: [Sun Sep 30 10:43:32 +0000 2012](https://twitter.com/adulau/status/252358006564605952)) +---- +A new announced talk at @hack.lu 2012 "Varnish Security Firewall - high voltage protection for your web apps" http://2012.hack.lu/index.php/List#Edward_Fjellsk.C3.A5l_and_Kacper_Wysocki_-_Varnish_Security_Firewall_-_high_voltage_protection_for_your_web_apps #infosec + +(Originally on Twitter: [Mon Oct 01 17:45:09 +0000 2012](https://twitter.com/adulau/status/252826498334081024)) +---- +Today, I just won 1 kilogram of Belgian dark chocolate. Because my bet was on the Keccak hashing family for SHA-3.... + +(Originally on Twitter: [Tue Oct 02 21:08:22 +0000 2012](https://twitter.com/adulau/status/253240026874400768)) +---- +@sam280 at least, it will have an impact on my BMI ;-) + +(Originally on Twitter: [Tue Oct 02 21:20:36 +0000 2012](https://twitter.com/adulau/status/253243107687153665)) +---- +@dakami is the file a multiple of the page size? I think it's zeroed if not a multiple. + +(Originally on Twitter: [Tue Oct 02 21:24:29 +0000 2012](https://twitter.com/adulau/status/253244083567460352)) +---- +RT @nickm_tor: Nice reading if you're thinking "I should use SHA2 *and* SHA3 for extra security!": http://homepages.cwi.nl/~pietrzak/publications/FLP08.pdf Be sure to read ... + +(Originally on Twitter: [Wed Oct 03 14:58:07 +0000 2012](https://twitter.com/adulau/status/253509239950176257)) +---- +@novytweety Why don't you use the FreeRadius Dialup admin interface? http://freeradius.org/dialupadmin.html + +(Originally on Twitter: [Wed Oct 03 20:58:04 +0000 2012](https://twitter.com/adulau/status/253599825021526017)) +---- +RT @securityerrata: Hakin9 sends lawyer and takedown request after Fyodor/nmap for hosting 'The Internet Considered Harmful - DICKS' spo ... + +(Originally on Twitter: [Thu Oct 04 04:38:36 +0000 2012](https://twitter.com/adulau/status/253715722239348736)) +---- +RT @xme: Sometimes, you must say "No way!" + +(Originally on Twitter: [Fri Oct 05 07:42:14 +0000 2012](https://twitter.com/adulau/status/254124323592368128)) +---- +I need to understand something, why people are worried about surveillance? if the same people doing surveillance don't read their own logs. + +(Originally on Twitter: [Sun Oct 07 20:56:34 +0000 2012](https://twitter.com/adulau/status/255048998426140674)) +---- +Fyodor Yarochkin and Vladimir Kropotov will talk about Real-time malicious domain detection at @hack_lu 2012 #hacklu http://2012.hack.lu/index.php/List#Fyodor_Yarochkin_and_Vladimir_Kropotov_-_Real-time_malicious_domain_detection_and_malicious_activity_analysis + +(Originally on Twitter: [Tue Oct 09 06:27:56 +0000 2012](https://twitter.com/adulau/status/255555173856985088)) +---- +"Insecurity of Security Equipments" talk added for @hack_lu 2012 +http://2012.hack.lu/index.php/List#Eric_Chassard_and_Maxime_Clementz_-_Insecurity_of_Security_Equipments + +(Originally on Twitter: [Tue Oct 09 13:41:54 +0000 2012](https://twitter.com/adulau/status/255664388470620160)) +---- +@evyncke @xme if you have any pointers for the game theory approach used (with reinforcement learning?) in the talk you mentioned. thx. + +(Originally on Twitter: [Tue Oct 09 15:16:57 +0000 2012](https://twitter.com/adulau/status/255688305205735424)) +---- +@xme thanks for the pointer. + +(Originally on Twitter: [Tue Oct 09 15:24:35 +0000 2012](https://twitter.com/adulau/status/255690226389884929)) +---- +A first version of the @hack_lu 2012 agenda has been published http://2012.hack.lu/index.php/Agenda #infosec #conference #luxembourg + +(Originally on Twitter: [Wed Oct 10 07:29:52 +0000 2012](https://twitter.com/adulau/status/255933150331535361)) +---- +RT @npettiaux: Inviter tous les candidats aux élections communales ce 14/10/2010 à signer LePacte.be des libertés numériques http://t.co ... + +(Originally on Twitter: [Wed Oct 10 11:59:04 +0000 2012](https://twitter.com/adulau/status/256000897056903168)) +---- +http://tools.ietf.org/html/draft-balfanz-tls-obc-01 "TLS Origin-Bound Certificates" Maybe an approach to limit the risk of intercepted cookies... #infosec + +(Originally on Twitter: [Wed Oct 10 13:36:34 +0000 2012](https://twitter.com/adulau/status/256025433450102784)) +---- +RT @hack_lu: We just received the hack.lu 2012 t-shirts with another "crypto" challenge... #ctf #challenge #crypto #conference + +(Originally on Twitter: [Wed Oct 10 18:57:24 +0000 2012](https://twitter.com/adulau/status/256106173592371202)) +---- +@PascClau Le vote papier c'est moins cher, contrôlable par tous, facile à utiliser et en cas de panne on peut remplacer le crayon #evoting + +(Originally on Twitter: [Wed Oct 10 19:00:21 +0000 2012](https://twitter.com/adulau/status/256106915074027520)) +---- +@PascClau @FlooFrans Le seul avantage du evoting, c'est la rapidité des résultats. Ce n'est pas un avantage pour la démocratie #Connexions + +(Originally on Twitter: [Wed Oct 10 20:12:10 +0000 2012](https://twitter.com/adulau/status/256124989932183552)) +---- +@PascClau @FlooFrans All the security people in computer science prefer the paper ballot if they have the choice between electro/paper vote. + +(Originally on Twitter: [Wed Oct 10 20:16:22 +0000 2012](https://twitter.com/adulau/status/256126044745113600)) +---- +@noktec @PascClau Toutes les implémentations sont vulnérables et refaire une impression papier démontre que le papier est plus efficace. + +(Originally on Twitter: [Wed Oct 10 20:37:43 +0000 2012](https://twitter.com/adulau/status/256131418944589824)) +---- +@noktec @PascClau Si vous voulez voir les choses à ne pas faire voici une partie de digivote 2003 et 2009 http://git.quuxlabs.com/?p=belgium-election-digivote/.git;a=summary #infosec + +(Originally on Twitter: [Wed Oct 10 20:40:55 +0000 2012](https://twitter.com/adulau/status/256132224905273344)) +---- +RT @hack_lu: Do you have something incredible to present or show @hack_lu 2012? There are still some slots during the lightning talks. D ... + +(Originally on Twitter: [Wed Oct 10 20:44:10 +0000 2012](https://twitter.com/adulau/status/256133039934029824)) +---- +https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/241305 I open an ticket in 2008 and it's still open... just to have http://security.ubuntu.com accessible in IPv6 + +(Originally on Twitter: [Thu Oct 11 04:45:49 +0000 2012](https://twitter.com/adulau/status/256254254463975424)) +---- +@Hexacorn For the Skype "Worm", could give the MD5 of the five samples? #infosec + +(Originally on Twitter: [Thu Oct 11 04:47:53 +0000 2012](https://twitter.com/adulau/status/256254774956134400)) +---- +@Hexacorn Thanks for the MD5 hashes. + +(Originally on Twitter: [Fri Oct 12 07:19:53 +0000 2012](https://twitter.com/adulau/status/256655411535560704)) +---- +RT @violetblue: Here are 3 representatives from Huawei covertly watching @41414141 dissect its surveillance-friendly code #HITB2012KUL h ... + +(Originally on Twitter: [Fri Oct 12 07:38:33 +0000 2012](https://twitter.com/adulau/status/256660110103957504)) +---- +Looking for Ngram dataset with a timeline? Google books Ngram dataset available -> http://books.google.com/ngrams/datasets + +(Originally on Twitter: [Fri Oct 12 19:28:15 +0000 2012](https://twitter.com/adulau/status/256838710916698112)) +---- +Some raw statistics about my analysis of the X.509 certificate revocation reasons from 2011 to 2012 https://gist.github.com/3881180 #infosec + +(Originally on Twitter: [Fri Oct 12 20:04:43 +0000 2012](https://twitter.com/adulau/status/256847890717229056)) +---- +RT @0xabad1dea: @letoams Skype is a *malicious* binary. No need to be snippy. + +(Originally on Twitter: [Fri Oct 12 20:19:11 +0000 2012](https://twitter.com/adulau/status/256851531482136576)) +---- +I might give a lightning talk during #hacklu 2012 about my revisited X.509 Certificate Revocation analysis http://www.foo.be/cgi-bin/wiki.pl/2011-12-17_Certificate_Revocation_Reasons_2011 + +(Originally on Twitter: [Fri Oct 12 20:24:33 +0000 2012](https://twitter.com/adulau/status/256852881754435585)) +---- +http://2012.hack.lu/index.php/Agenda @hack_lu 2012 agenda updated including a new talk about "The Office Demon: Minos" - attacking Word documents. #hacklu + +(Originally on Twitter: [Mon Oct 15 08:18:15 +0000 2012](https://twitter.com/adulau/status/257757266298667009)) +---- +RT @0xabad1dea: But when you make malware that has a distinctive style, you’re inviting other people to imitate it and get starred on Ka ... + +(Originally on Twitter: [Mon Oct 15 19:24:32 +0000 2012](https://twitter.com/adulau/status/257924938730708993)) +---- +RT @FlUxIuS: Curious about #GSM #Baseband #Fuzzing? Two 'awesome' researchers will be presenting at @hack_lu next week. Don't Miss... Sa ... + +(Originally on Twitter: [Tue Oct 16 21:07:55 +0000 2012](https://twitter.com/adulau/status/258313344199561216)) +---- +http://megafrock.com/cryptex.html "Windows System Exploit" I don't like it... especially when it's touching the runtime subsystem. #infosec + +(Originally on Twitter: [Wed Oct 17 06:29:53 +0000 2012](https://twitter.com/adulau/status/258454769604124673)) +---- +@jpflorent Thank you for your support. #hacklu 2012 will be a lot fun. #infosec @hack_lu + +(Originally on Twitter: [Wed Oct 17 09:44:15 +0000 2012](https://twitter.com/adulau/status/258503684969885696)) +---- +Usually I don't read ZDnet but I did an exception for "Don't secure the internet, it needs crime" as said by Diffie http://www.zdnet.com/dont-secure-the-internet-it-needs-crime-diffie-7000005958/ + +(Originally on Twitter: [Thu Oct 18 08:34:41 +0000 2012](https://twitter.com/adulau/status/258848565013663745)) +---- +@mukimu Will you publish the full transcript/interview you had with Diffie? #infosec + +(Originally on Twitter: [Thu Oct 18 08:35:40 +0000 2012](https://twitter.com/adulau/status/258848812146249729)) +---- +RT @sansforensics: Linux Sleuthing: Christmas come early: HFS/HFS+ Mounting http://ow.ly/2sKAJD + +(Originally on Twitter: [Fri Oct 19 06:10:50 +0000 2012](https://twitter.com/adulau/status/259174751535255552)) +---- +@hack.lu #hacklu 2012 will be in the next days. We hope to see you there, enjoying the talks, the CTF, improving infosec and having fun. + +(Originally on Twitter: [Fri Oct 19 06:40:42 +0000 2012](https://twitter.com/adulau/status/259182268642390016)) +---- +RT @deesse_k: Finished writing a MsvPasswordValidate bypass tool for win 8 x64 EFI (SB not activated). ISO release coming soon. + +(Originally on Twitter: [Fri Oct 19 08:08:17 +0000 2012](https://twitter.com/adulau/status/259204308506116097)) +---- +You know that you are in deep shit when you compile some old Python modules and discover that you need a Fortran compiler. #wtf + +(Originally on Twitter: [Fri Oct 19 20:38:24 +0000 2012](https://twitter.com/adulau/status/259393081831460864)) +---- +@cudeso thank you ;-) Luckily GNU Fortran was able to compile this modified vintage code from numerical recipes. My night is save. + +(Originally on Twitter: [Fri Oct 19 20:46:29 +0000 2012](https://twitter.com/adulau/status/259395115385249792)) +---- +@clausoverbeck Will you participate to the CTF online? #hacklu that's already a part of the fun without being at the conference ;-) + +(Originally on Twitter: [Fri Oct 19 21:00:19 +0000 2012](https://twitter.com/adulau/status/259398595642531840)) +---- +RT @AcidRampage: @mikko If DDoSes are now used to hide more serious attacks, wouldn't it be the best time to check for github logs and s ... + +(Originally on Twitter: [Fri Oct 19 21:17:26 +0000 2012](https://twitter.com/adulau/status/259402902311936000)) +---- +RT @headhntr: "Never ask a lawyer if you can do something! Ask them how to keep you out of jail for shit you did..." - @coryaltheide giv ... + +(Originally on Twitter: [Sat Oct 20 06:30:40 +0000 2012](https://twitter.com/adulau/status/259542130769412096)) +---- +I don't know why but I have sometime this feeling when checking security products: http://www.flickr.com/photos/adulau/7712545428/in/photostream picture taken in Brittany #infosec + +(Originally on Twitter: [Sun Oct 21 14:37:57 +0000 2012](https://twitter.com/adulau/status/260027146326667264)) +---- +Don't expect to use the Canon Original Decision Data for forensic cases... https://github.com/lclevy/odd_verify #infosec #canon + +(Originally on Twitter: [Sun Oct 21 14:52:33 +0000 2012](https://twitter.com/adulau/status/260030822424403968)) +---- +RT @Regiteric: Code for @hack_lu is ready, I can now finish the slides https://github.com/regit/opensvp/commit/9d24297793e2f2a11f81589004ed5a9be2568d42 (cc @r00tbsd) + +(Originally on Twitter: [Sun Oct 21 20:29:32 +0000 2012](https://twitter.com/adulau/status/260115623579885568)) +---- +If you are at the hotel for #hacklu 2012 feel free to preregister in the Europe room until 23:00 @hack_lu + +(Originally on Twitter: [Mon Oct 22 20:08:12 +0000 2012](https://twitter.com/adulau/status/260472646653845504)) +---- +Workshops agenda is now online http://2012.hack.lu/index.php/Agenda#Workshops_Agenda #hacklu + +(Originally on Twitter: [Tue Oct 23 05:28:33 +0000 2012](https://twitter.com/adulau/status/260613659556995072)) +---- +RT @blackswanburst: About to start our #shodan workshop at #hacklu @adulau @achillean All welcome from novice to API ninjas! @IOActive + +(Originally on Twitter: [Tue Oct 23 07:35:34 +0000 2012](https://twitter.com/adulau/status/260645624716873728)) +---- +RT @cokebottle: Ghetto ShodanHQ queries: +port:23 Nyancat + +(Originally on Twitter: [Tue Oct 23 08:26:56 +0000 2012](https://twitter.com/adulau/status/260658551125573632)) +---- +RT @xme: The magic of #shodan to find interesting stuff! #hacklu http://twitpic.com/b6nqxo + +(Originally on Twitter: [Tue Oct 23 08:27:22 +0000 2012](https://twitter.com/adulau/status/260658663939792896)) +---- +#hacklu CTF will start at 11:00 @hack_lu + +(Originally on Twitter: [Tue Oct 23 08:27:46 +0000 2012](https://twitter.com/adulau/status/260658762245890048)) +---- +RT @headhntr: Today: Warsaw, Poland for the 16th Conference on Telecommunications and Security. Tomorrow: Luxembourg for @hack_lu. #secu ... + +(Originally on Twitter: [Tue Oct 23 08:28:03 +0000 2012](https://twitter.com/adulau/status/260658835310661632)) +---- +#hacklu tshirt challenge is also available for non-local CTF participant. Enjoy and have fun! Clue: it's easier with a tshirt @hack_lu #ctf + +(Originally on Twitter: [Tue Oct 23 08:29:16 +0000 2012](https://twitter.com/adulau/status/260659141989789696)) +---- +RT @cvandeplas: Draw, simulate, run,… networks and systems with #hynesim at #hacklu http://www.hynesim.com/Overview-613-0-0-0.html #opensource + +(Originally on Twitter: [Tue Oct 23 09:42:45 +0000 2012](https://twitter.com/adulau/status/260677630930583553)) +---- +Some updates in the Agenda for #hacklu @hack_lu http://2012.hack.lu/index.php/Agenda + +(Originally on Twitter: [Tue Oct 23 09:43:28 +0000 2012](https://twitter.com/adulau/status/260677812338434048)) +---- +RT @DidierStevens: I'm at #hacklu My workshop is at 15:00 http://Workshop.didierstevens.com You need a 32-bit XP machine, VM is fine. + +(Originally on Twitter: [Tue Oct 23 09:43:34 +0000 2012](https://twitter.com/adulau/status/260677836627660800)) +---- +RT @blackswanburst: @CanotasInule @adulau @achillean @ioactive We have a ten minute break now, but the slides will be in the archive for ... + +(Originally on Twitter: [Tue Oct 23 10:08:44 +0000 2012](https://twitter.com/adulau/status/260684173663158272)) +---- +RT @tomchop_: SinFP3 at #hacklu : OS fingerprinting on steroids! + +(Originally on Twitter: [Tue Oct 23 14:42:47 +0000 2012](https://twitter.com/adulau/status/260753137948823553)) +---- +RT @xme: When slides look easy, think about the days/weeks/months spent to perform the research! Respect! #hacklu + +(Originally on Twitter: [Tue Oct 23 14:43:30 +0000 2012](https://twitter.com/adulau/status/260753320342339586)) +---- +RT @virii: At #hacklu for the @c3l_ :) Come by and grab a sticker ;) + +(Originally on Twitter: [Tue Oct 23 15:14:42 +0000 2012](https://twitter.com/adulau/status/260761170150031361)) +---- +RT @cedricpernet: RT @xme: 70% of Android malwares use "Premium SMS" services to get $$$ #hacklu #malware #android #cybercrime + +(Originally on Twitter: [Tue Oct 23 15:14:46 +0000 2012](https://twitter.com/adulau/status/260761188747591680)) +---- +RT @Regiteric: @valdesjo77 @Sebdraven #hacklu slides are available here http://archive.hack.lu/2012/ + +(Originally on Twitter: [Tue Oct 23 15:14:55 +0000 2012](https://twitter.com/adulau/status/260761225556799488)) +---- +RT @tutterr: Sony used same private keys to decrypt and sign firm updates in some PRS readers - ouch! - #hacklu 2012 + +(Originally on Twitter: [Tue Oct 23 15:15:06 +0000 2012](https://twitter.com/adulau/status/260761272243613696)) +---- +RT @xme: Looking for bugs? Use Google Alerts to catch people reporting "IE9 crash" or use #pastemon ;-) #hacklu + +(Originally on Twitter: [Tue Oct 23 16:36:30 +0000 2012](https://twitter.com/adulau/status/260781754858754048)) +---- +A small hint for the tshirt challenge "It was in use sometime ago" #ctf #infosec #hacklu + +(Originally on Twitter: [Tue Oct 23 18:51:35 +0000 2012](https://twitter.com/adulau/status/260815752968433664)) +---- +RT @xme: [/dev/random] Hack.lu 2012 Wrap-Up Day #1 http://blog.rootshell.be/?p=19827 #hacklu + +(Originally on Twitter: [Tue Oct 23 23:52:00 +0000 2012](https://twitter.com/adulau/status/260891354589175808)) +---- +RT @steevebarbeau: Malwasm developed by @r00tbsd & @y0ug looks awesome ! http://malwasm.com/ http://code.google.com/p/malwasm/ #hacklu + +(Originally on Twitter: [Tue Oct 23 23:52:25 +0000 2012](https://twitter.com/adulau/status/260891459039924225)) +---- +@RealKevinNoble Thanks. If you have any question about this research, feel free. #infovis #dns #infosec + +(Originally on Twitter: [Tue Oct 23 23:55:00 +0000 2012](https://twitter.com/adulau/status/260892107454164994)) +---- +#hacklu Agenda updated for today http://2012.hack.lu/index.php/Agenda @hack_lu + +(Originally on Twitter: [Wed Oct 24 07:37:32 +0000 2012](https://twitter.com/adulau/status/261008508202385408)) +---- +Don't forget to register your lightning talk for today on the whiteboard... #hacklu @hack_lu + +(Originally on Twitter: [Wed Oct 24 07:38:15 +0000 2012](https://twitter.com/adulau/status/261008687278202880)) +---- +@fygrave Closer to the solution... until now, one team found it. #hacklu + +(Originally on Twitter: [Wed Oct 24 07:39:58 +0000 2012](https://twitter.com/adulau/status/261009119438327808)) +---- +RT @niCRO: @newsoft je suis donc un APT reel ? ;-) Bien le bonjour aux autres a #hacklu /cc: @rbidule @adulau + +(Originally on Twitter: [Wed Oct 24 08:01:07 +0000 2012](https://twitter.com/adulau/status/261014442735697920)) +---- +CTF #hacklu official prize distribution will be at 2:15 PM in the Europe room. @hack_lu + +(Originally on Twitter: [Thu Oct 25 07:42:29 +0000 2012](https://twitter.com/adulau/status/261372143588225024)) +---- +RT @ProjectHoneynet: This looks like a promising project. http://code.google.com/p/malwasm/ Hearing good things about it from the folks at #hacklu #m ... + +(Originally on Twitter: [Thu Oct 25 07:42:48 +0000 2012](https://twitter.com/adulau/status/261372222495682562)) +---- +RT @xme: Let's play with Broadcom firmware! #hacklu + +(Originally on Twitter: [Thu Oct 25 07:47:19 +0000 2012](https://twitter.com/adulau/status/261373357520457728)) +---- +RT @tomchop_: Fyodor's tool is available here : https://github.com/fygrave/dnslyzer #hacklu + +(Originally on Twitter: [Thu Oct 25 07:47:29 +0000 2012](https://twitter.com/adulau/status/261373402227548160)) +---- +RT @tomchop_: Hacking and reversing Broadcom chipsets -> manipulating the device's memory, stocking data, monitor mode… #hacklu + +(Originally on Twitter: [Thu Oct 25 07:54:41 +0000 2012](https://twitter.com/adulau/status/261375213546131456)) +---- +RT @tutterr: For those who asked, here is the patch to get wifi monmode and injection on mobile devices #hacklu https://github.com/tuter/monmob + +(Originally on Twitter: [Thu Oct 25 09:10:42 +0000 2012](https://twitter.com/adulau/status/261394343179452416)) +---- +RT @tomchop_: 802.11 injection from an iPad! #hacklu diff. chipsets and diff. cards share the same code. + +(Originally on Twitter: [Thu Oct 25 09:10:48 +0000 2012](https://twitter.com/adulau/status/261394369599377408)) +---- +RT @DidierStevens: #hacklu and the cmd & regedit spreadsheet: http://blog.didierstevens.com/2012/09/06/update-split-taskmanager-xls-version-0-1-4/ + +(Originally on Twitter: [Thu Oct 25 15:24:49 +0000 2012](https://twitter.com/adulau/status/261488492541001728)) +---- +RT @DidierStevens: Lot of positive feedback on my #hacklu lightning talk (Excel Fun). Maybe I'll submit a full talk for next year. + +(Originally on Twitter: [Thu Oct 25 15:26:33 +0000 2012](https://twitter.com/adulau/status/261488929746874368)) +---- +RT @dennisappelt: There are pwnies right next to where #hacklu is held. Coincidence? :) ![](media/261489030598897664-A6DzTPHCcAAwQkA.jpg) + +(Originally on Twitter: [Thu Oct 25 15:26:57 +0000 2012](https://twitter.com/adulau/status/261489030598897664)) +---- +RT @inliniac: Interesting #hacklu talk about packet-o-matic (pom-ng). Real time network forensics with lua scripting. Appears to be simi ... + +(Originally on Twitter: [Thu Oct 25 15:27:11 +0000 2012](https://twitter.com/adulau/status/261489090170605568)) +---- +RT @fluxfingers: you can find #hacklu #ctf writeups here: http://ctftime.org/event/38/tasks/ + +(Originally on Twitter: [Thu Oct 25 15:27:31 +0000 2012](https://twitter.com/adulau/status/261489171372314624)) +---- +RT @xme: Very nice lightning talks today! Great job guys! #infosec #hacklu + +(Originally on Twitter: [Thu Oct 25 15:40:30 +0000 2012](https://twitter.com/adulau/status/261492438768693248)) +---- +@maxime_tz Thank you for being with us. See you at the next edition! #hacklu #infosec + +(Originally on Twitter: [Thu Oct 25 19:28:02 +0000 2012](https://twitter.com/adulau/status/261549699939594241)) +---- +RT @Sebdraven: #hacklu three awesome days with awesome people. See you next year! + +(Originally on Twitter: [Thu Oct 25 20:21:06 +0000 2012](https://twitter.com/adulau/status/261563053655617536)) +---- +After #hacklu 2012 "nani gigantum humeris insidentes" makes much more sense. #infosec #sharing + +(Originally on Twitter: [Thu Oct 25 20:21:13 +0000 2012](https://twitter.com/adulau/status/261563085716856832)) +---- +Using the z3 sat solver in one of the #hacklu CTF http://blog.lse.epita.fr/articles/34-hacklu-ctf-2012-donn-beach-500-points.html interesting #reversing + +(Originally on Twitter: [Thu Oct 25 20:33:46 +0000 2012](https://twitter.com/adulau/status/261566243692240896)) +---- +@tutterr Thanks for your talk. It's really an impressive work... #hacklu #firmwaresecurity #infosec + +(Originally on Twitter: [Thu Oct 25 20:53:41 +0000 2012](https://twitter.com/adulau/status/261571255017279489)) +---- +@Regiteric Congrats! I hope that you'll work on the PF rule-set grammar for #Netfilter ;-) + +(Originally on Twitter: [Thu Oct 25 21:20:59 +0000 2012](https://twitter.com/adulau/status/261578124179951616)) +---- +RT @leetmore: Hack.lu 2012 CTF Challenge #3 (450) http://ctf.su/4SYI #hacklu #ctf #writeup + +(Originally on Twitter: [Fri Oct 26 09:33:16 +0000 2012](https://twitter.com/adulau/status/261762410245914624)) +---- +http://lutz.donnerhacke.de/eng/Blog/DNS-Dampening-under-the-microscope DNS Dampening under the microscope #infosec #ddos #dns + +(Originally on Twitter: [Fri Oct 26 11:25:29 +0000 2012](https://twitter.com/adulau/status/261790648326291459)) +---- +RT @circl_lu: http://packages.qa.debian.org/e/exim4/news/20121026T084842Z.html Exim vulnerability packages compiled and updates to come in the next hours. #infosec #exim + +(Originally on Twitter: [Fri Oct 26 15:44:11 +0000 2012](https://twitter.com/adulau/status/261855752694673409)) +---- +Don't forget to add your writeup for #hacklu 2012 on @ctftime #ctf + +(Originally on Twitter: [Fri Oct 26 19:55:53 +0000 2012](https://twitter.com/adulau/status/261919097594470401)) +---- +RT @jedisct1: RT @hdmoore: Examples of cf9139d54445c8957e750210ba377b2e in web application cookies: http://pastie.org/private/cyzavzyrgv2ymmyt4xotq + +(Originally on Twitter: [Sat Oct 27 07:02:02 +0000 2012](https://twitter.com/adulau/status/262086739361931264)) +---- +Discussing about @hack_lu 2013 improvements, would you enjoy a full half-day of lightning talks? #hacklu #infosec + +(Originally on Twitter: [Sat Oct 27 10:44:52 +0000 2012](https://twitter.com/adulau/status/262142818338865152)) +---- +RT @PatriceAuffret: @adulau @hack_lu A full half-day of 15 minutes talk would be nice ;) 5 minutes is too short. + +(Originally on Twitter: [Sat Oct 27 13:54:21 +0000 2012](https://twitter.com/adulau/status/262190500289859585)) +---- +Question of the day: What was the first malware to abuse deliberately the NTFS Junction point function? #infosec #malware + +(Originally on Twitter: [Mon Oct 29 09:07:19 +0000 2012](https://twitter.com/adulau/status/262843044431290369)) +---- +If you have any pictures for #hacklu 2012, don't forget to upload them in the flickr hack.lu group http://www.flickr.com/groups/1559269@N23/ thank you! + +(Originally on Twitter: [Wed Oct 31 13:32:33 +0000 2012](https://twitter.com/adulau/status/263634568073056257)) +---- +@bortzmeyer Le BGP Ranking d'OVH est peut-être plus détaillé... http://bgpranking.circl.lu/asns?asn=16276&source=&date= #infosec + +(Originally on Twitter: [Wed Oct 31 15:33:18 +0000 2012](https://twitter.com/adulau/status/263664956698939394)) +---- +just released Forban 0.0.33 including patches from @MatthiasStrubel #p2p #p2popportunistic http://www.foo.be/forban/ + +(Originally on Twitter: [Thu Nov 01 11:10:38 +0000 2012](https://twitter.com/adulau/status/263961239917584385)) +---- +RT @FlUxIuS: #Fuzzing the #GSM Protocol Stack slides now available: http://2012.hack.lu/archive/2012/Fuzzing_The_GSM_Protocol_Stack_-_Sebastien_Dudek_Guillaume_Delugre.pdf | #hacklu #Sogeti #ESEC + +(Originally on Twitter: [Thu Nov 01 13:11:17 +0000 2012](https://twitter.com/adulau/status/263991601104314368)) +---- +Any plan for adding a redis file type in Suricata? that would be a killer feature... @Regiteric #nids #infosec + +(Originally on Twitter: [Thu Nov 01 15:20:14 +0000 2012](https://twitter.com/adulau/status/264024052061048832)) +---- +@Regiteric Redis output would be very useful for Suricata module like http-log when you have a ton of output logs to process in FIFO mode. + +(Originally on Twitter: [Thu Nov 01 15:47:46 +0000 2012](https://twitter.com/adulau/status/264030984188612610)) +---- +@rafi0t you can replace Redis with RabbitMQ for the case of Suricata logging. This works too. + +(Originally on Twitter: [Thu Nov 01 15:55:54 +0000 2012](https://twitter.com/adulau/status/264033031487107072)) +---- +RT @monoskop: @aaaarg @chrisdary There's another TOS tracker at http://www.goodiff.org, and recently launched @ToSDR http://tos-dr.info/#services + +(Originally on Twitter: [Thu Nov 01 15:56:24 +0000 2012](https://twitter.com/adulau/status/264033155097432065)) +---- +RT @inliniac: #Suricata 1.3.3 is out! Important fixes, upgrade highly recommended! Notes: http://suricata-ids.org/2012/11/01/suricata-1-3-3-available/ Download: http://t.co/Zed ... + +(Originally on Twitter: [Thu Nov 01 18:37:19 +0000 2012](https://twitter.com/adulau/status/264073650548924417)) +---- +http://tools.ietf.org/html/draft-ietf-websec-key-pinning-03 "Public Key Pinning Extension for HTTP" A good step the section 5 might be the source of core issues #infosec #x509 + +(Originally on Twitter: [Fri Nov 02 11:09:25 +0000 2012](https://twitter.com/adulau/status/264323323952001025)) +---- +http://www.devttys0.com/2012/11/reverse-engineering-serial-ports/ "Reverse Engineering Serial Ports" nice one before firing up your bus pirate on an unknown serial bus. + +(Originally on Twitter: [Fri Nov 02 11:21:58 +0000 2012](https://twitter.com/adulau/status/264326478836137985)) +---- +RT @cryptax: In the middle of @aumasson 's talk on SHA-3. Like it. You should have included swiss chocolate in your own submission ;) #h ... + +(Originally on Twitter: [Fri Nov 02 12:42:48 +0000 2012](https://twitter.com/adulau/status/264346822842122240)) +---- +RT @hack_lu: http://www.flickr.com/photos/adulau/8147615053/in/pool-1559269@N23 a photo of @fluxfingers at #hacklu 2012 operating the CTF with a high level of concentration #info ... + +(Originally on Twitter: [Fri Nov 02 13:46:00 +0000 2012](https://twitter.com/adulau/status/264362727940710401)) +---- +RT @pretorienx: tsa4ida.py - Rule Based Function Profiler for IDA http://bit.ly/X5POGh #Reverse #Engineering #Malware #IDA @PhysicalDrive0 + +(Originally on Twitter: [Fri Nov 02 13:51:29 +0000 2012](https://twitter.com/adulau/status/264364108256776192)) +---- +RT @DidierStevens: So I just created putty.dll. I guess you know what that means ;-) putty.xls + +(Originally on Twitter: [Fri Nov 02 21:51:39 +0000 2012](https://twitter.com/adulau/status/264484947077783552)) +---- +RT @DidierStevens: And we have putty.xls http://twitpic.com/b9r3x0 + +(Originally on Twitter: [Fri Nov 02 22:42:53 +0000 2012](https://twitter.com/adulau/status/264497836681490432)) +---- +http://www.photographyisnotacrime.com/2012/10/30/creepy-cameraman-reemerges-as-surveillance-camera-man/ " citizens do not mind being video recorded by surveillance cameras, but take great issue when recorded by strangers." + +(Originally on Twitter: [Sun Nov 04 18:12:13 +0000 2012](https://twitter.com/adulau/status/265154498949947392)) +---- +@bortzmeyer Using the money invested in quaero to fund 100 start-ups and maybe one will give better result than quaero. #startup + +(Originally on Twitter: [Sun Nov 04 18:29:11 +0000 2012](https://twitter.com/adulau/status/265158767233073152)) +---- +RT @pretorienx: my latest slides on PE malformations, presented at #hashdays http://www.slideshare.net/ange4771/ange-albertini-hashdays2012extended http://corkami.googlecode.com/files/ange_albertini_hashdays_2012.zip @ange4771 + +(Originally on Twitter: [Sun Nov 04 18:44:01 +0000 2012](https://twitter.com/adulau/status/265162501774266368)) +---- +@fredraynal has many friends even John Draper ok... friend is a big word in this case ;-) http://sid.rstack.org/gallery/?galerie=201210_KualaLumpur&photo=53&exif_style=&show_thumbs= + +(Originally on Twitter: [Mon Nov 05 18:56:38 +0000 2012](https://twitter.com/adulau/status/265528062962200577)) +---- +RT @opendns: OpenDNS is looking for: Software Engineer (Researcher) +http://jobvite.com/m?3VTxAfwF #job + +(Originally on Twitter: [Mon Nov 05 21:37:14 +0000 2012](https://twitter.com/adulau/status/265568481678876673)) +---- +@rysiekpl he just does statistics... + +(Originally on Twitter: [Mon Nov 05 21:45:26 +0000 2012](https://twitter.com/adulau/status/265570545456783360)) +---- +I open this bug report in 2008 -> https://bugs.launchpad.net/ubuntu-website/+bug/241305/ Could you enable ipv6 for http://security.ubuntu.com? #ipv6 #security #ubuntu @canonical + +(Originally on Twitter: [Tue Nov 06 14:56:50 +0000 2012](https://twitter.com/adulau/status/265830106151415810)) +---- +RT @hodgman: Remember: it is more important that there is a federal holiday for deceased presidents than a day off to allow you to elect ... + +(Originally on Twitter: [Tue Nov 06 16:08:41 +0000 2012](https://twitter.com/adulau/status/265848187422642178)) +---- +RT @mattblaze: Touchscreen machines that "flip" votes are prob a fixable calibration problem. Wrote this 4 yrs ago, still applies: http: ... + +(Originally on Twitter: [Tue Nov 06 16:16:09 +0000 2012](https://twitter.com/adulau/status/265850063870377985)) +---- +RT @uscert_gov: Security Updates Available for Adobe Flash Player: http://1.usa.gov/YTJosn + +(Originally on Twitter: [Tue Nov 06 22:08:44 +0000 2012](https://twitter.com/adulau/status/265938796741279744)) +---- +Paper and pencil are king for voting... especially when you see the calibration mess of a touchscreen in US. + http://thenextweb.com/shareables/2012/11/06/reddit-user-captures-video-of-2012-voting-machines-altering-votes/ + +(Originally on Twitter: [Tue Nov 06 22:15:35 +0000 2012](https://twitter.com/adulau/status/265940521585897472)) +---- +http://www.ei.rub.de/media/emma/veroeffentlichungen/2012/11/01/TR-HGI-2012-001.pdf "Down to the Bare Metal: Using Processor Features for Binary Analysis" branch tracing on x86 #malware + # + +(Originally on Twitter: [Tue Nov 06 22:18:59 +0000 2012](https://twitter.com/adulau/status/265941376783491073)) +---- +RT @circl_lu: http://www.group-ib.com/index.php/7-novosti/672-group-ib-us-zero-day-vulnerability-found-in-adobe-x "Group-IB US: Zero-day vulnerability found in Adobe X" #infosec #malware #blackhole + +(Originally on Twitter: [Thu Nov 08 14:58:58 +0000 2012](https://twitter.com/adulau/status/266555416773808128)) +---- +RT @MatthiasStrubel: #piratebox in #mesh with running #forban http://www.youtube.com/watch?v=9qrLpEx8NUU + +(Originally on Twitter: [Sat Nov 10 09:57:22 +0000 2012](https://twitter.com/adulau/status/267204293617123328)) +---- +@bortzmeyer Cool, c'est la première étape avant d'utiliser #Forban sur son téléphone. http://www.foo.be/forban/ #p2p #partage + +(Originally on Twitter: [Sat Nov 10 14:46:16 +0000 2012](https://twitter.com/adulau/status/267276995312898050)) +---- +@followjuke Par défaut cela utilise tout l'espace disque disponible mais l'option "maxsize = 0" permet de limiter pour un espace donné + +(Originally on Twitter: [Sat Nov 10 15:36:15 +0000 2012](https://twitter.com/adulau/status/267289575720886273)) +---- +@followjuke non pas encore. C'est "first seen first serve" mais cela fonctionne assez bien pour une majorité des réseaux locaux éphémères. + +(Originally on Twitter: [Sat Nov 10 16:01:42 +0000 2012](https://twitter.com/adulau/status/267295979571642369)) +---- +@wimremes You're welcome. Thanks for your work on cve-search too. Some patches might come in a near future. https://github.com/adulau/cve-search + +(Originally on Twitter: [Sun Nov 11 00:02:08 +0000 2012](https://twitter.com/adulau/status/267416883551150081)) +---- +RT @halvarflake: http://ensiwiki.ensimag.fr/images/e/e8/GreHack-2012-talk-Kostya_Kortchinsky_Crypt0ad_-10_years_later_which_in_memory_vulnerabilities_still_matter.pdf + +(Originally on Twitter: [Mon Nov 12 15:18:27 +0000 2012](https://twitter.com/adulau/status/268009871104950273)) +---- +If you google for MSRT (the malicious removal tool from Microsoft), check the second link. No worries. it's just pure coincidence. #infosec + +(Originally on Twitter: [Mon Nov 12 15:39:00 +0000 2012](https://twitter.com/adulau/status/268015044019769344)) +---- +I discovered in the train about the quality of a slashdot comment is usually higher than those "articles" in the train's press. #media + +(Originally on Twitter: [Mon Nov 12 20:28:14 +0000 2012](https://twitter.com/adulau/status/268087831174471680)) +---- +RT @maxime_tz: The slides of our #hacklu talk "Insecurity of security equipments" are finally online! http://2012.hack.lu/archive/2012/Hack.lu%202012%20-%20Insecurity%20of%20security%20equipments%20-%20Eric%20Chassard%20&%20Maxime%20Clementz.pdf + +(Originally on Twitter: [Tue Nov 13 21:21:40 +0000 2012](https://twitter.com/adulau/status/268463665953505280)) +---- +http://blogs.lexpress.fr/media/2012/11/13/filippetti-preempte-une-partie-du-fonds-darchives-photos-de-france-soir/ +A good initiative but I hope they will move the photos to #wikipedia / #wikimedia commons... + +(Originally on Twitter: [Tue Nov 13 21:53:52 +0000 2012](https://twitter.com/adulau/status/268471769231396864)) +---- +RT @rommelfs: Literally 0-byte exploit eats up CPU, but "it still can be terminated via the task manager". #microsoft #security "Not a v ... + +(Originally on Twitter: [Tue Nov 13 21:54:28 +0000 2012](https://twitter.com/adulau/status/268471921539158016)) +---- +@rommelfs What's the impact on the PRNG (CryptGenRandom)? Some entropy sources come from CPU registers TSC or processor state... + +(Originally on Twitter: [Tue Nov 13 22:05:26 +0000 2012](https://twitter.com/adulau/status/268474681017913344)) +---- +RT @Dinosn: CVE-2012-5076 Java sample from "Cool" exploit pack http://contagiodump.blogspot.com/2012/11/cve-2012-5076-java-sample-from-cool.html + +(Originally on Twitter: [Thu Nov 15 07:28:32 +0000 2012](https://twitter.com/adulau/status/268978778917707777)) +---- +https://github.com/jbremer/pyasm2 An x86 assembler library with Intel-like assembly syntax, with sequences of instructions and label. A good meta-asm? + +(Originally on Twitter: [Sat Nov 17 13:22:59 +0000 2012](https://twitter.com/adulau/status/269792752831713280)) +---- +RT @circl_lu: http://www.freebsd.org/news/2012-compromise.html "http://FreeBSD.org intrusion announced November 17th 2012" if you are using FreeBSD check/audit yo ... + +(Originally on Twitter: [Sat Nov 17 15:36:20 +0000 2012](https://twitter.com/adulau/status/269826312053612545)) +---- +RT @tomchop_: CVE-2012-5076 included in #BlackHole and many others - http://malware.dontneedcoffee.com/2012/11/cve-2012-5076-massively-adopted.html #exploitkit #malware + +(Originally on Twitter: [Sat Nov 17 23:38:59 +0000 2012](https://twitter.com/adulau/status/269947775100260353)) +---- +After some hours of train... http://www.nytimes.com/2012/11/18/opinion/sunday/the-quiet-ones.html?pagewanted=all + +(Originally on Twitter: [Mon Nov 19 06:43:23 +0000 2012](https://twitter.com/adulau/status/270416965519155201)) +---- +"Trusted Automated eXchange of Indicator Information" https://taxii.mitre.org/ tons of specification but where is the code? #infosec + +(Originally on Twitter: [Tue Nov 20 13:04:04 +0000 2012](https://twitter.com/adulau/status/270875154215735296)) +---- +RT @peakscale: "The problem of viruses is temporary and will be solved in two years." - John McAfee, 1988 + +(Originally on Twitter: [Wed Nov 21 14:28:46 +0000 2012](https://twitter.com/adulau/status/271258858595442689)) +---- +"Socket Error #0: unknown error (_ssl.c:2158)" This very useful message error from Python 3 SSL binding just means your PEM file sucks... + +(Originally on Twitter: [Wed Nov 21 14:30:48 +0000 2012](https://twitter.com/adulau/status/271259372078911489)) +---- +@gyust connect but when reading the trust chain from a local PEM file. + +(Originally on Twitter: [Wed Nov 21 14:54:52 +0000 2012](https://twitter.com/adulau/status/271265426032435200)) +---- +RT @DidierStevens: New blogpost "Update: AnalyzePESig Version 0.0.0.2" http://bit.ly/Ug6S8q + +(Originally on Twitter: [Wed Nov 21 14:55:12 +0000 2012](https://twitter.com/adulau/status/271265512892293121)) +---- +http://wiki.rmll.be/index.php/Communiqu%C3%A9_du_22_novembre The next "Libre Software Meeting 2013" (6-13 July 2013) will be in Bruxelles. #freesoftware #belgium #belgique + +(Originally on Twitter: [Thu Nov 22 16:33:12 +0000 2012](https://twitter.com/adulau/status/271652562653032448)) +---- +RT @radareorg: Fixed the x86-16 default analysis plugin (use udis86 as fallback). Go disasm your BIOS! + +(Originally on Twitter: [Thu Nov 22 17:11:12 +0000 2012](https://twitter.com/adulau/status/271662124508532736)) +---- +https://github.com/agl/pond "Pond (Or, how to better organize a discreet relationship with the Director of the CIA.)" #crypto software to review? + +(Originally on Twitter: [Thu Nov 22 21:56:28 +0000 2012](https://twitter.com/adulau/status/271733914685562880)) +---- +Today I was filling one of those form to submit a project and they asked which programming methodology, I wrote http://programming-motherfucker.com/ + +(Originally on Twitter: [Thu Nov 22 22:13:51 +0000 2012](https://twitter.com/adulau/status/271738288379932672)) +---- +http://tools.ietf.org/html/draft-gont-opsec-vpn-leakages-00 "Virtual Private Network (VPN) traffic leakages in dual-stack hosts/networks" #ipv6 #ipv4 #infosec + +(Originally on Twitter: [Fri Nov 23 14:42:27 +0000 2012](https://twitter.com/adulau/status/271987080316456962)) +---- +@wimremes I did some updates to cve-search enjoy https://github.com/adulau/cve-search/ #infosec #cve #vulnerability + +(Originally on Twitter: [Fri Nov 23 19:57:28 +0000 2012](https://twitter.com/adulau/status/272066353215713280)) +---- +RT @thegrugq: @Dymaxion then they’re fucked. High value targets w/ general purpose computers and no security expertise? + +(Originally on Twitter: [Fri Nov 23 20:01:50 +0000 2012](https://twitter.com/adulau/status/272067453192925184)) +---- +RT @Dymaxion: @thegrugq Oh, right. I forgot. The security community is interested in cool problems, not humans. + +(Originally on Twitter: [Fri Nov 23 20:04:01 +0000 2012](https://twitter.com/adulau/status/272068004743876608)) +---- +@Dymaxion @thegrugq "You can't get rid of the "bad" parts of technology and retain only the "good" parts." as Ted Kaczynski would said... + +(Originally on Twitter: [Fri Nov 23 20:15:46 +0000 2012](https://twitter.com/adulau/status/272070960012734464)) +---- +Why do you always feel like that when you are fixing a bug in a cryptographic function? http://www.flickr.com/photos/adulau/7815330644 #crypto #infosec + +(Originally on Twitter: [Sat Nov 24 09:26:45 +0000 2012](https://twitter.com/adulau/status/272270018958458881)) +---- +I didn't know that @esrtweet is against diversity in computer languages... pretty strange. #git http://permalink.gmane.org/gmane.comp.version-control.git/210329 + +(Originally on Twitter: [Sun Nov 25 13:20:22 +0000 2012](https://twitter.com/adulau/status/272691197770874880)) +---- +just added a ranking functionality in cve-search to classify/dispatch your vulnerable configuration #cve http://adulau.github.com/cve-search/ @wimremes + +(Originally on Twitter: [Sun Nov 25 14:01:55 +0000 2012](https://twitter.com/adulau/status/272701652455268356)) +---- +@wimremes As you like, you know it's git so it's distributed ;-) just let me know if I should regularly pull. Thank you for your work too. + +(Originally on Twitter: [Sun Nov 25 14:13:53 +0000 2012](https://twitter.com/adulau/status/272704666326925313)) +---- +@jaysonstreet no worries, we are waiting for you at #hacklu 2013... I'm sure everything will be fine. + +(Originally on Twitter: [Sun Nov 25 17:23:41 +0000 2012](https://twitter.com/adulau/status/272752428590436352)) +---- +http://blog.hansenpartnership.com/adventures-in-microsoft-uefi-signing/ "Adventures in Microsoft UEFI Signing" interesting reading... #x509 #infosec + +(Originally on Twitter: [Mon Nov 26 20:48:28 +0000 2012](https://twitter.com/adulau/status/273166352175484928)) +---- +Preparing the honeypot courses I'm giving the next weeks, I'm wondering if this academic year would be more or less offensive... + +(Originally on Twitter: [Tue Nov 27 21:30:56 +0000 2012](https://twitter.com/adulau/status/273539427031207936)) +---- +RT @dragosr: Short Version: CanSecWest CFP open now, deadline Dec. 14 (secwest13@cansecwest.com) Conf Mar 6-8 2013 (Dojo Mar 2-5) +More t ... + +(Originally on Twitter: [Tue Nov 27 21:44:00 +0000 2012](https://twitter.com/adulau/status/273542718230237184)) +---- +@cokebottle The students have to write their own honeypot but also abuse them. To see the security duality of software ;-) + +(Originally on Twitter: [Tue Nov 27 21:45:04 +0000 2012](https://twitter.com/adulau/status/273542985864593411)) +---- +@elise_huard It's even quite common to do to find sensitive documents. Digging in a dustbin doesn't mean that you are homeless. #infosec + +(Originally on Twitter: [Wed Nov 28 10:07:18 +0000 2012](https://twitter.com/adulau/status/273729773740621824)) +---- +@ochsff Does the IDB database snapshot help a little bit? You can enable the automatic snapshot in the "database snapshot manager". #ida + +(Originally on Twitter: [Wed Nov 28 13:15:43 +0000 2012](https://twitter.com/adulau/status/273777190259286018)) +---- +I don't why but that's the week of fixing code from one version to another. Python 2 to Python 3, K&R C to C99 and now an obscure Perl shit. + +(Originally on Twitter: [Wed Nov 28 21:28:56 +0000 2012](https://twitter.com/adulau/status/273901312695996416)) +---- +http://www.renesys.com/blog/2012/11/syria-off-the-air.shtml "Syrian Internet Is Off The Air" + +(Originally on Twitter: [Thu Nov 29 14:11:25 +0000 2012](https://twitter.com/adulau/status/274153597976051712)) +---- +RT @circl_lu: http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html Chrome version 23.0.1271.91 released fixing CVE-2012-5130 -> CVE-2012-5136 #infosec + +(Originally on Twitter: [Thu Nov 29 14:32:56 +0000 2012](https://twitter.com/adulau/status/274159013040627712)) +---- +RT @41414141: #deepsec turns into "cyberwar" term definition con, which is a good thing. Where are the diplomats that need to hear this? + +(Originally on Twitter: [Thu Nov 29 14:35:30 +0000 2012](https://twitter.com/adulau/status/274159657940054016)) +---- +Offensive software is just a software where you forgot about a functionality. Hmmm it's a kind of bug? -> so everything can be offensive. + +(Originally on Twitter: [Thu Nov 29 16:23:09 +0000 2012](https://twitter.com/adulau/status/274186749108969472)) +---- +git should be teach in CS courses just like advanced data structures courses or any algorithmics courses. #git #futureishere + +(Originally on Twitter: [Thu Nov 29 22:31:48 +0000 2012](https://twitter.com/adulau/status/274279520612278272)) +---- +@bortzmeyer Je ne savais que le W3C était hébergé en Syrie... #syria #w3c + +(Originally on Twitter: [Thu Nov 29 22:35:20 +0000 2012](https://twitter.com/adulau/status/274280408982630400)) +---- +https://github.com/mandiant/Reversing/blob/master/shellcode_hashes/make_sc_hash_db.py Computes common shellcode hashes in a DB that can be looked-up in IDA later on. #reversing #malware + +(Originally on Twitter: [Fri Nov 30 06:37:11 +0000 2012](https://twitter.com/adulau/status/274401672061648896)) +---- +RT @mattblaze: Disclosure is also consistent with the scientific/academic ethic. Why should security have different rules from the rest ... + +(Originally on Twitter: [Fri Nov 30 18:54:32 +0000 2012](https://twitter.com/adulau/status/274587232931811328)) +---- +RT @inliniac: Created a template #Suricata packet inspection plugin and documented it here: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Packet_Inspection_Module Feedback appreciated! + +(Originally on Twitter: [Fri Nov 30 21:22:18 +0000 2012](https://twitter.com/adulau/status/274624421182988288)) +---- +http://www.flickr.com/photos/adulau/8233536808/ Sometime you can be scared by a poster street-art... #streetart #poster + +(Originally on Twitter: [Fri Nov 30 21:41:49 +0000 2012](https://twitter.com/adulau/status/274629331681157122)) +---- +Just a got a notification from Google scholar about malware publication and all of them are US patents. Grrr... research papers ≠ patents. + +(Originally on Twitter: [Sat Dec 01 08:37:39 +0000 2012](https://twitter.com/adulau/status/274794377962987521)) +---- +@wimremes Yes on malware detection like US 8,321,910 US 8,321,942 US 8,321,910... but often it's just lawyer talks and not really useful + +(Originally on Twitter: [Sat Dec 01 08:56:36 +0000 2012](https://twitter.com/adulau/status/274799144374243328)) +---- +RT @Regiteric: Documented the interaction with #suricata via unix socket: a user guide https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Interacting_via_Unix_Socket and a devel guide https://t ... + +(Originally on Twitter: [Sat Dec 01 09:54:50 +0000 2012](https://twitter.com/adulau/status/274813800975306753)) +---- +@wimremes you might enjoy this project proposal for a small group of my student http://www.foo.be/cours/dess-20122013/#_automatic_vulnerability_assessment_from_network_capture_1 I hope they'll do something useful. + +(Originally on Twitter: [Sat Dec 01 10:18:38 +0000 2012](https://twitter.com/adulau/status/274819789145374722)) +---- +RT @olesovhcom: #ArcelorMittal s'engage d'investir 180Me sur 5 ans. #Ovh investit naturellement 180Me en 2 ans. + +(Originally on Twitter: [Sat Dec 01 12:11:59 +0000 2012](https://twitter.com/adulau/status/274848316985053184)) +---- +@hackerjoe Thank you. Hope to see you at hack.lu 2013 or even before at #OHM 2013 #hacklu cc: @wimremes + +(Originally on Twitter: [Sat Dec 01 12:25:08 +0000 2012](https://twitter.com/adulau/status/274851622847389697)) +---- +@hackerjoe Interesting if you have the time to push it on #github I'll have a look at it. #ctf #pcap cc @wimremes + +(Originally on Twitter: [Sat Dec 01 12:33:43 +0000 2012](https://twitter.com/adulau/status/274853785535410176)) +---- +RT @hackerjoe: @adulau @wimremes actually @invisig0th built my pcap decodes into vstruct, its included in vdb and vivisect, look for pca ... + +(Originally on Twitter: [Sun Dec 02 08:45:18 +0000 2012](https://twitter.com/adulau/status/275158690468868096)) +---- +@invisig0th Tested a bit VDB, a very nifty and cool binary reversing framework in Python http://visi.kenshoto.com/ #reversing +@hackerjoe + +(Originally on Twitter: [Sun Dec 02 09:20:55 +0000 2012](https://twitter.com/adulau/status/275167652748611584)) +---- +There is a nice fork of VDB from @fitblip https://github.com/Fitblip/vdb-fork including some bug fixes and a documentation #reversing http://fitblip.github.com/vdb-fork/ + +(Originally on Twitter: [Sun Dec 02 09:23:06 +0000 2012](https://twitter.com/adulau/status/275168200499539968)) +---- +RT @mjg59: Microsoft-signed bootloader for all free operating systems available here: http://www.codon.org.uk/~mjg59/shim-signed/ - details at http://mjg59.dreamwidth.org/20303.html + +(Originally on Twitter: [Sun Dec 02 09:36:45 +0000 2012](https://twitter.com/adulau/status/275171639505858560)) +---- +@pocket why don't you support the Kindle by just sending an email to the kindle address with a daily summary? thank you + +(Originally on Twitter: [Mon Dec 03 20:18:32 +0000 2012](https://twitter.com/adulau/status/275695535179051008)) +---- +@DennisRand looks like an RFP for Tor v2. "selecting optimal nodes in a cyber +battlespace [] entry nodes, target nodes, & nodes to avoid." + +(Originally on Twitter: [Mon Dec 03 20:21:27 +0000 2012](https://twitter.com/adulau/status/275696269509423104)) +---- +RT @joshsusser: If you don't hate time zones, you're not a real programmer. + +(Originally on Twitter: [Mon Dec 03 21:04:15 +0000 2012](https://twitter.com/adulau/status/275707038934380545)) +---- +@sans_isc There are CVEs - CVE-2012-4561 CVE-2012-4560, CVE-2012-4562 and CVE-2012-6063 #libssh #vulnerabilities + +(Originally on Twitter: [Mon Dec 03 21:57:44 +0000 2012](https://twitter.com/adulau/status/275720498665635840)) +---- +@DennisRand Yep that the link your RT ;-) +"DARPA-BAA-13-02: Foundational Cyberwarfare (Plan X) " https://www.fbo.gov/index?s=opportunity&mode=form&id=1bc45a18e1ba0763640824679d331e46&tab=core&_cview=0 + +(Originally on Twitter: [Tue Dec 04 16:07:18 +0000 2012](https://twitter.com/adulau/status/275994697057579009)) +---- +CVE-2007-3891 is back? I cannot believe it. If you have samples, you'll get some chocolate ;-) #malware + +(Originally on Twitter: [Wed Dec 05 20:59:52 +0000 2012](https://twitter.com/adulau/status/276430712129875968)) +---- +https://github.com/sensepost/Snoopy "Snoopy; a distributed tracking and profiling framework" #infosec #tracking #privacy + +(Originally on Twitter: [Thu Dec 06 19:50:47 +0000 2012](https://twitter.com/adulau/status/276775715972722688)) +---- +RT @satefan: @doctorow The leaked ITU documents are great. They basically show that the cypherpunks movement needs to be revived in a bi ... + +(Originally on Twitter: [Thu Dec 06 19:53:03 +0000 2012](https://twitter.com/adulau/status/276776285307551744)) +---- +https://community.rapid7.com/community/infosec/blog/2012/12/06/skynet-a-tor-powered-botnet-straight-from-reddit "Skynet, a Tor-powered botnet straight from Reddit" + +(Originally on Twitter: [Fri Dec 07 06:07:34 +0000 2012](https://twitter.com/adulau/status/276930932580167680)) +---- +Dropbox will be acquired by Google? No just Guido moving there for testing out the organization ;-) https://tech.dropbox.com/2012/12/welcome-guido/ + +(Originally on Twitter: [Fri Dec 07 21:46:11 +0000 2012](https://twitter.com/adulau/status/277167146566578176)) +---- +https://github.com/psychomario/ntlmsspparse "Parses ntlmssp netlm[v2] hashes out of a pcap" Not perfect but already a very good start... #ntlm #infosec + +(Originally on Twitter: [Sat Dec 08 09:06:55 +0000 2012](https://twitter.com/adulau/status/277338458442309633)) +---- +released netbeacon - tools to monitor your network capture sys (e.g. honeypot monitoring, IDS) and check its accuracy http://adulau.github.com/netbeacon/ + +(Originally on Twitter: [Sat Dec 08 13:11:47 +0000 2012](https://twitter.com/adulau/status/277400080498163713)) +---- +RT @Dinosn: Most Effective Malware-Related Snort Signatures http://mtc.sri.com/live_data/signatures/ + +(Originally on Twitter: [Sat Dec 08 13:29:37 +0000 2012](https://twitter.com/adulau/status/277404565702340608)) +---- +http://www.flickr.com/photos/mattblaze/8248156713/ Nice pictures from @mattblaze "The Meeting is Classified" I'm wondering if the PIN of the confcall is classified ;-) + +(Originally on Twitter: [Sun Dec 09 10:34:58 +0000 2012](https://twitter.com/adulau/status/277723002978848768)) +---- +@aumasson I enjoyed the quotes around "military-strength" and was thinking of the classical Snake Oil FAQ http://www.interhack.net/people/cmcurtin/snake-oil-faq.html#SECTION000511000000000000000 + +(Originally on Twitter: [Sun Dec 09 10:57:18 +0000 2012](https://twitter.com/adulau/status/277728623132303362)) +---- +@Regiteric @inliniac Have you ever compared the Endace DAG Card 9.2X2 versus an Intel X540-T2 network card on Suricata? thx #suricata + +(Originally on Twitter: [Sun Dec 09 15:26:24 +0000 2012](https://twitter.com/adulau/status/277796346264711168)) +---- +Not #infosec this time but just a photography of a metal cat guarding a garden http://www.flickr.com/photos/adulau/8257173175/ #photography #belgium + +(Originally on Twitter: [Sun Dec 09 16:18:37 +0000 2012](https://twitter.com/adulau/status/277809487249825792)) +---- +@inliniac @Regiteric Thank you. I wondering about the performance comparison for the both cards with Suricata. + +(Originally on Twitter: [Mon Dec 10 13:03:11 +0000 2012](https://twitter.com/adulau/status/278122689464516610)) +---- +@inliniac Sure, I'll try to get the latest Endace card. Is there an official set of PCAP files for testing Suricata? + +(Originally on Twitter: [Mon Dec 10 13:06:18 +0000 2012](https://twitter.com/adulau/status/278123475854557184)) +---- +If someone asked me again about prediction about information security in 2013, I will run over you with a very large fragmented IP packet. + +(Originally on Twitter: [Mon Dec 10 18:42:58 +0000 2012](https://twitter.com/adulau/status/278208198484312065)) +---- +@snazmeister Both and also with random option headers... + +(Originally on Twitter: [Mon Dec 10 18:48:15 +0000 2012](https://twitter.com/adulau/status/278209531132116993)) +---- +@snazmeister A good fight is usually better than a "cyberwar" because no one knows what's behind this term ;-) #infosec #cyberBS + +(Originally on Twitter: [Mon Dec 10 19:01:28 +0000 2012](https://twitter.com/adulau/status/278212854073671681)) +---- +@xme Yes, you are right ;-) A prediction to overwrite the other prediction. Wait that's the bitwise AND 0 prediction. + +(Originally on Twitter: [Mon Dec 10 19:19:53 +0000 2012](https://twitter.com/adulau/status/278217489383555072)) +---- +@britram Thanks for yaf. It's a great piece of software. http://tools.netsa.cert.org/yaf/yaf.html #infosec #netflow #ipfix + +(Originally on Twitter: [Mon Dec 10 21:08:16 +0000 2012](https://twitter.com/adulau/status/278244767614259201)) +---- +did a quick-and-dirty set of posters to state the Traffic Light Protocol classification for your physical meetings https://github.com/adulau/tlp-meeting + +(Originally on Twitter: [Mon Dec 10 21:51:49 +0000 2012](https://twitter.com/adulau/status/278255727968149505)) +---- +RT @Kaplan_CERTat: @adulau hehe... or even worse: a half corrupt IP packet which creates side effects in layer 2: http://www.youtube.com/watch?v=euMHlV6MNqs + +(Originally on Twitter: [Mon Dec 10 21:56:40 +0000 2012](https://twitter.com/adulau/status/278256945608151043)) +---- +http://arxiv.org/abs/1210.1847 "we have taken seriously the possibility that our universe is a numerical simulation" Just left the simulated train... + +(Originally on Twitter: [Tue Dec 11 07:11:09 +0000 2012](https://twitter.com/adulau/status/278396485077434368)) +---- +http://www.w3.org/TR/2012/CR-eventsource-20121211/ So a replacement for "XMLHttpRequest" where the server is pushing messages to the client. I see many uses... #infosec + +(Originally on Twitter: [Tue Dec 11 19:31:37 +0000 2012](https://twitter.com/adulau/status/278582833457549314)) +---- +Maybe we should mention to the totalitarian regime in Syria that they should purchase a "Bypass Switch" from netoptics to avoid L2 issue.... + +(Originally on Twitter: [Tue Dec 11 20:56:34 +0000 2012](https://twitter.com/adulau/status/278604210961010688)) +---- +RT @esizkur: I seldomly praise defensive papers in computer security. This is one of them: http://eprint.iacr.org/2012/579.pdf + +(Originally on Twitter: [Wed Dec 12 19:58:52 +0000 2012](https://twitter.com/adulau/status/278952075197546496)) +---- +RT @holman: I hate meetings. http://zachholman.com/posts/chat/ + +(Originally on Twitter: [Wed Dec 12 20:17:05 +0000 2012](https://twitter.com/adulau/status/278956659580219392)) +---- +RT @_saadk: #DFIR "Fighting Back Malware with IOC & YARA" slides have been published by @OSSIRFrance http://www.ossir.org/paris/supports/2012/2012-12-11/Saad_Kadhi-FBMWIAY-OSSIR_Paris-20121211.pdf 1/2 + +(Originally on Twitter: [Thu Dec 13 17:04:42 +0000 2012](https://twitter.com/adulau/status/279270633148387328)) +---- +http://crypto.junod.info/2012/12/13/hash-dos-and-btrfs/ "Btrfs CRC32C denial of service issues" #crypto #hashing + +(Originally on Twitter: [Thu Dec 13 21:13:01 +0000 2012](https://twitter.com/adulau/status/279333123467124736)) +---- +RT @malwarelu: We made two reverse engineering challenges, we can download them here: http://www.malware.lu/hackgyver/hackgyver.zip + +(Originally on Twitter: [Thu Dec 13 22:18:30 +0000 2012](https://twitter.com/adulau/status/279349605714493440)) +---- +@Pinboard Wonderful idea... I couldn't resist to post it on HN... #startup #do + +(Originally on Twitter: [Fri Dec 14 20:32:58 +0000 2012](https://twitter.com/adulau/status/279685435733712897)) +---- +RT @ilfak: IDA 6.4 is going to beta today. If you are willing to participate, send us an email! + +(Originally on Twitter: [Fri Dec 14 21:23:23 +0000 2012](https://twitter.com/adulau/status/279698120772816897)) +---- +http://blog.icann.org/2012/12/d-root/ "D-root is changing its IPv4 address on 3 January 2013" + +(Originally on Twitter: [Fri Dec 14 21:43:06 +0000 2012](https://twitter.com/adulau/status/279703082605092865)) +---- +Grrrrr, I'll miss #29c3 and especially the talk from djb, Nadia Heninger and @hyperelliptic about RSA factorization http://events.ccc.de/congress/2012/Fahrplan/events/5275.en.html + +(Originally on Twitter: [Sat Dec 15 13:18:01 +0000 2012](https://twitter.com/adulau/status/279938364101242880)) +---- +@JeffreyWWalter The old IP address will stay for 6 months... so systems including the old root IP address have 6 months to update. + +(Originally on Twitter: [Sat Dec 15 13:26:58 +0000 2012](https://twitter.com/adulau/status/279940615033221120)) +---- +RT @craiu: The #Duqu CVE-2011-3402 exploits are spiking all over the web, 40000 reports so far, +5000 new per day in average. + +(Originally on Twitter: [Sun Dec 16 09:32:15 +0000 2012](https://twitter.com/adulau/status/280243933320200193)) +---- +http://notary.icsi.berkeley.edu/trust-tree/ "the relationship between the root-CAs of the Mozilla root-store and their intermediates" #x509 #infosec #infovis + +(Originally on Twitter: [Sun Dec 16 09:36:59 +0000 2012](https://twitter.com/adulau/status/280245125836316672)) +---- +@Thoreau_Assis On peut pas dire que Henry Thoreau voulait payer des impôts ;-) Surtout pour le financement d'un état esclavagiste... #free + +(Originally on Twitter: [Sun Dec 16 18:46:39 +0000 2012](https://twitter.com/adulau/status/280383455978733568)) +---- +RT @quequero: Android #Carberp samples: http://contagiominidump.blogspot.it/2012/12/android-carberp.html interesting! + +(Originally on Twitter: [Sun Dec 16 18:54:47 +0000 2012](https://twitter.com/adulau/status/280385500357988352)) +---- +Here is my definition of an experimental coding session who is going nowhere: git clone, n(git commit -a), make test and git reset --hard + +(Originally on Twitter: [Sun Dec 16 20:05:24 +0000 2012](https://twitter.com/adulau/status/280403272500662273)) +---- +@rommelfs Never underestimate the growing capabilities of a rotten banana in your bag, it's a nice sandbox for biological weapons. + +(Originally on Twitter: [Mon Dec 17 13:08:27 +0000 2012](https://twitter.com/adulau/status/280660730339000320)) +---- +@rommelfs Do you know who is responsible for biological hazard in Luxembourg? I'm not sure they will move for bag with a rotten banana. + +(Originally on Twitter: [Mon Dec 17 13:11:39 +0000 2012](https://twitter.com/adulau/status/280661535049801728)) +---- +http://ec.europa.eu/taxation_customs/resources/documents/taxation/vat/how_vat_works/e-services/press_notice_fr.pdf So in 2015, the VAT on "electronic" sales will be calculated from where the customer lives in Europe. I see loopholes. + +(Originally on Twitter: [Tue Dec 18 19:01:47 +0000 2012](https://twitter.com/adulau/status/281112037092904960)) +---- +https://retractionwatch.wordpress.com/2012/12/11/elsevier-editorial-system-hacked-reviews-faked-11-retractions-follow/ "Elsevier editorial system hacked, reviews faked, 11 retractions follow" Another good reason to publish reviews... + +(Originally on Twitter: [Wed Dec 19 06:48:07 +0000 2012](https://twitter.com/adulau/status/281289793105719296)) +---- +RT @joernchen: So according to http://www.timeanddate.com/countdown/maya?p0=155 the world ends in ~ 15 hours. You all should release all your 0day before. Just to s ... + +(Originally on Twitter: [Thu Dec 20 20:20:29 +0000 2012](https://twitter.com/adulau/status/281856618851872768)) +---- +Hi @Giribot https://github.com/MaStr/mkPirateBox-Forban Let me know if you need something else to run #Forban on your OpenWRT... enjoy. #p2p + +(Originally on Twitter: [Sat Dec 22 13:18:34 +0000 2012](https://twitter.com/adulau/status/282475216343539712)) +---- +@PvdWalle You should open a ticket with @certbe about the @SNCBEurope data leak ASAP @cudeso @ddurvaux + +(Originally on Twitter: [Sat Dec 22 14:07:37 +0000 2012](https://twitter.com/adulau/status/282487561098764288)) +---- +RT @JensenClan88: America had 11,000 gun-related homicides in 2008. Japan had 11. Does anyone know if they play video games in Japan? + +(Originally on Twitter: [Sat Dec 22 14:16:33 +0000 2012](https://twitter.com/adulau/status/282489810587877376)) +---- +CVE-2012-4969 was reported to the vendor the 24th July 2012? http://packetstormsecurity.org/files/119030 Did I miss something? + +(Originally on Twitter: [Sat Dec 22 18:01:42 +0000 2012](https://twitter.com/adulau/status/282546469108604928)) +---- +@OSVDB Right. I was comparing the CVE publishing date with http://adulau.github.com/cve-search/ and found a set around the same time. I probably mixed. + +(Originally on Twitter: [Sat Dec 22 18:58:04 +0000 2012](https://twitter.com/adulau/status/282560654517346304)) +---- +@tricaud en tongues? J’espère que notre ami l'ours était à la piscine durant la coupe de la pelouse ;-) + +(Originally on Twitter: [Sat Dec 22 22:33:00 +0000 2012](https://twitter.com/adulau/status/282614744223981568)) +---- +@thegrugq I suppose the synonym for "Ent. Security" is "Oh, those workstations over there, they don't have access to Internet, it's safe." + +(Originally on Twitter: [Sat Dec 22 22:36:52 +0000 2012](https://twitter.com/adulau/status/282615717491249152)) +---- +@tricaud So you cooked #pedobear in a large pot, you are definitely more crazy than I thought. #infosecbbq + +(Originally on Twitter: [Sat Dec 22 22:40:08 +0000 2012](https://twitter.com/adulau/status/282616537699987456)) +---- +RT @darrenpauli: Netzob - one of the most advanced tools to help reversers with undocumented protocols http://www.netzob.org & slides ... + +(Originally on Twitter: [Sat Dec 22 22:53:53 +0000 2012](https://twitter.com/adulau/status/282619999217127424)) +---- +@LibraryThing Could we sponsor LibraryThing to extend the Android application "Book Catalogue" http://www.librarything.com/topic/121348#3768123 ? + +(Originally on Twitter: [Sun Dec 23 10:29:51 +0000 2012](https://twitter.com/adulau/status/282795146934886400)) +---- +@xme The clever part of the various groups doing ransomware is to play with the shame. Victims often refuse to give their PC for analysis. + +(Originally on Twitter: [Sun Dec 23 17:21:06 +0000 2012](https://twitter.com/adulau/status/282898640056500224)) +---- +@GiriBot For an explanation of the three Forban modes: opportunistic, shared or passive. Slides 7+ on http://www.foo.be/haxogreen2012/forban-general.pdf #p2p + +(Originally on Twitter: [Mon Dec 24 09:25:39 +0000 2012](https://twitter.com/adulau/status/283141378320506880)) +---- +@Giribot the passive mode: you just sniff passively for Forban announce message ( check sample tcpdump script in https://github.com/adulau/Forban/blob/master/bin/bash-forban/bforban.sh ) + +(Originally on Twitter: [Mon Dec 24 09:36:34 +0000 2012](https://twitter.com/adulau/status/283144125363142656)) +---- +@GiriBot FYI, #Forban is also able to run on the #raspberrypi with the default image (including Python). The first test was on a #OLPC + +(Originally on Twitter: [Mon Dec 24 10:03:29 +0000 2012](https://twitter.com/adulau/status/283150899529003008)) +---- +@williballenthin started to work on a pure Python EVTX (the new EVT in a binary XML format) parser... https://github.com/williballenthin/python-evtx looks promising + +(Originally on Twitter: [Mon Dec 24 11:33:28 +0000 2012](https://twitter.com/adulau/status/283173542277820416)) +---- +After 15 years, GnuPG 1.4.13 has been released and includes the old cipher IDEA because the patents finally expired. http://lists.gnupg.org/pipermail/gnupg-announce/2012q4/000319.html + +(Originally on Twitter: [Mon Dec 24 12:13:48 +0000 2012](https://twitter.com/adulau/status/283183692032118784)) +---- +@carmelo Oui mais #begov n'a pas encore compris que le format était important pour partager des données. cf ex. AFSCA http://data.gov.be/fr/idea/resultats-des-controles-afsca + +(Originally on Twitter: [Mon Dec 24 12:19:57 +0000 2012](https://twitter.com/adulau/status/283185242053951488)) +---- +RT @halvarflake: The NRA is right, and instead of security control at an airport, everybody should get a gun upon boarding. Business gla ... + +(Originally on Twitter: [Mon Dec 24 12:33:40 +0000 2012](https://twitter.com/adulau/status/283188695165706242)) +---- +@SteveClement So you did a holy upgrade of OpenBSD ;-) + +(Originally on Twitter: [Mon Dec 24 17:49:07 +0000 2012](https://twitter.com/adulau/status/283268076932321280)) +---- +@SteveClement Do you know if softflowd or YAF still work with 5.2? #netflow #infosec + +(Originally on Twitter: [Mon Dec 24 18:06:10 +0000 2012](https://twitter.com/adulau/status/283272371052359680)) +---- +I just released Forban 0.0.34 it's a bug fix release http://www.foo.be/forban/ https://github.com/adulau/Forban #p2p #forban #sharing + +(Originally on Twitter: [Tue Dec 25 12:47:42 +0000 2012](https://twitter.com/adulau/status/283554614677237760)) +---- +@olesovhcom As-tu essayé le Luxembourg pour la construction d'un DC? + +(Originally on Twitter: [Tue Dec 25 17:03:58 +0000 2012](https://twitter.com/adulau/status/283619103082704896)) +---- +RT @i0n1c: @0xabad1dea if people leave a project just because someone virtually yells at them then they are most probably better off in ... + +(Originally on Twitter: [Tue Dec 25 18:22:54 +0000 2012](https://twitter.com/adulau/status/283638967000252416)) +---- +@Calimaq Pourquoi un cauchemar? C'est plutôt une bonne nouvelle. Une mise en valeur de la culture fait vendre plus de culture... #forban + +(Originally on Twitter: [Tue Dec 25 20:56:44 +0000 2012](https://twitter.com/adulau/status/283677683550928896)) +---- +RT @Shpantzer: It's cool, I mapped the covert channels used for exfil to an ISO 27002 security control objective! We should be safe now ... + +(Originally on Twitter: [Tue Dec 25 21:04:37 +0000 2012](https://twitter.com/adulau/status/283679667544813568)) +---- +https://github.com/snarez/ida-efiutils "Some scripts for IDA Pro to assist with reverse engineering EFI binaries" #reversing #ida #efi #infosec + +(Originally on Twitter: [Tue Dec 25 21:08:43 +0000 2012](https://twitter.com/adulau/status/283680697523253248)) +---- +http://arxiv.org/abs/1212.6177 "How Much of the Web Is Archived?" Interesting maybe "How Much of the infected Web is Archived" might be also useful... + +(Originally on Twitter: [Thu Dec 27 10:08:20 +0000 2012](https://twitter.com/adulau/status/284239280598048768)) +---- +http://dnsviz.net/d/af.mil/dnssec/ "Expiration:2012-12-26 19:03:49 UTC (13 hours, 16 minutes in the past)" now I can disable the validating resolver + +(Originally on Twitter: [Thu Dec 27 16:03:14 +0000 2012](https://twitter.com/adulau/status/284328597102137344)) +---- +http://www.mlsec.org/malheur/ New release of Malheur (automatic classification of malware based on malware behaviour) version 0.5.3 #malware #infosec + +(Originally on Twitter: [Fri Dec 28 09:37:48 +0000 2012](https://twitter.com/adulau/status/284593985492746240)) +---- +RT @daviddarts: Testers needed for newest PirateBox release with mesh networking (powered by Forban) http://bit.ly/Un2Uwg + +(Originally on Twitter: [Fri Dec 28 21:36:09 +0000 2012](https://twitter.com/adulau/status/284774765825253377)) +---- +@daviddarts For direct Forban bug reports, https://github.com/adulau/Forban you can open an issue in GitHub. Thank you very much. #p2p #Forban + +(Originally on Twitter: [Fri Dec 28 21:37:57 +0000 2012](https://twitter.com/adulau/status/284775218822651904)) +---- +Another perspective to a malicious laboratory http://www.flickr.com/photos/adulau/8320720779/ quite old style... #belgium + +(Originally on Twitter: [Sat Dec 29 11:55:51 +0000 2012](https://twitter.com/adulau/status/284991115122315264)) +---- +RT @ChristiaanBeek: Metasploit: Added module for CVE-2012-4792 http://feedproxy.google.com/~r/metasploit/development/~3/71T4fnKJmJg/6cb9106218bde56fc5e8d72c66fbba9f11c24449 (Internet Explorer CDwnBindInfo Object Use-After-Fre ... + +(Originally on Twitter: [Sun Dec 30 07:42:15 +0000 2012](https://twitter.com/adulau/status/285289683045457920)) +---- +Can we have a new year resolution for A/V vendor to make easy to pronounce malware names? BKDR_JAVAWAR.JG #malware + +(Originally on Twitter: [Sun Dec 30 09:05:03 +0000 2012](https://twitter.com/adulau/status/285310518758105088)) +---- +@jweyrich Correct and based on some fuzzy matching logic. #malwarenaming + +(Originally on Twitter: [Sun Dec 30 09:18:03 +0000 2012](https://twitter.com/adulau/status/285313793016360960)) +---- +Donc le #CSPLA n'aime pas les licences libres pour les photos? Et aussi les photos libres en CC sur flickr? #wtf http://static.pcinpact.com/images/bd/news/125406.png + +(Originally on Twitter: [Mon Dec 31 11:01:44 +0000 2012](https://twitter.com/adulau/status/285702273437425664)) +---- +@FredericJacobs Are you sure it's a good idea to allow email look-up in the SNCB leak to get back first and last name? An ACK is enough. + +(Originally on Twitter: [Tue Jan 01 08:01:01 +0000 2013](https://twitter.com/adulau/status/286019181999173634)) +---- +RT @letoams: The ARPANET transitioned to TCP/IP on 1 January 1983. That was 30 years ago http://www.rfc-editor.org/rfc/rfc801.txt Happy death anniversary to ... + +(Originally on Twitter: [Tue Jan 01 09:58:17 +0000 2013](https://twitter.com/adulau/status/286048691746385920)) +---- +RT @_sinn3r: CVE-2012-4792 fix-it now available: http://support.microsoft.com/kb/2794220 + +(Originally on Twitter: [Tue Jan 01 10:40:01 +0000 2013](https://twitter.com/adulau/status/286059195499966464)) +---- +@FredericJacobs Cool and thanks for your work. + +(Originally on Twitter: [Tue Jan 01 11:01:15 +0000 2013](https://twitter.com/adulau/status/286064536790917121)) +---- +https://bugzilla.redhat.com/show_bug.cgi?id=891142 "CVE-2012-6085 GnuPG: read_block() corrupt key input validation" #security #pgp -> upgrade to gnupg 1.4.13 + +(Originally on Twitter: [Wed Jan 02 08:03:17 +0000 2013](https://twitter.com/adulau/status/286382141607124992)) +---- +@xme http://labs.adobe.com/technologies/swfinvestigator/ "Adobe SWF Investigator" might help you. #infosec + +(Originally on Twitter: [Wed Jan 02 08:13:09 +0000 2013](https://twitter.com/adulau/status/286384621959118848)) +---- +RT @mrkoot: Self-propagating heap-memory crawler in x86-64 Linux assembly (Jan 1) http://pastebin.com/rtGeDEmC + +(Originally on Twitter: [Wed Jan 02 11:11:29 +0000 2013](https://twitter.com/adulau/status/286429501062250496)) +---- +RT @FredericJacobs: #SNCBGate Lookup tool gathered 45861 visitors on Monday and Tuesday. +I don't track any other stats. +Not logging the ... + +(Originally on Twitter: [Wed Jan 02 11:21:23 +0000 2013](https://twitter.com/adulau/status/286431995159015424)) +---- +RT @y0m: Forensic Challenge 13 – “A Message in a Picture“ - https://www.honeynet.org/challenges/2012_13_message_picture + +(Originally on Twitter: [Wed Jan 02 11:22:26 +0000 2013](https://twitter.com/adulau/status/286432255814037504)) +---- +added full-text indexing to cve-search http://adulau.github.com/cve-search/ relying on Whoosh cc: @wimremes #infosec #security #cve + +(Originally on Twitter: [Wed Jan 02 18:53:30 +0000 2013](https://twitter.com/adulau/status/286545773301223425)) +---- +RT @volatility: @vietwow sorry, we don't maintain ssdt_ex anymore, but most of the code you'd need to implement for >= 2.0 is in ssdt ... + +(Originally on Twitter: [Wed Jan 02 20:02:47 +0000 2013](https://twitter.com/adulau/status/286563206070165504)) +---- +A proposal statement to the communication manager at #SNCB -> "We did an error, we will inform the users and will support our IT to improve" + +(Originally on Twitter: [Wed Jan 02 20:36:19 +0000 2013](https://twitter.com/adulau/status/286571646360358912)) +---- +Does someone already work a bit on the security assessment of the owncloud software? http://owncloud.org/ #infosec #security #cloud + +(Originally on Twitter: [Thu Jan 03 13:36:17 +0000 2013](https://twitter.com/adulau/status/286828328617402368)) +---- +http://googleonlinesecurity.blogspot.be/2013/01/enhancing-digital-certificate-security.html "mistakenly issued two intermediate CA certificates to organizations that should have regular SSL certificates." Aie... + +(Originally on Twitter: [Thu Jan 03 20:57:10 +0000 2013](https://twitter.com/adulau/status/286939281031823360)) +---- +http://technet.microsoft.com/en-us/security/advisory/2798897 "Fraudulent Digital Certificates Could Allow Spoofing" + +(Originally on Twitter: [Thu Jan 03 21:02:30 +0000 2013](https://twitter.com/adulau/status/286940624832299008)) +---- +@dakami @BinaryParadox Another option would be to run havege(d) on the Android device. #prng #seeding + +(Originally on Twitter: [Fri Jan 04 16:21:40 +0000 2013](https://twitter.com/adulau/status/287232339283689473)) +---- +@dakami @BinaryParadox I first discovered the effect when I saw on a production SSL/TLS server running out of entropy after a simple DoS. + +(Originally on Twitter: [Fri Jan 04 16:35:59 +0000 2013](https://twitter.com/adulau/status/287235938852171778)) +---- +@jepoirrier Thanks to diesel for powering the GSM base station... + +(Originally on Twitter: [Sat Jan 05 19:45:43 +0000 2013](https://twitter.com/adulau/status/287646078407430144)) +---- +@wimremes A per vendor RSS feed. Sure I can add it but the CPE classification might be confused... http://adulau.github.com/cve-search/ cc: @RSnake + +(Originally on Twitter: [Sat Jan 05 21:07:08 +0000 2013](https://twitter.com/adulau/status/287666566680678401)) +---- +English Letter Frequency Counts: +Mayzner Revisited http://norvig.com/mayzner.html + +(Originally on Twitter: [Sun Jan 06 07:56:42 +0000 2013](https://twitter.com/adulau/status/287830032603295744)) +---- +RT @BenLaurie: OpenSSL moves to git: + +git clone git://openssl.net/openssl + +Possibly in flux for a while, but ... enjoy. + +And Happy New Year! + +(Originally on Twitter: [Sun Jan 06 21:52:48 +0000 2013](https://twitter.com/adulau/status/288040446528208898)) +---- +http://wiki.debian.org/DebianWiki/SecurityIncident2012 "Security breach on the Debian wiki" "The attacker(s) stole the email and password hashes of Debian wiki users" + +(Originally on Twitter: [Mon Jan 07 10:16:12 +0000 2013](https://twitter.com/adulau/status/288227528420765696)) +---- +@quinnnorton http://arxiv.org/abs/1207.2683 "IP over Voice-over-IP for censorship circumvention" At least a prototype exists... + +(Originally on Twitter: [Mon Jan 07 10:52:30 +0000 2013](https://twitter.com/adulau/status/288236665808515072)) +---- +RT @moxie: A surprising number of young people have been contacting me to ask for career advice recently. Here are my suggestions: http: ... + +(Originally on Twitter: [Mon Jan 07 21:07:49 +0000 2013](https://twitter.com/adulau/status/288391515183665153)) +---- +Music for the #infosec people especially while coding http://www.youtube.com/watch?feature=player_embedded&v=g72AaWagoLY#! + +(Originally on Twitter: [Mon Jan 07 22:05:30 +0000 2013](https://twitter.com/adulau/status/288406027995590656)) +---- +@DennisRand Do you know what's the role of the ECC (European Cybercrime Centre)? is that a centralized law-enforcement agency in Europe? + +(Originally on Twitter: [Thu Jan 10 09:30:04 +0000 2013](https://twitter.com/adulau/status/289303083165577216)) +---- +@Janet_LegReg IMHO, The best for risk mitigation is to ditch #BYOD in any corporate #security + +(Originally on Twitter: [Thu Jan 10 12:29:21 +0000 2013](https://twitter.com/adulau/status/289348200274481152)) +---- +@Janet_LegReg Right but I still think that #BYOD and the #security of internal critical assets are inherently incompatible. + +(Originally on Twitter: [Thu Jan 10 13:42:18 +0000 2013](https://twitter.com/adulau/status/289366557249912832)) +---- +RT @circl_lu: http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/ "New year, new Java zeroday!" #java #security this exploit works on fully-patched Java... + +(Originally on Twitter: [Thu Jan 10 14:10:08 +0000 2013](https://twitter.com/adulau/status/289373565390815234)) +---- +RT @metasploit: In case you haven't seen it, the Ruby on Rails module is now available for #Metasploit: http://r-7.co/VSbX6a Update your ... + +(Originally on Twitter: [Thu Jan 10 16:21:14 +0000 2013](https://twitter.com/adulau/status/289406556213235712)) +---- +@wimremes http://www.nianticproject.com/ I'm wondering if the SQLi are part of the game? #ingress + +(Originally on Twitter: [Thu Jan 10 17:02:47 +0000 2013](https://twitter.com/adulau/status/289417011166052353)) +---- +http://gaurangkp.wordpress.com/2013/01/09/nokia-https-mitm/ "Nokia’s MITM on HTTPS traffic from their phone" #infosec #security + +(Originally on Twitter: [Thu Jan 10 22:24:21 +0000 2013](https://twitter.com/adulau/status/289497937690640384)) +---- +RT @EKwatcher: Looks like Cool EK is also including the IE 8 0-day exploit (CVE-2012-4972) similar to the one in Metasploit + +(Originally on Twitter: [Fri Jan 11 08:37:36 +0000 2013](https://twitter.com/adulau/status/289652264803631104)) +---- +RT @SteveClement: Qqn. a des Information sur la Ligne 42 de l’SNCB? + +Est-ce que le Luxembourg est touché aussi? #CFL + +http://www.salm.be/Vielsalm-plan-d-investissement-de-la-SNCB-et-avenir-de-la-ligne-42-Liege-Gouvy-Luxembourg + +(Originally on Twitter: [Fri Jan 11 13:07:00 +0000 2013](https://twitter.com/adulau/status/289720064884752385)) +---- +https://github.com/MITRECND/yaraprocessor "Yaraprocessor allows you to scan data streams via data streams in discrete chunks, or buffers. " #yara #infosec + +(Originally on Twitter: [Fri Jan 11 13:16:54 +0000 2013](https://twitter.com/adulau/status/289722555932217345)) +---- +RT @ioerror: It is absolutely soul crushing to learn that @aaronsw is dead: http://tech.mit.edu/V132/N61/swartz.html He will be missed by many; he was a won ... + +(Originally on Twitter: [Sat Jan 12 19:22:13 +0000 2013](https://twitter.com/adulau/status/290176878743007232)) +---- +RT @mattblaze: The @aaronsw JSTOR case is the only example I'm aware of of a computer crime case being prosecuted without the victim pre ... + +(Originally on Twitter: [Sat Jan 12 19:22:17 +0000 2013](https://twitter.com/adulau/status/290176893603438595)) +---- +Today, it's not about malware analysis, infosec or anything like that... It's just a set of trees http://www.flickr.com/photos/adulau/8377265638/in/photostream + +(Originally on Twitter: [Sun Jan 13 17:17:07 +0000 2013](https://twitter.com/adulau/status/290507783114207233)) +---- +@csoghoian doing pseudo-free license limiting the fields of endeavor is a mistake. There are legal loopholes and FLOSS incompatibilities. + +(Originally on Twitter: [Sun Jan 13 19:04:11 +0000 2013](https://twitter.com/adulau/status/290534728132616192)) +---- +RT @Netzob: Want an alphabet of relevant strings (byte/word n-grams) based on an unknown protocol? try Sally by @mlsec http://t.co/rbSDw ... + +(Originally on Twitter: [Sun Jan 13 21:37:07 +0000 2013](https://twitter.com/adulau/status/290573212939612161)) +---- +RT @virusbtn: Oracle has released JDK update 7u11, which fixes critical Java vulnerability CVE-2013-0422 discovered this week http://t.c ... + +(Originally on Twitter: [Sun Jan 13 21:42:13 +0000 2013](https://twitter.com/adulau/status/290574495968788481)) +---- +RT @mlsec: A quick intro to Sally has been recently published in JMLR: http://jmlr.csail.mit.edu/papers/volume13/rieck12a/rieck12a.pdf (JMLR is open access for years btw) + +(Originally on Twitter: [Sun Jan 13 21:45:34 +0000 2013](https://twitter.com/adulau/status/290575339221032960)) +---- +RT @mattblaze: @Dymaxion @csoghoian I don't think that's actually the choice. Govts already participate in 0day markets. + +(Originally on Twitter: [Mon Jan 14 14:09:50 +0000 2013](https://twitter.com/adulau/status/290823041410281473)) +---- +Nowadays, the random generators are mainly used for the malware attribution business... #infosec #security #redoctober + +(Originally on Twitter: [Mon Jan 14 21:23:19 +0000 2013](https://twitter.com/adulau/status/290932130098331648)) +---- +http://www.ietf.org/id/draft-ietf-sidr-usecases-06.txt "Use Cases and Interpretation of RPKI Objects for Issuers and Relying Parties" #bgp #security + +(Originally on Twitter: [Tue Jan 15 10:14:27 +0000 2013](https://twitter.com/adulau/status/291126192273231872)) +---- +http://honeyproxy.org/ "a man-in-the-middle SSL proxy & traffic analyzer" compatible with mitmproxy #infosec + +(Originally on Twitter: [Wed Jan 16 15:02:13 +0000 2013](https://twitter.com/adulau/status/291560996449943553)) +---- +RT @headhntr: New Document shows German Federal Gov. purchase of Gamma's #FinFisher / #FinSpy Trojan - https://netzpolitik.org/2013/geheimes-dokument-bundeskriminalamt-kauft-international-bekannten-staatstrojaner-finfisherfinspy-von-gamma/ (german) vi ... + +(Originally on Twitter: [Wed Jan 16 15:47:03 +0000 2013](https://twitter.com/adulau/status/291572282680303616)) +---- +RT @malwarelu: Our fourth article about #RedOctober here: http://code.google.com/p/malware-lu/wiki/en_malware_redoctober_cc our home made command & control in python! http://t.c ... + +(Originally on Twitter: [Wed Jan 16 16:15:39 +0000 2013](https://twitter.com/adulau/status/291579475961974785)) +---- +@malwarelu only calc.exe is executed ;-) I was expecting some obscure and random malware from your collection. #redoctober #fun + +(Originally on Twitter: [Wed Jan 16 16:18:14 +0000 2013](https://twitter.com/adulau/status/291580127001862145)) +---- +@malwarelu for fun only, you could also play with TorInj and reinject it for the poor malware analyst using Tor ;-) http://www.foo.be/torinj/ + +(Originally on Twitter: [Wed Jan 16 16:28:38 +0000 2013](https://twitter.com/adulau/status/291582744096555009)) +---- +hack.lu 2013 will take place the 22-24 October 2013 - see you there ;-) @hack_lu #infosec #conference #hacklu + +(Originally on Twitter: [Thu Jan 17 11:00:08 +0000 2013](https://twitter.com/adulau/status/291862464885301248)) +---- +RT @circl_lu: http://www.securelist.com/en/analysis/204792273/Red_October_Detailed_Malware_Description " “Red October”. Detailed Malware Description 4. Second Stage of Attack" including the modules artef ... + +(Originally on Twitter: [Thu Jan 17 14:56:43 +0000 2013](https://twitter.com/adulau/status/291922002510508032)) +---- +RT @fpietrosanti: EU-funded project calls for transparency and accountability of use of surveillance systems http://www.federicoguerrini.com/english/ec-funded-project-calls-for-greater-transparency-and-accountability-re-use-of-surveillance-systems/ /cc @ ... + +(Originally on Twitter: [Thu Jan 17 15:12:17 +0000 2013](https://twitter.com/adulau/status/291925920544079872)) +---- +RT @circl_lu: http://seclists.org/fulldisclosure/2013/Jan/142 "[SE-2012-01] Java 7 Update 11 confirmed to be vulnerable" #infosec #java + +(Originally on Twitter: [Fri Jan 18 14:30:40 +0000 2013](https://twitter.com/adulau/status/292277833533894657)) +---- +@BiellaColeman Maybe reseaulibre.ca should give a try to local p2p sharing with Forban? http://www.foo.be/forban/ #scs13 + +(Originally on Twitter: [Fri Jan 18 20:35:57 +0000 2013](https://twitter.com/adulau/status/292369759733944321)) +---- +RT @alcyonsecurity: Finally. My rejection mail for attending the #NCSC conference. Good thing there is an alternative: @ALTSNL + +(Originally on Twitter: [Fri Jan 18 21:16:07 +0000 2013](https://twitter.com/adulau/status/292379868052738048)) +---- +RFC 3526 "More Modular Exponential (MODP) Diffie-Hellman groups" Can we still use the criteria for recent DH agreement? #crypto #infosec + +(Originally on Twitter: [Sat Jan 19 05:59:02 +0000 2013](https://twitter.com/adulau/status/292511466509185024)) +---- +"Your 2048-bit RSA public / private key pair is now being created." they should add "in the browser & we hope everything will be ok" #mega + +(Originally on Twitter: [Sun Jan 20 09:51:58 +0000 2013](https://twitter.com/adulau/status/292932470821752832)) +---- +@jweyrich Right with "encrypted with a hash derived from the user's login password." I'm curious about the hashing function doing this. + +(Originally on Twitter: [Sun Jan 20 11:00:56 +0000 2013](https://twitter.com/adulau/status/292949827929661442)) +---- +RT @zooko: “Publishing a Paper without the Code is Not Enough”—http://ur1.ca/cka1h (by a certain brilliant and delightful @ambimorph) # ... + +(Originally on Twitter: [Sun Jan 20 19:53:58 +0000 2013](https://twitter.com/adulau/status/293083968822185984)) +---- +@zooko @BrianKent @ambimorph http://www.d.umn.edu/~tpederse/Pubs/pedersen-last-word-2008.pdf A related paper (2008) "Empiricism Is Not a Matter of Faith" + +(Originally on Twitter: [Sun Jan 20 20:45:21 +0000 2013](https://twitter.com/adulau/status/293096900054364160)) +---- +@bortzmeyer the DNS-lg is a good idea that would be a nice way to feed Passive DNS to have different views of key domain names. + +(Originally on Twitter: [Sun Jan 20 21:26:35 +0000 2013](https://twitter.com/adulau/status/293107277806854145)) +---- +@novytweety If the data were very sensitive, shred it. Nowadays, I would recommend to create a new encrypted partition and then wipe it. + +(Originally on Twitter: [Mon Jan 21 07:20:49 +0000 2013](https://twitter.com/adulau/status/293256822670913536)) +---- +Anyone organizing a PGP keysigning session at #NCSC2013 ? That would be useful. + +(Originally on Twitter: [Tue Jan 22 16:58:11 +0000 2013](https://twitter.com/adulau/status/293764507644358656)) +---- +@lreerl The registration for #hacklu will just start after the #CFP (should be end February or early March). Hope to see you there. + +(Originally on Twitter: [Thu Jan 24 16:59:05 +0000 2013](https://twitter.com/adulau/status/294489513235976193)) +---- +@ioerror you seem very concentrated while listening to a question about Tor at #ncsc2013. Thanks for your work. https://www.flickr.com/photos/adulau/8412081726/ + +(Originally on Twitter: [Thu Jan 24 18:06:55 +0000 2013](https://twitter.com/adulau/status/294506580580372480)) +---- +http://archives.neohapsis.com/archives/fulldisclosure/2013-01/0221.html "Critical SSH Backdoor in multiple Barracuda Networks Products" but the scary part, it's not the only vendor. #infosec + +(Originally on Twitter: [Thu Jan 24 19:21:37 +0000 2013](https://twitter.com/adulau/status/294525381241872384)) +---- +http://seclists.org/fulldisclosure/2013/Jan/217 "CVE ID Syntax Change - Call for Public Feedback" #infosec #cve #cveid + +(Originally on Twitter: [Thu Jan 24 20:15:03 +0000 2013](https://twitter.com/adulau/status/294538827345825792)) +---- +@cbrocas Yep but the main problem is the ugly PasswordAuthentication that must be disabled at any cost. (removed from compiled OpenSSH?) + +(Originally on Twitter: [Fri Jan 25 09:52:19 +0000 2013](https://twitter.com/adulau/status/294744500411187200)) +---- +RT @nacin: If you suspect a vulnerability in WordPress core, you can disclose it privately to security@wordpress.org. Happy to chat (and ... + +(Originally on Twitter: [Fri Jan 25 12:28:27 +0000 2013](https://twitter.com/adulau/status/294783791652810752)) +---- +RT @jekil: New tool released! Photo/image forensics via metadata extraction http://www.imageforensic.org/ I hope you like it! + +(Originally on Twitter: [Fri Jan 25 12:39:01 +0000 2013](https://twitter.com/adulau/status/294786450019479552)) +---- +http://www.imageforensic.org/ is a nice tool - small question: Why do you said "high risk" for "GPSTag:" when the value is undefined @jekil + +(Originally on Twitter: [Fri Jan 25 12:42:25 +0000 2013](https://twitter.com/adulau/status/294787307280674816)) +---- +@jekil Thanks. Maybe from high to medium? if there are no localization info. Just to stress the point when the localization is present. + +(Originally on Twitter: [Fri Jan 25 14:38:02 +0000 2013](https://twitter.com/adulau/status/294816402169286657)) +---- +RT @cBekrar: Thank you vendors for backdooring your soft & placing hidden (you think!) features that allow us to pwn you with minimu ... + +(Originally on Twitter: [Sat Jan 26 16:56:26 +0000 2013](https://twitter.com/adulau/status/295213620206370816)) +---- +RT @daviddarts: Web inventor says governments stifling net freedom http://goo.gl/7EtB1 + +(Originally on Twitter: [Sat Jan 26 16:57:52 +0000 2013](https://twitter.com/adulau/status/295213980203487232)) +---- +@PETS_2013 "assigning an exclusive 3-year distribution license to Springer." Maybe you should consider open access for PETS cc/ @mattblaze + +(Originally on Twitter: [Sat Jan 26 17:08:52 +0000 2013](https://twitter.com/adulau/status/295216748397993984)) +---- +RT @circl_lu: https://www.circl.lu/files/tf-csirt-first2013-circl-restena-blackhole.pdf "Another Perspective to IP-Darkspace Analysis" presented at #FIRST #TFCSIRT + +(Originally on Twitter: [Tue Jan 29 09:45:10 +0000 2013](https://twitter.com/adulau/status/296192253653831681)) +---- +Seeing BYOD terminology, I'm always wondering if the D means desolation, destruction or devastation. #infosec #byod + +(Originally on Twitter: [Tue Jan 29 11:32:08 +0000 2013](https://twitter.com/adulau/status/296219169605689346)) +---- +RT @fygrave: @adulau B[ring]Y[your]O[wn]D[etonation device] ;-) + +(Originally on Twitter: [Tue Jan 29 11:36:52 +0000 2013](https://twitter.com/adulau/status/296220361681428481)) +---- +RT @snazmeister: @adulau I like to think that it means Bring Your Own Disaster. As I feel that with users, this is inevitable #BYOD + +(Originally on Twitter: [Tue Jan 29 11:37:02 +0000 2013](https://twitter.com/adulau/status/296220404853374977)) +---- +#TFCSIRT #FIRST Following the ongoing presentation about CVE, CPE and CVSS, you might be interested https://github.com/adulau/cve-search and its ranking. + +(Originally on Twitter: [Tue Jan 29 16:35:33 +0000 2013](https://twitter.com/adulau/status/296295526712893440)) +---- +RT @circl_lu: http://www.kb.cert.org/vuls/id/922681 "Portable SDK for UPnP Devices (libupnp) contains multiple buffer overflows in SSDP" #infosec #router + +(Originally on Twitter: [Tue Jan 29 17:09:20 +0000 2013](https://twitter.com/adulau/status/296304031205310465)) +---- +RT @tcertcom: Telecom Honey Pot catches new SS7 attacker today. And still some vendors and operators say it's a totally safe network. #t ... + +(Originally on Twitter: [Thu Jan 31 09:50:22 +0000 2013](https://twitter.com/adulau/status/296918334442700800)) +---- +RT @circl_lu: Regarding last tweet, we recommend disabling #UPnP on routers if it is not needed or block port for untrusted sources http ... + +(Originally on Twitter: [Thu Jan 31 09:50:43 +0000 2013](https://twitter.com/adulau/status/296918422544068608)) +---- +RT @PETS_2013: @adulau indeed we're considering moving to open access for next years hoping to make progress as a community, and not as ... + +(Originally on Twitter: [Fri Feb 01 09:48:16 +0000 2013](https://twitter.com/adulau/status/297280195092684800)) +---- +Will be at #FOSDEM tomorrow + +(Originally on Twitter: [Fri Feb 01 20:47:27 +0000 2013](https://twitter.com/adulau/status/297446084937129984)) +---- +https://github.com/MerlijnWajer/tracy "tracy - a system call tracer and injector." #infosec + +(Originally on Twitter: [Fri Feb 01 21:33:10 +0000 2013](https://twitter.com/adulau/status/297457591364247552)) +---- +@tunguuz Thanks it was nice to see you and talk about those disappearing technologies. + +(Originally on Twitter: [Sat Feb 02 08:09:09 +0000 2013](https://twitter.com/adulau/status/297617638861967360)) +---- +@l_a_u_r_e_n_t If you see something to be done in #forban to be used for #pirateboxbru let me know. + +(Originally on Twitter: [Sun Feb 03 09:17:46 +0000 2013](https://twitter.com/adulau/status/297997296904327168)) +---- +https://www.flickr.com/photos/adulau/8442476626/ "Everybody needs a hacker" even hackers... #fosdem + +(Originally on Twitter: [Sun Feb 03 19:50:58 +0000 2013](https://twitter.com/adulau/status/298156646511816704)) +---- +@jpflorent We already sent a list of vulnerabilities the 22nd of January to them but it was before the challenge really started ;-( + +(Originally on Twitter: [Mon Feb 04 16:15:01 +0000 2013](https://twitter.com/adulau/status/298464689673871360)) +---- +RT @circl_lu: http://bgpranking.circl.lu/ has been updated including the graphs and new public black-list were added. raw data available #bgp # ... + +(Originally on Twitter: [Mon Feb 04 16:34:35 +0000 2013](https://twitter.com/adulau/status/298469613350563840)) +---- +@Kaplan_CERTat The two (a)s got lost in front of an (a). https://www.flickr.com/photos/adulau/8445182447/ #photography #geeks cc: @ddurvaux + +(Originally on Twitter: [Mon Feb 04 22:51:50 +0000 2013](https://twitter.com/adulau/status/298564549072793601)) +---- +RT @circl_lu: http://curl.haxx.se/docs/adv_20130206.html libcurl is vulnerable to a buffer overflow vulnerability when using protocols POP3, SMTP or IMAP. #in ... + +(Originally on Twitter: [Wed Feb 06 16:57:06 +0000 2013](https://twitter.com/adulau/status/299200055427072000)) +---- +I'm betting that more searches on intel eeprom 8257 82583 82574L will pop up in a very near future... #infosec + +(Originally on Twitter: [Wed Feb 06 22:05:27 +0000 2013](https://twitter.com/adulau/status/299277654991982592)) +---- +http://referaat.cs.utwente.nl/conference/18/paper/7381/characterization-of-tor-exit-nodes.pdf "Characterization of Tor Exit-Nodes" #tor #privacy #infosec + +(Originally on Twitter: [Thu Feb 07 16:47:11 +0000 2013](https://twitter.com/adulau/status/299559947774083073)) +---- +https://community.ja.net/blogs/regulatory-developments/article/eu-cyber-security-strategy Comments about the +EU Cyber Security Strategy. + +(Originally on Twitter: [Thu Feb 07 17:04:29 +0000 2013](https://twitter.com/adulau/status/299564299070873602)) +---- +If you are a student and willing to work on CRLs and looking for an internship, you can DM me. #x509 #infosec http://www.foo.be/cours/dess-20122013/crl-datastore-and-browser.html + +(Originally on Twitter: [Fri Feb 08 19:45:21 +0000 2013](https://twitter.com/adulau/status/299967172367765504)) +---- +@mikko I'm surprise that you just discovered the work from the fabulous Fabrice Bellard. + +(Originally on Twitter: [Fri Feb 08 20:22:18 +0000 2013](https://twitter.com/adulau/status/299976470758055936)) +---- +RT @thegrugq: Coordinated disclosure w/ vendor? 90-180 days patch, you get nothing. Russian blackmarket <15 day patch, plus you get p ... + +(Originally on Twitter: [Sat Feb 09 20:09:39 +0000 2013](https://twitter.com/adulau/status/300335675549560832)) +---- +I don't know why but each time I see an interview with a spokesperson for a large corporation, I always see propaganda-person as a title. + +(Originally on Twitter: [Sun Feb 10 16:21:44 +0000 2013](https://twitter.com/adulau/status/300640706471550977)) +---- +https://github.com/SecPlus/libmalelf libmalelf is an evil library the intent to assist in the process of infecting ELF binaries... #infosec #elf + +(Originally on Twitter: [Sun Feb 10 16:33:53 +0000 2013](https://twitter.com/adulau/status/300643761539665921)) +---- +RT @hack_lu: We are working on the hack.lu 2013 (22-24 October) CFP, it will be open very soon. see you there. #infosec #conference #lux ... + +(Originally on Twitter: [Sun Feb 10 16:56:30 +0000 2013](https://twitter.com/adulau/status/300649456750182401)) +---- +@adainitiative What's the best approach for a call-for-paper to support your initiative? thank you cc @hack_lu #conference #hacklu + +(Originally on Twitter: [Sun Feb 10 17:14:03 +0000 2013](https://twitter.com/adulau/status/300653869388660738)) +---- +RT @hack_lu: @beist If you like we can reuse the picture for the poster of this year! We hope to see you... #hacklu /CC @ochsff + +(Originally on Twitter: [Sun Feb 10 19:29:59 +0000 2013](https://twitter.com/adulau/status/300688081286213632)) +---- +just booked my ticket for #OHM2013 + +(Originally on Twitter: [Mon Feb 11 14:41:47 +0000 2013](https://twitter.com/adulau/status/300977940399800321)) +---- +Tomorrow I have to explain what a kitten groomer is in order to get support a security research prototype... pfffff @quinnnorton + +(Originally on Twitter: [Mon Feb 11 22:15:01 +0000 2013](https://twitter.com/adulau/status/301091998692147201)) +---- +https://github.com/torvalds/linux/commit/b5c37fe6e24eec194bb29d22fdd55d73bcc709bf "sctp: sctp_endpoint_free: zero out secret key data" #sctp #linux + +(Originally on Twitter: [Tue Feb 12 12:02:11 +0000 2013](https://twitter.com/adulau/status/301300162536546305)) +---- +"How to choose a PIN - assessment of dictionary methods" http://arxiv.org/abs/1302.2656 #infosec #security #pin + +(Originally on Twitter: [Wed Feb 13 09:38:00 +0000 2013](https://twitter.com/adulau/status/301626265113337857)) +---- +RT @ambimorph: PIN solution: choose randomly and convert to memorable phrase: http://arxiv.org/abs/1302.2656 HT @adulau + +(Originally on Twitter: [Wed Feb 13 17:00:00 +0000 2013](https://twitter.com/adulau/status/301737501004017665)) +---- +@jmattheij Nice. I registered the domain http://paperbay.org in 2009 to do something similar. I'm sure @aaronsw would have liked it. + +(Originally on Twitter: [Wed Feb 13 17:44:33 +0000 2013](https://twitter.com/adulau/status/301748708725362689)) +---- +@jmattheij if you want a reverse proxy back, let me know. + +(Originally on Twitter: [Wed Feb 13 17:46:11 +0000 2013](https://twitter.com/adulau/status/301749120526340097)) +---- +The funky security netblock of the day http://bgpranking.circl.lu/asn_details?date=;source=;asn=199079;ip_details=2012-08-30T05:09:16.779919 #infosec the ISP has no luck with its customers ;-) cc @bgpranking + +(Originally on Twitter: [Wed Feb 13 17:54:03 +0000 2013](https://twitter.com/adulau/status/301751100745342976)) +---- +@___wr___ Looks like the song headhunter from Front 242. You scare me... ;-) + +(Originally on Twitter: [Wed Feb 13 18:21:14 +0000 2013](https://twitter.com/adulau/status/301757941550292992)) +---- +RT @mattblaze: Disappointed that some think our technical analysis should bend to accomodate their preferred conclusion. http://t.co/gFV ... + +(Originally on Twitter: [Wed Feb 13 19:07:48 +0000 2013](https://twitter.com/adulau/status/301769660683141121)) +---- +RT @mattblaze: @evacide LE has *always* used targeted surveillance, long before the net. It's the global mandates that are new + +(Originally on Twitter: [Wed Feb 13 19:14:10 +0000 2013](https://twitter.com/adulau/status/301771263154745344)) +---- +RT @botherder: Despite the mistakes from all sides, I want to give my support to @ioerror for the unreasonable hostility he received bec ... + +(Originally on Twitter: [Fri Feb 15 09:13:37 +0000 2013](https://twitter.com/adulau/status/302344907778039808)) +---- +https://github.com/shjalayeri/MCEDP "Malicious Code Execution Detection Prevention (MCEDP) High Interaction Client Honeypot" #honeypot + +(Originally on Twitter: [Fri Feb 15 21:18:46 +0000 2013](https://twitter.com/adulau/status/302527393766207488)) +---- +I was lost in the snow and burnt by the sun but my CCD still works. http://www.flickr.com/photos/adulau/8471539608/in/photostream #sooc #photography #winter + +(Originally on Twitter: [Fri Feb 15 21:23:53 +0000 2013](https://twitter.com/adulau/status/302528682793263104)) +---- +@snazmeister Yes, this makes sense. Would you trust software? I can't. #infosec + +(Originally on Twitter: [Sat Feb 16 15:26:20 +0000 2013](https://twitter.com/adulau/status/302801090896863233)) +---- +@cryptocatapp "We are not looking to hire someone to write an implementation," Why? that's usually the only way to validate the mpOTR spec. + +(Originally on Twitter: [Sat Feb 16 17:37:52 +0000 2013](https://twitter.com/adulau/status/302834191631007744)) +---- +@OSVDB It seems that the link http://osvdb.org/database_info is down. Is there another way to download the full DB of OSVDB? thanks for your work. + +(Originally on Twitter: [Sat Feb 16 17:40:21 +0000 2013](https://twitter.com/adulau/status/302834818700419073)) +---- +@OSVDB Ok, thx. I just wanted to add the import for http://adulau.github.com/cve-search/ to help people to do local searches from OSVDB too. + +(Originally on Twitter: [Sat Feb 16 17:48:15 +0000 2013](https://twitter.com/adulau/status/302836804741111810)) +---- +@dena_ftb I'm listening your tracks from Belgium... nice work. keep on... you should add a bit more beats from a 303 and 909 ;-) + +(Originally on Twitter: [Sat Feb 16 20:28:25 +0000 2013](https://twitter.com/adulau/status/302877114082934784)) +---- +RT @aumasson: announcing the Password Hashing Competition: https://password-hashing.net submit before January 31, 2014 + +(Originally on Twitter: [Sat Feb 16 21:28:41 +0000 2013](https://twitter.com/adulau/status/302892281327919105)) +---- +http://www.strazzere.com/blog/2013/02/loose-documentation-leads-to-easy-disassembler-breakages/ "Loose Documentation Leads to Easy Disassembler Breakages" #security #reversing + +(Originally on Twitter: [Sun Feb 17 09:15:35 +0000 2013](https://twitter.com/adulau/status/303070175547236352)) +---- +http://www.ccssforum.org/malware-certificates.php " list of digital certificates that have been reported by the forum as possibly being associated with malware" + +(Originally on Twitter: [Tue Feb 19 05:48:19 +0000 2013](https://twitter.com/adulau/status/303742791031336960)) +---- +https://www.djangoproject.com/weblog/2013/feb/19/security/ I know why I like static pages ;-) #security + +(Originally on Twitter: [Tue Feb 19 22:38:20 +0000 2013](https://twitter.com/adulau/status/303996969033007105)) +---- +http://www.nlnetlabs.nl/downloads/publications/report-rrl-dekoning-rozekrans.pdf "Defending against DNS reflection amplification attacks" #infosec #dns #security + +(Originally on Twitter: [Wed Feb 20 07:57:40 +0000 2013](https://twitter.com/adulau/status/304137730219204609)) +---- +RT @Tactical_Intel: Dude has so much Zeus traffic on his network he should rename his company Mount Olympus. + +(Originally on Twitter: [Wed Feb 20 20:26:22 +0000 2013](https://twitter.com/adulau/status/304326148320542720)) +---- +http://www.adobe.com/support/security/bulletins/apsb13-07.html Finally the updates for CVE-2013-0640, CVE-2013-0641 are available... #security + +(Originally on Twitter: [Wed Feb 20 20:53:44 +0000 2013](https://twitter.com/adulau/status/304333034755350528)) +---- +RT @OpenITP: OpenITP's first round of 2013 project funding is now open for proposals! http://www.openitp.com/?q=node/33 @guardianproject @accessnow @ ... + +(Originally on Twitter: [Thu Feb 21 20:29:57 +0000 2013](https://twitter.com/adulau/status/304689439869902849)) +---- +To malware authors, don't work too much into A/V detection it's useless. A loader using LoadLibraryA GetProcAddr.. & VirtualAlloc is enough. + +(Originally on Twitter: [Thu Feb 21 20:39:21 +0000 2013](https://twitter.com/adulau/status/304691802139668482)) +---- +@eromang Thanks for your researches too. Maybe more to come... + +(Originally on Twitter: [Thu Feb 21 21:51:49 +0000 2013](https://twitter.com/adulau/status/304710040433078273)) +---- +@hh86_ Does it depend on the Free list internal implementation of Windows? If yes, I think block alloc is ascending. For glibc, descending? + +(Originally on Twitter: [Thu Feb 21 22:05:37 +0000 2013](https://twitter.com/adulau/status/304713513719459841)) +---- +@eromang maybe the socket is still open on the proxy side but not ending somewhere. I'm wondering how they manage all the reverse shells ;-) + +(Originally on Twitter: [Thu Feb 21 22:07:15 +0000 2013](https://twitter.com/adulau/status/304713924840939520)) +---- +RT @mikko: At least two fake Mandiant reports in circulation, with exploits embedded. See http://www.symantec.com/connect/node/2702691 and http://t.co/dAA6cxA ... + +(Originally on Twitter: [Fri Feb 22 05:49:52 +0000 2013](https://twitter.com/adulau/status/304830343524003840)) +---- +"All information collected should be stored securely on read only media." from ISO/IEC 27035 really? 15TB on read only media? #security + +(Originally on Twitter: [Fri Feb 22 10:17:51 +0000 2013](https://twitter.com/adulau/status/304897785407348736)) +---- +Is there any public security review for the poppler source code? it's really used everywhere... http://poppler.freedesktop.org/ @OpenITP + +(Originally on Twitter: [Fri Feb 22 14:28:02 +0000 2013](https://twitter.com/adulau/status/304960746574471169)) +---- +@cudeso "A lot of people never use their initiative because no-one told them to.” written sometime by #Banksy on some walls. + +(Originally on Twitter: [Fri Feb 22 22:20:38 +0000 2013](https://twitter.com/adulau/status/305079678232838145)) +---- +http://pastebin.com/raw.php?i=v10EPR5u "Additional Comment Crew Indicators of Compromise" At this rhythm the whole 2^32 ip space will be published. #infosec + +(Originally on Twitter: [Fri Feb 22 22:31:01 +0000 2013](https://twitter.com/adulau/status/305082291795943424)) +---- +Don't fall into the trap of @koken it's not free software... Maybe it's time for them to use a real free software license + +(Originally on Twitter: [Sat Feb 23 17:25:12 +0000 2013](https://twitter.com/adulau/status/305367720747220992)) +---- +http://www.foo.be/cgi-bin/wiki.pl/2013-02-23_Vulnerability_Management_Is_Just_An_Approximation "Software Vulnerability Management Is Just A Huge Approximation" #infosec #security #cve @wimremes + +(Originally on Twitter: [Sat Feb 23 20:53:40 +0000 2013](https://twitter.com/adulau/status/305420182153736195)) +---- +@wimremes Thanks. Don't forget that you somehow played a role in this blog post ;-) + +(Originally on Twitter: [Sat Feb 23 21:01:23 +0000 2013](https://twitter.com/adulau/status/305422122552016896)) +---- +@msuiche I might submit something. Is the CFP still closing end of March? @NoSuchCon cc @tricaud + +(Originally on Twitter: [Sun Feb 24 20:47:15 +0000 2013](https://twitter.com/adulau/status/305780955505913856)) +---- +RT @nickm_tor: @aumasson I've felt that everyone should get some press coverage, just to learn how little credence to give the rest of w ... + +(Originally on Twitter: [Mon Feb 25 21:00:58 +0000 2013](https://twitter.com/adulau/status/306146796722352128)) +---- +RT @_oRb: CVE-2013-1763 +https://rdot.org/forum/showpost.php?p=30827&postcount=3 + +(Originally on Twitter: [Mon Feb 25 21:19:19 +0000 2013](https://twitter.com/adulau/status/306151410892935169)) +---- +https://blog.bit9.com/2013/02/25/bit9-security-incident-update/ "Bit9 Security Incident Update" Interesting +Mdmbot.F is back... #malware #infosec + +(Originally on Twitter: [Mon Feb 25 21:29:45 +0000 2013](https://twitter.com/adulau/status/306154038204956672)) +---- +@cudeso "Global Attacker Intelligence Service" Is this a new tool for automatic exploitation of #juniper devices? ;-) + +(Originally on Twitter: [Mon Feb 25 21:58:43 +0000 2013](https://twitter.com/adulau/status/306161327179714560)) +---- +@cudeso In these days, the global scope is in eyes of the attackers and the private scope is in the eyes of victims. Where should we be? + +(Originally on Twitter: [Mon Feb 25 22:16:15 +0000 2013](https://twitter.com/adulau/status/306165740808048640)) +---- +Are you doing security researches on botnets? You might consider to submit it to @Botconf 2013 #cfp #infosec #malware + +(Originally on Twitter: [Mon Feb 25 22:26:58 +0000 2013](https://twitter.com/adulau/status/306168436642418688)) +---- +A small recommendation to people in public transport next to me, don't plug the USB key I left unattended you might be surprised... + +(Originally on Twitter: [Tue Feb 26 18:12:24 +0000 2013](https://twitter.com/adulau/status/306466763594428417)) +---- +http://marc.info/?l=openssh-unix-dev&m=136191728900631&w=2 "Added support for encrypt-then-mac (EtM) MAC modes for SSH protocol 2." #openssh #ssh #crypto + +(Originally on Twitter: [Wed Feb 27 21:17:59 +0000 2013](https://twitter.com/adulau/status/306875851331473408)) +---- +RT @skier_t: Darm - a lightweight, efficient, ARMv7 disassembler in C (BSD3, Python bindings) http://jbremer.org/darm/ + +(Originally on Twitter: [Wed Feb 27 21:18:16 +0000 2013](https://twitter.com/adulau/status/306875924266229760)) +---- +RT @AlTobey: Dear @github: please add a >>> fast-forward button for browsing Java projects. If I press it, it takes me to the f ... + +(Originally on Twitter: [Thu Feb 28 05:43:14 +0000 2013](https://twitter.com/adulau/status/307003001426542592)) +---- +RT @circl_lu: http://docs.cpanel.net/twiki/bin/view/AllDocumentation/CompSystem#Compromised%20RPMs more info about the Trojanized OpenSSH packages. #security #malware #trojan #cpanel + +(Originally on Twitter: [Thu Feb 28 13:18:15 +0000 2013](https://twitter.com/adulau/status/307117511407706112)) +---- +https://forums.dropbox.com/topic.php?id=97303 "Why was my email leaked?" #security #dropbox + +(Originally on Twitter: [Thu Feb 28 20:12:11 +0000 2013](https://twitter.com/adulau/status/307221683629092864)) +---- +@craiu If you are looking a good track for #duke #miniduke I would suggest Front 242 headhunter http://www.youtube.com/watch?v=m1cRGVaJF7Y + +(Originally on Twitter: [Fri Mar 01 16:47:51 +0000 2013](https://twitter.com/adulau/status/307532646689427456)) +---- +RT @jduck1337: The recent Java exploit (CVE-2013-1493) appears to exploit a vulnerability in the color management native code. + +(Originally on Twitter: [Sat Mar 02 10:49:42 +0000 2013](https://twitter.com/adulau/status/307804904553058304)) +---- +Some interesting memory disclosure bugs in user-space from the Linux kernel crypto part: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 #security #linux + +(Originally on Twitter: [Sun Mar 03 20:26:30 +0000 2013](https://twitter.com/adulau/status/308312447951962112)) +---- +@altquinn to reassure you it's also freezing cold here. #europe is just like #US + +(Originally on Twitter: [Sun Mar 03 21:39:22 +0000 2013](https://twitter.com/adulau/status/308330787776897024)) +---- +Second paper I read mentioning privacy-preserving with Bloom filters for IPv4 addresses. Look-up of 4 billions entries is fast ;-) #privacy + +(Originally on Twitter: [Sun Mar 03 21:56:28 +0000 2013](https://twitter.com/adulau/status/308335089203429376)) +---- +RT @DennisRand: IPv6 Focus Month at the Internet Storm Center +https://isc.sans.edu/diary/IPv6+Focus+Month+at+the+Internet+Storm+Center/15307 + +(Originally on Twitter: [Mon Mar 04 08:01:44 +0000 2013](https://twitter.com/adulau/status/308487410239553536)) +---- +RT @circl_lu: http://contagiodump.blogspot.com/2013/03/mandiant-apt1-samples-categorized-by.html "Mandiant APT1 samples categorized by malware families" #infosec #apt1 #malware + +(Originally on Twitter: [Mon Mar 04 17:06:13 +0000 2013](https://twitter.com/adulau/status/308624434632220672)) +---- +RT @eromang: Urf … #Oracle #Java Update 7 U 17 message "The update is improperly signed" #Update #Error + +(Originally on Twitter: [Mon Mar 04 21:19:43 +0000 2013](https://twitter.com/adulau/status/308688229815681025)) +---- +https://crypton.io/ "Crypton is a framework for building cryptographically secure cloud applications." Did someone try this? #crypto + +(Originally on Twitter: [Mon Mar 04 22:42:41 +0000 2013](https://twitter.com/adulau/status/308709105994969089)) +---- +Yep @grsecurity should be mandatory. + +(Originally on Twitter: [Tue Mar 05 10:59:12 +0000 2013](https://twitter.com/adulau/status/308894457846177792)) +---- +RT @iiamit: @jack_daniel thing is - PCI (and most regulations) are trying to bring the horribly unprotected to lowest comm denom. #medio ... + +(Originally on Twitter: [Tue Mar 05 21:20:34 +0000 2013](https://twitter.com/adulau/status/309050831565643777)) +---- +https://gist.github.com/adulau/5094750 some random notes on how to acquire memory from a running Linux system, feel free to update. #infosec #forensic + +(Originally on Twitter: [Tue Mar 05 22:07:41 +0000 2013](https://twitter.com/adulau/status/309062685952188416)) +---- +@quinnnorton @turkshead The Pu Erh pack on the right side of the picture might confuse a LE analyst... #tea with #gun + +(Originally on Twitter: [Thu Mar 07 12:30:40 +0000 2013](https://twitter.com/adulau/status/309642250403586048)) +---- +@quinnnorton @turkshead They do especially when you talk about an AK-12 or Mecar M72 that you can exchange with 20KG of Pu Erh. #monitoring + +(Originally on Twitter: [Thu Mar 07 15:45:28 +0000 2013](https://twitter.com/adulau/status/309691277274935296)) +---- +RT @y0m: Having fun with cuckoo (again). http://malwr.com/analysis/e8a064854b655baee7515eff8ae8ad17/ + +(Originally on Twitter: [Thu Mar 07 16:15:07 +0000 2013](https://twitter.com/adulau/status/309698737704423424)) +---- +A note for malware authors, you should stop to use your custom binary protocols and go for JSON-based protocol. You won't be detected... + +(Originally on Twitter: [Thu Mar 07 17:16:11 +0000 2013](https://twitter.com/adulau/status/309714105089015810)) +---- +@thegrugq As long as you have a VAT number, you can buy/sell stuff including 0-days. A blackhat with a VAT is just another company ;-) + +(Originally on Twitter: [Thu Mar 07 21:21:03 +0000 2013](https://twitter.com/adulau/status/309775727300071425)) +---- +@giovannibajo Are you sure Simtec Electronics is going out of business? I just have one entropy key that I use regularly. #crypto + +(Originally on Twitter: [Sat Mar 09 09:18:15 +0000 2013](https://twitter.com/adulau/status/310318606485430272)) +---- +RT @rjek: @jpmens @habbie Incidentally, they should start shipping again RSN: the lead design and production engineer has had some *MAJO ... + +(Originally on Twitter: [Sat Mar 09 12:07:06 +0000 2013](https://twitter.com/adulau/status/310361098136219648)) +---- +@usnistgov It seems that your website where the CVE/CPE dumps are located is experiencing some issues. http://nvd.nist.gov/download.cfm cc @wimremes + +(Originally on Twitter: [Mon Mar 11 09:10:09 +0000 2013](https://twitter.com/adulau/status/311041343046684672)) +---- +http://inertiawar.com/microcode/ "notes gathered while investigating the Intel microcode" Interesting... #security #intel #cpu #infosec + +(Originally on Twitter: [Tue Mar 12 17:55:16 +0000 2013](https://twitter.com/adulau/status/311535879804039168)) +---- +https://lkml.org/lkml/2013/3/11/501 +"drivers/gpu/drm/i915/i915_gem_execbuffer.c" bounds check execbuffer relocations... #kernel #linux #security + +(Originally on Twitter: [Wed Mar 13 16:48:33 +0000 2013](https://twitter.com/adulau/status/311881478009131008)) +---- +@wimremes Now we know why the 404 on the NVD XML dump while using cve-search #infosec http://www.theregister.co.uk/2013/03/14/us_malware_catalogue_hacked/ + +(Originally on Twitter: [Thu Mar 14 07:43:01 +0000 2013](https://twitter.com/adulau/status/312106578834755584)) +---- +http://arxiv.org/abs/1303.3047 "Data Retrieval over DNS in SQL Injection Attacks" #infosec #sqli Another good reason to limit recursive DNS queries. + +(Originally on Twitter: [Thu Mar 14 08:27:20 +0000 2013](https://twitter.com/adulau/status/312117729274523649)) +---- +RT @xme: <sponsor> marketing time </sponsor> #BlackHatEU + +(Originally on Twitter: [Thu Mar 14 08:49:35 +0000 2013](https://twitter.com/adulau/status/312123328762630144)) +---- +@Jindroush Which CRL are checking for 2B73432AA84F44? I checked all know CRLs for GoDaddy and cannot find 2B73432AA84F44... + +(Originally on Twitter: [Thu Mar 14 09:24:14 +0000 2013](https://twitter.com/adulau/status/312132049655984128)) +---- +@Jindroush Thank you. I'm curious if the CRL/OCSP check is properly done by the JRE in such case. + +(Originally on Twitter: [Thu Mar 14 09:45:02 +0000 2013](https://twitter.com/adulau/status/312137285921554432)) +---- +RT @mikko: 20 years ago, I was generating a PGP key and decided to go with a 384-bit key. Generating a longer one took too long… http:// ... + +(Originally on Twitter: [Fri Mar 15 08:04:11 +0000 2013](https://twitter.com/adulau/status/312474293088960512)) +---- +discovers that investing in professional lenses is safer than putting money in a bank account. The depreciation is lower than in Cyprus... + +(Originally on Twitter: [Sun Mar 17 12:11:02 +0000 2013](https://twitter.com/adulau/status/313261191470383105)) +---- +@travisgoodspeed Thx for the info. Why not moving GoodFET to @github ? git-svn is nice but can be really painful when merging... + +(Originally on Twitter: [Sun Mar 17 16:29:39 +0000 2013](https://twitter.com/adulau/status/313326273701244930)) +---- +RT @hashbreaker: "Cryptography worst practices" lecture from SecAppDev 2012 now has audio online: http://cr.yp.to/talks/2012.03.08-1/audio.ogg Slides: http:// ... + +(Originally on Twitter: [Sun Mar 17 18:34:21 +0000 2013](https://twitter.com/adulau/status/313357656268107776)) +---- +@ralphholz I couldn't resist to quote The Treasure of the Sierra Madre with "I know what gold does to men's souls. " #economy + +(Originally on Twitter: [Sun Mar 17 19:11:09 +0000 2013](https://twitter.com/adulau/status/313366918029524992)) +---- +RT @circl_lu: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4 "Cisco IOS and Cisco IOS XE Type 4 Passwords Issue" #cisco #security #ios + +(Originally on Twitter: [Mon Mar 18 16:18:41 +0000 2013](https://twitter.com/adulau/status/313685902138437634)) +---- +RT @ProcDOT: ProcDOT 1.0 beta is online! Get it from ... +http://cert.at/downloads/software/procdot_en.html + +(Originally on Twitter: [Tue Mar 19 10:27:06 +0000 2013](https://twitter.com/adulau/status/313959812197142528)) +---- +I don't know why but my favorite song from the Monty Python is running into my ears... https://www.youtube.com/watch?v=NH2P_pVze6s #infosec #apt + +(Originally on Twitter: [Thu Mar 21 10:43:47 +0000 2013](https://twitter.com/adulau/status/314688785927532544)) +---- +Think about all the PRNGs around you http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2013-003.txt.asc How many operates as expected? #crypto #random #infosec + +(Originally on Twitter: [Fri Mar 22 06:00:31 +0000 2013](https://twitter.com/adulau/status/314979884067860480)) +---- +https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/241305 The bug for #ubuntu I submitted 5 years ago is now solved. Yeah... #infosec #ipv6 + +(Originally on Twitter: [Fri Mar 22 09:00:14 +0000 2013](https://twitter.com/adulau/status/315025111709278208)) +---- +http://jessekornblum.livejournal.com/290597.html?nojs=1 "Using Colorize to Visualize Recovered Memory Forensics Data " #infosec + +(Originally on Twitter: [Fri Mar 22 10:16:36 +0000 2013](https://twitter.com/adulau/status/315044331788587008)) +---- +RT @alexsotirov: Just realized that my system would need 350 _days_ to decompress all the Internet Census data. Do I need to build a dec ... + +(Originally on Twitter: [Fri Mar 22 15:06:39 +0000 2013](https://twitter.com/adulau/status/315117323725967360)) +---- +@ioerror It might not be impossible that we add the Census data into BGP ranking http://bgpranking.circl.lu/ip_lookup just looking for the right dbstruct + +(Originally on Twitter: [Fri Mar 22 15:10:10 +0000 2013](https://twitter.com/adulau/status/315118210900975616)) +---- +Thanks to @jpflorent for the waste collection #opendata in Luxembourg province & I tried a D3 visualization http://www.foo.be/waste/ #belgium + +(Originally on Twitter: [Sat Mar 23 09:20:53 +0000 2013](https://twitter.com/adulau/status/315392696091033600)) +---- +@bortzmeyer Oui, l'entartrage est obligatoire dans ces cas ultimes. #jfr2013 + +(Originally on Twitter: [Sat Mar 23 09:39:03 +0000 2013](https://twitter.com/adulau/status/315397270990356481)) +---- +RT @i0n1c: Still annoyed that there is no easy way to do a multiline regex search over the disassembly with IDA. + +(Originally on Twitter: [Sun Mar 24 16:51:04 +0000 2013](https://twitter.com/adulau/status/315868379003105280)) +---- +@i0n1c At the end, "the dump ASM function in IDA and open in Vim" should be a default IDC plugin... + +(Originally on Twitter: [Sun Mar 24 16:53:23 +0000 2013](https://twitter.com/adulau/status/315868961398992896)) +---- +@eromang https://www.hkcert.org/ HKCERT + +(Originally on Twitter: [Sun Mar 24 18:45:49 +0000 2013](https://twitter.com/adulau/status/315897254609305600)) +---- +RT @fablablux: #FabLab #Luxembourg Official Opening on April 23rd @Technoport_Esch / REGISTER NOW via fablablux@technoport /... http://t ... + +(Originally on Twitter: [Tue Mar 26 18:37:21 +0000 2013](https://twitter.com/adulau/status/316619902746247169)) +---- +http://www.securityweek.com/nasa-takes-down-database-after-contractor-arrested "NASA Takes Down Database After Contractor Arrested" Why taking an HDD when a RAT is installed on every single PC ;-) + +(Originally on Twitter: [Tue Mar 26 18:47:06 +0000 2013](https://twitter.com/adulau/status/316622353658417153)) +---- +Next time a journalist asks me for the phone number of Satoshi Nakamoto, I won't be able to be serious. #cryptocircus #bitcoin + +(Originally on Twitter: [Tue Mar 26 20:00:50 +0000 2013](https://twitter.com/adulau/status/316640910823796736)) +---- +http://www.cc.gatech.edu/~traynor/papers/lever-ndss13.pdf "Analyzing Malicious Traffic in Cellular Carriers" "Known mobile malware samples are virtually unseen" dataset? + +(Originally on Twitter: [Wed Mar 27 05:40:57 +0000 2013](https://twitter.com/adulau/status/316786900457381888)) +---- +@HostExploit In your report, how do you differentiate parked domains hosting from malicious hosting? thank you. + +(Originally on Twitter: [Wed Mar 27 09:37:54 +0000 2013](https://twitter.com/adulau/status/316846530822828032)) +---- +https://hashcat.net/oclGaussCrack/ "The goal of the program is to crack the verification hash of the encrypted payload of the Gauss Virus" #malware + +(Originally on Twitter: [Wed Mar 27 21:06:18 +0000 2013](https://twitter.com/adulau/status/317019775010209792)) +---- +http://blog.codeclimate.com/blog/2013/03/27/rails-insecure-defaults/ "Rails' Insecure Defauts 13 Security Gotchas You Should Know About" #security #RoR + +(Originally on Twitter: [Wed Mar 27 21:15:12 +0000 2013](https://twitter.com/adulau/status/317022013472505857)) +---- +@nigroeneveld Cyber arms control is just the new name for the control of the cryptographic tools. Export restriction was a disaster. + +(Originally on Twitter: [Wed Mar 27 21:19:51 +0000 2013](https://twitter.com/adulau/status/317023184463486976)) +---- +@cbrocas Avec plaisir ;-) Dois-je comprendre que c'est une invitation à soumettre une présentation? #rmll2013 + +(Originally on Twitter: [Thu Mar 28 07:50:37 +0000 2013](https://twitter.com/adulau/status/317181919626407936)) +---- +RT @mruef: People telling me we should invest more in marketing. Nope, we have too much work to do. We should invest in recruiting instead! + +(Originally on Twitter: [Thu Mar 28 08:56:15 +0000 2013](https://twitter.com/adulau/status/317198435856027648)) +---- +Following the advice from @cbrocas I submitted a talk to the #rmll2013 and that one is not about breaking software but breaking copyright. + +(Originally on Twitter: [Thu Mar 28 21:26:16 +0000 2013](https://twitter.com/adulau/status/317387186091728896)) +---- +@esizkur @jvanegue @chrisrohlf I think it is (was?) using HMAC for ensuring the integrity of the messages. PSK management is cool ;-) + +(Originally on Twitter: [Thu Mar 28 21:34:20 +0000 2013](https://twitter.com/adulau/status/317389217439301634)) +---- +@esizkur I cannot DM you ;-) you know this wonderful twitter feature when you don't follow someone. + +(Originally on Twitter: [Thu Mar 28 21:43:17 +0000 2013](https://twitter.com/adulau/status/317391469218496512)) +---- +RT @circl_lu: https://www.circl.lu/pub/tr-12/ CIRCL published an analysis of a PlugX malware variant used for targeted attacks #malware #apt #plugx + +(Originally on Twitter: [Fri Mar 29 09:38:32 +0000 2013](https://twitter.com/adulau/status/317571467162292224)) +---- +@agonarch The only advantage of long-term copyright it's in use for free software copyleft-type licensing. 5-10 years period could be enough + +(Originally on Twitter: [Sat Mar 30 08:40:32 +0000 2013](https://twitter.com/adulau/status/317919258011131906)) +---- +@agonarch Improvement in the Berne convention to reduce the copyright term to 5-10 years, fair use extended and orphan works in PD. + +(Originally on Twitter: [Sat Mar 30 09:46:47 +0000 2013](https://twitter.com/adulau/status/317935932386996224)) +---- +made a visualization of keywords used in CVE from the past 14 years. added in cve-search http://www.foo.be/cve/ @secviz @wimremes #infosec + +(Originally on Twitter: [Sat Mar 30 15:58:12 +0000 2013](https://twitter.com/adulau/status/318029402548097024)) +---- +@angealbertini Right, for the viz. I should use a list of stop words. But the initial objective was to have a list for advisory detection. + +(Originally on Twitter: [Sat Mar 30 22:01:11 +0000 2013](https://twitter.com/adulau/status/318120747837046785)) +---- +@Contrepoints The article misses authors for a counter-comparison P. K. Dick, +Greg Bear or Orson S, Card. Diversity in litterature is key. + +(Originally on Twitter: [Sun Mar 31 07:46:05 +0000 2013](https://twitter.com/adulau/status/318267944742289408)) +---- +Finally I submitted a second talk to #rmll2013 and this time it's about #infosec and my try to sort the mess in CVEs @cbrocas @wimremes + +(Originally on Twitter: [Sun Mar 31 08:30:23 +0000 2013](https://twitter.com/adulau/status/318279091730145281)) +---- +RT @PhysicalDrive0: Dumping Raw Kernel Memory http://jessekornblum.livejournal.com/291418.html + +(Originally on Twitter: [Sun Mar 31 08:55:51 +0000 2013](https://twitter.com/adulau/status/318285499691315200)) +---- +@r00tbsd Enjoy your trip. I hope that the fly won't be redirected ;-) + +(Originally on Twitter: [Sun Mar 31 10:45:48 +0000 2013](https://twitter.com/adulau/status/318313170894716928)) +---- +@r00tbsd Maybe you should have a list of the addresses of the consulates and embassy in the surrounding ;-) Take care. + +(Originally on Twitter: [Sun Mar 31 10:56:19 +0000 2013](https://twitter.com/adulau/status/318315818985324544)) +---- +@francbelge Pourquoi? Lisp est un excellent langage de programmation. + +(Originally on Twitter: [Sun Mar 31 13:00:28 +0000 2013](https://twitter.com/adulau/status/318347059675684866)) +---- +@francbelge MIX, de l'assembleur (ia-32) ou du C pour les étudiants mais il vaut mieux qu'ils maitrisent les concepts de plusieurs langages. + +(Originally on Twitter: [Sun Mar 31 13:14:57 +0000 2013](https://twitter.com/adulau/status/318350704974626816)) +---- +"Canari - Maltego Rapid Transform Development Framework" seems quite nifty to make #maltego transforms in Python. https://github.com/allfro/canari + +(Originally on Twitter: [Sun Mar 31 13:30:15 +0000 2013](https://twitter.com/adulau/status/318354554888544256)) +---- +RT @SushiDude: @adulau @secviz @wimremes prevalence of "unknown" and "unspecified" keywords shows how many disclosures don't have all te ... + +(Originally on Twitter: [Mon Apr 01 08:14:07 +0000 2013](https://twitter.com/adulau/status/318637386403807233)) +---- +RT @kurtseifried: @SushiDude @adulau @secviz @wimremes Yeah I have enough trouble with OpenSource CVEs, can't imagine what it's like for ... + +(Originally on Twitter: [Mon Apr 01 08:14:20 +0000 2013](https://twitter.com/adulau/status/318637440497766400)) +---- +@jduck @SushiDude @secviz @wimremes Good idea. I'll do a version with the stemmed words and we could see what's the impact on visualization. + +(Originally on Twitter: [Mon Apr 01 08:20:16 +0000 2013](https://twitter.com/adulau/status/318638932000641024)) +---- +@jduck @SushiDude @secviz @wimremes http://www.foo.be/cve/ updated including your feedback. Lemmatizer and english stopwords now used. thx. + +(Originally on Twitter: [Mon Apr 01 11:10:50 +0000 2013](https://twitter.com/adulau/status/318681856465829888)) +---- +@NoSuchCon I saw the Analyze Porn Traffic in your schedule ;-) This means we have to release publicly the 2012 LT at #cansecwest @tricaud + +(Originally on Twitter: [Mon Apr 01 11:34:21 +0000 2013](https://twitter.com/adulau/status/318687776797257728)) +---- +@vloquet Your agenda is incredible. Well done. @NoSuchCon + +(Originally on Twitter: [Mon Apr 01 11:57:26 +0000 2013](https://twitter.com/adulau/status/318693584570310657)) +---- +@fboule You might enjoy this http://cryptome.org/2013/03/parastoo-fsf-kill.htm "Two Major Satellite Developer Company... involved in GPL licenses violation" + +(Originally on Twitter: [Mon Apr 01 13:52:56 +0000 2013](https://twitter.com/adulau/status/318722652913152001)) +---- +@thegrugq When we did Torinj to inject in HTTP traffic at Tor exit nodes (some years ago), it was not tagged as Bad. http://arxiv.org/abs/1208.2877 + +(Originally on Twitter: [Mon Apr 01 20:23:49 +0000 2013](https://twitter.com/adulau/status/318821019605405697)) +---- +@sam280 What do you mean? + +(Originally on Twitter: [Tue Apr 02 08:20:19 +0000 2013](https://twitter.com/adulau/status/319001335699755008)) +---- +@MatthiasStrubel How many files and subdirectories are you indexing? + +(Originally on Twitter: [Tue Apr 02 09:17:32 +0000 2013](https://twitter.com/adulau/status/319015731918434304)) +---- +RT @nc2y: Adi Shamir at #FC2013 presenting a "Quantitative Analysis of the Full #Bitcoin Transaction Graph" http://is.gd/iW0PZH + +(Originally on Twitter: [Tue Apr 02 09:33:35 +0000 2013](https://twitter.com/adulau/status/319019770869583872)) +---- +RT @thegrugq: I thought IEEE journals were like Phrack, where almost any article is relevant, interesting, and/or novel. I was very very ... + +(Originally on Twitter: [Tue Apr 02 12:55:59 +0000 2013](https://twitter.com/adulau/status/319070707529158656)) +---- +@jduck @SushiDude @secviz @wimremes the lematizer helped a bit on some terms and the stop words too. CVE summary is like a legal corpus ;-) + +(Originally on Twitter: [Tue Apr 02 17:34:39 +0000 2013](https://twitter.com/adulau/status/319140834933100544)) +---- +@jessekornblum so the only(?) remaining way is to trojan the BIOS POST boot process? #DFIR #truecrypt + +(Originally on Twitter: [Tue Apr 02 17:41:52 +0000 2013](https://twitter.com/adulau/status/319142653516214273)) +---- +@sam280 From your tweet I got the impression you knew more about the topic than I do. + +(Originally on Twitter: [Wed Apr 03 07:36:47 +0000 2013](https://twitter.com/adulau/status/319352767837765632)) +---- +@jessekornblum I just remember of the Stoned bootkit presented at BH09 using the boot. It might still function. http://www.blackhat.com/presentations/bh-usa-09/KLEISSNER/BHUSA09-Kleissner-StonedBootkit-SLIDES.pdf + +(Originally on Twitter: [Wed Apr 03 07:42:57 +0000 2013](https://twitter.com/adulau/status/319354320191619072)) +---- +RT @torservers: Torservers on the way to more diversity https://lists.torproject.org/pipermail/tor-relays/2013-April/001996.html + +(Originally on Twitter: [Wed Apr 03 07:49:43 +0000 2013](https://twitter.com/adulau/status/319356019316764672)) +---- +http://www.plosone.org/article/info%3Adoi%2F10.1371%2Fjournal.pone.0059613 "Attack Robustness and Centrality of Complex Networks" Another way to test the importance of diversity in IT? + +(Originally on Twitter: [Wed Apr 03 13:43:54 +0000 2013](https://twitter.com/adulau/status/319445155897802752)) +---- +RT @semiconduktor: New blog post on IOActive's blog regarding integrity of supply chains. +http://blog.ioactive.com/2013/04/spotting-fake-chips-in-supply-chain.html + +(Originally on Twitter: [Wed Apr 03 14:54:24 +0000 2013](https://twitter.com/adulau/status/319462897791164417)) +---- +http://arxiv.org/pdf/1303.7012.pdf "Automated Classification of Malware Zeus Samples" Interesting but where is the dataset and the code? #malware + +(Originally on Twitter: [Wed Apr 03 19:34:48 +0000 2013](https://twitter.com/adulau/status/319533462585491456)) +---- +@bortzmeyer Was the packet fragmented? If yes, it was a notification before going into war ;-) + +(Originally on Twitter: [Wed Apr 03 19:59:10 +0000 2013](https://twitter.com/adulau/status/319539594431447040)) +---- +Avoiding the race conditions in javascript is like avoiding the cctv cameras in the London underground. #infosec + +(Originally on Twitter: [Mon Apr 08 21:30:29 +0000 2013](https://twitter.com/adulau/status/321374514946662400)) +---- +RT @malwarelu: After more than 1 month of work, a new article is available: #APT1: technical backstage: http://www.malware.lu/Pro/RAP002_APT1_Technical_backstage.1.0.pdf #malware ... + +(Originally on Twitter: [Mon Apr 08 21:42:09 +0000 2013](https://twitter.com/adulau/status/321377448824553472)) +---- +@dzidorius It seems Interesting. Is the presentation available somewhere? thx. + +(Originally on Twitter: [Mon Apr 08 21:44:40 +0000 2013](https://twitter.com/adulau/status/321378081724059648)) +---- +If you are using lynx the default URL_DOMAIN_PREFIXES and +URL_DOMAIN_SUFFIXES parameters are dangerous ;-) you should empty them. + +(Originally on Twitter: [Tue Apr 09 15:03:51 +0000 2013](https://twitter.com/adulau/status/321639599694819328)) +---- +http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=178657 and the best it's not a bug as stated by a Debian dev. in 2004. a good dataset for the search spammer. + +(Originally on Twitter: [Tue Apr 09 15:07:27 +0000 2013](https://twitter.com/adulau/status/321640508382388224)) +---- +was at @kewgardens enjoying nice gardens https://www.flickr.com/photos/adulau/8635537198/ https://www.flickr.com/photos/adulau/8634382667/ along with the work of David Nash. #art + +(Originally on Twitter: [Tue Apr 09 18:07:48 +0000 2013](https://twitter.com/adulau/status/321685893490544640)) +---- +@i0n1c Any pointers to the statistics in question? + +(Originally on Twitter: [Wed Apr 10 09:35:53 +0000 2013](https://twitter.com/adulau/status/321919453833089024)) +---- +@i0n1c a better comparison would be between Munich and Luxembourg to have a comparable scale. Original data: http://www.ecb.int/pub/scientific/stats/html/index.en.html + +(Originally on Twitter: [Wed Apr 10 10:03:15 +0000 2013](https://twitter.com/adulau/status/321926340016209920)) +---- +RT @deesse_k: Dreamboot UEFI bootkit coming soon on github today #HITB2013AMS @quarkslab + +(Originally on Twitter: [Wed Apr 10 12:19:32 +0000 2013](https://twitter.com/adulau/status/321960639155298305)) +---- +RT @circl_lu: https://www.circl.lu/pub/tr-08/ updated version of CIRCL automatic launch object detection for Mac OS X released. #macos #security + +(Originally on Twitter: [Wed Apr 10 13:55:12 +0000 2013](https://twitter.com/adulau/status/321984713625591808)) +---- +@ioerror Do you know if Iran is currently playing with global interception? http://www.google.com/transparencyreport/traffic/?r=IR&l=GMAIL&csd=1328394245230&ced=1365600600000 #iran #internet + +(Originally on Twitter: [Wed Apr 10 15:54:53 +0000 2013](https://twitter.com/adulau/status/322014834604511233)) +---- +RT @beist: Stars aligner’s how-to: kernel pool spraying and VMware CVE-2013-1406 http://blog.ptsecurity.com/2013/03/stars-aligners-how-to-kernel-pool.html <- Nice and detailed post + +(Originally on Twitter: [Thu Apr 11 20:31:20 +0000 2013](https://twitter.com/adulau/status/322446789858955265)) +---- +RT @travisgoodspeed: My slides from HITB on writing shellcode for embedded systems are up. http://conference.hitb.org/hitbsecconf2013ams/materials/D1T1%20-%20Travis%20Goodspeed%20-%20Nifty%20Tricks%20and%20Sage%20Advice%20for%20Shellcode%20on%20Embedded%20Systems.pdf + +(Originally on Twitter: [Sat Apr 13 10:22:11 +0000 2013](https://twitter.com/adulau/status/323018270854750208)) +---- +Si vous ne pouvez pas vérifier qui est le propriétaire d'un nom de domaine (via whois), ce n'est pas bon signe comme pour +@DerapagesOrg + +(Originally on Twitter: [Sat Apr 13 12:42:03 +0000 2013](https://twitter.com/adulau/status/323053469663653888)) +---- +It seems that @hack_lu 2013 will be replicant or robotic style this year... #hacklu #infosec #conference ![](media/323062388440068096-BHu_h9fCcAAom1I.png) + +(Originally on Twitter: [Sat Apr 13 13:17:30 +0000 2013](https://twitter.com/adulau/status/323062388440068096)) +---- +RT @hack_lu: @y0m @adulau @hack_lu Indeed blade runners might be needed to do the @fluxfingers #CTF during #hacklu 2013 #p.k.dick + +(Originally on Twitter: [Sat Apr 13 13:24:57 +0000 2013](https://twitter.com/adulau/status/323064264376078336)) +---- +@jaysonstreet @hack_lu We love them too but sometimes they can be dangerous too. #security #softwareengineering + +(Originally on Twitter: [Sat Apr 13 13:27:52 +0000 2013](https://twitter.com/adulau/status/323064999356555267)) +---- +http://www.bbc.co.uk/news/world-asia-china-22137950 "US and China to set up cyber security working group" A nice opportunity to share the source code of their malware. + +(Originally on Twitter: [Sat Apr 13 20:45:04 +0000 2013](https://twitter.com/adulau/status/323175024548802560)) +---- +I'm surprised that not a lot of companies are using CC honey token to discover leaked database and fraudulent CC charges. #infosec #honeypot + +(Originally on Twitter: [Mon Apr 15 18:29:16 +0000 2013](https://twitter.com/adulau/status/323865622196940800)) +---- +@snazmeister YB work quite well and you can replace the AES key. But I still prefer HOTP like Feitian to avoid an USB connection. + +(Originally on Twitter: [Tue Apr 16 18:36:00 +0000 2013](https://twitter.com/adulau/status/324229708172632064)) +---- +@SystemLean infovis is often just a trigger to think in a different way about information. You'll need people who like to learn. + +(Originally on Twitter: [Tue Apr 16 18:55:37 +0000 2013](https://twitter.com/adulau/status/324234642221842432)) +---- +RT @pmbureau: ESET is looking for 4 analysts in Montreal: https://hqcareers-eset.icims.com/jobs/1130/job pls spread the word! + +(Originally on Twitter: [Tue Apr 16 18:55:51 +0000 2013](https://twitter.com/adulau/status/324234702770814976)) +---- +@y0m Il me semblait que la sécurité informatique est la culture de l'échec pour oublier les incidents le plus rapidement possible. #infosec + +(Originally on Twitter: [Tue Apr 16 20:35:09 +0000 2013](https://twitter.com/adulau/status/324259691427405825)) +---- +@eromang can we safely assume that the remaining 23 vulnerabilities are just wrongly scored? #java #rankingisdifficult + +(Originally on Twitter: [Tue Apr 16 20:37:24 +0000 2013](https://twitter.com/adulau/status/324260257503264768)) +---- +@eromang looking at http://www.cvedetails.com/cvss-score-distribution.php I'm wondering if the modified Benford's law is not showing fabricated data http://digitalcommons.calpoly.edu/cgi/viewcontent.cgi?article=1046&context=rgp_rsr + +(Originally on Twitter: [Tue Apr 16 21:06:45 +0000 2013](https://twitter.com/adulau/status/324267644029108224)) +---- +CVSS distribution should be a log-series distribution? and not a spike in the 4-6 range? are CVSS data inline with the Benford's law? #cve + +(Originally on Twitter: [Tue Apr 16 21:18:20 +0000 2013](https://twitter.com/adulau/status/324270560685219840)) +---- +My talk about cve-search at #RMLL 2013 is accepted. See you there. cc @xme @wimremes #infosec #cve + +(Originally on Twitter: [Wed Apr 17 10:04:17 +0000 2013](https://twitter.com/adulau/status/324463318226059264)) +---- +RT @cvandeplas: #MISP graph tool published - Generates a dot or gexf with the relations between the attributes and events. https://t.co/ ... + +(Originally on Twitter: [Thu Apr 18 18:47:28 +0000 2013](https://twitter.com/adulau/status/324957369111027712)) +---- +@novytweety That was long time ago ;-) #everythingisfreesoftware + +(Originally on Twitter: [Thu Apr 18 18:48:09 +0000 2013](https://twitter.com/adulau/status/324957540989427713)) +---- +If you want to manage your #IOC in your organization, you should check MISP Malware Information Sharing Platform https://github.com/MISP + +(Originally on Twitter: [Thu Apr 18 18:54:07 +0000 2013](https://twitter.com/adulau/status/324959040104960001)) +---- +I'll present at @sstic a talk about some recommendations for the malware authors to improve their software. #malware #infosec + +(Originally on Twitter: [Fri Apr 19 08:08:02 +0000 2013](https://twitter.com/adulau/status/325158835402715136)) +---- +Is this the beginning of new hacks on mobile phone? it might be... http://www.bunniestudios.com/blog/?p=3040 #gsm #mobile + +(Originally on Twitter: [Fri Apr 19 20:42:03 +0000 2013](https://twitter.com/adulau/status/325348591604486144)) +---- +@ciphercloud Maybe you should publish your cryptosystem instead of filling DMCA notice... #crypto http://meta.crypto.stackexchange.com/questions/250/ciphercloud-dmca-notice + +(Originally on Twitter: [Sat Apr 20 05:14:18 +0000 2013](https://twitter.com/adulau/status/325477501822451713)) +---- +@librarythingtim It's not because a religion contains good principles that the religion is the source of their use @quinnnorton + +(Originally on Twitter: [Sat Apr 20 10:17:40 +0000 2013](https://twitter.com/adulau/status/325553846313164800)) +---- +@librarythingtim it's not because a religion or a non-religion express some good principles that they really promote those. @quinnnorton + +(Originally on Twitter: [Sat Apr 20 10:24:49 +0000 2013](https://twitter.com/adulau/status/325555645698957312)) +---- +@quinnnorton I'm battling with 140 characters with my non-native tongue. I feel like Salvatore in "The Name of the Rose" @librarythingtim + +(Originally on Twitter: [Sat Apr 20 10:30:16 +0000 2013](https://twitter.com/adulau/status/325557018465271809)) +---- +@quinnnorton Indeed.The roots for being good/bad is at different places and not only in religious principles. @librarythingtim + +(Originally on Twitter: [Sat Apr 20 10:34:48 +0000 2013](https://twitter.com/adulau/status/325558161383772161)) +---- +@librarythingtim By the way, I should record my books about "Ludwig Wittgenstein" in LibraryThing ;-) http://www.librarything.com/profile/adulau +@quinnnorton + +(Originally on Twitter: [Sat Apr 20 10:38:26 +0000 2013](https://twitter.com/adulau/status/325559072294305792)) +---- +@librarythingtim That's correct. For the whole book, you should have followed the "latin cursus" but it was usual some years ago in Belgium. + +(Originally on Twitter: [Sat Apr 20 10:41:16 +0000 2013](https://twitter.com/adulau/status/325559787406376960)) +---- +@librarythingtim No worries. It's not because I have books about Wittgenstein that I like his "theories" ;-) @quinnnorton + +(Originally on Twitter: [Sat Apr 20 10:43:06 +0000 2013](https://twitter.com/adulau/status/325560248922423296)) +---- +"On the accuracy of statistical procedures in Microsoft Excel 2007 " http://www.pages.drexel.edu/~bdm25/excel2007.pdf + +(Originally on Twitter: [Sun Apr 21 05:59:05 +0000 2013](https://twitter.com/adulau/status/325851163142545408)) +---- +@hugbomb Interesting map. Would you share the data with the CERTs around world to inform the victims with compromised systems? + +(Originally on Twitter: [Sun Apr 21 06:09:37 +0000 2013](https://twitter.com/adulau/status/325853812273344513)) +---- +@sam280 Indeed, it's really a disaster. Talking about disaster, his brother is not too bad either. http://www.edwardtufte.com/bboard/q-and-a-fetch-msg?msg_id=0001yB + +(Originally on Twitter: [Sun Apr 21 10:04:50 +0000 2013](https://twitter.com/adulau/status/325913005294505984)) +---- +RT @circl_lu: If you are interested to see what are the locations of the network attacks against Luxembourg http://map.circl.lu/ #luxembo… + +(Originally on Twitter: [Mon Apr 22 15:04:25 +0000 2013](https://twitter.com/adulau/status/326350787364143104)) +---- +@veorq for your information, the #CFP for #hacklu will be open the 1st May. You are welcome to submit. Sorry it was a kind of promotion ;-) + +(Originally on Twitter: [Mon Apr 22 15:38:12 +0000 2013](https://twitter.com/adulau/status/326359289306443776)) +---- +@veorq Great! we will select the reviewers for your paper to ensure one-line reviews... just kidding. #hacklu + +(Originally on Twitter: [Mon Apr 22 15:59:13 +0000 2013](https://twitter.com/adulau/status/326364577170354176)) +---- +@ralphholz a table name encoded in binary as a string? I don't know what they are smoking but this seems very heavy ;-) + +(Originally on Twitter: [Mon Apr 22 21:08:25 +0000 2013](https://twitter.com/adulau/status/326442388358836224)) +---- +http://arxiv.org/abs/1304.5672 "Fit and Vulnerable: Attacks and Defenses for a Health Monitoring Device" #infosec #security #fitness + +(Originally on Twitter: [Tue Apr 23 09:08:30 +0000 2013](https://twitter.com/adulau/status/326623603535790080)) +---- +@mikko Do you know if http://wildlist.org is still alive? as the site seems to be down. #virus #virusnamingisdifficult + +(Originally on Twitter: [Tue Apr 23 11:33:02 +0000 2013](https://twitter.com/adulau/status/326659976280031232)) +---- +http://delogrand.blogspot.com/2013/04/cyber-defense-exercise-2013-extracting.html "Cyber Defense Exercise 2013: Extracting cached passphrases in Truecrypt" One of the ways to do it ;-) + +(Originally on Twitter: [Thu Apr 25 12:57:58 +0000 2013](https://twitter.com/adulau/status/327406130106097664)) +---- +A WTF discussion "this is not a dangerous malware" and when you ask "did you analyse it?" the answer is "No, it just sends spam". #infosec + +(Originally on Twitter: [Thu Apr 25 21:34:04 +0000 2013](https://twitter.com/adulau/status/327536008147120128)) +---- +https://github.com/emeau/itrace "hook objc_msgSend to trace Objective-C method callz" mainly based on @i0n1c work + +(Originally on Twitter: [Fri Apr 26 17:10:29 +0000 2013](https://twitter.com/adulau/status/327832062100914179)) +---- +Every information is a matter of classification even the fries. http://www.flickr.com/photos/adulau/8685901482/ #datamining #fries #frenchfries + +(Originally on Twitter: [Sat Apr 27 10:52:34 +0000 2013](https://twitter.com/adulau/status/328099345004130304)) +---- +@quinnnorton Yes data mining without context is like some fries without context. I hope no organization is doing #datamining without context + +(Originally on Twitter: [Sat Apr 27 11:03:41 +0000 2013](https://twitter.com/adulau/status/328102141938003968)) +---- +@novytweety @fvilers Il existe plein de versions de honeymap https://github.com/fw42/honeymap avec des sources de différents sensors/origines. + +(Originally on Twitter: [Sun Apr 28 08:17:53 +0000 2013](https://twitter.com/adulau/status/328422807958593537)) +---- +@angealbertini If you want to automate PE memory mapping, why not going for parallel coordinates? http://mbostock.github.io/d3/talk/20111116/iris-parallel.html #d3js + +(Originally on Twitter: [Sun Apr 28 18:43:51 +0000 2013](https://twitter.com/adulau/status/328580337682771968)) +---- +@jpflorent Sure if you give me a small corpus in the train, I'll do a small script with a Markov chain during the next trip. #markov + +(Originally on Twitter: [Mon Apr 29 11:59:38 +0000 2013](https://twitter.com/adulau/status/328840997746388992)) +---- +@Sebdraven Not sure if you shall thank me for doing such a talk ;-) + +(Originally on Twitter: [Mon Apr 29 12:20:46 +0000 2013](https://twitter.com/adulau/status/328846319022141442)) +---- +@rommelfs For #kelihos xref analysis, I just got 55560 nodes with 48645 edges... my CPU will smoke very soon. + +(Originally on Twitter: [Mon Apr 29 19:02:31 +0000 2013](https://twitter.com/adulau/status/328947422820724737)) +---- +@jedisct1 @xme The most sensitive side of #OVH is the RealTimeMonitoring daemon http://help.ovh.com/RealTimeMonitoring if this part is owned, this sucks. + +(Originally on Twitter: [Mon Apr 29 19:49:48 +0000 2013](https://twitter.com/adulau/status/328959321310388225)) +---- +"FM 99.9, Radio Virus: Exploiting FM Radio Broadcasts for Malware Deployment" If you have a copy, can you share it? it's on an IEEE paywall. + +(Originally on Twitter: [Tue Apr 30 04:40:17 +0000 2013](https://twitter.com/adulau/status/329092822647050240)) +---- +RT @ioerror: Aaron Swartz Documentary - The Internet's Own Boy: http://www.kickstarter.com/projects/26788492/aaron-swartz-documentary-the-internets-own-boy-0 + +(Originally on Twitter: [Tue Apr 30 18:41:43 +0000 2013](https://twitter.com/adulau/status/329304574903062528)) +---- +No, I won't install Android app that requests access to my address-book. You don't need this to display train timetable. #fixyourpermission + +(Originally on Twitter: [Tue Apr 30 18:42:59 +0000 2013](https://twitter.com/adulau/status/329304895259820032)) +---- +RT @hack_lu: hack.lu 2013 call for paper is now officially open http://2013.hack.lu/cfp/ #cfp #hacklu #infosec #conference + +(Originally on Twitter: [Tue Apr 30 20:17:47 +0000 2013](https://twitter.com/adulau/status/329328751315918848)) +---- +RT @TrustedSec: The Social-Engineer Toolkit (SET) v5.0.10 released. Improved reliability, new features, and fixes to harvester. #TrustedSec + +(Originally on Twitter: [Wed May 01 07:29:37 +0000 2013](https://twitter.com/adulau/status/329497821524930561)) +---- +@DavidGlaude I know if this is Belgium. I'm curious to see the statistics of Android app accessing your address-book without valid reasons. + +(Originally on Twitter: [Wed May 01 07:32:00 +0000 2013](https://twitter.com/adulau/status/329498421436248066)) +---- +RT @sec_reactions: Debugging with Ollydbg - by Maijin http://tmblr.co/ZJ5JTujzmmVl + +(Originally on Twitter: [Wed May 01 13:47:30 +0000 2013](https://twitter.com/adulau/status/329592919545749504)) +---- +http://www.sba-research.org/wp-content/uploads/publications/jsfingerprinting.pdf "Fast and Reliable Browser Identification with JavaScript Engine Fingerprinting" Still modifying User-Agent? #infosec + +(Originally on Twitter: [Wed May 01 16:26:17 +0000 2013](https://twitter.com/adulau/status/329632881582419968)) +---- +@quinnnorton We assume that you collected more than 250gr of dust with your mask than by asking a local drug dealer. + +(Originally on Twitter: [Wed May 01 16:35:42 +0000 2013](https://twitter.com/adulau/status/329635250890223616)) +---- +‏@Fr333k Nice work. I'm wondering how long it will take for Neutrino or Blackhole authors to include this in their toolkits... #infosec + +(Originally on Twitter: [Wed May 01 19:26:31 +0000 2013](https://twitter.com/adulau/status/329678235057156096)) +---- +@Fr333k By the way, the #CFP for #hacklu 2013 is open http://2013.hack.lu/cfp/ so if you have interesting stuff to submit, feel free. + +(Originally on Twitter: [Wed May 01 19:30:37 +0000 2013](https://twitter.com/adulau/status/329679270513373185)) +---- +@Fr333k Yes, a lot of exploit kits rely on the User-Agent header. HTML5 and JS are both Turing-complete. I'm wondering where they will go. + +(Originally on Twitter: [Wed May 01 19:38:58 +0000 2013](https://twitter.com/adulau/status/329681372048392192)) +---- +http://arxiv.org/abs/1305.0101 A refreshing reading especially when you are doing game theory and wondering yourself: Are the players rational? + +(Originally on Twitter: [Thu May 02 19:24:31 +0000 2013](https://twitter.com/adulau/status/330040122240270336)) +---- +@quinnnorton The challenge of the day, would you be able to cite Ted Kaczynski in your slides? #acm #acmpaywallcybernetic + +(Originally on Twitter: [Fri May 03 19:34:13 +0000 2013](https://twitter.com/adulau/status/330404951006257152)) +---- +RT @mikko: Mr. Bx1 extradicted to USA: http://www.wired.com/threatlevel/2013/05/spyeye-zeus-botmaster-indicted/ +He's a botmaster. He's NOT the guy who wrote ZeuS (Slavik) or SpyEye (Gribode… + +(Originally on Twitter: [Fri May 03 19:48:55 +0000 2013](https://twitter.com/adulau/status/330408649472217089)) +---- +http://j00ru.vexillium.org/?p=1695 “Bochspwn: Exploiting Kernel Race Conditions Found via Memory Access Patterns” Very impressive. #infosec #bochs + +(Originally on Twitter: [Fri May 03 20:03:27 +0000 2013](https://twitter.com/adulau/status/330412308784361474)) +---- +https://www.flickr.com/photos/adulau/8704274555/in/photostream/lightbox/ I prefer these headphones hanging in a tree than the ones with full volume in public transports... #codingintrains + +(Originally on Twitter: [Fri May 03 20:28:11 +0000 2013](https://twitter.com/adulau/status/330418531759972353)) +---- +In academic papers, you can often replace "software defined networking/SDR" by "we use a bit of OpenFlow without knowing the impact". + +(Originally on Twitter: [Sat May 04 07:16:34 +0000 2013](https://twitter.com/adulau/status/330581701178847234)) +---- +@quinnnorton Short the green and white cable to the device. Keep the red (+5 Vcc) and black (GND) to the host. http://www.flickr.com/photos/seanosteen/6049933786/ + +(Originally on Twitter: [Sat May 04 13:44:41 +0000 2013](https://twitter.com/adulau/status/330679377228607490)) +---- +@Dymaxion USB power-only just requires to short the data signal. So signal can be shorted to the device and you just keep Vcc/GND to host. + +(Originally on Twitter: [Sat May 04 13:51:18 +0000 2013](https://twitter.com/adulau/status/330681042660909057)) +---- +http://www.theregister.co.uk/2013/05/02/mccormick_jailed_decade_fake_bomb_detectors/ "Fraudster gets ten years after selling fake 'ionic charge' bomb detectors" What about #infosec software? + +(Originally on Twitter: [Sat May 04 15:54:48 +0000 2013](https://twitter.com/adulau/status/330712121035874304)) +---- +@jadi Could you extract the certificate? or at least the fingerprint? thanks. + +(Originally on Twitter: [Sun May 05 07:52:17 +0000 2013](https://twitter.com/adulau/status/330953077488246784)) +---- +@yvesmariecann J'espère que votre tweet va inciter à démontrer l'effet Streisand en dehors d'Internet. #streetart #art #collage + +(Originally on Twitter: [Sun May 05 16:25:29 +0000 2013](https://twitter.com/adulau/status/331082229704966144)) +---- +http://people.csail.mit.edu/rivest/honeywords/paper.pdf "Honeywords: +Making Password-Cracking Detectable" Cool the return of honeytokens... #infosec + +(Originally on Twitter: [Mon May 06 20:34:09 +0000 2013](https://twitter.com/adulau/status/331507198846971904)) +---- +RT @esizkur: The Usenix WOOT deadline has been extended until May 9th, 2013. + +(Originally on Twitter: [Tue May 07 04:39:30 +0000 2013](https://twitter.com/adulau/status/331629338766221313)) +---- +@npua It's always a timing issue just like a lot of attacks ;-) I hope that one day I'll receive some chocolate while doing system admin. + +(Originally on Twitter: [Tue May 07 16:28:42 +0000 2013](https://twitter.com/adulau/status/331807815507263489)) +---- +@ovh Your whois records (OK62-FRNIC) is incorrect and the phone number of Octave Klaba is going to a private person. Could you fix it? + +(Originally on Twitter: [Wed May 08 09:52:52 +0000 2013](https://twitter.com/adulau/status/332070587826597888)) +---- +@msuiche Whoaaa do you mean that you will show us the @NoSuchCon organic chemistry laboratory? #infosec + +(Originally on Twitter: [Wed May 08 15:47:41 +0000 2013](https://twitter.com/adulau/status/332159879756263424)) +---- +New version of http://www.thc.org/thc-ipv6/ THC-IPV6 has been released including the new redirsniff6. #ipv6 #infosec + +(Originally on Twitter: [Wed May 08 15:54:06 +0000 2013](https://twitter.com/adulau/status/332161496043892738)) +---- +@olesovhcom What's the official phone number for abuse handling at @ovh especially when you call from a foreign country? thx #security + +(Originally on Twitter: [Wed May 08 15:57:36 +0000 2013](https://twitter.com/adulau/status/332162377124544512)) +---- +Keywords in Common Vulnerabilities and Exposures CVE descriptions - from 1999 until Today http://www.foo.be/cve/ updated #infosec. + +(Originally on Twitter: [Thu May 09 08:52:57 +0000 2013](https://twitter.com/adulau/status/332417899157397505)) +---- +RT @hack_lu: Call for papers hack.lu 2013 http://2013.hack.lu/cfp.txt feel free to spread the words! http://2013.hack.lu/cfp #infosec #conference… + +(Originally on Twitter: [Thu May 09 19:47:48 +0000 2013](https://twitter.com/adulau/status/332582696800886784)) +---- +A photo made during the gum bichromate workshop at @ArtlonPhoto https://www.flickr.com/photos/adulau/8729427906/ #photography + +(Originally on Twitter: [Sat May 11 18:04:14 +0000 2013](https://twitter.com/adulau/status/333281410037202945)) +---- +RT @bortzmeyer: "Only people with good scores approve grading" (Olafur Gudmundsson about grading the #DNS resolvers). #OARC + +(Originally on Twitter: [Sun May 12 13:11:28 +0000 2013](https://twitter.com/adulau/status/333570118137294849)) +---- +http://support.microsoft.com/kb/323626/en-us "problem occurs when you open a text file or CSV file and the first two characters are "I" and "D"" Debugger? + +(Originally on Twitter: [Sun May 12 13:33:25 +0000 2013](https://twitter.com/adulau/status/333575643352666112)) +---- +@bortzmeyer Some designed open resolver scanners but no tools to create filtering rules for recursive nameservers based on network behavior. + +(Originally on Twitter: [Sun May 12 13:56:15 +0000 2013](https://twitter.com/adulau/status/333581389700157440)) +---- +@bortzmeyer and what about the ones used by ISPs for the connected customers? As they cannot make a filtering config, they open it. + +(Originally on Twitter: [Sun May 12 14:00:48 +0000 2013](https://twitter.com/adulau/status/333582534040510467)) +---- +@bortzmeyer If we want to get rid of the open resolvers, we should provide the tools to help the administrator to ease the configuration. + +(Originally on Twitter: [Sun May 12 14:02:26 +0000 2013](https://twitter.com/adulau/status/333582947288489987)) +---- +@bortzmeyer You are over estimating the technical capabilities of the low-end ISP/hosting companies. That why IAP/ISP are not always acting. + +(Originally on Twitter: [Sun May 12 14:06:00 +0000 2013](https://twitter.com/adulau/status/333583844324282369)) +---- +@bortzmeyer For example, we are regularly sending notifications for open resolvers to ISPs and only 1 out of 10 is closed within 10 days. + +(Originally on Twitter: [Sun May 12 14:08:09 +0000 2013](https://twitter.com/adulau/status/333584385808936962)) +---- +@dakami @0xcharlie Yep especially that cellebrite doesn't support password bypass on iPhone5 http://www.cellebrite.com/forensic-solutions/ios-forensics.html and LE is using this. + +(Originally on Twitter: [Sun May 12 14:23:55 +0000 2013](https://twitter.com/adulau/status/333588353620525057)) +---- +@quinnnorton The real challenge is to find a postbox with a single name in that area... + +(Originally on Twitter: [Sun May 12 19:45:36 +0000 2013](https://twitter.com/adulau/status/333669306359500800)) +---- +@edarchis Monsanto objective is to feed their shareholders nothing else. Biofortification is another way to hide the reality of hybrid seed + +(Originally on Twitter: [Mon May 13 18:09:21 +0000 2013](https://twitter.com/adulau/status/334007472857690112)) +---- +@edarchis Monsanto is one and the other is Cargill. If you are growing your garden, you can directly see the overall risk of the model. + +(Originally on Twitter: [Mon May 13 18:21:21 +0000 2013](https://twitter.com/adulau/status/334010493536702464)) +---- +@edarchis Yep that's the crazy part. The other crazy part is the cross references in "academic" publications in that field. + +(Originally on Twitter: [Mon May 13 18:22:22 +0000 2013](https://twitter.com/adulau/status/334010747623464961)) +---- +@bortzmeyer finally you tweet from a conference where we share the same place. #NoSuchCon + +(Originally on Twitter: [Wed May 15 08:58:40 +0000 2013](https://twitter.com/adulau/status/334593663885799425)) +---- +The excellent Apple SMC talk of @aionescu tells us that we should dig more in all the firmwares around us. #infosec #NoSuchCon + +(Originally on Twitter: [Wed May 15 12:43:02 +0000 2013](https://twitter.com/adulau/status/334650128692563968)) +---- +@wimremes I propose that he reads and understands each day an algorithm and its pseudo-code from the Art of Computer Programming (Knuth) . + +(Originally on Twitter: [Wed May 15 12:50:27 +0000 2013](https://twitter.com/adulau/status/334651992230219778)) +---- +RT @aionescu: @travisgoodspeed talking about TEMPEST LED attacks against your own hardware to dump its own code out. Brilliant! + +(Originally on Twitter: [Wed May 15 13:45:14 +0000 2013](https://twitter.com/adulau/status/334665780060897282)) +---- +"Let's talk about the chinese" early in the morning by Thomas Lim saying that he is not communist at the PCF HQ... @NoSuchCon #infosec #fun + +(Originally on Twitter: [Thu May 16 07:23:05 +0000 2013](https://twitter.com/adulau/status/334931998693003264)) +---- +@thomas_coseinc If you are looking for crappy military designs like "the great wall". In France, they had "Ligne Maginot" #NoSuchCon + +(Originally on Twitter: [Thu May 16 07:26:49 +0000 2013](https://twitter.com/adulau/status/334932936057053184)) +---- +It seems that the keywords for @thomas_coseinc for his talk is clearly 他妈的 or 欺骗 maybe something to add in the apt_finder script #NoSuchCon + +(Originally on Twitter: [Thu May 16 07:34:33 +0000 2013](https://twitter.com/adulau/status/334934884579684352)) +---- +A small recommendation to @twitter it would be great to drop (or warn about) PDF links with /OpenAction or alike #spearphishing #infosec + +(Originally on Twitter: [Thu May 16 07:50:55 +0000 2013](https://twitter.com/adulau/status/334939003151347712)) +---- +@bortzmeyer Videodrome is finally a reality. + +(Originally on Twitter: [Thu May 16 07:53:19 +0000 2013](https://twitter.com/adulau/status/334939607223382016)) +---- +RT @bortzmeyer: @Tris_Acatrinei Dès que ça commence par "cyber", on peut être sûr que c'est du pipeau. #cyberdéfense + +(Originally on Twitter: [Thu May 16 07:54:48 +0000 2013](https://twitter.com/adulau/status/334939977035157505)) +---- +http://www.nosuchcon.org/talks/D2_01_Butterworth_BIOS_Chronomancy.pdf Forging the PCR values in the TPM BIOS explained at @NoSuchCon #infosec #bios + +(Originally on Twitter: [Thu May 16 08:53:41 +0000 2013](https://twitter.com/adulau/status/334954796115173377)) +---- +@botherder you are more than welcome to submit a paper at #hacklu 2013 http://2013.hack.lu/cfp.txt - cyber.* keywords will be rejected ;-) + +(Originally on Twitter: [Thu May 16 09:08:23 +0000 2013](https://twitter.com/adulau/status/334958495910735872)) +---- +Keynote talk from @CrowdStrike at #NoSuchCon "Attackers focus on a specific target, they don't look at the competitors of the target" + +(Originally on Twitter: [Fri May 17 07:28:37 +0000 2013](https://twitter.com/adulau/status/335295779172409344)) +---- +The main advantage of the party yesterday at #NoSuchCon - the Internet connectivity improved significantly in the morning... + +(Originally on Twitter: [Fri May 17 07:39:16 +0000 2013](https://twitter.com/adulau/status/335298456409223168)) +---- +RT @Regiteric: @adulau Let's make a lightning talk on the effect of alcohol on WiFi signal quality. #NoSuchCon + +(Originally on Twitter: [Fri May 17 07:41:57 +0000 2013](https://twitter.com/adulau/status/335299133869002752)) +---- +@CrowdStrike explains that a "bounty hunter" law could be applied for empowering private org. to catch "attackers" #NoSuchCon #infosec + +(Originally on Twitter: [Fri May 17 07:44:00 +0000 2013](https://twitter.com/adulau/status/335299649634193408)) +---- +@F_kZ_ Like the correlation of alcohol usage in security conference and the impact on its network performance. A power law? #NoSuchCon + +(Originally on Twitter: [Fri May 17 09:33:47 +0000 2013](https://twitter.com/adulau/status/335327278147989504)) +---- +@sergeybratus Are you really an user of the pine MUA? #NoSuchCon + +(Originally on Twitter: [Fri May 17 09:35:46 +0000 2013](https://twitter.com/adulau/status/335327774535454720)) +---- +@sergeybratus sorry for the shoulder surfing but it was a remembrance for me when I used it before mutt ;-) #NoSuchCon + +(Originally on Twitter: [Fri May 17 09:43:09 +0000 2013](https://twitter.com/adulau/status/335329633492955136)) +---- +RT @sergeybratus: @adulau :) All real programs run in terminal :) Wife swears by links for browser - it makes the web a much better, faster… + +(Originally on Twitter: [Fri May 17 09:47:17 +0000 2013](https://twitter.com/adulau/status/335330673009238017)) +---- +@sergeybratus Right. I might extend terminal definition to tmux or GNU Screen ;-) + +(Originally on Twitter: [Fri May 17 09:50:18 +0000 2013](https://twitter.com/adulau/status/335331431163236354)) +---- +RT @Regiteric: @adulau @sergeybratus Pine is so old it should be called sequoia now. #NoSuchCon + +(Originally on Twitter: [Fri May 17 09:50:28 +0000 2013](https://twitter.com/adulau/status/335331474708500480)) +---- +RT @bortzmeyer: Hacking the crash dump path in MS Windows. The crash dump subsystem can be tricked into writing/reading anywhere. #NoSuchCon + +(Originally on Twitter: [Fri May 17 09:51:15 +0000 2013](https://twitter.com/adulau/status/335331670502817792)) +---- +@NoSuchCon Thanks for this great conference. Some pictures at #NoSuchCon https://www.flickr.com/photos/adulau/8748702900/ https://www.flickr.com/photos/adulau/8747591395/in/photostream/ + +(Originally on Twitter: [Fri May 17 20:42:38 +0000 2013](https://twitter.com/adulau/status/335495598847438848)) +---- +RT @xme: [/dev/random] NoSuchCon #1 Wrap-Up http://blog.rootshell.be/?p=21542 #nosuchcon + +(Originally on Twitter: [Fri May 17 21:13:09 +0000 2013](https://twitter.com/adulau/status/335503276025974784)) +---- +@AlainGerlache The report from the AFCN http://www.afcn.fgov.be/GED/00000000/3400/3429.pdf smells like the original Challenger launch report http://science.ksc.nasa.gov/shuttle/missions/51-l/docs/rogers-commission/Appendix-F.txt + +(Originally on Twitter: [Sat May 18 08:05:14 +0000 2013](https://twitter.com/adulau/status/335667379931602944)) +---- +@AlainGerlache "The history of the certification principles for these engines is confusing and difficult to explain." from R. Feynman + +(Originally on Twitter: [Sat May 18 08:06:28 +0000 2013](https://twitter.com/adulau/status/335667688754003968)) +---- +RT @deobfuscated: Thanks @philpraxis and all the #HES2013 staff. Good atmosphere and outstanding talks. #HES delivered once again. See y'al… + +(Originally on Twitter: [Sun May 19 05:45:11 +0000 2013](https://twitter.com/adulau/status/335994522947428352)) +---- +RT @Pinboard: Exclusive footage of Yahoo mergers & acquisitions team has surfaced: http://goo.gl/Kd45p No word what this means for Apach… + +(Originally on Twitter: [Sun May 19 07:47:27 +0000 2013](https://twitter.com/adulau/status/336025293544366082)) +---- +http://forums.zpanelcp.com/showthread.php?27608-ZPanelCP-Server-has-not-been-compromised " + ZPanelCP Server has not been compromised!" but what about the ZPanelCP software security... #infosec + +(Originally on Twitter: [Sun May 19 07:48:17 +0000 2013](https://twitter.com/adulau/status/336025501250486272)) +---- +@joernchen Maybe the Keith Haring exhibition in Paris - http://www.mam.paris.fr/en/expositions/keith-haring-0 #art #notinfosec + +(Originally on Twitter: [Mon May 20 10:47:13 +0000 2013](https://twitter.com/adulau/status/336432918610198528)) +---- +RT @_argp: It looks like IDA Palace will be back: http://idapalace.net/ + +(Originally on Twitter: [Mon May 20 11:52:17 +0000 2013](https://twitter.com/adulau/status/336449294041235456)) +---- +@Cryptomeorg Log files are also great to know if you have been compromised. #infosec #paradox + +(Originally on Twitter: [Mon May 20 12:56:14 +0000 2013](https://twitter.com/adulau/status/336465389674430464)) +---- +@Cryptomeorg Right but I suppose/hope you read your logs when you had the security incident in 2012. http://cryptome.org/2012/01/cryptome-virus.htm + +(Originally on Twitter: [Mon May 20 13:13:06 +0000 2013](https://twitter.com/adulau/status/336469632842076160)) +---- +RT @CERT_Polska_en: Our writeup on a #malware campaign found on a .gov.pl website: http://www.cert.pl/news/7101/langswitch_lang/en/ + +(Originally on Twitter: [Mon May 20 13:22:58 +0000 2013](https://twitter.com/adulau/status/336472116469825537)) +---- +RT @circl_lu: http://bgpranking.circl.lu/ BGP Ranking graphs are now interactive, you pick a time range and see all the malicious hits. #bgp #s… + +(Originally on Twitter: [Mon May 20 16:58:59 +0000 2013](https://twitter.com/adulau/status/336526476428066816)) +---- +@frbayart If you are looking for a real bookmark manager without all the UI/security mess, @Pinboard is really nice and clean. #bookmarks + +(Originally on Twitter: [Mon May 20 18:13:26 +0000 2013](https://twitter.com/adulau/status/336545214690897920)) +---- +http://blog.frama-c.com/index.php?post/2013/05/20/Attack-by-Compiler The revisited "Reflections on Trusting Trust" by Ken Thompson. #compiler #infosec #security + +(Originally on Twitter: [Mon May 20 19:42:30 +0000 2013](https://twitter.com/adulau/status/336567630666272768)) +---- +RT @mattblaze: "Security standards need strengthening" isn't so helpful, given that we have no idea how to actually strengthen them. http:/… + +(Originally on Twitter: [Mon May 20 19:58:14 +0000 2013](https://twitter.com/adulau/status/336571586930946051)) +---- +@Regiteric Is Suricata able to read in offline mode a list of split pcap files and keep the TCP sessions among these? + +(Originally on Twitter: [Tue May 21 14:35:58 +0000 2013](https://twitter.com/adulau/status/336852876104179712)) +---- +@Regiteric We are close to write a catpcap removing the global headers to stream it to a fifo pipe and then suricata just reads the fifo. + +(Originally on Twitter: [Tue May 21 15:13:51 +0000 2013](https://twitter.com/adulau/status/336862408251424768)) +---- +@ncaproni Je peux comprendre la pénurie de compétence vu le type de cursus non technique réalisé dans les écoles... + +(Originally on Twitter: [Tue May 21 15:38:02 +0000 2013](https://twitter.com/adulau/status/336868493389598721)) +---- +http://www.accuvant.com/capability/accuvant-labs/security-research/pwn2own-2013-java-exploit-details @jduck demonstrated a successful attack against Oracle’s Java Runtime Environment (JRE). #java #exploitation + +(Originally on Twitter: [Tue May 21 19:27:07 +0000 2013](https://twitter.com/adulau/status/336926145738051584)) +---- +RT @jedisct1: Ah, the joy of OpenSSL... https://github.com/joyent/node/commit/3a2b5030ae1cd200e92eaf3928bd20a8deda50c6 + +(Originally on Twitter: [Wed May 22 05:23:54 +0000 2013](https://twitter.com/adulau/status/337076331831500800)) +---- +@MarioVilas @1zn0g0ud The original code was based on MongoDB and now some users "extend" the data structure. cc/ @wimremes + +(Originally on Twitter: [Thu May 23 08:10:37 +0000 2013](https://twitter.com/adulau/status/337480676142092288)) +---- +@MarioVilas @1zn0g0ud If you have a specific need for a structured datastore, I can extend the updater to add an SQL output cc @wimremes + +(Originally on Twitter: [Thu May 23 08:12:24 +0000 2013](https://twitter.com/adulau/status/337481122910978049)) +---- +@MarioVilas @1zn0g0ud http://schedule2013.rmll.info/schedule/technique/securite/article/cve-search-un-logiciel-libre-der?lang=en If you want to discuss cve-search development, you can join us at #rmll2013 cc/ @wimremes + +(Originally on Twitter: [Thu May 23 08:52:05 +0000 2013](https://twitter.com/adulau/status/337491111075512320)) +---- +http://www.syssec.rub.de/research/publications/timing-attack-ASLR/ "Practical Timing Side Channel Attacks Against Kernel Space ASLR" a clever use of caches. #infosec #aslr + +(Originally on Twitter: [Thu May 23 10:38:35 +0000 2013](https://twitter.com/adulau/status/337517909578481664)) +---- +RT @jameslosey: Talking about the USB cleaner from @rafi0t here at #sif13 more here: https://github.com/Rafiot/KittenGroomer ![](media/337522729844617216-BK8er4tCEAAw7sJ.jpg) + +(Originally on Twitter: [Thu May 23 10:57:44 +0000 2013](https://twitter.com/adulau/status/337522729844617216)) +---- +RT @hack_lu: Don't forget that the deadline for the @hack_lu call for papers is 15th July 2013 http://2013.hack.lu/cfp.txt #security #conference… + +(Originally on Twitter: [Sat May 25 07:20:13 +0000 2013](https://twitter.com/adulau/status/338192764640559106)) +---- +Talking about infosec software export restriction you should have a look at the recent changes in Wassenaar list. +http://www.wassenaar.org/controllists/2012/WA-LIST%20%2812%29%201/WA-LIST%20%2812%29%201.pdf + +(Originally on Twitter: [Sat May 25 07:48:13 +0000 2013](https://twitter.com/adulau/status/338199814221213697)) +---- +RT @veorq: preprint of the BLAKE2 article to appear in the proceedings of ACNS 2013 https://blake2.net/blake2_lncs.pdf + +(Originally on Twitter: [Sun May 26 18:07:51 +0000 2013](https://twitter.com/adulau/status/338718135890882561)) +---- +my talk about Forban has been accepted for @ohm2013 I hope to see you there. #p2p #forban #ohm2013 + +(Originally on Twitter: [Sun May 26 18:16:41 +0000 2013](https://twitter.com/adulau/status/338720360633618433)) +---- +@ericfreyss Not really, my musical tastes are more EBM ;-) http://www.foo.be/forban/ https://github.com/adulau/Forban + +(Originally on Twitter: [Sun May 26 18:20:11 +0000 2013](https://twitter.com/adulau/status/338721239550009345)) +---- +@liberation_info @latrive C'est marrant Libération fait dans le fait divers bosniaque maintenant. Neil Postman avait raison sur les medias. + +(Originally on Twitter: [Sun May 26 19:42:30 +0000 2013](https://twitter.com/adulau/status/338741954277961728)) +---- +RT @hack_lu: We still have a slot available for a workshop during @hack_lu 2013 , if you want to propose an incredible #infosec workshop DM… + +(Originally on Twitter: [Sun May 26 20:54:32 +0000 2013](https://twitter.com/adulau/status/338760084320550913)) +---- +RT @virusbtn: 'ProjectHook' is RAM scrapping malware. @xylitol found a copy, and performed a thorough analysis http://www.xylibox.com/2013/05/projecthook-ram-scrapper.html + +(Originally on Twitter: [Mon May 27 17:13:30 +0000 2013](https://twitter.com/adulau/status/339066847653675010)) +---- +RT @thorstenholz: "Duplicating house keys using a 3D Printer" (http://flux-labs.com/2013/03/duplicating-house-keys-using-a-3d-printer/), even easier than CCS'08 paper by Laxton et al. http… + +(Originally on Twitter: [Mon May 27 19:46:38 +0000 2013](https://twitter.com/adulau/status/339105383392096256)) +---- +http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf "Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization" #tor #anonymization #infosec + +(Originally on Twitter: [Mon May 27 20:22:30 +0000 2013](https://twitter.com/adulau/status/339114409416851456)) +---- +@novytweety I still don't understand why we have in Belgium an unelected hereditary monarch... the future is without. #rtbfds + +(Originally on Twitter: [Mon May 27 20:27:30 +0000 2013](https://twitter.com/adulau/status/339115667871645696)) +---- +@cedricpernet @Devergranne L'horreur c'est quoi? Utiliser flash pour cette visualisation ou la complexité législative ou les deux ;-) + +(Originally on Twitter: [Tue May 28 09:22:17 +0000 2013](https://twitter.com/adulau/status/339310647642820608)) +---- +Registration for @hack_lu 2013 just opens (with the pre-registration price). See you there. http://2013.hack.lu/index.php/Info #infosec #conference + +(Originally on Twitter: [Tue May 28 11:27:59 +0000 2013](https://twitter.com/adulau/status/339342283394646017)) +---- +http://vierko.org/tech/lightaidra-0x2012/ Lightaidra 0×2012 an IRC-based mass router scanner/exploiter. #infosec + +(Originally on Twitter: [Tue May 28 14:53:51 +0000 2013](https://twitter.com/adulau/status/339394089957089280)) +---- +@manhack Privacy declaration fun... In France, "la société xxxxx."... #privacy http://www.legifrance.gouv.fr/affichCnil.do?oldAction=rechExpCnil&id=CNILTEXT000019796184&fastReqId=1176207554&fastPos=18 + +(Originally on Twitter: [Tue May 28 16:21:01 +0000 2013](https://twitter.com/adulau/status/339416028163473409)) +---- +RT @hack_lu: The challenge design for the #hacklu t-shirt for this year edition is ongoing. We hope this will be easier than last year. cc … + +(Originally on Twitter: [Tue May 28 20:53:49 +0000 2013](https://twitter.com/adulau/status/339484677607931905)) +---- +RT @hack_lu: If you had your talks rejected in some academic security conferences, you should give a try at @hack_lu 2013 http://t.co/EaRkY… + +(Originally on Twitter: [Tue May 28 21:01:58 +0000 2013](https://twitter.com/adulau/status/339486730157686784)) +---- +RT @circl_lu: published TR-13 Malware analysis report of a Backdoor.Snifula variant. #malware #infosec #snifula http://www.circl.lu/pub/tr-13/ + +(Originally on Twitter: [Wed May 29 08:22:53 +0000 2013](https://twitter.com/adulau/status/339658087822671872)) +---- +@artem_i_baranov @nicolasbrulez Do you have any MD5 hashes that you could share for the HackingTeam's rootkit for comparison? Thank you. + +(Originally on Twitter: [Wed May 29 09:47:18 +0000 2013](https://twitter.com/adulau/status/339679332568035328)) +---- +RT @fredraynal: Researchers Find Amazon Cloud Servers Teeming With Backdoors And Other People's Data http://goo.gl/hysu8 + +(Originally on Twitter: [Wed May 29 11:01:56 +0000 2013](https://twitter.com/adulau/status/339698115646988288)) +---- +I'm wondering why many academic papers lack a publication date. Especially that LaTeX has the \today command... #wtf + +(Originally on Twitter: [Wed May 29 20:44:33 +0000 2013](https://twitter.com/adulau/status/339844736011612160)) +---- +@ralphholz Right. In that context, "Empiricism Is Not a Matter of Faith" is an excellent paper...http://www.d.umn.edu/~tpederse/Pubs/pedersen-last-word-2008.pdf + +(Originally on Twitter: [Thu May 30 04:31:56 +0000 2013](https://twitter.com/adulau/status/339962354936709121)) +---- +RT @circl_lu: published TR-14 - Analysis of a stage 3 Miniduke malware sample #malware #miniduke #infosec http://www.circl.lu/pub/tr-14/ + +(Originally on Twitter: [Thu May 30 11:20:51 +0000 2013](https://twitter.com/adulau/status/340065261640089601)) +---- +@jedisct1 If you have access to the feed, I did dcu-tools https://github.com/adulau/dcu-tools to dump the feed for further processing cc/ @MicrosoftDCU + +(Originally on Twitter: [Fri May 31 04:38:00 +0000 2013](https://twitter.com/adulau/status/340326270653054976)) +---- +@wimremes Good one... you are preparing them to watch WarGames and then Blade Runner afterwards. + +(Originally on Twitter: [Fri May 31 19:44:07 +0000 2013](https://twitter.com/adulau/status/340554301044834304)) +---- +https://www.flickr.com/photos/adulau/8911219530/ Some macro photography experiments with an old helios 44-2 lens mounted on my DSLR. #photography #helios + +(Originally on Twitter: [Sat Jun 01 10:53:26 +0000 2013](https://twitter.com/adulau/status/340783138382946304)) +---- +RT @matalaz: Beyond MOV ADD XOR the unusual and unexpected in x86 http://vexillium.org/dl.php?confi2013_slides.pdf + +(Originally on Twitter: [Sun Jun 02 16:14:45 +0000 2013](https://twitter.com/adulau/status/341226390730969088)) +---- +RT @veorq: all these "lightweight" and "leakage-resilient" things.. in French we have a say: "masturbation intellectuelle"... + +(Originally on Twitter: [Sun Jun 02 19:24:34 +0000 2013](https://twitter.com/adulau/status/341274158803582976)) +---- +@SystemLean Une petite lecture dans ce sens http://www.lemonde.fr/idees/article/2013/03/16/le-code-d-honneur-des-hackeurs_1849460_3232.html + +(Originally on Twitter: [Tue Jun 04 09:05:59 +0000 2013](https://twitter.com/adulau/status/341843262425935874)) +---- +@Regiteric just saw in a presentation about #RedOctober at #sstic where the parser for iptables was reversed. The screen was too small. #fun + +(Originally on Twitter: [Wed Jun 05 15:14:57 +0000 2013](https://twitter.com/adulau/status/342298502203846656)) +---- +An interesting presentation about installing backdoors in the firmware of hard-disks... to remotely access the data. #sstic #infosec + +(Originally on Twitter: [Wed Jun 05 15:47:36 +0000 2013](https://twitter.com/adulau/status/342306718451130370)) +---- +RT @Regiteric: CorkaMInuX is a single file made by @angealbertini which is a valid ELF, PDF, JAR, and HTML file https://code.google.com/p/corkami/downloads/detail?name=CorkaMInuX.zip&can=2&q=&sort=-uploaded #ss… + +(Originally on Twitter: [Wed Jun 05 15:48:02 +0000 2013](https://twitter.com/adulau/status/342306828220248064)) +---- +RT @Regiteric: Dreamboot a #UEFI bootkit for windows 8 x64 by @quarkslab is available on #github https://github.com/quarkslab/dreamboot #sstic + +(Originally on Twitter: [Thu Jun 06 09:45:36 +0000 2013](https://twitter.com/adulau/status/342578007501848578)) +---- +@laurentchemla at #SSTIC is talking about the changes introduced in our societies with Internet. Maybe the presentation is about "paradox". + +(Originally on Twitter: [Thu Jun 06 10:02:15 +0000 2013](https://twitter.com/adulau/status/342582197389250561)) +---- +@laurentchemla explained the future/current balance of Internet with two books "1984" and "The Shockwave Rider" #privacy #SSTIC #4GH + +(Originally on Twitter: [Thu Jun 06 10:14:16 +0000 2013](https://twitter.com/adulau/status/342585220391903232)) +---- +RT @Regiteric: L'orateur parle en mode gdb, une autre technique pour pas finir son intro. #sstic + +(Originally on Twitter: [Thu Jun 06 10:21:27 +0000 2013](https://twitter.com/adulau/status/342587031693688833)) +---- +Cisco call manager the AES key used to cipher the password is hard-coded in the Java classes. Key is the same everywhere... #SSTIC #infosec + +(Originally on Twitter: [Thu Jun 06 10:39:45 +0000 2013](https://twitter.com/adulau/status/342591635940585472)) +---- +Cisco Unified Communications Manager remote root exploit (via HTTP) using 6 vulnerabilities in the product. 0day... #sstic + +(Originally on Twitter: [Thu Jun 06 10:47:10 +0000 2013](https://twitter.com/adulau/status/342593503265693696)) +---- +@Regiteric On peut passer les commandes des boissons via twitter. C'est quoi son nick twitter? #sstic + +(Originally on Twitter: [Thu Jun 06 10:48:57 +0000 2013](https://twitter.com/adulau/status/342593950894399488)) +---- +RT @Regiteric: @LexfoSecurite Donc vous prenez en charge le champagne et le jus de pamplemousse pendant le social event ? (cc @adulau) #sst… + +(Originally on Twitter: [Thu Jun 06 10:51:43 +0000 2013](https://twitter.com/adulau/status/342594645332733952)) +---- +@Regiteric @LexfoSecurite Le jus de pamplemousse car c'est une boisson de base pour le "vulnerability disclosure" chez @CiscoPSIRT #sstic + +(Originally on Twitter: [Thu Jun 06 10:54:54 +0000 2013](https://twitter.com/adulau/status/342595447099101188)) +---- +@fabien_duchene @ericfreyss Ok je passe après le talk. + +(Originally on Twitter: [Thu Jun 06 13:15:42 +0000 2013](https://twitter.com/adulau/status/342630882147958784)) +---- +@Regiteric A presentation about rainbow tables having a black spot on the screen. #sstic + +(Originally on Twitter: [Thu Jun 06 13:20:58 +0000 2013](https://twitter.com/adulau/status/342632205287309312)) +---- +A presentation at #sstic explaining the limited gain of rainbow tables due to the I/O accesses. (rainbowtables versus bruteforce) #infosec + +(Originally on Twitter: [Thu Jun 06 13:28:23 +0000 2013](https://twitter.com/adulau/status/342634072675348480)) +---- +Reducing the (using probabilistic methods) size of rainbow tables. It seems to be implemented in http://ophcrack.sourceforge.net/ #sstic #infosec + +(Originally on Twitter: [Thu Jun 06 13:45:57 +0000 2013](https://twitter.com/adulau/status/342638491957608448)) +---- +If you are at #SSTIC and would like to submit a paper to another #infosec conference @hack_lu feel free http://2013.hack.lu + +(Originally on Twitter: [Thu Jun 06 17:20:46 +0000 2013](https://twitter.com/adulau/status/342692555126878209)) +---- +Is there a technical description on how #PRISM works especially if the interception is done where the sessions are encrypted? #nsa #privacy + +(Originally on Twitter: [Thu Jun 06 22:22:51 +0000 2013](https://twitter.com/adulau/status/342768577725743105)) +---- +@rafi0t If they really capture the SSL sessions at the edge network, there is another discussion about encryption... #prism #nsa + +(Originally on Twitter: [Thu Jun 06 22:32:25 +0000 2013](https://twitter.com/adulau/status/342770982584475648)) +---- +@bortzmeyer @Regiteric @X_Cli @H_Miser Regarding CA CRLs, my notes from 2011 http://www.foo.be/cgi-bin/wiki.pl/2011-12-17_Certificate_Revocation_Reasons_2011 and from 2012 https://gist.github.com/adulau/3881180 + +(Originally on Twitter: [Sat Jun 08 19:29:05 +0000 2013](https://twitter.com/adulau/status/343449620090859520)) +---- +@quinnnorton @Dymaxion You might like this street (poster) art https://www.flickr.com/photos/adulau/8989928604/ found in Rennes during #SSTIC + +(Originally on Twitter: [Sat Jun 08 20:00:04 +0000 2013](https://twitter.com/adulau/status/343457419348815872)) +---- +RT @angealbertini: my #SSTIC slides are available http://corkami.googlecode.com/files/SSTIC2013_Albertini_polyglots.zip http://www.slideshare.net/ange4771/polyglottes-binaires-et-implications ... + +(Originally on Twitter: [Sat Jun 08 20:01:09 +0000 2013](https://twitter.com/adulau/status/343457691219398656)) +---- +@csoghoian I hope that you won't call for an updated wassenaar arrangement to render free software non-free when used in those cases... ;-) + +(Originally on Twitter: [Sat Jun 08 20:05:40 +0000 2013](https://twitter.com/adulau/status/343458826328088577)) +---- +@bin3ry The following slide might explain a bit the difference between #prism and edge fiber interception http://www.guardian.co.uk/world/2013/jun/08/nsa-surveillance-prism-obama-live#block-51b36893e4b0cc6424372292 + +(Originally on Twitter: [Sat Jun 08 20:29:03 +0000 2013](https://twitter.com/adulau/status/343464710907244544)) +---- +@quinnnorton @Dymaxion "Too few streets names with a woman name" They did a survey in Rennes and discovered that 96% are man names. + +(Originally on Twitter: [Sun Jun 09 07:00:34 +0000 2013](https://twitter.com/adulau/status/343623640241278976)) +---- +@bin3ry Fairview, NJ, there is the @Equinix datacenter where large-set of tier-1 providers are. Just like in CA http://www.equinix.com/locations + +(Originally on Twitter: [Sun Jun 09 07:14:38 +0000 2013](https://twitter.com/adulau/status/343627180321935361)) +---- +RT @esizkur: Can't help but wonder whether the NSA ever got pwned through a PRISM-like interface. Looks like a great vector. Blackbox-tests… + +(Originally on Twitter: [Sun Jun 09 07:26:27 +0000 2013](https://twitter.com/adulau/status/343630153819234304)) +---- +https://github.com/rahul0705/assemblyAlgorithmDetection "Algorithm Detection in Binaries An IDA Pro plugin for detecting algorithms in assembly" Interesting but to test. + +(Originally on Twitter: [Sun Jun 09 07:46:23 +0000 2013](https://twitter.com/adulau/status/343635170915663873)) +---- +RT @hack_lu: If you have innovative techniques to detect network interceptions like #prism don't forget the @hack_lu 2013 #CFP http://t.co/… + +(Originally on Twitter: [Sun Jun 09 08:03:45 +0000 2013](https://twitter.com/adulau/status/343639539589459968)) +---- +http://www.securelist.com/en/blog/8106/The_most_sophisticated_Android_Trojan "The most sophisticated Android Trojan" Just remind me of the @quarkslab presentation at #sstic #android #infosec + +(Originally on Twitter: [Sun Jun 09 08:24:03 +0000 2013](https://twitter.com/adulau/status/343644646980861952)) +---- +RT @abuse_ch: Blog post: "Collateral Damage: Microsoft Hits Security Researchers along with Citadel", https://www.abuse.ch/?p=5362 + +(Originally on Twitter: [Mon Jun 10 15:58:58 +0000 2013](https://twitter.com/adulau/status/344121519129100289)) +---- +@bin3ry Bingo, this starts to make sense. My main worry regarding the use of fiber tap is their ability to find vulnerabilities in TLS/SSL. + +(Originally on Twitter: [Mon Jun 10 21:05:43 +0000 2013](https://twitter.com/adulau/status/344198714878992385)) +---- +http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000054.html "Pizza Hut Japan Official Order App for Android fails to verify SSL server certificates" MitM pizza order? #infosec + +(Originally on Twitter: [Tue Jun 11 12:48:25 +0000 2013](https://twitter.com/adulau/status/344435954498547713)) +---- +@CipherLaw So we will have to wait 20 years before implementing those information security patents in free software... #infosec #patents + +(Originally on Twitter: [Tue Jun 11 14:38:55 +0000 2013](https://twitter.com/adulau/status/344463763648434176)) +---- +RT @headhntr: Google asks the U.S. government to allow publication of more national security request data - http://googleblog.blogspot.com/2013/06/asking-us-government-to-allow-google-to.html + +(Originally on Twitter: [Tue Jun 11 17:42:48 +0000 2013](https://twitter.com/adulau/status/344510038414606336)) +---- +https://github.com/jpmeijers/pisstvbeacon "Raspberry Pi SSTV beacon" Do you remember slow-scan TV over HAM radio? A recent implementation... #whenoldiscool + +(Originally on Twitter: [Tue Jun 11 18:23:43 +0000 2013](https://twitter.com/adulau/status/344520336785690624)) +---- +RT @hack_lu: In less than 34 days, it's the deadline for the @hack_lu call for papers. http://2013.hack.lu/cfp/ submit and enjoy luxembourg! … + +(Originally on Twitter: [Tue Jun 11 18:33:39 +0000 2013](https://twitter.com/adulau/status/344522833919090688)) +---- +enjoying reading EU officials complaining about #PRISM while member states have access to #PRISM at the same time. http://www.nrc.nl/nieuws/2013/06/11/aivd-heeft-ook-toegang-tot-informatie-uit-prism/ + +(Originally on Twitter: [Tue Jun 11 18:39:42 +0000 2013](https://twitter.com/adulau/status/344524359249059841)) +---- +http://bitblaze.cs.berkeley.edu/fuzzball.html "FuzzBALL is a symbolic execution tool for binary code, based on the BitBlaze Vine library." Any feedback on its use? + +(Originally on Twitter: [Tue Jun 11 18:54:20 +0000 2013](https://twitter.com/adulau/status/344528039935365120)) +---- +At #OHM2013, I'll talk about Forban, my local P2P experimental free software. It works without Internet. http://www.foo.be/forban/ avoid #prism + +(Originally on Twitter: [Tue Jun 11 21:38:59 +0000 2013](https://twitter.com/adulau/status/344569477150687232)) +---- +http://www.c-span.org/Live-Video/C-SPAN3/ If you are curious about the NSA CyberSecurity budget, you should have look at the C-SPAN live stream... + +(Originally on Twitter: [Wed Jun 12 18:42:34 +0000 2013](https://twitter.com/adulau/status/344887468333608962)) +---- +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3138 "Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows" Only a DoS? or something more? + +(Originally on Twitter: [Wed Jun 12 20:32:42 +0000 2013](https://twitter.com/adulau/status/344915182105014273)) +---- +@4Dgifts Right. The only way would be to bindiff the patch and have a look at it. + +(Originally on Twitter: [Wed Jun 12 20:54:49 +0000 2013](https://twitter.com/adulau/status/344920750664327168)) +---- +@jness @eromang Thanks for the feedback. As long the vulnerability is not allowing to overwrite a pointer in the lookaside list. + +(Originally on Twitter: [Wed Jun 12 21:03:06 +0000 2013](https://twitter.com/adulau/status/344922832481955840)) +---- +@ochsff Do you think they will finally release a list of IOCs for the malware written by the various NSA teams? #attributionsucks + +(Originally on Twitter: [Thu Jun 13 08:55:40 +0000 2013](https://twitter.com/adulau/status/345102155784523776)) +---- +@Regiteric @inliniac In Suricata, how is the file extraction working with HTTP Range: bytes=x-y? extraction seems discarded. + +(Originally on Twitter: [Fri Jun 14 09:41:04 +0000 2013](https://twitter.com/adulau/status/345475971186573312)) +---- +@ivanristic @inliniac @Regiteric Ok thanks. One temporary solution would be in Suricata to save partial byte-range as an unique file. + +(Originally on Twitter: [Fri Jun 14 13:09:18 +0000 2013](https://twitter.com/adulau/status/345528371490484224)) +---- +http://www.cl.cam.ac.uk/~mgk25/mswish/ut-rtc.html Changes in computer science are slow just like "IBM PC Real Time Clock should run in UT" + +(Originally on Twitter: [Fri Jun 14 20:07:38 +0000 2013](https://twitter.com/adulau/status/345633652576768001)) +---- +It seems that "Verax (Informed Democracy Front)" will be the future key/buzzword... http://pgp.circl.lu/pks/lookup?op=vindex&search=0x79DEBE35&fingerprint=on + +(Originally on Twitter: [Fri Jun 14 20:12:15 +0000 2013](https://twitter.com/adulau/status/345634812264079361)) +---- +@nicolasbrulez Cool. Some hashes to share? + +(Originally on Twitter: [Fri Jun 14 20:15:30 +0000 2013](https://twitter.com/adulau/status/345635631008993281)) +---- +@nicolasbrulez No worries. When you can, let us know. Thanks for your work. + +(Originally on Twitter: [Fri Jun 14 20:20:56 +0000 2013](https://twitter.com/adulau/status/345636998767337472)) +---- +@bobpoekert This is related to -> http://www.wired.com/threatlevel/2013/06/signed-bda0df3c/ and it's an RSA 4096-bit key. A hint for a good key length ;-) + +(Originally on Twitter: [Fri Jun 14 20:22:59 +0000 2013](https://twitter.com/adulau/status/345637512758308864)) +---- +@mruef If you find a way, I would be glad to add the #regex/import tool in cve-search https://github.com/adulau/cve-search #secunia + +(Originally on Twitter: [Sat Jun 15 07:48:06 +0000 2013](https://twitter.com/adulau/status/345809930692993024)) +---- +search.py -p oracle:java -o json | jq -r '.cvss' | Rscript -e 'summary(as.numeric(read.table(file("stdin"))[,1]))' -> R+cve-search #infosec + +(Originally on Twitter: [Sat Jun 15 08:50:26 +0000 2013](https://twitter.com/adulau/status/345825614772703234)) +---- +@mruef Thanks. I'm curious to see how many Secunia alerts are really not associated with existing CVE-IDs. #infosec + +(Originally on Twitter: [Sat Jun 15 09:07:46 +0000 2013](https://twitter.com/adulau/status/345829976999858176)) +---- +RT @fpietrosanti: OHM2013 Poster (High Resolution) http://files.gendo.nl/media/OHM2013_promo_poster_hi-res.jpg #ohm2013 @ohm2013 + +(Originally on Twitter: [Sat Jun 15 12:06:57 +0000 2013](https://twitter.com/adulau/status/345875069685338112)) +---- +@mruef Thanks for the link. This is very nifty. My goal is to have a cve-search dump publicly available ready for use with CVE/NVD + others. + +(Originally on Twitter: [Sat Jun 15 13:05:43 +0000 2013](https://twitter.com/adulau/status/345889858851598336)) +---- +RT @hack_lu: Reminder call for papers hack.lu 2013 http://2013.hack.lu/cfp/ - If you did innovative security research, submit. #infosec #cfp … + +(Originally on Twitter: [Sun Jun 16 15:47:52 +0000 2013](https://twitter.com/adulau/status/346293053327286274)) +---- +My photo wandering of this weekend ends with listening piano with some blue tits... https://www.flickr.com/photos/adulau/9056781600/ https://www.flickr.com/photos/adulau/9058958527/ + +(Originally on Twitter: [Sun Jun 16 19:49:25 +0000 2013](https://twitter.com/adulau/status/346353842377592832)) +---- +@TrendLabs Could you add MD5 hashes in your blog post about Naikon as reference? Thank you. + +(Originally on Twitter: [Sun Jun 16 19:59:34 +0000 2013](https://twitter.com/adulau/status/346356394724843520)) +---- +RT @DragonResearch: The DRG FIRST 2013 Challenge registration is open for local attendees! http://dragonresearchgroup.org/FIRST2013/ #firstcon13 + +(Originally on Twitter: [Mon Jun 17 06:41:52 +0000 2013](https://twitter.com/adulau/status/346518037719031808)) +---- +http://www.s3.eurecom.fr/docs/raid13_graziano.pdf "Hypervisor Memory Forensics" An interesting paper. Is the source code available? +@EURECOM #infosec + +(Originally on Twitter: [Tue Jun 18 04:42:42 +0000 2013](https://twitter.com/adulau/status/346850434582999040)) +---- +RT @FIRSTdotOrg: Day 2 of lightning talks...looks kinda boring right now...don't be shy...the sheet is by the reg desk. #firstcon13 + +(Originally on Twitter: [Tue Jun 18 08:43:31 +0000 2013](https://twitter.com/adulau/status/346911038115037185)) +---- +RT @sleuthkit: TSK 4.1.0 is out with Yaffs2, Ext4, and Linux/OSX support for the framework. http://sleuthkit.org/sleuthkit/. #sleuthkit #dfir + +(Originally on Twitter: [Tue Jun 18 18:32:55 +0000 2013](https://twitter.com/adulau/status/347059365993390082)) +---- +Reading the openssl-users list (and especially encryption recommendations) before going to bed, it's a good way to make nightmares. #crypto + +(Originally on Twitter: [Tue Jun 18 22:15:26 +0000 2013](https://twitter.com/adulau/status/347115365857366016)) +---- +@emd3l Thanks for the link. I'll give a try. + +(Originally on Twitter: [Wed Jun 19 15:56:30 +0000 2013](https://twitter.com/adulau/status/347382389493858304)) +---- +If you want stickers for @hack_lu 2013 let me know, we just received a stack of them. #hacklu #luxembourg #infosec #conference + +(Originally on Twitter: [Wed Jun 19 16:01:16 +0000 2013](https://twitter.com/adulau/status/347383590901919744)) +---- +@sam280 @hack_lu Sure I'll distribute some at ICT Spring tomorrow morning on the Luxembourg for business booth (where @circl_lu is). + +(Originally on Twitter: [Wed Jun 19 18:24:36 +0000 2013](https://twitter.com/adulau/status/347419662511927296)) +---- +@jeancreed1 @y0m @nyx__o ‏@_Quack1 DM me your snail mail address, we'll send these by post. @hack_lu + +(Originally on Twitter: [Wed Jun 19 18:27:19 +0000 2013](https://twitter.com/adulau/status/347420342798647296)) +---- +@jeancreed1 @st3phnix @fant0ma5 @snazmeister @F_kZ_ DM me your postal address. Thank you. + +(Originally on Twitter: [Thu Jun 20 14:52:17 +0000 2013](https://twitter.com/adulau/status/347728618690072578)) +---- +@jeancreed1 @st3phnix @fant0ma5 @snazmeister @F_kZ_ C'est fait depuis mon tweet mais le messaging de Twitter est bien asynchrone ;-) + +(Originally on Twitter: [Thu Jun 20 15:09:09 +0000 2013](https://twitter.com/adulau/status/347732860012224515)) +---- +Don't forget about your VPN providers. They store logs even if they claim to not store logs. They debug and to do so you need logs. + +(Originally on Twitter: [Thu Jun 20 20:07:59 +0000 2013](https://twitter.com/adulau/status/347808066131087361)) +---- +@brokep @IPredatorVPN What are the limited logs you have in order to debug your VPN service and your payment interface? cc/ @quinnnorton + +(Originally on Twitter: [Thu Jun 20 20:17:27 +0000 2013](https://twitter.com/adulau/status/347810449653379072)) +---- +@akareilly You mean a good example for keeping logs http://wiki.hidemyass.com/FAQ#q22 access logs are usually sufficient for law enforcement... + +(Originally on Twitter: [Thu Jun 20 20:20:37 +0000 2013](https://twitter.com/adulau/status/347811244033589248)) +---- +@brokep @IPredatorVPN What do you give if you get an official request from law enforcement in your country? cc/ @quinnnorton + +(Originally on Twitter: [Thu Jun 20 20:22:48 +0000 2013](https://twitter.com/adulau/status/347811796041736192)) +---- +@brokep @IPredatorVPN Thanks for the explanation but what do you give when you receive a legal LE request from your country? @quinnnorton + +(Originally on Twitter: [Thu Jun 20 20:30:24 +0000 2013](https://twitter.com/adulau/status/347813705054044160)) +---- +@r00tbsd My black-list of VPN is huge but I can't find a favorite one until now ;-) Maybe my favorite is the one you build yourself... + +(Originally on Twitter: [Fri Jun 21 07:35:08 +0000 2013](https://twitter.com/adulau/status/347980993791135746)) +---- +@r00tbsd From my past experience, all claimed "anonymous" VPN providers are just fake. Do you prefer such statement ;-) + +(Originally on Twitter: [Fri Jun 21 07:55:37 +0000 2013](https://twitter.com/adulau/status/347986145939972096)) +---- +@r00tbsd Right and avoid the CCTV at the station ;-) Maybe it's the beginning of a HOWTO.... + +(Originally on Twitter: [Fri Jun 21 08:34:57 +0000 2013](https://twitter.com/adulau/status/347996046556798976)) +---- +@tomchop_ @H_Miser @r00tbsd Yep like the one from @thegrugq but with an additional statement: "everything is crap, nothing is anonymous" + +(Originally on Twitter: [Fri Jun 21 08:51:50 +0000 2013](https://twitter.com/adulau/status/348000292954058752)) +---- +@TrendLabs I think you forgot to update the blog post with the MD5 hashes of the Naikon samples. cc @TimelessP @r00tbsd @rommelfs + +(Originally on Twitter: [Fri Jun 21 08:55:34 +0000 2013](https://twitter.com/adulau/status/348001232624959489)) +---- +@H_Miser I talked about various things ;-) Did he pinpoint something special? #hip13 #hip2013 I'm curious. + +(Originally on Twitter: [Fri Jun 21 13:29:35 +0000 2013](https://twitter.com/adulau/status/348070193957830656)) +---- +@Sebdraven Do you know the English version of it? I would like to add it for @hack_lu thank you. + +(Originally on Twitter: [Fri Jun 21 13:58:18 +0000 2013](https://twitter.com/adulau/status/348077421653798913)) +---- +@rbidule @Sebdraven @hack_lu Thanks, I though the conference was in France (and French only) ;-) I'll ask the org if this is CC. + +(Originally on Twitter: [Fri Jun 21 14:03:18 +0000 2013](https://twitter.com/adulau/status/348078679433285632)) +---- +@novytweety @fvilers generate website with PGP signature and fetch the pages and verify the signature. like http://www.sanface.com/pgphtml.html + +(Originally on Twitter: [Fri Jun 21 20:19:16 +0000 2013](https://twitter.com/adulau/status/348173293230096385)) +---- +https://github.com/ChrisTruncer/Veil "Veil is a tool used to generate payloads that bypass antivirus solutions" #python #infosec + +(Originally on Twitter: [Fri Jun 21 20:41:33 +0000 2013](https://twitter.com/adulau/status/348178900347654144)) +---- +wondering if someone in the free hardware community is working on a 6x6cm digital medium format camera... #photography #freehardware + +(Originally on Twitter: [Sat Jun 22 09:32:28 +0000 2013](https://twitter.com/adulau/status/348372907031928832)) +---- +RT @hack_lu: During @hack_lu 2013, the incredible @fluxfingers team will organize the #CTF with a funky theme. http://www.flickr.com/photos/adulau/8147615053/ cc /… + +(Originally on Twitter: [Sat Jun 22 09:35:51 +0000 2013](https://twitter.com/adulau/status/348373758114922496)) +---- +@jeandebaecker Will you be at #OHM2013? #piratebox #forban + +(Originally on Twitter: [Sat Jun 22 09:39:17 +0000 2013](https://twitter.com/adulau/status/348374623647313920)) +---- +http://www.guardian.co.uk/uk/2013/jun/21/gchq-mastering-the-internet I didn't follow all the discussion around #prism and related but it seems that GCHQ is using LaTeX Beamer. +1 + +(Originally on Twitter: [Sat Jun 22 19:01:51 +0000 2013](https://twitter.com/adulau/status/348516198402621440)) +---- +If you are looking for a version of R supporting multi-cores/processors pqR fork is your friend http://radfordneal.github.io/pqR/ cc @remi_laurent + +(Originally on Twitter: [Sun Jun 23 08:59:26 +0000 2013](https://twitter.com/adulau/status/348726984844640256)) +---- +@ioerror He flies Airbus (not on a Boeing)... #justkidding + +(Originally on Twitter: [Sun Jun 23 09:05:53 +0000 2013](https://twitter.com/adulau/status/348728606756835328)) +---- +RT @blackswanburst: Today would have been Turing's 101st birthday. I wonder how he would have felt about the world. Good to come home to Ca… + +(Originally on Twitter: [Sun Jun 23 09:17:15 +0000 2013](https://twitter.com/adulau/status/348731465632202754)) +---- +RT @forensikblog: ROFL! RT @dckovar: I fear this is not an Onion creation: I bring you … APT Defender - http://r.forens.is/adb + +(Originally on Twitter: [Sun Jun 23 09:20:02 +0000 2013](https://twitter.com/adulau/status/348732168677240833)) +---- +@forensikblog @dckovar I'm wondering why they don't mention the ASScert http://www.asscert.com/ along with the CISSP #fun ;-) + +(Originally on Twitter: [Sun Jun 23 09:23:00 +0000 2013](https://twitter.com/adulau/status/348732914076364800)) +---- +RT @xme: [/dev/random] La Nuit du Hack 2013 Wrap-Up http://blog.rootshell.be/?p=22162 + +(Originally on Twitter: [Sun Jun 23 09:57:13 +0000 2013](https://twitter.com/adulau/status/348741522847576064)) +---- +@bortzmeyer "encrypter" est déjà dans le grand dictionnaire québecois de la langue francaise #PSES2013 http://gdt.oqlf.gouv.qc.ca/ficheOqlf.aspx?Id_Fiche=8375462 + +(Originally on Twitter: [Sun Jun 23 12:21:53 +0000 2013](https://twitter.com/adulau/status/348777931780272128)) +---- +@bortzmeyer C'est vrai mais vu le nombre réduit de papiers en cryptographie en français, je crois que la version anglaise va prendre le pas. + +(Originally on Twitter: [Sun Jun 23 12:29:14 +0000 2013](https://twitter.com/adulau/status/348779779161468929)) +---- +@kyrah @wimremes Diversion is key for plotting a story. We can even be part of a scenario. Should I mention #Belgium? + +(Originally on Twitter: [Sun Jun 23 12:36:45 +0000 2013](https://twitter.com/adulau/status/348781672004730880)) +---- +RT @eromang: @abuse_ch @sans_isc Google Authenticator for SSH ?! Can we continue to trust these Cloud services ? + +(Originally on Twitter: [Sun Jun 23 15:15:53 +0000 2013](https://twitter.com/adulau/status/348821721224200192)) +---- +@adamcaudill @eromang @abuse_ch @sans_isc HOTP/TOTP if you control the OTP challenge display/UI, you can still relay your own... + +(Originally on Twitter: [Sun Jun 23 15:29:14 +0000 2013](https://twitter.com/adulau/status/348825079628570627)) +---- +@Sebdraven See you there! + +(Originally on Twitter: [Mon Jun 24 09:03:50 +0000 2013](https://twitter.com/adulau/status/349090476600733696)) +---- +https://github.com/EiNSTeiN-/ida-decompiler "An IDA plugin that attempts to decompile a function. Written in Python." looks interesting. to test. + +(Originally on Twitter: [Mon Jun 24 09:22:03 +0000 2013](https://twitter.com/adulau/status/349095064141701120)) +---- +http://flux-labs.com/2013/06/a-tale-of-102-rfid-cards/ "A tale of 102 RFID cards" #rfid #security "mitigation strategy is to increase the processing time of cards" + +(Originally on Twitter: [Mon Jun 24 17:40:03 +0000 2013](https://twitter.com/adulau/status/349220387726426112)) +---- +RT @vloquet: So the code of this RCS software designed to spy computers and made by HackingTeam seems ugly #REcon @nicolasbrulez http://t.c… + +(Originally on Twitter: [Mon Jun 24 17:47:58 +0000 2013](https://twitter.com/adulau/status/349222380364759042)) +---- +@mikko @SnorreFagerland It's really a mailbox... it's the address of mail box etc shop in Milan. http://www.mbe.com/Pages/home.aspx + +(Originally on Twitter: [Mon Jun 24 19:02:27 +0000 2013](https://twitter.com/adulau/status/349241123849506818)) +---- +@SnorreFagerland @mikko It might be interesting to check the chamber of commerce in Milan to check HT S.r.l. ![](media/349243397187448833-BNjDBPYCMAA8d6S.png) + +(Originally on Twitter: [Mon Jun 24 19:11:29 +0000 2013](https://twitter.com/adulau/status/349243397187448833)) +---- +RT @angealbertini: a relocated e_lfanew, with dual PE headers and split DataDirectories https://corkami.googlecode.com/svn/trunk/src/PE/lfanew_relocW7.asm ![](media/349602654479065088-BNoEmx3CEAIJqkl.png) + +(Originally on Twitter: [Tue Jun 25 18:59:02 +0000 2013](https://twitter.com/adulau/status/349602654479065088)) +---- +@jcsirot Tout le monde utilise LaTeX. non? + +(Originally on Twitter: [Tue Jun 25 19:28:01 +0000 2013](https://twitter.com/adulau/status/349609948994478080)) +---- +I would recommend to Tor exit node operators to try network interception and see what are the benefits for #NSA. You'll see what to secure. + +(Originally on Twitter: [Tue Jun 25 20:05:59 +0000 2013](https://twitter.com/adulau/status/349619501731549185)) +---- +@ln4711 Because this is already the case (for some of the exit nodes) and users are at risks. Showing the risks is much more efficient... + +(Originally on Twitter: [Tue Jun 25 20:14:57 +0000 2013](https://twitter.com/adulau/status/349621757520527360)) +---- +@ln4711 Right, people did some research for detecting snooping http://www.cs.columbia.edu/~mikepo/papers/tordecoys.raid11.pdf but Tor users should use encryption towards dest. + +(Originally on Twitter: [Tue Jun 25 20:41:30 +0000 2013](https://twitter.com/adulau/status/349628438627360769)) +---- +@ln4711 as snooping already happens on the path between the exit nodes and the final destination. Acking snooping to force encryption usage. + +(Originally on Twitter: [Tue Jun 25 20:45:18 +0000 2013](https://twitter.com/adulau/status/349629394718953472)) +---- +EU is looking "ICT Security Analysts and Assistants" http://europa.eu/epso/apply/jobs/cast/2013/ictsecurity/index_en.htm Interesting but they want "certified" people ;-) + +(Originally on Twitter: [Wed Jun 26 06:48:41 +0000 2013](https://twitter.com/adulau/status/349781243656806402)) +---- +@jpflorent You are too kind but my trust of in certification is as high as my trust in computer security ;-) cc/ @Sebdraven + +(Originally on Twitter: [Wed Jun 26 07:16:49 +0000 2013](https://twitter.com/adulau/status/349788321083428864)) +---- +@eromang In the EU document "ICT Security or Cyber Security certification, such as CISSP, GIAC, etc." it's vast. ASScert might apply. + +(Originally on Twitter: [Wed Jun 26 07:32:33 +0000 2013](https://twitter.com/adulau/status/349792282616152065)) +---- +@wimremes @xme @eromang @Sebdraven "Correlation does not imply causation" I'm sure a lot of "leakers" have glasses (or contact lenses). + +(Originally on Twitter: [Wed Jun 26 08:09:00 +0000 2013](https://twitter.com/adulau/status/349801453218570240)) +---- +@vhutsebaut an infosec work and being a slave is not the same? ;-) + +(Originally on Twitter: [Wed Jun 26 08:23:52 +0000 2013](https://twitter.com/adulau/status/349805195976392705)) +---- +@bortzmeyer @ncaproni L'export Netflow, l'injection de route dans la FIB/RIB,... l'interception est souvent spécifique et temporaire? + +(Originally on Twitter: [Wed Jun 26 11:32:14 +0000 2013](https://twitter.com/adulau/status/349852601711468545)) +---- +@sam280 Indeed ;-) I'm just wondering how they can create good team over there without diversity. + +(Originally on Twitter: [Wed Jun 26 19:59:08 +0000 2013](https://twitter.com/adulau/status/349980165562056704)) +---- +http://jheusser.github.io/2013/02/03/satcoin.html A clever use of a SAT solver to do brute force bitcoin mining. #crypto #sat #bitcoin + +(Originally on Twitter: [Wed Jun 26 20:11:46 +0000 2013](https://twitter.com/adulau/status/349983346073419776)) +---- +@y0m @F_kZ_ Feel free to share them around you. And don't forget the @hack_lu 2013 call for paper/presentation. + +(Originally on Twitter: [Wed Jun 26 20:54:26 +0000 2013](https://twitter.com/adulau/status/349994082308857857)) +---- +RT @assolini: Opera: The attackers were able to obtain at least one code signing cert, used to sign some malware http://my.opera.com/securitygroup/blog/2013/06/26/opera-infrastructure-attack (vi… + +(Originally on Twitter: [Wed Jun 26 21:02:13 +0000 2013](https://twitter.com/adulau/status/349996040864276480)) +---- +http://users.ece.cmu.edu/~arebert/papers/mayhem-oakland-12.pdf "Unleashing MAYHEM on Binary Code" It seems they did it against Debian binaries... we might see "some fixes" soon. + +(Originally on Twitter: [Thu Jun 27 05:05:39 +0000 2013](https://twitter.com/adulau/status/350117702104395777)) +---- +@OVH @ovh_support_en You should add SSH fingerprints (RSA,(EC)DSA) in the Kimsufi setup email ;-) Thank you #infosec + +(Originally on Twitter: [Thu Jun 27 07:21:28 +0000 2013](https://twitter.com/adulau/status/350151882339127296)) +---- +http://low-priority.appspot.com/ollymigrate/ OllyMigrate = Debuggee live migration plugin and it seems to work From WinDbg to IDA. Interesting. + +(Originally on Twitter: [Thu Jun 27 08:32:49 +0000 2013](https://twitter.com/adulau/status/350169838381043713)) +---- +https://www.flickr.com/photos/adulau/9154800614/ A photo from a hotel room or a perspective to surveillance... (section 130) #sooc #photography #unabomber + +(Originally on Twitter: [Thu Jun 27 20:14:18 +0000 2013](https://twitter.com/adulau/status/350346371712290816)) +---- +@xme Or it's maybe a way to know if you are in the hotel. Trigger the alarm, @xme might send a tweet about it ;-) + +(Originally on Twitter: [Thu Jun 27 20:47:11 +0000 2013](https://twitter.com/adulau/status/350354646256189442)) +---- +RT @_Quack1: Stickers for @hack_lu received! Thanks @adulau ![](media/350356980151496704-BNy3mWYCMAAiSwe.jpg) + +(Originally on Twitter: [Thu Jun 27 20:56:28 +0000 2013](https://twitter.com/adulau/status/350356980151496704)) +---- +@BrianHonan @alastairharding On my private server over 1 day, it's 1765 TLS sessions over 1463 SMTP sessions without TLS. + +(Originally on Twitter: [Fri Jun 28 16:05:35 +0000 2013](https://twitter.com/adulau/status/350646165513048064)) +---- +@okoeroo Any link to share? + +(Originally on Twitter: [Fri Jun 28 17:56:11 +0000 2013](https://twitter.com/adulau/status/350674000072032257)) +---- +@ioerror It's everyday if you use one of the product doing A5/1-A5/2 real-time "decipher" like the DM51-28. + +(Originally on Twitter: [Fri Jun 28 21:12:17 +0000 2013](https://twitter.com/adulau/status/350723351460847616)) +---- +RT @AlainGerlache: Bonne idée! "Bruxelles devrait-elle accueillir Edward Snowden ?" http://clesnes.blog.lemonde.fr/2013/06/30/bruxelles-devrait-elle-accueillir-snowden/ + +(Originally on Twitter: [Sun Jun 30 20:43:38 +0000 2013](https://twitter.com/adulau/status/351440916382355457)) +---- +RT @circl_lu: http://www.commandfive.com/papers/C5_TA_2013_3925_AtlassianCrowd.pdf "Threat Advisory: Atlassian Crowd CVE­2013­3925" + +(Originally on Twitter: [Mon Jul 01 08:06:23 +0000 2013](https://twitter.com/adulau/status/351612734514794496)) +---- +http://arxiv.org/abs/1306.6729 An intercepting SSL proxy to solve the SSL interception problems. Maybe I should change my glasses? #infosec #fun + +(Originally on Twitter: [Mon Jul 01 11:39:46 +0000 2013](https://twitter.com/adulau/status/351666435552051200)) +---- +Digging into my malware repository to find some old junk that might become new buzz. #infosec everything old is new again. + +(Originally on Twitter: [Mon Jul 01 20:51:40 +0000 2013](https://twitter.com/adulau/status/351805323746619392)) +---- +@xme Indeed that's another junk-yard... I'm more in the mood of old stuff never detected that might become detected due to media buzz... + +(Originally on Twitter: [Mon Jul 01 20:58:24 +0000 2013](https://twitter.com/adulau/status/351807018727784449)) +---- +https://code.google.com/p/packetdrill/ "packetdrill: Scriptable Network Stack Testing, from Sockets to Packets" #usenix + +(Originally on Twitter: [Tue Jul 02 20:49:09 +0000 2013](https://twitter.com/adulau/status/352167081963298818)) +---- +@AcidRampage Good question. Until now, there is no accurate TCP reassembly with Python binding. We use Suricata for TCP reassembly with + +(Originally on Twitter: [Wed Jul 03 04:35:33 +0000 2013](https://twitter.com/adulau/status/352284454749872128)) +---- +@AcidRampage a tool called pcapdj (to be released soon) to do the dispatching to the NIDS. Regarding tcpflow, which one (simsong | jelson)? + +(Originally on Twitter: [Wed Jul 03 04:37:45 +0000 2013](https://twitter.com/adulau/status/352285005705256961)) +---- +@AcidRampage We did a paper some years ago http://www.foo.be/papers/wagener-dulaunoy-engel-networkforensicaccuracy.pdf "Towards an Estimation of the Accuracy of TCP Reassembly" nothing changed + +(Originally on Twitter: [Wed Jul 03 08:06:39 +0000 2013](https://twitter.com/adulau/status/352337577812037633)) +---- +If someone is going to #bsideslv and see the MLsec presentation/discussion, I won't mind to get some feedback. #ohm2013 collision... + +(Originally on Twitter: [Wed Jul 03 10:20:33 +0000 2013](https://twitter.com/adulau/status/352371274661629952)) +---- +My German and French colleagues told me a good news. So it's time to get rid of the monarchy in #Belgium + +(Originally on Twitter: [Wed Jul 03 15:51:24 +0000 2013](https://twitter.com/adulau/status/352454535115055106)) +---- +RT @hack_lu: We received many questions regarding the hack.lu 2013 cfp and the paper requirement. You can also send us your presentation al… + +(Originally on Twitter: [Wed Jul 03 19:12:15 +0000 2013](https://twitter.com/adulau/status/352505083944116225)) +---- +@AdvancedThreat I hope the packet handling functions improved in ngrep and especially the boundary checks ;-) + +(Originally on Twitter: [Wed Jul 03 19:15:23 +0000 2013](https://twitter.com/adulau/status/352505871881863168)) +---- +@AlainGerlache oui mais cette corrélation n'implique pas la causalité. "Cum hoc ergo propter hoc" + +(Originally on Twitter: [Wed Jul 03 19:19:58 +0000 2013](https://twitter.com/adulau/status/352507024862482432)) +---- +When I took this picture, I was thinking of all my old buggy scripts that I shouldn't use. https://www.flickr.com/photos/adulau/9178708646/ + +(Originally on Twitter: [Wed Jul 03 20:18:07 +0000 2013](https://twitter.com/adulau/status/352521657878970368)) +---- +@JBrokenshire @spyblog "collective security" I think you don't have the same definition of Immanuel Kant... + +(Originally on Twitter: [Wed Jul 03 20:47:33 +0000 2013](https://twitter.com/adulau/status/352529065850310657)) +---- +@rafi0t I think the factor of those "operational" crappy scripts is proportional to their ability to fix silly issues ;-/ + +(Originally on Twitter: [Wed Jul 03 21:21:39 +0000 2013](https://twitter.com/adulau/status/352537645726961664)) +---- +@rafi0t Thanks. So "old and abandoned" shed can be nice. Maybe this is also valid for ugly scripts ;-) + +(Originally on Twitter: [Wed Jul 03 21:22:59 +0000 2013](https://twitter.com/adulau/status/352537983645257728)) +---- +@ericfreyss Bien mais je contacte qui pour les malware réalisés par un gouvernement? Quelle procédure pour les criminels gouvernementaux ? + +(Originally on Twitter: [Thu Jul 04 20:18:02 +0000 2013](https://twitter.com/adulau/status/352884026614349825)) +---- +Maybe @cryptocatapp should use OpenPGPjs https://github.com/openpgpjs/openpgpjs/ even if crypto in a browser is always challenging... + +(Originally on Twitter: [Thu Jul 04 20:30:13 +0000 2013](https://twitter.com/adulau/status/352887093170667521)) +---- +http://fish2.com/ipmi/ "IPMI: Freight Train to Hell" and the recommendations to secure IPMI/BMC http://fish2.com/ipmi/bp.pdf + +(Originally on Twitter: [Thu Jul 04 20:39:35 +0000 2013](https://twitter.com/adulau/status/352889448444342272)) +---- +https://github.com/mattifestation/PowerSploit "PowerSploit - A PowerShell Post-Exploitation Framework" #windows #infosec #reversing + +(Originally on Twitter: [Thu Jul 04 20:48:14 +0000 2013](https://twitter.com/adulau/status/352891626005340160)) +---- +A remark for commercial IPS vendors using blacklists "# Web Shell by boff" can be detected if you do proper string matching. #blacklistsucks + +(Originally on Twitter: [Sat Jul 06 10:24:15 +0000 2013](https://twitter.com/adulau/status/353459369960148992)) +---- +Another remark for people using IPS/NIDS, know your flows, alert/drop on unknown flows and you can limit the use of blacklists. #infosec + +(Originally on Twitter: [Sat Jul 06 10:26:51 +0000 2013](https://twitter.com/adulau/status/353460026037379072)) +---- +RT @botherder: Autorun PDF pretending to be a SANS paper on spearphishing https://malwr.com/analysis/MzJlNTg2NDk2MWI5NDI3NmI2YTkzNzc0MjYyNjJiZWM/ just great. + +(Originally on Twitter: [Sat Jul 06 10:30:04 +0000 2013](https://twitter.com/adulau/status/353460836158799872)) +---- +@bleidl @kaepora @marshray @ralphholz Based on passive DNS, from 2011-11-08 until 2012-09-23 on 69.164.221.204. Then various IP addresses... + +(Originally on Twitter: [Sat Jul 06 10:39:09 +0000 2013](https://twitter.com/adulau/status/353463118124433408)) +---- +RT @hack_lu: If you are at #SIGINT and would like to submit another paper/presentation. The CFP deadline for @hack_lu is in less than 9 day… + +(Originally on Twitter: [Sat Jul 06 19:03:43 +0000 2013](https://twitter.com/adulau/status/353590098224357377)) +---- +RT @hashbreaker: TLS, SSH, car keys all have bad secret-key crypto. Come help us build a better future: http://2013.diac.cr.yp.to Registration… + +(Originally on Twitter: [Sun Jul 07 07:32:02 +0000 2013](https://twitter.com/adulau/status/353778417847644160)) +---- +@snazmeister and then, they will complain that they got lateral attacks initiated from a single system compromised in their infrastructure. + +(Originally on Twitter: [Sun Jul 07 07:36:15 +0000 2013](https://twitter.com/adulau/status/353779480826871808)) +---- +RT @isislovecruft: I finally released my Python GnuPG module on PyPI yesterday, and it was downloaded via pip 1000+ times. https://t.co/3CX… + +(Originally on Twitter: [Sun Jul 07 12:03:16 +0000 2013](https://twitter.com/adulau/status/353846675959332865)) +---- +@maradydd @marshray I'm wondering in which category Alexander Shulgin falls to? a chemist or chemical engineer. You often need of the two. + +(Originally on Twitter: [Sun Jul 07 18:31:03 +0000 2013](https://twitter.com/adulau/status/353944266210410497)) +---- +RT @mattblaze: While trying to figure out hotel shower found myself thinking, "this UI is worse than PGP". + +(Originally on Twitter: [Sun Jul 07 18:33:27 +0000 2013](https://twitter.com/adulau/status/353944869389086721)) +---- +@maradydd @marshray When he worked on Mexacarbate, it was not really at bench scale ;-) + +(Originally on Twitter: [Sun Jul 07 18:39:04 +0000 2013](https://twitter.com/adulau/status/353946284467552256)) +---- +@maradydd @marshray We should ask him. Maybe Jon Postel was a better case/example to complete your blog post ;-) + +(Originally on Twitter: [Sun Jul 07 18:52:08 +0000 2013](https://twitter.com/adulau/status/353949569509367808)) +---- +I'll be on Wednesday (and maybe before) at @rmll2013 doing a presentation about cve-search http://schedule2013.rmll.info/programme/technique/security/article/cve-search-un-logiciel-libre-der?lang=en + +(Originally on Twitter: [Sun Jul 07 19:03:44 +0000 2013](https://twitter.com/adulau/status/353952489306996737)) +---- +Today is the day of the BlueBox... I was expecting to hear 2600Hz signal but it seems more bingo-style. @Echo_tcx + +(Originally on Twitter: [Mon Jul 08 14:38:07 +0000 2013](https://twitter.com/adulau/status/354248034483314690)) +---- +@AcidRampage https://github.com/CIRCL/pcapdj pcapdj first version is now released. #infosec #networkforensic + +(Originally on Twitter: [Mon Jul 08 14:49:06 +0000 2013](https://twitter.com/adulau/status/354250798399623171)) +---- +Any feedback on http://unqlite.org/? Is it worth to investigate? #datastore cc/ @rafi0t + +(Originally on Twitter: [Mon Jul 08 21:10:23 +0000 2013](https://twitter.com/adulau/status/354346750586273792)) +---- +RT @Regiteric: @adulau is proposing to @xme a shared pastebin crawler to avoid blacklisting. If there is notification this will be poke & m… + +(Originally on Twitter: [Tue Jul 09 09:31:24 +0000 2013](https://twitter.com/adulau/status/354533233041477632)) +---- +@Regiteric presenting Suricata NIDS and explaining #Suricata is focusing on reassembly (IP, TCP, L7). Yep, keep it simple. #rmll2013 + +(Originally on Twitter: [Tue Jul 09 09:33:35 +0000 2013](https://twitter.com/adulau/status/354533783673896960)) +---- +@alainmaron N'oublie pas la liberté #0 de la FSF "any use" le logiciel libre peut servir à tout. même à la surveillance. Free4all #rmll2013 + +(Originally on Twitter: [Tue Jul 09 09:37:53 +0000 2013](https://twitter.com/adulau/status/354534864889974785)) +---- +@alainmaron En effet. En fait, on peut même dire que pouvoir répliquer ou tester les méthodes offensives permet de se protéger. #rmll2013 + +(Originally on Twitter: [Tue Jul 09 09:46:00 +0000 2013](https://twitter.com/adulau/status/354536909948719104)) +---- +https://coquelicot.potager.org/ An interesting application with “one-click” file sharing and a bit of #privacy. Maybe some crypto check? #rmll2013 + +(Originally on Twitter: [Wed Jul 10 08:07:08 +0000 2013](https://twitter.com/adulau/status/354874417005858816)) +---- +RT @cbrocas: want to know more things about #PostgreSQL #security ? come to H2215 room in #rmll2013 just now ! + +(Originally on Twitter: [Wed Jul 10 08:10:21 +0000 2013](https://twitter.com/adulau/status/354875224199675904)) +---- +RT @Regiteric: Brilliant method by @adulau and @circl_lu to deal with splitted pcap files in #suricata https://github.com/CIRCL/pcapdj #ids + +(Originally on Twitter: [Wed Jul 10 09:24:41 +0000 2013](https://twitter.com/adulau/status/354893931680505857)) +---- +RT @Regiteric: @adulau mentionning NIST has been compromised http://www.computerworld.com/s/article/9237605/U.S._NIST_s_vulnerability_database_hacked Did Oracle try to clean their Java records ? #rmll2013 … + +(Originally on Twitter: [Wed Jul 10 09:25:02 +0000 2013](https://twitter.com/adulau/status/354894020402618369)) +---- +RT @Regiteric: @adulau at #rmll2013: "Is not that Joomla is very vulnerable but it is a good example" #cve + +(Originally on Twitter: [Wed Jul 10 09:25:39 +0000 2013](https://twitter.com/adulau/status/354894173100445697)) +---- +@Regiteric is again doing joke about "software assurance maturity model" not about software but maturity... pfffff. + +(Originally on Twitter: [Wed Jul 10 09:30:40 +0000 2013](https://twitter.com/adulau/status/354895436139606017)) +---- +As @wimremes is solely relying on Twitter for communication, I put his tweet in the presentation ;-) #rmll2013 @xme + +(Originally on Twitter: [Wed Jul 10 09:32:31 +0000 2013](https://twitter.com/adulau/status/354895903145996288)) +---- +@_grk__ @xme Client side security... if you don't protect your software locally you have to do it yourself before using any public network. + +(Originally on Twitter: [Wed Jul 10 09:41:51 +0000 2013](https://twitter.com/adulau/status/354898252820258816)) +---- +@tomchop_ @Regiteric Until now, he is quite calm. I was expecting much more bad taste jokes in the past days... but his ratio is low. + +(Originally on Twitter: [Wed Jul 10 09:45:22 +0000 2013](https://twitter.com/adulau/status/354899134429401088)) +---- +RT @xme: "Logs are boring" @follc Tssss… They are fun! :-) #RMLL2013 + +(Originally on Twitter: [Wed Jul 10 10:07:02 +0000 2013](https://twitter.com/adulau/status/354904588115132417)) +---- +@lreerl @Regiteric @tomchop_ Mmmm be aware that the boundary with Belgian beers is not far away from Luxembourg. + +(Originally on Twitter: [Wed Jul 10 10:14:41 +0000 2013](https://twitter.com/adulau/status/354906513032224768)) +---- +@PierreDeruelle Oui je suppose que c'est le premier dans le classement qui sait programmer... ou pas? #classementbricbroc + +(Originally on Twitter: [Wed Jul 10 10:18:17 +0000 2013](https://twitter.com/adulau/status/354907419178049536)) +---- +RT @Regiteric: @adulau a bit stressed just before his talk about cve-search at #rmll2013 (poke @tricaud) ![](media/355043044430589952-BO0tEsTCMAAzN84.jpg) + +(Originally on Twitter: [Wed Jul 10 19:17:12 +0000 2013](https://twitter.com/adulau/status/355043044430589952)) +---- +@Regiteric @tricaud ROFL. I'm always stressed with such bear near me ;-) + +(Originally on Twitter: [Wed Jul 10 19:38:49 +0000 2013](https://twitter.com/adulau/status/355048483352358913)) +---- +RT @fant0ma5: Bunch of #hacklu stickers have already arrived @adulau @jeancreed1 @hack_lu #thnx ...see ya' in octuber ![](media/355317681014046720-BO1_EHsCcAAcq06.jpg) + +(Originally on Twitter: [Thu Jul 11 13:28:31 +0000 2013](https://twitter.com/adulau/status/355317681014046720)) +---- +Where is the priority? https://www.flickr.com/photos/adulau/9264658196/ #streetart #brussels #Bruxelles + +(Originally on Twitter: [Thu Jul 11 18:39:44 +0000 2013](https://twitter.com/adulau/status/355396003509182465)) +---- +@ilfak Could you confirm the SSL SHA1 fingerprint of http://www.hex-rays.com is ending with 6A:35:B8? (for the current IDA patches) thx + +(Originally on Twitter: [Fri Jul 12 08:41:12 +0000 2013](https://twitter.com/adulau/status/355607765793771520)) +---- +http://mumble.sourceforge.net/ If you are looking for secure voice group chat, Mumble is not too bad (ok, crypto should be reviewed). #privacy + +(Originally on Twitter: [Fri Jul 12 09:22:26 +0000 2013](https://twitter.com/adulau/status/355618142115999746)) +---- +RT @hack_lu: 40 hours to submit your great #infosec paper/presentation to @hack_lu 2013 CFP. We hope to see you soon. #conference http://t.… + +(Originally on Twitter: [Sat Jul 13 06:31:44 +0000 2013](https://twitter.com/adulau/status/355937572507222017)) +---- +I'm curious to see the first iteration of the XMPP/PGP messaging software to be done by @HemlisMessenger #infosec #privacy + +(Originally on Twitter: [Sat Jul 13 08:54:03 +0000 2013](https://twitter.com/adulau/status/355973386737942528)) +---- +https://github.com/infobyte/evilgrade "Evilgrade is a modular framework allows attackers to take advantage of poor upgrade by injecting fake updates." + +(Originally on Twitter: [Sat Jul 13 09:50:57 +0000 2013](https://twitter.com/adulau/status/355987706465095680)) +---- +http://elonka.com/kryptos/foia.html The FOIA request and document released by NSA about the Kryptos sculpture at CIA HQ. #fun #crypto + +(Originally on Twitter: [Sat Jul 13 16:05:25 +0000 2013](https://twitter.com/adulau/status/356081942908772352)) +---- +Another good reason keep your thistles... https://www.flickr.com/photos/adulau/9278832074/ #sooc #Nature + +(Originally on Twitter: [Sat Jul 13 18:27:07 +0000 2013](https://twitter.com/adulau/status/356117603569254400)) +---- +http://www.cs.uga.edu/~kangli/src/esorics.pdf "Measuring and Detecting Malware Downloads in Live Network Traffic" #malware #infosec + +(Originally on Twitter: [Sat Jul 13 20:38:07 +0000 2013](https://twitter.com/adulau/status/356150571339747329)) +---- +Next time, a web designer will explain to me that preg_replace in PHP cannot be abused I'll advice to read http://blog.sucuri.net/2013/07/malware-hidden-inside-jpg-exif-headers.html #wasnotme + +(Originally on Twitter: [Tue Jul 16 20:14:05 +0000 2013](https://twitter.com/adulau/status/357231685005352960)) +---- +RT @MatthiasStrubel: #piratebox #mesh testnet is up and ready for @PirateBoxCamp , visit and test it live http://register.piratebox.de #forban #… + +(Originally on Twitter: [Wed Jul 17 18:26:12 +0000 2013](https://twitter.com/adulau/status/357566922260348928)) +---- +@nyconyco Could you define "ugly"? I thought RFCs should be readable by everyone with any technologies including Braille terminal. @ietf + +(Originally on Twitter: [Wed Jul 17 18:31:17 +0000 2013](https://twitter.com/adulau/status/357568201376268289)) +---- +Just seen an ATM terminal in a supermarket with the X.25 connectivity directly patched with a DTE/DCE converter publicly accessible #infosec + +(Originally on Twitter: [Wed Jul 17 18:36:30 +0000 2013](https://twitter.com/adulau/status/357569515288145921)) +---- +http://www.theatlanticwire.com/politics/2013/07/nsa-admits-it-analyzes-more-peoples-data-previously-revealed/67287/ NSA admits to analyse data up to 3 hops of relationship. Do they use accumulo or something else for the graph db? + +(Originally on Twitter: [Wed Jul 17 19:24:50 +0000 2013](https://twitter.com/adulau/status/357581677188489216)) +---- +@duckduckgo How can you ensure that the search queries sent to your API partners are not containing personal information? (cf. AOL Search) + +(Originally on Twitter: [Wed Jul 17 20:14:43 +0000 2013](https://twitter.com/adulau/status/357594231897993217)) +---- +@yegg @duckduckgo Even without the IP addresses, you can group users based on their queries only. http://www.ramb.ethz.ch/CDstore/www2007/www2007.org/workshops/paper_52.pdf + +(Originally on Twitter: [Thu Jul 18 06:14:59 +0000 2013](https://twitter.com/adulau/status/357745294701641733)) +---- +@yegg @duckduckgo I'm sure you don't tie search sessions together but your "API" partners can still do it based on search queries. + +(Originally on Twitter: [Thu Jul 18 19:02:23 +0000 2013](https://twitter.com/adulau/status/357938419269242881)) +---- +@yegg @duckduckgo I know but the search keywords by themselves can be a way to group users. Do you introduce random noise in search queries? + +(Originally on Twitter: [Thu Jul 18 19:58:29 +0000 2013](https://twitter.com/adulau/status/357952535132246016)) +---- +@wimremes @hakmem @ilektrojohn I can add a cpe filter to get new entries in cve-search/dump_last.py https://github.com/adulau/cve-search/blob/master/dump_last.py let me know. + +(Originally on Twitter: [Fri Jul 19 20:00:26 +0000 2013](https://twitter.com/adulau/status/358315412636700672)) +---- +http://scruss.com/blog/2013/06/07/well-that-was-unexpected-the-raspberry-pis-hardware-random-number-generator/ Ok but maybe using Havege would help a bit to limit the hardware RNG issue. #crypto #RaspberryPi + +(Originally on Twitter: [Fri Jul 19 20:07:59 +0000 2013](https://twitter.com/adulau/status/358317312966795264)) +---- +@hakmem @cvedetails @wimremes @ilektrojohn If the email alert notification based on CPE (from cve-search) is enough for you, I could host it + +(Originally on Twitter: [Sun Jul 21 20:22:35 +0000 2013](https://twitter.com/adulau/status/359045765886263297)) +---- +Took some pictures of artworks from Sarkis Zabunyan http://www.flickr.com/photos/adulau/9338738872/ http://www.flickr.com/photos/adulau/9335843875/ Interesting work. #art #Photography + +(Originally on Twitter: [Sun Jul 21 21:14:59 +0000 2013](https://twitter.com/adulau/status/359058949636501504)) +---- +@ioerror It seems that Fahrenheit 451 is missing from the bibliography of this thesis... + +(Originally on Twitter: [Sun Jul 21 22:04:58 +0000 2013](https://twitter.com/adulau/status/359071530816258048)) +---- +@cvedetails @jduck @hakmem @ilektrojohn @wimremes OVH kimsufi is much cheaper 20,- EUR / Monthly for a real hardware. http://www.kimsufi.com/fr/ + +(Originally on Twitter: [Mon Jul 22 06:25:46 +0000 2013](https://twitter.com/adulau/status/359197561938132993)) +---- +A good news for Suricata / @OISFoundation ? Cisco just acquired Sourcefire... #security #nids cc/ @Regiteric + +(Originally on Twitter: [Tue Jul 23 12:59:08 +0000 2013](https://twitter.com/adulau/status/359658942709776384)) +---- +Sometime you just rewrite a whole set of Python classes to read XML and then the day after you find xmltodict https://github.com/martinblech/xmltodict + +(Originally on Twitter: [Tue Jul 23 20:47:00 +0000 2013](https://twitter.com/adulau/status/359776683894652928)) +---- +@ericfreyss Clearly, theirs. I just ditched my repo... and concentrated on the interesting part. + +(Originally on Twitter: [Tue Jul 23 21:10:37 +0000 2013](https://twitter.com/adulau/status/359782628884361217)) +---- +@Lapeluche You're welcome. I think the xmltodict library should be in Python 2 and 3. #python #xml + +(Originally on Twitter: [Tue Jul 23 21:12:27 +0000 2013](https://twitter.com/adulau/status/359783088173228033)) +---- +For the ones using misp-bloomfilter with the recent version of MISP (develop branch), I updated misp-bloomfilter https://github.com/MISP/misp-bloomfilter + +(Originally on Twitter: [Wed Jul 24 12:36:01 +0000 2013](https://twitter.com/adulau/status/360015512383651840)) +---- +@i0n1c Or they really know well your expenses and decided to block for moral/ethical reasons ;-) + +(Originally on Twitter: [Wed Jul 24 13:14:25 +0000 2013](https://twitter.com/adulau/status/360025176722784256)) +---- +@rommelfs I found another "synonym" #polyhedron simple and efficient. + +(Originally on Twitter: [Wed Jul 24 13:15:14 +0000 2013](https://twitter.com/adulau/status/360025381316730884)) +---- +@rommelfs Indeed but in this case it's not about introducing entropy in the discussion more about Brillouin scattering in tapped fibers... + +(Originally on Twitter: [Wed Jul 24 16:20:54 +0000 2013](https://twitter.com/adulau/status/360072104722440194)) +---- +RT @CryptoPartyLux: CryptoPary Lux 6 - Now more than ever... TODAY, 19:00 Konrad Cafe, see you there? #cryptolux ![](media/360287745735802881-BPrhpN6CEAAMaDh.png) + +(Originally on Twitter: [Thu Jul 25 06:37:47 +0000 2013](https://twitter.com/adulau/status/360287745735802881)) +---- +If you are at @ohm2013 and you would like a @hack_lu sticker there will be various (random?) distribution points... + +(Originally on Twitter: [Thu Jul 25 06:45:08 +0000 2013](https://twitter.com/adulau/status/360289595834896384)) +---- +http://eprint.iacr.org/2013/448.pdf Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack to get RSA keys from GnuPG + debug symbols. + +(Originally on Twitter: [Fri Jul 26 09:51:54 +0000 2013](https://twitter.com/adulau/status/360698988430766080)) +---- +RT @circl_lu: https://www.circl.lu/projects/CIRCLean/ CIRCLean a hardware and software solution to clean malicious documents from unknown USB drives. #Rasp… + +(Originally on Twitter: [Fri Jul 26 13:37:01 +0000 2013](https://twitter.com/adulau/status/360755637396836352)) +---- +@vbenard @francbelge It's not a very huge cost... A single EPR nuclear reactor is around EUR 10 billion and have produced nothing until now. + +(Originally on Twitter: [Sat Jul 27 06:20:19 +0000 2013](https://twitter.com/adulau/status/361008127245688832)) +---- +@vbenard @francbelge Without including the cost of the "sponsored" cost of electricity for the centralized transport. Energy is not cheap. + +(Originally on Twitter: [Sat Jul 27 06:23:40 +0000 2013](https://twitter.com/adulau/status/361008971387109377)) +---- +@vbenard @francbelge Producing and transporting energy was never cheap. Changing source of productions (and transport) is required. + +(Originally on Twitter: [Sat Jul 27 06:25:51 +0000 2013](https://twitter.com/adulau/status/361009520329240576)) +---- +@vbenard @francbelge If you look at the initial move from charcoal to nuclear, the cost of investment was really huge and paid by consumers. + +(Originally on Twitter: [Sat Jul 27 06:28:18 +0000 2013](https://twitter.com/adulau/status/361010136887730177)) +---- +@francbelge @vbenard Nuclear fission (as we know it) has many issues. There are many opportunities (from fusion to others) for the future. + +(Originally on Twitter: [Sat Jul 27 16:38:06 +0000 2013](https://twitter.com/adulau/status/361163599986700288)) +---- +RT @circl_lu: https://www.circl.lu/files/CIRCL-MISP.pdf Malware Information Sharing Platform or How to Share Efficiently IOCs. #infosec #malware + +(Originally on Twitter: [Mon Jul 29 09:56:29 +0000 2013](https://twitter.com/adulau/status/361787301795344384)) +---- +@lpenet @pbeyssac Le ratio d'asymétrie est nettement plus grand près de l'utilisateur que sur le backbone de l'infrastructure ;-) + +(Originally on Twitter: [Mon Jul 29 09:58:42 +0000 2013](https://twitter.com/adulau/status/361787861185478656)) +---- +Weather forecast is sometime just like NSA interception, you don't know where it is but you know this is affecting you. #OHM2013 + +(Originally on Twitter: [Wed Jul 31 16:32:40 +0000 2013](https://twitter.com/adulau/status/362611780867993601)) +---- +It seems that some people need to participate to the graffiti workshop #OHM2013 in order to improve their skill for tonight? ;-) + +(Originally on Twitter: [Thu Aug 01 07:06:42 +0000 2013](https://twitter.com/adulau/status/362831739363672065)) +---- +https://github.com/DrDub/urlclassy "URL Classy: Guessing a class for a URL only from its text" #OHM2013 looks interesting but in Node.JS ;-) + +(Originally on Twitter: [Thu Aug 01 13:14:24 +0000 2013](https://twitter.com/adulau/status/362924273771356161)) +---- +A new tendency pops up, someone got an idea, create an empty repository in @github and ask for people to write the software... mmm #OHM2013 + +(Originally on Twitter: [Thu Aug 01 13:49:51 +0000 2013](https://twitter.com/adulau/status/362933194502311937)) +---- +@FredericJacobs It makes sense when you have an idea where you want to go and write some code in the future. In the LT, it was a cold call. + +(Originally on Twitter: [Thu Aug 01 13:59:07 +0000 2013](https://twitter.com/adulau/status/362935528934486020)) +---- +@nederhoed How did you manage to pack your bitcoins? By the way, there are already many humans at #OHM2013 ;-) + +(Originally on Twitter: [Fri Aug 02 08:11:35 +0000 2013](https://twitter.com/adulau/status/363210456862699521)) +---- +RT @leashless: An argument that crypto isn't effective hinges on microsoft buying skype to give the NSA access. Credible? #OHM2013 https://… + +(Originally on Twitter: [Fri Aug 02 08:18:40 +0000 2013](https://twitter.com/adulau/status/363212237437009921)) +---- +@MatthiasStrubel Yep, there is also FLUTE http://tools.ietf.org/html/rfc3926 RFC3926 works well for unidirectional communication. + +(Originally on Twitter: [Fri Aug 02 09:49:13 +0000 2013](https://twitter.com/adulau/status/363235025325535232)) +---- +https://github.com/tiago4orion/malelficus "Malelficus is a malefic tool for dissect and infect a ELF binary." #infosec #malware + +(Originally on Twitter: [Fri Aug 02 14:31:04 +0000 2013](https://twitter.com/adulau/status/363305958040027140)) +---- +RT @OpheliaNoor: #photogeek @taziden under fire / one nikon & two canon shooters at @laquadrature tent in #ohm2013 http://instagram.com/p/cj9fRkHPqB/ + +(Originally on Twitter: [Sun Aug 04 00:10:08 +0000 2013](https://twitter.com/adulau/status/363814070299799552)) +---- +RT @DidierStevens: Released Rovnix PCAP http://bit.ly/192q0Sy + +(Originally on Twitter: [Sun Aug 04 21:09:42 +0000 2013](https://twitter.com/adulau/status/364131051230085120)) +---- +https://gist.github.com/mbijon/6151638 "Tor fingerprinting code-injection" The tracking seems to be done using cookies... simple and efficient. + +(Originally on Twitter: [Sun Aug 04 21:11:36 +0000 2013](https://twitter.com/adulau/status/364131528457986048)) +---- +A photo at the interesting talk "Ethics and Power in the Long War" of @Dymaxion http://www.flickr.com/photos/adulau/9439827808/ at Noisy Square #OHM2013 + +(Originally on Twitter: [Sun Aug 04 21:24:18 +0000 2013](https://twitter.com/adulau/status/364134726627360769)) +---- +RT @Echo_tcx: One can wonder if the FBI read in this paper. Torinj: Automated Exploitation Malware Targeting Tor Users http://t.co/N7PrPDEw… + +(Originally on Twitter: [Mon Aug 05 08:39:44 +0000 2013](https://twitter.com/adulau/status/364304705372958720)) +---- +@Echo_tcx It might be. When we did the paper, we did two parts: exploiting users via exit nodes and using a tracking scheme with DNS/image. + +(Originally on Twitter: [Mon Aug 05 08:42:06 +0000 2013](https://twitter.com/adulau/status/364305301295472642)) +---- +@Echo_tcx For the recent attack, cookies was used (easier than DNS tracking) as many Tor users still use Javascript, it was pretty simple. + +(Originally on Twitter: [Mon Aug 05 08:47:18 +0000 2013](https://twitter.com/adulau/status/364306608412565505)) +---- +@Echo_tcx @torproject The attacker is taking the cheapest path and in this is case, this is the user and his/her browser. + +(Originally on Twitter: [Mon Aug 05 08:53:30 +0000 2013](https://twitter.com/adulau/status/364308168769159168)) +---- +@kalenz Reviews for @hack_lu 2013 are still ongoing. We will notify as soon as possible the authors. Thank you. + +(Originally on Twitter: [Mon Aug 05 10:05:46 +0000 2013](https://twitter.com/adulau/status/364326356286324736)) +---- +@taziden at #OHM2013 enjoyed to play the photo model... http://www.flickr.com/photos/adulau/9444185723/ cc/ @laquadrature + +(Originally on Twitter: [Mon Aug 05 19:50:34 +0000 2013](https://twitter.com/adulau/status/364473526205427712)) +---- +RT @circl_lu: Backdoor in current download packages of OpenX-2.8.10 http://xclose.de/wordpress/268/backdoor-in-current-download-packages-of-openx-2-8-10 #openx #infosec #backdoor + +(Originally on Twitter: [Tue Aug 06 06:04:26 +0000 2013](https://twitter.com/adulau/status/364628007085809664)) +---- +@OpenX Did you make a security notification regarding the backdoored version of OpenX in the wild? Thank you. + +(Originally on Twitter: [Tue Aug 06 09:27:03 +0000 2013](https://twitter.com/adulau/status/364679000863412225)) +---- +@HoffmannMich At least it would have been much more sexy. ranking versus pranking ;-) + +(Originally on Twitter: [Tue Aug 06 12:38:27 +0000 2013](https://twitter.com/adulau/status/364727165964656640)) +---- +Usually XML is boring http://blog.diniscruz.com/2013/08/using-xmldecoder-to-execute-server-side.html but here using XMLDecoder to execute server-side code. It's much more fun... #java #xml + +(Originally on Twitter: [Tue Aug 06 19:46:43 +0000 2013](https://twitter.com/adulau/status/364834942024302592)) +---- +@0xDUDE @DrWhax Indeed the lack of courtesy might limit the progress. On the other hand, authority should not be coercive to engage future. + +(Originally on Twitter: [Wed Aug 07 07:41:30 +0000 2013](https://twitter.com/adulau/status/365014824289181697)) +---- +Does someone know an existing datastore schema/free software to store FFT or spectral waveforms? with a nice query interface? #fft #lazy + +(Originally on Twitter: [Thu Aug 08 14:02:31 +0000 2013](https://twitter.com/adulau/status/365473096414666752)) +---- +@OccupyMyCat Good idea. Do you know a good one released as free software? + +(Originally on Twitter: [Thu Aug 08 14:31:14 +0000 2013](https://twitter.com/adulau/status/365480327348617218)) +---- +@rsasecurity @arstechnica Could you share MD5 hashes of the trojan mentioned in your blog post? #malware + +(Originally on Twitter: [Fri Aug 09 06:19:38 +0000 2013](https://twitter.com/adulau/status/365718996235993089)) +---- +I discover the most insane side of @r00tbsd he eats milk chocolate with nuts... + +(Originally on Twitter: [Fri Aug 09 11:40:14 +0000 2013](https://twitter.com/adulau/status/365799679407038464)) +---- +@joernchen in red smokes at @ohm2013 https://www.flickr.com/photos/adulau/9474908424/ #Photography #red + +(Originally on Twitter: [Fri Aug 09 19:02:24 +0000 2013](https://twitter.com/adulau/status/365910953088401408)) +---- +@joernchen It's just the atmosphere ;-) + +(Originally on Twitter: [Fri Aug 09 19:17:33 +0000 2013](https://twitter.com/adulau/status/365914766331490305)) +---- +RT @circl_lu: http://blog.ptsecurity.com/2013/08/saps-backdoor.html SAP's Backdoor fixed in SAP Note 1844202. Don't forget to apply patches and notes from the vendor. #sa… + +(Originally on Twitter: [Sat Aug 10 05:10:21 +0000 2013](https://twitter.com/adulau/status/366063947897516036)) +---- +@thegrugq @pentesteur @adesnos @efiliol You can also avoid crypto attacks when targeting exit nodes http://arxiv.org/abs/1208.2877 (TorInj/2009) + +(Originally on Twitter: [Mon Aug 12 09:52:55 +0000 2013](https://twitter.com/adulau/status/366859836345954305)) +---- +@quinnnorton @PiratePartyIS Thank you for the update. "pull" request merged https://gist.github.com/adulau/6209099 + +(Originally on Twitter: [Mon Aug 12 18:52:03 +0000 2013](https://twitter.com/adulau/status/366995512198561794)) +---- +http://shell-storm.org/blog/Taint-analysis-and-pattern-matching-with-Pin/ Taint analysis and pattern matching with Pin + +(Originally on Twitter: [Mon Aug 12 19:30:31 +0000 2013](https://twitter.com/adulau/status/367005193751105536)) +---- +@windsheep_ @thegrugq Bloomfilter can be a privacy enhancement as long as you cannot enumerate the keys that you are searching for... + +(Originally on Twitter: [Tue Aug 13 07:50:55 +0000 2013](https://twitter.com/adulau/status/367191521939816448)) +---- +RT @fredraynal: #Dilbert and #PRISM needs no comment: http://dilbert.com/strips/comic/2013-08-13 :D + +(Originally on Twitter: [Tue Aug 13 09:16:45 +0000 2013](https://twitter.com/adulau/status/367213123448471552)) +---- +@ioerror My favorite is D3.js and as an example you can see what you can do with it for showing CVE/NVD used words. http://www.foo.be/cve/ + +(Originally on Twitter: [Fri Aug 16 21:34:58 +0000 2013](https://twitter.com/adulau/status/368486063875977217)) +---- +@ioerror How large is your dataset? The main issue is to find the accurate lemmatizer to show the interesting/augmented words + +(Originally on Twitter: [Fri Aug 16 21:40:06 +0000 2013](https://twitter.com/adulau/status/368487357768409088)) +---- +@ioerror The size seems quite manageable. Now if the frequencies can be easily partitioned, an icicle diagram might be easier to read. + +(Originally on Twitter: [Fri Aug 16 21:45:00 +0000 2013](https://twitter.com/adulau/status/368488590210134016)) +---- +http://silentcircle.wordpress.com/2013/08/17/reply-to-zooko/ Reply to @zooko an interesting view about trusting trust and encryption services. + +(Originally on Twitter: [Sat Aug 17 07:18:07 +0000 2013](https://twitter.com/adulau/status/368632816604438528)) +---- +RT @fpietrosanti: ZMap can discover 86% of Hidden Tor Bridges with an internet-wide scan in 45minutes over a Gigabit link http://t.co/0QZoT… + +(Originally on Twitter: [Sat Aug 17 07:21:37 +0000 2013](https://twitter.com/adulau/status/368633698293272576)) +---- +A delivery for Mr. Assange, an art work http://wwwwwwwwwwwwwwwwwwwwww.bitnik.org/assange/ #art + +(Originally on Twitter: [Sun Aug 18 07:07:11 +0000 2013](https://twitter.com/adulau/status/368992454323605504)) +---- +Sometimes you can be very upset while "riding" your caravan https://www.flickr.com/photos/adulau/9558781678/ #chassepierre + +(Originally on Twitter: [Tue Aug 20 21:03:59 +0000 2013](https://twitter.com/adulau/status/369927818303381504)) +---- +My age is Bradley Manning sentence plus one year... I'm feeling very sad. + +(Originally on Twitter: [Wed Aug 21 14:45:30 +0000 2013](https://twitter.com/adulau/status/370194958164037632)) +---- +set/export SSLKEYLOGFILE to a namepipe via your favorite C&C along with encrypted TLS and then you are the king of the petrol... #SSL + +(Originally on Twitter: [Thu Aug 22 09:49:00 +0000 2013](https://twitter.com/adulau/status/370482729785098241)) +---- +@adulau The disclaimer: this trick only work for Firefox and Chrome. + +(Originally on Twitter: [Thu Aug 22 09:49:59 +0000 2013](https://twitter.com/adulau/status/370482976355659776)) +---- +http://blog.h3xstream.com/2013/08/esapi-when-authenticated-encryption.html "ESAPI : When authenticated encryption goes wrong" Doing crypto API right is fucking difficult... + +(Originally on Twitter: [Fri Aug 23 10:20:32 +0000 2013](https://twitter.com/adulau/status/370853051193495552)) +---- +RT @circl_lu: We see an increase of VNC network scanning and abuse. If you have any VNC services on Internet, you should filter or disable … + +(Originally on Twitter: [Mon Aug 26 08:15:08 +0000 2013](https://twitter.com/adulau/status/371908656419196928)) +---- +http://repzret.org/p/detecting-valgrind/ Detecting Valgrind + +(Originally on Twitter: [Tue Aug 27 05:27:50 +0000 2013](https://twitter.com/adulau/status/372228942888849408)) +---- +https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_golde.pdf "Exploiting Broadcast Information in Cellular Networks" A clever way for jamming GSM networks. #infosec + +(Originally on Twitter: [Tue Aug 27 08:27:40 +0000 2013](https://twitter.com/adulau/status/372274199215108096)) +---- +RT @gpakosz: @jedisct1 @adulau @sustrik or… bring in the valgrind.h header and use the RUNNING_ON_VALGRIND macro to detect you're running i… + +(Originally on Twitter: [Tue Aug 27 18:41:41 +0000 2013](https://twitter.com/adulau/status/372428721015103489)) +---- +http://www.flickr.com/photos/adulau/9610325304/ A matter of perspective to escape from computer-controlled minds... #Photography #sooc + +(Originally on Twitter: [Tue Aug 27 20:25:48 +0000 2013](https://twitter.com/adulau/status/372454923264212992)) +---- +@xme http://satoss.uni.lu/seminars/srm/pdfs/2012-Alexandre-Dulaunoy.pdf "the weakest link" is one of the attacker principle. There are some variants on attacker principles (page 4). + +(Originally on Twitter: [Wed Aug 28 07:39:03 +0000 2013](https://twitter.com/adulau/status/372624354791534592)) +---- +RT @circl_lu: https://www.circl.lu/pub/tr-15/ "Hand of Thief/Hanthie Linux Malware - Detection and Remediation" #malware #linux #hanthie + +(Originally on Twitter: [Wed Aug 28 13:19:06 +0000 2013](https://twitter.com/adulau/status/372709929259253761)) +---- +@ErrataRob @chort0 TCP/HTTP reassembly with Suricata over 1Gbps can be challenging especially with subtle memory leaks but its improving. + +(Originally on Twitter: [Wed Aug 28 19:53:43 +0000 2013](https://twitter.com/adulau/status/372809237698592768)) +---- +@ErrataRob @chort0 Leaks. We are currently trying to find where in LibHTP the leak is coming from but reproducing on live traffic is hard. + +(Originally on Twitter: [Wed Aug 28 20:03:22 +0000 2013](https://twitter.com/adulau/status/372811666758443008)) +---- +@ErrataRob @chort0 True leaks have a tendency to stay with complex L4+ decoding scheme and complex rules. Some proprietary IDS restarts + +(Originally on Twitter: [Wed Aug 28 20:06:50 +0000 2013](https://twitter.com/adulau/status/372812539500847104)) +---- +@ErrataRob @chort0 their engine at regular interval (and by so resetting TCP reassembly). But it's usually not mentioned in the doc... + +(Originally on Twitter: [Wed Aug 28 20:09:03 +0000 2013](https://twitter.com/adulau/status/372813097922084864)) +---- +@ErrataRob @chort0 We wanted to replay very large pcap captures for debugging and net forensic, so we did pcapdj https://github.com/CIRCL/pcapdj + +(Originally on Twitter: [Wed Aug 28 20:12:11 +0000 2013](https://twitter.com/adulau/status/372813885834678272)) +---- +@chort0 @ErrataRob IMHO it is more encouraging with Suricata or Bro than with any other proprietary NIDS. At least, you can still debug it. + +(Originally on Twitter: [Wed Aug 28 20:18:12 +0000 2013](https://twitter.com/adulau/status/372815401161203712)) +---- +RT @circl_lu: https://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=23082 "Intel Processor Microcode Data File" updated due to critical security issue affecting 32-bit VMs (PA… + +(Originally on Twitter: [Tue Sep 03 12:24:16 +0000 2013](https://twitter.com/adulau/status/374870458803310592)) +---- +http://blog.erratasec.com/2013/09/tor-is-still-dhe-1024-nsa-crackable.html "Tor is still DHE 1024 (NSA crackable)" and don't forget Tor clients doing OCSP via exit nodes. (blackhole is cheap) + +(Originally on Twitter: [Fri Sep 06 20:37:00 +0000 2013](https://twitter.com/adulau/status/376081620270186497)) +---- +@cedricpernet Good question. It would be nice if @symantec could share some MD5. A more complete reversing might give more details... + +(Originally on Twitter: [Mon Sep 09 07:46:50 +0000 2013](https://twitter.com/adulau/status/376974966513623041)) +---- +RT @pinkflawd: \w/-_-\w/ officially speaker at hack.lu in luxembourg end of october + +(Originally on Twitter: [Mon Sep 09 07:50:55 +0000 2013](https://twitter.com/adulau/status/376975995275722752)) +---- +http://www.dni.gov/index.php/newsroom/press-releases/191-press-releases-2013/926-statement-by-director-of-national-intelligence-james-r-clapper-on-allegations-of-economic-espionage Read between the lines, you'll be surprised. + +(Originally on Twitter: [Mon Sep 09 15:01:55 +0000 2013](https://twitter.com/adulau/status/377084460199460864)) +---- +If you are using Tor on Ubuntu, you might want to say that you are affected by having the 2.3 version only https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1222662 #tor + +(Originally on Twitter: [Mon Sep 09 20:12:48 +0000 2013](https://twitter.com/adulau/status/377162696723947520)) +---- +@zooko DNI somehow acknowledged to steal information (even economic intel) but it's not on behalf of US companies. or maybe I'm wrong... + +(Originally on Twitter: [Mon Sep 09 20:21:13 +0000 2013](https://twitter.com/adulau/status/377164813115203584)) +---- +RT @circl_lu: http://cve.circl.lu/cve/CVE-2013-3657 "Buffer overflow in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to run a… + +(Originally on Twitter: [Tue Sep 10 13:06:42 +0000 2013](https://twitter.com/adulau/status/377417852535324672)) +---- +http://www.nist.gov/director/cybersecuritystatement-091013.cfm "If vulnerabilities are found in these or any other NIST standards, we will work with the cryptographic community." + +(Originally on Twitter: [Tue Sep 10 14:54:41 +0000 2013](https://twitter.com/adulau/status/377445026512371712)) +---- +If you are curious about the currently implemented curves in gcrypt/GnuPG: http://www.gnupg.org/documentation/manuals/gcrypt-devel/ECC-key-parameters.html or libgcrypt/cipher/ecc-curves.c + +(Originally on Twitter: [Wed Sep 11 04:41:36 +0000 2013](https://twitter.com/adulau/status/377653127563845632)) +---- +@OSVDB Any news regarding the data feed of OSVDB? That would be cool to integrate it with cve-search https://github.com/adulau/cve-search thank you + +(Originally on Twitter: [Wed Sep 11 16:44:16 +0000 2013](https://twitter.com/adulau/status/377834990433628160)) +---- +@mruef That would be awesome. Until now, I'm using the vfeed that includes the reference to scip.ch but if you have a more complete feed. + +(Originally on Twitter: [Wed Sep 11 20:30:04 +0000 2013](https://twitter.com/adulau/status/377891814625124352)) +---- +I think the market for faraday bags will explode in the next months... #mobiletrackingdevices #phone + +(Originally on Twitter: [Wed Sep 11 20:48:54 +0000 2013](https://twitter.com/adulau/status/377896555564380160)) +---- +@rafi0t Right but it's an additional measure when you switch-off your phone to be sure that you have a physical barrier.. + +(Originally on Twitter: [Thu Sep 12 06:20:31 +0000 2013](https://twitter.com/adulau/status/378040409483522048)) +---- +@mruef Do you know if your RSS contains more than vFeed? I might use it if this is the case. Thanks for the info. + +(Originally on Twitter: [Thu Sep 12 06:45:26 +0000 2013](https://twitter.com/adulau/status/378046676390268928)) +---- +@lsinger Are you conducting a research about GitHub user? If yes, it's better to send plain ASCII email with the questions ;-) #infosec + +(Originally on Twitter: [Thu Sep 12 18:24:59 +0000 2013](https://twitter.com/adulau/status/378222724784476160)) +---- +@rafi0t A GSM phone can still do emergency calls without the SIM... BCCH scan and joining the "burst" channel (RACH) and so on... + +(Originally on Twitter: [Thu Sep 12 18:31:11 +0000 2013](https://twitter.com/adulau/status/378224286193827840)) +---- +RT @esizkur: "The only way I can conceptually understand ∞ is by imagining the number of available, unpatched windows systems in the world"… + +(Originally on Twitter: [Fri Sep 13 19:29:59 +0000 2013](https://twitter.com/adulau/status/378601473069694976)) +---- +http://www.flickr.com/photos/adulau/9738113830/ We knew that they were smoking... #photography + +(Originally on Twitter: [Fri Sep 13 20:10:21 +0000 2013](https://twitter.com/adulau/status/378611630679916544)) +---- +RT @hack_lu: Some of the confirmed speakers are now online for @hack_lu 2013 http://2013.hack.lu/index.php/List #infosec #conference #luxembourg more f… + +(Originally on Twitter: [Fri Sep 13 21:16:45 +0000 2013](https://twitter.com/adulau/status/378628340933873664)) +---- +@grsecurity At least it's fixed and well documented... Now the fun part, who is using the most such config to carry SS7 over SCTP? ;-) + +(Originally on Twitter: [Sat Sep 14 08:03:06 +0000 2013](https://twitter.com/adulau/status/378791001076158464)) +---- +@ErrataRob Thanks for the scan. Do you plan to run it to fetch the ECDSA, RSA and DSA public keys of each host? + +(Originally on Twitter: [Sat Sep 14 09:23:44 +0000 2013](https://twitter.com/adulau/status/378811289432113152)) +---- +RT @ErrataRob: @adulau Yea, I'm going to create a distribute of which keys people use, what sizes, and of course, try to see if any RSA has… + +(Originally on Twitter: [Sat Sep 14 20:34:08 +0000 2013](https://twitter.com/adulau/status/378980002294816768)) +---- +Falling down on the rail... everything is possible with #photography #sooc http://www.flickr.com/photos/adulau/9761252786/ + +(Originally on Twitter: [Sun Sep 15 17:13:32 +0000 2013](https://twitter.com/adulau/status/379291906431139840)) +---- +RT @GPGTools: @pohutukawa Verify the signature of the longer tweet. Verify the key our GPG Suite package on http://gpgtools.org is signe… + +(Originally on Twitter: [Sun Sep 15 21:09:49 +0000 2013](https://twitter.com/adulau/status/379351370635030528)) +---- +I just heard in the train "We won't upgrade from SAS 9.1 to SAS 9.3 due to security" You know reverse security upgrade... #rolf + +(Originally on Twitter: [Tue Sep 17 17:33:38 +0000 2013](https://twitter.com/adulau/status/380021743949066240)) +---- +@julianor Mangling the padding size of the SSL record... + +(Originally on Twitter: [Tue Sep 17 18:10:30 +0000 2013](https://twitter.com/adulau/status/380031021887913985)) +---- +@julianor The padding affects the MAC checking where bad and good padding leading to have one packet to be processed before the other one. + +(Originally on Twitter: [Tue Sep 17 18:17:42 +0000 2013](https://twitter.com/adulau/status/380032831881089024)) +---- +@julianor I think a similar attacks was described against DTLS allowing to recover plain-text by a statistical analysis of the timing. + +(Originally on Twitter: [Tue Sep 17 18:20:58 +0000 2013](https://twitter.com/adulau/status/380033652920291328)) +---- +@Cyr_ I was just wondering which Belgian administration is using SAS (the business analytic software) and stopping upgrade due to security. + +(Originally on Twitter: [Tue Sep 17 19:46:11 +0000 2013](https://twitter.com/adulau/status/380055098593779712)) +---- +@cudeso Good catch. Social security. They were talking about "survey" of families and stuff like that. Might worth to investigate. + +(Originally on Twitter: [Tue Sep 17 19:50:27 +0000 2013](https://twitter.com/adulau/status/380056175363895296)) +---- +@cudeso The XML file indeed contains a reference to version 9.1. I let you check ;-) + +(Originally on Twitter: [Tue Sep 17 19:54:52 +0000 2013](https://twitter.com/adulau/status/380057286867038208)) +---- +http://blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workaround-available.aspx "CVE-2013-3893: Fix it workaround available" + +(Originally on Twitter: [Tue Sep 17 20:07:00 +0000 2013](https://twitter.com/adulau/status/380060336411258880)) +---- +http://soundcloud.com/steveclement/prism-uni-lu-ville-desch For the ones interested in the #PRISM discussion at Ville d'Esch /UNI.lu cc/ @rbidule @sam280 + +(Originally on Twitter: [Wed Sep 18 16:32:27 +0000 2013](https://twitter.com/adulau/status/380368733740335104)) +---- +RT @OpenMalware: x86 mov instruction is turing complete. Malware written using just mov in 3..2..1… http://www.cl.cam.ac.uk/~sd601/papers/mov.pdf + +(Originally on Twitter: [Wed Sep 18 16:33:38 +0000 2013](https://twitter.com/adulau/status/380369029057097728)) +---- +RT @kevinallix: @OpenMalware @adulau The last paragraph of the conclusion is just Epic :-) + +(Originally on Twitter: [Wed Sep 18 16:48:24 +0000 2013](https://twitter.com/adulau/status/380372745860575232)) +---- +@sam280 Good question. I suppose they didn't invite CIRCL because it was not a technical presentation or something like that ;-) @rbidule + +(Originally on Twitter: [Thu Sep 19 07:05:56 +0000 2013](https://twitter.com/adulau/status/380588550682447873)) +---- +@thegrugq @rafi0t We are just missing some slides... but I suppose they might follow in the next days or weeks. + +(Originally on Twitter: [Fri Sep 20 09:06:33 +0000 2013](https://twitter.com/adulau/status/380981295725047808)) +---- +@thegrugq @rbidule @rafi0t By the way, you should come to @hack_lu this year. Many people that you don't trust and love you very much. + +(Originally on Twitter: [Fri Sep 20 09:20:42 +0000 2013](https://twitter.com/adulau/status/380984855103668224)) +---- +RT @OISFoundation: Save the date: October 24, 2013. #Suricata Workshop & Certification Series at @hack_lu conference: http://t.co/ulQRCFrXQ… + +(Originally on Twitter: [Fri Sep 20 18:03:27 +0000 2013](https://twitter.com/adulau/status/381116408551059456)) +---- +@rfb_ @MalwareMustDie @gmail Another good reason to use PGP for sending malware samples ;-) + +(Originally on Twitter: [Fri Sep 20 18:20:10 +0000 2013](https://twitter.com/adulau/status/381120614976614400)) +---- +@quinnnorton @thequux @Dymaxion @eldang @mikeestee @smarimc you start to use GNU Emacs and then you end up with http://www.flickr.com/photos/adulau/149754989 + +(Originally on Twitter: [Fri Sep 20 19:15:56 +0000 2013](https://twitter.com/adulau/status/381134649004552192)) +---- +@Discretio Your project is interesting. Is the disabled compression for the encrypted symmetric session a measure against a known attack? + +(Originally on Twitter: [Sat Sep 21 08:20:01 +0000 2013](https://twitter.com/adulau/status/381331969805529088)) +---- +My mistake of the morning, compiling GnuPG HEAD (to test ECDSA/ECC) and expecting it takes only 5 minutes... + +(Originally on Twitter: [Sat Sep 21 09:20:15 +0000 2013](https://twitter.com/adulau/status/381347127852404736)) +---- +@chmiel_p Yep quite well ;-) http://www.mail-archive.com/gnupg-users@gnupg.org/msg22273.html That why I was checking the use of alternative curves. + +(Originally on Twitter: [Sat Sep 21 20:07:50 +0000 2013](https://twitter.com/adulau/status/381510101049151488)) +---- +For the ones worried about my wonderful idea to eat a wasp, I'm still alive and still in love with wasps. #biodiversity #checkandeat + +(Originally on Twitter: [Sun Sep 22 20:14:42 +0000 2013](https://twitter.com/adulau/status/381874215785218048)) +---- +@chmiel_p Avoir des alternatives en crypto n'est pas toujours une mauvaise idée. En tout cas, le cryptosys OpenPGP le permet (à sa mesure) . + +(Originally on Twitter: [Sun Sep 22 20:18:06 +0000 2013](https://twitter.com/adulau/status/381875071293214720)) +---- +"Success can be hoped for only by fighting the technological system as a whole; but that is revolution, not reform." Ted Kaczynski + +(Originally on Twitter: [Mon Sep 23 18:10:54 +0000 2013](https://twitter.com/adulau/status/382205449266671616)) +---- +Just got a call from Scarlet giving me information about my @belgacom subscription. I suppose there is no privacy regarding ISP subscription + +(Originally on Twitter: [Tue Sep 24 18:16:17 +0000 2013](https://twitter.com/adulau/status/382569191192023040)) +---- +http://rump2009.cr.yp.to/bdac99ea43729bcfa1a5f22f1e132ae4.pdf When I saw it in 2009, I was sceptical about the test but nowadays? "A Chink in the Armour of AES" #crypto2009 + +(Originally on Twitter: [Tue Sep 24 18:24:35 +0000 2013](https://twitter.com/adulau/status/382571280404209664)) +---- +@eurohumph @BBC and what about the other part (GCHQ/Belgacom) http://www.spiegel.de/international/europe/british-spy-agency-gchq-hacked-belgian-telecoms-firm-a-923406.html it was also legal? + +(Originally on Twitter: [Wed Sep 25 14:44:11 +0000 2013](https://twitter.com/adulau/status/382878201539608576)) +---- +@DennisF Right and they should also include the threats information about CNE/DNE from the NSA and their colleagues? + +(Originally on Twitter: [Wed Sep 25 15:03:37 +0000 2013](https://twitter.com/adulau/status/382883094199418881)) +---- +@jeancreed1 @_Quack1 UDP/123 (ou même UDP/53) donne de bons résultats dans plusieurs infrastructures... + +(Originally on Twitter: [Thu Sep 26 11:09:22 +0000 2013](https://twitter.com/adulau/status/383186530602213376)) +---- +http://doar-e.github.io/blog/2013/09/16/breaking-kryptonites-obfuscation-with-symbolic-execution/ " Breaking Kryptonite's Obfuscation: A Static Analysis Approach Relying on Symbolic Execution" #reversingfun + +(Originally on Twitter: [Fri Sep 27 07:25:04 +0000 2013](https://twitter.com/adulau/status/383492472061431808)) +---- +@Giribot La limite de 2000 était atteinte (une règle qui ne tient pas compte des gens qui script l'archivage des tweets). + +(Originally on Twitter: [Mon Sep 30 12:12:18 +0000 2013](https://twitter.com/adulau/status/384651918141689856)) +---- +@LLM_Mphil Do you mean what are the "technical" schemes to ensure integrity of your data after a law-enforcement seizing? + +(Originally on Twitter: [Tue Oct 01 18:37:07 +0000 2013](https://twitter.com/adulau/status/385111146660777984)) +---- +After MISP bloomfilter, graph, TAXII now there is MISP maltego. https://github.com/MISP/ #misp #infosec #maltego + +(Originally on Twitter: [Wed Oct 02 09:31:14 +0000 2013](https://twitter.com/adulau/status/385336159590567937)) +---- +@H_Miser @ncaproni Cela fonctionne toujours très bien... et ensuite les serveurs FTP sont utilisés pour plusieurs activités malveillantes. + +(Originally on Twitter: [Wed Oct 02 09:33:35 +0000 2013](https://twitter.com/adulau/status/385336752216346624)) +---- +@thierryzoller If you look at all the OCSP and CRL requests on a Tor exit nodes, this world is full of opportunities. #tor #ssl + +(Originally on Twitter: [Wed Oct 02 09:35:52 +0000 2013](https://twitter.com/adulau/status/385337327217688576)) +---- +@alcyonsecurity Nope. As an example, you can still play with TryLater (3) return code in OCSP... @thierryzoller + +(Originally on Twitter: [Wed Oct 02 09:57:51 +0000 2013](https://twitter.com/adulau/status/385342857894051840)) +---- +@alcyonsecurity Sure... but it's easier for denying "valid certificates" and then redirect the users to something else ;-) + +(Originally on Twitter: [Wed Oct 02 10:02:54 +0000 2013](https://twitter.com/adulau/status/385344130395561984)) +---- +@alcyonsecurity Usually in such attack, you'll intercept other HTTP requests (for redirect). Like in our experiment http://arxiv.org/abs/1208.2877 + +(Originally on Twitter: [Wed Oct 02 11:32:04 +0000 2013](https://twitter.com/adulau/status/385366569712250880)) +---- +@kaiengert @thierryzoller @alcyonsecurity It's a good idea but you really need to (under)cover your test SSL handshakes in some ways. + +(Originally on Twitter: [Wed Oct 02 14:05:02 +0000 2013](https://twitter.com/adulau/status/385405064031920128)) +---- +http://www.europarl.europa.eu/oeil/popups/ficheprocedure.do?reference=2013/2831%28RSP%29&l=en "Suspension of the SWIFT agreement as a result of the NSA surveillance" to be debated at EU parliament -> 09/10/2013 + +(Originally on Twitter: [Thu Oct 03 08:21:44 +0000 2013](https://twitter.com/adulau/status/385681058970095616)) +---- +Reading this http://www.wired.com/threatlevel/2013/10/lavabit_unsealed/ is really a nice source of information to start an anonymous/encrypted email provider in Europe. + +(Originally on Twitter: [Thu Oct 03 13:16:36 +0000 2013](https://twitter.com/adulau/status/385755262587383808)) +---- +@LLM_Mphil Usually the good practise if your equipments have been seized, it's to reinstall everything including the firmware. + +(Originally on Twitter: [Fri Oct 04 15:06:56 +0000 2013](https://twitter.com/adulau/status/386145417114550274)) +---- +http://www.theguardian.com/world/interactive/2013/oct/04/egotistical-giraffe-nsa-tor-document "Thanks to TorButton, it's easy" TAO group at NSA #tor #infosec #privacy + +(Originally on Twitter: [Fri Oct 04 18:42:19 +0000 2013](https://twitter.com/adulau/status/386199620629430272)) +---- +RT @ioerror: I'd like the world to be able to read the "49-page research paper" about Tor written by the #NSA Will @ggreenwald @bartongellm… + +(Originally on Twitter: [Fri Oct 04 20:22:47 +0000 2013](https://twitter.com/adulau/status/386224904531488768)) +---- +http://www.flickr.com/photos/adulau/10089893596/ "This bag contains a gun, a bomb, a very large knife and loads of drugs" Maybe a zero-day vulnerability is missing... + +(Originally on Twitter: [Fri Oct 04 20:40:43 +0000 2013](https://twitter.com/adulau/status/386229416939880448)) +---- +RT @bartongellman: Just posted: a 49-page NSA research paper on how to crack Tor. (Patience, @ioerror. One more coming. ;-) http://t.co/VE4… + +(Originally on Twitter: [Fri Oct 04 20:44:03 +0000 2013](https://twitter.com/adulau/status/386230255511293954)) +---- +http://cve.circl.lu/cve/CVE-2013-5915 A practical extraction of private RSA key using a side-channel attack (based on Montgomery multiplication timing). + +(Originally on Twitter: [Sat Oct 05 22:15:54 +0000 2013](https://twitter.com/adulau/status/386615757766799360)) +---- +http://comments.gmane.org/gmane.comp.encryption.gpg.libgcrypt.devel/2955 Interesting update in gnupg version 2 "Add limited implementation of GOST 28147-89 cipher" + +(Originally on Twitter: [Mon Oct 07 19:06:31 +0000 2013](https://twitter.com/adulau/status/387292875400019968)) +---- +@Gui_Wewsk Peux-tu renvoyer le mail? merci. + +(Originally on Twitter: [Mon Oct 07 19:19:36 +0000 2013](https://twitter.com/adulau/status/387296166519394304)) +---- +RT @hack_lu: Interested in EMV and online banking authentication device security, there is a talk at @hack_lu 2013 http://2013.hack.lu/index.php/List#Philippe_Teuwen_-_Unveiling_online_banking_authentication_devices + +(Originally on Twitter: [Mon Oct 07 19:31:00 +0000 2013](https://twitter.com/adulau/status/387299035788640256)) +---- +@nsmfoo Sometime you want to use (or cascade) another cipher for various (often non-technical) reasons. + +(Originally on Twitter: [Tue Oct 08 09:23:09 +0000 2013](https://twitter.com/adulau/status/387508451330379778)) +---- +What do you expect? He won't state privacy violations about classified CNE/TAO exploitation campaigns @AmberInsideDOD @RepMikeRogers + +(Originally on Twitter: [Tue Oct 08 15:45:09 +0000 2013](https://twitter.com/adulau/status/387604584790646784)) +---- +Congrats to the @soundofbelgium it's the most accurate documentary about the electronic music movement in Belgium. + +(Originally on Twitter: [Tue Oct 08 21:08:59 +0000 2013](https://twitter.com/adulau/status/387686080335462400)) +---- +I hope the funding will go for existing and working structure like @certbe and not creating administrative burden... @B_CCENTRE @eliodirupo + +(Originally on Twitter: [Wed Oct 09 09:48:07 +0000 2013](https://twitter.com/adulau/status/387877126377992192)) +---- +I suppose the journalist misread the new law http://www.ejustice.just.fgov.be/cgi/article_body.pl?language=fr&pub_date=2013-10-08&numac=2013011510&caller=summary it's just the access to the provider network/service. @bartblaze @xme + +(Originally on Twitter: [Wed Oct 09 13:49:37 +0000 2013](https://twitter.com/adulau/status/387937898466537472)) +---- +RT @fluxfingers: sorry, wrong timezone before. CTF will start 22.10.13 10:00 CEST #hacklu #ctf #fluxfingers + +(Originally on Twitter: [Thu Oct 10 17:58:11 +0000 2013](https://twitter.com/adulau/status/388362842979971073)) +---- +@dragosr Right. The guys from MITRE will give a talk at @hack_lu about the topic http://2013.hack.lu/index.php/List#J._Butterworth.2C_C._Kallenberg.2C_X._Kovah_-_BIOS_Chronomancy:_Fixing_the_Core_Root_of_Trust_for_Measurement + +(Originally on Twitter: [Fri Oct 11 06:17:37 +0000 2013](https://twitter.com/adulau/status/388548925264633856)) +---- +RT @hack_lu: Don't forget if a team for the CTF wants to be eligible for the prizes, a member of the team must be at the conference #hacklu… + +(Originally on Twitter: [Fri Oct 11 06:54:28 +0000 2013](https://twitter.com/adulau/status/388558198858579968)) +---- +http://2013.hack.lu/index.php/List#Didier_Stevens_-_Windows_x64:_The_Essentials @DidierStevens will be at @hack_lu 2013 to make a workshop about +"Windows 64-bit The Essentials" #reversing + +(Originally on Twitter: [Fri Oct 11 07:19:14 +0000 2013](https://twitter.com/adulau/status/388564434030825473)) +---- +@e_kaspersky it's the term "eleet" which is often written in 31337... Look that TCP port you might find some occ. in your A/V telescope ;-) + +(Originally on Twitter: [Fri Oct 11 17:33:00 +0000 2013](https://twitter.com/adulau/status/388718892400390144)) +---- +@savon_noir Feel free to pull stuff on my cve-search.... I usually make a monthly pull to @wimremes for keeping everything in sync ;-) + +(Originally on Twitter: [Fri Oct 11 17:34:29 +0000 2013](https://twitter.com/adulau/status/388719266712670208)) +---- +The practical air gaps of Bruce Schneier, the most interesting part is the comment from Patricia (tree?) https://www.schneier.com/blog/archives/2013/10/air_gaps.html#c1884527 + +(Originally on Twitter: [Sat Oct 12 06:52:25 +0000 2013](https://twitter.com/adulau/status/388920070300106752)) +---- +@X_Cli Indeed. Beside the OpenPGP standard being very good, we are missing a way to use anonymous uid while keeping strong signature. + +(Originally on Twitter: [Sat Oct 12 13:35:02 +0000 2013](https://twitter.com/adulau/status/389021393615994880)) +---- +@jwgoerlich @quinnnorton I don't know. But the text "Talking to Journalists" is available at https://gist.github.com/adulau/6209099 #media #freedom + +(Originally on Twitter: [Sun Oct 13 13:01:05 +0000 2013](https://twitter.com/adulau/status/389375237889880064)) +---- +@X_Cli Another way, would be to run a PGP message dropper as a Tor hidden services and just publish the .onion address as an uid. + +(Originally on Twitter: [Sun Oct 13 13:02:28 +0000 2013](https://twitter.com/adulau/status/389375584419082241)) +---- +@martin1975 @pbeyssac @bortzmeyer @lpenou La meilleure backdoor c'est celle que l'on peut nier en étant une vulnérabilité de sécurité. + +(Originally on Twitter: [Sun Oct 13 15:58:16 +0000 2013](https://twitter.com/adulau/status/389419826491301889)) +---- +@martin1975 @pbeyssac @bortzmeyer @lpenou Quelle société à fait le reporting du "pseudo-bug valgrind' dans le PRNG? http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=363516 + +(Originally on Twitter: [Sun Oct 13 16:22:11 +0000 2013](https://twitter.com/adulau/status/389425846034759680)) +---- +@martin1975 @pbeyssac @bortzmeyer @lpenou à cette époque nCipher n'était pas Thales... + +(Originally on Twitter: [Sun Oct 13 17:58:53 +0000 2013](https://twitter.com/adulau/status/389450180166041600)) +---- +RT @circl_lu: Interested in hosting a HoneyBot sensor, the service description is available https://www.circl.lu/pub/tr-16/ #honeypot #infosec + +(Originally on Twitter: [Mon Oct 14 07:49:20 +0000 2013](https://twitter.com/adulau/status/389659171299532800)) +---- +http://safecurves.cr.yp.to/index.html "choosing safe curves for elliptic-curve cryptography" #crypto + +(Originally on Twitter: [Mon Oct 14 14:53:37 +0000 2013](https://twitter.com/adulau/status/389765944412626945)) +---- +"it remains unclear if these attacks lead to actual exploitable vulnerabilities in practice" after 30 pages of lemma? We want CNE ;-) + +(Originally on Twitter: [Mon Oct 14 18:54:14 +0000 2013](https://twitter.com/adulau/status/389826499286552576)) +---- +RT @fluxfingers: hack.lu CTF registration is open: https://ctf.fluxfingers.net #hacklu #ctf #fluxfingers + +(Originally on Twitter: [Tue Oct 15 17:26:45 +0000 2013](https://twitter.com/adulau/status/390166871099834368)) +---- +Don't forget to register to the @hack_lu CTF https://ctf.fluxfingers.net/ and to the conference if you want to win the prizes. cc/ @fluxfingers + +(Originally on Twitter: [Tue Oct 15 17:51:19 +0000 2013](https://twitter.com/adulau/status/390173051687415808)) +---- +IANA reserved BGP AS numbers and announced ASN discrepancies like for example AS64100 what's the logic? https://stat.ripe.net/AS64100#tabId=at-a-glance #bgp + +(Originally on Twitter: [Wed Oct 16 07:55:56 +0000 2013](https://twitter.com/adulau/status/390385609266561024)) +---- +@puellavulnerata @guardian You can substitute "public interest" in the text by "national security" and then it's still the same crap ;-) + +(Originally on Twitter: [Wed Oct 16 09:31:24 +0000 2013](https://twitter.com/adulau/status/390409631274508289)) +---- +There will be a funny challenge on the hack.lu 2013 badges ;-) @hack_lu + +(Originally on Twitter: [Wed Oct 16 13:39:48 +0000 2013](https://twitter.com/adulau/status/390472144657719297)) +---- +I'm wondering why my colleague did a label "ROOM 641A" for the @hack_lu technical/network table... + +(Originally on Twitter: [Wed Oct 16 13:56:42 +0000 2013](https://twitter.com/adulau/status/390476395526111232)) +---- +@ddurvaux @hack_lu Right you should not trust the network. The rest is just speculation... + +(Originally on Twitter: [Wed Oct 16 14:23:08 +0000 2013](https://twitter.com/adulau/status/390483050141736961)) +---- +http://blogs.fas.org/secrecy/2013/10/shamir/ "Cryptographer Adi Shamir Prevented from Attending NSA History Conference" + +(Originally on Twitter: [Wed Oct 16 19:13:03 +0000 2013](https://twitter.com/adulau/status/390556011410366464)) +---- +RT @hack_lu: Various interesting activities about ICS and SCADA during @hack_lu a new workshop will appear tomorrow on this topic with @und… + +(Originally on Twitter: [Wed Oct 16 19:33:35 +0000 2013](https://twitter.com/adulau/status/390561175769198592)) +---- +@sam280 Right, I saw these in the public CNPD register too. Maybe it's just "metadata" as challenged by ACLU https://www.aclu.org/blog/national-security-technology-and-liberty/aclu-files-lawsuit-challenging-nsas-patriot-act-phone + +(Originally on Twitter: [Thu Oct 17 06:36:36 +0000 2013](https://twitter.com/adulau/status/390728031800537088)) +---- +@amicaross If you are at MAT, could you make a small summary of the discussions on a security perspective? That would be great. Thank you. + +(Originally on Twitter: [Thu Oct 17 06:57:31 +0000 2013](https://twitter.com/adulau/status/390733293471006720)) +---- +@xme I hope to see you at #botconf too ;-) + +(Originally on Twitter: [Thu Oct 17 13:00:41 +0000 2013](https://twitter.com/adulau/status/390824689427169280)) +---- +@seccubus @thys_ I'm curious to see their presentation at #hacklu about automated exploitation. + +(Originally on Twitter: [Thu Oct 17 13:02:19 +0000 2013](https://twitter.com/adulau/status/390825100359913472)) +---- +RT @cryptax: I've created a team for #hack_lu CTF :) @fluxfingers Just hope to have fun in the middle of some talks. + +(Originally on Twitter: [Thu Oct 17 13:03:10 +0000 2013](https://twitter.com/adulau/status/390825312340443136)) +---- +RT @SteveClement: Dear Luxembourgish Bloggers. If you want to cover the biggest Hacker conference in the greater region @hack_lu DM me! +#ha… + +(Originally on Twitter: [Thu Oct 17 14:53:50 +0000 2013](https://twitter.com/adulau/status/390853161940160512)) +---- +RT @fredraynal: Contrary to public claims, Apple can read your iMessages http://arstechnica.com/security/2013/10/contrary-to-public-claims-apple-can-read-your-imessages/ cc @quarkslab + +(Originally on Twitter: [Fri Oct 18 04:35:20 +0000 2013](https://twitter.com/adulau/status/391059899733786624)) +---- +If you are bored in public transports, you should read "Tradeoffs in Cyber Security" by Dan Geer. #privacy #infosec +http://geer.tinho.net/geer.uncc.9x13.txt + +(Originally on Twitter: [Fri Oct 18 08:41:31 +0000 2013](https://twitter.com/adulau/status/391121855181910016)) +---- +RT @circl_lu: released a new version of the CIRCLean (USB cleaner) image http://www.circl.lu/projects/CIRCLean/ like added a sound status report of the doc… + +(Originally on Twitter: [Fri Oct 18 08:42:29 +0000 2013](https://twitter.com/adulau/status/391122097327845376)) +---- +RT @JeremZab: Les Hackers sont dans la Place #hacklu #CIRCL | #ITOne http://www.itone.lu/article/les-hackers-sont-dans-la-place + +(Originally on Twitter: [Fri Oct 18 17:27:05 +0000 2013](https://twitter.com/adulau/status/391254116749836288)) +---- +RT @hack_lu: The agenda has been updated slightly adding the talk of Walter Belgers about Lockpicking and IT security. +http://t.co/WiNgsZOJ… + +(Originally on Twitter: [Sun Oct 20 15:55:13 +0000 2013](https://twitter.com/adulau/status/391955776237211648)) +---- +RT @hack_lu: Even if you are not joining the fun at @hack_lu you can still register for the CTF and play remotely https://ctf.fluxfingers.net + +(Originally on Twitter: [Sun Oct 20 18:17:56 +0000 2013](https://twitter.com/adulau/status/391991689088626689)) +---- +I got a photography challenge "Can you transform your driving between two points interesting?" I did with my 44-2 https://www.flickr.com/photos/adulau/10381598453/ + +(Originally on Twitter: [Sun Oct 20 18:36:00 +0000 2013](https://twitter.com/adulau/status/391996236141572096)) +---- +RT @aseemjakhar: Off to Luxembourg for my ARM Android xploitation workshop at http://Hack.lu. Would be great to catch up over a bee… + +(Originally on Twitter: [Sun Oct 20 18:54:02 +0000 2013](https://twitter.com/adulau/status/392000775616229376)) +---- +http://bap.ece.cmu.edu/ "Analyze binary code without reinventing the wheel" Interesting project especially the intermediate language. + +(Originally on Twitter: [Mon Oct 21 21:40:34 +0000 2013](https://twitter.com/adulau/status/392405072740495360)) +---- +RT @hack_lu: If you want the @hack_lu agenda on your Android phone you can download the app -> http://www.yobi.be/files/HackLu.apk #hacklu + +(Originally on Twitter: [Tue Oct 22 08:48:49 +0000 2013](https://twitter.com/adulau/status/392573241870790656)) +---- +RT @raphaelhenry: Cartons pleins pour @hack_lu @adulau - http://bit.ly/177L33K VIA @ITnation + +(Originally on Twitter: [Wed Oct 23 07:20:49 +0000 2013](https://twitter.com/adulau/status/392913485400915968)) +---- +RT @hack_lu: @xme @therealsaumil Various things... discussions with @fluxfingers ongoing regarding a "special" CTF or "best talks" of the 1… + +(Originally on Twitter: [Wed Oct 23 08:17:04 +0000 2013](https://twitter.com/adulau/status/392927641080459264)) +---- +Don't forget to add your #hacklu CTF writeup on https://pads.ccc.de/tZxDNFlp19 @fluxfingers + +(Originally on Twitter: [Fri Oct 25 07:40:18 +0000 2013](https://twitter.com/adulau/status/393643163820118017)) +---- +RT @pof: Debugging HTC phones bootloaders, HBOOTDBG by @saidelike & @kalenz at #hacklu - Slides: [PDF] http://archive.hack.lu/2013/hacklu2013_hbootdbg.pdf + +(Originally on Twitter: [Fri Oct 25 09:36:54 +0000 2013](https://twitter.com/adulau/status/393672506194034688)) +---- +RT @saidelike: Our #hacklu 2013 slides (cc @kalenz) are available on hack.lu website. http://archive.hack.lu/2013/hacklu2013_hbootdbg.pdf + +(Originally on Twitter: [Fri Oct 25 09:37:00 +0000 2013](https://twitter.com/adulau/status/393672532911734784)) +---- +RT @sqall01: Just created a github repo for my (incomplete) ELF parser/manipulation lib https://github.com/sqall01/ElfParserLib Used it for the ELF #hacklu… + +(Originally on Twitter: [Fri Oct 25 12:49:31 +0000 2013](https://twitter.com/adulau/status/393720982495854592)) +---- +Is there someone planning to fill the scoreboard of #hacklu CTF on http://ctftime.org/event/97 @CTFtime ? I know it's a huge list ;-) + +(Originally on Twitter: [Fri Oct 25 14:24:06 +0000 2013](https://twitter.com/adulau/status/393744783010574336)) +---- +RT @pinkflawd: #hacklu, i had a blast. this con is just AWESOME big thank you to organizers, co-speakers and the really techy audience. see… + +(Originally on Twitter: [Fri Oct 25 20:16:37 +0000 2013](https://twitter.com/adulau/status/393833497481461760)) +---- +Reading in a academic paper "capturing packets on network is relatively straightforwards" is usually not a good sign. #networking + +(Originally on Twitter: [Sat Oct 26 09:38:46 +0000 2013](https://twitter.com/adulau/status/394035366186864640)) +---- +@thierryzoller If you cite a paper it's always better to know the quality of the paper & the best way to know the quality is to read it ;-) + +(Originally on Twitter: [Sat Oct 26 09:59:27 +0000 2013](https://twitter.com/adulau/status/394040571687231488)) +---- +@undeadsecurity @hack_lu It was great to have you at the conference. You have one year to prepare another incredible workshop ;-) #hacklu + +(Originally on Twitter: [Sun Oct 27 06:23:21 +0000 2013](https://twitter.com/adulau/status/394348573334052864)) +---- +@SylvestreLedru @linuxfrorg Does this mean that C++ templates compilation in GCC is prone to memory leak? + +(Originally on Twitter: [Sun Oct 27 10:27:59 +0000 2013](https://twitter.com/adulau/status/394410138242527232)) +---- +http://2013.hack.lu/archive/2013/Automated_vulnerability_scanning_and_exploitation.pdf "Automated vulnerability scanning and exploitation" an interesting/simple approach #hacklu + +(Originally on Twitter: [Sun Oct 27 21:39:03 +0000 2013](https://twitter.com/adulau/status/394579018382454785)) +---- +RT @hack_lu: http://archive.hack.lu/2013/dbongard_hacklu_2013.pdf De-anonymizing Users of French Political Forums - #hacklu + +(Originally on Twitter: [Mon Oct 28 20:29:02 +0000 2013](https://twitter.com/adulau/status/394923786388377600)) +---- +@H_Miser @Erebuss @bortzmeyer C'est pour cela que l'on utilise une empreinte (fingerprint) pour valider une clé PGP/OTR/X.509 par téléphone. + +(Originally on Twitter: [Mon Oct 28 20:35:18 +0000 2013](https://twitter.com/adulau/status/394925361454010368)) +---- +I'll give a talk at Loria the 19th November "The void - an interesting place for network security monitoring." http://www.foo.be/cours/loria-2013/ + +(Originally on Twitter: [Mon Oct 28 20:48:00 +0000 2013](https://twitter.com/adulau/status/394928559870840832)) +---- +https://github.com/cryptobox/sshcrypt "sshcrypt is a proof-of-concept sketch, written in Go, of a stopgap system to replace PGP." Yes but... + +(Originally on Twitter: [Tue Oct 29 06:32:13 +0000 2013](https://twitter.com/adulau/status/395075579919101952)) +---- +@craiu Do you have any IOCs to share about this one? + +(Originally on Twitter: [Tue Oct 29 08:47:28 +0000 2013](https://twitter.com/adulau/status/395109618101129216)) +---- +@bortzmeyer Yes but until now, it's still the" NIST" curves. + +(Originally on Twitter: [Tue Oct 29 08:50:17 +0000 2013](https://twitter.com/adulau/status/395110326502322176)) +---- +https://github.com/WhisperSystems/RedPhone/wiki/Encryption-Protocols Did someone review the encryption protocols used by RedPhone? feedback welcome. @whispersystems + +(Originally on Twitter: [Tue Oct 29 09:34:26 +0000 2013](https://twitter.com/adulau/status/395121436479590400)) +---- +@FredericJacobs Yep I hope so ;-) I'm just wondering about any external reviews. Just to know what could be the attacks scenarios. + +(Originally on Twitter: [Tue Oct 29 09:39:05 +0000 2013](https://twitter.com/adulau/status/395122608967913472)) +---- +RT @antirez: I hope Redis users will find the new SCAN command documentation detailed enough -> http://redis.io/commands/scan + +(Originally on Twitter: [Thu Oct 31 19:03:00 +0000 2013](https://twitter.com/adulau/status/395989296332963840)) +---- +@quinnnorton I only see a Front 242 cure with "Tragedy for you", "This World Must Be Destroyed" and "Operating Tracks" for this disease. + +(Originally on Twitter: [Fri Nov 01 12:45:51 +0000 2013](https://twitter.com/adulau/status/396256772278591488)) +---- +As you know, it will be the 25th anniversary of the Morris Worm. My old archive including papers and source code http://foo.be/docs-free/morris-worm/ + +(Originally on Twitter: [Fri Nov 01 13:45:38 +0000 2013](https://twitter.com/adulau/status/396271817809084416)) +---- +@y0m You'll need old VAXen with fingerd enabled connected to Internet. I could check in the census but I suppose the number is close to 0? + +(Originally on Twitter: [Fri Nov 01 13:53:09 +0000 2013](https://twitter.com/adulau/status/396273710753005568)) +---- +@dakami @matthew_d_green @0xabad1dea RSA sent the seeds along with the tokens. (it was still like that just after the main compromised). + +(Originally on Twitter: [Fri Nov 01 19:00:34 +0000 2013](https://twitter.com/adulau/status/396351074610601985)) +---- +RT @hashbreaker: Coming to Berlin for ACM CCS? Register now for new workshop at the Park Inn on physically unclonable functions: http://t.c… + +(Originally on Twitter: [Fri Nov 01 19:59:13 +0000 2013](https://twitter.com/adulau/status/396365834425499649)) +---- +@matthew_d_green Diginotar was using an HSM but can we say it was useful for something? @NCWeaver @SteveBellovin @Sc00bzT @dangoodin001 + +(Originally on Twitter: [Fri Nov 01 20:26:03 +0000 2013](https://twitter.com/adulau/status/396372585090281472)) +---- +@plicplic 11 years ago I did introductions to OpenPGP/GnuPG to citizen. Usability still lacks... http://www.foo.be/gnupg/html/ @mikko @rafi0t + +(Originally on Twitter: [Sat Nov 02 10:12:43 +0000 2013](https://twitter.com/adulau/status/396580624103796737)) +---- +Right and the funniest part is that Robert Morris wrote a paper with Ken Thompson in 1978 about "Password Security: A Case History" @y0m + +(Originally on Twitter: [Sat Nov 02 10:17:50 +0000 2013](https://twitter.com/adulau/status/396581911662821376)) +---- +@y0m Robert Tappan Morris (rtm) is teaching at MIT. Robert Morris (father) wrote the paper with Ken Thompson. Nothing is black or white. + +(Originally on Twitter: [Sat Nov 02 10:25:04 +0000 2013](https://twitter.com/adulau/status/396583732020137984)) +---- +@CiscoSecurity You should have a look at the Cisco TAC interface requiring Java... Less software is better for security. + +(Originally on Twitter: [Sun Nov 03 08:32:38 +0000 2013](https://twitter.com/adulau/status/396917824095936512)) +---- +Why people looks so suspicious when I say: "I rarely use my mobile phone" + +(Originally on Twitter: [Sun Nov 03 19:55:44 +0000 2013](https://twitter.com/adulau/status/397089733966184448)) +---- +Write-ups of the challenge I created in the train between 2 stops. Glad to see people enjoying it. https://dragonresearchgroup.org/challenges/201310/ @DragonResearch + +(Originally on Twitter: [Sun Nov 03 20:22:09 +0000 2013](https://twitter.com/adulau/status/397096380801380352)) +---- +@dragosr how is the malware supposed to bootstrap? d0/e0 16bit real mode code for the 1st sector seem quite standard. + +(Originally on Twitter: [Mon Nov 04 19:39:10 +0000 2013](https://twitter.com/adulau/status/397447949690478593)) +---- +"DYLD Detailed" a useful source about the dynamic linker when reversing OS X binaries http://newosxbook.com/articles/DYLD.html + +(Originally on Twitter: [Fri Nov 08 07:49:57 +0000 2013](https://twitter.com/adulau/status/398719024080506880)) +---- +http://www.openssh.com/txt/gcmrekey.adv OpenSSH vulnerability exists in the post-authentication sshd process when an AES-GCM cipher is used. + +(Originally on Twitter: [Fri Nov 08 08:11:32 +0000 2013](https://twitter.com/adulau/status/398724453535711232)) +---- +http://www.bishopfox.com/resources/tools/rfid-hacking/attack-tools/ "The Tastic RFID Thief is a silent, long-range RFID reader that can steal the proximity badge information" + +(Originally on Twitter: [Fri Nov 08 08:25:27 +0000 2013](https://twitter.com/adulau/status/398727955410472960)) +---- +Cross-Platform Malware: Write Once, Infect Everywhere http://iseclab.org/people/mlindorfer/xplatform_abstract.pdf cc/ @iseclaborg + +(Originally on Twitter: [Sun Nov 10 09:08:21 +0000 2013](https://twitter.com/adulau/status/399463528509100033)) +---- +RT @dragosr: A terrible day. Adieu Cedric "Sid" Blancher, my sympathies to many whose lives you enriched. http://goo.gl/9Jqe5j http://t.c… + +(Originally on Twitter: [Mon Nov 11 07:54:14 +0000 2013](https://twitter.com/adulau/status/399807263013359617)) +---- +https://github.com/botherder/viper "Binary analysis framework" an interesting work from @botherder combining with hachoir-subfiles could be great. + +(Originally on Twitter: [Mon Nov 11 09:59:50 +0000 2013](https://twitter.com/adulau/status/399838872390995968)) +---- +RT @totalhash: Source code for PEhash released http://totalhash.com/pehash-source-code/ + +(Originally on Twitter: [Mon Nov 11 10:11:44 +0000 2013](https://twitter.com/adulau/status/399841869024485376)) +---- +RT @hack_lu: Cedric Blancher will be missed. A picture of him (left) at hack.lu 2006 http://sid.rstack.org/gallery/?galerie=200610_Luxembourg&photo=26 + +(Originally on Twitter: [Mon Nov 11 10:34:36 +0000 2013](https://twitter.com/adulau/status/399847620774219776)) +---- +@bortzmeyer @NLnetLabs or maybe we should free up "data interception" allowing everyone to do it then forcing everyone to protect from it. + +(Originally on Twitter: [Mon Nov 11 10:41:01 +0000 2013](https://twitter.com/adulau/status/399849236755255296)) +---- +@botherder If I have some time left between 2 activities, I'll fork and pull an update. + +(Originally on Twitter: [Mon Nov 11 11:38:11 +0000 2013](https://twitter.com/adulau/status/399863621162790912)) +---- +Anything that can socially trigger someone to click on a link is a vector. #TAO @FredericJacobs + +(Originally on Twitter: [Mon Nov 11 11:58:40 +0000 2013](https://twitter.com/adulau/status/399868777912733696)) +---- +@FredericJacobs Depending of the target. If the target is in a corporate network, IMHO they avoid porn in favor of "professional" sites. + +(Originally on Twitter: [Mon Nov 11 12:03:04 +0000 2013](https://twitter.com/adulau/status/399869884244312067)) +---- +The @thegrugq did a good introduction to hacker #OPSEC in an interview http://blogsofwar.com/2013/11/11/interview-hacker-opsec-with-the-grugq/ + +(Originally on Twitter: [Mon Nov 11 20:47:48 +0000 2013](https://twitter.com/adulau/status/400001938739048448)) +---- +@wimremes @OSVDB But they don't win on sharing the dataset dump ;-( + +(Originally on Twitter: [Mon Nov 11 21:01:15 +0000 2013](https://twitter.com/adulau/status/400005322737070080)) +---- +@wimremes @OSVDB They did it in the past https://www.alienvault.com/wiki/doku.php?id=osvdb and the effort is also huge for NIST and vfeed too. + +(Originally on Twitter: [Mon Nov 11 21:05:41 +0000 2013](https://twitter.com/adulau/status/400006437792788480)) +---- +The Internet Protocol Journal is now officially discontinued. It's really a pity... @bortzmeyer http://www.cisco.com/web/about/ac123/ac147/about_cisco_the_internet_protocol_journal.html + +(Originally on Twitter: [Wed Nov 13 22:50:37 +0000 2013](https://twitter.com/adulau/status/400757622971703296)) +---- +@blackswanburst @TuxDePoinsisse @cryptax @hack_lu @rbidule @rafi0t I'll be at @botconf with some t-shirts to give away ;-) + +(Originally on Twitter: [Fri Nov 15 19:33:23 +0000 2013](https://twitter.com/adulau/status/401432764483764224)) +---- +Heard in the train : "It's not an age to use Internet" and then someone cried "It's not an age to take the train!". Crazy talks with @SNCB + +(Originally on Twitter: [Fri Nov 15 19:56:38 +0000 2013](https://twitter.com/adulau/status/401438613470072832)) +---- +@pbeyssac Les technocrates de l'éducation devraient lire "Eloge du carburateur" http://www.editionsladecouverte.fr/catalogue/index-_loge_du_carburateur-9782707160065.html #education + +(Originally on Twitter: [Sat Nov 16 15:02:59 +0000 2013](https://twitter.com/adulau/status/401727100412891137)) +---- +A photo challenge : "Could you describe the Wallifornie in a picture?" http://www.flickr.com/photos/adulau/10886848036/ I just tried. #belgium #photography + +(Originally on Twitter: [Sat Nov 16 15:45:13 +0000 2013](https://twitter.com/adulau/status/401737729676824577)) +---- +Don't mix-up a window with a hole to a zero-day in Windows. It's easier to fix the first hole. http://www.flickr.com/photos/adulau/10887366105/ + +(Originally on Twitter: [Sat Nov 16 16:18:17 +0000 2013](https://twitter.com/adulau/status/401746052056772608)) +---- +@TroelsOerting Is Europol officially investigating the various cases reported in the recent revelations? + +(Originally on Twitter: [Sun Nov 17 17:56:18 +0000 2013](https://twitter.com/adulau/status/402133105923739648)) +---- +@bobmcardle We are still missing the code to reverse... The disk dump and the Dell BIOS dump were both legitimate until now. + +(Originally on Twitter: [Tue Nov 19 07:28:44 +0000 2013](https://twitter.com/adulau/status/402699950586200065)) +---- +RT @fredraynal: Get together for Sid Blancher on the 26th of November in Paris. Sign-up: https://www.eventbrite.fr/e/billets-en-souvenir-de-sid-9370624791 Location announced later. … + +(Originally on Twitter: [Tue Nov 19 08:12:16 +0000 2013](https://twitter.com/adulau/status/402710906234482689)) +---- +The bibliography, notes and slides about "The void - an interesting place for network security monitoring." available http://www.foo.be/cours/loria-2013/ + +(Originally on Twitter: [Tue Nov 19 20:29:07 +0000 2013](https://twitter.com/adulau/status/402896340608221184)) +---- +A hash to share? @nicolasbrulez @e_kaspersky + +(Originally on Twitter: [Wed Nov 20 07:59:49 +0000 2013](https://twitter.com/adulau/status/403070159876669441)) +---- +@csoghoian I'm sure that you can find pro-malware voices at companies like @hackingteam or @SS8_Inc it's their core business. + +(Originally on Twitter: [Wed Nov 20 20:35:49 +0000 2013](https://twitter.com/adulau/status/403260413770342400)) +---- +Talking with policy makers about malware usage, it's like asking policy makers to deal with gravity by a legal framework. @csoghoian + +(Originally on Twitter: [Wed Nov 20 20:49:55 +0000 2013](https://twitter.com/adulau/status/403263960402522113)) +---- +RT @circl_lu: Why running older version of Microsoft Word is not good http://cve.circl.lu/cve/CVE-2012-0158 this is still exploited successfully. #infosec + +(Originally on Twitter: [Thu Nov 21 10:54:41 +0000 2013](https://twitter.com/adulau/status/403476552627011584)) +---- +http://notary.icsi.berkeley.edu/#connection-cipher-details The most-used cipher-suites in the last 30 days. #ssl #tls + +(Originally on Twitter: [Fri Nov 22 07:29:01 +0000 2013](https://twitter.com/adulau/status/403787184898969600)) +---- +RT @circl_lu: published TR-17 - Java.Tomdep - Information, Detection and Recommendation http://www.circl.lu/pub/tr-17/ #tomcat #infosec #tomdep #s… + +(Originally on Twitter: [Fri Nov 22 10:25:39 +0000 2013](https://twitter.com/adulau/status/403831637781516288)) +---- +Stealthy Dopant-Level Hardware Trojans http://people.umass.edu/gbecker/BeckerChes13.pdf impressive work to add a hardware trojan without adding logic gates... + +(Originally on Twitter: [Fri Nov 22 15:30:55 +0000 2013](https://twitter.com/adulau/status/403908460099551232)) +---- +@sam280 It depends you'll need to extract the dopant layers and see the degree of impurities to compare if it's n-dopant or p-dopant layer. + +(Originally on Twitter: [Fri Nov 22 16:18:43 +0000 2013](https://twitter.com/adulau/status/403920488927207424)) +---- +@sam280 But I think their objective is only to defeat the visual layering control (the most common one). Not people testing the dopant l. + +(Originally on Twitter: [Fri Nov 22 16:19:43 +0000 2013](https://twitter.com/adulau/status/403920739272630272)) +---- +@matthew_d_green Could you elaborate? and point to the line numbers in the code where we should have a close look at ;-) Thank you. + +(Originally on Twitter: [Fri Nov 22 16:34:23 +0000 2013](https://twitter.com/adulau/status/403924432218890241)) +---- +@matthew_d_green Still the same, you just have to change the code names in your slides and the declassification date ;-) + +(Originally on Twitter: [Fri Nov 22 16:37:34 +0000 2013](https://twitter.com/adulau/status/403925230910857216)) +---- +RT @matthew_d_green: @adulau In the file fips_drbg_ec.c, each call to drbg_ec_generate() always outputs a perfectly aligned EC point in the… + +(Originally on Twitter: [Fri Nov 22 16:39:36 +0000 2013](https://twitter.com/adulau/status/403925742792482816)) +---- +@matthew_d_green Nice catch. I saw the recent bug report for FIPS_drbg_generate() http://rt.openssl.org/Ticket/Display.html?id=3176&user=guest&pass=guest Maybe you should report it too. + +(Originally on Twitter: [Fri Nov 22 16:45:43 +0000 2013](https://twitter.com/adulau/status/403927281065680897)) +---- +@sam280 Sure assuming ATPG is done for all the batches and the source of equipment is safe for the final user. But final user cannot check. + +(Originally on Twitter: [Fri Nov 22 16:50:00 +0000 2013](https://twitter.com/adulau/status/403928362009124864)) +---- +@sam280 and the final user is left with the visual check ;-) except if the final user is large and have access to the test patterns... + +(Originally on Twitter: [Fri Nov 22 16:51:26 +0000 2013](https://twitter.com/adulau/status/403928721100251136)) +---- +@sam280 I tend to agree for smart-cards but for generic boards. Is it common for final users to have access to the result of test patterns? + +(Originally on Twitter: [Fri Nov 22 16:56:58 +0000 2013](https://twitter.com/adulau/status/403930112107634688)) +---- +@koenrh Thanks for sharing. Is there a slide mentioning their presence at some IX within Europe? + +(Originally on Twitter: [Sat Nov 23 11:15:35 +0000 2013](https://twitter.com/adulau/status/404206587943727104)) +---- +@ggreenwald "Sharing computer network operations cryptologic information with foreign partners" will be published at some point? @koenrh + +(Originally on Twitter: [Sat Nov 23 11:18:16 +0000 2013](https://twitter.com/adulau/status/404207263880994816)) +---- +Heap-based buffer overflow in Ruby in the floating point parsing http://cve.circl.lu/cve/CVE-2013-4164 #ruby the attack surface might be huge... + +(Originally on Twitter: [Sun Nov 24 20:36:19 +0000 2013](https://twitter.com/adulau/status/404710090898280448)) +---- +I don't know if this is really an improvement https://gitweb.torproject.org/tor.git/blob/refs/tags/tor-0.2.2.25-alpha:/ChangeLog#l54 ExitNodes, EntryNodes configuration was updated in Tor (alpha). #tor + +(Originally on Twitter: [Mon Nov 25 12:43:23 +0000 2013](https://twitter.com/adulau/status/404953463110381568)) +---- +@jduck For JSON I meant, the attack surface might be huge. For the other attack vectors, it might be also huge too ;-) + +(Originally on Twitter: [Mon Nov 25 12:46:22 +0000 2013](https://twitter.com/adulau/status/404954210606669824)) +---- +It seems utterly difficult to find a valid PGP key for @MasterCard or @Visa #whyjohnnycantencrypt + +(Originally on Twitter: [Tue Nov 26 10:04:26 +0000 2013](https://twitter.com/adulau/status/405275847893868545)) +---- +If you want send sensitive information to @MasterCard @Visa you have no way to send encrypted message. They recommend to use a FAX machine. + +(Originally on Twitter: [Tue Nov 26 10:27:03 +0000 2013](https://twitter.com/adulau/status/405281538905882624)) +---- +@xme The coffee machine in Switzerland for @MasterCard and India for @Visa and when you talk about PGP, they ask if this is a bank ;-) + +(Originally on Twitter: [Tue Nov 26 19:40:59 +0000 2013](https://twitter.com/adulau/status/405420941968044032)) +---- +A study about the collision between +new public gTLD labels and existing private uses of the same strings + https://www.icann.org/en/about/staff/security/ssr/name-collision-02aug13-en.pdf + +(Originally on Twitter: [Wed Nov 27 15:40:01 +0000 2013](https://twitter.com/adulau/status/405722688745791488)) +---- +@quinnnorton It's a special service from @amtrak visiting the home town of the master @HP_Lovecraft you are so lucky. + +(Originally on Twitter: [Wed Nov 27 15:52:12 +0000 2013](https://twitter.com/adulau/status/405725754882662400)) +---- +@quinnnorton You see, you are already in @HP_Lovecraft mood. That's what you get when you pay for a train ticket ;-( + +(Originally on Twitter: [Wed Nov 27 16:02:52 +0000 2013](https://twitter.com/adulau/status/405728438704566272)) +---- +@headhntr "We're not computers, Morgan, we're physical." + +(Originally on Twitter: [Wed Nov 27 19:29:49 +0000 2013](https://twitter.com/adulau/status/405780520698515456)) +---- +@0xabad1dea Have you look at Tutfe-latex http://code.google.com/p/tufte-latex/ ? Using the Edward Tutfe style in LaTeX? + +(Originally on Twitter: [Wed Nov 27 20:20:52 +0000 2013](https://twitter.com/adulau/status/405793366517878784)) +---- +http://2013.hack.lu/archive/2013/spin.pdf Slides "spin Static instrumentation for binary reverse-engineering" slides published @hack_lu #hacklu + +(Originally on Twitter: [Thu Nov 28 10:51:49 +0000 2013](https://twitter.com/adulau/status/406012548119420928)) +---- +@Sebdraven @H_Miser @jpgaulier Pourtant on peut rigoler un peu https://www.virustotal.com/en/ip-address/66.147.244.79/information/ ;-) + +(Originally on Twitter: [Thu Nov 28 10:56:00 +0000 2013](https://twitter.com/adulau/status/406013602332565504)) +---- +@fredraynal @newsoft Une sorte de "Booz Allen Hamilton" c'est cool... on pourra enfin profiter des leaks... + +(Originally on Twitter: [Thu Nov 28 13:14:10 +0000 2013](https://twitter.com/adulau/status/406048369870532608)) +---- +Dear @ovh_support_fr @olesovhcom can you read and ACT with abuse email! I tried to call your "support" without success. + +(Originally on Twitter: [Thu Nov 28 14:52:51 +0000 2013](https://twitter.com/adulau/status/406073206194204672)) +---- +RT @mrkoot: From today's Snowden-pages: "80% of NSA tools used to find malware are commercial, while 100% of Dutch tools are" #NRC + +(Originally on Twitter: [Sat Nov 30 08:25:07 +0000 2013](https://twitter.com/adulau/status/406700406962937856)) +---- +Newspeak for "back-door"? http://cve.circl.lu/cve/CVE-2013-6718 "allows attackers to discover account names/passwords via use of an unspecified interface." + +(Originally on Twitter: [Sun Dec 01 11:55:54 +0000 2013](https://twitter.com/adulau/status/407115840308260865)) +---- +Lost in pond http://www.flickr.com/photos/adulau/11156097893/ I save a view of a tree. #photography + +(Originally on Twitter: [Sun Dec 01 18:32:56 +0000 2013](https://twitter.com/adulau/status/407215755122327552)) +---- +RT @ErrataRob: The CISSP certification is crap, and the ISC2 is crap. No amount of voting better board members will change that. + +(Originally on Twitter: [Sun Dec 01 19:30:29 +0000 2013](https://twitter.com/adulau/status/407230237622407169)) +---- +Never ask in public about the management network for windmill especially when the speaker says "a military-grade encryption" as answer. aie. + +(Originally on Twitter: [Mon Dec 02 20:33:07 +0000 2013](https://twitter.com/adulau/status/407608387606552576)) +---- +First time I heard about http://seatool.org/ "Symbolic Exploit Assistant" ( SEA ) a tool to discover and construction of exploits. + +(Originally on Twitter: [Mon Dec 02 21:03:12 +0000 2013](https://twitter.com/adulau/status/407615957985542145)) +---- +@spgedwards Maybe we would need to make stickers or tshirt "Snake Oil Warning" to show off during exhibition or presentation. + +(Originally on Twitter: [Mon Dec 02 21:11:59 +0000 2013](https://twitter.com/adulau/status/407618171474964480)) +---- +@xme See you there. + +(Originally on Twitter: [Tue Dec 03 19:01:46 +0000 2013](https://twitter.com/adulau/status/407947787070750722)) +---- +@btabaka @clusif Le seul moyen de déprécier la surveillance et l'interception, c'est de la rendre libre pour tous... + +(Originally on Twitter: [Tue Dec 03 19:04:15 +0000 2013](https://twitter.com/adulau/status/407948410742788096)) +---- +@Void_Kampf @btabaka C'est déjà le cas. Les services de renseignement sont au dessus des lois et les entreprises privées abusent les lois. + +(Originally on Twitter: [Tue Dec 03 20:08:28 +0000 2013](https://twitter.com/adulau/status/407964574894141441)) +---- +@Void_Kampf @btabaka Si, la libération de la crypto a donné l'accès aux citoyens à une techno qui peut aider à assurer la confidentialité. + +(Originally on Twitter: [Tue Dec 03 20:18:24 +0000 2013](https://twitter.com/adulau/status/407967072350515200)) +---- +@Void_Kampf @btabaka Je me souviens des années 90, on ne pouvait pas acheter le livre de @Bruce_Schneier avec sa disquette... + +(Originally on Twitter: [Tue Dec 03 20:20:09 +0000 2013](https://twitter.com/adulau/status/407967512991510528)) +---- +@Void_Kampf @btabaka Si on ne maitrise pas l'interception, on ne maitrise pas les techniques des attaquants... donc pas de protection. + +(Originally on Twitter: [Tue Dec 03 20:21:23 +0000 2013](https://twitter.com/adulau/status/407967821776175104)) +---- +@Void_Kampf @btabaka Si la crypto n'avait été libérée, on aurait toujours les soucis d'utilisation de SSL dans Apache http://www.apacheweek.com/features/ssl + +(Originally on Twitter: [Tue Dec 03 20:24:48 +0000 2013](https://twitter.com/adulau/status/407968685102358528)) +---- +@Void_Kampf @btabaka Je n'ai pas de doute sur la réponse: le code. C'est le seul moyen accessible librement (si on oublie les brevets ;-). + +(Originally on Twitter: [Tue Dec 03 20:29:12 +0000 2013](https://twitter.com/adulau/status/407969789445824512)) +---- +@travisgoodspeed @br3t Validity is just a blurry concept in the X.509 world. It's a signed http://CAcert.org certificate... + +(Originally on Twitter: [Tue Dec 03 21:56:23 +0000 2013](https://twitter.com/adulau/status/407991733276794880)) +---- +https://events.ccc.de/congress/2013/Fahrplan/events/5307.html Glad to see finally the talk about gstool and Chiasmus. Without spoiling the story, it will be fun ;-) @fluxfingers + +(Originally on Twitter: [Tue Dec 03 22:21:51 +0000 2013](https://twitter.com/adulau/status/407998140193579008)) +---- +RT @xme: If you're looking for a platform to exchange malware info, have a look at MISP: https://github.com/MISP #botconf + +(Originally on Twitter: [Thu Dec 05 09:08:49 +0000 2013](https://twitter.com/adulau/status/408523343613427712)) +---- +At #botconf, speaker talking about the "legal approach" to take-down coreflood. They discover the use of "extension order of seizure"... + +(Originally on Twitter: [Thu Dec 05 12:08:44 +0000 2013](https://twitter.com/adulau/status/408568619597963264)) +---- +at #botconf, the attacker has no legal limit and the law-enforcement is bound to law. Two games in parallel with different rules. + +(Originally on Twitter: [Thu Dec 05 12:13:36 +0000 2013](https://twitter.com/adulau/status/408569844166975488)) +---- +Log correlation at #botconf, interesting. Just wondering how the baseline of the traffic is done while you have already infected systems... + +(Originally on Twitter: [Thu Dec 05 12:21:52 +0000 2013](https://twitter.com/adulau/status/408571924462071808)) +---- +@g4l4drim The main problem is at which level the baseline is done. As example, if you baseline netflow flows or within the protocol itself. + +(Originally on Twitter: [Thu Dec 05 12:38:34 +0000 2013](https://twitter.com/adulau/status/408576126970114048)) +---- +At #botconf, E. Branca collected "standard" internet traffic and then compared the A/V detection rate from the raw pcap after each month... + +(Originally on Twitter: [Thu Dec 05 12:45:54 +0000 2013](https://twitter.com/adulau/status/408577972413550592)) +---- +Regarding "unattended" traffic discussion at #botconf, it's quite common with the mistyped RFC1918 addresses http://www.foo.be/cours/loria-2013/thevoid.pdf + +(Originally on Twitter: [Thu Dec 05 12:56:56 +0000 2013](https://twitter.com/adulau/status/408580748992454656)) +---- +@y0m You are always the terrorist of someone. #botconf + +(Originally on Twitter: [Thu Dec 05 12:58:01 +0000 2013](https://twitter.com/adulau/status/408581021408305153)) +---- +If a speaker at security conference ask you about the software you are running, you are not supposed to tell the truth. #botconf #tao #cne + +(Originally on Twitter: [Thu Dec 05 13:08:18 +0000 2013](https://twitter.com/adulau/status/408583609491021825)) +---- +@y0m @xme botnet? + +(Originally on Twitter: [Thu Dec 05 13:26:13 +0000 2013](https://twitter.com/adulau/status/408588117642194944)) +---- +Very good presentation about the CDorked campaign from @ekse0x at #botconf + +(Originally on Twitter: [Thu Dec 05 16:02:41 +0000 2013](https://twitter.com/adulau/status/408627496188252161)) +---- +A cool presentation at #botconf about Disass a binary analysis framework in Python to ease static malware reversing. http://bitbucket.cassidiancybersecurity.com/disass + +(Originally on Twitter: [Thu Dec 05 16:28:41 +0000 2013](https://twitter.com/adulau/status/408634039889690626)) +---- +@y0m Is this a reference to the recent malware using audio to propagate? #recursivejoke + +(Originally on Twitter: [Thu Dec 05 16:30:04 +0000 2013](https://twitter.com/adulau/status/408634388092440577)) +---- +An interesting presentation about call flow graph analysis and fuzzing by message partition to find similarities among binaries. #botconf + +(Originally on Twitter: [Thu Dec 05 16:38:01 +0000 2013](https://twitter.com/adulau/status/408636388892876801)) +---- +@ddouhine Right, that was my only source ;-) I'm just missing the paper and code implementing the concept described... + +(Originally on Twitter: [Thu Dec 05 16:47:37 +0000 2013](https://twitter.com/adulau/status/408638801611739136)) +---- +The speaker at #botconf mentioned this paper http://mostconf.org/2013/papers/14.pdf about Nomadic honeypots. Can this really work? + +(Originally on Twitter: [Fri Dec 06 08:46:26 +0000 2013](https://twitter.com/adulau/status/408880096846417920)) +---- +If they lack users to participate to a research about mobile honeypot, maybe the infection/exploitation scheme should be evaluated. #botconf + +(Originally on Twitter: [Fri Dec 06 08:48:17 +0000 2013](https://twitter.com/adulau/status/408880564737806336)) +---- +RT @_saadk: “@xme: @adulau Only dumb users will be authorised to join the honeypot! #botconf” < vouching process involves a nigerian scam? + +(Originally on Twitter: [Fri Dec 06 08:56:32 +0000 2013](https://twitter.com/adulau/status/408882640054669312)) +---- +RT @_saadk: Great suggestion from @adulau for running mobile honeypots by installing « malicious » apps on avg users’ terminals. legal? #bo… + +(Originally on Twitter: [Fri Dec 06 08:58:37 +0000 2013](https://twitter.com/adulau/status/408883164212658176)) +---- +@c_APT_ure is on stage at #botconf talks about Ponmocup malware. Explaining that is an underestimated malware. + +(Originally on Twitter: [Fri Dec 06 09:05:45 +0000 2013](https://twitter.com/adulau/status/408884957994438656)) +---- +@tomchop_ A malware is just a matter of definition. Having users regularly installing random Apps including honeypots @ktinoulas @_saadk + +(Originally on Twitter: [Fri Dec 06 09:12:10 +0000 2013](https://twitter.com/adulau/status/408886572260392961)) +---- +@tomchop_ @ktinoulas Like Skype end-user agreement "may use the processing capabilities, memory and bandwidth of the computer"... @_saadk + +(Originally on Twitter: [Fri Dec 06 09:25:40 +0000 2013](https://twitter.com/adulau/status/408889970414211073)) +---- +At #botconf @c_APT_ure is showing the mess of malware names in A/V using the Ponmocup malware as an example. #antivirus + +(Originally on Twitter: [Fri Dec 06 09:38:08 +0000 2013](https://twitter.com/adulau/status/408893107959119872)) +---- +@cbrocas The major vector was cPanel vulnerabilities for one of the campaign. The update included a trojaned version of the package @ekse0x + +(Originally on Twitter: [Fri Dec 06 10:30:29 +0000 2013](https://twitter.com/adulau/status/408906284377706496)) +---- +RT @xme: Dressed as @MalwareMustDie! #botconf ![](media/408912977367412736-Bay_6ldCIAAYtjS.jpg) + +(Originally on Twitter: [Fri Dec 06 10:57:05 +0000 2013](https://twitter.com/adulau/status/408912977367412736)) +---- +@SnorreFagerland Right but various infected users are just classifying the severity by using the A/V name... @c_APT_ure + +(Originally on Twitter: [Fri Dec 06 11:13:39 +0000 2013](https://twitter.com/adulau/status/408917145846693888)) +---- +@SnorreFagerland Yep, it's difficult. One way could be to have kind of shared YARA rules per sample between A/V to not use names. @c_APT_ure + +(Originally on Twitter: [Fri Dec 06 11:30:20 +0000 2013](https://twitter.com/adulau/status/408921342252044289)) +---- +A very good talk of @yenos at #botconf about experiments to detect DGA domains including his failures and successes in the research. #dns + +(Originally on Twitter: [Fri Dec 06 14:08:54 +0000 2013](https://twitter.com/adulau/status/408961248248619009)) +---- +@tomchop_ @y0m @Sebdraven @fredmilesi But the ligature is not really LaTeX style. I was expecting a beamer-based presentation ;-) + +(Originally on Twitter: [Fri Dec 06 14:18:33 +0000 2013](https://twitter.com/adulau/status/408963678864556032)) +---- +@Sebdraven and @yom included pedobear in their presentation at #botconf cc/ @tricaud @Regiteric not sure if the winner is @r00tbsd or them. + +(Originally on Twitter: [Fri Dec 06 14:30:10 +0000 2013](https://twitter.com/adulau/status/408966602361565185)) +---- +"Lessons Learned from Robotics Applied to Cyber Security" mentioned by @yenos at #botconf is available -> http://research.ijcaonline.org/volume74/number8/pxc3889795.pdf + +(Originally on Twitter: [Fri Dec 06 14:32:55 +0000 2013](https://twitter.com/adulau/status/408967294652399616)) +---- +RT @xme: Hey Security $VENDORS, stop congratulating yourself on the number of discovered/stopped botnets... Just share knowledge! #botconf + +(Originally on Twitter: [Fri Dec 06 15:24:38 +0000 2013](https://twitter.com/adulau/status/408980308638584832)) +---- +"SoK: P2PWNED — Modeling and Evaluating the Resilience of Peer-to-Peer Botnets" cc/ #botconf http://www.ieee-security.org/TC/SP2013/papers/4977a097.pdf + +(Originally on Twitter: [Fri Dec 06 15:25:12 +0000 2013](https://twitter.com/adulau/status/408980451227758592)) +---- +Bladerunner presentation from @arbornetworks explaining their framework to implement fake Botnet client including their protocol. #botconf + +(Originally on Twitter: [Fri Dec 06 15:33:39 +0000 2013](https://twitter.com/adulau/status/408982578633256960)) +---- +@H_Miser Strange I have the impression that I can swap this picture to someone else ;-) @_saadk + +(Originally on Twitter: [Fri Dec 06 15:35:23 +0000 2013](https://twitter.com/adulau/status/408983012391391232)) +---- +at #botconf @arbornetworks explained that the following network is source of many attacks. Seems confirmed ;-) http://bgpranking.circl.lu/asn_details?date=;source=;asn=47583;ip_details=31.170.164.0/23 + +(Originally on Twitter: [Fri Dec 06 15:52:20 +0000 2013](https://twitter.com/adulau/status/408987278652870658)) +---- +@c_APT_ure If you know additional public feeds for malicious activities, let me know. We will add these in bgpranking. @arbornetworks + +(Originally on Twitter: [Fri Dec 06 16:03:04 +0000 2013](https://twitter.com/adulau/status/408989980451545088)) +---- +Malcom - Malware Communication Analyzer presented at #botconf by @tomchop_ https://github.com/tomchop/malcom + +(Originally on Twitter: [Fri Dec 06 16:16:15 +0000 2013](https://twitter.com/adulau/status/408993296623489025)) +---- +@izar_t Yes the presentation is https://www.botconf.eu/wp-content/uploads/2013/10/13-ThanhDinhTa.pdf but it seems the paper will be released for another conference. #botconf + +(Originally on Twitter: [Sat Dec 07 06:37:27 +0000 2013](https://twitter.com/adulau/status/409210026364907520)) +---- +Another intermediate CA to remove... this time is maybe very close to you. #x509 +http://code.google.com/p/chromium/issues/detail?id=326787 + +(Originally on Twitter: [Sat Dec 07 21:28:29 +0000 2013](https://twitter.com/adulau/status/409434259561009152)) +---- +@Kaplan_CERTat It's always the mistake of someone. Just like all the taps on the fiber, people patch the wrong fiber on the patch panels. + +(Originally on Twitter: [Sat Dec 07 21:36:56 +0000 2013](https://twitter.com/adulau/status/409436387012669440)) +---- +@cbrocas The best is to get rid of the intermediate CA or the root CA itself. I suppose some organization in France need the root CA ;-) + +(Originally on Twitter: [Sat Dec 07 21:52:33 +0000 2013](https://twitter.com/adulau/status/409440317075513344)) +---- +@hashbreaker Sure, various people and organizations are running Passive DNS for the past years. If you need access to one, DM me. + +(Originally on Twitter: [Sat Dec 07 21:54:39 +0000 2013](https://twitter.com/adulau/status/409440845809471489)) +---- +@cbrocas The idea of Google was to fetch the CRLs and push it as soft update. But as far as I know, the OCSP check is still done via Chrome. + +(Originally on Twitter: [Sat Dec 07 22:13:55 +0000 2013](https://twitter.com/adulau/status/409445695544754177)) +---- +The fingerprint of the famous certificate -> http://src.chromium.org/viewvc/chrome/trunk/src/net/cert/cert_verify_proc.cc?r1=239345&r2=239344&pathrev=239345 + +(Originally on Twitter: [Sat Dec 07 22:23:21 +0000 2013](https://twitter.com/adulau/status/409448071072722946)) +---- +@curtw I don't know all the details but It seems that a supplier from a ministry used it for proxy level interception for outbound flows. + +(Originally on Twitter: [Sun Dec 08 08:46:14 +0000 2013](https://twitter.com/adulau/status/409604821176430592)) +---- +@curtw Maybe it's something like the MITM "functionality" of BlueCoat proxies... https://kb.bluecoat.com/index?page=content&id=KB5500 to intercept and analyze flows. + +(Originally on Twitter: [Sun Dec 08 08:49:54 +0000 2013](https://twitter.com/adulau/status/409605746049822720)) +---- +RT @CERTAFr: Suppression d'une branche de l'IGC/A: Suite à une erreur humaine lors d'une action de renforcement de la sécur... http://t.co/… + +(Originally on Twitter: [Sun Dec 08 08:55:51 +0000 2013](https://twitter.com/adulau/status/409607243135717376)) +---- +@jasonljones I couldn't resist to take a picture of you while eating the display port adapter during #botconf. https://plus.google.com/112095729959662313642/posts/HLjK2BpJHTe + +(Originally on Twitter: [Sun Dec 08 10:47:20 +0000 2013](https://twitter.com/adulau/status/409635300197924864)) +---- +RT @mattblaze: I'm not sure why we even bother having encryption if the model is 100s of default CAs you've never heard of, all uncondition… + +(Originally on Twitter: [Sun Dec 08 11:12:21 +0000 2013](https://twitter.com/adulau/status/409641592631623680)) +---- +@bortzmeyer Pour DANE, c'est uniquement le "certificate usage 3" qui n'utilise pas de CA tiers? @kavesalamatian @bluetouff @manhack + +(Originally on Twitter: [Sun Dec 08 11:30:24 +0000 2013](https://twitter.com/adulau/status/409646137302188032)) +---- +@X_Cli Exact et c'est le plus grand soucis pour l'instant. Le DNS est la pierre angulaire... @bortzmeyer @kavesalamatian @bluetouff @manhack + +(Originally on Twitter: [Sun Dec 08 11:36:34 +0000 2013](https://twitter.com/adulau/status/409647687995109378)) +---- +@X_Cli C'est dommage que l'on n'a pas encore la suite du slide 11 ;-) http://cryptome.org/2013/10/nsa-tor-stinks.pdf @bortzmeyer @kavesalamatian @bluetouff @manhack + +(Originally on Twitter: [Sun Dec 08 11:44:06 +0000 2013](https://twitter.com/adulau/status/409649582310567936)) +---- +Pictures of the #botconf @Botconf crew http://www.foo.be/botconf2013/ + @H_Miser @vloquet @ekse0x @_Sn0rkY + +(Originally on Twitter: [Sun Dec 08 12:14:05 +0000 2013](https://twitter.com/adulau/status/409657130493296640)) +---- +@moltke They didn't deny it. They deny it for what they call "our data". Ext collection is often considered as "external data" @jameslosey + +(Originally on Twitter: [Sun Dec 08 12:16:54 +0000 2013](https://twitter.com/adulau/status/409657838319845376)) +---- +@y0m @Botconf @H_Miser @vloquet @ekse0x @_Sn0rkY @Sebdraven Right. For the sleepy Seb, it's my fault. I told @xme about the opportunity ;-) + +(Originally on Twitter: [Sun Dec 08 12:43:56 +0000 2013](https://twitter.com/adulau/status/409664641409638400)) +---- +@tomchop_ Thank you. The pity I didn't have one from you during your excellent talk. @Botconf + +(Originally on Twitter: [Sun Dec 08 12:47:27 +0000 2013](https://twitter.com/adulau/status/409665526198054912)) +---- +@bortzmeyer C'est la question clé en sécurité: faire confiances à des gens ou des organisations? @X_Cli @kavesalamatian @bluetouff @manhack + +(Originally on Twitter: [Sun Dec 08 13:17:14 +0000 2013](https://twitter.com/adulau/status/409673024149794816)) +---- +@FredericJacobs For Firefox NSS, it seems to be under discussion https://bugzilla.mozilla.org/show_bug.cgi?id=693450#c22 @fpietrosanti @kheops2713 + +(Originally on Twitter: [Sun Dec 08 13:39:03 +0000 2013](https://twitter.com/adulau/status/409678513818435584)) +---- +@FredericJacobs Don't forget that the majority of large organization are using MITM to inspect SSL traffic from internal client (A/V check). + +(Originally on Twitter: [Sun Dec 08 13:49:10 +0000 2013](https://twitter.com/adulau/status/409681060172005376)) +---- +A picture of Hendrik Adrian @unixfreaxjp http://www.flickr.com/photos/adulau/11269840594/ at #botconf2013 + +(Originally on Twitter: [Sun Dec 08 14:29:02 +0000 2013](https://twitter.com/adulau/status/409691092838150144)) +---- +Bypassing Windows AppLocker using a Time of Check Time of Use vulnerability http://www.nccgroup.com/media/495634/2013-12-04_-_ncc_-_technical_paper_-_bypassing_windows_applocker__2_.pdf + +(Originally on Twitter: [Sun Dec 08 15:38:33 +0000 2013](https://twitter.com/adulau/status/409708584373452800)) +---- +RT @WeldPond: How long before someone creates an open source Stingray with SDR. #HackRF + +(Originally on Twitter: [Sun Dec 08 16:58:49 +0000 2013](https://twitter.com/adulau/status/409728785026940928)) +---- +@g4l4drim Exact. Cela pourrait être du bluecoat SG proxy ou un Cisco IronPorts S-Series ... ou un proxy "français" @ncaproni @btreguier + +(Originally on Twitter: [Sun Dec 08 17:05:39 +0000 2013](https://twitter.com/adulau/status/409730503311233024)) +---- +@btreguier @ncaproni @g4l4drim La détection se fait avec le "certificate pinning" de Google Chrome. https://www.imperialviolet.org/2011/05/04/pinning.html + +(Originally on Twitter: [Sun Dec 08 18:40:53 +0000 2013](https://twitter.com/adulau/status/409754471644663809)) +---- +@btreguier C'est le CA intermédiaire http://googleonlinesecurity.blogspot.com/2013/12/further-improving-digital-certificate.html @ncaproni @g4l4drim + +(Originally on Twitter: [Sun Dec 08 19:03:18 +0000 2013](https://twitter.com/adulau/status/409760113990189057)) +---- +@vloquet For your information http://webwereld.nl/beveiliging/80431-microsoft-actie-tegen-botnet-saboteert-fox-it + +(Originally on Twitter: [Mon Dec 09 15:40:13 +0000 2013](https://twitter.com/adulau/status/410071393657569280)) +---- +RT @circl_lu: The Curious Case of the Malicious IIS Module #infosec #iis #malware http://blog.spiderlabs.com/2013/12/the-curious-case-of-the-malicious-iis-module.html + +(Originally on Twitter: [Tue Dec 10 07:19:01 +0000 2013](https://twitter.com/adulau/status/410307647905476608)) +---- +I was expecting it at some point but not so early... http://www.ibtimes.co.uk/articles/528387/20131208/paedophiles-dark-net-tor-child-abuse-nsa.htm + +(Originally on Twitter: [Tue Dec 10 13:35:38 +0000 2013](https://twitter.com/adulau/status/410402430237425664)) +---- +Some of my notes regarding hardware random generators https://gist.github.com/adulau/7886815 feel free to update. #random + +(Originally on Twitter: [Tue Dec 10 17:01:42 +0000 2013](https://twitter.com/adulau/status/410454286598811648)) +---- +With the #LPM, I just release a draft "Eavesdropping of Internet - What Can We Do? A Revolution?" http://www.foo.be/eavesdropping-what-to-do/ #privacy + +(Originally on Twitter: [Tue Dec 10 21:22:44 +0000 2013](https://twitter.com/adulau/status/410519977578352640)) +---- +RT @jpflorent: Grâce à @SNCB j'ai eu le plaisir de covoiturer avec @adulau ce matin. Merci dites pour notre train supprimé/oublié/perdu + +(Originally on Twitter: [Wed Dec 11 07:36:40 +0000 2013](https://twitter.com/adulau/status/410674479430643713)) +---- +RT @circl_lu: "Microsoft security advisory: Update to revoke noncompliant UEFI boot loader modules" http://support.microsoft.com/kb/2871690 #infosec + +(Originally on Twitter: [Wed Dec 11 07:51:38 +0000 2013](https://twitter.com/adulau/status/410678245563301888)) +---- +@pbeyssac En effet... mais on peut faire des backups de ses clés PGP au format papier. http://www.jabberwocky.com/software/paperkey/ + +(Originally on Twitter: [Wed Dec 11 21:36:53 +0000 2013](https://twitter.com/adulau/status/410885928165457920)) +---- +""Intrusion software" now export-controlled as "dual-use"" aie aie so @metasploit is included? @MarietjeSchaake http://blog.cyberwar.nl/2013/12/intrusion-software-now-export.html + +(Originally on Twitter: [Fri Dec 13 06:32:49 +0000 2013](https://twitter.com/adulau/status/411383185931395072)) +---- +We are back to the early nineties where you cannot use encryption or protect yourself because crypto was "dual-use". @MarietjeSchaake + +(Originally on Twitter: [Fri Dec 13 06:34:40 +0000 2013](https://twitter.com/adulau/status/411383651486547969)) +---- +Every software is "dual-use". @MarietjeSchaake + +(Originally on Twitter: [Fri Dec 13 06:35:21 +0000 2013](https://twitter.com/adulau/status/411383823524311041)) +---- +@mrkoot So if you can buy @hackingteam from a webshop. Adding Cat.4 just helps the bad guys... @metasploit @MarietjeSchaake + +(Originally on Twitter: [Fri Dec 13 06:58:22 +0000 2013](https://twitter.com/adulau/status/411389615824588800)) +---- +@e3i5 Don't you think that regulating the software is just creating more problems than solving the root cause? @mrkoot @CDA + +(Originally on Twitter: [Sat Dec 14 08:20:33 +0000 2013](https://twitter.com/adulau/status/411772687254425600)) +---- +@e3i5 All the malicious software used by governments will remain and it doesn't cover the exchange between intelligence orgs. @mrkoot @CDA + +(Originally on Twitter: [Sat Dec 14 08:23:33 +0000 2013](https://twitter.com/adulau/status/411773441121849344)) +---- +@taziden L'infographie qui tuerait @EdwardTufte sans parler du passage de l'ensemble de ces groupes par le sud de la Belgique ;-) + +(Originally on Twitter: [Sat Dec 14 20:36:48 +0000 2013](https://twitter.com/adulau/status/411957968360308736)) +---- +cryptographic flaws in IBM SPSS data file encryption http://seclists.org/fulldisclosure/2013/Dec/101 + +(Originally on Twitter: [Sat Dec 14 20:47:16 +0000 2013](https://twitter.com/adulau/status/411960604740423680)) +---- +RT @botherder: #30c3 will be part of history, I can guarantee you. + +(Originally on Twitter: [Sun Dec 15 12:55:28 +0000 2013](https://twitter.com/adulau/status/412204258847883265)) +---- +RT @belowring0: @thegrugq and proactively forensicate and investigate them proactively, so you know who's targeting you. Detection is the n… + +(Originally on Twitter: [Sun Dec 15 13:55:42 +0000 2013](https://twitter.com/adulau/status/412219419256172545)) +---- +RT @circl_lu: 2 internships position open @circl_lu https://www.circl.lu/projects/internships/ if you are an EU MSc student in information security, feel free… + +(Originally on Twitter: [Mon Dec 16 16:53:35 +0000 2013](https://twitter.com/adulau/status/412626571263234048)) +---- +@mikko Maybe his nick is to not too far from the Rubik's cubes ;-) + +(Originally on Twitter: [Mon Dec 16 21:41:32 +0000 2013](https://twitter.com/adulau/status/412699037456805888)) +---- +@cudeso Koen don't tell me that you are jumping in the ISO27001 trap... The standards are not accessible and the exam was a joke ;-) + +(Originally on Twitter: [Tue Dec 17 15:33:31 +0000 2013](https://twitter.com/adulau/status/412968810421825537)) +---- +@Dymaxion Even for free software developers? @quinnnorton + +(Originally on Twitter: [Tue Dec 17 15:38:59 +0000 2013](https://twitter.com/adulau/status/412970183934750720)) +---- +@Dymaxion Free software definition includes every potential authors from a single citizen to a team working at the NSA... @quinnnorton + +(Originally on Twitter: [Tue Dec 17 15:45:28 +0000 2013](https://twitter.com/adulau/status/412971816798261248)) +---- +@Dymaxion Every software can lead to wrongful arrest. From GNU grep to Encase Forensic. Software is just "dual-use". @quinnnorton + +(Originally on Twitter: [Tue Dec 17 15:47:56 +0000 2013](https://twitter.com/adulau/status/412972439727923200)) +---- +@matthew_d_green GSTOOL? http://janschejbal.wordpress.com/2013/09/11/advisory-unsichere-verschluesselung-bei-gstool/ http://events.ccc.de/congress/2013/Fahrplan/events/5307.html + +(Originally on Twitter: [Tue Dec 17 15:52:05 +0000 2013](https://twitter.com/adulau/status/412973483136540672)) +---- +@Dymaxion I see your point but where Encase Forensic or Sleuthkit are? generic tool? or specific purpose tool? @quinnnorton + +(Originally on Twitter: [Tue Dec 17 15:53:21 +0000 2013](https://twitter.com/adulau/status/412973799282192385)) +---- +http://www.raildar.fr/ Maybe a good example for @sncb any open data to do so? cc/ @jpflorent + +(Originally on Twitter: [Tue Dec 17 15:56:17 +0000 2013](https://twitter.com/adulau/status/412974541086814208)) +---- +@e3i5 So, Is metaploit falling into category 4 of the updated Wassenaar arrangement or not? @privacyint @richietynan + +(Originally on Twitter: [Tue Dec 17 16:05:33 +0000 2013](https://twitter.com/adulau/status/412976869533696000)) +---- +@e3i5 Ok thanks for the feedback. I hope this is not case. But I still don't get why @privacyint is promoting Waasenaar use. @richietynan + +(Originally on Twitter: [Wed Dec 18 06:10:53 +0000 2013](https://twitter.com/adulau/status/413189607832838144)) +---- +RT @circl_lu: PlugX is still actively used for targeted attacks http://normanshark.com/blog/plugx-used-mongolian-targets/ and still use the technique we described in https://… + +(Originally on Twitter: [Wed Dec 18 07:42:31 +0000 2013](https://twitter.com/adulau/status/413212665994280960)) +---- +@mikko Nice one. Wondering if the scariest one is not the forced mutation breeding with Gamma rays ;-) @hh86_ + +(Originally on Twitter: [Wed Dec 18 07:47:13 +0000 2013](https://twitter.com/adulau/status/413213849379012608)) +---- +It might be an opportunity for Luxembourg to accept bitcoin deposits from Chineses investors http://www.nytimes.com/2013/12/19/business/international/china-bitcoin-exchange-ends-renminbi-deposits.html @LuxFinance + +(Originally on Twitter: [Wed Dec 18 08:29:44 +0000 2013](https://twitter.com/adulau/status/413224549858025472)) +---- +RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis #gnupg #rsa +http://www.cs.tau.ac.il/~tromer/acoustic/ + +(Originally on Twitter: [Wed Dec 18 16:46:19 +0000 2013](https://twitter.com/adulau/status/413349519489658880)) +---- +@ochsenmeier Is the MD5 hash of the file in NSRL? If not, could you share it? + +(Originally on Twitter: [Wed Dec 18 20:39:23 +0000 2013](https://twitter.com/adulau/status/413408172217344000)) +---- +http://www.whitehouse.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf I don't see any reference to TAO activities and the current GENIE program and alike.... + +(Originally on Twitter: [Wed Dec 18 21:56:23 +0000 2013](https://twitter.com/adulau/status/413427547695632384)) +---- +RT @mattblaze: I'd love to be as confident as the NSA review panel is about this.... ![](media/413551301172420608-Bbz68srIMAAMvT-.jpg) + +(Originally on Twitter: [Thu Dec 19 06:08:08 +0000 2013](https://twitter.com/adulau/status/413551301172420608)) +---- +RT @circl_lu: Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks #android http://t.co/… + +(Originally on Twitter: [Thu Dec 19 09:09:36 +0000 2013](https://twitter.com/adulau/status/413596971073798144)) +---- +"Zero Day Vulnerability in OpenX Source 2.8.11 and Revive Adserver 3.0.1" a wonderful launchpad for your exploit kit http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/ + +(Originally on Twitter: [Thu Dec 19 20:30:29 +0000 2013](https://twitter.com/adulau/status/413768321415131138)) +---- +RT @headhntr: GnuPG is fundraising. Donate and get a sweet GPG t-shirt or http://gnupg.net email address! http://goteo.org/project/gnupg-new-website-and-infrastructure #Cry… + +(Originally on Twitter: [Thu Dec 19 20:34:20 +0000 2013](https://twitter.com/adulau/status/413769289075015680)) +---- +just gave 100,- EUR to @gnupg crowdfunding. and you? #gnupg #pgp #crypto + +(Originally on Twitter: [Thu Dec 19 20:54:56 +0000 2013](https://twitter.com/adulau/status/413774473242738688)) +---- +https://github.com/kholia/PGPCrack-NG "PGPCrack-NG is a program designed to brute-force symmetrically encrypted PGP files." + +(Originally on Twitter: [Fri Dec 20 06:31:52 +0000 2013](https://twitter.com/adulau/status/413919661835571200)) +---- +@the_zen_guy I'm using the OpenPGP standard and especially GnuPG every day. It's real and working. @r00tbsd + +(Originally on Twitter: [Fri Dec 20 20:44:04 +0000 2013](https://twitter.com/adulau/status/414134125381951488)) +---- +@msuiche Here is the dump (123MB) of today in JSON from cve-search including vfeed http://www.foo.be/cve/dump/cve-search-dump-20131220.json @wimremes @MarioVilas + +(Originally on Twitter: [Fri Dec 20 21:35:38 +0000 2013](https://twitter.com/adulau/status/414147104110428161)) +---- +@msuiche The references array includes usually the known original finders urls along with vendors urls if available @wimremes @MarioVilas + +(Originally on Twitter: [Fri Dec 20 21:52:05 +0000 2013](https://twitter.com/adulau/status/414151243024457728)) +---- +@4Dgifts Because OSVDB does not provide/allow public dump. cve-search includes NIST CVE/CPE and vfeed. @msuiche @wimremes @MarioVilas + +(Originally on Twitter: [Fri Dec 20 22:03:59 +0000 2013](https://twitter.com/adulau/status/414154239242285056)) +---- +@4Dgifts If you know additional public vulnerability feeds to add in cve-search, let me know. thx. @msuiche @wimremes @MarioVilas + +(Originally on Twitter: [Fri Dec 20 22:05:06 +0000 2013](https://twitter.com/adulau/status/414154516561285120)) +---- +@Cryptomeorg This seems to be a typo. My guess it is a custom word list in the spell checker of the journalist with cryptome in. @mrkoot + +(Originally on Twitter: [Fri Dec 20 22:15:22 +0000 2013](https://twitter.com/adulau/status/414157102139969536)) +---- +RT @Shiftreduce: I gave NSA access to backdoor my software and all I got was this lousy tshirt + +(Originally on Twitter: [Sat Dec 21 09:13:03 +0000 2013](https://twitter.com/adulau/status/414322615134986240)) +---- +@ToolsWatch Thank you for the notification. Update commited https://github.com/adulau/cve-search/commit/18c03902b89d8016d217576d8d7bc3839beed7a2 @wimremes + +(Originally on Twitter: [Sat Dec 21 09:27:28 +0000 2013](https://twitter.com/adulau/status/414326240913281024)) +---- +CVE-2013-6999 sounds like a challenge from Microsoft in the CVE "we don't consider it a security vulnerability" http://cve.circl.lu/cve/CVE-2013-6999 + +(Originally on Twitter: [Sat Dec 21 09:47:30 +0000 2013](https://twitter.com/adulau/status/414331284568031233)) +---- +As of Today, consolidated JSON dump of cve-search will be available daily http://www.foo.be/cve/dump/cve-search-dump-now.json including CVE/CPE/Vfeed. #infosec + +(Originally on Twitter: [Sat Dec 21 10:07:15 +0000 2013](https://twitter.com/adulau/status/414336251571871744)) +---- +@ToolsWatch I'm the guy behind it ;-) it's the standard cve-search public instance of the web interface. + +(Originally on Twitter: [Sat Dec 21 10:10:47 +0000 2013](https://twitter.com/adulau/status/414337140894351360)) +---- +@ToolsWatch All users of cve-search can fetch the data. I can add a default URL pointing back to @ToolsWatch in the web interface. + +(Originally on Twitter: [Sat Dec 21 10:15:35 +0000 2013](https://twitter.com/adulau/status/414338351886376960)) +---- +@ToolsWatch Your resource are great. Let me know what you want in the default web interface of cve-search as credit for each entry. + +(Originally on Twitter: [Sat Dec 21 10:18:08 +0000 2013](https://twitter.com/adulau/status/414338991811342336)) +---- +@ToolsWatch No worries, I'll update the default web pages with a link to the vfeed BSD license for each map_ entries from vfeed. + +(Originally on Twitter: [Sat Dec 21 10:20:59 +0000 2013](https://twitter.com/adulau/status/414339708148121600)) +---- +@ToolsWatch Your work is awesome too. By the way, vfeed reference is now included like this: http://cve.circl.lu/cve/CVE-2010-3333 let me know if it is ok. + +(Originally on Twitter: [Sat Dec 21 10:37:42 +0000 2013](https://twitter.com/adulau/status/414343918080110592)) +---- +@ToolsWatch The reference to vfeed is now included in the default web interface of the cve-search code base. https://github.com/adulau/cve-search/commit/960a52d097efa74a3ce96a7859f9cc294f2368be + +(Originally on Twitter: [Sat Dec 21 10:50:17 +0000 2013](https://twitter.com/adulau/status/414347081596157952)) +---- +@ToolsWatch Do you know users using CWS Common Weakness Enumeration? I'm close to implement a new db structure for CWS in cve-search. + +(Originally on Twitter: [Sat Dec 21 10:59:12 +0000 2013](https://twitter.com/adulau/status/414349328052785152)) +---- +RT @capstone_engine: Made some changes, and libcapstone is 40% smaller now: total size is 3.2MB now, not 5.6MB like before. See https://t.c… + +(Originally on Twitter: [Sat Dec 21 11:00:29 +0000 2013](https://twitter.com/adulau/status/414349650825867264)) +---- +@ToolsWatch Yes, CWE. I'm wondering if it worth to code this part as I haven't seen a lot of people using it. + +(Originally on Twitter: [Sat Dec 21 11:02:47 +0000 2013](https://twitter.com/adulau/status/414350230935457793)) +---- +@lpenet Pourrais-tu expliquer ton argumentation sur le sujet de la PMA? @rfc1149 + +(Originally on Twitter: [Sat Dec 21 11:23:57 +0000 2013](https://twitter.com/adulau/status/414355555625336833)) +---- +RT @FarmerMag: Thanks to Alexandre, this picture will be on the cover of our very first issue. #farmermag http://m.flickr.com/#/photos/adulau/6986962268/ http://t.… + +(Originally on Twitter: [Sat Dec 21 11:52:42 +0000 2013](https://twitter.com/adulau/status/414362792268169216)) +---- +@MarioVilas The oss-security list is a good source but you still need a lot of manual parsing to structure it. @4Dgifts @msuiche @wimremes + +(Originally on Twitter: [Sat Dec 21 14:46:40 +0000 2013](https://twitter.com/adulau/status/414406570647101440)) +---- +RT @simonsinek: Selfish is easy. It's sharing that takes courage. + +(Originally on Twitter: [Sat Dec 21 14:50:53 +0000 2013](https://twitter.com/adulau/status/414407632653651968)) +---- +@SushiDude Thanks for the #hint. I just started the CWE support in cve-search https://github.com/adulau/cve-search/blob/45c6dcbaf3a1802d8b790aeccd998fe9ccbb2059/db_mgmt_cwe.py The rest will follow soon @ToolsWatch + +(Originally on Twitter: [Sun Dec 22 15:57:44 +0000 2013](https://twitter.com/adulau/status/414786843419242496)) +---- +@ren0_a Il serait aussi utile de conserver les abeilles sauvages, les bourdons et les frelons... et d'attirer les essaims sauvages. + +(Originally on Twitter: [Sun Dec 22 17:37:54 +0000 2013](https://twitter.com/adulau/status/414812052335517697)) +---- +@MarioVilas I didn't know golismero, it seems cool. I could write a Python 2.7 golismero plug-in for cve-search using the DB directly. + +(Originally on Twitter: [Sun Dec 22 18:07:17 +0000 2013](https://twitter.com/adulau/status/414819446960566273)) +---- +@SushiDude Good to know. I'll add the taxonomy mappings and alt terms in the next commits. By the way, thanks for your work! @ToolsWatch + +(Originally on Twitter: [Sun Dec 22 20:49:46 +0000 2013](https://twitter.com/adulau/status/414860334109687808)) +---- +@Cyr_ In EMV, SDA or DDA is often use for offline card verification with the terminal. Then the transaction is accepted offline based/ card. + +(Originally on Twitter: [Mon Dec 23 19:38:10 +0000 2013](https://twitter.com/adulau/status/415204703077535744)) +---- +@FredericJacobs National security is also high on the novlang list. + +(Originally on Twitter: [Mon Dec 23 19:51:54 +0000 2013](https://twitter.com/adulau/status/415208161503506432)) +---- +@Cyr_ I don't think so. One protocol is keeping the PIN offline encrypted with the public key of the terminal. Then it's processed later on. + +(Originally on Twitter: [Mon Dec 23 20:05:52 +0000 2013](https://twitter.com/adulau/status/415211677068455936)) +---- +RT @Nickf4rr: Last call for #30c3 presents from the USA. #saintnickfarr + +(Originally on Twitter: [Mon Dec 23 20:54:01 +0000 2013](https://twitter.com/adulau/status/415223792500473856)) +---- +@mattblaze Don't forget that RSA is also operating a CA ;-) http://cert.webtrust.org/SealFile?seal=981&file=pdf + +(Originally on Twitter: [Tue Dec 24 07:43:17 +0000 2013](https://twitter.com/adulau/status/415387185861230592)) +---- +@SteveClement http://www.flickchart.com/discussion/A898B2411B/vs/DD16A87882 I thought that Blade Runner was a real movie ;-) + +(Originally on Twitter: [Tue Dec 24 15:23:26 +0000 2013](https://twitter.com/adulau/status/415502989294444545)) +---- +"Bullet-Proof Extensible Vote Counter" ;-) http://graphics.stanford.edu/~danielrh/vote/mzalewski.c + +(Originally on Twitter: [Tue Dec 24 23:14:36 +0000 2013](https://twitter.com/adulau/status/415621558992773120)) +---- +RT @Contrepoints: Luxembourg : les mensonges de la presse française http://dlvr.it/4ZStDB + +(Originally on Twitter: [Wed Dec 25 07:35:56 +0000 2013](https://twitter.com/adulau/status/415747724815114240)) +---- +RT @KennethGeers: @mikko On the contrary, you should absolutely give this preso. One must talk to one's adversaries. Will you publish the s… + +(Originally on Twitter: [Wed Dec 25 07:39:59 +0000 2013](https://twitter.com/adulau/status/415748742944669696)) +---- +"Process HTTP Pcaps With YARA" and TCP Reassembly relies on the tcpflow from Simson Garfinkel...nice. https://github.com/kevthehermit/YaraPcap + +(Originally on Twitter: [Wed Dec 25 13:58:23 +0000 2013](https://twitter.com/adulau/status/415843972817240065)) +---- +@z3ndrag0n Usually it's a bit more. If you do your paper/audit work, you could become a CA ;-) @xytarium @mattblaze + +(Originally on Twitter: [Wed Dec 25 17:09:08 +0000 2013](https://twitter.com/adulau/status/415891977188544513)) +---- +@quinnnorton Maybe you should listen to some Metallica? You know this old statement "fight fire with fire" ;-) + +(Originally on Twitter: [Fri Dec 27 07:37:51 +0000 2013](https://twitter.com/adulau/status/416472983121571840)) +---- +@bortzmeyer Je voulais référencer ton draft draft-bortzmeyer-dnsop-dns-privacy dans notre draft passive dns mais le bibxml n'est pas à jour. + +(Originally on Twitter: [Fri Dec 27 08:31:11 +0000 2013](https://twitter.com/adulau/status/416486405640974336)) +---- +Doing security research? @sstic 2014 CFP is open. It's french-speaking but English submissions are accepted. https://www.sstic.org/2014/cfp/ + +(Originally on Twitter: [Fri Dec 27 12:31:41 +0000 2013](https://twitter.com/adulau/status/416546929498005505)) +---- +"Practical malleability attack against CBC-Encrypted LUKS partitions" Recent Linux distros should be to AES-XTS... http://www.jakoblell.com/blog/2013/12/22/practical-malleability-attack-against-cbc-encrypted-luks-partitions/ + +(Originally on Twitter: [Fri Dec 27 12:39:33 +0000 2013](https://twitter.com/adulau/status/416548907326255106)) +---- +Interested in Chiasmus algorithm it's now live on http://streaming.media.ccc.de/saal2/native/lq/ #30c3 + +(Originally on Twitter: [Fri Dec 27 13:11:05 +0000 2013](https://twitter.com/adulau/status/416556845856092160)) +---- +just published the first version of "Passive DNS - Common Output Format" http://tools.ietf.org/html/draft-dulaunoy-kaplan-passive-dns-cof-00 cc @bortzmeyer @Kaplan_CERTat + +(Originally on Twitter: [Fri Dec 27 16:56:43 +0000 2013](https://twitter.com/adulau/status/416613627987128320)) +---- +@electrospaces SDS -> "Sigint Development Support" for your acronyms blog. http://electrospaces.blogspot.com/p/abbreviations-and-acronyms.html + +(Originally on Twitter: [Sun Dec 29 21:26:42 +0000 2013](https://twitter.com/adulau/status/417406344774160384)) +---- +RT @ihackbanme: #30c3 "virtually impossible" great talk by @gal_diskin + +(Originally on Twitter: [Sun Dec 29 21:47:14 +0000 2013](https://twitter.com/adulau/status/417411511913840640)) +---- +@ncaproni On peut tous avoir des motivations évoluant avec le temps et vouloir les fixer c'est se voiler la face @ericfreyss @nicoladiaz + +(Originally on Twitter: [Sun Dec 29 21:54:54 +0000 2013](https://twitter.com/adulau/status/417413444342513664)) +---- +@ncaproni TAO touche l'ensemble de la population par l'exploitation de cibles critiques pour des raisons eco/pol. @ericfreyss @nicoladiaz + +(Originally on Twitter: [Sun Dec 29 21:58:42 +0000 2013](https://twitter.com/adulau/status/417414397401640960)) +---- +RT @c3streaming: Somebody killed the power a switch that powers Saal 1 A/V. #30c3 #hall1 #saal1 + +(Originally on Twitter: [Sun Dec 29 22:05:11 +0000 2013](https://twitter.com/adulau/status/417416030026465280)) +---- +@electrospaces You're welcome for SRA. Is it SRA or SrA? Because SrA might be Senior Airman for the USAF? + +(Originally on Twitter: [Sun Dec 29 22:16:20 +0000 2013](https://twitter.com/adulau/status/417418834690064384)) +---- +@electrospaces Correct. If it's SRA upper-case, SRA International is indeed providing a lot of analysts for the SIGINT in US/DE. + +(Originally on Twitter: [Sun Dec 29 22:27:33 +0000 2013](https://twitter.com/adulau/status/417421660031959040)) +---- +I predict an increased use of papers and pencils in the next months.... #nsa http://leaksource.wordpress.com/2013/12/30/nsas-ant-division-catalog-of-exploits-for-nearly-every-major-software-hardware-firmware/ + +(Originally on Twitter: [Mon Dec 30 13:35:46 +0000 2013](https://twitter.com/adulau/status/417650219212214272)) +---- +@Kaplan_CERTat Yep as long as you don't have LAUDAUTO in the room ;-) Pencil and paper seems less risky. + +(Originally on Twitter: [Mon Dec 30 13:45:27 +0000 2013](https://twitter.com/adulau/status/417652657558286337)) +---- +@schreckthomas @Kaplan_CERTat Just using the paper and pencil locally and then you need your own carrier service for your sensitive papers. + +(Originally on Twitter: [Mon Dec 30 13:47:01 +0000 2013](https://twitter.com/adulau/status/417653050338078720)) +---- +@pinkflawd Maybe we should start a business of organic goat cheese without electricity. The issue is to start a business without a mobile. + +(Originally on Twitter: [Mon Dec 30 13:56:14 +0000 2013](https://twitter.com/adulau/status/417655370245357568)) +---- +@searchio More code from their side also means more bugs to exploit. I'm sure some are already playing in their fields. @thegrugq @ioerror + +(Originally on Twitter: [Mon Dec 30 14:15:43 +0000 2013](https://twitter.com/adulau/status/417660272090677248)) +---- +@searchio Indeed. For those guys, it depends on which stage... usually the core is better written than the outer layers. @thegrugq @ioerror + +(Originally on Twitter: [Mon Dec 30 14:21:21 +0000 2013](https://twitter.com/adulau/status/417661689564110848)) +---- +@xme It's funny but in the other hand, it's like discrediting the information released yesterday. + +(Originally on Twitter: [Tue Dec 31 08:00:51 +0000 2013](https://twitter.com/adulau/status/417928321679118336)) +---- +RT @circl_lu: Use-after-free vulnerability in Microsoft Internet Explorer 9/10 allows remote attackers to execute arbitrary code http://t.c… + +(Originally on Twitter: [Tue Dec 31 08:02:30 +0000 2013](https://twitter.com/adulau/status/417928739499307008)) +---- +SSL certificate fun fact: 3176 unique file:// URI to reach the CRL in 55391 X.509 certificates collected from Internet. #revokingishard + +(Originally on Twitter: [Tue Dec 31 09:53:40 +0000 2013](https://twitter.com/adulau/status/417956714734841856)) +---- +@mikko Don't forget it's the SIGINT support team. Remotely can mean using the custom GSM Base Station in the surrounding. @bbhorne @ioerror + +(Originally on Twitter: [Tue Dec 31 10:01:01 +0000 2013](https://twitter.com/adulau/status/417958563596607488)) +---- +@tomchop_ c) Have you ever seen the "time/date change" while travelling ;-) It's an easy to trick the user/phone with the UI. + +(Originally on Twitter: [Tue Dec 31 10:29:25 +0000 2013](https://twitter.com/adulau/status/417965710090833921)) +---- +@tomchop_ You think it's a timezone change ;-) + +(Originally on Twitter: [Tue Dec 31 10:48:23 +0000 2013](https://twitter.com/adulau/status/417970484005703680)) +---- +@tomchop_ It's not even spoofed.... you are connect to the mobile network via their GSM BS. Then, it's a new world from bb to soft attacks. + +(Originally on Twitter: [Tue Dec 31 10:54:40 +0000 2013](https://twitter.com/adulau/status/417972065287692288)) +---- +@ralphholz Indeed a lot of those are URI with CIFS internal location. Nice for enumerating internal nets. I have 197 unique .local domains. + +(Originally on Twitter: [Tue Dec 31 10:57:52 +0000 2013](https://twitter.com/adulau/status/417972868215865344)) +---- +@tomchop_ In the past years, I have seen both. The compliance and especially "backward compatibility" is another source of exploitation. + +(Originally on Twitter: [Tue Dec 31 11:01:26 +0000 2013](https://twitter.com/adulau/status/417973768321912832)) +---- +@ralphholz We are working sometime with them but if you are interested to work on this with us let me know. + +(Originally on Twitter: [Tue Dec 31 12:41:30 +0000 2013](https://twitter.com/adulau/status/417998949971013632)) +---- +@twiet Would you be willing to share a picture of the wiring and board layout? @wopot @DavidLWaterson @DellCares + +(Originally on Twitter: [Tue Dec 31 17:16:17 +0000 2013](https://twitter.com/adulau/status/418068102190878720)) +---- +@rbidule Happy new year! + +(Originally on Twitter: [Wed Jan 01 08:22:01 +0000 2014](https://twitter.com/adulau/status/418296036080107520)) +---- +https://www.openssl.org/news/secadv_hack.txt "the attack (against http://openssl.org) was made via hypervisor through the hosting provider" #infosec + +(Originally on Twitter: [Thu Jan 02 15:09:44 +0000 2014](https://twitter.com/adulau/status/418761031876239360)) +---- +@averagesecguy CNE is Computer Network Exploitation in the NSA terminology. + +(Originally on Twitter: [Thu Jan 02 16:31:32 +0000 2014](https://twitter.com/adulau/status/418781613917347840)) +---- +@jweyrich Yep the one running on top of R5N DHT. It's interesting but I don't know the scale of R5N/GNS usage. @SteveClement + +(Originally on Twitter: [Fri Jan 03 07:41:45 +0000 2014](https://twitter.com/adulau/status/419010678750322688)) +---- +"Elastic Pathing: Your Speed is Enough to Track You" car insurance and #privacy don't mix http://arxiv.org/abs/1401.0052 + +(Originally on Twitter: [Sat Jan 04 13:51:29 +0000 2014](https://twitter.com/adulau/status/419466112556728320)) +---- +@bortzmeyer Tu veux dire l'adresse et non l'homme ;-) + +(Originally on Twitter: [Sat Jan 04 16:02:58 +0000 2014](https://twitter.com/adulau/status/419499202616385536)) +---- +@abbynormative It's under the grant 12.902 "Information Security Grant Program Information Assurance/Scholarship Program" @ramdac + +(Originally on Twitter: [Sat Jan 04 18:22:33 +0000 2014](https://twitter.com/adulau/status/419534330344398848)) +---- +@abbynormative I can find some references of Intel related to the following NSA grant "H98230-" not sure if it's related to Tadpole @ramdac + +(Originally on Twitter: [Sat Jan 04 18:33:17 +0000 2014](https://twitter.com/adulau/status/419537030138171393)) +---- +@abbynormative Right. Just wondering if this is just an overall contract for the scholarship program with student w/ Intel grants. @ramdac + +(Originally on Twitter: [Sat Jan 04 18:37:33 +0000 2014](https://twitter.com/adulau/status/419538106132340736)) +---- +@abbynormative Just wondering, did you send a narrrowed request for the FOIA case 75436? Thanks for your work. @ramdac + +(Originally on Twitter: [Sat Jan 04 18:45:06 +0000 2014](https://twitter.com/adulau/status/419540003119575040)) +---- +@abbynormative P is purchase order and T is request for quotation check http://www.acq.osd.mil/dpap/dars/dfars/html/current/204_70.htm#204.7003 @ramdac + +(Originally on Twitter: [Sat Jan 04 19:20:49 +0000 2014](https://twitter.com/adulau/status/419548994633621504)) +---- +@abbynormative For your information 98230 it's a CAGE number. For the NSA at "9800 SAVAGE RD SUITE 6718" @ramdac + +(Originally on Twitter: [Sat Jan 04 19:41:00 +0000 2014](https://twitter.com/adulau/status/419554071419158528)) +---- +@bortzmeyer Not for me, It's issued by a "CyberTrust" CA certificate. MiTM in your place with a Juniper device? ;-) + +(Originally on Twitter: [Sat Jan 04 21:01:37 +0000 2014](https://twitter.com/adulau/status/419574358495883264)) +---- +@bortzmeyer The issue seems related to http://juniper.net domains without the www prefixed... + +(Originally on Twitter: [Sat Jan 04 21:05:51 +0000 2014](https://twitter.com/adulau/status/419575424205586433)) +---- +@JDMiron twitter @ foo.be + +(Originally on Twitter: [Sun Jan 05 21:26:18 +0000 2014](https://twitter.com/adulau/status/419942962047365120)) +---- +RT @circl_lu: Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist #apple #infosec http://t.c… + +(Originally on Twitter: [Mon Jan 06 07:50:14 +0000 2014](https://twitter.com/adulau/status/420099978787577856)) +---- +@H_Miser Avec zmap, tu n'as pas le temps de boire un thé Lapsang Souchong ;-) + +(Originally on Twitter: [Mon Jan 06 16:08:30 +0000 2014](https://twitter.com/adulau/status/420225369191374848)) +---- +@Cryptomeorg That's the paradox of technology. You also need logs in order to detect malware crashing ;-) http://cryptome.org/2014/01/log-files-spying.htm + +(Originally on Twitter: [Mon Jan 06 19:11:16 +0000 2014](https://twitter.com/adulau/status/420271367192203264)) +---- +"Questioning the National Security Agency’s Metadata Program" Interesting but maybe missing the economical aspect.... http://politicalscience.osu.edu/faculty/jmueller/NSAshane3.pdf + +(Originally on Twitter: [Tue Jan 07 12:28:26 +0000 2014](https://twitter.com/adulau/status/420532377153044481)) +---- +@r00tbsd Congrats and enjoy your new challenges! @malwarelu + +(Originally on Twitter: [Wed Jan 08 10:36:01 +0000 2014](https://twitter.com/adulau/status/420866474580795392)) +---- +@AdvancedThreat The job must be pretty boring with such requirements. I'm wondering if there are some job opportunities with @asscert ;-) + +(Originally on Twitter: [Fri Jan 10 19:38:53 +0000 2014](https://twitter.com/adulau/status/421727866930208768)) +---- +"dig +short txt berlin" I hope you don't cache the DNS answer ;-) Now we have useless legal disclaimers in DNS records... + +(Originally on Twitter: [Fri Jan 10 20:55:12 +0000 2014](https://twitter.com/adulau/status/421747073336111104)) +---- +@JDMiron Oui avec plaisir. Mes photos sont libres (creative commons BY-SA). + +(Originally on Twitter: [Sat Jan 11 20:36:28 +0000 2014](https://twitter.com/adulau/status/422104747277959168)) +---- +@taziden I thought the French version moved the baby from the oven towards the refrigerator ;-) + +(Originally on Twitter: [Sat Jan 11 20:46:48 +0000 2014](https://twitter.com/adulau/status/422107346853060609)) +---- +@altquinn Maybe one day, you'll see Richard Clarke doing the 11 lessons from Internet autonomy just like McNamara did for Vietnam... + +(Originally on Twitter: [Sun Jan 12 12:14:21 +0000 2014](https://twitter.com/adulau/status/422340771799236608)) +---- +@thegrugq Did you change the static AES key inside your YubiKey? @nedos + +(Originally on Twitter: [Sun Jan 12 13:15:07 +0000 2014](https://twitter.com/adulau/status/422356064227442689)) +---- +@blackswanburst OPSEC and Auguste Kerckhoffs should be friend? The weak part of token is often the static key/psk/seed. @thegrugq @nedos + +(Originally on Twitter: [Sun Jan 12 13:38:11 +0000 2014](https://twitter.com/adulau/status/422361869160968192)) +---- +http://insights.ubuntu.com/wp-content/uploads/UK-Gov-Report-Summary.pdf CESG statement regarding LUKS and dm-crypt is quite interesting. I'm wondering who will sponsor the assessment... + +(Originally on Twitter: [Sun Jan 12 21:27:33 +0000 2014](https://twitter.com/adulau/status/422479989544464385)) +---- +1124576073 keys in @LevelDB on a shitty hard-disk and a random lookup of 200 keys in 0.164s. I really like LevelDB. + +(Originally on Twitter: [Tue Jan 14 18:04:54 +0000 2014](https://twitter.com/adulau/status/423153766959812608)) +---- +RT @EFF: The Senate Judiciary Committee's hearing on President Obama's NSA review group is beginning now. Watch live: https://t.co/oosrLkgw… + +(Originally on Twitter: [Tue Jan 14 19:41:03 +0000 2014](https://twitter.com/adulau/status/423177962582978560)) +---- +@jedisct1 Ebury or something else? + +(Originally on Twitter: [Tue Jan 14 19:41:39 +0000 2014](https://twitter.com/adulau/status/423178114475110400)) +---- +"TrueCrypt Master Key Extraction And Volume Identification" using volatility http://volatility-labs.blogspot.com/2014/01/truecrypt-master-key-extraction-and.html + +(Originally on Twitter: [Wed Jan 15 05:41:45 +0000 2014](https://twitter.com/adulau/status/423329135188901888)) +---- +2014 is year full for opportunities but it seems it's even more true for snake-oil cryptographic cryptosystems. + +(Originally on Twitter: [Thu Jan 16 21:58:19 +0000 2014](https://twitter.com/adulau/status/423937282098229248)) +---- +@thegrugq SCIF with Internet access or allowing external devices to enter... to view porn content. http://www.dod.mil/dodgc/doha/industrial/11-09859.h1.pdf + +(Originally on Twitter: [Fri Jan 17 07:51:35 +0000 2014](https://twitter.com/adulau/status/424086583369678848)) +---- +Objective for the lab of Tomorrow with my students. Malware classification based on network traffic analysis. http://www.foo.be/cours/dess-20132014/graph.png + +(Originally on Twitter: [Fri Jan 17 19:48:20 +0000 2014](https://twitter.com/adulau/status/424266961925599232)) +---- +@FredericJacobs After the lab, the resource will be http://www.foo.be/cours/dess-20132014/ and students are advised to push their experiments on @github . + +(Originally on Twitter: [Fri Jan 17 19:57:14 +0000 2014](https://twitter.com/adulau/status/424269201830727680)) +---- +@FredericJacobs The dataset of 4000 malware is mainly "standard" from a daily collection. "Other" malware often evade passive analysis... + +(Originally on Twitter: [Fri Jan 17 20:03:41 +0000 2014](https://twitter.com/adulau/status/424270824032305152)) +---- +RT @gsuberland: @0xabad1dea @MalwareMustDie My reply: http://pastebin.com/raw.php?i=WQW0z94N (his blog seems to be broken: blank page on submit comment) + +(Originally on Twitter: [Fri Jan 17 20:46:02 +0000 2014](https://twitter.com/adulau/status/424281480475709440)) +---- +Thanks to @SteveClement for the ping about iBeacon. It's a wonderful world of proximity exploitation for the future. http://www.theregister.co.uk/Print/2013/11/29/feature_diy_apple_ibeacons/ + +(Originally on Twitter: [Sat Jan 18 18:04:50 +0000 2014](https://twitter.com/adulau/status/424603301003264000)) +---- +"Peacetime Regime for State Activities in Cyberspace" "vulnerability discoverer" are considered as "Grey Hat". pffff http://cryptome.org/2014/01/nato-peacetime-cyberspace.pdf + +(Originally on Twitter: [Sun Jan 19 19:04:52 +0000 2014](https://twitter.com/adulau/status/424980795883651072)) +---- +It seems that @qualys or one of its customer is scanning the Internet http://bgpranking.circl.lu/asn_details?date=;source=;asn=27385;ip_details=64.39.111.0/24 + +(Originally on Twitter: [Mon Jan 20 10:06:40 +0000 2014](https://twitter.com/adulau/status/425207741821362178)) +---- +For the ones being at #FIC2014 It might be a good opportunity to sign PGP keys after the "free software/security workshop" @Regiteric + +(Originally on Twitter: [Tue Jan 21 18:39:51 +0000 2014](https://twitter.com/adulau/status/425699278208512000)) +---- +RT @circl_lu: Still not patched your NTP server (version before 4.2.7p26)? You must if you don't want to be part of DDoS attacks http://t… + +(Originally on Twitter: [Thu Jan 23 10:20:21 +0000 2014](https://twitter.com/adulau/status/426298348040388608)) +---- +A small note regarding this research http://www.cs.kau.se/philwint/spoiled_onions you should assume that the list of malicious Tor exit nodes is not exhaustive. + +(Originally on Twitter: [Thu Jan 23 13:54:16 +0000 2014](https://twitter.com/adulau/status/426352185136254976)) +---- +@__phw @LLM_Mphil Maybe the tests should be extended to high-bandwidth Tor exit nodes and especially on a longer term. + +(Originally on Twitter: [Thu Jan 23 16:27:37 +0000 2014](https://twitter.com/adulau/status/426390774310137856)) +---- +If you are planning to go to the #FOSDEM don't forget to submit your key for the keysigning party https://fosdem.org/2014/keysigning/ + +(Originally on Twitter: [Thu Jan 23 22:09:44 +0000 2014](https://twitter.com/adulau/status/426476870423433216)) +---- +@blackswanburst Indeed not only #NTP can be used for #amplification, some others too http://www.circl.lu/pub/tr-19/ feedback and updates welcomed. + +(Originally on Twitter: [Fri Jan 24 19:58:02 +0000 2014](https://twitter.com/adulau/status/426806118531084288)) +---- +@blackswanburst Yep the future is great for the attackers ;-( I'll add the amplification attacks using game servers http://grehack.org/files/2013/GreHack_2013_proceedings-separate_files/3-accepted_papers/3.5_Alejandro_Nolla_-_Amplification_DDoS_attacks_with_game_servers.pdf + +(Originally on Twitter: [Fri Jan 24 20:08:52 +0000 2014](https://twitter.com/adulau/status/426808842932846592)) +---- +@NoSuchCon When will the 2014 edition? Thank you. As the 2014 @ProjectHoneynet workshop is somehow around the same date... + +(Originally on Twitter: [Sun Jan 26 15:37:11 +0000 2014](https://twitter.com/adulau/status/427465247956287488)) +---- +"It appears that documents associated with law enforcement inquiries were stolen." Aie aie.. and the FISA too? http://blogs.technet.com/b/trustworthycomputing/archive/2014/01/24/post.aspx + +(Originally on Twitter: [Sun Jan 26 20:59:24 +0000 2014](https://twitter.com/adulau/status/427546334128635904)) +---- +As BND (DE) has access to XKeyscore, journalists should ask if other EU countries (e.g Benelux) have also access to. http://www.spiegel.de/netzwelt/netzpolitik/ard-versendet-snowden-interview-vor-mitternacht-a-945657.html + +(Originally on Twitter: [Mon Jan 27 09:52:00 +0000 2014](https://twitter.com/adulau/status/427740767960838144)) +---- +RT @circl_lu: CIRCL Training And Technical Courses Catalogue 2014 published #infosec #cert #luxembourg http://www.circl.lu/files/circl-training-2014.pdf + +(Originally on Twitter: [Wed Jan 29 20:59:47 +0000 2014](https://twitter.com/adulau/status/428633596732379136)) +---- +"Faker is a Python package that generates fake data for you." Maybe the test should test if the data are really fake. http://www.joke2k.net/faker/ + +(Originally on Twitter: [Wed Jan 29 21:06:27 +0000 2014](https://twitter.com/adulau/status/428635272842989568)) +---- +OpenSSH 6.5 released supporting Daniel Bernstein's Curve25519 and ChaCha20 stream cipher... http://lists.mindrot.org/pipermail/openssh-unix-announce/2014-January/000117.html + +(Originally on Twitter: [Thu Jan 30 19:03:12 +0000 2014](https://twitter.com/adulau/status/428966643436224512)) +---- +@y0m One of my favorite book. Another good one is Mechanisms, New Media and the Forensic Imagination by Matthew G. Kirschenbaum + +(Originally on Twitter: [Fri Jan 31 07:20:05 +0000 2014](https://twitter.com/adulau/status/429152088665255936)) +---- +If you go to #Sotchi and want to take care of #OPSEC maybe this worth a read https://medium.com/p/ba48c2c82a8b #JournalismAfterSnowden + +(Originally on Twitter: [Fri Jan 31 10:52:22 +0000 2014](https://twitter.com/adulau/status/429205508759617536)) +---- +You want to do incident response for "bloggers and activists around the world " maybe you want to apply -> http://digitaldefenders.org/wordpress/vacancy-programme-officer-technology-and-safety/ + +(Originally on Twitter: [Fri Jan 31 15:01:22 +0000 2014](https://twitter.com/adulau/status/429268172781256704)) +---- +@joke2k Faker is great but might need to include a way to verify a domain name (A or MX records) or email address doesn't exist. + +(Originally on Twitter: [Fri Jan 31 21:11:42 +0000 2014](https://twitter.com/adulau/status/429361369196920832)) +---- +RT @bortzmeyer: Amateurs de technique et de politique, vous avez un mois pour relire le futur RFC sur le filtrage de l'Internet https://t.c… + +(Originally on Twitter: [Sat Feb 01 09:12:29 +0000 2014](https://twitter.com/adulau/status/429542760929325056)) +---- +RT @s7ephen: We (w/@securelyfitz) are happy to announce our new class "SExViaHex: Software Exploitation Via Hardware Exploitation" http://t… + +(Originally on Twitter: [Sat Feb 01 10:04:50 +0000 2014](https://twitter.com/adulau/status/429555936030883840)) +---- +Thanks to @SteveClement for bringing an improvised explosive device in the office to test our skills http://www.flickr.com/photos/adulau/12249197884/ + +(Originally on Twitter: [Sat Feb 01 11:11:10 +0000 2014](https://twitter.com/adulau/status/429572628429303809)) +---- +MD5 or sample of malware to share? It's the time for the Belgian police to share the information publicly to help other victims #nsa @koenrh + +(Originally on Twitter: [Sat Feb 01 11:23:22 +0000 2014](https://twitter.com/adulau/status/429575699947462657)) +---- +@FredericJacobs Great. Can we ask the journalists to dig and release the remaining regarding "software exploitation"? @koenrh @ggreenwald + +(Originally on Twitter: [Sat Feb 01 11:31:23 +0000 2014](https://twitter.com/adulau/status/429577716086476801)) +---- +Tomorrow at the PGP keysigning #FOSDEM, I won't carry any electronic device or mobile phone (as usual). You can meet me there physically. + +(Originally on Twitter: [Sat Feb 01 11:46:14 +0000 2014](https://twitter.com/adulau/status/429581455505633280)) +---- +@botherder We could ask "all crypto experts" to extract the past 2 years of Linkedin Invitations from their mboxes. @FredericJacobs + +(Originally on Twitter: [Sat Feb 01 12:02:03 +0000 2014](https://twitter.com/adulau/status/429585433819762688)) +---- +@botherder And keep the dataset offline. Along with a memory dump of their machines for afterwards analysis. @FredericJacobs + +(Originally on Twitter: [Sat Feb 01 12:03:12 +0000 2014](https://twitter.com/adulau/status/429585724967370752)) +---- +@FredericJacobs I hope they don't remove from the mboxes all the invit evidences after successful exploitation. @botherder @matthew_d_green + +(Originally on Twitter: [Sat Feb 01 12:29:46 +0000 2014](https://twitter.com/adulau/status/429592409962332161)) +---- +RT @41414141: @emmangoldstein the ~3600 lines of that page's source code try hard to compete. Have a real link: http://cdn.theguardian.tv/mainwebsite/2014/01/28/140130BasementDIY-16x9.mp4 + +(Originally on Twitter: [Sat Feb 01 13:30:40 +0000 2014](https://twitter.com/adulau/status/429607736759050240)) +---- +@0xtosh @koenrh That's why FCCU should share the samples with the security researchers. The legal procedure is so clumsy. + +(Originally on Twitter: [Sat Feb 01 14:00:22 +0000 2014](https://twitter.com/adulau/status/429615209192230912)) +---- +@v_ignatyev Nice that you tried it. Sure it's still alive and experimental. If you have any pull requests or updates. Feel free. Thank you. + +(Originally on Twitter: [Mon Feb 03 15:48:20 +0000 2014](https://twitter.com/adulau/status/430367155456974849)) +---- +"Infrastructure Services Moved to New Server" and the server is a gift. Maybe better to buy the server at random... + http://blog.cacert.org/2014/02/infrastructure-services-moved-to-new-server/ + +(Originally on Twitter: [Mon Feb 03 15:52:43 +0000 2014](https://twitter.com/adulau/status/430368258550558720)) +---- +@aris_ada Do you know if they finally use an HSM? They accept "donated" hardware but it was not recommended in http://wiki.cacert.org/Roots/CreationCeremony #tao + +(Originally on Twitter: [Mon Feb 03 22:23:27 +0000 2014](https://twitter.com/adulau/status/430466590358777856)) +---- +Who is starting a honeypot listening on TCP/port 3306 with a huge server string? http://cve.circl.lu/cve/CVE-2014-0001 @circl_lu + +(Originally on Twitter: [Tue Feb 04 10:25:49 +0000 2014](https://twitter.com/adulau/status/430648379937288192)) +---- +RT @iiamit: C'mon Kaspersky - super douche move: https://www.securelist.com/en/blog/8177/CVE_2013_0497_a_0_day_vulnerability, and the obvious Corelan response: https://www.corelan.be/index.php/2014/02/05/corelan-team-reply-to-false-allegation-made-by-kaspersky/ + +(Originally on Twitter: [Wed Feb 05 19:48:50 +0000 2014](https://twitter.com/adulau/status/431152456077426689)) +---- +RT @CryptoPartyLux: Quick reminder: The next Digital Privacy Salon in #Luxembourg will take place tomorrow (14-02-06) at #Konrad from 18:30… + +(Originally on Twitter: [Wed Feb 05 20:20:26 +0000 2014](https://twitter.com/adulau/status/431160408783982592)) +---- +Mozilla Network Security Services (NSS) does not properly restrict public values in Diffie-Hellman key exchanges... +http://cve.circl.lu/cve/CVE-2014-1491 + +(Originally on Twitter: [Thu Feb 06 10:32:00 +0000 2014](https://twitter.com/adulau/status/431374713823035392)) +---- +Why @mozilla is not directly signing the add-ons instead of relying of third party for the code signing? Because only Mozilla could audit... + +(Originally on Twitter: [Thu Feb 06 14:56:37 +0000 2014](https://twitter.com/adulau/status/431441304027803648)) +---- +@kaepora http://wiki.yobi.be/wiki/Sci-Fi_Crypto Philipe Teuwen did a proof-of-concept some years ago but it was just a test... + +(Originally on Twitter: [Thu Feb 06 18:56:40 +0000 2014](https://twitter.com/adulau/status/431501713929818112)) +---- +RT @xme: Hmmm… Got a nice Salesforce phishing with a PE in a RAR archive, #VT score: 3/50 and clean according to my #FireEye MAS… + +(Originally on Twitter: [Fri Feb 07 15:45:35 +0000 2014](https://twitter.com/adulau/status/431816015190974464)) +---- +RT @BEESECURE: Who targets the journalists? and how? Workshop with @circl_lu at @UE_Luxembourg #SID2014 ![](media/431816309433982976-Bf3TSUAIUAABe1G.jpg) + +(Originally on Twitter: [Fri Feb 07 15:46:45 +0000 2014](https://twitter.com/adulau/status/431816309433982976)) +---- +@jedisct1 It was based on the most common fields from the known pdns implementation used like https://api.dnsdb.info/ + +(Originally on Twitter: [Fri Feb 07 19:12:19 +0000 2014](https://twitter.com/adulau/status/431868039944867841)) +---- +@jedisct1 TTL can be also pretty subjective from a passive DNS point of view. Average TTL for caching dns? distinct values of TTLs? range? + +(Originally on Twitter: [Fri Feb 07 19:13:33 +0000 2014](https://twitter.com/adulau/status/431868352311476224)) +---- +@jedisct1 If you have a good idea to express TTL for passive DNS as an additional field I would be glad to add it. Thank you. + +(Originally on Twitter: [Fri Feb 07 19:14:25 +0000 2014](https://twitter.com/adulau/status/431868568557211648)) +---- +@jedisct1 Thanks for the feedback. I'll add ttl (last seen TTL) and ttl-range in the additional fields. cc/ @Kaplan_CERTat + +(Originally on Twitter: [Fri Feb 07 19:41:37 +0000 2014](https://twitter.com/adulau/status/431875415490064384)) +---- +Twitterbot/1.0 accessed URLs sent in DM. Not sure if there are indexed but it might be worth to keep this in mind. #twitter #infosec + +(Originally on Twitter: [Fri Feb 07 20:23:29 +0000 2014](https://twitter.com/adulau/status/431885951409717248)) +---- +@_fwix_ Quand tu tapes l'URL il est directement accédé par le Twitterbot mais il est en effet interdit de l'envoyer... + +(Originally on Twitter: [Fri Feb 07 20:26:51 +0000 2014](https://twitter.com/adulau/status/431886799988731904)) +---- +@DavidGlaude If you enter an URL it's accessed by the Twitterbot even if you cannot send the DM directly. Check your server logs. + +(Originally on Twitter: [Fri Feb 07 20:27:54 +0000 2014](https://twitter.com/adulau/status/431887064825479168)) +---- +"questions about boot-time entropy loading" Some interesting questions... http://www.marshut.com/iprzri/questions-about-boot-time-entropy-loading.html + +(Originally on Twitter: [Tue Feb 11 07:12:06 +0000 2014](https://twitter.com/adulau/status/433136345003741184)) +---- +"Authorized inspectors will be admitted to a SCIF without delay or hindrance." Bingo! http://www.dtic.mil/whs/directives/corres/pdf/510521m_vol1.pdf + +(Originally on Twitter: [Tue Feb 11 21:53:28 +0000 2014](https://twitter.com/adulau/status/433358147353198594)) +---- +ODNI is looking for private organizations to handle bulk collection without the government holding the metadata... http://cryptome.org/2014/02/dni-215-metadata.pdf + +(Originally on Twitter: [Tue Feb 11 22:30:45 +0000 2014](https://twitter.com/adulau/status/433367529616965632)) +---- +"Each time you introduce an additional classification label, the sharing interest is reduced by a double factor" for my #TFCSIRT slides... + +(Originally on Twitter: [Wed Feb 12 06:25:31 +0000 2014](https://twitter.com/adulau/status/433487011115069440)) +---- +@y0m Il suffit de remplacer la prise sans masse avec la prise EU (avec la masse). Je suppose que vous êtes dans un bâtiment correct ;-) + +(Originally on Twitter: [Wed Feb 12 10:19:48 +0000 2014](https://twitter.com/adulau/status/433545970148573184)) +---- +Sure @hack_lu will take place 21,22,23 october 2014. #hacklu #security #conference @the_metalgamer @JanGuth @virii @c3l_ + +(Originally on Twitter: [Wed Feb 12 10:21:24 +0000 2014](https://twitter.com/adulau/status/433546370507501568)) +---- +@ToolsWatch Thanks a lot. cve-search updated to include HP and securityfocus id. + +(Originally on Twitter: [Wed Feb 12 13:22:28 +0000 2014](https://twitter.com/adulau/status/433591940295041025)) +---- +@lapremiere Je suppose qu'il parle de sa vision abusive du droit d'auteur. Il oublie souvent les logiciels libres et le libre. @PascClau + +(Originally on Twitter: [Fri Feb 14 08:54:09 +0000 2014](https://twitter.com/adulau/status/434249188029648896)) +---- +"Shellcode Golf: Every Byte is Sacred" https://community.rapid7.com/community/metasploit/blog/2014/02/14/shellcode-golf + +(Originally on Twitter: [Fri Feb 14 20:55:23 +0000 2014](https://twitter.com/adulau/status/434430695503454208)) +---- +"La Trahison des Images" during the photowalk at #tfcsirt #zurich #photography https://www.flickr.com/photos/adulau/12534202374/ + +(Originally on Twitter: [Sun Feb 16 12:11:21 +0000 2014](https://twitter.com/adulau/status/435023592963588096)) +---- +RT @_argp: @halvarflake Even a dump/extract of the BinDiff data in something parseable (XML, JSON, whatever) would be immensely useful. + +(Originally on Twitter: [Sun Feb 16 12:12:45 +0000 2014](https://twitter.com/adulau/status/435023944341794817)) +---- +Wondering how to inject @beefproject links in a wireless network. LANs.py might help you ;-) https://github.com/DanMcInerney/LANs.py + +(Originally on Twitter: [Sun Feb 16 12:48:01 +0000 2014](https://twitter.com/adulau/status/435032819643850752)) +---- +Information Theoretical Cryptogenography - How much information can they reliably leak? http://arxiv.org/abs/1402.3125 + +(Originally on Twitter: [Sun Feb 16 14:37:53 +0000 2014](https://twitter.com/adulau/status/435060469687017473)) +---- +RT @fredraynal: Je cherche des auteurs pour le prochain HS #MISCMag : rech. de vuln dans du code source. Idem pour les browsers. cc @MISCR… + +(Originally on Twitter: [Sun Feb 16 14:40:22 +0000 2014](https://twitter.com/adulau/status/435061093816627202)) +---- +@w03_ Are you sure this is only a play? The reality might be very close. + +(Originally on Twitter: [Mon Feb 17 06:02:40 +0000 2014](https://twitter.com/adulau/status/435293200287154176)) +---- +Willing to build a financial model with #Bitcoin in Luxembourg? It seems ok as long as you register to the authority http://www.cssf.lu/fileadmin/files/Publications/Communiques/Communiques_2014/Communique__monnaie_virtuelle_140214.pdf + +(Originally on Twitter: [Wed Feb 19 06:27:20 +0000 2014](https://twitter.com/adulau/status/436024183500201984)) +---- +Version 2.2.1 of the Malware Information Sharing Platform (MISP) is available... many new features and bug fixes. https://github.com/MISP/MISP + +(Originally on Twitter: [Wed Feb 19 20:59:30 +0000 2014](https://twitter.com/adulau/status/436243669814087680)) +---- +RT @cedricpernet: RT @davidbizeul: #bitcrypt analysis and decryption tool on http://blog.cassidiancybersecurity.com made by @0xf4b and @cedricpernet #DFIR … + +(Originally on Twitter: [Thu Feb 20 22:13:45 +0000 2014](https://twitter.com/adulau/status/436624744079978496)) +---- +RT @circl_lu: Bypassing ASLR protection mechanism using Flash - CVE-2014-0499 http://cve.circl.lu/cve/CVE-2014-0499 + +(Originally on Twitter: [Fri Feb 21 14:29:51 +0000 2014](https://twitter.com/adulau/status/436870388023558144)) +---- +"<XYZ> do not verify X.509 certificates from SSL servers" <XYZ> can be often replaced by your favorite software... +http://cve.circl.lu/cve/CVE-2014-1910 + +(Originally on Twitter: [Sat Feb 22 17:54:17 +0000 2014](https://twitter.com/adulau/status/437284220114075648)) +---- +RT @4Dgifts: @adulau see http://www2.dcsec.uni-hannover.de/files/android/p50-fahl.pdf and http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf + +(Originally on Twitter: [Sat Feb 22 18:04:58 +0000 2014](https://twitter.com/adulau/status/437286910349045762)) +---- +@bortzmeyer Tu as bien choisi. Entre (), les CRLs sont aussi amusantes http://www.foo.be/cgi-bin/wiki.pl/2011-12-17_Certificate_Revocation_Reasons_2011 + +(Originally on Twitter: [Sat Feb 22 20:36:03 +0000 2014](https://twitter.com/adulau/status/437324932549074945)) +---- +RT @ProjectHoneynet: WORKSHOP NEWS - May 12-14 in Warsaw, Poland https://www.honeynet.org/node/1139 + +(Originally on Twitter: [Tue Feb 25 22:12:20 +0000 2014](https://twitter.com/adulau/status/438436324006453248)) +---- +"eCall in-vehicle system are not traceable and are not subject to any constant tracking" voted today? #privacy http://www.europarl.europa.eu/oeil/popups/ficheprocedure.do?reference=2013/0165%28COD%29&l=en + +(Originally on Twitter: [Wed Feb 26 15:20:10 +0000 2014](https://twitter.com/adulau/status/438694986520227840)) +---- +@jpflorent It's a good one too. But the "eCall in-vehicle system" has much more potential for exploitation, tracking and surveillance... + +(Originally on Twitter: [Thu Feb 27 10:11:43 +0000 2014](https://twitter.com/adulau/status/438979751383162880)) +---- +Kindred Domains: Detecting and Clustering Botnet Domains Using DNS Traffic https://googledrive.com/host/0B5OmjQFUYtesNEhwVUVyMkJWcVE/doc/www14ws.pdf + +(Originally on Twitter: [Thu Feb 27 19:42:10 +0000 2014](https://twitter.com/adulau/status/439123311055093760)) +---- +Sometime to catch on the phone the abuse contact @OVH I usually need to listen to Front 242 Headhunter... http://www.youtube.com/watch?v=m1cRGVaJF7Y + +(Originally on Twitter: [Fri Feb 28 15:23:12 +0000 2014](https://twitter.com/adulau/status/439420529112784896)) +---- +RT @philpraxis: When visiting NSA's website from TOR: Unable to detect. Make sure JavaScript is enabled and ... #sure_I_will_do_that http:/… + +(Originally on Twitter: [Sat Mar 01 16:47:00 +0000 2014](https://twitter.com/adulau/status/439804005632729088)) +---- +RT @circl_lu: "Uroburos - highly complex espionage software with Russian roots" #malware http://blog.gdatasoftware.com/blog/article/uroburos-highly-complex-espionage-software-with-russian-roots.html + +(Originally on Twitter: [Mon Mar 03 13:38:43 +0000 2014](https://twitter.com/adulau/status/440481398101909504)) +---- +RT @quarkslab: Thanks to @OpenITP, we participate to improve secure development standards. http://goo.gl/ydpDBd 1st job on @ChatSecure + +(Originally on Twitter: [Mon Mar 03 14:20:36 +0000 2014](https://twitter.com/adulau/status/440491936408170496)) +---- +RT @OpenITP: Some of the people behind the recently launched Peer Review Board: @adulau @Dymaxion @quinnnorton @jamesvasile http://t.co/Ab… + +(Originally on Twitter: [Mon Mar 03 15:36:54 +0000 2014](https://twitter.com/adulau/status/440511138191917056)) +---- +just published an updated version (02) of the Internet-Draft Passive DNS - Common Output Format http://datatracker.ietf.org/doc/draft-dulaunoy-kaplan-passive-dns-cof/ + +(Originally on Twitter: [Mon Mar 03 22:22:41 +0000 2014](https://twitter.com/adulau/status/440613259075260416)) +---- +"Persistent Data-only Malware: Function Hooks without Code" #malware http://www.internetsociety.org/sites/default/files/11_2_1.pdf + +(Originally on Twitter: [Tue Mar 04 05:30:11 +0000 2014](https://twitter.com/adulau/status/440720843115474944)) +---- +@msuiche Maybe it's just the return on the investment in Monsanto and Cargill http://leaksource.info/2013/02/13/bill-gates-dodges-questions-on-why-he-owns-500000-shares-of-monsanto/ + +(Originally on Twitter: [Tue Mar 04 05:40:11 +0000 2014](https://twitter.com/adulau/status/440723356606676993)) +---- +RT @circl_lu: Critical bugs in GnuTLS in X.509 certificate verification http://www.gnutls.org/security.html#GNUTLS-SA-2014-2 https://rhn.redhat.com/errata/RHSA-2014-0247.html + +(Originally on Twitter: [Tue Mar 04 07:39:29 +0000 2014](https://twitter.com/adulau/status/440753381012176896)) +---- +@MalwareMustDie @wopot @wirehack7 Is this db01f96d5e66d82f7eb61b85eb96ef6e or something else? + +(Originally on Twitter: [Tue Mar 04 07:43:41 +0000 2014](https://twitter.com/adulau/status/440754438953631746)) +---- +"EMV – Why Payment Systems Fail" http://www.lightbluetouchpaper.org/2014/03/03/financial-cryptography-2014/ + +(Originally on Twitter: [Tue Mar 04 13:22:57 +0000 2014](https://twitter.com/adulau/status/440839818855997441)) +---- +"Hidden Markov Models for Malware Classification" The title seems misleading, it's just packer classification... http://scholarworks.sjsu.edu/cgi/viewcontent.cgi?article=1329&context=etd_projects + +(Originally on Twitter: [Tue Mar 04 14:39:15 +0000 2014](https://twitter.com/adulau/status/440859019247243264)) +---- +@Sebdraven Nope the paper about HMM is just using "objdump -d" for each sample. So basically the classification is done on obfuscated bins. + +(Originally on Twitter: [Tue Mar 04 15:28:27 +0000 2014](https://twitter.com/adulau/status/440871399775674368)) +---- +http://stopdataretention.be/ to remind elected representatives that George Orwell’s « 1984 » book was a fiction novel, not an instruction manual. + +(Originally on Twitter: [Wed Mar 05 07:20:34 +0000 2014](https://twitter.com/adulau/status/441111009135038464)) +---- +@y0m newspeak and novlang are already part of our society... and maybe monitoring too. We are just too late ;-( + +(Originally on Twitter: [Wed Mar 05 08:09:05 +0000 2014](https://twitter.com/adulau/status/441123217785114625)) +---- +RT @matthew_d_green: Quick summary of today's side-channel news: don't use ECDSA anywhere. Don't put your Bitcoin wallet on a shared comput… + +(Originally on Twitter: [Wed Mar 05 15:44:28 +0000 2014](https://twitter.com/adulau/status/441237818120351744)) +---- +When you design reset password procedure, don't forget NSA X-Keyscore or similar technologies. The threat is not null. + +(Originally on Twitter: [Wed Mar 05 15:45:40 +0000 2014](https://twitter.com/adulau/status/441238122072797184)) +---- +Choosing a nickname is hard especially when the name needs to be real... + +(Originally on Twitter: [Fri Mar 07 07:27:09 +0000 2014](https://twitter.com/adulau/status/441837441788706816)) +---- +working on a new challenge for @DragonResearch it might be a bit more difficult than http://dragonresearchgroup.org/challenges/201402/ the last one I did. + +(Originally on Twitter: [Mon Mar 10 22:01:34 +0000 2014](https://twitter.com/adulau/status/443144658357870592)) +---- +RT @circl_lu: @virusbtn @efiliol You can contact CERTs of each respective countries to inform the victims. This is standard responsible dis… + +(Originally on Twitter: [Tue Mar 11 14:38:19 +0000 2014](https://twitter.com/adulau/status/443395500570869760)) +---- +@leifnixon @circl_lu @virusbtn Yes but I really hope that @efiliol contacted the CERTs if he really founds some vulnerable ICS devices... + +(Originally on Twitter: [Tue Mar 11 15:22:41 +0000 2014](https://twitter.com/adulau/status/443406665812283392)) +---- +An arrow between Turla and Red October to say there is no relation... maybe just remove it ;-) @mikko https://www.securelist.com/en/images/pictures/klblog/8194.png + +(Originally on Twitter: [Wed Mar 12 16:03:21 +0000 2014](https://twitter.com/adulau/status/443779285485367297)) +---- +When NSA mentions "Internet Cloud" in their slides it's not cloud services as you would expect... +https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware/ + +(Originally on Twitter: [Wed Mar 12 19:28:07 +0000 2014](https://twitter.com/adulau/status/443830815404085249)) +---- +RT @circl_lu: Another good example of there is no "small infection", NSA has been hijacking other botnets http://www.wired.com/threatlevel/2014/03/nsa-botnet/ + +(Originally on Twitter: [Thu Mar 13 07:10:55 +0000 2014](https://twitter.com/adulau/status/444007682551603200)) +---- +"NTIA Announces Intent to Transition Key Internet Domain Name Functions" Good or bad news? this depends of us. http://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-name-functions + +(Originally on Twitter: [Sat Mar 15 09:56:51 +0000 2014](https://twitter.com/adulau/status/444774217478078464)) +---- +@addelindh @fl1bbl3 @gsuberland @botherder Now I understand why there are so much PoisonIvy RAT badly configured... + +(Originally on Twitter: [Sat Mar 15 10:33:50 +0000 2014](https://twitter.com/adulau/status/444783524441509888)) +---- +@msuiche The "Is it a film?" from @justinbieber might be translated into @thegrugq #OPSEC advices as "Is it a Turing machine?" + +(Originally on Twitter: [Sun Mar 16 08:00:22 +0000 2014](https://twitter.com/adulau/status/445107290153451520)) +---- +RT @vloquet: . @Botconf 2014 CFP is now open: https://www.botconf.eu/ The main change this year is that the conference will last three days… + +(Originally on Twitter: [Tue Mar 18 18:38:06 +0000 2014](https://twitter.com/adulau/status/445992556804177920)) +---- +Just finished the questions for the exam of my students. I used leaked pasties for some questions... Curious about the answers. + +(Originally on Twitter: [Tue Mar 18 20:15:35 +0000 2014](https://twitter.com/adulau/status/446017090286526464)) +---- +@H_Miser @schreckthomas I'll share the example/questions after the exam of Today. + +(Originally on Twitter: [Wed Mar 19 05:31:00 +0000 2014](https://twitter.com/adulau/status/446156864787873793)) +---- +A nice presentation of @DennisRand using EICAR test virus for offensive and defensive usage at #4GHCON. + +(Originally on Twitter: [Fri Mar 21 10:53:04 +0000 2014](https://twitter.com/adulau/status/446962689764769792)) +---- +@ncaproni @tomchop_ I really like it. Maybe we should make yara rules to find those terms in all malware repos? @r00tbsd + +(Originally on Twitter: [Fri Mar 21 13:37:43 +0000 2014](https://twitter.com/adulau/status/447004126892023808)) +---- +@r00tbsd Wonderful. If you see a hit, let us know! @ncaproni @tomchop_ + +(Originally on Twitter: [Fri Mar 21 13:59:14 +0000 2014](https://twitter.com/adulau/status/447009541998538752)) +---- +"Utility to find AES keys in running processes" https://github.com/mmozeiko/aes-finder #crypto #infosec + +(Originally on Twitter: [Fri Mar 21 16:48:31 +0000 2014](https://twitter.com/adulau/status/447052144068526080)) +---- +Don't mix-up #NSS2014 and #NSS2014 http://anss.org.au/nss2014/ There is one for security research and one for applied computer net exploitation + +(Originally on Twitter: [Sun Mar 23 06:52:08 +0000 2014](https://twitter.com/adulau/status/447626836030521344)) +---- +@koenrh I hope they also analysed the source code to find the "other" backdoors and notified the critical customers of Huawei ;-) @mrkoot + +(Originally on Twitter: [Sun Mar 23 10:00:42 +0000 2014](https://twitter.com/adulau/status/447674287336751104)) +---- +@OlDll I thought you talked about AXIOME the German electro band http://www.discogs.com/artist/13261-Axiome with a different style ;-) @archiveofficial + +(Originally on Twitter: [Sun Mar 23 10:07:54 +0000 2014](https://twitter.com/adulau/status/447676100844736512)) +---- +@koenrh Indeed the work of @41414141 http://conference.hackinthebox.org/hitbsecconf2012kul/materials/D2T3%20-%20Felix%20FX%20Lindner%20-%20Hacking%20Huawei%20VRP.pdf showed that the backdoor topic was somehow exaggerated. @mrkoot + +(Originally on Twitter: [Sun Mar 23 10:14:19 +0000 2014](https://twitter.com/adulau/status/447677713651081216)) +---- +@Keltounet The tool uses the property of AES key expansion by computing the probable schedule for each offet and test if it matchs @H_Miser + +(Originally on Twitter: [Sun Mar 23 14:32:04 +0000 2014](https://twitter.com/adulau/status/447742581813051392)) +---- +@Keltounet If you want an explanation of AES key schedule described for each key size http://www.samiam.org/key-schedule.html @H_Miser + +(Originally on Twitter: [Sun Mar 23 14:34:48 +0000 2014](https://twitter.com/adulau/status/447743267967606784)) +---- +@Serianox_ For white-boxed AES, brute-forcing memory will not be practical. Check @hack_lu 2009 reversing challenge. @Keltounet @H_Miser + +(Originally on Twitter: [Sun Mar 23 14:51:31 +0000 2014](https://twitter.com/adulau/status/447747476066684928)) +---- +@ralphholz I suppose the proportion of SSH/SSL per routable prefixe is very different depending of the ASN (hosting company, company, ISP)? + +(Originally on Twitter: [Sun Mar 23 14:54:11 +0000 2014](https://twitter.com/adulau/status/447748144429035520)) +---- +@ralphholz Sure. AS16276 (OVH) and AS5432 (Belgacom). So one hosting company and one country-wide provider. Thx. + +(Originally on Twitter: [Sun Mar 23 15:00:37 +0000 2014](https://twitter.com/adulau/status/447749765628182528)) +---- +@ralphholz It seems to make sense. SSH is the main way for their customers to access their servers. For SSL, due to the customers profile? + +(Originally on Twitter: [Sun Mar 23 15:30:24 +0000 2014](https://twitter.com/adulau/status/447757259612119040)) +---- +@ralphholz Right. It could be even the statement under the logo of their company... + +(Originally on Twitter: [Sun Mar 23 15:51:09 +0000 2014](https://twitter.com/adulau/status/447762481059213312)) +---- +RT @mattblaze: Been amusing myself looking for 1-2 GHz implant "illuminator" signals in midtown Manhattan. + +(Originally on Twitter: [Sun Mar 23 16:47:26 +0000 2014](https://twitter.com/adulau/status/447776644733104128)) +---- +"How To Dissect Android Flappy Bird Malware" http://securehoney.net/blog/how-to-dissect-android-flappy-bird-malware.html + +(Originally on Twitter: [Sun Mar 23 19:06:27 +0000 2014](https://twitter.com/adulau/status/447811631926738945)) +---- +RT @K4sperle: Pandora's Bochs now available on github: https://github.com/flowztul/pandoras_bochs + +(Originally on Twitter: [Sun Mar 23 21:40:12 +0000 2014](https://twitter.com/adulau/status/447850322854424576)) +---- +RT @circl_lu: stunnel before 5.00 does not properly update the state of the OpenSSL pseudo-random number generator (PRNG) http://t.co/tOryH… + +(Originally on Twitter: [Tue Mar 25 07:17:20 +0000 2014](https://twitter.com/adulau/status/448357953360637952)) +---- +@michaelhoste @StephDefreyne BNIX optical problem at Belgacom side. https://twitter.com/olesovhcom/status/448467018669633536 + +(Originally on Twitter: [Wed Mar 26 05:38:37 +0000 2014](https://twitter.com/adulau/status/448695497243774976)) +---- +Practical example of Unicode and wildcard certificate validation vulnerability in Mozilla NSS http://cve.circl.lu/cve/CVE-2014-1492 + +(Originally on Twitter: [Wed Mar 26 08:28:34 +0000 2014](https://twitter.com/adulau/status/448738267215978496)) +---- +Even gizmo learns about useful predefined pseudo-registers in WinDbg from @brucedang practical reverse engineering ![](media/448927117032431616-Bjro1Z0CIAE1sYs.jpg) + +(Originally on Twitter: [Wed Mar 26 20:59:00 +0000 2014](https://twitter.com/adulau/status/448927117032431616)) +---- +Hunting Vulnerabilities with Graph Databases http://mlsec.org/joern/docs/2014-inbot.pdf + +(Originally on Twitter: [Thu Mar 27 07:59:50 +0000 2014](https://twitter.com/adulau/status/449093425091342336)) +---- +RT @sergeybratus: Deadlines for WOOT 2014 posted: https://www.usenix.org/conference/woot14 . Time to start planning your submissions :) + +(Originally on Twitter: [Sun Mar 30 08:21:46 +0000 2014](https://twitter.com/adulau/status/450186107603648512)) +---- +Another OpenSSL function to add in the not yet documented man page of OpenSSL... SSL_CTX_set_default_verify_paths() + +(Originally on Twitter: [Sun Mar 30 20:26:54 +0000 2014](https://twitter.com/adulau/status/450368593306591232)) +---- +@eromang I'm curious about the real detection rate of BlackPOS/Dexter before the breach was really known. + +(Originally on Twitter: [Sun Mar 30 20:33:21 +0000 2014](https://twitter.com/adulau/status/450370214950359040)) +---- +@curtw If we know the date of first detection by the organization, we could check the known MD5 against VirusTotal at that date. @eromang + +(Originally on Twitter: [Mon Mar 31 04:40:36 +0000 2014](https://twitter.com/adulau/status/450492837470433280)) +---- +@curtw Nope. Maybe one from the lists in http://krebsonsecurity.com/wp-content/uploads/2014/01/Inside-a-Targeted-Point-of-Sale-Data-Breach.pdf or even http://usa.visa.com/download/merchants/Bulletin__Memory_Parser_Update_082013.pdf @eromang + +(Originally on Twitter: [Mon Mar 31 06:19:58 +0000 2014](https://twitter.com/adulau/status/450517840282796032)) +---- +They should stop listening to the sirens of SIEM. You can not reduce the data without knowing what the attacker will use. #loganalysis + +(Originally on Twitter: [Mon Mar 31 21:04:22 +0000 2014](https://twitter.com/adulau/status/450740410768703488)) +---- +@mikko Do they still drop the same stage 3 MiniDuke binary? http://www.circl.lu/pub/tr-14/ + +(Originally on Twitter: [Tue Apr 01 12:27:39 +0000 2014](https://twitter.com/adulau/status/450972759628480512)) +---- +@TimoHirvonen The stage 1-2 downloaders are usually changing quite often but the stage 3 is always the same (to my knowledge). @mikko + +(Originally on Twitter: [Tue Apr 01 17:31:09 +0000 2014](https://twitter.com/adulau/status/451049138378264576)) +---- +Before implementing a new graph algorithm in the wonderful networkx better check the current pull queue... https://github.com/networkx/networkx/pulls + +(Originally on Twitter: [Tue Apr 01 21:44:50 +0000 2014](https://twitter.com/adulau/status/451112978835070976)) +---- +RFC 7169 "The No Secrecy Afforded Certificate Extension" This RFC might be useful after the 1st April... +http://tools.ietf.org/html/rfc7169 + +(Originally on Twitter: [Wed Apr 02 09:46:18 +0000 2014](https://twitter.com/adulau/status/451294542747435008)) +---- +RT @circl_lu: In addition to @teamcymru IP ASN whois CIRCL released a public IP ASN mapping whois service with 4 years history http://t.co/… + +(Originally on Twitter: [Wed Apr 02 12:38:52 +0000 2014](https://twitter.com/adulau/status/451337969446957056)) +---- +@ALEC_EMPIRE I thought you had your twitter account compromised while reading this tweet. Maybe Hieronymus Bosch is a counter example. + +(Originally on Twitter: [Wed Apr 02 18:13:10 +0000 2014](https://twitter.com/adulau/status/451422102596636672)) +---- +"Volatility Interface to the Binary Analysis Platform" Never tested but the CFG part seems really nice. https://bitbucket.org/carlpulley/libbap/wiki/Home + +(Originally on Twitter: [Thu Apr 03 17:01:35 +0000 2014](https://twitter.com/adulau/status/451766475234496512)) +---- +A nifty online pcap analysis service using Suricata IDS as back-end https://www.networktotal.com/ cc @OISFoundation @Regiteric + +(Originally on Twitter: [Fri Apr 04 07:57:34 +0000 2014](https://twitter.com/adulau/status/451991953736224768)) +---- +RT @y0m: @adulau @OISFoundation @Regiteric - If you lile bubbles you can also use http://demo.pcap2bubbles.com. With more features to come soon. + +(Originally on Twitter: [Fri Apr 04 08:18:27 +0000 2014](https://twitter.com/adulau/status/451997209505333248)) +---- +Sometime software or hardware looks like to old and abandoned places... #photography https://www.flickr.com/photos/adulau/13673166513/ + +(Originally on Twitter: [Sun Apr 06 18:23:38 +0000 2014](https://twitter.com/adulau/status/452874287683493889)) +---- +Various good advices for malware authors if they want to evade @fireeye products like parser errors or old exploits https://www.nsslabs.com/blog/dont-shoot-messenger + +(Originally on Twitter: [Sun Apr 06 19:46:28 +0000 2014](https://twitter.com/adulau/status/452895133642805249)) +---- +RT @pinkflawd: RT @adulau https://www.nsslabs.com/blog/dont-shoot-messenger - “corrupted” is code for “it didn’t run in our sandbox” - next round NSS vs. Fireeye + +(Originally on Twitter: [Sun Apr 06 20:01:35 +0000 2014](https://twitter.com/adulau/status/452898937092190209)) +---- +@0xtero @Regiteric Indeed and you just hope that the 7zip part doesn't also include a nifty payload for their qemu^H^H^H vm part. + +(Originally on Twitter: [Sun Apr 06 20:08:28 +0000 2014](https://twitter.com/adulau/status/452900667645243392)) +---- +RT @circl_lu: Panopticon - A System for a Network of Trusted Proxy Servers for CERTs and incident handlers https://www.circl.lu/projects/panopticon/ + +(Originally on Twitter: [Mon Apr 07 07:06:18 +0000 2014](https://twitter.com/adulau/status/453066219235840000)) +---- +RT @circl_lu: OpenSSL Heartbeat Critical Vulnerability list of affected Linux distributions updated #Heartbleed http://www.circl.lu/pub/tr-21/ + +(Originally on Twitter: [Tue Apr 08 12:11:13 +0000 2014](https://twitter.com/adulau/status/453505339074576384)) +---- +RT @janmuenther: While you're all patching your servers, let's take our hats off and have a minute of silence for all those appliances that… + +(Originally on Twitter: [Tue Apr 08 15:43:37 +0000 2014](https://twitter.com/adulau/status/453558792991825920)) +---- +RT @circl_lu: discovered that our internal NAS is also vulnerable to CVE-2014-0160. Don't forget to check your internal devices! http://t.c… + +(Originally on Twitter: [Wed Apr 09 07:11:41 +0000 2014](https://twitter.com/adulau/status/453792349215526912)) +---- +RT @jedisct1: Using masscan to scan for heartbleed vulnerability http://blog.erratasec.com/2014/04/using-masscan-to-scan-for-heartbleed.html + +(Originally on Twitter: [Wed Apr 09 07:11:46 +0000 2014](https://twitter.com/adulau/status/453792368203153408)) +---- +RT @circl_lu: OpenSSL Heartbeat Critical Vulnerability updated to include the special case of Ubuntu 13.04 (Canonical policy) http://t.co/… + +(Originally on Twitter: [Wed Apr 09 15:05:43 +0000 2014](https://twitter.com/adulau/status/453911642456465408)) +---- +On my yesterday run of CRL monitoring, I see an increase of revocations. But I don't see an improvement of the reasons described.... + +(Originally on Twitter: [Wed Apr 09 20:15:14 +0000 2014](https://twitter.com/adulau/status/453989536809648128)) +---- +"Attempts to abuse OpenSSL clients that are vulnerable to Heartbleed" I see honeypot opportunities ;-) https://github.com/Lekensteyn/pacemaker + +(Originally on Twitter: [Wed Apr 09 20:40:27 +0000 2014](https://twitter.com/adulau/status/453995881474568192)) +---- +So my VoIP provider got an obscure TLS interface to the billing services and the memory dumps are quite useful to negotiate a new rate ;-) + +(Originally on Twitter: [Wed Apr 09 20:46:28 +0000 2014](https://twitter.com/adulau/status/453997395714777089)) +---- +RT @circl_lu: Are OpenSSL clients vulnerable to #heartbleed too? Yes there are. Check our updated document. +http://www.circl.lu/pub/tr-21/#are-openssl-clients-vulnerable-too + +(Originally on Twitter: [Thu Apr 10 08:21:18 +0000 2014](https://twitter.com/adulau/status/454172257037070336)) +---- +It seems that EFF talks about this subnet http://bgpranking.circl.lu/asn_details?asn=50073;ip_details=193.104.110.0/24 https://www.eff.org/deeplinks/2014/04/wild-heart-were-intelligence-agencies-using-heartbleed-november-2013 cc/ @EFF @rafi0t + +(Originally on Twitter: [Thu Apr 10 18:14:16 +0000 2014](https://twitter.com/adulau/status/454321480227389442)) +---- +@EFF You should have a look at the same company that was bankrupt before the AS number creation ;-) https://or.justice.cz/ias/ui/pdf-$vypis.pdf?subjektId=isor%3a266230&typ=full&klic=vple9p + +(Originally on Twitter: [Thu Apr 10 20:57:31 +0000 2014](https://twitter.com/adulau/status/454362564080992256)) +---- +"Is an Operating System Monoculture a Threat to Security?" by Dan Geer... This is applicable to crypto libraries too. +http://www.std.com/~geer/geer.debate.open.30vi04.txt + +(Originally on Twitter: [Fri Apr 11 06:55:46 +0000 2014](https://twitter.com/adulau/status/454513118690168832)) +---- +@veorq Maybe you could extend bulk_extractor with your tool? https://github.com/simsong/bulk_extractor @peterhoneyman + +(Originally on Twitter: [Sun Apr 13 18:51:43 +0000 2014](https://twitter.com/adulau/status/455418068689494018)) +---- +"Stack-based buffer overflow in a certain decryption function in qconnDoor on Blackberry Z10..." an interesting bug. +http://cve.circl.lu/cve/CVE-2014-2389 + +(Originally on Twitter: [Sun Apr 13 18:54:51 +0000 2014](https://twitter.com/adulau/status/455418859097698304)) +---- +Sometime bugs in cryptographic libraries look like a TV set in the country-side https://www.flickr.com/photos/adulau/13830019825/ #photography + +(Originally on Twitter: [Sun Apr 13 20:12:02 +0000 2014](https://twitter.com/adulau/status/455438279043973121)) +---- +"Finding Cryptographic Keys in Physical Memory" Even if it's from 2008 still a good source of references. #crypto +http://www.diva-portal.org/smash/get/diva2:347635/FULLTEXT01.pdf + +(Originally on Twitter: [Sun Apr 13 21:00:57 +0000 2014](https://twitter.com/adulau/status/455450592979451904)) +---- +"A SECCOMP PageTable Dance Move for running trusted and untrusted code in the same process." https://github.com/cjdelisle/pagedancer + +(Originally on Twitter: [Mon Apr 14 07:49:05 +0000 2014](https://twitter.com/adulau/status/455613699265675264)) +---- +@lpenet Pourrais-tu expliquer la (ou les) différence de cette rhétorique avec celle de l'anschluss? @martin1975 @THD_IT + +(Originally on Twitter: [Mon Apr 14 08:03:30 +0000 2014](https://twitter.com/adulau/status/455617328731136000)) +---- +@lpenet On dirait une description des articles de la presse du 12 mars 1938 en Autriche. @martin1975 @THD_IT + +(Originally on Twitter: [Mon Apr 14 08:10:56 +0000 2014](https://twitter.com/adulau/status/455619200204427264)) +---- +RT @newsoft: L'implémentation des CRL devient beaucoup plus simple: "if (key_generation_date < April 2014) then blacklist;" http://t.co/ijW… + +(Originally on Twitter: [Mon Apr 14 19:17:37 +0000 2014](https://twitter.com/adulau/status/455786973702393857)) +---- +@Fr333k Congrats! Is the paper already available as draft before the conf? + +(Originally on Twitter: [Mon Apr 14 19:36:59 +0000 2014](https://twitter.com/adulau/status/455791847420735488)) +---- +@FredericJacobs with the NSA or one of the 200 similar organizations? @matthew_d_green + +(Originally on Twitter: [Tue Apr 15 19:42:00 +0000 2014](https://twitter.com/adulau/status/456155497788231680)) +---- +RT @gN3mes1s: #PASM : X86-64 (#AMD64) #Assembler working in web #browser and #nodejs - http://pasm.pis.to/ + +(Originally on Twitter: [Thu Apr 17 19:48:28 +0000 2014](https://twitter.com/adulau/status/456881903732535296)) +---- +RT @circl_lu: SAP Router password timing attack could allow an unauthenticated remote attacker to obtain passwords http://www.coresecurity.com/advisories/sap-router-password-timing-attack#sthash.8r2SiQkN.dpufhttp://www.coresecurity.com/advisories/sap-router-password-timing-attack + +(Originally on Twitter: [Fri Apr 18 06:03:05 +0000 2014](https://twitter.com/adulau/status/457036576930140160)) +---- +Funny ISP with abuse email address bouncing with a permanent error (for the abuse user ;-) but still reading and replying to the mail... + +(Originally on Twitter: [Fri Apr 18 08:17:46 +0000 2014](https://twitter.com/adulau/status/457070467812429824)) +---- +@mailforlen and what about LIBE committee at EP? Not really matching the pattern ... http://www.europarl.europa.eu/document/activities/cont/201403/20140307ATT80674/20140307ATT80674EN.pdf + +(Originally on Twitter: [Fri Apr 18 08:52:56 +0000 2014](https://twitter.com/adulau/status/457079317554790400)) +---- +@blackswanburst You know the security notifications never sleep. But I suppose you enjoyed the mix of TLS and ICS equipments recently? ;-) + +(Originally on Twitter: [Fri Apr 18 08:57:36 +0000 2014](https://twitter.com/adulau/status/457080494753325057)) +---- +RT @botherder: Revisiting Mac OS X Kernel Rootkits http://phrack.org/papers/revisiting-mac-os-x-kernel-rootkits.html good #Phrack read by @osxreverser + +(Originally on Twitter: [Sat Apr 19 12:37:31 +0000 2014](https://twitter.com/adulau/status/457498226938359808)) +---- +"QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update" funky. http://cve.circl.lu/cve/CVE-2014-0150 + +(Originally on Twitter: [Sat Apr 19 19:41:34 +0000 2014](https://twitter.com/adulau/status/457604940220084224)) +---- +@explanoit Indeed or Line of Better exploitation ;-) + +(Originally on Twitter: [Sat Apr 19 19:46:04 +0000 2014](https://twitter.com/adulau/status/457606073449717760)) +---- +@Shiftreduce Yes, wondering how many "security" products rely on qemu code base. I should dig in my old code base to fuzz the ARP proto. + +(Originally on Twitter: [Sat Apr 19 19:54:26 +0000 2014](https://twitter.com/adulau/status/457608181137801217)) +---- +@jedisct1 Thanks. Do you have a link where we could grab all the compromised sites in a machine-readable format (like JSON)? + +(Originally on Twitter: [Sun Apr 20 06:21:41 +0000 2014](https://twitter.com/adulau/status/457766032997093376)) +---- +RT @jedisct1: RT @sevenps: Nice, cross-VM AES cache-timing key recovery attacks: http://eprint.iacr.org/2014/248 + +(Originally on Twitter: [Sun Apr 20 16:00:19 +0000 2014](https://twitter.com/adulau/status/457911650738528256)) +---- +RT @rebroff: Due to a security leak, your biometric data may have been compromised. We recommend that you change your fingerprints as soon … + +(Originally on Twitter: [Mon Apr 21 18:06:21 +0000 2014](https://twitter.com/adulau/status/458305753485692930)) +---- +"NIST is proposing the removal of the Dual Elliptic Curve Deterministic Random Bit Generator" http://csrc.nist.gov/groups/ST/toolkit/800-90A-RFC.html + +(Originally on Twitter: [Mon Apr 21 21:10:50 +0000 2014](https://twitter.com/adulau/status/458352182518378497)) +---- +@tqbf C'est plutôt une feuille de camellia sinensis. + +(Originally on Twitter: [Mon Apr 21 21:12:27 +0000 2014](https://twitter.com/adulau/status/458352588837388288)) +---- +Now you have an opportunity to use Java ;-) http://cve.circl.lu/cve/CVE-2013-6469 + +(Originally on Twitter: [Wed Apr 23 12:48:09 +0000 2014](https://twitter.com/adulau/status/458950454287024128)) +---- +"Heartbleed as Metaphor" and why we need diversity in software for security stability. +http://www.lawfareblog.com/2014/04/heartbleed-as-metaphor/?ModPagespeed=noscript + +(Originally on Twitter: [Wed Apr 23 20:26:34 +0000 2014](https://twitter.com/adulau/status/459065816290701312)) +---- +RT @circl_lu: CIRCL TR-23 Analysis of an updated variant of NetWiredRC malware (RAT) #malware #analysis #infosec http://www.circl.lu/pub/tr-23/ + +(Originally on Twitter: [Thu Apr 24 10:03:08 +0000 2014](https://twitter.com/adulau/status/459271314822672384)) +---- +"CHIPSEC is a framework for analyzing security of PC including hardware, system firmware including BIOS/UEFI" https://github.com/chipsec/chipsec + +(Originally on Twitter: [Fri Apr 25 07:07:07 +0000 2014](https://twitter.com/adulau/status/459589405788106752)) +---- +just added @D2Sec feed to cve-search https://github.com/adulau/cve-search #infosec #cve + +(Originally on Twitter: [Sat Apr 26 06:48:43 +0000 2014](https://twitter.com/adulau/status/459947163477635072)) +---- +RT @fredraynal: [JOB] On (@quarkslab) recherche un responsable scientifique Sécurité informatique dans une boîte dynamique http://t.co/Fm8V… + +(Originally on Twitter: [Sat Apr 26 07:35:50 +0000 2014](https://twitter.com/adulau/status/459959020712132608)) +---- +http://www.quarkslab.com/fr-aboutus#careers Usually I don't recommend any job position in infosec but @quarkslab it's a different story. @fredraynal + +(Originally on Twitter: [Sat Apr 26 07:39:12 +0000 2014](https://twitter.com/adulau/status/459959865767899136)) +---- +RT @hack_lu: hack.lu 2014 will take place 21-23 October (10 years edition) - call for paper will be open very soon. #hacklu #infosec #confe… + +(Originally on Twitter: [Sun Apr 27 15:41:53 +0000 2014](https://twitter.com/adulau/status/460443726708760576)) +---- +authentication protocol bypass of @telegram http://cert.inteco.es/extfrontinteco/img/File/intecocert/EstudiosInformes/INT_Telegram_EN.pdf + +(Originally on Twitter: [Mon Apr 28 17:49:34 +0000 2014](https://twitter.com/adulau/status/460838246982090753)) +---- +@ivanristic ChaCha cipher commited by Adam Langley the 10/2013 http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a8646510b @jedisct1 @dchest + +(Originally on Twitter: [Thu May 01 20:20:37 +0000 2014](https://twitter.com/adulau/status/461963421224034304)) +---- +RT @circl_lu: Buffer overflow in Cisco TelePresence TC allows remote attackers to execute arbitrary code via crafted SIP packets http://t.c… + +(Originally on Twitter: [Fri May 02 14:03:54 +0000 2014](https://twitter.com/adulau/status/462231008692428801)) +---- +@csoghoian What's your opinion regarding the updated Wassenaar arrangement against "surveillance technology"? Looks like a new crypto ban? + +(Originally on Twitter: [Sat May 03 05:34:35 +0000 2014](https://twitter.com/adulau/status/462465222633349120)) +---- +dnstap is a flexible, structured binary log format for DNS software. http://dnstap.info/ + +(Originally on Twitter: [Tue May 06 06:05:06 +0000 2014](https://twitter.com/adulau/status/463560064750874624)) +---- +@olesovhcom and security wise? Virtualization is an increase risk of weak random source, leaking key materials. Stick to physical systems. + +(Originally on Twitter: [Wed May 07 16:36:31 +0000 2014](https://twitter.com/adulau/status/464081351348867073)) +---- +RT @ErrataRob: No, McAfee violated no ethics scraping OSVDB http://blog.erratasec.com/2014/05/no-mcafee-didnt-violate-ethics-scraping.html#.U2rTaa1dWf8 + +(Originally on Twitter: [Thu May 08 12:17:41 +0000 2014](https://twitter.com/adulau/status/464378604928126976)) +---- +Good news for every organizations doing computer and network exploitation in Belgium... no budget for infosec. +http://www.lesoir.be/538864/article/actualite/belgique/elections-2014/2014-05-08/10-millions-non-liberes-pour-cybersecurite-extremement-inquietant-se + +(Originally on Twitter: [Fri May 09 08:09:53 +0000 2014](https://twitter.com/adulau/status/464678631193989122)) +---- +RT @veorq: StirFS uses SHA-256 for AES key derivation, plenty of strcpy's, etc.; maybe not that secure http://www.normalesup.org/~bisson/src/stirfs-1.4.c + +(Originally on Twitter: [Sat May 10 06:29:23 +0000 2014](https://twitter.com/adulau/status/465015725208645633)) +---- +RT @inliniac: RT @LockheedMartin: Malware, beware. See how we're taking the next step in open source #cybersecurity: http://lmt.co/1mFTcFZ… + +(Originally on Twitter: [Sat May 10 21:00:30 +0000 2014](https://twitter.com/adulau/status/465234951185920000)) +---- +@bortzmeyer Excellent question and that's valid for all packet captures. I did netbeacon to test the captures https://github.com/adulau/netbeacon + +(Originally on Twitter: [Sun May 11 08:32:24 +0000 2014](https://twitter.com/adulau/status/465409071932514304)) +---- +@bortzmeyer By the way, will you stay Monday and Tuesday for honeynet project workshops http://warsaw2014.honeynet.org/ ? + +(Originally on Twitter: [Sun May 11 08:45:09 +0000 2014](https://twitter.com/adulau/status/465412283385249792)) +---- +Want to know the link between network typographic errors and a non-democratic country doing interception? see you @ProjectHoneynet workshop + +(Originally on Twitter: [Sun May 11 09:47:16 +0000 2014](https://twitter.com/adulau/status/465427913501081600)) +---- +@Sebdraven @bortzmeyer Just arrived... see you tomorrow. + +(Originally on Twitter: [Sun May 11 21:02:25 +0000 2014](https://twitter.com/adulau/status/465597822432063488)) +---- +RT @miguelraulb: #Honeynet2014 Conclusions about outcomes monitoring Blackhole and Darknets by @adulau ![](media/465849342465540096-BnblOTiIQAERK8W.jpg) + +(Originally on Twitter: [Mon May 12 13:41:52 +0000 2014](https://twitter.com/adulau/status/465849342465540096)) +---- +Thanks to @secviz to make the #davix toolset build available in git. https://github.com/secviz/davix A good basis for #infovis labs. + +(Originally on Twitter: [Tue May 13 17:02:01 +0000 2014](https://twitter.com/adulau/status/466262098335395840)) +---- +"Check your supply chain" might be the new mantra for infosec in the next weeks... especially for network equipments. + +(Originally on Twitter: [Tue May 13 17:23:12 +0000 2014](https://twitter.com/adulau/status/466267429845606400)) +---- +RT @botherder: Having good discussions and making lots of code here at @ProjectHoneynet workshop. + +(Originally on Twitter: [Thu May 15 14:37:29 +0000 2014](https://twitter.com/adulau/status/466950501272391680)) +---- +@xme @FredericJacobs Don't forget it's just media. Everyone is feeding media with information including "intelligence agencies". + +(Originally on Twitter: [Thu May 15 14:40:54 +0000 2014](https://twitter.com/adulau/status/466951362329477120)) +---- +If you need to review UEFI and Secure Boot for Windows system forensic, there is a good start with powershell http://technet.microsoft.com/en-us/library/jj603042.aspx + +(Originally on Twitter: [Thu May 15 15:27:26 +0000 2014](https://twitter.com/adulau/status/466963070393528320)) +---- +Meterpreter Kiwi Extension: Golden Ticket HOWTO using #mimikatz +http://blog.strategiccyber.com/2014/05/14/meterpreter-kiwi-extension-golden-ticket-howto/ + +(Originally on Twitter: [Fri May 16 06:54:55 +0000 2014](https://twitter.com/adulau/status/467196481523286016)) +---- +RT @Sebdraven: another great tool http://pl.honeynet.org/Heisenberg #honeynet2014 + +(Originally on Twitter: [Fri May 16 09:31:33 +0000 2014](https://twitter.com/adulau/status/467235897021169664)) +---- +"PExy: The other side of Exploit Kits" cc @Xylit0l @kafeine http://cs.ucsb.edu/~kapravel/publications/dimva14_pexy.pdf + +(Originally on Twitter: [Fri May 16 09:44:41 +0000 2014](https://twitter.com/adulau/status/467239204234485760)) +---- +"A non-Windows executable contains win32 API functions names" it seems to work well https://malwr.com/analysis/N2JmZTExMWZhZDQ1NDAxMDg4YzlhZGQ4YWFiNDUxMzA/ + +(Originally on Twitter: [Fri May 16 15:54:28 +0000 2014](https://twitter.com/adulau/status/467332260124176384)) +---- +"Frankencert - Adversarial Testing of Certificate Validation in SSL/TLS Implementations" https://github.com/sumanj/frankencert + +(Originally on Twitter: [Sat May 17 07:21:42 +0000 2014](https://twitter.com/adulau/status/467565605722128384)) +---- +@edwardmccabe Where will be these passwords? in a Word document in clear-text (-> much easier for the attackers) Is it better? @MalwareJake + +(Originally on Twitter: [Sat May 17 15:53:50 +0000 2014](https://twitter.com/adulau/status/467694490841776128)) +---- +@securityaffairs Regulation of malware usage won't help because the attackers don't care and the security researchers will be hurt. + +(Originally on Twitter: [Mon May 19 12:35:48 +0000 2014](https://twitter.com/adulau/status/468369430502580224)) +---- +RT @circl_lu: Darknet and blackhole monitoring presentation given last week @ProjectHoneynet workshop in Warsaw http://www.circl.lu/assets/files/circl-blackhole-honeynetworkshop2014.pdf + +(Originally on Twitter: [Mon May 19 20:42:28 +0000 2014](https://twitter.com/adulau/status/468491902736941056)) +---- +If U.S. charges Chinese military hackers, how do they differentiate the non-chinese attackers who abuse the Chinese infrastructure? + +(Originally on Twitter: [Mon May 19 20:45:20 +0000 2014](https://twitter.com/adulau/status/468492623037349888)) +---- +@PierreDeruelle Bruxelles héberge plusieurs structures locales, nationales, européennes et internationales. Il parle de laquelle? + +(Originally on Twitter: [Mon May 19 20:49:10 +0000 2014](https://twitter.com/adulau/status/468493589019127809)) +---- +It's strange to see a diagram in a meeting where work is replaced by "wok". I might be in the wrong meeting. + +(Originally on Twitter: [Tue May 20 12:14:48 +0000 2014](https://twitter.com/adulau/status/468726532794761216)) +---- +RT @circl_lu: CIRCL Malware Information Sharing Platform (MISP) for the private sectors and accredited CERTs #ioc #infosec #sharing http://… + +(Originally on Twitter: [Tue May 20 12:32:35 +0000 2014](https://twitter.com/adulau/status/468731009228611584)) +---- +RT @circl_lu: A new version of CIRCLean USB key sanitizer released. A hardware device to clean documents from untrusted USB sticks. http://… + +(Originally on Twitter: [Wed May 21 09:50:41 +0000 2014](https://twitter.com/adulau/status/469052650890481664)) +---- +@ioerror Suricata but I might be biased. cc @OISFoundation + +(Originally on Twitter: [Wed May 21 10:10:17 +0000 2014](https://twitter.com/adulau/status/469057583979175936)) +---- +RT @hack_lu: Call for papers for @hack_lu 2014 is now open http://2014.hack.lu/cfp/ - http://2014.hack.lu/cfp.txt #hacklu #infosec #conference #CFP + +(Originally on Twitter: [Fri May 23 19:58:49 +0000 2014](https://twitter.com/adulau/status/469930470726463491)) +---- +RT @circl_lu: Technical Analysis of CVE-2014-0515 Adobe Flash Player Exploit http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Technical-Analysis-of-CVE-2014-0515-Adobe-Flash-Player-Exploit/ba-p/6482744#.U30fJ3b4Rdg> + +(Originally on Twitter: [Sat May 24 07:09:35 +0000 2014](https://twitter.com/adulau/status/470099273866944512)) +---- +RT @circl_lu: Insecure default in Elasticsearch enables remote code execution http://bouk.co/blog/elasticsearch-rce/ + +(Originally on Twitter: [Sat May 24 07:35:46 +0000 2014](https://twitter.com/adulau/status/470105861755392000)) +---- +RT @hack_lu: The wonderful team of @fluxfingers will organize again the hack.lu CTF (the 10 years edition) http://2014.hack.lu/index.php/CaptureTheFlag #CTF #hac… + +(Originally on Twitter: [Sat May 24 12:08:48 +0000 2014](https://twitter.com/adulau/status/470174574488080385)) +---- +@Fr333k Crypto-PAn and Encrypted Bloomfilters. + +(Originally on Twitter: [Mon May 26 10:07:01 +0000 2014](https://twitter.com/adulau/status/470868703546843137)) +---- +@ErrataRob Using the Jack Wolfskin J-PACK DE LUXE for years with 2 laptops and tons of crap. Rock-solid, raincover and back suspension. + +(Originally on Twitter: [Mon May 26 20:17:21 +0000 2014](https://twitter.com/adulau/status/471022296430542848)) +---- +RT @macfreak109: Followers & friends, @syn2cat needs a new space!Do you know some place we could use? Should be around 100m2 and affordable… + +(Originally on Twitter: [Tue May 27 11:28:51 +0000 2014](https://twitter.com/adulau/status/471251684992491520)) +---- +RT @doegox: #ECB is bad? Indeed it looks terrible, let's fix that with ElectronicColoringBook.py! https://doegox.github.io/ElectronicColoringBook/ #crypto http://t.… + +(Originally on Twitter: [Tue May 27 16:14:51 +0000 2014](https://twitter.com/adulau/status/471323656275369985)) +---- +RT @circl_lu: Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 http://cve.circl.lu/cve/CVE-2014-3872 + +(Originally on Twitter: [Tue May 27 16:42:42 +0000 2014](https://twitter.com/adulau/status/471330668602200067)) +---- +@mashable @marciahofmann @micahflee Is the image of the keyring intended? Don't forget that you can make keys out of their pictures... + +(Originally on Twitter: [Tue May 27 16:55:43 +0000 2014](https://twitter.com/adulau/status/471333942621376514)) +---- +@micahflee @mashable @marciahofmann It depends if someone want to use your bike and then put it back ;-) + +(Originally on Twitter: [Tue May 27 18:31:49 +0000 2014](https://twitter.com/adulau/status/471358125891915776)) +---- +@DavidGlaude @ploum @Pour_EVA J'attends toujours le code source pour les elections 2014, pour rigoler -> http://www.foo.be/evotingisnotvoting/ + +(Originally on Twitter: [Tue May 27 18:53:38 +0000 2014](https://twitter.com/adulau/status/471363618471415808)) +---- +@Pour_EVA @DavidGlaude @ploum Exact... je suis presque sur que le(s) bug(s) étaient présents dans les versions précédentes. + +(Originally on Twitter: [Tue May 27 19:01:28 +0000 2014](https://twitter.com/adulau/status/471365587466481664)) +---- +Writing software is hard, writing secure software is much harder and writing secure software for electronic voting is impossible? #belgium + +(Originally on Twitter: [Tue May 27 19:04:51 +0000 2014](https://twitter.com/adulau/status/471366440248152064)) +---- +@_CLX Just like :() { :|:& }; : + +(Originally on Twitter: [Tue May 27 19:13:33 +0000 2014](https://twitter.com/adulau/status/471368631377752064)) +---- +"yet another tool for analysing binaries" including a computer algebra system... looks promising #reversing #python https://github.com/bdcht/amoco + +(Originally on Twitter: [Tue May 27 19:30:45 +0000 2014](https://twitter.com/adulau/status/471372959677157376)) +---- +@sam280 If you look at the code for the Belgian voting machines, you'll cry. + +(Originally on Twitter: [Tue May 27 19:39:34 +0000 2014](https://twitter.com/adulau/status/471375175771250688)) +---- +RT @circl_lu: Samba allows remote authenticated users to obtain potentially sensitive information from process memory http://cve.circl.lu/cve/CVE-2014-0178 + +(Originally on Twitter: [Wed May 28 08:14:05 +0000 2014](https://twitter.com/adulau/status/471565057332379648)) +---- +For the curious @DrWhax has a git repository with almost all truecrypt releases https://github.com/DrWhax/truecrypt-archive #TrueCrypt + +(Originally on Twitter: [Thu May 29 09:52:08 +0000 2014](https://twitter.com/adulau/status/471952121193963520)) +---- +If you are curious about the software used for the 2014 electronic voting in Belgium here is the torrent file... http://www.foo.be/evotingisnotvoting/source-2014/elections.torrent + +(Originally on Twitter: [Thu May 29 09:56:52 +0000 2014](https://twitter.com/adulau/status/471953310610911232)) +---- +RT @hack_lu: Don't forget that electronic voting is also one of the topic for the @hack_lu #CfP submit your researches. http://t.co/Ud1GtrO… + +(Originally on Twitter: [Thu May 29 18:17:38 +0000 2014](https://twitter.com/adulau/status/472079332706619392)) +---- +I'll double my donation to @Cryptomeorg kickstarter project if we can have a t-shirt ;-) + +(Originally on Twitter: [Thu May 29 20:28:24 +0000 2014](https://twitter.com/adulau/status/472112241387790336)) +---- +@Cryptomeorg Just put the design of the Cryptome t-shirt on the USB key along with the archives . We can print it ourself ;-) + +(Originally on Twitter: [Thu May 29 20:44:51 +0000 2014](https://twitter.com/adulau/status/472116381467828225)) +---- +@doegox Nope. The main problem is the description of the bug(s?) from the press and how to reproduce these. + +(Originally on Twitter: [Thu May 29 20:46:38 +0000 2014](https://twitter.com/adulau/status/472116831579545600)) +---- +CVE-2014-3466 seems another really cool bug in an SSL library. Thanks to @codenomicon for finding those bugs. + +(Originally on Twitter: [Fri May 30 20:45:43 +0000 2014](https://twitter.com/adulau/status/472478988007657472)) +---- +@kaizeronion Un bel anguis fragilis. C'est un super associé contre les limaces ;-) + +(Originally on Twitter: [Sat May 31 12:20:32 +0000 2014](https://twitter.com/adulau/status/472714239803920384)) +---- +@csoghoian "The freedom to run the program as you wish, for any purpose (freedom 0)." So you would restrict existing free software? + +(Originally on Twitter: [Sat May 31 15:52:58 +0000 2014](https://twitter.com/adulau/status/472767701799436288)) +---- +@thegrugq Everyone (should) know Marcel... + +(Originally on Twitter: [Sat May 31 16:17:17 +0000 2014](https://twitter.com/adulau/status/472773820978581504)) +---- +@thegrugq Because each time that you urinate, you might become part of his master piece. That's why everyone should know Marcel. + +(Originally on Twitter: [Sat May 31 16:22:22 +0000 2014](https://twitter.com/adulau/status/472775101193416706)) +---- +@thegrugq @seanhn Freedom of Speech in Software by Phil Salin in 1991 http://philsalin.com/patents.html @copiesofcopies + +(Originally on Twitter: [Sat May 31 16:31:10 +0000 2014](https://twitter.com/adulau/status/472777314183282688)) +---- +It seems that I might talk about "Recommendations for Malware Authors" at NCSC One Conference https://www.ncsc.nl/english/conference/conference-2014/speakers/alexandre-dulaunoy.html + +(Originally on Twitter: [Sat May 31 21:33:07 +0000 2014](https://twitter.com/adulau/status/472853303316209664)) +---- +@X_Cli @H_Miser Le seul moyen d'assurer la préservation des graines est de dupliquer ces graines... la préservation en arctique c'est du PR. + +(Originally on Twitter: [Sun Jun 01 13:32:02 +0000 2014](https://twitter.com/adulau/status/473094622303252480)) +---- +@H_Miser @X_Cli Je sais, moi je critique le marketing de la "Réserve mondiale de semences du Svalbard" et la fausse bonne intention. + +(Originally on Twitter: [Sun Jun 01 13:36:05 +0000 2014](https://twitter.com/adulau/status/473095641020006400)) +---- +'@H_Miser C'est juste du marketing. http://www.croptrust.org/sites/default/files/documents/files/Funding%20Status%20as%20of%20January%202014.pdf Dupliquer c'est préserver ... @X_Cli + +(Originally on Twitter: [Sun Jun 01 13:39:34 +0000 2014](https://twitter.com/adulau/status/473096519206182913)) +---- +RT @circl_lu: Deanonymisation of clients in Bitcoin P2P network #bitcoin #privacy http://arxiv.org/pdf/1405.7418v1.pdf + +(Originally on Twitter: [Sun Jun 01 13:48:52 +0000 2014](https://twitter.com/adulau/status/473098861096218624)) +---- +and now an experimental PoC for CVE-2014-3466 has been released https://github.com/azet/CVE-2014-3466_PoC by @a_z_e_t + +(Originally on Twitter: [Sun Jun 01 20:50:26 +0000 2014](https://twitter.com/adulau/status/473204951918075904)) +---- +Collaborative Research Into Threats CRITS is now open source https://github.com/crits/crits https://crits.github.io/ + +(Originally on Twitter: [Mon Jun 02 05:36:57 +0000 2014](https://twitter.com/adulau/status/473337451143241728)) +---- +RT @GDataFrance: Analyse poussée d'#Uroburos avec #WinDbg. Au cœur d'un code complexe avec les experts #GDATA http://bit.ly/SoqD1R + +(Originally on Twitter: [Mon Jun 02 22:10:35 +0000 2014](https://twitter.com/adulau/status/473587509587615744)) +---- +RT @circl_lu: published TR-24 Analysis of Destory RAT family including PlugX, Gulpix and alike http://www.circl.lu/pub/tr-24/ + +(Originally on Twitter: [Tue Jun 03 15:23:51 +0000 2014](https://twitter.com/adulau/status/473847538597265408)) +---- +Good to see a reference to @BetterCrypto project in the @hashbreaker presentation at #NCSC2014 + +(Originally on Twitter: [Wed Jun 04 15:41:17 +0000 2014](https://twitter.com/adulau/status/474214312240627712)) +---- +RT @adriengnt: When @pinkflawd speaks at #SSTIC, she gains at least 20 followers in some seconds... ;) + +(Originally on Twitter: [Wed Jun 04 15:44:09 +0000 2014](https://twitter.com/adulau/status/474215036873744384)) +---- +RT @circl_lu: Security Advisory: seven security fixes in OpenSSL #infosec #ssl http://www.openssl.org/news/secadv_20140605.txt + +(Originally on Twitter: [Thu Jun 05 12:37:55 +0000 2014](https://twitter.com/adulau/status/474530556751781889)) +---- +RT @stopbadware: Destory RAT analysis: "When the #malware author created this decision tree, he might have abused illegal substances." http… + +(Originally on Twitter: [Thu Jun 05 13:39:00 +0000 2014](https://twitter.com/adulau/status/474545925894176768)) +---- +@stopbadware Glad to see people reading the full document. Now to be fair with the malware author, it might be a compiler artefact ;-) + +(Originally on Twitter: [Thu Jun 05 13:48:12 +0000 2014](https://twitter.com/adulau/status/474548241988472832)) +---- +RT @hack_lu: Writing malware? fighting against malware? detecting new malware? submit your researches to @hack_lu 2014 http://t.co/Ud1GtrOz… + +(Originally on Twitter: [Thu Jun 05 19:00:28 +0000 2014](https://twitter.com/adulau/status/474626828951621632)) +---- +RT @cvandeplas: Luxemburg now has his own National #MISP - https://www.circl.lu/services/misp-malware-information-sharing-platform/ … @circl_lu great_job! What with #Belgium? #NoTimeFo… + +(Originally on Twitter: [Fri Jun 06 06:28:13 +0000 2014](https://twitter.com/adulau/status/474799906486759424)) +---- +Did someone make an extensive analysis of the Araneus Alea I hardware random generator? http://www.araneus.fi/products-alea-eng.html + +(Originally on Twitter: [Sat Jun 07 08:36:58 +0000 2014](https://twitter.com/adulau/status/475194693761118208)) +---- +RFC2616 is (maybe) dead but will continue to live its life with all the security software and malware relying on it. https://www.mnot.net/blog/2014/06/07/rfc2616_is_dead + +(Originally on Twitter: [Sun Jun 08 09:37:19 +0000 2014](https://twitter.com/adulau/status/475572270673301504)) +---- +"create something inspired by Turla in sort of exchange" DSEFix - Defeating x64 Driver Signature Enforcement http://www.kernelmode.info/forum/viewtopic.php?f=11&t=3322 + +(Originally on Twitter: [Sun Jun 08 09:51:52 +0000 2014](https://twitter.com/adulau/status/475575931755458560)) +---- +Extension to @virustotal - Finding evil in Flash files http://blog.virustotal.com/2014/06/finding-evil-in-flash-files.html + +(Originally on Twitter: [Tue Jun 10 08:10:20 +0000 2014](https://twitter.com/adulau/status/476275157506342912)) +---- +RT @circl_lu: Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 http://cve.circl.lu/cve/CVE-2014-1542 + +(Originally on Twitter: [Wed Jun 11 21:00:32 +0000 2014](https://twitter.com/adulau/status/476831372103806976)) +---- +PrivEx: Private Collection of Traffic Statistics for Anonymous Communication Networks http://cacr.uwaterloo.ca/techreports/2014/cacr2014-08.pdf + +(Originally on Twitter: [Thu Jun 12 16:54:39 +0000 2014](https://twitter.com/adulau/status/477131878827180032)) +---- +RT @hack_lu: 32 days before the deadline of the hack.lu 2014 call for papers. Submit your security researches. #infosec #cfp http://t.co/Op… + +(Originally on Twitter: [Fri Jun 13 04:29:38 +0000 2014](https://twitter.com/adulau/status/477306776640294912)) +---- +@lojikil Sure. Just do a pull request when it's done and we'll have a look at it. Thank you. + +(Originally on Twitter: [Sun Jun 15 05:42:02 +0000 2014](https://twitter.com/adulau/status/478049775250853889)) +---- +A review of the bug by @Pour_EVA that hit the electronic voting in Belgium & it's just the tip of the iceberg http://www.poureva.be/spip.php?article853&lang=fr + +(Originally on Twitter: [Sun Jun 15 06:46:13 +0000 2014](https://twitter.com/adulau/status/478065926605393920)) +---- +RT @hack_lu: You discovered CVE-2010-5139 before everyone else? You designed a block withholding attack against #bitcoin ? CfP -> http://t.… + +(Originally on Twitter: [Sun Jun 15 06:56:35 +0000 2014](https://twitter.com/adulau/status/478068536741330944)) +---- +@ncaproni It's an usual procedure for sanitization of ICs for an intelligence organization where unknown classified information is. @_fwix_ + +(Originally on Twitter: [Tue Jun 17 17:50:12 +0000 2014](https://twitter.com/adulau/status/478957798320250880)) +---- +This will be my only photography containing someone playing with a ball... #blackandwhitephotography https://www.flickr.com/photos/adulau/14444397892/ + +(Originally on Twitter: [Tue Jun 17 18:11:07 +0000 2014](https://twitter.com/adulau/status/478963063790788609)) +---- +RT @thegrugq: I warned that “regulating 0day sales” is just a coded term for “restricting security research”. Here it comes. http://t.co/kt… + +(Originally on Twitter: [Tue Jun 17 18:36:51 +0000 2014](https://twitter.com/adulau/status/478969539070541824)) +---- +@laurentchemla Une autre approche? "Legalize and promote eavesdropping on electronic communication for everyone." http://www.foo.be/eavesdropping-what-to-do/ + +(Originally on Twitter: [Wed Jun 18 04:38:27 +0000 2014](https://twitter.com/adulau/status/479120935514279936)) +---- +RT @hack_lu: Less than 26 days to submit your presentation or paper to hack.lu 2014 http://2014.hack.lu/cfp/ #conference #infosec + +(Originally on Twitter: [Thu Jun 19 18:21:09 +0000 2014](https://twitter.com/adulau/status/479690365373775873)) +---- +RT @jedisct1: Call me maybe: Elasticsearch http://aphyr.com/posts/317-call-me-maybe-elasticsearch + +(Originally on Twitter: [Thu Jun 19 19:42:35 +0000 2014](https://twitter.com/adulau/status/479710857283526658)) +---- +@quinnnorton Usually being jealous is not my style but here i'm really jealous about where you are... #astronomy + +(Originally on Twitter: [Thu Jun 19 19:58:42 +0000 2014](https://twitter.com/adulau/status/479714910856032256)) +---- +RT @veorq: As the worst outnumber the best and always will, we need look no further than the history of empire: empires fall when polarizat… + +(Originally on Twitter: [Fri Jun 20 07:52:00 +0000 2014](https://twitter.com/adulau/status/479894421266530304)) +---- +RT @mikko: DEF CON will have a talk by @michaelossmann about recreating the bugging devices described in the NSA ANT catalog: http://t.co/I… + +(Originally on Twitter: [Sat Jun 21 12:57:46 +0000 2014](https://twitter.com/adulau/status/480333756122021889)) +---- +RT @NighterMan: First Vix (Visual Interface heXadecimal) public release by @BatchDrake http://actinid.org/vix/ ![](media/480335541293293568-BmGR2FnCcAAYgp_.png) + +(Originally on Twitter: [Sat Jun 21 13:04:51 +0000 2014](https://twitter.com/adulau/status/480335541293293568)) +---- +"DP5: A Private Presence Service" #privacy http://cacr.uwaterloo.ca/techreports/2014/cacr2014-10.pdf + +(Originally on Twitter: [Sat Jun 21 16:44:15 +0000 2014](https://twitter.com/adulau/status/480390754561695744)) +---- +"FNR : Arbitrary length small domain block cipher proposal" The Cisco block cipher algo for small data like IPv4. https://eprint.iacr.org/2014/421.pdf + +(Originally on Twitter: [Mon Jun 23 08:19:35 +0000 2014](https://twitter.com/adulau/status/480988526562250752)) +---- +RT @DidierStevens: Bitcoin & Stoned Computer Virus: I found the smoking gun! http://bit.ly/1m6QkLl + +(Originally on Twitter: [Tue Jun 24 07:06:56 +0000 2014](https://twitter.com/adulau/status/481332630211035136)) +---- +RT @circl_lu: "Xen 3.2.x through 4.4.x does not properly clean memory pages" allowing attackers on guest OS to get sensitive info http://t.… + +(Originally on Twitter: [Tue Jun 24 07:09:26 +0000 2014](https://twitter.com/adulau/status/481333261613154304)) +---- +RT @rafi0t: People attending #FIRSTCon14, I have many @hack_lu stickers to give you, and you totally want some: https://pbs.twimg.com/profile_images/469208126500007936/Bd2zwB61.png + +(Originally on Twitter: [Tue Jun 24 14:48:21 +0000 2014](https://twitter.com/adulau/status/481448751740223488)) +---- +RT @CertSG: Release the Kraken! Our simple host-based IOC collection framework is on Github: https://github.com/certsocietegenerale/kraken #FIRSTCon14 http://t.c… + +(Originally on Twitter: [Wed Jun 25 07:34:19 +0000 2014](https://twitter.com/adulau/status/481701910357880832)) +---- +RT @circl_lu: @CertSG Excellent initiative and the tool looks very promising. A small connector to MISP in the kraken-panel would be awesom… + +(Originally on Twitter: [Wed Jun 25 07:34:24 +0000 2014](https://twitter.com/adulau/status/481701931627208704)) +---- +@dallendoug Maybe MISP is more into a data structure that is guided by use cases. https://github.com/MISP/MISP @c_APT_ure + +(Originally on Twitter: [Wed Jun 25 14:09:59 +0000 2014](https://twitter.com/adulau/status/481801480505028608)) +---- +@angealbertini It's a very cheap way to do data-leak/exfiltration prevention using the EICAR file. It's the only pattern that A/V detects. + +(Originally on Twitter: [Wed Jun 25 15:08:07 +0000 2014](https://twitter.com/adulau/status/481816113417048065)) +---- +RT @djrbliss: Looks like a fairly epic Linux kernel infoleak (kernel version 3.10+ only) was patched here: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=edfbbf388f293d70bf4b7c0bc38774d05e6f711a + +(Originally on Twitter: [Wed Jun 25 19:53:27 +0000 2014](https://twitter.com/adulau/status/481887918563155968)) +---- +RT @cbrocas: Vous aimez le soleil, le #Libre et la #Sécurité ? Venez aux #rmll2014 ! #nftables #tor #crypto #IDS #dnssec https://t.co/Axtgi… + +(Originally on Twitter: [Wed Jun 25 20:11:00 +0000 2014](https://twitter.com/adulau/status/481892334209368064)) +---- +RT @Sebdraven: At the #NDH2K14 we presents FastReponsder on workshop http://www.nuitduhack.com/node/261 https://github.com/SekoiaLab/FastResponder #DFIR #INFOSEC + +(Originally on Twitter: [Thu Jun 26 15:55:24 +0000 2014](https://twitter.com/adulau/status/482190397880692736)) +---- +RT @doegox: #bug2506 au JT de la RTBF aujourd'hui, video en ligne: http://www.rtbf.be/info/regions/detail_le-bug-informatique-a-bien-eu-une-influence-sur-les-elections-du-25-mai?id=8301904 @DavidGlaude @Pour_EVA + +(Originally on Twitter: [Thu Jun 26 19:18:31 +0000 2014](https://twitter.com/adulau/status/482241515436404736)) +---- +Using LZO compression somewhere, you should read "The 20 Year Old Bug that Went to Mars" and maybe fix your code http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html + +(Originally on Twitter: [Thu Jun 26 19:31:37 +0000 2014](https://twitter.com/adulau/status/482244811379191808)) +---- +RT @wise_steve: @martijn_grooten @pinkflawd And "persistent" means "we've not done anything effective to stop it happening". #apt + +(Originally on Twitter: [Thu Jun 26 19:33:11 +0000 2014](https://twitter.com/adulau/status/482245205757014016)) +---- +RT @Tinolle1955: VRT: Exceptional behavior: the Windows 8.1 X64 SEH Implementation** http://vrt-blog.snort.org/2014/06/exceptional-behavior-windows-81-x64-seh.html?m=1 + +(Originally on Twitter: [Thu Jun 26 19:52:55 +0000 2014](https://twitter.com/adulau/status/482250171536125952)) +---- +@Shiftreduce Enjoy the cocktails ;-) and say hello to the RE friends. + +(Originally on Twitter: [Thu Jun 26 20:36:55 +0000 2014](https://twitter.com/adulau/status/482261246595829760)) +---- +@veorq By the way, do you know other recent attacks against GOST beside the interesting work of Nicolas Courtois? Thx + +(Originally on Twitter: [Fri Jun 27 08:21:26 +0000 2014](https://twitter.com/adulau/status/482438540710526976)) +---- +@Sebdraven On the UCL website, list of papers from Nicolas Courtois http://www.ucl.ac.uk/research/publications/pubs/?users[]=uceenco&sort_by=type @veorq + +(Originally on Twitter: [Fri Jun 27 08:24:47 +0000 2014](https://twitter.com/adulau/status/482439387142057984)) +---- +@veorq Thanks a lot. If you see something, feel free to share. + +(Originally on Twitter: [Fri Jun 27 08:25:12 +0000 2014](https://twitter.com/adulau/status/482439491739594752)) +---- +RT @ICTSpring: @adulau from @circl_lu will be Masterclass Speaker at the #ICTSpring | #Attackers benefit from #sharing #information http:/… + +(Originally on Twitter: [Fri Jun 27 09:44:53 +0000 2014](https://twitter.com/adulau/status/482459544455372800)) +---- +"No more Microsoft advisory email notifications? " Due to "changing governmental policies"? https://isc.sans.edu/forums/diary//18319 + +(Originally on Twitter: [Sat Jun 28 06:12:45 +0000 2014](https://twitter.com/adulau/status/482768546741878784)) +---- +@doegox Comme on te voit mal sur la photo je ne pourrais pas la réutiliser pour @hack_lu ;-) @zataz @vhutsebaut @y0ug @macteca + +(Originally on Twitter: [Sun Jun 29 14:40:32 +0000 2014](https://twitter.com/adulau/status/483258722391953408)) +---- +RT @ioerror: Please consider attending various #Tor Developer events in Paris this week: https://trac.torproject.org/projects/tor/wiki/org/meetings/2014SummerDevMeeting https://blog.torproject.org/events/tors-summer-dev-meeting-paris-france + +(Originally on Twitter: [Sun Jun 29 16:14:27 +0000 2014](https://twitter.com/adulau/status/483282357060128768)) +---- +RT @hack_lu: 16 days before the CFP deadline for hack.lu. Have you submitted your paper or presentation? http://2014.hack.lu/cfp/ #infosec #c… + +(Originally on Twitter: [Sun Jun 29 16:25:58 +0000 2014](https://twitter.com/adulau/status/483285255642939392)) +---- +Bypassing Windows 8.1 Mitigations using Unsafe COM Objects http://www.contextis.com/blog/windows-mitigaton-bypass/ + +(Originally on Twitter: [Sun Jun 29 20:54:12 +0000 2014](https://twitter.com/adulau/status/483352757588746240)) +---- +RT @blackswanburst: I'd like to encourage some of my followers to submit to this awesome con: http://2014.hack.lu/cfp/ 15 days left, me and @… + +(Originally on Twitter: [Mon Jun 30 12:47:29 +0000 2014](https://twitter.com/adulau/status/483592659865309185)) +---- +RT @ChrisJohnRiley: [SuggestedReading] Operation of TOR nodes declared a criminal offense in Austria http://ift.tt/1o51JhK + +(Originally on Twitter: [Wed Jul 02 09:12:24 +0000 2014](https://twitter.com/adulau/status/484263306543104002)) +---- +"HTML representation of the Intel x86 instructions documentation" generated from volume 2A/2B of Intel. Very nifty. https://github.com/zneak/x86doc + +(Originally on Twitter: [Thu Jul 03 04:34:13 +0000 2014](https://twitter.com/adulau/status/484555688778399744)) +---- +RT @doegox: Write-up-as-far-as-I-could of #ndh2k14 private CTF radio challenge http://wiki.yobi.be/wiki/NDH_Writeups#Unter_Cab_Command_and_Control_Radio_Module HELP! @hackerzvoice @kaiyou_ @DragonS… + +(Originally on Twitter: [Thu Jul 03 18:10:09 +0000 2014](https://twitter.com/adulau/status/484761027083382784)) +---- +RT @circl_lu: Following @FSecure report about MiniDuke, we updated CIRCL TR-14 to include the famous loader graph http://www.circl.lu/pub/tr-14/ @m… + +(Originally on Twitter: [Thu Jul 03 19:01:56 +0000 2014](https://twitter.com/adulau/status/484774058525876224)) +---- +After the crypo snake-oil FAQ, there should be one for virtual currencies too. #ICTSpring + +(Originally on Twitter: [Fri Jul 04 08:42:28 +0000 2014](https://twitter.com/adulau/status/484980552785608705)) +---- +@HoffmannMich I'll talk in 10 minutes ;-) @ICTSpring + +(Originally on Twitter: [Fri Jul 04 11:35:41 +0000 2014](https://twitter.com/adulau/status/485024141817294848)) +---- +@pr_resende Thank you Pedro. + +(Originally on Twitter: [Fri Jul 04 11:55:13 +0000 2014](https://twitter.com/adulau/status/485029057935859712)) +---- +RT @circl_lu: "Attackers benefit from sharing information. How can you benefit, too?" presentation by @adulau at @ICTSpring https://t.co/vF… + +(Originally on Twitter: [Fri Jul 04 12:22:37 +0000 2014](https://twitter.com/adulau/status/485035954512474113)) +---- +RT @circl_lu: Don't forget our tomorrow workshop about our USB key sanitizer CIRCLean #malware #usb http://www.circl.lu/pub/press/CIRCLean-invitation/ + +(Originally on Twitter: [Mon Jul 07 14:29:16 +0000 2014](https://twitter.com/adulau/status/486154988956041217)) +---- +"99% of the URLs from the German Internet censorship list recovered" The technique against Bloom filter would work 2 https://bpjmleak.neocities.org/ + +(Originally on Twitter: [Tue Jul 08 06:46:43 +0000 2014](https://twitter.com/adulau/status/486400972647043072)) +---- +@cryptax for hack.lu we might do a small extension of 2 weeks. So we are waiting for your submission ;-) @hack_lu + +(Originally on Twitter: [Tue Jul 08 07:44:14 +0000 2014](https://twitter.com/adulau/status/486415447965708288)) +---- +RT @veorq: unlike TrueCrypt, GostCrypt fails to document its threat model, security claims, etc. (see http://www.gostcrypt.org/download/1.0/doc/GostCryptUserGuide.pdf) + +(Originally on Twitter: [Tue Jul 08 12:24:44 +0000 2014](https://twitter.com/adulau/status/486486035535511553)) +---- +@fredraynal @veorq @r00tbsd http://pastebin.com/PWvU62tG + +(Originally on Twitter: [Tue Jul 08 12:47:14 +0000 2014](https://twitter.com/adulau/status/486491700383481856)) +---- +RT @nicolasbrulez: While everyone plays the FireEye challenge, A researcher got fired by his company for publishing minor vulnerabilities i… + +(Originally on Twitter: [Tue Jul 08 12:48:11 +0000 2014](https://twitter.com/adulau/status/486491939894603776)) +---- +@_Quack1 Le MiTM, c'est une source de problèmes. Même en France ;-) https://blog.mozilla.org/security/2013/12/09/revoking-trust-in-one-anssi-certificate/ @bortzmeyer + +(Originally on Twitter: [Wed Jul 09 07:27:37 +0000 2014](https://twitter.com/adulau/status/486773653133332480)) +---- +@_Quack1 Il y a bcp de malware qui sont signés en utilisant les procedures rapides par simple validation email via l'AC. @bortzmeyer + +(Originally on Twitter: [Wed Jul 09 09:19:52 +0000 2014](https://twitter.com/adulau/status/486801904307941378)) +---- +@pinkflawd Sometime, I see the subject coming back in the academic world but results are usually weak, even ours ;-) http://www.labri.fr/perso/fleury/courses/SS/download/papers/Malware_behaviour_analysis.pdf + +(Originally on Twitter: [Wed Jul 09 15:45:01 +0000 2014](https://twitter.com/adulau/status/486898830504656896)) +---- +@pinkflawd The main issue for a majority of malware is the deobfuscation still needs a lot of manual static analysis before classification. + +(Originally on Twitter: [Wed Jul 09 15:46:22 +0000 2014](https://twitter.com/adulau/status/486899169026928640)) +---- +Following various requests, the call for papers for @hack_lu 2014 has been extended until end of July. http://2014.hack.lu/cfp/ #conference + +(Originally on Twitter: [Thu Jul 10 10:01:14 +0000 2014](https://twitter.com/adulau/status/487174701156810752)) +---- +@ClausHoumann @iamthecavalry Sure I know about it. You have two options submit a talk at http://2014.hack.lu/cfp/ or doing a lightning talk + +(Originally on Twitter: [Thu Jul 10 11:41:41 +0000 2014](https://twitter.com/adulau/status/487199978343776257)) +---- +RT @circl_lu: TR-25 An historical analysis of "Turla Pfinet Snake Uroburos Pfinet" malware familty http://www.circl.lu/pub/tr-25/ work-in-progress + +(Originally on Twitter: [Thu Jul 10 11:41:57 +0000 2014](https://twitter.com/adulau/status/487200044420849664)) +---- +RT @hack_lu: hack.lu registration is now open http://2014.hack.lu/index.php/Info + +(Originally on Twitter: [Fri Jul 11 05:49:54 +0000 2014](https://twitter.com/adulau/status/487473839467556864)) +---- +https://www.flickr.com/photos/adulau/14631972331/ "Dance in the darkness" at #LesArdentes + +(Originally on Twitter: [Sat Jul 12 14:27:13 +0000 2014](https://twitter.com/adulau/status/487966413072502784)) +---- +@Shiftreduce Thank you. Sure, I'm sometime carrying a camera... while trying to capture the moment. + +(Originally on Twitter: [Sat Jul 12 14:32:19 +0000 2014](https://twitter.com/adulau/status/487967696378535937)) +---- +My favorite band @austra played at #lesardentes14 @LESARDENTES https://www.flickr.com/photos/adulau/14637177902/ Very nice moment that I tried to capture. + +(Originally on Twitter: [Sat Jul 12 20:07:09 +0000 2014](https://twitter.com/adulau/status/488051960936153088)) +---- +@kaizeronion Tu as deux options: les ciseaux ou le coureur indien https://fr.wikipedia.org/wiki/Coureur_indien ;-) + +(Originally on Twitter: [Sun Jul 13 11:32:54 +0000 2014](https://twitter.com/adulau/status/488284933216292864)) +---- +@rafi0t You know redundancy is a critical thing in computer systems @quinnnorton + +(Originally on Twitter: [Mon Jul 14 08:06:27 +0000 2014](https://twitter.com/adulau/status/488595365248372736)) +---- +Hey GCHQ you should release as free software your HUSK tool. Everyone is trying to make secure dead-drop message without success until now. + +(Originally on Twitter: [Mon Jul 14 17:37:35 +0000 2014](https://twitter.com/adulau/status/488739095565570050)) +---- +RT @ClausHoumann: Uploaded PDF, #HackLU submission done @adulau :) +We are the cavalry :) + +(Originally on Twitter: [Tue Jul 29 20:02:31 +0000 2014](https://twitter.com/adulau/status/494211386881212417)) +---- +If you are in Iceland, don't look at Wireless networks and POS security. Just look at the waterfalls https://www.flickr.com/photos/adulau/14593098837/ + +(Originally on Twitter: [Tue Jul 29 20:23:54 +0000 2014](https://twitter.com/adulau/status/494216767133450240)) +---- +RT @capstone_engine: Excited to announce CEnigma, a web-based disassembler tool: it is simple, fast, friendly & support 8 archs! Plz RT + +ht… + +(Originally on Twitter: [Wed Jul 30 09:01:32 +0000 2014](https://twitter.com/adulau/status/494407434019295232)) +---- +RT @hack_lu: In 18 hours, the call for papers for hack.lu 2014 will be over. So hurry up to submit your paper/presentation. http://t.co/Ud… + +(Originally on Twitter: [Wed Jul 30 10:08:18 +0000 2014](https://twitter.com/adulau/status/494424234865983488)) +---- +BareCloud: Bare-metal Analysis-based Evasive Malware Detection https://seclab.cs.ucsb.edu/media/uploads/papers/kirat_barecloud_usenix_2014.pdf + +(Originally on Twitter: [Wed Jul 30 10:31:57 +0000 2014](https://twitter.com/adulau/status/494430187204128768)) +---- +@a_greenberg Regarding USB security, you should have a look at the USB cleaner "air-gapped" (free software/hardware) http://www.circl.lu/projects/CIRCLean/ + +(Originally on Twitter: [Thu Jul 31 09:09:24 +0000 2014](https://twitter.com/adulau/status/494771799687966721)) +---- +If the Internet is a series of tubes, we found it in Iceland https://www.flickr.com/photos/adulau/14816498213/ #internet #iceland + +(Originally on Twitter: [Thu Jul 31 20:23:42 +0000 2014](https://twitter.com/adulau/status/494941494693093376)) +---- +RT @headhntr: Check out this awesome Android-based project to detect and (hopefully) avoid fake base stations (IMSI catchers) https://t.co/… + +(Originally on Twitter: [Thu Jul 31 20:39:32 +0000 2014](https://twitter.com/adulau/status/494945479701327872)) +---- +RT @xme: Registration for #hacklu: ✓ + +(Originally on Twitter: [Thu Jul 31 20:55:01 +0000 2014](https://twitter.com/adulau/status/494949376880824321)) +---- +Beside "The MonkeySphere project", do you know any other try to build a distributed version of the PGP trustdb? #pgp #gnupg #crypto + +(Originally on Twitter: [Fri Aug 01 13:15:33 +0000 2014](https://twitter.com/adulau/status/495196135401992192)) +---- +@lostinsecurity Which version of COTTONMOUTH? It seems there are some variants. + +(Originally on Twitter: [Fri Aug 01 13:24:19 +0000 2014](https://twitter.com/adulau/status/495198340909645825)) +---- +RT @SteveClement: Today we have another #WearableWednesday @haxogreen join us in Dudelange at 18h30 +Haut, Hacke mat Kleeder um Bierg :) htt… + +(Originally on Twitter: [Fri Aug 01 13:34:58 +0000 2014](https://twitter.com/adulau/status/495201020298141697)) +---- +@yrougy C'est le canal 35 en LDP433 d'un babyphone? ;-) + +(Originally on Twitter: [Fri Aug 01 21:01:12 +0000 2014](https://twitter.com/adulau/status/495313318702505984)) +---- +@yrougy Cool. Le codage est pseudo-random? comme pour les trucs RKS ou c'est un autre codage? + +(Originally on Twitter: [Fri Aug 01 21:21:58 +0000 2014](https://twitter.com/adulau/status/495318544846815232)) +---- +@yrougy Et si tu plots le niveau du signal c'est constant? ou c'est des intervalles aléatoires et avec des pointes de - d'une seconde? + +(Originally on Twitter: [Fri Aug 01 21:25:18 +0000 2014](https://twitter.com/adulau/status/495319382768500736)) +---- +RT @circl_lu: http://bgpranking.circl.lu/ updated and services is back with 3 years history of malicious activities per ISP. #bgp #internet #sec… + +(Originally on Twitter: [Tue Aug 05 13:58:12 +0000 2014](https://twitter.com/adulau/status/496656417538183168)) +---- +RT @bcrypt: Sad news: I'm stepping down from my position at EFF. Come take my job: https://www.eff.org/opportunities/jobs/staff-technologist + +(Originally on Twitter: [Wed Aug 06 08:21:53 +0000 2014](https://twitter.com/adulau/status/496934169524834304)) +---- +RT @circl_lu: Another good reason why CMS admin should carefully check version of Wordpress/Joomla on http://cve.circl.lu/browse/ - Thanks to @u… + +(Originally on Twitter: [Wed Aug 06 08:22:01 +0000 2014](https://twitter.com/adulau/status/496934203016372226)) +---- +RT @circl_lu: released first version of the Analysis Information Leak framework (AIL) free software #infosec https://github.com/CIRCL/AIL-framework cc/ @… + +(Originally on Twitter: [Wed Aug 06 09:55:08 +0000 2014](https://twitter.com/adulau/status/496957639566577664)) +---- +RT @threatintel: The Asprox botnet adds a new module to its malicious arsenal http://bit.ly/XDr3EB #Botnet #Asprox + +(Originally on Twitter: [Wed Aug 06 12:17:28 +0000 2014](https://twitter.com/adulau/status/496993457295327233)) +---- +@jaysonstreet @gadievron You, guys, are so cute. You really need to come at @hack_lu this year! + +(Originally on Twitter: [Wed Aug 06 19:11:12 +0000 2014](https://twitter.com/adulau/status/497097576504893440)) +---- +RT @thegrugq: Gamma group practiced effective security against 0days and malware. Even with a compromise they didn’t lose everything. Learn… + +(Originally on Twitter: [Wed Aug 06 19:21:56 +0000 2014](https://twitter.com/adulau/status/497100278945284096)) +---- +RT @rafi0t: .@thegrugq the only ones to lose are the ones who uploaded their key on a server, or talked too much on the support.No other cr… + +(Originally on Twitter: [Wed Aug 06 19:22:00 +0000 2014](https://twitter.com/adulau/status/497100293734408192)) +---- +RT @hack_lu: If you want some nice stickers for hack.lu 2014, DM us your postal address... #hacklu + +(Originally on Twitter: [Wed Aug 06 19:26:42 +0000 2014](https://twitter.com/adulau/status/497101476003868672)) +---- +RT @jaysonstreet: That would be EPIC! :-) “@adulau: @jaysonstreet @gadievron You, guys, are so cute. You really need to come at @hack_lu th… + +(Originally on Twitter: [Wed Aug 06 20:11:30 +0000 2014](https://twitter.com/adulau/status/497112752889270273)) +---- +@kwisarts You can basically do everything in Redis ;-) But if you want complex pub-sub models, ZMQ might be a complement. + +(Originally on Twitter: [Sun Aug 10 18:42:31 +0000 2014](https://twitter.com/adulau/status/498539908794163201)) +---- +@kwisarts and why not Celery? the distributed task queue? @rafi0t + +(Originally on Twitter: [Sun Aug 10 19:30:58 +0000 2014](https://twitter.com/adulau/status/498552103007428608)) +---- +RT @circl_lu: If you wan to search, index or analyse potential leak from pastes or similar content, check out CIRCL AIL https://t.co/dJNctU… + +(Originally on Twitter: [Mon Aug 11 15:04:10 +0000 2014](https://twitter.com/adulau/status/498847347817066496)) +---- +RT @hack_lu: Don't forget to register for hack.lu 2014 http://2014.hack.lu/index.php/Info it's still the pre-registration price. #hacklu #conference #i… + +(Originally on Twitter: [Mon Aug 11 20:38:30 +0000 2014](https://twitter.com/adulau/status/498931484171206656)) +---- +Interesting CVE about a defibrillator product... http://cve.circl.lu/cve/CVE-2013-7395 + +(Originally on Twitter: [Wed Aug 13 06:58:37 +0000 2014](https://twitter.com/adulau/status/499449930424270848)) +---- +@hellais Small question regarding OONI/Python, are you able to resolve addresses without leaking those to the system resolver? + +(Originally on Twitter: [Wed Aug 13 13:33:30 +0000 2014](https://twitter.com/adulau/status/499549307255934976)) +---- +Thanks to @johnmaloof I just saw the @VivianMaierFilm documentary and that's really awesome, human and hopeful. #photography + +(Originally on Twitter: [Wed Aug 13 21:44:13 +0000 2014](https://twitter.com/adulau/status/499672800378884097)) +---- +RT @hack_lu: There will be a Radare2 workshop , the reverse engineering framework, at hack.lu 2014 #radare2 #reversing http://t.co/0kvbi82x… + +(Originally on Twitter: [Thu Aug 14 17:43:57 +0000 2014](https://twitter.com/adulau/status/499974722424422400)) +---- +RT @doegox: @marcolanie @f4grx BTW je donnerai très probablement un workshop RFID à Hack.lu, à bon entendeur... + +(Originally on Twitter: [Thu Aug 14 17:59:43 +0000 2014](https://twitter.com/adulau/status/499978691079057408)) +---- +Looking in my spam mailbox and just found an email containing a PGP private keyring with subject "pub key"... opsec failed or spear phish? + +(Originally on Twitter: [Thu Aug 14 20:13:54 +0000 2014](https://twitter.com/adulau/status/500012459353452544)) +---- +@lojikil good point... maybe they lost the public part? and expected a factorization from a "random" user on the wild Internet ;-) + +(Originally on Twitter: [Thu Aug 14 20:16:39 +0000 2014](https://twitter.com/adulau/status/500013149777854464)) +---- +http://datatracker.ietf.org/doc/draft-kirsch-ietf-tcp-stealth/ TCP Stealth "to replace the TCP ISN in the TCP SYN packet with an authorization token" + +(Originally on Twitter: [Fri Aug 15 10:35:34 +0000 2014](https://twitter.com/adulau/status/500229305881071616)) +---- +If you do network tapping at a large scale or intercept traffic from your Tor exit node(s), don't forget to look for "//OMA//DTD-DM-DDF". + +(Originally on Twitter: [Fri Aug 15 11:50:31 +0000 2014](https://twitter.com/adulau/status/500248166474977280)) +---- +RT @TU_Muenchen: #TCPStealth:TUMresearchers develop defense against cyberattacks +#HACIENDA #TUMInformatics #GNU http://go.tum.de/854864 http… + +(Originally on Twitter: [Fri Aug 15 11:53:01 +0000 2014](https://twitter.com/adulau/status/500248793271787520)) +---- +@jweyrich Yep, that's clearly obscurity. Especially if the attacker already intercepts network and can see previous successful handshakes. + +(Originally on Twitter: [Fri Aug 15 11:54:38 +0000 2014](https://twitter.com/adulau/status/500249203109793792)) +---- +@jweyrich But it might help when the attacker got the inability to tap at a large scale like JTRIG sometime... it's slowing down those. + +(Originally on Twitter: [Fri Aug 15 11:57:41 +0000 2014](https://twitter.com/adulau/status/500249970596147201)) +---- +@freddyb It seems easy to brute force but it will generate much more packets to scan a single host... @TU_Muenchen + +(Originally on Twitter: [Fri Aug 15 12:37:49 +0000 2014](https://twitter.com/adulau/status/500260069800673280)) +---- +just did various bug fixes to cve-search - The Common Vulnerabilities and Exposures (CVE) local search tool https://github.com/adulau/cve-search + +(Originally on Twitter: [Fri Aug 15 13:11:51 +0000 2014](https://twitter.com/adulau/status/500268633353121794)) +---- +@SteveClement The origin of the X is from the NeXTSTEP operating system design and this can be testified on my old NeXT station at home ;-) + +(Originally on Twitter: [Fri Aug 15 13:24:19 +0000 2014](https://twitter.com/adulau/status/500271771971751936)) +---- +@matthew_d_green Maybe http://theregister.co.uk should do PGP detached signatures of all their web pages? Like https://www.circl.lu/verify/ + +(Originally on Twitter: [Fri Aug 15 16:00:07 +0000 2014](https://twitter.com/adulau/status/500310981114101761)) +---- +@DidierStevens Indeed. Maybe a truncated CMAC would be more appropriate. I suppose there are still room for improvement for the I-D. + +(Originally on Twitter: [Fri Aug 15 21:29:10 +0000 2014](https://twitter.com/adulau/status/500393786036723712)) +---- +@angealbertini Maybe you should do an extended lightning talk all together at @hack_lu 2014 ? @cryptax @Reversity @doegox + +(Originally on Twitter: [Sat Aug 16 07:34:41 +0000 2014](https://twitter.com/adulau/status/500546171606421504)) +---- +RT @hack_lu: There will be a @bettercrypto workshop at hack.lu 2014 http://2014.hack.lu/index.php/List#BetterCrypto_Workshop:_A_Guide_for_SysAdmins #crypto + +(Originally on Twitter: [Sun Aug 17 16:47:59 +0000 2014](https://twitter.com/adulau/status/501047801711951872)) +---- +The NSA ORCHESTRA program has just a different name... it's just difficult to spot it. http://phk.freebsd.dk/_downloads/FOSDEM_2014.pdf + +(Originally on Twitter: [Sun Aug 17 20:34:18 +0000 2014](https://twitter.com/adulau/status/501104753938812928)) +---- +" +"An example malicious payload controller and obfuscator assisted by TPM-protected keys" https://github.com/theopolis/tpm-malcrypt + +(Originally on Twitter: [Mon Aug 18 11:24:31 +0000 2014](https://twitter.com/adulau/status/501328787309879296)) +---- +For my localized followers, I'll do a small photography exhibition in Virton 6-7/09/2014 #belgium #photography https://plus.google.com/112095729959662313642/posts/VzhLKaT1Eet + +(Originally on Twitter: [Tue Aug 19 19:12:24 +0000 2014](https://twitter.com/adulau/status/501808918801428480)) +---- +@JanGuth Thanks Jan! Sure, we can talk about photography during #hacklu and especially about some hacks around photography. + +(Originally on Twitter: [Tue Aug 19 19:24:35 +0000 2014](https://twitter.com/adulau/status/501811987324895233)) +---- +"OpenPGP with the EdDSA public key algorithm and describes the use of curve Ed25519" http://www.ietf.org/id/draft-koch-eddsa-for-openpgp-00.txt + +(Originally on Twitter: [Tue Aug 19 20:20:15 +0000 2014](https://twitter.com/adulau/status/501825997151285250)) +---- +What is the easiest if you want to meet someone you never met? using a rubik's cube or a Cthluhu mask? or both? https://www.flickr.com/photos/spackbackle/14566904248/ + +(Originally on Twitter: [Wed Aug 20 06:04:24 +0000 2014](https://twitter.com/adulau/status/501973003719421953)) +---- +Planning to run your C&C with SSL enabled, buy your certificate at StartSSL and don't pay for the revocation ;-) https://www.startssl.com/?app=25#72 + +(Originally on Twitter: [Wed Aug 20 13:41:44 +0000 2014](https://twitter.com/adulau/status/502088094347460608)) +---- +RT @hack_lu: Workshop - Elasticsearch for incident handlers and forensic analysts at @hack_lu 2014 #elasticsearch cc @cvandeplas http://t.c… + +(Originally on Twitter: [Thu Aug 21 17:38:26 +0000 2014](https://twitter.com/adulau/status/502510048745365504)) +---- +@r00tbsd Arf! Where are the "Orval" and the "Rulles"? @Sebdraven @rafi0t + +(Originally on Twitter: [Fri Aug 22 13:34:53 +0000 2014](https://twitter.com/adulau/status/502811146496536576)) +---- +@r00tbsd Excellent.... now we know where all the Orval(s) are ;-) + +(Originally on Twitter: [Fri Aug 22 13:36:07 +0000 2014](https://twitter.com/adulau/status/502811454438125568)) +---- +RT @y0m: NIST Security of Automated Access +Management Using Secure Shell +(SSH) - http://csrc.nist.gov/publications/drafts/nistir-7966/nistir_7966_draft.pdf + +(Originally on Twitter: [Fri Aug 22 18:18:41 +0000 2014](https://twitter.com/adulau/status/502882565775458306)) +---- +I found some workers with a baby at #chassepierre https://www.flickr.com/photos/adulau/15000381546/ #photography + +(Originally on Twitter: [Sun Aug 24 20:56:13 +0000 2014](https://twitter.com/adulau/status/503646985271132161)) +---- +@marnickv Correct, it starts the 21st. See you there. + +(Originally on Twitter: [Mon Aug 25 11:39:16 +0000 2014](https://twitter.com/adulau/status/503869213791240192)) +---- +@marnickv We are still working on the planning. Workshop will be at 9:00 and talks after lunch. + +(Originally on Twitter: [Mon Aug 25 11:42:05 +0000 2014](https://twitter.com/adulau/status/503869921651351553)) +---- +RT @circl_lu: Major update to CIRCL Analysis Information Leak framework including improved installation procedure https://github.com/CIRCL/AIL-framework + +(Originally on Twitter: [Mon Aug 25 14:13:12 +0000 2014](https://twitter.com/adulau/status/503907952181653504)) +---- +Maybe we should ask @BBCNews to provide MD5 of this new malware targeting an Iranian nuclear plant http://www.bbc.co.uk/persian/iran/2014/08/140825_l57_iran_malware.shtml + +(Originally on Twitter: [Mon Aug 25 14:18:37 +0000 2014](https://twitter.com/adulau/status/503909314932015104)) +---- +@xme @BBCNews I knew that you were fluent in Persian ;-) + +(Originally on Twitter: [Mon Aug 25 14:48:23 +0000 2014](https://twitter.com/adulau/status/503916807137558529)) +---- +Reading can be difficult and not only due to DRM... #chassepierre #photography #reading https://www.flickr.com/photos/adulau/14847940090/ + +(Originally on Twitter: [Mon Aug 25 20:10:32 +0000 2014](https://twitter.com/adulau/status/503997876687888384)) +---- +Beeswarm - Fake server/clients honeypot leaking intentionally credentials http://www.beeswarm-ids.org/ + +(Originally on Twitter: [Tue Aug 26 06:14:57 +0000 2014](https://twitter.com/adulau/status/504149983160188928)) +---- +RT @cvandeplas: Belgian Defence has 9 priority topics for the future. #cybersecurity is NOT in the list. http://www.standaard.be/cnt/dmf20140827_01234566 #NoTimeForC… + +(Originally on Twitter: [Wed Aug 27 13:24:13 +0000 2014](https://twitter.com/adulau/status/504620398873681921)) +---- +@cvandeplas At least it means that the Belgian defense doesn't want to militarize Internet. + +(Originally on Twitter: [Wed Aug 27 13:25:09 +0000 2014](https://twitter.com/adulau/status/504620633725370368)) +---- +@cvandeplas or at least it's not public ;-) + +(Originally on Twitter: [Wed Aug 27 13:25:50 +0000 2014](https://twitter.com/adulau/status/504620805620523008)) +---- +RT @circl_lu: has an open MSc sholarship position to extend Viper - binary analysis and management framework https://www.circl.lu/projects/internships/malware01/ cc … + +(Originally on Twitter: [Thu Aug 28 08:26:44 +0000 2014](https://twitter.com/adulau/status/504907925685817344)) +---- +RT @virusbtn: Using the open source Viper framework to find a malicious SWF object embedded in a PDF. @botherder explains http://t.co/IwFtg… + +(Originally on Twitter: [Thu Aug 28 09:20:18 +0000 2014](https://twitter.com/adulau/status/504921402601140224)) +---- +RT @cryptax: Accepted at @hack_lu :) See you in October! @TuxDePoinsisse + +(Originally on Twitter: [Thu Aug 28 11:54:39 +0000 2014](https://twitter.com/adulau/status/504960247388471297)) +---- +RT @hack_lu: "Microsoft Vulnerability Research: How to be a Finder as a Vendor" + confirmed talk at @hack_lu 2014 +http://2014.hack.lu/index.php/List#Jeremy_Brown.2FDavid_Seidman_-_Microsoft_Vulnerability_Research:_How_to_be_a_Finder_as_a_Vendor + +(Originally on Twitter: [Thu Aug 28 20:32:09 +0000 2014](https://twitter.com/adulau/status/505090481857241088)) +---- +Jordan Bouyat from @quarkslab will present USB Fuzzing : approaches and tools at @hack_lu 2014 http://2014.hack.lu/index.php/List#Jordan_Bouyat_-_USB_Fuzzing_:_approaches_and_tools + +(Originally on Twitter: [Fri Aug 29 14:49:14 +0000 2014](https://twitter.com/adulau/status/505366571376979968)) +---- +@csoghoian Why do you blame PGP in this case? + +(Originally on Twitter: [Fri Aug 29 14:52:10 +0000 2014](https://twitter.com/adulau/status/505367310451101696)) +---- +@csoghoian If someone left the original document in a printer after printing, do you blame the printer (even after beeping)? + +(Originally on Twitter: [Fri Aug 29 14:56:41 +0000 2014](https://twitter.com/adulau/status/505368445106790402)) +---- +@ramoncreager I would be curious to know the exact use case and where the software and/or the users failed. @csoghoian + +(Originally on Twitter: [Fri Aug 29 15:04:53 +0000 2014](https://twitter.com/adulau/status/505370509975248896)) +---- +RT @hack_lu: Embrace the Viper and live happy at @hack_lu 2014 to be presented by +Claudio Guarnieri @botherder http://2014.hack.lu/index.php/List#Claudio_Guarnieri_-_Embrace_the_Viper_and_live_happy + +(Originally on Twitter: [Fri Aug 29 19:39:15 +0000 2014](https://twitter.com/adulau/status/505439556913881088)) +---- +RT @hack_lu: SENTER Sandman: Using Intel TXT to Attack BIOSes to be presented at @hack_lu 2014 - @xenokovah +http://2014.hack.lu/index.php/List#Xeno_Kovah.2C_Corey_Kallenberg.2C_John_Butterworth.2C_Sam_Cornwel_-_SENTER_Sandman:_Using_Intel_TXT_to_Attack_BIOSes + +(Originally on Twitter: [Sun Aug 31 06:05:55 +0000 2014](https://twitter.com/adulau/status/505959650567942145)) +---- +updated DomainClassifier to extract valid domains (and more) from raw & unstructured text - now you can pip install. https://github.com/adulau/DomainClassifier + +(Originally on Twitter: [Sun Aug 31 13:11:04 +0000 2014](https://twitter.com/adulau/status/506066643622313984)) +---- +RT @electrospaces: All 3rd party partner countries of NSA and their membership of NATO and the SIGINT Seniors Europe (SSEUR): http://t.co… + +(Originally on Twitter: [Sun Aug 31 20:10:10 +0000 2014](https://twitter.com/adulau/status/506172112806371328)) +---- +"NATO moves to apply armed conflict law to cyber warfare" Wondering what @JPBarlow thinks about such move. http://www.dw.de/nato-moves-to-apply-armed-conflict-law-to-cyber-warfare/a-17754359 + +(Originally on Twitter: [Sun Aug 31 20:11:56 +0000 2014](https://twitter.com/adulau/status/506172557377429504)) +---- +RT @hack_lu: Breaking Out of VirtualBox through 3D Acceleration to be presented at @hack_lu 2014 by @fdfalcon +http://2014.hack.lu/index.php/List#Francisco_Falcon_-_Breaking_Out_of_VirtualBox_through_3D_Acceleration + +(Originally on Twitter: [Tue Sep 02 17:57:17 +0000 2014](https://twitter.com/adulau/status/506863447649554432)) +---- +Curious about the mention of drugs over time in the literature https://books.google.com/ngrams/graph?content=LSD%2CCannabis%2CPsychoactive+Drugs%2CMDMA%2CPsilocybin%2CPeyote%2CCocaine%2C+Heroin&year_start=1800&year_end=2008&corpus=15&smoothing=3&share=&direct_url=t1%3B%2CLSD%3B%2Cc0%3B.t1%3B%2CCannabis%3B%2Cc0%3B.t1%3B%2CPsychoactive%20Drugs%3B%2Cc0%3B.t1%3B%2CMDMA%3B%2Cc0%3B.t1%3B%2CPsilocybin%3B%2Cc0%3B.t1%3B%2CPeyote%3B%2Cc0%3B.t1%3B%2CCocaine%3B%2Cc0%3B.t1%3B%2CHeroin%3B%2Cc0 Google books NGRAM viewer is nifty... + +(Originally on Twitter: [Tue Sep 02 19:10:23 +0000 2014](https://twitter.com/adulau/status/506881843288092672)) +---- +Interesting opt-out form from someone scanning Internet but I'm wondering if they share the opt-out data ;-) http://ipv4scan.com/ + +(Originally on Twitter: [Wed Sep 03 08:21:33 +0000 2014](https://twitter.com/adulau/status/507080945779097600)) +---- +RT @virusbtn: Congrats to @pinkflawd for her @hack_lu keynote next month http://2014.hack.lu/index.php/List#Marion_Marschalek_-_Keynote_about_.22TS.2FNOFORN_Talk.22 Here's her recent VB paper https://t.co/F6f… + +(Originally on Twitter: [Thu Sep 04 17:46:57 +0000 2014](https://twitter.com/adulau/status/507585621557116928)) +---- +Statistical analysis of the Tor growth rates #tor https://docs.google.com/document/d/1SaBK664SchhZOP9XBsB8KK63k4xlmMTlkhfF28f2204/pub + +(Originally on Twitter: [Thu Sep 04 21:20:34 +0000 2014](https://twitter.com/adulau/status/507639379519864832)) +---- +RT @freemonitoring: GNU Radio Conference #gnrcon14 #hamradio #sdr http://www.trondeau.com/grcon14 + +(Originally on Twitter: [Fri Sep 05 06:11:09 +0000 2014](https://twitter.com/adulau/status/507772904260382720)) +---- +RT @circl_lu: Enigmail 1.7.x sends emails in plaintext when encryption is enabled and only BCC recipients are specified http://t.co/t4TIn… + +(Originally on Twitter: [Mon Sep 08 19:53:19 +0000 2014](https://twitter.com/adulau/status/509066976350961665)) +---- +@Echo_tcx Any USB port accessible? + +(Originally on Twitter: [Mon Sep 08 19:54:25 +0000 2014](https://twitter.com/adulau/status/509067253036621825)) +---- +@Echo_tcx Maybe you should ask the cabin personal if they use USB keys ;-) Now, the difficult part is how to make a discreet request. + +(Originally on Twitter: [Mon Sep 08 20:02:45 +0000 2014](https://twitter.com/adulau/status/509069346891911168)) +---- +I generated a quick raw dump of CVEs against the Ubuntu popularity software contest but some FPs due the lack of CPE http://www.foo.be/cve/popcon/ + +(Originally on Twitter: [Mon Sep 08 20:13:22 +0000 2014](https://twitter.com/adulau/status/509072020307714048)) +---- +@steffenbauch I'll do it soon. + +(Originally on Twitter: [Tue Sep 09 04:29:12 +0000 2014](https://twitter.com/adulau/status/509196800624840705)) +---- +@H_Miser Pourquoi pas? L'idée est de promouvoir l'interception pour montrer que la menace est réelle http://www.foo.be/eavesdropping-what-to-do/ + +(Originally on Twitter: [Tue Sep 09 19:14:54 +0000 2014](https://twitter.com/adulau/status/509419696911699968)) +---- +@H_Miser Oui mais si les utilisateurs protégeaient leurs communications, publier les pcaps d'un wifi publique ne serait pas un problème? + +(Originally on Twitter: [Tue Sep 09 19:19:37 +0000 2014](https://twitter.com/adulau/status/509420882112950272)) +---- +RT @paulvixie: I met a kitten in Bangkok who changed my life somewhat. + +http://www.redbarn.org/node/23 + +(Originally on Twitter: [Tue Sep 09 19:31:21 +0000 2014](https://twitter.com/adulau/status/509423833007554560)) +---- +RT @hack_lu: Mark Schloesser will talk about Internet Scanning - Conducting Research on 0/0 at @hack_lu 2014 +http://2014.hack.lu/index.php/List#Mark_Schloesser_-_Internet_Scanning_-_Conducting_Research_on_0.2F0 + +(Originally on Twitter: [Wed Sep 10 19:10:20 +0000 2014](https://twitter.com/adulau/status/509780933164400642)) +---- +RT @hack_lu: Do you remember #Heartbleed? +Filippo Valsorda will present The Heartbleed test adventure @hack_lu http://2014.hack.lu/index.php/List#Filippo_Valsorda_-_The_Heartbleed_test_adventure + +(Originally on Twitter: [Wed Sep 10 20:18:14 +0000 2014](https://twitter.com/adulau/status/509798020330692608)) +---- +RT @hack_lu: Extreme Privilege Escalation On Windows 8/UEFI Systems to be presented at @hack_lu 2014 #uefi #security http://2014.hack.lu/index.php/List#Corey_Kallenberg.2C_Xeno_Kovah.2C_John_Butterworth.2C_Sam_Cornwell_-_Extreme_Privilege_Escalation_On_Windows_8.2FUEFI_Systems + +(Originally on Twitter: [Fri Sep 12 21:11:55 +0000 2014](https://twitter.com/adulau/status/510536308012625920)) +---- +Taking a picture of someone doing a selfie with a goat - everything can be so #meta https://www.flickr.com/photos/adulau/15230284561/ #photography #selfie #selfie + +(Originally on Twitter: [Sun Sep 14 10:18:11 +0000 2014](https://twitter.com/adulau/status/511096564115185664)) +---- +RT @freenodestaff: For now, we recommend that every change their NickServ password as a precaution. + +(Originally on Twitter: [Sun Sep 14 10:25:18 +0000 2014](https://twitter.com/adulau/status/511098355553148928)) +---- +It's Christmas... SpAcceptCredentials hook and SIDHistory fun... https://github.com/gentilkiwi/mimikatz/releases/tag/2.0.0-alpha-20140914 + +(Originally on Twitter: [Sun Sep 14 21:00:27 +0000 2014](https://twitter.com/adulau/status/511258195562483712)) +---- +RT @circl_lu: Kudos to Stellar to openly discuss about security compromise with journalists and inform the public http://www.spiegel.de/netzwelt/netzpolitik/stellar-gchq-hackte-rechnersystem-eines-deutschen-unternehmens-a-991486.html + +(Originally on Twitter: [Mon Sep 15 07:42:33 +0000 2014](https://twitter.com/adulau/status/511419786329600000)) +---- +I'm curious of the legality of going to a recycling center to gather hard-disks and use these for a forensic training. I'll see in 2 months. + +(Originally on Twitter: [Mon Sep 15 18:03:50 +0000 2014](https://twitter.com/adulau/status/511576135587467264)) +---- +Just fixed a bug in cve-search reported by @DidierStevens and his colleague. Thank you for the report. https://github.com/adulau/cve-search + +(Originally on Twitter: [Tue Sep 16 18:12:16 +0000 2014](https://twitter.com/adulau/status/511940647021203457)) +---- +RT @volatility: In case you missed it, this repo has 160+ Linux profiles and all Mac OSX profiles from 10.5 to 10.9.4 https://t.co/QhOKqn13… + +(Originally on Twitter: [Tue Sep 16 18:58:02 +0000 2014](https://twitter.com/adulau/status/511952165091303425)) +---- +Is the source code of the @Raspberry_Pi firmware available somewhere? Only binaries on https://github.com/raspberrypi/firmware + +(Originally on Twitter: [Tue Sep 16 19:06:40 +0000 2014](https://twitter.com/adulau/status/511954336457314304)) +---- +USD 5,040,000,000 for the contractors doing "global intelligence support services acquisition" cc/ @Cryptomeorg http://www.defense.gov/Contracts/Contract.aspx?ContractID=5375 + +(Originally on Twitter: [Tue Sep 16 19:45:10 +0000 2014](https://twitter.com/adulau/status/511964024813420545)) +---- +@0xabad1dea I thought email signatures were only used for data exfiltration in malware. + +(Originally on Twitter: [Tue Sep 16 19:56:45 +0000 2014](https://twitter.com/adulau/status/511966942609936384)) +---- +@snazmeister I only see one explanation. You have been compromised. + +(Originally on Twitter: [Tue Sep 16 19:58:45 +0000 2014](https://twitter.com/adulau/status/511967446400778241)) +---- +RT @hack_lu: Inside spying - Stripping the controversial FinFisher application will be presented at @hack_lu 2014 +@0xmaro +http://t.co/7Xj4O… + +(Originally on Twitter: [Wed Sep 17 18:17:00 +0000 2014](https://twitter.com/adulau/status/512304226484363265)) +---- +RT @rommelfs: Current safety campaign of @Siemens, as part of the advertising ecosystem, embedded in major websites. Thumbs up! http://t.co… + +(Originally on Twitter: [Fri Sep 19 07:01:00 +0000 2014](https://twitter.com/adulau/status/512858880591003648)) +---- +When I read in an incident report that the "malware is contained", I replace it with "photons are now contained". It's more credible. + +(Originally on Twitter: [Sat Sep 20 06:15:57 +0000 2014](https://twitter.com/adulau/status/513209933677207552)) +---- +John Gilmore about "new wiretap resistance in iOS 8?" #apple #security #privacy http://permalink.gmane.org/gmane.comp.encryption.general/20840 + +(Originally on Twitter: [Sat Sep 20 09:57:36 +0000 2014](https://twitter.com/adulau/status/513265710899134464)) +---- +RT @hack_lu: Evasion of High-End IDS / IPS Devices at the IPv6 Era will be presented at @hack_lu 2014 #conference #security +http://t.co/Aw… + +(Originally on Twitter: [Sat Sep 20 14:35:09 +0000 2014](https://twitter.com/adulau/status/513335558006145024)) +---- +RT @hack_lu: Don't forget if you want to win the prizes for the hack.lu 2014 CTF, you need one member of your team onsite. #CTF http://t.c… + +(Originally on Twitter: [Sat Sep 20 14:41:02 +0000 2014](https://twitter.com/adulau/status/513337038612205570)) +---- +RT @circl_lu: Don't forget to upgrade your Wireshark to 1.12.1 there are many security fixes. from http://cve.circl.lu/cve/CVE-2014-6421 to http://t.co/xU… + +(Originally on Twitter: [Sun Sep 21 11:45:20 +0000 2014](https://twitter.com/adulau/status/513655210435432450)) +---- +@trojansec That's what I said. Containing photons is more realistic than containing malware... ;-) @jaysonstreet + +(Originally on Twitter: [Sun Sep 21 12:59:30 +0000 2014](https://twitter.com/adulau/status/513673877290229760)) +---- +RT @steffenbauch: Started to create a Twitter list of speakers and trainers @hack_lu 2014 #security #conference #infosec https://t.co/5JpAT… + +(Originally on Twitter: [Sun Sep 21 14:11:14 +0000 2014](https://twitter.com/adulau/status/513691926965796864)) +---- +The accountant just told me "Have you seen the nice graph?" No I'm still looking for the scale on the graph. + +(Originally on Twitter: [Mon Sep 22 08:10:12 +0000 2014](https://twitter.com/adulau/status/513963458774441984)) +---- +RT @circl_lu: Interested in learning Cisco IOS memory forensic check the workshop at @hack_lu 2014 cc/ @DidierStevens @xme http://t.co/M2lx… + +(Originally on Twitter: [Mon Sep 22 09:36:38 +0000 2014](https://twitter.com/adulau/status/513985211189977089)) +---- +Started a small #photography blog to share some ideas http://www.foo.be/photoblog/ + +(Originally on Twitter: [Mon Sep 22 19:42:21 +0000 2014](https://twitter.com/adulau/status/514137645119598592)) +---- +@iamthecavalry I'm sure salmonella and escherichia coli will enjoy compromised fridge... @ClausHoumann @daveaitel + +(Originally on Twitter: [Mon Sep 22 20:25:28 +0000 2014](https://twitter.com/adulau/status/514148496111181825)) +---- +Revealing personal information in online social network from users who don't have account. http://arxiv.org/pdf/1409.6197v1.pdf + +(Originally on Twitter: [Tue Sep 23 12:06:55 +0000 2014](https://twitter.com/adulau/status/514385418994077696)) +---- +RT @rafi0t: The @hack_lu T-shirts arrived today! http://p.twipple.jp/o5E0V and this year, there is the women version as well. + +(Originally on Twitter: [Tue Sep 23 14:18:06 +0000 2014](https://twitter.com/adulau/status/514418433640136704)) +---- +@tricaud I just tried the women version M... I can't move but it's fine. @rafi0t @hack_lu + +(Originally on Twitter: [Tue Sep 23 14:18:51 +0000 2014](https://twitter.com/adulau/status/514418623197483008)) +---- +RT @CryptoPartyLux: Next #Luxembourg Digital Privacy Salon 29/9, 18:30 at @Level2Lu - free, all welcome, there will be #cryptocookies http:… + +(Originally on Twitter: [Tue Sep 23 20:10:55 +0000 2014](https://twitter.com/adulau/status/514507223847165952)) +---- +RT @skier_t: VMCloak: Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox http://jbremer.org/vmcloak/ http://vmcloak.org/ + +(Originally on Twitter: [Tue Sep 23 20:13:18 +0000 2014](https://twitter.com/adulau/status/514507821728415744)) +---- +RT @hack_lu: An idea for a lightning talk at @hack_lu 2014 http://2014.hack.lu/index.php/LightningTalks Send us your 5 minutes talk in advance. info (AT) hack (D… + +(Originally on Twitter: [Wed Sep 24 04:33:54 +0000 2014](https://twitter.com/adulau/status/514633801860141056)) +---- +RT @Regiteric: I'm not sure a customer should consider a development as being delivered if a correct and consistent #SCM tree is not receiv… + +(Originally on Twitter: [Wed Sep 24 07:22:23 +0000 2014](https://twitter.com/adulau/status/514676202003791872)) +---- +RT @circl_lu: Just before @hack_lu Monday 20th October there will be a Suricata user training http://suricata-ids.org/training/ @OISFoundation @Suri… + +(Originally on Twitter: [Wed Sep 24 11:23:59 +0000 2014](https://twitter.com/adulau/status/514737003968348161)) +---- +@Regiteric Logiciel partout, sécurité nulle part @bortzmeyer + +(Originally on Twitter: [Wed Sep 24 19:13:55 +0000 2014](https://twitter.com/adulau/status/514855266404544512)) +---- +http://git.savannah.gnu.org/cgit/bash.git and the upstream is still not patched and released? I hope I'm wrong. + +(Originally on Twitter: [Wed Sep 24 20:46:38 +0000 2014](https://twitter.com/adulau/status/514878599749718016)) +---- +RT @circl_lu: TR-27 - GNU Bash Critical Vulnerability - CVE-2014-6271 - CVE-2014-7169 incl. explanations how to patch from source http://t.… + +(Originally on Twitter: [Thu Sep 25 07:37:07 +0000 2014](https://twitter.com/adulau/status/515042296551964672)) +---- +RT @circl_lu: TR-27 updated GNU Bash Critical Vulnerability including fix for CVE-2014-7169 (yacc file patch) http://www.circl.lu/pub/tr-27/ #shell… + +(Originally on Twitter: [Thu Sep 25 10:01:47 +0000 2014](https://twitter.com/adulau/status/515078703043592192)) +---- +Tons of new features in OpenSSL 1.0.2 ... Cool tons of new vulnerabilities to fix in the future. http://www.openssl.org/news/openssl-1.0.2-notes.html + +(Originally on Twitter: [Thu Sep 25 20:56:28 +0000 2014](https://twitter.com/adulau/status/515243462317596672)) +---- +Beside looking at some crazy yacc grammars, there are other difficulties like self-portrait #photography http://www.foo.be/photoblog/posts/the-difficult-exercise-of-self-portrait.html + +(Originally on Twitter: [Thu Sep 25 21:13:59 +0000 2014](https://twitter.com/adulau/status/515247869138567168)) +---- +@falzm Je ne savais pas que c'était mieux avant ;-) + +(Originally on Twitter: [Thu Sep 25 21:19:17 +0000 2014](https://twitter.com/adulau/status/515249203355086848)) +---- +@ChristianHeimes Great improvement. Do you know, how large is the change to comply with RFC 6125? @thierryzoller + +(Originally on Twitter: [Thu Sep 25 21:23:17 +0000 2014](https://twitter.com/adulau/status/515250209774137344)) +---- +RT @hack_lu: New workshop at @hack_lu 2014 +IRMA – An Open Source Incident Response & Malware Analysis Platform by @quarkslab http://t.co/I… + +(Originally on Twitter: [Fri Sep 26 19:15:28 +0000 2014](https://twitter.com/adulau/status/515580433078448128)) +---- +RT @hack_lu: Hacking with Images - Evil Pictures will be at @hack_lu 2014 by @therealsaumil +http://2014.hack.lu/index.php/List#Saumil_Shah_-_Hacking_with_Images_-_Evil_Pictures #infosec #conference + +(Originally on Twitter: [Sun Sep 28 21:23:06 +0000 2014](https://twitter.com/adulau/status/516337327694970880)) +---- +RT @headhntr: I'm sick of hearing people talk about BIOS backdoors and baseband exploits when they don't even check their logs. Go do the b… + +(Originally on Twitter: [Mon Sep 29 04:35:32 +0000 2014](https://twitter.com/adulau/status/516446151592394753)) +---- +@pidgeyL Looks cool. I'll merge your pull request. Thank you. @wimremes + +(Originally on Twitter: [Mon Sep 29 20:49:42 +0000 2014](https://twitter.com/adulau/status/516691307390332928)) +---- +RT @S_Team_Approved: #CtF prizes for @hack_lu are ready and going to be shipped !! #hacklu #infosec #conference ![](media/517061122533625857-ByzZ-9wIYAAD1CC.jpg) + +(Originally on Twitter: [Tue Sep 30 21:19:12 +0000 2014](https://twitter.com/adulau/status/517061122533625857)) +---- +@vloquet En pratique cela veut dire quoi? Que la France ne va plus dépendre de systèmes informatiques hors de sa souveraineté? + +(Originally on Twitter: [Wed Oct 01 10:01:12 +0000 2014](https://twitter.com/adulau/status/517252886913626112)) +---- +RT @newsoft: "Se faire défacer, ça n'est pas critique". Le patron de l'#ANSSI ne connait pas le waterholing visiblement #AssisesSI + +(Originally on Twitter: [Wed Oct 01 10:06:51 +0000 2014](https://twitter.com/adulau/status/517254306593267712)) +---- +@vloquet Le plus simple serait de faire une législation pour promouvoir l'information sharing... http://www.circl.lu/services/misp-malware-information-sharing-platform/ @Sebdraven + +(Originally on Twitter: [Wed Oct 01 12:45:54 +0000 2014](https://twitter.com/adulau/status/517294332836319232)) +---- +Binary patching of vulnerable bash http://alo.fi/bash/Patch-bash.py if you are adventurous and without hope #shellshock + +(Originally on Twitter: [Wed Oct 01 13:23:19 +0000 2014](https://twitter.com/adulau/status/517303750755880960)) +---- +RT @circl_lu: New version of CIRCLean - an USB key sanitizer - available including security fixes and NTFS support #badusb #usb http://t.co… + +(Originally on Twitter: [Wed Oct 01 14:00:53 +0000 2014](https://twitter.com/adulau/status/517313203026800641)) +---- +RT @Suricata_IDS: Get #Suricata Training at @hack_lu in Luxembourg on Oct 20! Info: http://suricata-ids.org/2014/09/25/get-trained-at-hack-lu-in-luxembourg/ Book: https://www.eventbrite.com/e/suricata-workshop-hacklu-tickets-13329929177 #i… + +(Originally on Twitter: [Wed Oct 01 17:15:49 +0000 2014](https://twitter.com/adulau/status/517362258792288256)) +---- +Do you plan to release the code behind RIPE RIS and especially the routing-history? @mir_ripe_labs @RIPE_NCC + +(Originally on Twitter: [Thu Oct 02 09:58:29 +0000 2014](https://twitter.com/adulau/status/517614589740322816)) +---- +RT @Regiteric: @Sebdraven @fredraynal @pinkflawd It smells like cupcake at @hack_lu ! + +(Originally on Twitter: [Thu Oct 02 14:46:11 +0000 2014](https://twitter.com/adulau/status/517686991463649281)) +---- +@pinkflawd Let me know if I should bring some organic goat cheese at @hack_lu 2014 @fredraynal + +(Originally on Twitter: [Thu Oct 02 14:56:37 +0000 2014](https://twitter.com/adulau/status/517689616150056960)) +---- +RT @mattblaze: One of the bizarre properties of the backdoors "debate" is watching non-engineers tell us how it's easy to make software rel… + +(Originally on Twitter: [Thu Oct 02 18:41:54 +0000 2014](https://twitter.com/adulau/status/517746309970010113)) +---- +@Sebdraven Intéressant. Tu as une référence ou un lien pour vérifier le document? + +(Originally on Twitter: [Sat Oct 04 08:10:05 +0000 2014](https://twitter.com/adulau/status/518312084892028929)) +---- +@cteuschel Thank you. I'll do. I'm interested how you store IPv4/IPv6 addresses efficiently with routing history.@mir_ripe_labs @RIPE_NCC + +(Originally on Twitter: [Sat Oct 04 08:12:58 +0000 2014](https://twitter.com/adulau/status/518312810292736000)) +---- +RT @circl_lu: We had various pp asking when the bash vulnerability #shellshock was introduced. Following D. Wheeler, it's 1992.... http://t… + +(Originally on Twitter: [Sat Oct 04 08:39:14 +0000 2014](https://twitter.com/adulau/status/518319422218719233)) +---- +RT @rafi0t: In the last part of the interview, Binney demonstrate how "illegally acquired" data are a starting point for LEA. 1/2 + +(Originally on Twitter: [Sat Oct 04 12:03:15 +0000 2014](https://twitter.com/adulau/status/518370763326640128)) +---- +RT @rafi0t: So dear lawyer friends, when you say "I don't care, LEA cannot use that against me/my client: it was illegally acquired", you a… + +(Originally on Twitter: [Sat Oct 04 12:03:18 +0000 2014](https://twitter.com/adulau/status/518370775603347457)) +---- +@rafi0t They obviously need a better natural language processing tool. The job word is quoted and out of context. + +(Originally on Twitter: [Sat Oct 04 12:05:09 +0000 2014](https://twitter.com/adulau/status/518371240634241024)) +---- +@Sebdraven En effet la VI2.4b pose de sérieux soucis sur le partage d'indicateurs. Avez-vous déjà contacté l'ANSSI à ce sujet? #IOC + +(Originally on Twitter: [Sat Oct 04 12:10:44 +0000 2014](https://twitter.com/adulau/status/518372646833377280)) +---- +@alexanderjaeger Maybe we are not good enough to join @NSA_PR or if you got a job there, I'll be forced to join you. #miningcontext + +(Originally on Twitter: [Sat Oct 04 15:21:41 +0000 2014](https://twitter.com/adulau/status/518420700554858496)) +---- +@y0m En effet. Ce que je ne comprends pas c'est comment légalement cela peut être exécuté. Il y a une proposition législative? @Sebdraven + +(Originally on Twitter: [Sat Oct 04 15:23:20 +0000 2014](https://twitter.com/adulau/status/518421117686779904)) +---- +I'm wondering why everyone tells me that I have to change the curtain... https://www.flickr.com/photos/adulau/15261666538/ #photography + +(Originally on Twitter: [Sun Oct 05 15:53:32 +0000 2014](https://twitter.com/adulau/status/518791104893054978)) +---- +RT @hack_lu: During @hack_lu 2014 there will be locally a Spot The Pot Contest done by @ProjectHoneynet team members. http://t.co/frFXmz8… + +(Originally on Twitter: [Tue Oct 07 16:03:59 +0000 2014](https://twitter.com/adulau/status/519518509785944064)) +---- +RT @pinkflawd: Happy to be speakin at @hack_lu about kitten and death stars!! Although, they still didnt tell me what exaclty a keynote is … + +(Originally on Twitter: [Thu Oct 09 09:47:21 +0000 2014](https://twitter.com/adulau/status/520148503562297344)) +---- +@pinkflawd Keynote definition is just like naming malware. Simple in theory but practically impossible. @hack_lu + +(Originally on Twitter: [Thu Oct 09 09:52:21 +0000 2014](https://twitter.com/adulau/status/520149761933189121)) +---- +RT @hack_lu: If you have lightning talks to propose, feel free -> info(AT)hack(DOT)lu - http://2014.hack.lu/index.php/LightningTalks @hack_lu 2014 + +(Originally on Twitter: [Thu Oct 09 21:30:38 +0000 2014](https://twitter.com/adulau/status/520325487818964994)) +---- +@standa_t Looks like a white-box crypto version of the PatchGuard code.... + +(Originally on Twitter: [Fri Oct 10 04:34:19 +0000 2014](https://twitter.com/adulau/status/520432112030470145)) +---- +RT @hack_lu: Talks agenda updated and workshop agenda added http://2014.hack.lu/index.php/Agenda #hacklu #conference #security + +(Originally on Twitter: [Fri Oct 10 17:07:15 +0000 2014](https://twitter.com/adulau/status/520621593345933312)) +---- +RT @hack_lu: hack.lu 2014 CTF page updated http://2014.hack.lu/index.php/CaptureTheFlag #conference #hacklu @fluxfingers + +(Originally on Twitter: [Mon Oct 13 18:22:44 +0000 2014](https://twitter.com/adulau/status/521727752307998720)) +---- +RT @cortesi: Snapception - a Snapchat interceptor built on mitmproxy. https://github.com/thebradbain/snapception + +(Originally on Twitter: [Mon Oct 13 20:35:17 +0000 2014](https://twitter.com/adulau/status/521761111792951297)) +---- +Wondering why I'm searching on Twitter for SSL3-MAC #ssl + +(Originally on Twitter: [Tue Oct 14 09:01:54 +0000 2014](https://twitter.com/adulau/status/521949001890140160)) +---- +RT @circl_lu: CIRCL TR-28 - The SSL protocol 3.0 is vulnerable to a critical padding oracle attack - CVE-2014-3566 http://www.circl.lu/pub/tr-28/ + +(Originally on Twitter: [Wed Oct 15 07:47:37 +0000 2014](https://twitter.com/adulau/status/522292696950779904)) +---- +RT @hack_lu: Did you register for hack.lu 2014? http://2014.hack.lu/index.php/Info still time to do it #conference #hacklu + +(Originally on Twitter: [Wed Oct 15 14:29:19 +0000 2014](https://twitter.com/adulau/status/522393786727804928)) +---- +RT @Pour_EVA: Hack.lu 25/05 @doegox present Belgian elections: a nice electronic voting bug and its port under Linux +http://2014.hack.lu/index.php/LightningTalks#Philippe_Teuwen.2C_25.2F05.2F2014_Belgian_elections:_a_nice_electronic_voting_bug_and_its_port_under_Linux + +(Originally on Twitter: [Wed Oct 15 14:29:54 +0000 2014](https://twitter.com/adulau/status/522393935625596928)) +---- +RT @JanGuth: The next show of #entr0py will include feedbacks from @hack_lu So, come visit us at our booth and be part of our radio show :)… + +(Originally on Twitter: [Thu Oct 16 08:11:35 +0000 2014](https://twitter.com/adulau/status/522661116783374336)) +---- +RT @DoclerHoldingLU: @DoclerHoldingLu's security team will attend @hack_lu workshops & #CTF - Oct.21-24 #Luxembourg http://2014.hack.lu … + +(Originally on Twitter: [Thu Oct 16 08:14:38 +0000 2014](https://twitter.com/adulau/status/522661884202606592)) +---- +@DoclerHoldingLU Cool. Feel free to submit a Lightning Talks to @hack_lu http://2014.hack.lu/index.php/LightningTalks + +(Originally on Twitter: [Thu Oct 16 08:27:02 +0000 2014](https://twitter.com/adulau/status/522665005763002368)) +---- +VoIP tool for calling over Tor using Keccak sponge - interesting but crypto review is still required. https://github.com/gegel/onionphone/ + +(Originally on Twitter: [Thu Oct 16 21:13:22 +0000 2014](https://twitter.com/adulau/status/522857860603338752)) +---- +RT @MozillaCTF: We sincerely recommend checkout out Hack.lu CTF by @fluxfingers next week! Registration is still open: https://t.co/1HHslmV… + +(Originally on Twitter: [Fri Oct 17 14:07:25 +0000 2014](https://twitter.com/adulau/status/523113051500052480)) +---- +It seems that intelmq will be released during @hack_lu 2014 and presented in a lightning talk http://2014.hack.lu/index.php/LightningTalks#intelMQ_-_dataflow_oriented_incident_processing @Kaplan_CERTat + +(Originally on Twitter: [Fri Oct 17 18:32:42 +0000 2014](https://twitter.com/adulau/status/523179815218999296)) +---- +Good feedback about the @Suricata_IDS team when reporting vulnerabilities http://www.insinuator.net/2014/10/a-please-dont-waste-my-time-approach-and-the-sourcefiresnort-evasion/ + +(Originally on Twitter: [Sat Oct 18 16:25:08 +0000 2014](https://twitter.com/adulau/status/523510096585048064)) +---- +RT @hack_lu: A pre-registration desk is foreseen on Monday evening for @hack_lu 2014 - cc @rafi0t + +(Originally on Twitter: [Sun Oct 19 09:53:43 +0000 2014](https://twitter.com/adulau/status/523773981430931456)) +---- +RT @pinkflawd: workin on the _last_ slide for @hack_lu :D lookin forward to see @adulau @rbidule @fredraynal @botherder @eldracote @inbarra… + +(Originally on Twitter: [Mon Oct 20 09:31:14 +0000 2014](https://twitter.com/adulau/status/524130711406903296)) +---- +@pinkflawd @hack_lu Do we need to add a cat in the agenda next to your talk? ;-) + +(Originally on Twitter: [Mon Oct 20 09:32:57 +0000 2014](https://twitter.com/adulau/status/524131145689358336)) +---- +@pinkflawd @hack_lu Mine is too fat to carry to the conference... https://twitter.com/adulau/status/448927117032431616 + +(Originally on Twitter: [Mon Oct 20 09:56:50 +0000 2014](https://twitter.com/adulau/status/524137155795615744)) +---- +RT @cbrocas: Je vous souhaite le meilleur #hacklu possible les amis : @doegox @Regiteric @xme @adulau @r00tbsd @cryptax ! Bises d'Espagne :… + +(Originally on Twitter: [Mon Oct 20 13:08:46 +0000 2014](https://twitter.com/adulau/status/524185455412383744)) +---- +RT @hack_lu: Pre-registration is now open until 20:30 at @hack_lu 2014 - see you there + +(Originally on Twitter: [Mon Oct 20 16:36:26 +0000 2014](https://twitter.com/adulau/status/524237719481102337)) +---- +RT @asta_fish: Being angry at Tails bug report answer. Usability issues are also bugs, goddamn it, take it seriously. + +(Originally on Twitter: [Tue Oct 21 11:43:45 +0000 2014](https://twitter.com/adulau/status/524526449873928192)) +---- +RT @hack_lu: Don't forget the social event at 20:00 today in the hotel. #hacklu @hack_lu + +(Originally on Twitter: [Tue Oct 21 16:02:50 +0000 2014](https://twitter.com/adulau/status/524591648169553920)) +---- +It seems that @pinkflawd at @hack_lu found a French version of the flame malware or a Frenchy "anti-forensic" trick http://securelist.com/blog/incidents/34344/the-flame-questions-and-answers-51/ + +(Originally on Twitter: [Wed Oct 22 07:16:33 +0000 2014](https://twitter.com/adulau/status/524821596188729344)) +---- +RT @Regiteric: @hack_lu @pinkflawd "English is very bad": at least a real proof the malware author is French. + +(Originally on Twitter: [Wed Oct 22 07:17:09 +0000 2014](https://twitter.com/adulau/status/524821745422041088)) +---- +@aris_ada @Regiteric @xme @hack_lu @pinkflawd Don't forget that large French corporations subcontract to Chinese based in Paris underground + +(Originally on Twitter: [Wed Oct 22 07:41:04 +0000 2014](https://twitter.com/adulau/status/524827765607239680)) +---- +Project name in Viper examples "enoughwithpandas" by @botherder at @hack_lu Wondering how @CrowdStrike will name the US-based malware + +(Originally on Twitter: [Wed Oct 22 07:44:32 +0000 2014](https://twitter.com/adulau/status/524828635099062272)) +---- +@lferette @botherder @hack_lu So it looks like that the @hack_lu logo can be used for next @CrowdStrike visuals + +(Originally on Twitter: [Wed Oct 22 07:49:02 +0000 2014](https://twitter.com/adulau/status/524829769998016513)) +---- +RT @hack_lu: @adulau Next time we should ask @CrowdStrike for sponsoring @hack_lu it will be easier for their press-release if the visuals… + +(Originally on Twitter: [Wed Oct 22 07:52:13 +0000 2014](https://twitter.com/adulau/status/524830570258632704)) +---- +Check your passive dns records for all hostname starting with "acs" you can be surprised - TR-069 at @hack_lu + +(Originally on Twitter: [Wed Oct 22 08:45:32 +0000 2014](https://twitter.com/adulau/status/524843989691015168)) +---- +TR-069 fun at @hack_lu - mention of a vendor called draytek http://cve.circl.lu/browse/draytek but there are only CVEs for routers. None for the ACS... + +(Originally on Twitter: [Wed Oct 22 08:57:25 +0000 2014](https://twitter.com/adulau/status/524846980024254464)) +---- +RT @botherder: Viper 1.1 is now available, @hack_lu edition https://github.com/botherder/viper/releases/tag/1.1 http://viper.li + +(Originally on Twitter: [Wed Oct 22 09:04:23 +0000 2014](https://twitter.com/adulau/status/524848730781286400)) +---- +So TR-069, 15% of ISP are using SSL for CPE management... But in the 15% how many are still using SSLv3? 80%? @hack_lu #poodle + +(Originally on Twitter: [Wed Oct 22 09:05:14 +0000 2014](https://twitter.com/adulau/status/524848944627867648)) +---- +RT @hack_lu: Reminder to all speakers - send your presentation or link to the presentation to info (AT) hack (dot) lu + +(Originally on Twitter: [Wed Oct 22 09:32:46 +0000 2014](https://twitter.com/adulau/status/524855873093763072)) +---- +RT @hack_lu: Talk from Paul Jung, " Bypasss sandboxes for fun " is now online http://2014.hack.lu/archive/2014/Bypasss_sandboxes_for_fun.pdf + +(Originally on Twitter: [Wed Oct 22 09:32:52 +0000 2014](https://twitter.com/adulau/status/524855898817449984)) +---- +RT @pinkflawd: 'Support center was not thrilled with an Israeli calling about insecure infrastructure' 0.o no SHIT xD @jifa @hack_lu + +(Originally on Twitter: [Wed Oct 22 09:33:02 +0000 2014](https://twitter.com/adulau/status/524855940773052417)) +---- +RT @hack_lu: @pinkflawd Redirect are "Non-qualifying vulnerabilities" from the Google bounty program.... http://www.google.com/about/appsecurity/reward-program/ @fygrave + +(Originally on Twitter: [Wed Oct 22 09:38:01 +0000 2014](https://twitter.com/adulau/status/524857193813004289)) +---- +RT @veorq: Cybeeeer /cc @cryptopathe ![](media/524857341465071616-B0iqrb9IQAAPUDj.jpg) + +(Originally on Twitter: [Wed Oct 22 09:38:36 +0000 2014](https://twitter.com/adulau/status/524857341465071616)) +---- +Radamsa fuzzer mentioned by the @quarkslab speaker at @hack_lu https://www.ee.oulu.fi/research/ouspg/Radamsa + +(Originally on Twitter: [Wed Oct 22 10:25:01 +0000 2014](https://twitter.com/adulau/status/524869024438845440)) +---- +RT @0xmaro: The tools I used in my presentation "against" #FinSpy on @hack_lu has been released here: http://finspy.marosi.hu/tools-for-finspy/ + +(Originally on Twitter: [Wed Oct 22 10:32:07 +0000 2014](https://twitter.com/adulau/status/524870810314768384)) +---- +Windows USBSTOR.sys (USBSTOR_SelectConfiguration) interesting bug found by @quarkslab with their fuzzing framework presented at @hack_lu + +(Originally on Twitter: [Wed Oct 22 10:34:38 +0000 2014](https://twitter.com/adulau/status/524871442375385089)) +---- +RT @hack_lu: Belgian election at @hack_lu and the #bug2505 https://2014.hack.lu/index.php/LightningTalks#Philippe_Teuwen.2C_25.2F05.2F2014_Belgian_elections:_a_nice_electronic_voting_bug_and_its_port_under_Linux #evoting #infosec + +(Originally on Twitter: [Wed Oct 22 11:39:24 +0000 2014](https://twitter.com/adulau/status/524887742455771136)) +---- +epona obfuscation tool based on llvm looks really nice by @quarkslab will you release it? + +(Originally on Twitter: [Wed Oct 22 12:07:39 +0000 2014](https://twitter.com/adulau/status/524894852530864129)) +---- +RT @hack_lu: Keynote TS/NOFORN from @pinkflawd at @hack_lu 2014 is now online http://2014.hack.lu/archive/2014/TSNOFORN.pdf + +(Originally on Twitter: [Wed Oct 22 12:10:56 +0000 2014](https://twitter.com/adulau/status/524895680142508032)) +---- +@fredraynal The obfuscation demo done with a sample encryption function at @hack_lu was really impressive @quarkslab + +(Originally on Twitter: [Wed Oct 22 12:17:56 +0000 2014](https://twitter.com/adulau/status/524897439023894528)) +---- +@xme Yes it's 2014. Every single crappy devices are connected... @hack_lu + +(Originally on Twitter: [Thu Oct 23 07:25:09 +0000 2014](https://twitter.com/adulau/status/525186144703873024)) +---- +IMAJS by @therealsaumil valid image and valid javascript at the same time. You might want to go back to the Lynx web browser... @hack_lu + +(Originally on Twitter: [Thu Oct 23 07:53:54 +0000 2014](https://twitter.com/adulau/status/525193382227107840)) +---- +RT @hack_lu: Internet Scanning Research on 0/0 by @repmovsb at @hack_lu 2014 slides are now online + http://2014.hack.lu/archive/2014/hacklu2014_internet_scanning_mschloesser.pdf + +(Originally on Twitter: [Thu Oct 23 08:11:10 +0000 2014](https://twitter.com/adulau/status/525197727874158592)) +---- +IcoScript malware and how to do detection with Suricata presented at @hack_lu https://www.virusbtn.com/virusbulletin/archive/2014/08/vb201408-IcoScript + +(Originally on Twitter: [Thu Oct 23 08:54:34 +0000 2014](https://twitter.com/adulau/status/525208647555883008)) +---- +RT @repmovsb: @hack_lu I can recommend further reading on recently published misconfiguration issues https://community.rapid7.com/community/metasploit/blog/2014/10/21/r7-2014-17-nat-pmp-implementation-and-configuration-vulnerabilities and https://t.… + +(Originally on Twitter: [Thu Oct 23 08:54:41 +0000 2014](https://twitter.com/adulau/status/525208677356412928)) +---- +@Regiteric and @r00tbsd mentions the importance of using Passive DNS data to proper create detection rules for malware at @hack_lu + +(Originally on Twitter: [Thu Oct 23 09:02:03 +0000 2014](https://twitter.com/adulau/status/525210531117142016)) +---- +Great talks about the lessons learned in Ukraine from the security incidents at @hack_lu 2014 #ukraineunderattack + +(Originally on Twitter: [Thu Oct 23 10:20:39 +0000 2014](https://twitter.com/adulau/status/525230314525036544)) +---- +RT @Regiteric: #scirius is now using bootstrap for CSS. Thanks @cvandeplas and @adulau for proposing me to use that. #suricata http://t.co/… + +(Originally on Twitter: [Thu Oct 23 12:34:19 +0000 2014](https://twitter.com/adulau/status/525263952679538688)) +---- +RT @haxelion: @adulau @rafi0t Our wonderful hot beers served in ice ;-) ![](media/525528717989511168-B0pxwPIIEAAM6GX.jpg) + +(Originally on Twitter: [Fri Oct 24 06:06:24 +0000 2014](https://twitter.com/adulau/status/525528717989511168)) +---- +The case of the modified binaries at tor exit nodes in Russia http://www.leviathansecurity.com/blog/the-case-of-the-modified-binaries/ remind me of TorInj http://arxiv.org/abs/1208.2877 ;-) + +(Originally on Twitter: [Fri Oct 24 07:12:14 +0000 2014](https://twitter.com/adulau/status/525545285700042752)) +---- +RT @_Quack1: Faites vraiment gaffe avec Tor. Les admin des nœuds de sortie peuvent **tout** faire avec votre trafic http://arxiv.org/abs/1208.2877 … + +(Originally on Twitter: [Fri Oct 24 07:40:47 +0000 2014](https://twitter.com/adulau/status/525552467845861376)) +---- +RT @GI_Steve: Very nice @hack_lu edition !!! Good talks and very interesting workshops !!! Thks to the organisation team @adulau & Co + +(Originally on Twitter: [Fri Oct 24 10:28:37 +0000 2014](https://twitter.com/adulau/status/525594704155803648)) +---- +RT @hack_lu: Note in your agenda! Next hack.lu 2015 will be 20-22 October 2015 #conference #hacklu #Luxembourg + +(Originally on Twitter: [Fri Oct 24 10:28:50 +0000 2014](https://twitter.com/adulau/status/525594760359477249)) +---- +RT @pinkflawd: Can we, next year, maybe have a 2-week @hack_lu ? Please? Just because SO much fun, very awesome. Wow. + +(Originally on Twitter: [Fri Oct 24 15:46:55 +0000 2014](https://twitter.com/adulau/status/525674805790801920)) +---- +RT @pinkflawd: @r00tbsd @adulau why, when its two weeks he has a realistic chance of getting SOME hours of sleep ^^ + +(Originally on Twitter: [Fri Oct 24 15:47:14 +0000 2014](https://twitter.com/adulau/status/525674885998456832)) +---- +Maybe the @torproject could propose a default tor exit node injector to inform about the risks to not use end-to-end encrypted sessions. + +(Originally on Twitter: [Sat Oct 25 09:14:56 +0000 2014](https://twitter.com/adulau/status/525938548328124416)) +---- +The great presentation from @therealsaumil about hacking with pictures done at @hack_lu 2014 is online http://2014.hack.lu/archive/2014/hacking_with_pictures.pdf + +(Originally on Twitter: [Sat Oct 25 09:19:26 +0000 2014](https://twitter.com/adulau/status/525939682543022080)) +---- +RT @pinkflawd: Oh and just to be sure, I put a backup of the Bunny talk slides here http://www.slideshare.net/pinkflawd/tsnoforn enjoy :) + +(Originally on Twitter: [Sat Oct 25 09:28:26 +0000 2014](https://twitter.com/adulau/status/525941949551763456)) +---- +RT @pinkflawd: AV detection for Suspect #1 from this week's Bunny talk went from 0 to 6 https://www.virustotal.com/de/file/4f4b484acc053687d6e4365f0f19e926b1a44cc665182aa6b9417fa43264b240/analysis/1414226099/ - we're getting there :) + +(Originally on Twitter: [Sat Oct 25 09:28:33 +0000 2014](https://twitter.com/adulau/status/525941976697667584)) +---- +RT @eldracote: .@hack_lu is over... But the memory remains in the streets of luxemburg! ![](media/526034913087488001-B0zXL_NCEAAbK3n.jpg) + +(Originally on Twitter: [Sat Oct 25 15:37:51 +0000 2014](https://twitter.com/adulau/status/526034913087488001)) +---- +A small picture taken at @Hack4Kids of kids and adults learning with computers https://www.flickr.com/photos/adulau/15438261867/ #photography + +(Originally on Twitter: [Sat Oct 25 16:10:43 +0000 2014](https://twitter.com/adulau/status/526043185748140032)) +---- +RT @pinkflawd: @botherder 's Viper even protects your privacy !!1! ![](media/526078966495707136-B0zjxMYIAAA_uWs.jpg) + +(Originally on Twitter: [Sat Oct 25 18:32:54 +0000 2014](https://twitter.com/adulau/status/526078966495707136)) +---- +Photography a solitary art? http://www.foo.be/photoblog/posts/photography-a-solitary-art.html #photography + +(Originally on Twitter: [Sat Oct 25 20:48:27 +0000 2014](https://twitter.com/adulau/status/526113077432184832)) +---- +RT @H_Miser: I recommend you to spend some time on @adulau ’s Flickr https://www.flickr.com/photos/adulau/ ! Very nice pictures ! + +(Originally on Twitter: [Sat Oct 25 20:58:30 +0000 2014](https://twitter.com/adulau/status/526115607830626304)) +---- +@H_Miser Thank you very much. + +(Originally on Twitter: [Sat Oct 25 20:59:38 +0000 2014](https://twitter.com/adulau/status/526115894163173376)) +---- +RT @ncaproni: Cyber attacks in Ukraine during revolution and Russian intervention http://buff.ly/1zrAms8 #PDF #HackLu par @APWG + +(Originally on Twitter: [Sun Oct 26 09:22:01 +0000 2014](https://twitter.com/adulau/status/526302718596755457)) +---- +RT @xme: Already optimised my #ELK home instance tx to the advices provided by @cvandeplas during his #hacklu workshop! + +(Originally on Twitter: [Sun Oct 26 09:22:13 +0000 2014](https://twitter.com/adulau/status/526302771008782336)) +---- +@Vigdis_ Les injections malveillantes sont présentes mais les utilisateurs Tor sont rarement informés du risque sauf s'ils lisent la FAQ. + +(Originally on Twitter: [Sun Oct 26 11:27:54 +0000 2014](https://twitter.com/adulau/status/526334401287061504)) +---- +@Vigdis_ Ben oui c'est pour cela qu'une bonne injection avec un gros javascript qui pue c'est tjs mieux que le manuel ;-) + +(Originally on Twitter: [Mon Oct 27 17:11:49 +0000 2014](https://twitter.com/adulau/status/526783337890078720)) +---- +Thanks to @yanntiersen and his band for the incredible live at @ABconcerts ![](media/526797086902476800-B0-PKFnIAAAttpk.jpg) + +(Originally on Twitter: [Mon Oct 27 18:06:27 +0000 2014](https://twitter.com/adulau/status/526797086902476800)) +---- +RT @RUVfrettir: Winter greets the #icelandicvolcano in Holuhraun. (Pic: K.Langenberger/IES) http://www.ruv.is/frett/winter-arrives-at-holuhraun ![](media/526817541923274752-BysxZR2CYAAh_Ek.jpg) + +(Originally on Twitter: [Mon Oct 27 19:27:44 +0000 2014](https://twitter.com/adulau/status/526817541923274752)) +---- +RT @hack_lu: Slides of "Offline bruteforce attack on WiFi Protected Setup" done by @Reversity at @hack_lu 2014 are online http://t.co/Vzvj… + +(Originally on Twitter: [Mon Oct 27 19:38:13 +0000 2014](https://twitter.com/adulau/status/526820178815119361)) +---- +@SteveClement Belgian pipes are everywhere ;-) + +(Originally on Twitter: [Tue Oct 28 12:37:34 +0000 2014](https://twitter.com/adulau/status/527076707321536512)) +---- +RT @circl_lu: Python MISP library documentation available http://www.circl.lu/assets/files/PyMISP.pdf to import MISP events into your devices or SIEMs http://t… + +(Originally on Twitter: [Wed Oct 29 10:11:38 +0000 2014](https://twitter.com/adulau/status/527402371769716736)) +---- +RT @Sebdraven: People have discovered that with it's possible to spread malware. Read this paper of @adulau http://www.foo.be/torinj/ + +(Originally on Twitter: [Wed Oct 29 21:16:16 +0000 2014](https://twitter.com/adulau/status/527569632652460033)) +---- +RT @mrkoot: Creating a Total Army Cyber Force: How to Integrate the Reserve Component into the Cyber Fight (.pdf, Sep 2014) http://t.co/fHF… + +(Originally on Twitter: [Thu Oct 30 08:08:59 +0000 2014](https://twitter.com/adulau/status/527733893907349504)) +---- +Malware “Ecology” Viewed as Ecological Succession: Historical Trends and Future Prospects http://arxiv.org/pdf/1410.8082v1.pdf + +(Originally on Twitter: [Thu Oct 30 10:21:04 +0000 2014](https://twitter.com/adulau/status/527767130767654912)) +---- +RT @rafi0t: Wow, #Pidgin prior to 2.10.10 does not validate TLS certs properly, allowing MITM attacks => http://cve.circl.lu/cve/CVE-2014-3694 + +(Originally on Twitter: [Thu Oct 30 13:17:17 +0000 2014](https://twitter.com/adulau/status/527811478712483840)) +---- +RT @_saadk: Attribution of Internet attacks is unfair to way too many animals. Pandas & bears grab the spotlight away from eagles, roosters… + +(Originally on Twitter: [Fri Oct 31 07:50:38 +0000 2014](https://twitter.com/adulau/status/528091664620191744)) +---- +@_saadk For roosters or other ;-), I suppose you saw the slide 42 of the following presentation http://archive.hack.lu/2014/TSNOFORN.pdf given @hack_lu + +(Originally on Twitter: [Fri Oct 31 07:52:34 +0000 2014](https://twitter.com/adulau/status/528092147988590592)) +---- +RT @rafi0t: @pinkflawd True. Malware authors should meet basic quality level to avoid too boring tools. @adulau has some ideas: https://t.c… + +(Originally on Twitter: [Fri Oct 31 13:11:10 +0000 2014](https://twitter.com/adulau/status/528172326442242048)) +---- +@abditum @thegrugq We want fuzzbang back! + +(Originally on Twitter: [Fri Oct 31 20:02:06 +0000 2014](https://twitter.com/adulau/status/528275740232806402)) +---- +Surveillance and photography - People are often scared with a street photographer but don't care of cctv... https://www.flickr.com/photos/adulau/15680439035/ + +(Originally on Twitter: [Sat Nov 01 12:34:36 +0000 2014](https://twitter.com/adulau/status/528525514416619520)) +---- +RT @doegox: Zooming is nsfw! Google Images, you should tune your algos... (was searching for an old map of my city) ![](media/528939467340804097-B1cpZY0CAAAkXwH.png) + +(Originally on Twitter: [Sun Nov 02 15:59:30 +0000 2014](https://twitter.com/adulau/status/528939467340804097)) +---- +@tomchop_ Good idea. So we'll use Garamond typefaces very soon in that case. @rafi0t @pinkflawd @thegrugq + +(Originally on Twitter: [Sun Nov 02 21:26:12 +0000 2014](https://twitter.com/adulau/status/529021680593940481)) +---- +@AcidRampage Both. Don't forget that the majority of public CCTV are subcontracted to private companies. + +(Originally on Twitter: [Mon Nov 03 12:42:07 +0000 2014](https://twitter.com/adulau/status/529252181724377088)) +---- +"An Unprecedented Look at Stuxnet, the World’s First Digital Weapon" I thought the first ones were the US mainframes sold to Russia in 80... + +(Originally on Twitter: [Mon Nov 03 19:27:12 +0000 2014](https://twitter.com/adulau/status/529354122148196352)) +---- +I think we are close to a revolution in #Belgium Tea is now officially taxed as an excise tax... cc @doegox http://fiscus.fgov.be/interfdanl/fr/accijnzen/downloads/2014-08-09-operateurs-the-fr.pdf + +(Originally on Twitter: [Tue Nov 04 18:01:22 +0000 2014](https://twitter.com/adulau/status/529694911017517056)) +---- +@ddurvaux Illegal drugs are not taxed. So there are still plenty of opportunities for the Belgian government. + +(Originally on Twitter: [Tue Nov 04 21:26:54 +0000 2014](https://twitter.com/adulau/status/529746632695635969)) +---- +@ddurvaux I have a preference for the drugs taxes. Maybe I see it as an innovation opportunity.... + +(Originally on Twitter: [Tue Nov 04 21:31:17 +0000 2014](https://twitter.com/adulau/status/529747739320786944)) +---- +RT @circl_lu: How I made two PHP files with the same MD5 hash + http://natmchugh.blogspot.co.uk/2014/10/how-i-made-two-php-files-with-same-md5.html + +(Originally on Twitter: [Wed Nov 05 14:02:39 +0000 2014](https://twitter.com/adulau/status/529997221056765953)) +---- +RT @doegox: One more reason to visit you at Luxembourg RT @adulau: [...] Tea is now officially taxed as an excise tax... http://t.co/3JInOv… + +(Originally on Twitter: [Wed Nov 05 21:09:04 +0000 2014](https://twitter.com/adulau/status/530104534409150464)) +---- +RT @CERTXMCO: [BLOG] Retour sur l'édition 2014 de la @hack_lu (Jour 3) http://bit.ly/10VuB78 + +(Originally on Twitter: [Wed Nov 05 21:23:38 +0000 2014](https://twitter.com/adulau/status/530108201946324993)) +---- +RT @circl_lu: First version of the Python library to access CIRCL Passive DNS and compatible COF format passive DNS https://github.com/CIRCL/PyPDNS… + +(Originally on Twitter: [Thu Nov 06 16:29:39 +0000 2014](https://twitter.com/adulau/status/530396603988070400)) +---- +So @digicert want to have a stronger policy for issuing .onion certificates https://blog.digicert.com/anonymous-facebook-via-tor/ but they issue certs for malware... + +(Originally on Twitter: [Fri Nov 07 08:46:14 +0000 2014](https://twitter.com/adulau/status/530642369344180224)) +---- +@digicert Like 33fcd12eec2d4399ce88a034be7fdd72 or 83d8ff3165aeb2779513dba3d4f5565d + +(Originally on Twitter: [Fri Nov 07 08:52:20 +0000 2014](https://twitter.com/adulau/status/530643904140677120)) +---- +@doegox Is it better to trust a single program accessing a private key on the fs? or a daemon handling private key management? @veorq + +(Originally on Twitter: [Fri Nov 07 10:43:50 +0000 2014](https://twitter.com/adulau/status/530671966110629889)) +---- +@doegox I tend to agree if the model is close to the Postfix way of segregating thing. Maybe it's time to review it more closely... @veorq + +(Originally on Twitter: [Fri Nov 07 13:08:20 +0000 2014](https://twitter.com/adulau/status/530708328318795776)) +---- +@r00tbsd You use way too much proxies in exotic countries.... @virustotal @googlemaps + +(Originally on Twitter: [Fri Nov 07 13:09:43 +0000 2014](https://twitter.com/adulau/status/530708676571824129)) +---- +RT @jnazario: The Django project is investigating a claim of unauthorized server access #breech https://twitter.com/ubernostrum/status/531048837406662657 + +(Originally on Twitter: [Sat Nov 08 15:01:42 +0000 2014](https://twitter.com/adulau/status/531099244909047808)) +---- +@flavmartins It's MD5 of the binaries. Serial of the certs are the following 07 A9 B4 13 C3 68 2E AA 77 B8 5B 05 33 81 E9 95 cc/ @jrelvidge + +(Originally on Twitter: [Sat Nov 08 15:04:15 +0000 2014](https://twitter.com/adulau/status/531099889737146369)) +---- +@flavmartins and the serial 06 C0 BB B9 09 99 72 9C 33 56 0E C1 8A 20 32 61. I have some more. Is there a way to submit these? @jrelvidge + +(Originally on Twitter: [Sat Nov 08 15:05:36 +0000 2014](https://twitter.com/adulau/status/531100227563171840)) +---- +@flavmartins Great, thank you for the quick revocation. @jrelvidge + +(Originally on Twitter: [Sat Nov 08 15:39:50 +0000 2014](https://twitter.com/adulau/status/531108841807941633)) +---- +@Cryptomeorg The myth of regulating software usage... So EU will build their own ITAR in the future and use it as market protection @mrkoot + +(Originally on Twitter: [Sat Nov 08 16:19:50 +0000 2014](https://twitter.com/adulau/status/531118910792548352)) +---- +@mrkoot If it's only harmonization, it's just for Cyprus (the only EU member didn't sign Wassenaar). http://www.pastebin.lu/geqibegesa.coffeer @Cryptomeorg + +(Originally on Twitter: [Sun Nov 09 09:18:34 +0000 2014](https://twitter.com/adulau/status/531375283040178176)) +---- +@Shiftreduce Looks promising... #theunknowndataset + +(Originally on Twitter: [Sun Nov 09 09:20:55 +0000 2014](https://twitter.com/adulau/status/531375873472331776)) +---- +RT @antisnatchor: Oh look, from Russia with love! https://github.com/beefproject/beef/pull/1066 < DNS and ETag covert channels in @beefproject . большое спасибо … + +(Originally on Twitter: [Sun Nov 09 09:43:33 +0000 2014](https://twitter.com/adulau/status/531381571354652672)) +---- +@JoinGlobalCause In your definition, what's the difference between unlawful surveillance exports and lawful ones? @mrkoot @Cryptomeorg + +(Originally on Twitter: [Sun Nov 09 21:18:54 +0000 2014](https://twitter.com/adulau/status/531556560393474049)) +---- +It seems that the @Wikimedia foundation is running a Tor relay https://atlas.torproject.org/#details/DB19E709C9EDB903F75F2E6CA95C84D637B62A02 maybe an exit node soon... + +(Originally on Twitter: [Mon Nov 10 09:23:43 +0000 2014](https://twitter.com/adulau/status/531738965112786944)) +---- +RT @circl_lu: The threat assessment of G20 2014 done by @CrowdStrike http://resources.crowdstrike.com/threatassessment/ show USB infected devices. -> CIRCLean https://… + +(Originally on Twitter: [Mon Nov 10 14:02:10 +0000 2014](https://twitter.com/adulau/status/531809038598950912)) +---- +RT @quarkslab: We are glad to announce @Quarkslab's new CSO, Marion Videau (@cry_cry_pto ), will be here by the beginning of 2015. Crypto++ + +(Originally on Twitter: [Mon Nov 10 15:46:37 +0000 2014](https://twitter.com/adulau/status/531835325480722432)) +---- +RT @pacohope: This tweet intentionally left blank. (Brilliant research) http://files.figshare.com/1780735/Intentionally_Left_Blank__final.pdf ![](media/531916863820021762-B10wIcEIUAAoT3z.jpg) + +(Originally on Twitter: [Mon Nov 10 21:10:37 +0000 2014](https://twitter.com/adulau/status/531916863820021762)) +---- +@fo0_ La neutralité du net est un excellent concept pour s'assurer d'une source continue et de qualité pour l'interception. @UnGarage + +(Originally on Twitter: [Mon Nov 10 21:26:26 +0000 2014](https://twitter.com/adulau/status/531920842650054656)) +---- +Policies, rules and laws are outside the boundaries of computer and network exploitation. Don't expect any legislative miracles... #cne + +(Originally on Twitter: [Mon Nov 10 21:34:54 +0000 2014](https://twitter.com/adulau/status/531922974505730050)) +---- +@securescientist ITAR, Wassenaar Arrangement is just there to limit security research and continue legally CNE... https://www.usenix.org/system/files/login/articles/wassenaar.pdf + +(Originally on Twitter: [Tue Nov 11 08:59:34 +0000 2014](https://twitter.com/adulau/status/532095276870557696)) +---- +@securescientist Governments will continue to perform CNE with or without law. This is a matter of fact. Malware don't follow regulation. + +(Originally on Twitter: [Tue Nov 11 09:01:37 +0000 2014](https://twitter.com/adulau/status/532095791142543360)) +---- +https://github.com/google/timesketch Timesketch is an experimental, proof of concept open source tool for collaborative forensic time-line analysis. + +(Originally on Twitter: [Tue Nov 11 10:46:47 +0000 2014](https://twitter.com/adulau/status/532122259574779905)) +---- +RT @circl_lu: Technical analysis of client identification mechanisms #privacy #browser + https://sites.google.com/a/chromium.org/dev/Home/chromium-security/client-identification-mechanisms + +(Originally on Twitter: [Tue Nov 11 12:42:14 +0000 2014](https://twitter.com/adulau/status/532151312478380032)) +---- +http://bgpranking.circl.lu/asn_details?date=;source=;asn=64097;ip_details=189.203.240.0/24 BGP ASN 64097 seems to be a very "nice" actor of the Internet... someone already in touch with them? #infosec + +(Originally on Twitter: [Tue Nov 11 13:14:31 +0000 2014](https://twitter.com/adulau/status/532159438669758464)) +---- +just committed various fixes to cve-search https://github.com/adulau/cve-search + +(Originally on Twitter: [Tue Nov 11 21:41:02 +0000 2014](https://twitter.com/adulau/status/532286905036324865)) +---- +RT @circl_lu: Critical Vulnerability in Schannel Could Allow Remote Code Execution in Windows https://technet.microsoft.com/library/security/ms14-066 + +(Originally on Twitter: [Tue Nov 11 21:46:28 +0000 2014](https://twitter.com/adulau/status/532288274749206528)) +---- +RT @quarkslab: [BLOG] Abusing Samsung KNOX to remotely install a malicious application by @andremoulu http://blog.quarkslab.com/abusing-samsung-knox-to-remotely-install-a-malicious-application-story-of-a-half-patched-vulnerability.html #Mobile #Pwn2… + +(Originally on Twitter: [Tue Nov 11 21:47:43 +0000 2014](https://twitter.com/adulau/status/532288588365717504)) +---- +RT @FredericJacobs: Chatting with friends in a TextSecure group chat from the command line. Building the command-line PoC took 30 min with … + +(Originally on Twitter: [Wed Nov 12 12:20:44 +0000 2014](https://twitter.com/adulau/status/532508288165101568)) +---- +@kerouanton The serial 33 00 00 00 4E A1 D8 07 70 A9 BB E9 44 00 00 00 00 00 4E is indeed signed by a valid CA from Microsoft @ericfreyss + +(Originally on Twitter: [Thu Nov 13 10:27:08 +0000 2014](https://twitter.com/adulau/status/532842089005207552)) +---- +@dragosr or CIRCLean which is a free independent hardware solution to convert content of untrusted USB keys http://www.circl.lu/projects/CIRCLean/ @wopot + +(Originally on Twitter: [Thu Nov 13 10:38:30 +0000 2014](https://twitter.com/adulau/status/532844948211916800)) +---- +https://firstlook.org/theintercept/2014/11/12/stuxnet/ "NetLock, a “certificate authority” in Hungary" compromised by DuQu malware... Where is the statement of NetLock? + +(Originally on Twitter: [Thu Nov 13 13:52:48 +0000 2014](https://twitter.com/adulau/status/532893848532684800)) +---- +@buherator No clue beside the TheIntercept article. If you find it, let me know. @DrWhax + +(Originally on Twitter: [Thu Nov 13 14:16:27 +0000 2014](https://twitter.com/adulau/status/532899800258469888)) +---- +@cbrocas Merci Christophe ;-) La prochaine fois que je te vois, je mets une chemise.... @Sebdraven @ProjectHoneynet + +(Originally on Twitter: [Fri Nov 14 19:35:48 +0000 2014](https://twitter.com/adulau/status/533342553266200576)) +---- +Surveillance Camera Versus Photography http://www.foo.be/photoblog/posts/surveillance-camera-versus-photography.html #photography #privacy + +(Originally on Twitter: [Fri Nov 14 22:17:57 +0000 2014](https://twitter.com/adulau/status/533383361386250240)) +---- +RT @veorq: slides of my #ZeroNights talk 'cryptocoding v2' http://aumasson.jp/data/talks/cryptocodingv2_zn14.pdf + +(Originally on Twitter: [Sat Nov 15 09:13:54 +0000 2014](https://twitter.com/adulau/status/533548435287576576)) +---- +The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations... http://cve.circl.lu/cve/CVE-2014-3689 + +(Originally on Twitter: [Sat Nov 15 11:23:11 +0000 2014](https://twitter.com/adulau/status/533580970335961088)) +---- +RT @ioerror: #Tor users - @RogerDingledine wrote a nice blog post on Traffic correlation using netflows: https://blog.torproject.org/blog/traffic-correlation-using-netflows + +(Originally on Twitter: [Sat Nov 15 11:26:14 +0000 2014](https://twitter.com/adulau/status/533581738304630784)) +---- +RT @ioerror: @jdormansteele @puellavulnerata I actually find @Cryptomeorg to be useful for the world. Lots of fun too. + +(Originally on Twitter: [Sat Nov 15 12:17:15 +0000 2014](https://twitter.com/adulau/status/533594577840918528)) +---- +RT @jakemitchell: Should be required signage in every conference room ![](media/533659895137337345-Bu25PM-CAAAXNiD.jpg) + +(Originally on Twitter: [Sat Nov 15 16:36:48 +0000 2014](https://twitter.com/adulau/status/533659895137337345)) +---- +RT @erwinkooi: @k8em0 @edskoudis @SANSInstitute @SANSJen now why was my first reaction "hey a @hack_lu sticker"... + +(Originally on Twitter: [Sat Nov 15 16:38:10 +0000 2014](https://twitter.com/adulau/status/533660239262797825)) +---- +@dragosr As the hardware (raspberryPi) is independent for the target system, the adversary will need to pwn the USB chips of 2nd key @wopot + +(Originally on Twitter: [Sun Nov 16 10:16:14 +0000 2014](https://twitter.com/adulau/status/533926509443313665)) +---- +@dragosr Phison 2251-03 PoC or CM-I/II/II would need to compromise the rPI before. The adversary might shift to parser exploitation @wopot + +(Originally on Twitter: [Sun Nov 16 10:23:53 +0000 2014](https://twitter.com/adulau/status/533928435253792768)) +---- +@botherder Piazza De Angeli 3, 20146 Milano... The EU HQ is at the same address of photo discount, Milano. Everything looks fine... + +(Originally on Twitter: [Sun Nov 16 10:44:16 +0000 2014](https://twitter.com/adulau/status/533933563003940865)) +---- +@taziden Les dispositifs de contrôle ne fonctionne pas. Donc une autre approche? -> http://www.foo.be/eavesdropping-what-to-do/ @mediapart @JeromeHourdeaux + +(Originally on Twitter: [Sun Nov 16 11:15:39 +0000 2014](https://twitter.com/adulau/status/533941463579906048)) +---- +RT @_Quack1: Très bons arguments contre le watermarking et comment mieux partager ses photos, par @adulau http://www.foo.be/photoblog/posts/watermarking-or-how-to-destroy-your-work.html + +(Originally on Twitter: [Sun Nov 16 15:10:29 +0000 2014](https://twitter.com/adulau/status/534000561889112066)) +---- +@electrospaces Nice work. Do you think with the current public info would help to map REDHARVEST partners? @bartblaze + +(Originally on Twitter: [Sun Nov 16 15:34:10 +0000 2014](https://twitter.com/adulau/status/534006519386607616)) +---- +RT @electrospaces: NEW: List of Codewords and Abbreviations from past and present used by the German intelligence service #BND: http://t.co… + +(Originally on Twitter: [Sun Nov 16 15:36:51 +0000 2014](https://twitter.com/adulau/status/534007193322790912)) +---- +Another Orval beer for @r00tbsd https://www.flickr.com/photos/adulau/15801940591/ + +(Originally on Twitter: [Sun Nov 16 17:26:37 +0000 2014](https://twitter.com/adulau/status/534034820704120832)) +---- +RT @pinkflawd: As promised various times, I finally did a write-up for the EvilBunny malware presented at @hack_lu - stay tuned for the tit… + +(Originally on Twitter: [Mon Nov 17 22:14:45 +0000 2014](https://twitter.com/adulau/status/534469718695235584)) +---- +RT @circl_lu: "The only way a domain compromise can be remediated with a high level of certainty is a complete rebuild of it." http://t.co/… + +(Originally on Twitter: [Wed Nov 19 08:07:16 +0000 2014](https://twitter.com/adulau/status/534981220061708289)) +---- +Hey guys, 5 layers of proxies for operating your ex-filtration ops. Nice job but never underestimate the perseverance of some analysts. + +(Originally on Twitter: [Wed Nov 19 20:51:12 +0000 2014](https://twitter.com/adulau/status/535173466484649984)) +---- +RT @Praetorium1: Photo: A bomb or an IED by Alexandre Dulaunoy on Flickr. http://tmblr.co/Z6CCfx1UjRnaS + +(Originally on Twitter: [Wed Nov 19 21:25:35 +0000 2014](https://twitter.com/adulau/status/535182121061867520)) +---- +RT @cryptoron: CrytoPHP: Thousands of backdoored Wordpress, Joomla & Drupal websites used for Blackhack SEO. Report and IOC: http://t.co/5G… + +(Originally on Twitter: [Thu Nov 20 10:22:13 +0000 2014](https://twitter.com/adulau/status/535377565436116992)) +---- +RT @ClausHoumann: Quote @adulau : "if you're connecting insecure or misconfigured devices on the Internet, you might be helping the bad guy… + +(Originally on Twitter: [Thu Nov 20 16:32:57 +0000 2014](https://twitter.com/adulau/status/535470867325943808)) +---- +RT @pinkflawd: As promised, EvilBunny: Suspect #4 documented and finally online http://0x1338.blogspot.co.at/2014/11/hunting-bunnies.html - Hunting Bunnies. I mean it. + +(Originally on Twitter: [Thu Nov 20 18:20:56 +0000 2014](https://twitter.com/adulau/status/535498038648004608)) +---- +RT @botherder: As usual, instead of constructive feedback and help, the security community brings hate. Thanks a lot. + +(Originally on Twitter: [Thu Nov 20 21:39:56 +0000 2014](https://twitter.com/adulau/status/535548120139329536)) +---- +Looking for crazy ideas for the @hack_lu 2015 logo. Should we modify the NSA-based logo into a GCHQ-based logo for the next edition? ;-) + +(Originally on Twitter: [Thu Nov 20 22:15:17 +0000 2014](https://twitter.com/adulau/status/535557015788351490)) +---- +RT @latrive: Les députés ne veulent pas d'une définition positive du domaine public http://pocket.co/su9A9 + +(Originally on Twitter: [Sun Nov 23 08:22:28 +0000 2014](https://twitter.com/adulau/status/536434596012105729)) +---- +@botherder @cBekrar Change the objective of the product to "asset tracking or recovery" or ask for the EU license, it could be granted. + +(Originally on Twitter: [Sun Nov 23 14:18:32 +0000 2014](https://twitter.com/adulau/status/536524203592515585)) +---- +@botherder I'm sure Luxembourg could find creative business model if needed... @cBekrar + +(Originally on Twitter: [Sun Nov 23 14:35:38 +0000 2014](https://twitter.com/adulau/status/536528506642239488)) +---- +@botherder export controls is a tool for States to control their local businesses. We are back to the old-crypto control discussion... + +(Originally on Twitter: [Sun Nov 23 14:46:44 +0000 2014](https://twitter.com/adulau/status/536531297725075456)) +---- +@botherder Not sure. It was the argumentation against export of crypto in the nineties by the Commerce Department. + +(Originally on Twitter: [Sun Nov 23 14:52:45 +0000 2014](https://twitter.com/adulau/status/536532813051600896)) +---- +@botherder My main fear is the move of the various governments to reintroduce crypto throughout the "intrusion software" class. + +(Originally on Twitter: [Sun Nov 23 14:53:59 +0000 2014](https://twitter.com/adulau/status/536533121735618561)) +---- +@tqbf Mojolicious had many vulnerabilities but I don't recall RCE. But it's time to find one or more. + +(Originally on Twitter: [Sun Nov 23 16:35:14 +0000 2014](https://twitter.com/adulau/status/536558604669960197)) +---- +RT @halvarflake: I really should write in detail why the 0day regulation is harmful; with my other obligations I don't see this happening b… + +(Originally on Twitter: [Sun Nov 23 18:42:12 +0000 2014](https://twitter.com/adulau/status/536590554319323139)) +---- +RT @gmillard: Highly advanced trojan discovered. Researchers digging into Regin #infosec http://arstechnica.com/security/2014/11/highly-advanced-backdoor-trojan-cased-high-profile-targets-for-years/ ![](media/536591229862297601-B3JNTxACUAAeF7W.jpg) + +(Originally on Twitter: [Sun Nov 23 18:44:53 +0000 2014](https://twitter.com/adulau/status/536591229862297601)) +---- +RT @virusbtn: Hunting bunnies: @pinkflawd on 'EvilBunny', one of the malware samples she spoke about at @hack_lu http://0x1338.blogspot.co.uk/2014/11/hunting-bunnies.html + +(Originally on Twitter: [Sun Nov 23 20:10:36 +0000 2014](https://twitter.com/adulau/status/536612803621429248)) +---- +Why would you need attribution? When you have the trojan requirements document. Or maybe the real attackers are sick enough to write doc.... + +(Originally on Twitter: [Sun Nov 23 20:32:38 +0000 2014](https://twitter.com/adulau/status/536618348763955201)) +---- +RT @circl_lu: Regin indicators are shared in the CIRCL threat indicators sharing platform http://www.circl.lu/services/misp-malware-information-sharing-platform/ #regin #apt + +(Originally on Twitter: [Mon Nov 24 07:26:09 +0000 2014](https://twitter.com/adulau/status/536782811722956800)) +---- +http://www.reuters.com/article/2014/11/23/us-symantec-malware-regin-idUSKCN0J70SH20141123 "state-backed hackers in China or Russia may be responsible" Maybe Reuters need to change their press template... + +(Originally on Twitter: [Mon Nov 24 08:35:16 +0000 2014](https://twitter.com/adulau/status/536800205623287808)) +---- +RT @kafeine: Archie has code for CVE-2014-0569 +http://malware.dontneedcoffee.com/2014/10/cve-2014-0569.html +and CVE-2014-6332 cc/thx @node5 +http://malware.dontneedcoffee.com/2014/11/cve-2014-6332.html http://t.co/W… + +(Originally on Twitter: [Mon Nov 24 08:55:00 +0000 2014](https://twitter.com/adulau/status/536805168332156928)) +---- +RT @lucaderi: ntop supports the Kickstarter project LUNA (https://www.kickstarter.com/projects/wawtechnologies/luna-little-universal-network-appliance) for building a cheap ARM-based network device http://t.c… + +(Originally on Twitter: [Mon Nov 24 11:24:04 +0000 2014](https://twitter.com/adulau/status/536842685349646336)) +---- +RT @ClausHoumann: @adulau http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/why-cyber-defenders-care-about-attribution/#.VGYbEh5mL9s.twitter + +(Originally on Twitter: [Mon Nov 24 12:29:29 +0000 2014](https://twitter.com/adulau/status/536859147355324416)) +---- +@ClausHoumann Don't mix-up bunnies with "crowny" bald eagles, it might end-up in a battle of poultry. http://cryptome.org/2013/10/nsa-hosts-fr-spies.pdf @pinkflawd + +(Originally on Twitter: [Mon Nov 24 13:15:01 +0000 2014](https://twitter.com/adulau/status/536870606432919552)) +---- +@Electrabel Plus il y a de logiciels dans les maisons (et ailleurs), plus la surface d'attaque est grande... @lapremiere + +(Originally on Twitter: [Mon Nov 24 13:39:35 +0000 2014](https://twitter.com/adulau/status/536876786727264257)) +---- +RT @mikko: Curious why GCHQ & NSA are interested in hacking GRX (GPRS Roaming Exchanges)? See these 2011 slides by @philpraxis: https://t.c… + +(Originally on Twitter: [Tue Nov 25 09:30:09 +0000 2014](https://twitter.com/adulau/status/537176404639907840)) +---- +RT @pinkflawd: Now.. as everyone is about breaking the spy malware stories, would someone share that AnimalFarm story? With the french stri… + +(Originally on Twitter: [Tue Nov 25 09:35:05 +0000 2014](https://twitter.com/adulau/status/537177645096898560)) +---- +RT @circl_lu: Check your logs if you see connections with 103.41.124.0/24 -> http://bgpranking.circl.lu/asn_details?date=;source=;asn=63854;ip_details=103.41.124.0/24 + +(Originally on Twitter: [Tue Nov 25 10:02:17 +0000 2014](https://twitter.com/adulau/status/537184490540777472)) +---- +It seems @daveaitel developed INNUENDO https://lists.immunityinc.com/pipermail/dailydave/2014-November/000814.html and he claims that is much better than #Regin ... Experience is key. + +(Originally on Twitter: [Tue Nov 25 11:08:36 +0000 2014](https://twitter.com/adulau/status/537201178413899776)) +---- +RT @Viss: "human capabilities > magic box" + +http://2014.hack.lu/archive/2014/hacklu-joker-presentation.pdf + +(Originally on Twitter: [Tue Nov 25 11:13:17 +0000 2014](https://twitter.com/adulau/status/537202357302743040)) +---- +@H_Miser grep -v "^$" ;-) + +(Originally on Twitter: [Tue Nov 25 15:28:41 +0000 2014](https://twitter.com/adulau/status/537266633061179392)) +---- +RT @sleepya_: My work on CVE-2014-6332 https://gist.github.com/worawit/77a839e3e5ca50916903 https://gist.github.com/worawit/1213febe36aa8331e092 + +(Originally on Twitter: [Tue Nov 25 19:04:38 +0000 2014](https://twitter.com/adulau/status/537320975113916417)) +---- +Reading "A Scalable Search Index for Binary Files" wondering if someone did a real implementation of inverted n-gram index for binary files. + +(Originally on Twitter: [Tue Nov 25 19:12:56 +0000 2014](https://twitter.com/adulau/status/537323067211776000)) +---- +@pmbureau Thanks for the hint. I don't want to write one from scratch but I might be forced to do one if there is none publicly available. + +(Originally on Twitter: [Tue Nov 25 22:02:35 +0000 2014](https://twitter.com/adulau/status/537365760587603969)) +---- +RT @decalage2: olefile 0.41: can open OLE files stored in strings, fixed installer for py3, added support for Jython http://decalage.info/olefile + +(Originally on Twitter: [Tue Nov 25 22:11:40 +0000 2014](https://twitter.com/adulau/status/537368043425644544)) +---- +RT @circl_lu: TR-23 Analysis NetWiredRC malware updated including @PaloAltoNtwks network decrypting tool and recommendations added http://t… + +(Originally on Twitter: [Wed Nov 26 08:18:56 +0000 2014](https://twitter.com/adulau/status/537520868449341440)) +---- +RT @circl_lu: People ask us for Regin successor detection, the best until now is to read your logs and the crash dumps of your machines. #… + +(Originally on Twitter: [Wed Nov 26 10:22:00 +0000 2014](https://twitter.com/adulau/status/537551840326742016)) +---- +RT @cryptoron: Now finally people can understand the shirts we made last year. #regin ![](media/537551855828860928-B3W9TWjCQAA4aqq.jpg) + +(Originally on Twitter: [Wed Nov 26 10:22:04 +0000 2014](https://twitter.com/adulau/status/537551855828860928)) +---- +@vincib Looks interesting. What's the risk to run a node? Can the node be abused? @Searx_engine + +(Originally on Twitter: [Wed Nov 26 20:57:09 +0000 2014](https://twitter.com/adulau/status/537711681741131776)) +---- +@electrospaces Maybe because they also tap at the Teleport land lines? But without more information than the names, it's difficult. @e3i5 + +(Originally on Twitter: [Wed Nov 26 21:31:38 +0000 2014](https://twitter.com/adulau/status/537720357507956738)) +---- +My colleague @SteveClement showed me a flash memory board with dynamic correction (NMO)... the whole nmo could act as an antenna... tempest? + +(Originally on Twitter: [Thu Nov 27 07:36:32 +0000 2014](https://twitter.com/adulau/status/537872585070243840)) +---- +RT @circl_lu: Hack.lu - 10 years of success and 2015 edition announced @hack_lu http://www.circl.lu/pub/press/20141126/ + +(Originally on Twitter: [Thu Nov 27 09:28:46 +0000 2014](https://twitter.com/adulau/status/537900830650011648)) +---- +Thank you for the prompt fix in python-gnupg + @isislovecruft + +(Originally on Twitter: [Thu Nov 27 09:35:23 +0000 2014](https://twitter.com/adulau/status/537902494719164416)) +---- +@ClausHoumann Sure, DM me. + +(Originally on Twitter: [Thu Nov 27 19:38:54 +0000 2014](https://twitter.com/adulau/status/538054374279630851)) +---- +@CecileDuflot Et l'urbanisme... destructions des haies et arbres, diminution des zones vertes et inondables... @BenoitBerthe @le_Parisien + +(Originally on Twitter: [Sat Nov 29 07:56:38 +0000 2014](https://twitter.com/adulau/status/538602418746167296)) +---- +@r00tbsd Wondering where all the local Orval beers are going to... now we know ;-) + +(Originally on Twitter: [Sun Nov 30 07:56:56 +0000 2014](https://twitter.com/adulau/status/538964883241705472)) +---- +@MarioVilas Nice idea. Against traffic analysis... and with some honeytoken URLs? to see if someone read your conversations. @ConchaCodan + +(Originally on Twitter: [Sun Nov 30 12:58:47 +0000 2014](https://twitter.com/adulau/status/539040845555830784)) +---- +Focus is overrated (in photography) https://www.flickr.com/photos/adulau/15914676205/ but underrated in malware analysis... + +(Originally on Twitter: [Sun Nov 30 16:40:47 +0000 2014](https://twitter.com/adulau/status/539096716948283393)) +---- +@DidierStevens Real potatoes... impressive. You should share the location ;-) + +(Originally on Twitter: [Sun Nov 30 16:57:04 +0000 2014](https://twitter.com/adulau/status/539100811973120001)) +---- +RT @circl_lu: Evil 32: Check Your GPG Fingerprints https://evil32.com/ - Stop using 32bit key ids + +(Originally on Twitter: [Mon Dec 01 15:58:57 +0000 2014](https://twitter.com/adulau/status/539448576766930945)) +---- +Donc je vais pouvoir ajouter 4 jours gratuits à mon abonnement de train @SNCB puisque le service n'est pas disponible régulièrement. + +(Originally on Twitter: [Mon Dec 01 16:04:29 +0000 2014](https://twitter.com/adulau/status/539449966251745280)) +---- +You want to test your malware sandboxes -> a Test suite for bypassing Malware sandboxes. https://github.com/Th4nat0s/No_Sandboxes by @__Thanat0s__ + +(Originally on Twitter: [Tue Dec 02 12:58:08 +0000 2014](https://twitter.com/adulau/status/539765458367696896)) +---- +Graphs have always missing scale, it seems to be a mathematics law. At least in presentations... #botconf + +(Originally on Twitter: [Wed Dec 03 10:22:15 +0000 2014](https://twitter.com/adulau/status/540088617746829313)) +---- +@bortzmeyer @xme We miss the statistics for the increased profits of the fake AV market at the same time. @pbeyssac #botconf + +(Originally on Twitter: [Wed Dec 03 10:27:12 +0000 2014](https://twitter.com/adulau/status/540089865397096449)) +---- +@bortzmeyer "A Closer Look at Cryptolocker's DGA" http://blog.fortinet.com/post/a-closer-look-at-cryptolocker-s-dga + +(Originally on Twitter: [Wed Dec 03 10:31:38 +0000 2014](https://twitter.com/adulau/status/540090978678620160)) +---- +RT @bortzmeyer: Idea for a future DoS : release malware with an easy DGA, and watch important domains being blocked by takedown cow-boys...… + +(Originally on Twitter: [Wed Dec 03 10:34:35 +0000 2014](https://twitter.com/adulau/status/540091719539515393)) +---- +Registar of Last-Resort for sink-holed domains looks nice in theory... #botconf + +(Originally on Twitter: [Wed Dec 03 10:54:22 +0000 2014](https://twitter.com/adulau/status/540096701097582592)) +---- +RT @xme: 52 users infected by #HavexRat in Belgium… #botconf + +(Originally on Twitter: [Wed Dec 03 13:10:17 +0000 2014](https://twitter.com/adulau/status/540130904019316736)) +---- +"grep sed awk and splunk" find the error #botconf + +(Originally on Twitter: [Wed Dec 03 13:16:07 +0000 2014](https://twitter.com/adulau/status/540132372034093056)) +---- +Yeah! Finally a graph in a slide with proper axis and scale. #botconf + +(Originally on Twitter: [Wed Dec 03 14:17:44 +0000 2014](https://twitter.com/adulau/status/540147880661880832)) +---- +For the photographers at #botconf (and maybe the ones holding a rubik's cube too), any photo-walk foreseen for tonight? + +(Originally on Twitter: [Wed Dec 03 15:14:27 +0000 2014](https://twitter.com/adulau/status/540162151500226560)) +---- +RT @bortzmeyer: False positives in sinkholes: Googlebot, other researchers visiting manually, bots trying to crack your C&C panel... #Botco… + +(Originally on Twitter: [Wed Dec 03 15:23:11 +0000 2014](https://twitter.com/adulau/status/540164349764325376)) +---- +@macteca proposed to install his "chat" program on every single computers in the world.... + +(Originally on Twitter: [Wed Dec 03 16:18:35 +0000 2014](https://twitter.com/adulau/status/540178293279182848)) +---- +@H_Miser I don't know why you classify it as a troll. It's a real legal case and there are many evidences. https://firstlook.org/theintercept/2014/11/24/secret-regin-malware-belgacom-nsa-gchq/ + +(Originally on Twitter: [Wed Dec 03 16:37:26 +0000 2014](https://twitter.com/adulau/status/540183035191492609)) +---- +TLP:RAINBOW is now on Wikipedia http://en.wikipedia.org/wiki/Traffic_Light_Protocol #botconf @r00tbsd + +(Originally on Twitter: [Thu Dec 04 08:08:32 +0000 2014](https://twitter.com/adulau/status/540417355818741760)) +---- +RT @bortzmeyer: "Do not use WinDBG on your laptop in a plane. You may scare other people." #Botconf + +(Originally on Twitter: [Thu Dec 04 08:12:43 +0000 2014](https://twitter.com/adulau/status/540418406227668993)) +---- +Following the talk of @r00tbsd at #botconf about WinDBG, it seems that compiling all the 63 WinDBG cheat sheets might be useful. + +(Originally on Twitter: [Thu Dec 04 08:32:57 +0000 2014](https://twitter.com/adulau/status/540423498922209280)) +---- +Seeing OpenX in a slide from Google about adFraud reminds me of some past vulnerabilities and incidents http://cve.circl.lu/browse/openx #botconf + +(Originally on Twitter: [Thu Dec 04 10:29:10 +0000 2014](https://twitter.com/adulau/status/540452747150372864)) +---- +Can someone at #botconf read the vertical text on the left in the slides of #airbus? It's maybe an ex-filtration channel via presentation... + +(Originally on Twitter: [Thu Dec 04 12:47:16 +0000 2014](https://twitter.com/adulau/status/540487501040091136)) +---- +@jmichel_p You should use the default legal phrasing as a cover channel. Now we know why the default signature are so huge. @cedricpernet + +(Originally on Twitter: [Thu Dec 04 12:54:20 +0000 2014](https://twitter.com/adulau/status/540489277558489088)) +---- +Not sharing is always a gain for the attackers. #botconf + +(Originally on Twitter: [Thu Dec 04 13:24:19 +0000 2014](https://twitter.com/adulau/status/540496824260632576)) +---- +@H_Miser It depends... sometime it's your only way to pass a message to the attackers by sharing it publicly. + +(Originally on Twitter: [Thu Dec 04 13:27:42 +0000 2014](https://twitter.com/adulau/status/540497675398172672)) +---- +@moo_pronto @xme Great. We will add in the feed of http://bgpranking.circl.lu/ Thanks for sharing + +(Originally on Twitter: [Thu Dec 04 13:29:49 +0000 2014](https://twitter.com/adulau/status/540498207089115136)) +---- +An interesting tool to monitor ssh brute-forcer https://github.com/pronto/SSH-Ranking and provides a ranking scheme. + +(Originally on Twitter: [Thu Dec 04 13:33:29 +0000 2014](https://twitter.com/adulau/status/540499132579053568)) +---- +@_saadk Trust group -> a bunch of people sharing the same objectives. @H_Miser + +(Originally on Twitter: [Thu Dec 04 13:40:24 +0000 2014](https://twitter.com/adulau/status/540500873609502721)) +---- +RT @_c_o_n_t_a_c_t_: #Botconf14 #botconf +Find the jump.... Extracted from the great talk of Paul Jung : 'bypassing sandboxes for fun' http… + +(Originally on Twitter: [Thu Dec 04 14:59:10 +0000 2014](https://twitter.com/adulau/status/540520694548025345)) +---- +RT @circl_lu: We still have some open internships for students in 2015 https://www.circl.lu/projects/internships/ #botconf - feel free to apply + +(Originally on Twitter: [Thu Dec 04 15:02:27 +0000 2014](https://twitter.com/adulau/status/540521519945097217)) +---- +You can parallelize your Python script @c_APT_ure using GNU Parallel out-of-the-box http://www.gnu.org/software/parallel/ #botconf + +(Originally on Twitter: [Thu Dec 04 17:09:17 +0000 2014](https://twitter.com/adulau/status/540553437390602240)) +---- +@g4l4drim Knowing @xme social activity, I suppose the y-axis is at a scale of a 2^64 events per day.... + +(Originally on Twitter: [Fri Dec 05 14:12:46 +0000 2014](https://twitter.com/adulau/status/540871405425160192)) +---- +RT @cedricpernet: Thank you @botconf organizers for this event. Best ever event in France :) + +(Originally on Twitter: [Fri Dec 05 14:14:56 +0000 2014](https://twitter.com/adulau/status/540871952236560384)) +---- +It seems that any where I'm going by train, the strikes on railways are following me. + +(Originally on Twitter: [Fri Dec 05 14:46:07 +0000 2014](https://twitter.com/adulau/status/540879799590604800)) +---- +RT @ioerror: Security tip to journalists attending #LoganCIJ14: Stop using Skype. Don't use it for anything, ever. Especially not with sour… + +(Originally on Twitter: [Fri Dec 05 15:55:25 +0000 2014](https://twitter.com/adulau/status/540897235777896449)) +---- +@H_Miser Maybe something between Philip K. Dick and Ted Kaczynski? + +(Originally on Twitter: [Fri Dec 05 19:47:26 +0000 2014](https://twitter.com/adulau/status/540955626034462722)) +---- +@gaelcanal I was really glad to find people knowing Fravia and keeping his ideas alive and feeding the free society.... + +(Originally on Twitter: [Fri Dec 05 20:41:58 +0000 2014](https://twitter.com/adulau/status/540969350996692992)) +---- +RT @botherder: I'm getting reports that someone uploaded the malware from the Sony hack here https://malwr.com/analysis/MWZkZjU4Mjc1ZTNlNDQzN2FkOWFhNWI1NjNmYjk0Nzc/ + +(Originally on Twitter: [Fri Dec 05 21:33:19 +0000 2014](https://twitter.com/adulau/status/540982271843778562)) +---- +Photowalk during #botconf - Night lights https://www.flickr.com/photos/adulau/15954540025/ #photography + +(Originally on Twitter: [Fri Dec 05 21:39:18 +0000 2014](https://twitter.com/adulau/status/540983776797814784)) +---- +RT @cbtadvisors: MT @ceptional: Elsevier profit 36%, Wiley 42%. How? By paying authors 0, charging taxpayers to read work they funded. http… + +(Originally on Twitter: [Sat Dec 06 18:07:07 +0000 2014](https://twitter.com/adulau/status/541292767688015872)) +---- +"Differential Analysis of Malware in Memory " based on @volatility https://github.com/504ensicsLabs/DAMM interesting ways to compare memory dumps. + +(Originally on Twitter: [Sat Dec 06 20:24:52 +0000 2014](https://twitter.com/adulau/status/541327436710154240)) +---- +I just published “Eavesdropping of Internet — What Can We Do? A Revolution?” https://medium.com/@adulau/eavesdropping-of-internet-what-can-we-do-a-revolution-eea128134584?source=tw-f7b49040f032-1417946568178 + +(Originally on Twitter: [Sun Dec 07 10:03:02 +0000 2014](https://twitter.com/adulau/status/541533332161318912)) +---- +I decided to publish https://medium.com/@adulau/eavesdropping-of-internet-what-can-we-do-a-revolution-eea128134584 after the legal talk of @kar1nekks at #botconf and the associated panel discussion + +(Originally on Twitter: [Sun Dec 07 11:06:41 +0000 2014](https://twitter.com/adulau/status/541549351345344512)) +---- +@quinnnorton The idea is to trigger a new equilibrium selection. @CyberSymphonic + +(Originally on Twitter: [Sun Dec 07 11:12:45 +0000 2014](https://twitter.com/adulau/status/541550877669343232)) +---- +@CyberSymphonic In this case, interception is promoted by the law itself under traditional "national security" cover. @quinnnorton + +(Originally on Twitter: [Sun Dec 07 11:23:27 +0000 2014](https://twitter.com/adulau/status/541553571150725120)) +---- +@CyberSymphonic Because harm is already done and the law (in this case) doesn't work. That's my argument for the shift. @quinnnorton + +(Originally on Twitter: [Sun Dec 07 11:26:45 +0000 2014](https://twitter.com/adulau/status/541554401073446912)) +---- +@quinnnorton Yes, I did (based on your excellent advice). I really enjoyed the reference 164 in chapter 6. It was 1998... @CyberSymphonic + +(Originally on Twitter: [Sun Dec 07 11:33:25 +0000 2014](https://twitter.com/adulau/status/541556078975406080)) +---- +RT @ClausHoumann: @addelindh @0xtero yea me too -> the @hack_lu motto printed on the agenda hinted at same desire for this discussion to be… + +(Originally on Twitter: [Sun Dec 07 13:14:56 +0000 2014](https://twitter.com/adulau/status/541581626967621632)) +---- +@jeromegautheret Il devrait revoir le câblage avant de faire des bénédictions... @H_Miser @BankableInsight + +(Originally on Twitter: [Sun Dec 07 13:15:55 +0000 2014](https://twitter.com/adulau/status/541581874536382464)) +---- +just published "Photography is not only a matter of cameras" http://www.foo.be/photoblog/posts/photography-is-not-only-a-matter-of-cameras.html #photography + +(Originally on Twitter: [Sun Dec 07 13:58:46 +0000 2014](https://twitter.com/adulau/status/541592656896614400)) +---- +@Arcadian_O Is the list publicly available? @manhack + +(Originally on Twitter: [Sun Dec 07 14:23:34 +0000 2014](https://twitter.com/adulau/status/541598897815445504)) +---- +RT @plicplic: Contre les Etats espions, ce ne sont pas de lois dont nous avons besoin mais de cryptographie, explique @adulau https://t.co/… + +(Originally on Twitter: [Sun Dec 07 19:10:32 +0000 2014](https://twitter.com/adulau/status/541671117304635392)) +---- +@Gizmodo @Yaogwai We knew that was @thegrugq ;-) + +(Originally on Twitter: [Sun Dec 07 19:33:19 +0000 2014](https://twitter.com/adulau/status/541676849982877699)) +---- +RT @piotrkijewski: "DRAKVUF is an agentless dynamic malware analysis system built on Xen, LibVMI, Volatility and Rekall." http://t.co/QBgjl… + +(Originally on Twitter: [Sun Dec 07 19:38:45 +0000 2014](https://twitter.com/adulau/status/541678216633913344)) +---- +RT @thorsheim: Elaine is pretty clear about biometric authentication: It's a train wreck. +#passwords14 ![](media/541978533959307264-B4V8psTIIAEaoxg.jpg) + +(Originally on Twitter: [Mon Dec 08 15:32:06 +0000 2014](https://twitter.com/adulau/status/541978533959307264)) +---- +Another picture during the #botconf photowalk, walking in Nancy https://www.flickr.com/photos/adulau/15790369730/ #sooc #photography + +(Originally on Twitter: [Mon Dec 08 19:16:56 +0000 2014](https://twitter.com/adulau/status/542035114931544064)) +---- +@librarythingtim It's part of his work. I assume you read "H. P. Lovecraft: Against the World, Against Life" from Michel Houellebecq. + +(Originally on Twitter: [Mon Dec 08 19:26:33 +0000 2014](https://twitter.com/adulau/status/542037534667440128)) +---- +RT @veorq: PHC finalists: +Argon +battcrypt +Catena +Lyra2 +Makwa +Parallel +POMELO +Pufferfish +yescrypt +#pwdhc https://password-hashing.net/candidates.html + +(Originally on Twitter: [Mon Dec 08 19:32:41 +0000 2014](https://twitter.com/adulau/status/542039078313943040)) +---- +Nowadays everything is a RAT... + +(Originally on Twitter: [Tue Dec 09 10:45:21 +0000 2014](https://twitter.com/adulau/status/542268759944474624)) +---- +@pinkflawd So it seems for @McAfee that #Regin is RAT but they forgot to add the PANDAs + +(Originally on Twitter: [Tue Dec 09 10:59:34 +0000 2014](https://twitter.com/adulau/status/542272337702559745)) +---- +RT @circl_lu: Thanks to @Securelist to mention our work on Turla - Snake http://securelist.com/blog/research/67962/the-penquin-turla-2/ - http://www.circl.lu/pub/tr-25/ + +(Originally on Twitter: [Tue Dec 09 13:54:29 +0000 2014](https://twitter.com/adulau/status/542316354008023042)) +---- +RT @thorsheim: I take it you are watching @solardiz, here are the benchmark numbers. ![](media/542323115964268544-B4awDcjIcAEV4S5.jpg) + +(Originally on Twitter: [Tue Dec 09 14:21:21 +0000 2014](https://twitter.com/adulau/status/542323115964268544)) +---- +RT @rafi0t: .@digicert Is VT slow, or you did not pub your CRL since last week? because the cert was not seen as revoked 3h ago. http://t.c… + +(Originally on Twitter: [Wed Dec 10 08:27:00 +0000 2014](https://twitter.com/adulau/status/542596330179543040)) +---- +Maybe you want to revoke SN: 0F4D188192318D28510FC886CBB855E6 and 03FEF100DDE41DEB84E1BED4FFF9C717 @digicert + +(Originally on Twitter: [Wed Dec 10 08:32:48 +0000 2014](https://twitter.com/adulau/status/542597786802585600)) +---- +@thorsheim Concerning PassCue - "Design and Analysis of a Password +Management System" http://www.diva-portal.org/smash/get/diva2:745182/FULLTEXT01.pdf @NTNU + +(Originally on Twitter: [Wed Dec 10 08:49:56 +0000 2014](https://twitter.com/adulau/status/542602100002533376)) +---- +RT @xme: PuttyRider: a DLL injection tool for sniffing & sending commands into #Putty sessions https://github.com/seastorm/PuttyRider + +(Originally on Twitter: [Wed Dec 10 09:17:38 +0000 2014](https://twitter.com/adulau/status/542609073527873536)) +---- +RT @circl_lu: The Inception Framework: Cloud-hosted APT report by @BlueCoat https://www.bluecoat.com/documents/download/638d602b-70f4-4644-aaad-b80e1426aad4/d5c87163-e068-440f-b89e-e40b2f8d2088 Thanks for the acknowledgement + +(Originally on Twitter: [Wed Dec 10 10:23:53 +0000 2014](https://twitter.com/adulau/status/542625745542340608)) +---- +RT @circl_lu: APT Naming Duplicate: "Cloud Atlas" at @securelist is named "Inception Framework" at @bluecoat + +(Originally on Twitter: [Wed Dec 10 10:51:07 +0000 2014](https://twitter.com/adulau/status/542632597634183168)) +---- +@ncaproni @r00tbsd Pour rassurer @cedricpernet - Kebab est partout avec le même nom, ce n'est pas comme les APTs ou les malware. + +(Originally on Twitter: [Wed Dec 10 10:55:18 +0000 2014](https://twitter.com/adulau/status/542633651524337664)) +---- +RT @circl_lu: New indicators for #Regin and Inception Framework added in @circl_lu MISP http://www.circl.lu/services/misp-malware-information-sharing-platform/ ![](media/542679228429656064-B4f7SC7CQAIZAEo.png) + +(Originally on Twitter: [Wed Dec 10 13:56:25 +0000 2014](https://twitter.com/adulau/status/542679228429656064)) +---- +@flavmartins Nothing to do with the recent Sony key compromised. Those are used for malicious/adware installers. @saprand + +(Originally on Twitter: [Wed Dec 10 19:47:52 +0000 2014](https://twitter.com/adulau/status/542767673810354177)) +---- +Hey @NakedSecurity ? So you advise people who choose freely the @creativecommons to put back their work in a propriety license... wtf. + +(Originally on Twitter: [Wed Dec 10 20:21:19 +0000 2014](https://twitter.com/adulau/status/542776091564605441)) +---- +RT @xme: Nice increase of hits to my SSH honeypots! Did you see the same with yours? (Note to @adulau, the scale is 0-800 :-) http://t.co/K… + +(Originally on Twitter: [Thu Dec 11 07:42:30 +0000 2014](https://twitter.com/adulau/status/542947517877747712)) +---- +RT @jruariveiro: @xme @adulau Seems it was a massive scan from Hong Kong, same here. + +(Originally on Twitter: [Thu Dec 11 07:42:50 +0000 2014](https://twitter.com/adulau/status/542947603206656000)) +---- +RT @Susmab: @xme @adulau check this out : https://isc.sans.edu/forums/diary/Odd+new+ssh+scanning+possibly+for+D-Link+devices/19055 (could be related) + +(Originally on Twitter: [Thu Dec 11 10:22:48 +0000 2014](https://twitter.com/adulau/status/542987860350349312)) +---- +I don't like while preparing forensic images for the tomorrow course discovering malware that was not discovered at the first session... + +(Originally on Twitter: [Fri Dec 12 21:12:01 +0000 2014](https://twitter.com/adulau/status/543513627098357760)) +---- +RT @circl_lu: The Inception Framework - Cloud-Hosted Targeted Malware Framework. http://www.circl.lu/pub/press/20141211/ + +(Originally on Twitter: [Fri Dec 12 21:49:21 +0000 2014](https://twitter.com/adulau/status/543523021638864897)) +---- +"Globalement, la sécurité des objets est restée à un stade pré-Internet." http://www.bortzmeyer.org/7397.html par @bortzmeyer + +(Originally on Twitter: [Sat Dec 13 15:09:44 +0000 2014](https://twitter.com/adulau/status/543784843566649345)) +---- +It looks like that some IMSI catchers or fake BTS are discovered by the same people who put them in production. Reflective security? + +(Originally on Twitter: [Sat Dec 13 15:20:19 +0000 2014](https://twitter.com/adulau/status/543787507444613122)) +---- +@ITSecurityguard @xme Indeed the 103.41.124.0/24 is going wild -> http://bgpranking.circl.lu/asn_details?asn=63854;ip_details=103.41.124.0/24 cc @hongkongcert could you check ASAP? + +(Originally on Twitter: [Sun Dec 14 08:52:36 +0000 2014](https://twitter.com/adulau/status/544052324449394688)) +---- +@MalwareJake Sharing (via VT) is usually better than just holding the malware for years in a safe. + +(Originally on Twitter: [Mon Dec 15 08:55:00 +0000 2014](https://twitter.com/adulau/status/544415316949078016)) +---- +If you want to know the current state of the IDS and A/V industry - here is a good summary https://github.com/andrew-morris/stupid_malware/ + +(Originally on Twitter: [Mon Dec 15 09:53:49 +0000 2014](https://twitter.com/adulau/status/544430115539939328)) +---- +RT @7Elements: How not to use #2FA for #infosec: http://buff.ly/1BID75R ![](media/544765616469848064-B45TSkWIAAEDZ3y.png) + +(Originally on Twitter: [Tue Dec 16 08:06:58 +0000 2014](https://twitter.com/adulau/status/544765616469848064)) +---- +RT @it4sec: Every PUSH you take +Every MOV you make +Every INT you break, every RET you fake +I'll be watching you +#windbg + +(Originally on Twitter: [Tue Dec 16 15:11:20 +0000 2014](https://twitter.com/adulau/status/544872410995240961)) +---- +If @r00tbsd or someone else presents an overall analysis of Babar @hack_lu 2015... @nicolasbrulez @r00tbsd @pinkflawd @fredraynal @hack_lu + +(Originally on Twitter: [Tue Dec 16 15:44:35 +0000 2014](https://twitter.com/adulau/status/544880777931264000)) +---- +We will try to find a huge Babar doll for the speaker(s)... @nicolasbrulez @r00tbsd @pinkflawd @fredraynal @hack_lu + +(Originally on Twitter: [Tue Dec 16 15:45:32 +0000 2014](https://twitter.com/adulau/status/544881018109706240)) +---- +@r00tbsd If I find it, it will be shared. I cannot miss another funky costume... @nicolasbrulez @pinkflawd @fredraynal @hack_lu + +(Originally on Twitter: [Tue Dec 16 15:54:32 +0000 2014](https://twitter.com/adulau/status/544883282891243520)) +---- +Long exposure photo of the light painting tools done by @SteveClement for @Hack4Kids https://www.flickr.com/photos/adulau/15850943879/ #photography + +(Originally on Twitter: [Tue Dec 16 17:56:33 +0000 2014](https://twitter.com/adulau/status/544913989290188801)) +---- +@__Thanat0s__ @SteveClement @Hack4Kids We did two editions (one before @hack_lu) and one last Sunday. I suppose there will some more in 2015 + +(Originally on Twitter: [Wed Dec 17 08:14:09 +0000 2014](https://twitter.com/adulau/status/545129808888614913)) +---- +@ClausHoumann Sorry could you rephrase it? + +(Originally on Twitter: [Wed Dec 17 09:36:15 +0000 2014](https://twitter.com/adulau/status/545150470529224704)) +---- +@thomas_coseinc @matalaz @cBekrar @i0n1c If you are EU go to US and support the development. It's an intangible transfers of technology ITT + +(Originally on Twitter: [Wed Dec 17 10:29:44 +0000 2014](https://twitter.com/adulau/status/545163929669087232)) +---- +@thomas_coseinc @matalaz @cBekrar @i0n1c But the ITT definition at EU directive/council level is still a mess. http://www.eeas.europa.eu/non-proliferation-and-disarmament/arms-export-control/index_en.htm + +(Originally on Twitter: [Wed Dec 17 10:32:20 +0000 2014](https://twitter.com/adulau/status/545164587226918912)) +---- +Don't forget you always have "socat" in your toolbox to overcome the inner limitation of the broken netfilter. + +(Originally on Twitter: [Wed Dec 17 14:48:33 +0000 2014](https://twitter.com/adulau/status/545229064781721600)) +---- +RT @circl_lu: Thread Local Storage (TLS) implementation in the Linux kernel allows local users to bypass the espfix protection http://t.co/… + +(Originally on Twitter: [Wed Dec 17 14:59:07 +0000 2014](https://twitter.com/adulau/status/545231722548580355)) +---- +RT @circl_lu: Linux kernel does not properly handle faults associated with the SS segment register, local users can gain privileges http://… + +(Originally on Twitter: [Wed Dec 17 15:44:52 +0000 2014](https://twitter.com/adulau/status/545243238647738369)) +---- +"No impact was found to either of these systems." At least a good backdoor does not impact the system. https://www.icann.org/news/announcement-2-2014-12-16-en + +(Originally on Twitter: [Wed Dec 17 18:05:49 +0000 2014](https://twitter.com/adulau/status/545278706982604800)) +---- +@SteveClement Have you tried to make the shape like a rainbow? (half circle) + +(Originally on Twitter: [Wed Dec 17 20:58:03 +0000 2014](https://twitter.com/adulau/status/545322051930951681)) +---- +RT @doegox: Come on @travisgoodspeed ... http://www.nostarch.com/pythonforkids of course (and complete it with a MicroPython board) ![](media/545322290200997888-B5FcVs-CMAAoE08.jpg) + +(Originally on Twitter: [Wed Dec 17 20:59:00 +0000 2014](https://twitter.com/adulau/status/545322290200997888)) +---- +@ErrataRob Ali al-Naimi already foreseen to increase their production in 2012... http://www.haaretz.com/news/middle-east/iran-warns-gulf-countries-not-to-replace-its-oil-1.407404?localLinksEnabled=false + +(Originally on Twitter: [Wed Dec 17 21:04:15 +0000 2014](https://twitter.com/adulau/status/545323614527299586)) +---- +RT @cbrocas: @bortzmeyer as @xme remind us, cve search of @adulau may help you, Stéphane :) Alex talk about it @ RMLL : https://t.co/GwTLb3… + +(Originally on Twitter: [Fri Dec 19 14:26:37 +0000 2014](https://twitter.com/adulau/status/545948321538658304)) +---- +@cbrocas @bortzmeyer @xme Request, feedback and pull requests more than welcome https://github.com/adulau/cve-search + +(Originally on Twitter: [Fri Dec 19 14:28:08 +0000 2014](https://twitter.com/adulau/status/545948701609693184)) +---- +It seems that some people just discovered the @Verint SkyLock product line... but it's only the tip of the iceberg. + +(Originally on Twitter: [Sat Dec 20 16:07:16 +0000 2014](https://twitter.com/adulau/status/546336038520889344)) +---- +Sometime branches have nothing to do with git especially when there is a reflection... https://www.flickr.com/photos/adulau/16062076471/ #photography + +(Originally on Twitter: [Sat Dec 20 16:15:57 +0000 2014](https://twitter.com/adulau/status/546338222486593536)) +---- +Looking at the worldwide "cyber" attribution mess, @RevBillBlunden was so right.... + +(Originally on Twitter: [Sat Dec 20 16:30:06 +0000 2014](https://twitter.com/adulau/status/546341782397915136)) +---- +@aris_ada @Tris_Acatrinei @BFMTV @itele @FRANCE24 Pour résumer en 1 livre "Cyberwar, Threat Inflation, and the Malware-Industrial Complex" + +(Originally on Twitter: [Sat Dec 20 18:43:54 +0000 2014](https://twitter.com/adulau/status/546375454031376384)) +---- +"Je n'ai pas peur de la démocratie" dans Fragment #2 une belle description de la novlang politique @taziden + +(Originally on Twitter: [Sat Dec 20 21:08:51 +0000 2014](https://twitter.com/adulau/status/546411935533916160)) +---- +@knolinfos Il faut écouter https://soundcloud.com/phaune-radio/sets/fragments-hackes pour une belle démonstration de la novlang @taziden + +(Originally on Twitter: [Sat Dec 20 21:21:39 +0000 2014](https://twitter.com/adulau/status/546415155593371648)) +---- +RT @ErrataRob: ...and don't let AV vendors give you excuses: it usually arrives with a remote SMB command, not web browsers. + +(Originally on Twitter: [Sun Dec 21 08:59:22 +0000 2014](https://twitter.com/adulau/status/546590741817221121)) +---- +@Shiftreduce even the compiler? + +(Originally on Twitter: [Sun Dec 21 17:58:23 +0000 2014](https://twitter.com/adulau/status/546726387659603968)) +---- +RT @marciahofmann: @dinodaizovi but if the SPE hack *wasn't* NK & we treat it as a nat sec issue, does that mean every corporate hack becom… + +(Originally on Twitter: [Sun Dec 21 18:11:44 +0000 2014](https://twitter.com/adulau/status/546729749243248640)) +---- +@quinnnorton The time you read it and understand it, you'll get pwned. So it's not a quantifier, it's a pwnetifier. + +(Originally on Twitter: [Sun Dec 21 18:23:22 +0000 2014](https://twitter.com/adulau/status/546732675051298816)) +---- +RT @moltke: Some good tips in "Surviving Secondary" https://wikileaks.org/cia-travel/secondary-screening/WikiLeaks_CIA_Assessment_on_Surviving_Secondary_Screening.pdf ![](media/546747304968220672-B5Zpxj1CcAAtZn_.png) + +(Originally on Twitter: [Sun Dec 21 19:21:30 +0000 2014](https://twitter.com/adulau/status/546747304968220672)) +---- +"The Importance of Maintaining Cover––No Matter What (S//NF)" https://wikileaks.org/cia-travel/secondary-screening/WikiLeaks_CIA_Assessment_on_Surviving_Secondary_Screening.pdf + +(Originally on Twitter: [Sun Dec 21 19:37:06 +0000 2014](https://twitter.com/adulau/status/546751233793753088)) +---- +"[tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation" https://lists.torproject.org/pipermail/tor-talk/2014-December/036067.html + +(Originally on Twitter: [Sun Dec 21 20:52:01 +0000 2014](https://twitter.com/adulau/status/546770084770119680)) +---- +RT @circl_lu: Apple EFI Firmware Security Vulnerabilities https://trmm.net/EFI + +(Originally on Twitter: [Mon Dec 22 07:06:15 +0000 2014](https://twitter.com/adulau/status/546924663063212032)) +---- +RT @circl_lu: TR-29 - NTP (Network Time Protocol) daemon - ntpd - critical vulnerabilities http://www.circl.lu/pub/tr-29/ patch your ntpd! @ITOne_N… + +(Originally on Twitter: [Mon Dec 22 09:26:11 +0000 2014](https://twitter.com/adulau/status/546959876149489664)) +---- +RT @botherder: USG got their agenda on the spotlight distracting from their own hacking of corporates (Belgacom) and crimes of torture (con… + +(Originally on Twitter: [Tue Dec 23 21:59:55 +0000 2014](https://twitter.com/adulau/status/547511947340832768)) +---- +@botherder Happy FSM Holidays ;-) For the rest your tweet, It's unfortunately just the tip of the iceberg. @pinkflawd + +(Originally on Twitter: [Tue Dec 23 22:02:04 +0000 2014](https://twitter.com/adulau/status/547512488863207426)) +---- +"Dshell is a network forensic analysis framework" https://github.com/USArmyResearchLab/Dshell + +(Originally on Twitter: [Tue Dec 23 22:16:49 +0000 2014](https://twitter.com/adulau/status/547516199631093760)) +---- +RT @__Thanat0s__: @adulau @hack_lu HACK.LU stickers on french TV also ! :) 27:10 http://www.france5.fr/emissions/c-dans-l-air/videos/114197348?origin=ftvsite_homepage + +(Originally on Twitter: [Wed Dec 24 05:43:21 +0000 2014](https://twitter.com/adulau/status/547628577165172736)) +---- +RT @41414141: @ioerror what is @wikileaks reason to not release all Snowden files? I'm surely missing something you explained in some post.… + +(Originally on Twitter: [Wed Dec 24 08:06:01 +0000 2014](https://twitter.com/adulau/status/547664479467868160)) +---- +Just published - The Art of Not Showing http://www.foo.be/photoblog/posts/the-art-of-not-showing.html #photography + +(Originally on Twitter: [Wed Dec 24 19:23:36 +0000 2014](https://twitter.com/adulau/status/547835000046235648)) +---- +I just published “Watermarking or how to destroy your work” https://medium.com/@adulau/watermarking-or-how-to-destroy-your-work-f3a6287a3d11?source=tw-f7b49040f032-1419451416946 + +(Originally on Twitter: [Wed Dec 24 20:03:47 +0000 2014](https://twitter.com/adulau/status/547845110734417920)) +---- +@90n With watermarking, the photographer devalues their own works. My post is only about photography. Cheers + +(Originally on Twitter: [Wed Dec 24 20:28:07 +0000 2014](https://twitter.com/adulau/status/547851234158608385)) +---- +@90n So you want to make example "watermarking" with public domain photography to show by example? It's maybe a good idea. + +(Originally on Twitter: [Wed Dec 24 20:34:12 +0000 2014](https://twitter.com/adulau/status/547852764060352512)) +---- +Nice practical example from @90n of why watermarking is such a bad idea in photography https://medium.com/@adulau/watermarking-or-how-to-destroy-your-work-f3a6287a3d11 + +(Originally on Twitter: [Wed Dec 24 20:38:52 +0000 2014](https://twitter.com/adulau/status/547853939929264128)) +---- +@_Quack1 I think @90n wanted to be very gentle with the original work. Usually the watermarks are often less gentle ;-) + +(Originally on Twitter: [Wed Dec 24 20:40:45 +0000 2014](https://twitter.com/adulau/status/547854413378117633)) +---- +RT @solardiz: Sharing non-public vuln with an extra party (even if trusted and well-intentioned) _just_ for the purpose of obtaining a CVE … + +(Originally on Twitter: [Wed Dec 24 20:41:12 +0000 2014](https://twitter.com/adulau/status/547854526423007232)) +---- +RT @nono2357: rtl-entropy, an entropy/random number generator using #SDR peripherals, including rtl-sdr and BladeRF: https://github.com/pwarren/rtl-entropy + +(Originally on Twitter: [Wed Dec 24 20:55:37 +0000 2014](https://twitter.com/adulau/status/547858153124401152)) +---- +RT @alexanderjaeger: @adulau "The art of not showing" - actually I simply enjoy your shots! I think most people do not think about taking p… + +(Originally on Twitter: [Thu Dec 25 08:42:21 +0000 2014](https://twitter.com/adulau/status/548036010157015041)) +---- +RT @circl_lu: Bypassing Malware Scanning in Sophos UTM Web Protection http://noxxi.de/research/sophos-utm-webprotection-bypass.html + +(Originally on Twitter: [Fri Dec 26 14:20:17 +0000 2014](https://twitter.com/adulau/status/548483441822826497)) +---- +@historyepics @blackswanburst I'm tempted by the "Mental Excitement" but I couldn't find "Abusing Computer and Network Exploitation" ;-) + +(Originally on Twitter: [Fri Dec 26 14:24:47 +0000 2014](https://twitter.com/adulau/status/548484574825959424)) +---- +RT @rafi0t: You want to play with #CIRCLean / #KittenGroomer at #31C3? Ping me! https://lwn.net/Articles/626559/#Comments // @circl_lu + +(Originally on Twitter: [Sat Dec 27 15:04:48 +0000 2014](https://twitter.com/adulau/status/548857033139957760)) +---- +RT @bin3ry: After SS7 discl. a German NW operator monitored, then filtered these requests > attack traffic dropped 80%. Part is likely stat… + +(Originally on Twitter: [Sat Dec 27 16:48:30 +0000 2014](https://twitter.com/adulau/status/548883128493015041)) +---- +@addelindh They would need to explain the "bald eagle" capabilities but it's maybe counter productive for the malware industrial complex. + +(Originally on Twitter: [Sat Dec 27 16:54:26 +0000 2014](https://twitter.com/adulau/status/548884623171002369)) +---- +RT @xor: Good tip from #31c3 presenter @2b_as on mobile phone security in the face of new SS7 attacks: + +throw away phone + +(Originally on Twitter: [Sat Dec 27 16:59:34 +0000 2014](https://twitter.com/adulau/status/548885914232315904)) +---- +@manhack "... DGSE aurait accepté de laissé le GCHQ espionner?" Oui pour la simple raison que l'interception se fait souvent sans demande. + +(Originally on Twitter: [Sat Dec 27 17:19:19 +0000 2014](https://twitter.com/adulau/status/548890884511911937)) +---- +@manhack Si la DGSE n'est pas partenaire dans RAMPART-A. Un accès aux amplificateurs ou aux optiques est suffisant cf. Glimmerglass + +(Originally on Twitter: [Sat Dec 27 17:37:35 +0000 2014](https://twitter.com/adulau/status/548895481364246528)) +---- +RT @Fr333k: @Kaplan_CERTat but the solution to get the entire data set is here (HTML): https://t.co/EYtV4wMw2p + +(Originally on Twitter: [Sat Dec 27 21:54:27 +0000 2014](https://twitter.com/adulau/status/548960124187185152)) +---- +RT @i0n1c: There seems to be not a single talk at #31C3 about the new dual-use export list and its chilling effect on sec. research. #nomor… + +(Originally on Twitter: [Sun Dec 28 16:54:18 +0000 2014](https://twitter.com/adulau/status/549246977238892544)) +---- +@i0n1c Passive DNS https://www.circl.lu/services/passive-dns/ or https://www.dnsdb.info/ @jduck + +(Originally on Twitter: [Sun Dec 28 17:32:46 +0000 2014](https://twitter.com/adulau/status/549256658011291648)) +---- +@rafi0t Monitoring is everywhere. And the support analyst is today Mr. @alexanderjaeger ;-) cc @taziden + +(Originally on Twitter: [Sun Dec 28 17:43:23 +0000 2014](https://twitter.com/adulau/status/549259331171287041)) +---- +What's the format of the certificate in 20141222_certs (scans.io)? Is it DER encoded in Base64? or something else? thx @ioactive @repmovsb + +(Originally on Twitter: [Sun Dec 28 17:48:20 +0000 2014](https://twitter.com/adulau/status/549260576116199425)) +---- +@lennarthaagsma @IOActive @repmovsb @pzb Thank you. I just forgot the FP in front (grrr...) The DER decoding now works. + +(Originally on Twitter: [Sun Dec 28 17:58:57 +0000 2014](https://twitter.com/adulau/status/549263248269508608)) +---- +Wondering why Mitre didn't publish CVE-2013-4866 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4866 Because it's a toilet? ;-) http://packetstormsecurity.com/files/122655/LIXIL-Satis-Toilet-Hard-Coded-Bluetooth-PIN.html + +(Originally on Twitter: [Sun Dec 28 19:18:02 +0000 2014](https://twitter.com/adulau/status/549283150065827841)) +---- +So PGP still give some hassle to the NSA http://www.spiegel.de/media/media-35545.pdf curious about the parameters used for this specific PGP message. @ioerror + +(Originally on Twitter: [Sun Dec 28 19:44:34 +0000 2014](https://twitter.com/adulau/status/549289824616984576)) +---- +@Kaplan_CERTat Yes but having a view of what was the difficult stuff for NSA in 2012 still give a good overview on the capabilities. + +(Originally on Twitter: [Sun Dec 28 19:56:27 +0000 2014](https://twitter.com/adulau/status/549292816216891392)) +---- +Curious about GPU memory analysis "GPU Malware Research and the 2014 DFRWS Forensic Challenge" http://www.cs.uno.edu/~golden/gpu-malware-research.html + +(Originally on Twitter: [Sun Dec 28 20:32:50 +0000 2014](https://twitter.com/adulau/status/549301974324506625)) +---- +@JanGuth It depends on the definition of "political". I would be more fan of increasing the hacking of philosophy and society at large. + +(Originally on Twitter: [Sun Dec 28 20:40:52 +0000 2014](https://twitter.com/adulau/status/549303994490056704)) +---- +RT @davidecarroll: "stallman was right" #31c3 + +(Originally on Twitter: [Sun Dec 28 20:41:13 +0000 2014](https://twitter.com/adulau/status/549304081056288768)) +---- +@Kaplan_CERTat I think they tend to compartmentalize the crypto capabilities versus the CNE capabilities which render our analysis difficult + +(Originally on Twitter: [Sun Dec 28 20:43:46 +0000 2014](https://twitter.com/adulau/status/549304722843529216)) +---- +By the way, the Camellia recommendation (in @BetterCrypto) is still logical with the last documents released @Kaplan_CERTat + +(Originally on Twitter: [Sun Dec 28 20:52:27 +0000 2014](https://twitter.com/adulau/status/549306911074811904)) +---- +@veorq Or it's just the view from the CNE teams as the documents leaked don't contain any info about their crypto teams... @ErrataRob + +(Originally on Twitter: [Mon Dec 29 07:52:30 +0000 2014](https://twitter.com/adulau/status/549473016435195905)) +---- +@csoghoian But the interception is only possible with the FBI DITU so the target need to be known in advance via a FISA req? + +(Originally on Twitter: [Mon Dec 29 08:11:43 +0000 2014](https://twitter.com/adulau/status/549477853344329728)) +---- +@rechelon Is the talk transcript available somewhere? + +(Originally on Twitter: [Mon Dec 29 08:40:22 +0000 2014](https://twitter.com/adulau/status/549485061977174016)) +---- +RT @halvarflake: Given that an ancient version of Regin is on a USB stick in the Chancellors' office, someone may want to take a fine comb … + +(Originally on Twitter: [Mon Dec 29 10:07:56 +0000 2014](https://twitter.com/adulau/status/549507100091895808)) +---- +@veorq This how you spot that is a French couple and not a Belgian or a Swiss couple ;-) + +(Originally on Twitter: [Mon Dec 29 10:42:02 +0000 2014](https://twitter.com/adulau/status/549515681512030208)) +---- +What would be the overall cost of development for @gnupg to fully support Curve 25519 as a default curve? I would be pleased to fund a part. + +(Originally on Twitter: [Mon Dec 29 14:23:31 +0000 2014](https://twitter.com/adulau/status/549571418615447552)) +---- +@X_Cli Until now, the OIDs are hardcoded in RFC 6637 (section 11) but not part of IANA procedure http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml allocation @gnupg + +(Originally on Twitter: [Mon Dec 29 18:53:06 +0000 2014](https://twitter.com/adulau/status/549639260685733889)) +---- +@X_Cli FYI, there is already an I-D with the OID extension for Ed25519 http://www.ietf.org/id/draft-koch-eddsa-for-openpgp-01.txt @gnupg + +(Originally on Twitter: [Mon Dec 29 19:02:09 +0000 2014](https://twitter.com/adulau/status/549641540118003712)) +---- +@X_Cli Yes I'm familiar with the IETF process. But this I-D is in the correct pipe to be published ;-) @gnupg + +(Originally on Twitter: [Mon Dec 29 19:07:59 +0000 2014](https://twitter.com/adulau/status/549643006912262144)) +---- +@FredericJacobs During WTH 2005, we asked the question why not every Tor user is an exit node... now there is an incentive. @isislovecruft + +(Originally on Twitter: [Mon Dec 29 19:13:10 +0000 2014](https://twitter.com/adulau/status/549644311802159104)) +---- +@PaulM Mixing is often good... The risks of having a too limited set of exit nodes might be bigger. @FredericJacobs @isislovecruft + +(Originally on Twitter: [Mon Dec 29 19:46:31 +0000 2014](https://twitter.com/adulau/status/549652703950176256)) +---- +RT @veorq: slides of the #31c3 talk "NORX + CAESAR" with @Daeinar https://131002.net/data/talks/norx-31c3.html (6MB) + +(Originally on Twitter: [Mon Dec 29 20:18:33 +0000 2014](https://twitter.com/adulau/status/549660765985472515)) +---- +RT @hack_lu: Michael Hamelin, @hackerjoe will be missed. He helped us at various occasions. We will remember him as a great soul in the inf… + +(Originally on Twitter: [Mon Dec 29 20:43:17 +0000 2014](https://twitter.com/adulau/status/549666988604547074)) +---- +"This site requires JavaScript and Cookies to be enabled." Not really fine but especially bad for an URL hosting an official CRL from a CA. + +(Originally on Twitter: [Tue Dec 30 08:22:41 +0000 2014](https://twitter.com/adulau/status/549843002001481728)) +---- +@lennarthaagsma yep, crl-monitor https://github.com/adulau/crl-monitor it's still at the early stage but a working system will be available very soon. + +(Originally on Twitter: [Tue Dec 30 18:34:47 +0000 2014](https://twitter.com/adulau/status/549997038977699841)) +---- +@cBekrar The definition is a bit confuse. "avoid detection by ‘monitoring tools’" and point (a) is basically describing a monitoring tool. + +(Originally on Twitter: [Tue Dec 30 20:45:34 +0000 2014](https://twitter.com/adulau/status/550029953694461953)) +---- +Looking at this Dante’s Divine Comedy illustration, it reminds me of a recent forensic carving on a filesystem... ![](media/550037793632956416-B6IgdTmIcAIUcnx.jpg) + +(Originally on Twitter: [Tue Dec 30 21:16:43 +0000 2014](https://twitter.com/adulau/status/550037793632956416)) +---- +RT @circl_lu: @jnazario If you need BGP Ranking dumps of the historical data, don't hesitate to contact us. + +(Originally on Twitter: [Wed Dec 31 07:59:03 +0000 2014](https://twitter.com/adulau/status/550199440838262784)) +---- +RT @torproject: #Tor developer @nickm_tor offers thoughts on hidden services https://blog.torproject.org/blog/some-thoughts-hidden-services #anonymity + +(Originally on Twitter: [Wed Dec 31 14:08:02 +0000 2014](https://twitter.com/adulau/status/550292296483479554)) +---- +If you want to track RIM PlayBook devices. It's easy. They have SSL open and the Subject/CN of the certificate contains the MAC... + +(Originally on Twitter: [Thu Jan 01 15:41:33 +0000 2015](https://twitter.com/adulau/status/550678220669202434)) +---- +Beside the overall insecurity of Internet, I wish you a happy new year. Enjoy life and discover new things. https://www.flickr.com/photos/adulau/16164635995/ + +(Originally on Twitter: [Thu Jan 01 16:15:11 +0000 2015](https://twitter.com/adulau/status/550686685101821953)) +---- +A very wise advise from @paulvixie http://www.redbarn.org/node/23 now I'm waiting for his next blog post "go static or go home" ;-) + +(Originally on Twitter: [Thu Jan 01 16:43:44 +0000 2015](https://twitter.com/adulau/status/550693868715667456)) +---- +@tkeetch In the last scan (5 days ago), it's 10736 unique MAC. So I suppose they have to live with this "functionality" among others. @jduck + +(Originally on Twitter: [Thu Jan 01 17:53:27 +0000 2015](https://twitter.com/adulau/status/550711415326380032)) +---- +RT @rich0H: Did.. Did the airport in Paris just compel @k8em0 to decrypt her hard drive? + +(Originally on Twitter: [Fri Jan 02 10:07:43 +0000 2015](https://twitter.com/adulau/status/550956597267431424)) +---- +RT @pastebin: The gov in India has unblocked a couple of websites, NOT including Pastebin. We hope to be able to communicate... http://t.co… + +(Originally on Twitter: [Fri Jan 02 10:49:27 +0000 2015](https://twitter.com/adulau/status/550967099221622784)) +---- +@Skhaen ARCFOUR (in SecSH/SSH) is standard RC4-128. But I would be careful in the key exchange method used (-> KexAlgorithms) in SSH. + +(Originally on Twitter: [Fri Jan 02 11:38:07 +0000 2015](https://twitter.com/adulau/status/550979345792385024)) +---- +@zataz Cela serait bien d'informer le @CERTAFr @Damien_Bancal + +(Originally on Twitter: [Fri Jan 02 11:49:54 +0000 2015](https://twitter.com/adulau/status/550982311299543040)) +---- +@zataz @zataz Si tu as déjà notifié les entreprises avant Twitter c'est bon alors ;-) @CERTAFr @Damien_Bancal + +(Originally on Twitter: [Fri Jan 02 11:56:32 +0000 2015](https://twitter.com/adulau/status/550983979219046400)) +---- +RT @rafi0t: .@lycamobile user, wanna use data from a device? set the default TTL to 100: sysctl -w net.ipv4.ip_default_ttl=100 + +(Originally on Twitter: [Fri Jan 02 11:57:09 +0000 2015](https://twitter.com/adulau/status/550984134160842752)) +---- +@jeancreed1 Je ne suis pas surpris. Ils ont reçu une belle série de notifications pour plein de trucs... mais ne réagissent pas. Je relance. + +(Originally on Twitter: [Fri Jan 02 12:04:13 +0000 2015](https://twitter.com/adulau/status/550985915800518658)) +---- +RT @circl_lu: Multiple vulnerabilities in GPG2 http://www.openwall.com/lists/oss-security/2014/12/29/8 + +(Originally on Twitter: [Fri Jan 02 12:30:42 +0000 2015](https://twitter.com/adulau/status/550992580658606081)) +---- +First release of X.509 Subject cache https://github.com/adulau/crl-monitor/tree/master#x509-subject-cache you can query a subnet to see all known X.509 certs @lennarthaagsma + +(Originally on Twitter: [Fri Jan 02 16:26:45 +0000 2015](https://twitter.com/adulau/status/551051982681964545)) +---- +A big hug and #FF for the people behind scans.io @rapid7 @repmovsb @hdmoore and the zmap.io team at @umich + +(Originally on Twitter: [Fri Jan 02 17:18:37 +0000 2015](https://twitter.com/adulau/status/551065035137896450)) +---- +"XPIRe allows a user to privately download an element from a database" https://github.com/XPIRe-team/XPIRe + +(Originally on Twitter: [Fri Jan 02 17:35:54 +0000 2015](https://twitter.com/adulau/status/551069383951659008)) +---- +@matonis @circl_lu @lennarthaagsma Thank you. I might come soon with a public REST API where everyone could do a look per subnet/IP. + +(Originally on Twitter: [Fri Jan 02 18:17:28 +0000 2015](https://twitter.com/adulau/status/551079845879619584)) +---- +@swisstengu Ce n'est pas vraiment comparable. L'objectif de Forban c'est juste une expérimentation sur le p2p local. @Giribot + +(Originally on Twitter: [Fri Jan 02 22:58:09 +0000 2015](https://twitter.com/adulau/status/551150483231232000)) +---- +@swisstengu Oui, c'est purement local. Maintenant cela reste une implémentation expérimentale. Je suis preneur de contribs. @Giribot + +(Originally on Twitter: [Fri Jan 02 23:08:07 +0000 2015](https://twitter.com/adulau/status/551152992142249986)) +---- +@swisstengu Forban c'est simplement l'idée d'un protocole p2p local opportuniste pour dupliquer du contenu. Rien de plus ;-) @Giribot + +(Originally on Twitter: [Fri Jan 02 23:09:47 +0000 2015](https://twitter.com/adulau/status/551153410851209216)) +---- +@swisstengu Oui en effet, c’était l'objectif. La partie authentification HMAC/CMAC est tjs dans le pipe d'une branch dev. @Giribot + +(Originally on Twitter: [Fri Jan 02 23:12:11 +0000 2015](https://twitter.com/adulau/status/551154012062765057)) +---- +@swisstengu En effet, il te faut un réseau en layer-2 avec une stack IP qui fonctionne. @Giribot + +(Originally on Twitter: [Fri Jan 02 23:16:15 +0000 2015](https://twitter.com/adulau/status/551155036177596416)) +---- +RT @jkvester: Conpot 0.4.0 has been released - go get it and cover all your industrial honeypot needs! @ProjectHoneynet @glaslos @creolys + +(Originally on Twitter: [Sun Jan 04 10:44:37 +0000 2015](https://twitter.com/adulau/status/551690656457183232)) +---- +@r8r @belowring0 @sofaofthedamned @JanAlbrecht @rootkovska @k8em0 @i0n1c The best is to ask @MarietjeSchaake who was in favor of the change + +(Originally on Twitter: [Sun Jan 04 10:50:12 +0000 2015](https://twitter.com/adulau/status/551692064757252096)) +---- +"JS: EXE file infector in pure JavaScript" http://alive-green.blogspot.ru/2014/03/js-javascript.html + +(Originally on Twitter: [Sun Jan 04 11:26:05 +0000 2015](https://twitter.com/adulau/status/551701094204977152)) +---- +@fredraynal @MISCRedac "Agir est le seul moyen de voir le bout du tunnel, comme l'a dit Diana" I'm sure the @GCHQ_UK will enjoy ;-) + +(Originally on Twitter: [Sun Jan 04 15:24:07 +0000 2015](https://twitter.com/adulau/status/551760995463745537)) +---- +@manhack Connais-tu le nombre de demandes FBI au LE français? Comment un juge français peut-il savoir si c'est une requête légitime? + +(Originally on Twitter: [Sun Jan 04 15:35:29 +0000 2015](https://twitter.com/adulau/status/551763858415955970)) +---- +@manhack Oui, en effet. De plus, je me demande si un juge en Europe à la capacité de refuser une requête du FBI sur sa juridiction. + +(Originally on Twitter: [Sun Jan 04 15:47:19 +0000 2015](https://twitter.com/adulau/status/551766835071574016)) +---- +"Curious" about Intel Management Engine and Intel's Active Management Technology... http://me.bios.io/ a good start. + +(Originally on Twitter: [Sun Jan 04 15:54:07 +0000 2015](https://twitter.com/adulau/status/551768545122873345)) +---- +@manhack C'est assez régulier. Si j'ai un criminel US qui a utilisé par exemple une plateforme en France, le FBI fait une requête en FR. + +(Originally on Twitter: [Sun Jan 04 16:13:11 +0000 2015](https://twitter.com/adulau/status/551773344333578242)) +---- +@manhack Mais le juge ne peut pas facilement vérifier la requête (p.ex une requête via FISA) mais est obligé d'accepter la requête car + +(Originally on Twitter: [Sun Jan 04 16:14:17 +0000 2015](https://twitter.com/adulau/status/551773619840618496)) +---- +@manhack ses prochaines requêtes EU->US auraient tendances à ne pas aboutir. + +(Originally on Twitter: [Sun Jan 04 16:15:29 +0000 2015](https://twitter.com/adulau/status/551773923189465088)) +---- +@RenaudManda @manhack Cela n'a rien avoir. Une requête via Interpol/FBI peut se faire pour des serveurs non-US en Europe via le LE en EU. + +(Originally on Twitter: [Sun Jan 04 16:16:25 +0000 2015](https://twitter.com/adulau/status/551774159102308352)) +---- +@RenaudManda La contrainte est indirecte. Si le LE en FR désire faire une requête aux US. Mais qu'une requête US-FR est bloquée... @manhack + +(Originally on Twitter: [Sun Jan 04 16:31:58 +0000 2015](https://twitter.com/adulau/status/551778073658814465)) +---- +@RenaudManda Le cas ici est plus simple. C'est simplement une question de collaboration entre les LE de chaque pays. @manhack + +(Originally on Twitter: [Sun Jan 04 16:46:54 +0000 2015](https://twitter.com/adulau/status/551781829104398336)) +---- +@FIRSTdotOrg Is your CFP interface allow a co-author to edit a submission? It would be nifty. Thank you. @blackswanburst + +(Originally on Twitter: [Sun Jan 04 17:05:15 +0000 2015](https://twitter.com/adulau/status/551786449126064130)) +---- +"How Perfect Offline Wallets Can Still Leak Bitcoin Private Keys" http://arxiv.org/pdf/1501.00447v1.pdf #bitcoin #ecdsa + +(Originally on Twitter: [Tue Jan 06 05:31:32 +0000 2015](https://twitter.com/adulau/status/552336642934317057)) +---- +@aris_ada I think the point is mainly valid for unknown/untrusted BTC implementation but indeed that's more a general "code review" issue. + +(Originally on Twitter: [Tue Jan 06 09:37:44 +0000 2015](https://twitter.com/adulau/status/552398601855721472)) +---- +RT @DigiDefenders: Good piece by ao @botherder @houndbee : Technical Observations About Recent Internet #Censorship in #India http://t.co/… + +(Originally on Twitter: [Tue Jan 06 15:21:37 +0000 2015](https://twitter.com/adulau/status/552485141705424896)) +---- +@CERT_HK Could you have a look at this provider? as soon as possible http://bgpranking.circl.lu/asn_details?asn=63854;ip_details=103.41.124.0/24 + +(Originally on Twitter: [Wed Jan 07 20:00:23 +0000 2015](https://twitter.com/adulau/status/552917685500383232)) +---- +Using a pencil is really an act of bravery. Violence is for the cowards. #JeSuisCharlie + +(Originally on Twitter: [Wed Jan 07 21:03:08 +0000 2015](https://twitter.com/adulau/status/552933477759586304)) +---- +RT @circl_lu: OpenSSL Security Advisory [08 Jan 2015] https://mta.opensslfoundation.net/pipermail/openssl-announce/2015-January/000007.html + +(Originally on Twitter: [Thu Jan 08 16:17:37 +0000 2015](https://twitter.com/adulau/status/553224010159648768)) +---- +Major updates to cve-search including critical bug fixes https://github.com/adulau/cve-search Big thanks to @pidgeyL (and @xme) for the contributions + +(Originally on Twitter: [Fri Jan 09 21:44:59 +0000 2015](https://twitter.com/adulau/status/553668783777513473)) +---- +RT @circl_lu: New CIRCL Passive SSL historical database per IP address, service available on request http://www.circl.lu/services/passive-ssl/ + +(Originally on Twitter: [Fri Jan 09 21:55:22 +0000 2015](https://twitter.com/adulau/status/553671395973275649)) +---- +"NSA helped trace the Sony attacks back to NK" should be read "The NSA used the compromised Sony network for their Operational Relay Box" + +(Originally on Twitter: [Fri Jan 09 22:01:41 +0000 2015](https://twitter.com/adulau/status/553672986856001538)) +---- +@electrospaces End-2-end secured? or just up to the TDM switch... @Cryptomeorg + +(Originally on Twitter: [Sat Jan 10 19:59:05 +0000 2015](https://twitter.com/adulau/status/554004520620277760)) +---- +@electrospaces Interesting, so the phones used among FR and US are interoperable at the crypto level. + +(Originally on Twitter: [Sat Jan 10 21:58:47 +0000 2015](https://twitter.com/adulau/status/554034643209838592)) +---- +During the 4 hours workshop with my students, we did a simple Malware Classifier based on their network capture https://github.com/adulau/MalwareClassifier + +(Originally on Twitter: [Sat Jan 10 23:13:41 +0000 2015](https://twitter.com/adulau/status/554053495335448576)) +---- +Some pictures I took during the @fraclorraine art event and performances of yesterday. Nice event. https://www.flickr.com/search/?w=31797858@N00&q=%22frac%20lorraine%22 + +(Originally on Twitter: [Sun Jan 11 10:26:35 +0000 2015](https://twitter.com/adulau/status/554222836685230080)) +---- +If you used Python networkx for fast prototyping and analysis of graphs, you should have a look at graph-tool http://graph-tool.skewed.de/ + +(Originally on Twitter: [Sun Jan 11 15:51:21 +0000 2015](https://twitter.com/adulau/status/554304563277488129)) +---- +Hi @hdmoore and @repmovsb have you evaluated the possibility to scan for SSL with SNI using a Passive DNS dataset? + +(Originally on Twitter: [Sun Jan 11 16:53:09 +0000 2015](https://twitter.com/adulau/status/554320115937067008)) +---- +@lennarthaagsma Yes, I'm. The Passive CRL will follow but more work is foreseen for the storage of the time series. + +(Originally on Twitter: [Sun Jan 11 16:57:28 +0000 2015](https://twitter.com/adulau/status/554321204598013954)) +---- +@repmovsb Cool. Sure, I can share with you a dump of passive DNS records. @hdmoore + +(Originally on Twitter: [Sun Jan 11 16:59:31 +0000 2015](https://twitter.com/adulau/status/554321718811328512)) +---- +@flamsmark They make fun of all religions (also the State, the army, capitalism,...). They just forgot pastafarianism until now. @ioerror + +(Originally on Twitter: [Sun Jan 11 17:46:17 +0000 2015](https://twitter.com/adulau/status/554333489215307777)) +---- +@flamsmark Just wondering, have you ever read an irreverent and satirical magazine like Charlie Hebdo or le Canard Enchainé? @ioerror + +(Originally on Twitter: [Sun Jan 11 18:50:17 +0000 2015](https://twitter.com/adulau/status/554349594390577152)) +---- +@lennarthaagsma Don't forget that Passive DNS tend to be a representation of their localisation cc @Kaplan_CERTat + +(Originally on Twitter: [Sun Jan 11 19:13:00 +0000 2015](https://twitter.com/adulau/status/554355313911291904)) +---- +RT @torproject: Remembering Aaron Swartz today. We dedicated Tor 0.2.4 to him https://lists.torproject.org/pipermail/tor-talk/2013-December/031392.html He inspired millions of people, inclu… + +(Originally on Twitter: [Sun Jan 11 21:42:05 +0000 2015](https://twitter.com/adulau/status/554392828571566081)) +---- +RT @StevenVanAcker: it was approved! http://data.singularity.be/phd/thesis.pdf @tomvangoethem + +(Originally on Twitter: [Mon Jan 12 10:42:15 +0000 2015](https://twitter.com/adulau/status/554589164419973120)) +---- +@pidgeyL Merged ;-) Thx @wimremes + +(Originally on Twitter: [Mon Jan 12 14:49:46 +0000 2015](https://twitter.com/adulau/status/554651453575671808)) +---- +@rommelfs That's why we are currently rewriting Flying Pig... by the way we need to change the logo and the web interface. + +(Originally on Twitter: [Mon Jan 12 14:56:15 +0000 2015](https://twitter.com/adulau/status/554653088632799233)) +---- +@rommelfs You are right but we would need something like flying elephants. It reminds me to add the RSA modulus in the data store. + +(Originally on Twitter: [Mon Jan 12 15:04:27 +0000 2015](https://twitter.com/adulau/status/554655148656844801)) +---- +@altquinn I let you guess which picture I just saw http://www.infres.enst.fr/~pautet/Ada95/e_c18_p3.ada ;-) + +(Originally on Twitter: [Mon Jan 12 19:08:37 +0000 2015](https://twitter.com/adulau/status/554716596762312705)) +---- +@altquinn and it's better than the Appelbaum - Knuth t-shirt recursion... + +(Originally on Twitter: [Mon Jan 12 19:13:24 +0000 2015](https://twitter.com/adulau/status/554717800930242560)) +---- +RT @rescrv: The new release from @HyperDexTeam is packed with goodies, including a #MongoDB compatibility layer, timestamp support, and mor… + +(Originally on Twitter: [Mon Jan 12 19:45:30 +0000 2015](https://twitter.com/adulau/status/554725877943402498)) +---- +Still wondering why you shouldn't wireless keyboard http://samy.pl/keysweeper/ + +(Originally on Twitter: [Mon Jan 12 19:48:35 +0000 2015](https://twitter.com/adulau/status/554726656154537984)) +---- +RT @anttitikkanen: Lizard Squad botnet source code leaked: https://github.com/pop-pop-ret/lizkebab/ … Gotta love the optimism with the server side code. htt… + +(Originally on Twitter: [Tue Jan 13 05:32:53 +0000 2015](https://twitter.com/adulau/status/554873699636379649)) +---- +On the GCHQ slides about Flying Pig, the slides"cyber applications" shows not only diginotar but internal certificate from "loreal" proxy. + +(Originally on Twitter: [Tue Jan 13 13:10:09 +0000 2015](https://twitter.com/adulau/status/554988771880755200)) +---- +@ClausHoumann https://www.libwalk.so/files/31c3/media-35521.pdf P11 + +(Originally on Twitter: [Tue Jan 13 16:00:55 +0000 2015](https://twitter.com/adulau/status/555031747784876033)) +---- +@ClausHoumann Intercepting proxies for large organization are used and done internally. So where do they tap to get loreal internal SSL? + +(Originally on Twitter: [Tue Jan 13 16:24:55 +0000 2015](https://twitter.com/adulau/status/555037787523915776)) +---- +@ClausHoumann It seems they issued intercepting SSL certs for their internal networks but wondering why GCHQ saw them. Maybe a lost user ;-) + +(Originally on Twitter: [Tue Jan 13 16:34:53 +0000 2015](https://twitter.com/adulau/status/555040298603388928)) +---- +@nitot RSA BSAFE, TCP-32764 in Linksys,... don't forget that every vulnerability can be considered as a backdoor. + +(Originally on Twitter: [Tue Jan 13 16:42:12 +0000 2015](https://twitter.com/adulau/status/555042139391148032)) +---- +Interesting project https://github.com/WillYee/syscall_hooker "hooking system calls globally on OS X 10.9.5 " I didn't test it. + +(Originally on Twitter: [Tue Jan 13 18:33:24 +0000 2015](https://twitter.com/adulau/status/555070120419393537)) +---- +RT @circl_lu: Vulnerability in Windows Telnet Service Could Allow Remote Code Execution https://technet.microsoft.com/library/security/ms15-002 MS15-002 http://t.co/ZOexC… + +(Originally on Twitter: [Wed Jan 14 10:21:14 +0000 2015](https://twitter.com/adulau/status/555308654120140800)) +---- +RT @robertduncan: https://www.openssl.org/about/codingstyle.txt: "Do not unnecessarily use braces around a single statement" - nooo! repeat of goto fail here we … + +(Originally on Twitter: [Wed Jan 14 10:27:29 +0000 2015](https://twitter.com/adulau/status/555310227206455297)) +---- +"LaTeX users may suffer a loss in productivity when LaTeX is used" http://journals.plos.org/plosone/article?id=10.1371/journal.pone.0115069 Now it's official I'm unproductive... + +(Originally on Twitter: [Wed Jan 14 13:42:28 +0000 2015](https://twitter.com/adulau/status/555359293294530561)) +---- +@nicoe I suppose they compared someone writing a CS article doing Lambda proof and a sport/psychology paper. The productivity is different. + +(Originally on Twitter: [Wed Jan 14 14:00:49 +0000 2015](https://twitter.com/adulau/status/555363913240690688)) +---- +RT @doegox: @adulau I thought productivity was measured by writing code, not by writing reports ;-) + +(Originally on Twitter: [Wed Jan 14 20:14:38 +0000 2015](https://twitter.com/adulau/status/555457985418637313)) +---- +Now we have a clear example of a security implication of the risks to not put in public domain the ISO/ANSI docs http://blog.cryptographyengineering.com/2015/01/hopefully-last-post-ill-ever-write-on.html + +(Originally on Twitter: [Thu Jan 15 08:05:17 +0000 2015](https://twitter.com/adulau/status/555636826308763650)) +---- +We must be the 1st April... https://twitter.com/LouiseMensch/status/555670372507725824 #encryption + +(Originally on Twitter: [Thu Jan 15 18:05:32 +0000 2015](https://twitter.com/adulau/status/555787885807669248)) +---- +@kaizeronion You mean that the next step will be an European Clipper chip... I don't know why I feel like the early nineties. + +(Originally on Twitter: [Fri Jan 16 05:35:30 +0000 2015](https://twitter.com/adulau/status/555961520203759616)) +---- +RT @tqbf: Moxie: “Shouldn’t it be laughable that the current first step in deploying DNSSEC is to create an account with GoDaddy?” + +(Originally on Twitter: [Fri Jan 16 05:41:19 +0000 2015](https://twitter.com/adulau/status/555962983667728385)) +---- +Great discussion today with the @DragonResearch team on future research. More will be publish soon. @teamcymru + +(Originally on Twitter: [Fri Jan 16 20:33:29 +0000 2015](https://twitter.com/adulau/status/556187505029296128)) +---- +What do you think of the OpenSSH backdoor PANT SPARTY described in this new NSA document? @damienmiller http://www.spiegel.de/media/media-35663.pdf + +(Originally on Twitter: [Sat Jan 17 17:56:42 +0000 2015](https://twitter.com/adulau/status/556510438687772674)) +---- +If you had the USS Annapolis SSN-760 in your neighbourhood, this might smell interception/exploitation... http://www.spiegel.de/media/media-35657.pdf (slide 27) + +(Originally on Twitter: [Sat Jan 17 18:54:00 +0000 2015](https://twitter.com/adulau/status/556524857266294785)) +---- +RT @nolaforensix: The DFRWS 2015 Forensics Challenge is released: http://www.cs.uno.edu/~golden/gpu-malware-research.html #gpumalware #dfir #dfrws #infosec @DFRWS + +(Originally on Twitter: [Sat Jan 17 19:04:17 +0000 2015](https://twitter.com/adulau/status/556527444728246274)) +---- +RT @botherder: If you're using http://viper.li 1.1 and want to keep up with latest developments, you should update update.py https:/… + +(Originally on Twitter: [Sat Jan 17 21:40:31 +0000 2015](https://twitter.com/adulau/status/556566761773219840)) +---- +RT @ioerror: In our latest @DerSPIEGEL we released a WARRIORPRIDE malware sample of the QWERTY keylogger program: http://www.spiegel.de/media/media-35668.pdf cc… + +(Originally on Twitter: [Sun Jan 18 08:04:02 +0000 2015](https://twitter.com/adulau/status/556723676369137664)) +---- +@SteveClement Incredible! I'm sure @tricaud will approve and jump directly in the sandbox. + +(Originally on Twitter: [Sun Jan 18 09:41:45 +0000 2015](https://twitter.com/adulau/status/556748268953436160)) +---- +http://www.spiegel.de/media/media-35688.pdf (slide 18) CSEC Checking for MM Carbon malware? @r00tbsd + +(Originally on Twitter: [Sun Jan 18 17:25:24 +0000 2015](https://twitter.com/adulau/status/556864947096133632)) +---- +@ClausHoumann You could be surprised... but we can discuss about it around an orange juice. @r00tbsd + +(Originally on Twitter: [Sun Jan 18 17:47:43 +0000 2015](https://twitter.com/adulau/status/556870566825979904)) +---- +@taziden Rien n'est noir, rien n'est blanc. Combien de gens de la NSA contribuent au logiciel libre... et aide aussi la communauté ;-) + +(Originally on Twitter: [Sun Jan 18 20:50:33 +0000 2015](https://twitter.com/adulau/status/556916575958466563)) +---- +@taziden Il me semble que le pourcentage est plus faible pour l’Europe (hors UK)... mais j'ai aussi souvent cette question qui me taraude. + +(Originally on Twitter: [Sun Jan 18 20:58:09 +0000 2015](https://twitter.com/adulau/status/556918489597100032)) +---- +Just saw a marketing leaflet with the word "cyberprotection". I suppose it's a synonym for "secure software". We know it's the reality... + +(Originally on Twitter: [Mon Jan 19 20:13:47 +0000 2015](https://twitter.com/adulau/status/557269711344644096)) +---- +RT @circl_lu: "Go Static or Go Home In the end, dynamic systems are simply less secure." http://queue.acm.org/detail.cfm?id=2721993 by @paulvixie + +(Originally on Twitter: [Tue Jan 20 13:41:54 +0000 2015](https://twitter.com/adulau/status/557533478632554496)) +---- +RT @angealbertini: a single PNG file, 3 pictures +http://wiki.yobi.be/wiki/PNG_Merge +by @doegox and I +original idea by @reversity ![](media/557552776675594240-B7xlO9jCEAAK5yU.jpg) + +(Originally on Twitter: [Tue Jan 20 14:58:35 +0000 2015](https://twitter.com/adulau/status/557552776675594240)) +---- +@quinnnorton Not sure about the weighted distribution over the 2^32 IP space. But don't expect software to be secure... @vincib @Wxcafe + +(Originally on Twitter: [Tue Jan 20 16:30:32 +0000 2015](https://twitter.com/adulau/status/557575918928265216)) +---- +@quinnnorton and without accounting the OPSEC part of each system administrator. But we are close to a huge n-body equation @vincib @Wxcafe + +(Originally on Twitter: [Tue Jan 20 16:33:21 +0000 2015](https://twitter.com/adulau/status/557576625563631616)) +---- +@quinnnorton IMHO we are facing an ecological system issue with security components. We need to increase diversity to keep stability. + +(Originally on Twitter: [Tue Jan 20 17:04:26 +0000 2015](https://twitter.com/adulau/status/557584448276156416)) +---- +@quinnnorton What can we do? Promoting diversity (where cost is an issue) or promoting the abuse to increase the community problem/reaction. + +(Originally on Twitter: [Tue Jan 20 17:11:17 +0000 2015](https://twitter.com/adulau/status/557586173787656193)) +---- +RT @Regiteric: That QRcode on a Paix Dieu beer glass make me think to @stricaud and @adulau at cansecwest. (Cc @r00tbsd) http://t.co/N61jEX… + +(Originally on Twitter: [Wed Jan 21 05:36:51 +0000 2015](https://twitter.com/adulau/status/557773798716743681)) +---- +@newsoft On peut remarquer que le cadenas est ouvert... @veorq @doegox + +(Originally on Twitter: [Wed Jan 21 10:01:08 +0000 2015](https://twitter.com/adulau/status/557840307170324480)) +---- +RT @cBekrar: A must read doc about impacts/risks of the new EU export regulation on researchers (vulns, exploits, fuzzers, etc) http://t.co… + +(Originally on Twitter: [Thu Jan 22 12:44:49 +0000 2015](https://twitter.com/adulau/status/558243890692890625)) +---- +@thegrugq Have you successfully run it on a sample corpus (like pastes or Gutenberg project files )? Seeing java7 renders me nervous. + +(Originally on Twitter: [Thu Jan 22 17:46:02 +0000 2015](https://twitter.com/adulau/status/558319692470026241)) +---- +RT @circl_lu: CIRCL Responsible Vulnerability Disclosure process is documented https://www.circl.lu/pub/responsible-vulnerability-disclosure/ + +(Originally on Twitter: [Fri Jan 23 19:18:41 +0000 2015](https://twitter.com/adulau/status/558705397771808768)) +---- +Searching for test disks for my forensic analysis classes, I bought via eBay some old disks. the analysis results are more than disturbing. + +(Originally on Twitter: [Fri Jan 23 20:14:52 +0000 2015](https://twitter.com/adulau/status/558719537261318145)) +---- +RT @tunguuz: @adulau Seek for tape devices with tapes within. This usually happens when PSU breaks in the middle of the backup + +(Originally on Twitter: [Sat Jan 24 05:31:07 +0000 2015](https://twitter.com/adulau/status/558859522392195074)) +---- +RT @scarybeasts: Project Zero blog: a fascinating exploit for the Linux Nvidia driver from Lee Campbell, with two race conditions: http://t… + +(Originally on Twitter: [Sat Jan 24 05:33:57 +0000 2015](https://twitter.com/adulau/status/558860234178195456)) +---- +A 512-byte boot loader displaying ASCII Goatse on boot by @skier_t https://github.com/jbremer/goatse.mbr + +(Originally on Twitter: [Sat Jan 24 16:32:19 +0000 2015](https://twitter.com/adulau/status/559025919046983680)) +---- +RT @circl_lu: "Adobe expects to have a patch available for CVE-2015-0311 during the week of January 26. " http://helpx.adobe.com/security/products/flash-player/apsa15-01.html + +(Originally on Twitter: [Sat Jan 24 16:45:47 +0000 2015](https://twitter.com/adulau/status/559029306194935808)) +---- +@bortzmeyer Surtout quand les WP compromis sont utilisés par des acteurs gouvernementaux... @fo0_ + +(Originally on Twitter: [Sat Jan 24 17:06:03 +0000 2015](https://twitter.com/adulau/status/559034406204342272)) +---- +RT @kyrah: IMPENETRABLE TO STANDARD HACKING METHODS MT @achillean This sort of advice is why control systems are on the Internet http://t.c… + +(Originally on Twitter: [Mon Jan 26 10:09:24 +0000 2015](https://twitter.com/adulau/status/559654327053484032)) +---- +Thank you very much @pidgeyL . Merged upstream https://github.com/adulau/cve-search + +(Originally on Twitter: [Mon Jan 26 10:31:48 +0000 2015](https://twitter.com/adulau/status/559659966739775489)) +---- +A very interesting power analysis of the RasPi before boot to find potential malicious access to USB https://github.com/CIRCL/Circlean/blob/master/doc/Technical_Notes/TNO_Raspi_boot.pdf cc/ @ddurvaux + +(Originally on Twitter: [Mon Jan 26 11:29:17 +0000 2015](https://twitter.com/adulau/status/559674431447261184)) +---- +RT @circl_lu: kde-workspace, plasma-workspace: X11 clients can eavesdrop input events while screen is locked http://cve.circl.lu/cve/CVE-2015-1308 + +(Originally on Twitter: [Tue Jan 27 09:09:50 +0000 2015](https://twitter.com/adulau/status/560001725281861635)) +---- +@aeris22 Dans un espace public? Je ne vois pas pourquoi un photographe devrait demander une autorisation avant de prendre une photo... + +(Originally on Twitter: [Thu Jan 29 19:30:40 +0000 2015](https://twitter.com/adulau/status/560882738727616512)) +---- +@aeris22 Et les caméras de surveillance dans les espaces publics? J'ai une théorie sur la question... http://www.foo.be/photoblog/posts/surveillance-camera-versus-photography.html + +(Originally on Twitter: [Thu Jan 29 19:57:40 +0000 2015](https://twitter.com/adulau/status/560889534272266240)) +---- +RT @circl_lu: Wondering about Java application and #GHOST vulnerability - check CIRCL TR-31 http://www.circl.lu/pub/tr-31/#java + +(Originally on Twitter: [Fri Jan 30 15:26:45 +0000 2015](https://twitter.com/adulau/status/561183745416642560)) +---- +Working on @DragonResearch dataset and found some interesting UDP source port distribution https://github.com/dragonresearchgroup/conficker-research-tools ![](media/561276143492669440-B8oNrXvCUAANXlD.png) + +(Originally on Twitter: [Fri Jan 30 21:33:55 +0000 2015](https://twitter.com/adulau/status/561276143492669440)) +---- +Key rotation in OpenSSH 6.8+ http://blog.djm.net.au/2015/02/key-rotation-in-openssh-68.html + +(Originally on Twitter: [Sun Feb 01 11:28:30 +0000 2015](https://twitter.com/adulau/status/561848561349181441)) +---- +About statistics with only port 443 doing TLS in FLYING PIG https://www.koen.io/2013/12/flying-pig-gchq-tls-ssl-knowledge-base/ @koenrh collection was done port-based and not dpi-based + +(Originally on Twitter: [Sun Feb 01 14:04:46 +0000 2015](https://twitter.com/adulau/status/561887887965581314)) +---- +RT @halvarflake: Legal frameworks and legislation can't help you. Privacy and freedom only to those with the means to take it. + +(Originally on Twitter: [Sun Feb 01 14:55:59 +0000 2015](https://twitter.com/adulau/status/561900776168370177)) +---- +The @asscert website is down. Maybe @ISC2 decided to DDoS their main competitor? cc/ @shrekts + +(Originally on Twitter: [Sun Feb 01 15:14:02 +0000 2015](https://twitter.com/adulau/status/561905319732056064)) +---- +@msuiche Looks good. Maybe I'll replace my 5DIII but the new sensor seems very tempting for landscape photography. https://www.flickr.com/photos/adulau + +(Originally on Twitter: [Sun Feb 01 17:20:17 +0000 2015](https://twitter.com/adulau/status/561937092885098497)) +---- +@thisisdebasish Have you tried the Sigma 50/1.4 on a 5DIII? I'm curious how it compares to the Canon 35/1.4 L @msuiche + +(Originally on Twitter: [Sun Feb 01 17:58:33 +0000 2015](https://twitter.com/adulau/status/561946722415697920)) +---- +Group call with a software vendor that needs to fix a vulnerability. "No, it's not an vulnerability! It's a hidden interface"... #wtf + +(Originally on Twitter: [Sun Feb 01 18:37:17 +0000 2015](https://twitter.com/adulau/status/561956470171111424)) +---- +@addelindh and Java is written in C and often relying on the glibc library. @MarioVilas @drraid @julianor @bleidl @ansciath + +(Originally on Twitter: [Sun Feb 01 20:30:22 +0000 2015](https://twitter.com/adulau/status/561984927076712448)) +---- +cve-search https://github.com/adulau/cve-search many updates and bug fixes from @adulau @pidgeyL and psychedelys #CVE + +(Originally on Twitter: [Tue Feb 03 21:29:43 +0000 2015](https://twitter.com/adulau/status/562724638510551042)) +---- +"up-to-5-year retention period for such information will begin when the information has been intelligible" Loophole, Loophole and loophole. + +(Originally on Twitter: [Tue Feb 03 22:05:12 +0000 2015](https://twitter.com/adulau/status/562733570364805120)) +---- +Sometime you should just relax, drink a huge lapsang souchong and enjoy @fyvm + +(Originally on Twitter: [Thu Feb 05 19:10:08 +0000 2015](https://twitter.com/adulau/status/563414288623087617)) +---- +A recursive statement in a leaked doc. "We assess that any data on classified NATO networks is at potential risk" http://cryptome.org/2015/02/dni-nato-cyber-panel-intercept-15-0204.pdf + +(Originally on Twitter: [Thu Feb 05 19:15:23 +0000 2015](https://twitter.com/adulau/status/563415607366799360)) +---- +By the way, I just gave 200,- EUR to @gnupg I hope that Curve25519-based encryption support will be added this year... + +(Originally on Twitter: [Fri Feb 06 09:50:31 +0000 2015](https://twitter.com/adulau/status/563635845107023872)) +---- +@X_Cli Tu proposes quel format "non pourri" comme remplacement à la RFC 4880? + +(Originally on Twitter: [Fri Feb 06 10:02:24 +0000 2015](https://twitter.com/adulau/status/563638831728304128)) +---- +@X_Cli Si tu fais une publication à CT-RSA sur les failles du format OpenPGP, j'espère qu'il y a un état de l'art sur les autres formats. + +(Originally on Twitter: [Fri Feb 06 10:16:16 +0000 2015](https://twitter.com/adulau/status/563642322039353344)) +---- +@X_Cli Donc tu préfères le format PKCS #12? + +(Originally on Twitter: [Fri Feb 06 10:27:52 +0000 2015](https://twitter.com/adulau/status/563645242541604865)) +---- +@X_Cli Ok donc la RFC 4880 est la seule solution viable et interopérable pour l'instant. @bortzmeyer + +(Originally on Twitter: [Fri Feb 06 10:35:52 +0000 2015](https://twitter.com/adulau/status/563647254951919616)) +---- +@bortzmeyer http://safecurves.cr.yp.to/ ANSSI FRP256v1 n'est pas considérée comme "Safe"... + +(Originally on Twitter: [Fri Feb 06 10:39:16 +0000 2015](https://twitter.com/adulau/status/563648109461651457)) +---- +@X_Cli Pour complexifier la discussion GnuPG >=2 supporte CMS ;-) @bortzmeyer + +(Originally on Twitter: [Fri Feb 06 10:50:03 +0000 2015](https://twitter.com/adulau/status/563650826879909888)) +---- +@dipdip11 @matthew_d_green Nope the encryption format for Ed25519 is not formalized - only signing is supported in 2.1 @ioerror @gnupg + +(Originally on Twitter: [Fri Feb 06 12:35:57 +0000 2015](https://twitter.com/adulau/status/563677477495902208)) +---- +RT @SwiftOnSecurity: Quote Of The Day: ![](media/563711785606598656-B9KzstWCcAIuNgf.jpg) + +(Originally on Twitter: [Fri Feb 06 14:52:17 +0000 2015](https://twitter.com/adulau/status/563711785606598656)) +---- +RT @pidgeyL: #CVEsearch got a sister project, #CVEscan, an #NMap to CVE translator at https://github.com/NorthernSec/CVE-Scan + +(Originally on Twitter: [Sun Feb 08 10:48:50 +0000 2015](https://twitter.com/adulau/status/564375293411205120)) +---- +RT @gentilkiwi: France is selective: I had to go in Russia, USA, Swiss... for 2 years, in order to speak about #infosec in my own country! +… + +(Originally on Twitter: [Sun Feb 08 10:51:57 +0000 2015](https://twitter.com/adulau/status/564376077486022658)) +---- +Turning Regular Code Into Atrocities With LLVM by @quarkslab http://blog.quarkslab.com/turning-regular-code-into-atrocities-with-llvm.html + +(Originally on Twitter: [Sun Feb 08 10:55:23 +0000 2015](https://twitter.com/adulau/status/564376941604896769)) +---- +A photo from the train station in Arlon @SNCB https://www.flickr.com/photos/adulau/16285549549/ #photography #sooc #blackandwhite + +(Originally on Twitter: [Sun Feb 08 12:29:50 +0000 2015](https://twitter.com/adulau/status/564400714177605633)) +---- +@fcouchet Ce qui est dommage c'est le manque de stratégie de la FSF concernant le financement des développeurs libres sous "assignment FSF". + +(Originally on Twitter: [Sun Feb 08 13:15:49 +0000 2015](https://twitter.com/adulau/status/564412282785247232)) +---- +@Serianox_ Les fichiers chiffrés en ACID sont assez recherchés par certains malware http://www.kaspersky.com/about/news/virus/2013/Kaspersky_Lab_Identifies_Operation_Red_October_an_Advanced_Cyber_Espionage_Campaign_Targeting_Diplomatic_and_Government_Institutions_Worldwide @mmu_man + +(Originally on Twitter: [Mon Feb 09 16:42:31 +0000 2015](https://twitter.com/adulau/status/564826690258755584)) +---- +@Serianox_ Maintenant on peut se poser la question... Comment il déchiffre les fichiers ACID? en volant les clés en mémoire? ou ... @mmu_man + +(Originally on Twitter: [Mon Feb 09 16:45:29 +0000 2015](https://twitter.com/adulau/status/564827435234250752)) +---- +RT @doegox: After @0vercl0k, @kutioo, @Shiftreduce, here is my write-up of @elvanderb NSC2013 challenge, now breaking the key http://t.co/0… + +(Originally on Twitter: [Mon Feb 09 20:20:35 +0000 2015](https://twitter.com/adulau/status/564881567001378816)) +---- +RT @circl_lu: CIRCL TR-32 - key-value store and NoSQL security recommendations http://www.circl.lu/pub/tr-32/ + +(Originally on Twitter: [Tue Feb 10 08:32:05 +0000 2015](https://twitter.com/adulau/status/565065654450270209)) +---- +@botherder It's very common from @CrowdStrike but I suppose they count the western campaigns from HK or CN ORB as China. + +(Originally on Twitter: [Tue Feb 10 14:43:24 +0000 2015](https://twitter.com/adulau/status/565159100062126080)) +---- +Remember my tweet with @xme in December about HEETHAILIMITED AS going crazy https://twitter.com/adulau/status/544052324449394688 there is now a @fireeye blog post about + +(Originally on Twitter: [Tue Feb 10 16:33:36 +0000 2015](https://twitter.com/adulau/status/565186833672196096)) +---- +Il me semble que @bortzmeyer fume un peu la moquette donc je vais changer mes enregistrements PTR de "sinkhole" vers "evier" ;-) + +(Originally on Twitter: [Tue Feb 10 21:31:58 +0000 2015](https://twitter.com/adulau/status/565261920232808451)) +---- +RT @Maijin212: @H_Miser @milkmix_ What about MISP? It is used in #Luxembourg and others. @circl_lu is providing on request access on their … + +(Originally on Twitter: [Wed Feb 11 21:02:42 +0000 2015](https://twitter.com/adulau/status/565616943580061698)) +---- +A new approach to "solve" free software licensing issues where proprietary orgs decided to not release source code... http://cryptome.org/2015/02/parastoo-viasat-idirect.htm + +(Originally on Twitter: [Wed Feb 11 21:31:47 +0000 2015](https://twitter.com/adulau/status/565624263022223360)) +---- +@btabaka Concernant les recommendations, "key-value store and NoSQL security recommendations" https://www.circl.lu/pub/tr-32/ + +(Originally on Twitter: [Thu Feb 12 07:11:19 +0000 2015](https://twitter.com/adulau/status/565770105083404288)) +---- +Generate better random numbers in WordPress - interesting comments... https://core.trac.wordpress.org/ticket/28633 + +(Originally on Twitter: [Fri Feb 13 05:47:58 +0000 2015](https://twitter.com/adulau/status/566111517687685123)) +---- +@CasparBowden Could you elaborate? @edri work seems to be always in good faith. Where the manipulation is from? funding? or something else? + +(Originally on Twitter: [Fri Feb 13 14:26:45 +0000 2015](https://twitter.com/adulau/status/566242076049031168)) +---- +@CasparBowden I know that. But what an EU-based NGO can practically do against FISA? and EFF led it already in 2006 (e.g. room 641A case). + +(Originally on Twitter: [Fri Feb 13 14:57:54 +0000 2015](https://twitter.com/adulau/status/566249912178733056)) +---- +@CasparBowden Intel agencies will continue (laws will be changed in their favour). http://www.foo.be/eavesdropping-what-to-do/ Change the interception model... + +(Originally on Twitter: [Fri Feb 13 15:26:24 +0000 2015](https://twitter.com/adulau/status/566257085240074240)) +---- +RT @circl_lu: CIRCLean - the USB cleaner - documentation updated for the end-users http://www.circl.lu/assets/images/CIRCLean/circlean-usage-h.pdf http://www.circl.lu/projects/CIRCLean/ #infosec + +(Originally on Twitter: [Fri Feb 13 16:06:04 +0000 2015](https://twitter.com/adulau/status/566267068035915776)) +---- +After the waterfall model, scrum methods, XP or even the Lean development model, we have the impressive @SteveClement model. + +(Originally on Twitter: [Fri Feb 13 16:27:31 +0000 2015](https://twitter.com/adulau/status/566272468470755329)) +---- +Some pictures http://www.foo.be/gipl/ of the improvisation battle between @HeroCorp and the GIPL Luxembourg cc/ @meyny + +(Originally on Twitter: [Sun Feb 15 10:45:11 +0000 2015](https://twitter.com/adulau/status/566911092027559936)) +---- +@bortzmeyer Maybe the warning is there because it's so rare to have no parsing error... + +(Originally on Twitter: [Sun Feb 15 10:46:26 +0000 2015](https://twitter.com/adulau/status/566911406273208320)) +---- +@botherder Maybe focusing on improving the ICC http://www.icc-cpi.int + +(Originally on Twitter: [Sun Feb 15 10:52:44 +0000 2015](https://twitter.com/adulau/status/566912990096932864)) +---- +RT @blackswanburst: Some folks I know @OpenMirage have issued a very fair and transparent bounty: http://ownme.ipredator.se/ @k8em0 + +(Originally on Twitter: [Sun Feb 15 11:00:44 +0000 2015](https://twitter.com/adulau/status/566915002574323712)) +---- +@AlexArchambault Donc la base TES sera accessible à INTERPOL (190 pays) + Schengen (26 pays) via des agents de la DCPJ? @taziden @CNIL + +(Originally on Twitter: [Sun Feb 15 11:12:07 +0000 2015](https://twitter.com/adulau/status/566917867602731008)) +---- +RT @halvarflake: @botherder @privacyint Perhaps. Perhaps the idiots responsible for pushing this legislation should have tried to think bef… + +(Originally on Twitter: [Sun Feb 15 11:19:41 +0000 2015](https://twitter.com/adulau/status/566919772009672704)) +---- +@craiu "We don’t have any samples from the Equation Group from 2014..." maybe you have the samples but don't look at the right location... + +(Originally on Twitter: [Mon Feb 16 21:43:19 +0000 2015](https://twitter.com/adulau/status/567439102824706048)) +---- +RT @pinkflawd: can't help it but tell everyone, IVE SEEN THAT COMING with the deathstar at @hack_lu http://2014.hack.lu/archive/2014/TSNOFORN.pdf http://t.co/lWaj… + +(Originally on Twitter: [Tue Feb 17 09:28:07 +0000 2015](https://twitter.com/adulau/status/567616472021991425)) +---- +RT @circl_lu: TR-33 Analysis - CTB-Locker / Critroni published http://www.circl.lu/pub/tr-33/ + +(Originally on Twitter: [Tue Feb 17 16:15:23 +0000 2015](https://twitter.com/adulau/status/567718964198113280)) +---- +RT @circl_lu: The fanny malware described in #EquationGroup by @kaspersky https://securelist.com/blog/research/68787/a-fanny-equation-i-am-your-father-stuxnet/ could be avoided with CIRCLean http://t.c… + +(Originally on Twitter: [Tue Feb 17 16:49:32 +0000 2015](https://twitter.com/adulau/status/567727557442031618)) +---- +"Meet Babar, a New Malware Almost Certainly Created by France" http://motherboard.vice.com/read/meet-babar-a-new-malware-almost-certainly-created-by-france Don't forget it's just the tip of the iceberg... + +(Originally on Twitter: [Wed Feb 18 10:32:25 +0000 2015](https://twitter.com/adulau/status/567995040011853824)) +---- +RT @pinkflawd: ... and ended up shooting an elephant https://drive.google.com/a/cyphort.com/file/d/0B9Mrr-en8FX4dzJqLWhDblhseTA/view + +(Originally on Twitter: [Wed Feb 18 10:35:43 +0000 2015](https://twitter.com/adulau/status/567995873763979264)) +---- +RT @lesoir: #Babar, le logiciel espion français qui sévit au Moyen-Orient http://bit.ly/19vLHwk par @plicplic + +(Originally on Twitter: [Wed Feb 18 11:03:16 +0000 2015](https://twitter.com/adulau/status/568002804301881344)) +---- +@ClausHoumann It's still very slippery on the tip of the iceberg + +(Originally on Twitter: [Wed Feb 18 16:37:13 +0000 2015](https://twitter.com/adulau/status/568086844862300160)) +---- +"PowerSpy: Location Tracking using Mobile Device Power Analysis" #privacy http://arxiv.org/pdf/1502.03182v1.pdf + +(Originally on Twitter: [Wed Feb 18 19:51:17 +0000 2015](https://twitter.com/adulau/status/568135684822835200)) +---- +We had crazy ideas with @rafi0t of building tools for mobile shadow libraries... It seems the crazy idea might become more concrete soon. + +(Originally on Twitter: [Wed Feb 18 21:43:53 +0000 2015](https://twitter.com/adulau/status/568164020869591040)) +---- +RT @___wr___: @r00tbsd @cryptax @H_Miser ça me rappelle qu'un jour @adulau et @quinnnorton ont écrit ceci https://gist.github.com/adulau/6209099 + +(Originally on Twitter: [Fri Feb 20 07:53:41 +0000 2015](https://twitter.com/adulau/status/568679869825077248)) +---- +RT @ErrataRob: ...in other words, I've practically attacked this problem, proving it's not merely theoretical. ![](media/568681410028036096-B-PuZ80CMAAP6aq.png) + +(Originally on Twitter: [Fri Feb 20 07:59:48 +0000 2015](https://twitter.com/adulau/status/568681410028036096)) +---- +RT @circl_lu: Lenovo Superfish malware - CA test site https://filippo.io/Badfish/ and how to removal https://filippo.io/Badfish/removing.html + +(Originally on Twitter: [Fri Feb 20 08:05:22 +0000 2015](https://twitter.com/adulau/status/568682813123379200)) +---- +@veorq Quite funny to see Rohde and Schwarz doing such product while at the same time they sell 3G/GSM interception... + +(Originally on Twitter: [Fri Feb 20 08:11:15 +0000 2015](https://twitter.com/adulau/status/568684292110471168)) +---- +XKEYSCORE is used to find potential targets (not linked terrorism) especially if they use PGP-encrypted emails... https://prod01-cdn01.cdn.firstlook.org/wp-uploads/sites/1/2015/02/key-slide2.png + +(Originally on Twitter: [Fri Feb 20 11:26:58 +0000 2015](https://twitter.com/adulau/status/568733544262082560)) +---- +"Enjoy details" maybe a nice motivator for incident handling... https://www.flickr.com/photos/adulau/16589963892/ #photography + +(Originally on Twitter: [Fri Feb 20 14:04:44 +0000 2015](https://twitter.com/adulau/status/568773249707995136)) +---- +@cudeso It's part of "Windows Defender" but it's the "classical" hash/binary collector for the "Wisdom of the crowd" database... + +(Originally on Twitter: [Fri Feb 20 14:21:51 +0000 2015](https://twitter.com/adulau/status/568777556251582464)) +---- +RT @esizkur: With that access, backdooring the PRNG makes more sense than just extracting the keys. Just sayin' + +(Originally on Twitter: [Fri Feb 20 15:20:25 +0000 2015](https://twitter.com/adulau/status/568792296780644352)) +---- +@Dymaxion Maybe the issue is more fundamental. We tend to build tools for ourselves. Maybe we need more coders? To increase coder diversity. + +(Originally on Twitter: [Sat Feb 21 11:10:53 +0000 2015](https://twitter.com/adulau/status/569091888080420864)) +---- +RT @Dymaxion: .@adulau YES! This is huge. Single biggest failure mode caused by non-diverse teams. + +(Originally on Twitter: [Sat Feb 21 11:13:41 +0000 2015](https://twitter.com/adulau/status/569092591611994112)) +---- +Maybe you would like to revoke the following certificate "F171B0771F402CD90159FEC03FF45C49D436F890" @SSLsupport another #Superfish + +(Originally on Twitter: [Sat Feb 21 15:04:11 +0000 2015](https://twitter.com/adulau/status/569150597204742144)) +---- +Maybe you would like to revoke this certificate "8EEFF4361D6F62266F3465B9DC0F126315B46B25" @ThawteSupport another #Superfish + +(Originally on Twitter: [Sat Feb 21 15:07:58 +0000 2015](https://twitter.com/adulau/status/569151549043302400)) +---- +Another certificate to revoke "8A5D6271604151A985940821DDC5FEBF699E060A" @ThawteSupport another #Superfish + +(Originally on Twitter: [Sat Feb 21 15:13:41 +0000 2015](https://twitter.com/adulau/status/569152989509902339)) +---- +RT @mrgcastle: Write full packet capture to disk at 10Gbps, get packets for analysis selected by bpf https://github.com/google/stenographer + +(Originally on Twitter: [Sat Feb 21 16:27:50 +0000 2015](https://twitter.com/adulau/status/569171650358472705)) +---- +@alexanderjaeger I recently updated the structure to query a specific certificate fingerprint. Need to update the API (and doc) accordingly. + +(Originally on Twitter: [Sat Feb 21 17:20:10 +0000 2015](https://twitter.com/adulau/status/569184820259110912)) +---- +@alexanderjaeger By the way, I would need to do the same for the code-signing certificates. If you know good datasets, let me know. + +(Originally on Twitter: [Sat Feb 21 17:26:23 +0000 2015](https://twitter.com/adulau/status/569186383220371456)) +---- +Someone asked me who influenced me in #photography so I wrote a blog post "Influential Photographers" http://www.foo.be/photoblog/posts/influential-photographers.html + +(Originally on Twitter: [Sat Feb 21 17:36:21 +0000 2015](https://twitter.com/adulau/status/569188890403340288)) +---- +@ncweaver She still does it. A secure phone will not solve the issue as the majority of her network uses plain GSM network. @thegrugq + +(Originally on Twitter: [Sun Feb 22 16:31:35 +0000 2015](https://twitter.com/adulau/status/569534981061681152)) +---- +@thegrugq Indeed iMessage reduces the interception ability from many intelligence orgs that might target her (or relatives). @ncweaver + +(Originally on Twitter: [Sun Feb 22 16:37:32 +0000 2015](https://twitter.com/adulau/status/569536477283155969)) +---- +I hope that the Komodia recent public exposition will open the eyes of the organizations doing SSL interception on their proxies... + +(Originally on Twitter: [Sun Feb 22 21:03:27 +0000 2015](https://twitter.com/adulau/status/569603400209457152)) +---- +@FredLB What's the difference? Usually the company inserts a fake root CA in the company PC and centralizes "certificate validation". + +(Originally on Twitter: [Sun Feb 22 21:15:18 +0000 2015](https://twitter.com/adulau/status/569606378475692033)) +---- +@FredLB One of the issue is that the fake root CA private key is often not well protected within an organization and relies on crappy soft. + +(Originally on Twitter: [Sun Feb 22 21:22:47 +0000 2015](https://twitter.com/adulau/status/569608263060348929)) +---- +@FredLB Another issue is that you end up to do a pseudo-cert-validation on a edge devices that are often outdated and/or badly configured. + +(Originally on Twitter: [Sun Feb 22 21:24:36 +0000 2015](https://twitter.com/adulau/status/569608719719383041)) +---- +@FredLB The only way to detect misbehavior is to rely on diversity. DigiNotar issue was detected because of some users in Iran had Chrome. + +(Originally on Twitter: [Sun Feb 22 21:28:02 +0000 2015](https://twitter.com/adulau/status/569609586065457152)) +---- +@FredLB IMHO, the risk of doing SSL interception at the edge is too high compared to the benefit of doing it. + +(Originally on Twitter: [Sun Feb 22 21:30:41 +0000 2015](https://twitter.com/adulau/status/569610249671462912)) +---- +RT @rommelfs: @hgsupport Thanks, I see no more value in discussing with you. It's just advertising your slow abuse handling for people who … + +(Originally on Twitter: [Mon Feb 23 10:55:51 +0000 2015](https://twitter.com/adulau/status/569812880083853314)) +---- +@SSLsupport "F171B0771F402CD90159FEC03FF45C49D436F890" is there a reason why you don't revoke the certificate? cc/ @SwiftOnSecurity + +(Originally on Twitter: [Mon Feb 23 14:56:49 +0000 2015](https://twitter.com/adulau/status/569873521003900928)) +---- +RT @circl_lu: Critical Samba vulnerability (CVE-2015-0240) +https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/ - could potentially lead to arbitrary code execution + +(Originally on Twitter: [Mon Feb 23 16:17:19 +0000 2015](https://twitter.com/adulau/status/569893780104597504)) +---- +@SSLsupport Not it's certificate used by a malware (MD5 hash of the malware e108cbcc85fbc63ebeb449e0d45a671b ) @SwiftOnSecurity + +(Originally on Twitter: [Mon Feb 23 16:48:57 +0000 2015](https://twitter.com/adulau/status/569901738905497600)) +---- +@ThawteSupport It's not my certificate. It's a certificate used by a malware (MD5 hash of the malware ed1caf02e3bdd73b74d04be71314f2b1) + +(Originally on Twitter: [Mon Feb 23 16:52:07 +0000 2015](https://twitter.com/adulau/status/569902535743549440)) +---- +After #Superfish, what are the others like nitemedia lavasoft kl or md having same URL scheme as #Superfish ? https://www.virustotal.com/en/ip-address/207.182.156.18/information/ + +(Originally on Twitter: [Tue Feb 24 07:28:01 +0000 2015](https://twitter.com/adulau/status/570122962042548224)) +---- +@xme https://github.com/jesusprubio/bluebox-ng/blob/master/artifacts/dics/tftp.txt but maybe from a tftp honeypot we could build a better dictionary... + +(Originally on Twitter: [Tue Feb 24 07:45:14 +0000 2015](https://twitter.com/adulau/status/570127294259453952)) +---- +RT @circl_lu: As many hosting companies like @hostgator or @OVH warned, you should keep your WordPress and plugins updated http://t.co/wRlL… + +(Originally on Twitter: [Tue Feb 24 15:37:52 +0000 2015](https://twitter.com/adulau/status/570246238995656704)) +---- +@laurentchemla A la limite le Jean-Herve ;-) http://www.jeanherve.fr/category.php?id_category=56 + +(Originally on Twitter: [Tue Feb 24 16:36:59 +0000 2015](https://twitter.com/adulau/status/570261115550236672)) +---- +@SwiftOnSecurity 4) Keep logs and send it to everyone asking for it 5) Claim that you don't store logs on your VPN provider website. + +(Originally on Twitter: [Tue Feb 24 18:47:36 +0000 2015](https://twitter.com/adulau/status/570293987921281024)) +---- +RT @circl_lu: Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip - RCE http://cve.circl.lu/cve/CVE-2015-1315 found by @con… + +(Originally on Twitter: [Thu Feb 26 05:36:21 +0000 2015](https://twitter.com/adulau/status/570819635714650112)) +---- +Maybe some system administrators at IBM might wonder why there are so many visits in the past days for the IBM Netezza appliance... + +(Originally on Twitter: [Thu Feb 26 15:06:45 +0000 2015](https://twitter.com/adulau/status/570963184745631745)) +---- +Many bug fixes and updates in cve-search https://github.com/adulau/cve-search/ from @rafi0t @pidgeyL @adulau and https://github.com/mattoufoutu + +(Originally on Twitter: [Thu Feb 26 16:43:48 +0000 2015](https://twitter.com/adulau/status/570987606344912896)) +---- +RT @circl_lu: Some statistics about onions (Tor hidden services) https://blog.torproject.org/blog/some-statistics-about-onions + +(Originally on Twitter: [Fri Feb 27 07:24:32 +0000 2015](https://twitter.com/adulau/status/571209250313248768)) +---- +@JanGuth hack.lu 2015 - 20-22 October 2015 https://twitter.com/hack_lu/status/525594628805132288 @hack_lu @circl_lu @SteveClement @c3l_ @FrennVunDerEnn @virii + +(Originally on Twitter: [Fri Feb 27 20:43:42 +0000 2015](https://twitter.com/adulau/status/571410365407481856)) +---- +Hey @SteveClement it seems that @botherder triggered a good opportunity to pull your recent updates into @cuckoosandbox + +(Originally on Twitter: [Fri Feb 27 20:45:16 +0000 2015](https://twitter.com/adulau/status/571410763455340544)) +---- +Glad to see "SSH Agent Forwarding considered harmful" https://heipei.github.io/2015/02/26/SSH-Agent-Forwarding-considered-harmful/ + +(Originally on Twitter: [Sun Mar 01 19:41:36 +0000 2015](https://twitter.com/adulau/status/572119515145867265)) +---- +@leifnixon Indeed as long as no one controls SSH_ASKPASS or a funky administrator put /bin/true instead... + +(Originally on Twitter: [Sun Mar 01 20:05:28 +0000 2015](https://twitter.com/adulau/status/572125523226312704)) +---- +RT @bortzmeyer: Parfait pour ma causerie sur la souveraineté le 12 mars à JSSI. Alcatel veut accéder à vos communications chiffrées +http://… + +(Originally on Twitter: [Mon Mar 02 12:22:05 +0000 2015](https://twitter.com/adulau/status/572371293921808384)) +---- +Nice to see that our research from 2010 was used to do an improved system "RASSH - Reinforced Adaptive SSH Honeypot " http://www.comms.ro/openconf/modules/request.php?module=oc_program&action=view.php&id=89 + +(Originally on Twitter: [Mon Mar 02 12:53:18 +0000 2015](https://twitter.com/adulau/status/572379152499798016)) +---- +So @mozilla or @torproject are not accepted for @gsoc 2015 but GNU mailman is... maybe the priorities are different at @google + +(Originally on Twitter: [Tue Mar 03 13:50:21 +0000 2015](https://twitter.com/adulau/status/572755896956297216)) +---- +RT @circl_lu: @markrussinovich Is the certificate fingerprint "530806C2EDC23BEA92FFF8B740B3A9E1307AC119" ? Maybe @Comodo_SSL should revoke … + +(Originally on Twitter: [Wed Mar 04 08:05:00 +0000 2015](https://twitter.com/adulau/status/573031374137004032)) +---- +RT @blackswanburst: When you go to speak to business, ask where their budget for cyber is going and how they expect it to solve cyber. htt… + +(Originally on Twitter: [Wed Mar 04 08:21:50 +0000 2015](https://twitter.com/adulau/status/573035609385779200)) +---- +RT @martin_u: Vous avez aimé Babar et Evil Bunny ? Voici Casper, le logiciel espion cousin de Babar qui surveillait la Syrie http://t.co/c1… + +(Originally on Twitter: [Thu Mar 05 10:04:26 +0000 2015](https://twitter.com/adulau/status/573423817596538880)) +---- +RT @plicplic: Casper un malware particulièrement discret sur un serveur du ministère de la Justice syrien http://www.lesoir.be/812739/article/economie/vie-du-net/2015-03-05/casper-logiciel-qui-espionne-syrie + +(Originally on Twitter: [Thu Mar 05 10:10:26 +0000 2015](https://twitter.com/adulau/status/573425328737153025)) +---- +RT @circl_lu: CIRCL releases the source code of its URL Abuse software https://www.circl.lu/pub/press/20150305/ + +(Originally on Twitter: [Thu Mar 05 11:04:26 +0000 2015](https://twitter.com/adulau/status/573438915899756545)) +---- +cve-search a simple JSON web API has been added by @adulau and many new improvements to the web frontend by @pidgeyL https://github.com/adulau/cve-search + +(Originally on Twitter: [Thu Mar 05 22:29:05 +0000 2015](https://twitter.com/adulau/status/573611215500546049)) +---- +I'm thinking of building a PGP key server (not with public keys) but with all the private keys found at random places... + +(Originally on Twitter: [Thu Mar 05 22:46:50 +0000 2015](https://twitter.com/adulau/status/573615680756580352)) +---- +Mining public keys with IVRE http://pierre.droids-corp.org/blog/html/2015/03/06/mining_public_keys_with_ivre.html cc @blackswanburst + +(Originally on Twitter: [Fri Mar 06 07:32:10 +0000 2015](https://twitter.com/adulau/status/573747886573416448)) +---- +@remi_laurent I just discovered that Twitter is the new SIEM lookup interface... @rafi0t + +(Originally on Twitter: [Fri Mar 06 09:43:29 +0000 2015](https://twitter.com/adulau/status/573780931678498816)) +---- +My collection of trees grows https://www.flickr.com/photos/adulau/sets/72157626083564097 (not related to binary trees...) + +(Originally on Twitter: [Sat Mar 07 17:25:28 +0000 2015](https://twitter.com/adulau/status/574259584413646848)) +---- +@Arno0x0x Thank you very much. Nope, just my flickr account and hard-copies... + +(Originally on Twitter: [Mon Mar 09 05:35:41 +0000 2015](https://twitter.com/adulau/status/574805737941176320)) +---- +There are some organizations which are very happy with the recent announce from @TextSecure to drop encrypted SMS https://whispersystems.org/blog/goodbye-encrypted-sms/ + +(Originally on Twitter: [Mon Mar 09 15:07:18 +0000 2015](https://twitter.com/adulau/status/574949589968666625)) +---- +@tjh No because the sole encrypted SMS via TextSecure will be visible again... + +(Originally on Twitter: [Tue Mar 10 13:54:47 +0000 2015](https://twitter.com/adulau/status/575293724755947520)) +---- +RT @asciiwarrior: @adulau @rommelfs @circl_lu hi guys thanks for the incident response training today. I'm already thinking on the next st… + +(Originally on Twitter: [Tue Mar 10 16:05:09 +0000 2015](https://twitter.com/adulau/status/575326532450795520)) +---- +RT @circl_lu: CIRCLean - the USB key sanitizer - Images updated to version 1.2 and available at http://www.circl.lu/projects/CIRCLean/ + +(Originally on Twitter: [Tue Mar 10 16:05:37 +0000 2015](https://twitter.com/adulau/status/575326650918961152)) +---- +MS15-020 - CVE-2015-0096 seems to fix some very old bugs that no one never exploited... https://technet.microsoft.com/en-us/library/security/ms15-020.aspx + +(Originally on Twitter: [Wed Mar 11 05:46:54 +0000 2015](https://twitter.com/adulau/status/575533335163846656)) +---- +Sometime you have to disable @noscript but it should only be for http://errozero.co.uk/acid-machine/ #tb303 + +(Originally on Twitter: [Thu Mar 12 19:30:00 +0000 2015](https://twitter.com/adulau/status/576102863648210944)) +---- +Wondering what I will submit to 4GHCON http://www.4gh-con.org/ Choosing is difficult... #4GHCON + +(Originally on Twitter: [Fri Mar 13 19:11:31 +0000 2015](https://twitter.com/adulau/status/576460600383012865)) +---- +@90n Good idea, this is very tempting ;-) + +(Originally on Twitter: [Fri Mar 13 19:30:21 +0000 2015](https://twitter.com/adulau/status/576465337266401280)) +---- +RT @halvarflake: Just a general note: Given the rather deadly economics of the RE tools market, I find the development of ANY free & open R… + +(Originally on Twitter: [Fri Mar 13 21:12:47 +0000 2015](https://twitter.com/adulau/status/576491114888372224)) +---- +RT @cbrocas: Post-it : 15 days to submit nice ideas of talks/workshops at the @rmll2015 Security track CFP : http://t.co/NiAXtrD1K6 #rmll20… + +(Originally on Twitter: [Sun Mar 15 19:15:20 +0000 2015](https://twitter.com/adulau/status/577186336085528576)) +---- +Again TCP reassembly is seen as a solved engineering problem by academia... just because it's not hype and too difficult. + +(Originally on Twitter: [Sun Mar 15 19:32:54 +0000 2015](https://twitter.com/adulau/status/577190755577516032)) +---- +I'm still wondering how they deal with false-positives within #XKEYSCORE https://www.documentcloud.org/documents/1687163-si-decrypt.html + +(Originally on Twitter: [Mon Mar 16 07:47:28 +0000 2015](https://twitter.com/adulau/status/577375615805960192)) +---- +After "my recommendations for malware authors" talk, I'll do "Vulnerable Devices on Internet - An Opportunity For Covert Operations" + +(Originally on Twitter: [Mon Mar 16 19:39:57 +0000 2015](https://twitter.com/adulau/status/577554917612773378)) +---- +@Cryptomeorg Corrected link http://arxiv.org/pdf/1503.03940v1.pdf + +(Originally on Twitter: [Mon Mar 16 19:51:54 +0000 2015](https://twitter.com/adulau/status/577557927025893376)) +---- +RT @pidgeyL: #CVEScan https://github.com/NorthernSec/CVE-Scan now using #CVESearch API. Update required if you're using recent #CVESearch +https://t.co/4N6S… + +(Originally on Twitter: [Tue Mar 17 09:05:01 +0000 2015](https://twitter.com/adulau/status/577757519373795328)) +---- +There will be very soon a publicly accessible version of the #CVESearch API on Internet... @pidgeyL @wimremes + +(Originally on Twitter: [Tue Mar 17 09:16:25 +0000 2015](https://twitter.com/adulau/status/577760388835643392)) +---- +RT @pidgeyL: @adulau @wimremes That would be great, then users of #CVEScan don't need to have #CVESearch installed locally. + +(Originally on Twitter: [Tue Mar 17 09:57:40 +0000 2015](https://twitter.com/adulau/status/577770770732085248)) +---- +"Britain needs independent scrutiny of intelligence, says former head of MI6" or how to task NGO groups easily... http://www.theguardian.com/uk-news/2015/mar/17/britain-needs-independent-scrutiny-of-intelligence-says-former-head-of-mi6 + +(Originally on Twitter: [Tue Mar 17 21:45:07 +0000 2015](https://twitter.com/adulau/status/577948804684521472)) +---- +RT @circl_lu: WebKit, as used in Apple Safari, allows remote attackers to execute arbitrary code https://support.apple.com/en-us/HT204560 http://t.co/YZUnG… + +(Originally on Twitter: [Thu Mar 19 07:12:55 +0000 2015](https://twitter.com/adulau/status/578454085495451648)) +---- +RT @zer0mem: Do you think ttf bugs are gone with win10? @promised_lu doesn't think so,I agree @K33nTeam @thezdi #ttf#win10#pwn2own http://t… + +(Originally on Twitter: [Thu Mar 19 07:13:20 +0000 2015](https://twitter.com/adulau/status/578454190420180992)) +---- +RT @cryptoron: België zit Russisch spionnenkoppel op de hielen http://www.mo.be/nieuws/belgi-zit-russisch-spionnenkoppel-op-de-hielen via @mondiaalnieuws + +(Originally on Twitter: [Thu Mar 19 10:53:21 +0000 2015](https://twitter.com/adulau/status/578509557649010688)) +---- +RT @ClausHoumann: both me and @Reversity advertising for @hack_lu at @WEareTROOPERS :) ![](media/578537916869271552-CAXWyHKUYAA2qGV.jpg) + +(Originally on Twitter: [Thu Mar 19 12:46:02 +0000 2015](https://twitter.com/adulau/status/578537916869271552)) +---- +@claude_kyvra Oui un petit markdown/ascii avec les explications dans le repository git. + +(Originally on Twitter: [Thu Mar 19 14:20:49 +0000 2015](https://twitter.com/adulau/status/578561768882057217)) +---- +Reading "Can We Trust the Libraries We Use?" remind me of recent discussions with @___wr___ about TIFF CCITT http://bytes.com/topic/c/insights/961541-can-we-trust-libraries-we-use + +(Originally on Twitter: [Thu Mar 19 20:06:26 +0000 2015](https://twitter.com/adulau/status/578648746029899776)) +---- +RT @sergeybratus: My comments http://www.cs.dartmouth.edu/~sergey/wassenaar/letter-to-mep-marietje-schaake-re-exploit-regulation.pdf to @MarietjeSchaake re http://www.marietjeschaake.eu/2015/02/call-for-input-on-report-human-rights-and-technologies/ "policies to regulate the sales of zero… + +(Originally on Twitter: [Thu Mar 19 21:52:30 +0000 2015](https://twitter.com/adulau/status/578675436831535105)) +---- +RT @blackswanburst: I will be speaking @FIRSTdotOrg conference in Berlin x 2. With co-presenters I respect and admire @MarieGMoe and @adula… + +(Originally on Twitter: [Fri Mar 20 17:15:10 +0000 2015](https://twitter.com/adulau/status/578968031495352320)) +---- +RT @MarieGMoe: @blackswanburst @FIRSTdotOrg @adulau @Risk_Cambridge Very much looking forward to it! @NorCERT @SINTEF_Infosec + +(Originally on Twitter: [Fri Mar 20 17:15:37 +0000 2015](https://twitter.com/adulau/status/578968147937636353)) +---- +To continue the work of Giovanni Troilo especially regarding the #wallifornie https://www.flickr.com/photos/adulau/16879431601/ how they welcome people in #Belgium + +(Originally on Twitter: [Sat Mar 21 10:22:03 +0000 2015](https://twitter.com/adulau/status/579226456804487168)) +---- +@___wr___ I suppose they make a preconditioned assertion that i is always 0... + +(Originally on Twitter: [Sun Mar 22 10:48:24 +0000 2015](https://twitter.com/adulau/status/579595477332660224)) +---- +RT @headhntr: Ever wanted to attend @citizenlab's conference? Submit your research on security and human rights now! http://citizenlab.org/summerinstitute/2015.html… + +(Originally on Twitter: [Sun Mar 22 17:48:14 +0000 2015](https://twitter.com/adulau/status/579701131053527040)) +---- +@Reversity Go to the dentist and ask for an X-RAY. Not for your teeth but for your expensive toy. Check the layers and ask for diff. power. + +(Originally on Twitter: [Sun Mar 22 17:51:03 +0000 2015](https://twitter.com/adulau/status/579701837474996224)) +---- +@Reversity I knew that you were a dentist in a previous life. + +(Originally on Twitter: [Sun Mar 22 17:57:33 +0000 2015](https://twitter.com/adulau/status/579703474608349184)) +---- +RT @circl_lu: https://cve.circl.lu/ updated and includes a new HTTP API to search and query for security vulnerabilities https://t.co/eS5… + +(Originally on Twitter: [Mon Mar 23 14:01:03 +0000 2015](https://twitter.com/adulau/status/580006344217866241)) +---- +RT @cbrocas: @olesovhcom e. le helpdesk utilise CIRCLean pour extraire de manière sécurisée les fichiers de la clé - http://circl.lu/projects/CIRCLean/… + +(Originally on Twitter: [Mon Mar 23 14:02:09 +0000 2015](https://twitter.com/adulau/status/580006624145731584)) +---- +"Scripts to analyze the PGP key server data" https://github.com/hannob/pgpecosystem/ + +(Originally on Twitter: [Mon Mar 23 19:14:10 +0000 2015](https://twitter.com/adulau/status/580085144570208256)) +---- +Don't forget to submit your presentation about your free software security tool to the LSM/RMLL 2015 security track @rmll2015 @cbrocas + +(Originally on Twitter: [Mon Mar 23 19:27:36 +0000 2015](https://twitter.com/adulau/status/580088522733940736)) +---- +RT @rafi0t: Everything is going well with #TextSecure data to a iPhone: the data SMS has been send 15min ago and still not arrived. SMS did… + +(Originally on Twitter: [Mon Mar 23 19:30:26 +0000 2015](https://twitter.com/adulau/status/580089237875384320)) +---- +@Tris_Acatrinei L'interception c'est un business et un moyen d'injecter du financement publique dans l'économie. + +(Originally on Twitter: [Mon Mar 23 19:59:55 +0000 2015](https://twitter.com/adulau/status/580096657267802112)) +---- +@BrianHonan One of my favorite book. I hope that you got the DRM-free version of the book. If not, it's kind of paradox. @quentynblog + +(Originally on Twitter: [Mon Mar 23 21:20:15 +0000 2015](https://twitter.com/adulau/status/580116873880080384)) +---- +@DidierStevens We all enjoy your great tools. We were wondering why you don't use git/GitHub? It would be a nice opportunity for all of us. + +(Originally on Twitter: [Mon Mar 23 21:26:16 +0000 2015](https://twitter.com/adulau/status/580118389546311682)) +---- +@quentynblog @BrianHonan The new way to burn books is to add DRM locks. It's eco-friendly but it kills book sharing... + +(Originally on Twitter: [Mon Mar 23 21:35:54 +0000 2015](https://twitter.com/adulau/status/580120811815612416)) +---- +@DidierStevens I understand no worries. We wonder about it while discussing to integrate pdfid to urlabuse (and the future mailabuse). + +(Originally on Twitter: [Mon Mar 23 21:36:01 +0000 2015](https://twitter.com/adulau/status/580120842459213824)) +---- +RT @circl_lu: Google became aware of unauthorized digital certificates for several Google domains issued by MCS Holdings. http://t.co/gyuHS… + +(Originally on Twitter: [Tue Mar 24 07:21:56 +0000 2015](https://twitter.com/adulau/status/580268293920960512)) +---- +A Simple Elasticsearch Honeypot written in @golang https://github.com/jordan-wright/elastichoney cc @ProjectHoneynet + +(Originally on Twitter: [Tue Mar 24 19:59:06 +0000 2015](https://twitter.com/adulau/status/580458839880933376)) +---- +Funny to see Mr. Barbier (ex DGSE) being surprised about NSA/FVEY interception program because DGSE signed the Lustre agreement with them... + +(Originally on Twitter: [Tue Mar 24 21:02:35 +0000 2015](https://twitter.com/adulau/status/580474815179563009)) +---- +RT @cudeso: How to share malware with a security team? http://www.vanimpe.eu/2015/03/26/how-to-share-malware-with-a-security-team/ + +(Originally on Twitter: [Thu Mar 26 10:13:52 +0000 2015](https://twitter.com/adulau/status/581036337395957760)) +---- +RT @circl_lu: JBoss RichFaces allows remote attackers to inject expression language expressions and execute arbitrary Java code https://t.c… + +(Originally on Twitter: [Fri Mar 27 11:22:16 +0000 2015](https://twitter.com/adulau/status/581415940165750784)) +---- +RT @rafi0t: Wow, #SnoopSnitch went crazy near the European Parliament and raised 6 IMSI catcher event. Anyone else around to crosscheck? + +(Originally on Twitter: [Sat Mar 28 09:05:53 +0000 2015](https://twitter.com/adulau/status/581744003520987137)) +---- +Why everyone is recently searching for vulnerabilities on BlueCoat products? https://cve.circl.lu/browse/bluecoat Maybe the only effect of media madness. + +(Originally on Twitter: [Sat Mar 28 09:24:50 +0000 2015](https://twitter.com/adulau/status/581748773602246656)) +---- +Malware Techniques: Code Streaming http://www.codereversing.com/blog/archives/194 + +(Originally on Twitter: [Sat Mar 28 09:41:00 +0000 2015](https://twitter.com/adulau/status/581752843486412800)) +---- +A very interesting idea from @shrekts to use OSM datasets to verify street names, country location in whois records. + +(Originally on Twitter: [Sat Mar 28 15:32:37 +0000 2015](https://twitter.com/adulau/status/581841327958130688)) +---- +Another perspective of @alexanderjaeger https://www.flickr.com/photos/adulau/16937679046/ during a short but interesting photo-walk #photography + +(Originally on Twitter: [Sun Mar 29 08:01:35 +0000 2015](https://twitter.com/adulau/status/582090208470020096)) +---- +@iMilnb Interesting to see they use Drupal with locking on the SQL db for a read-only service... complexity & software, the old friends + +(Originally on Twitter: [Sun Mar 29 08:10:57 +0000 2015](https://twitter.com/adulau/status/582092569355657216)) +---- +@bortzmeyer FreeBSD bénéficie aussi des gens qui essayent des nouvelles choses comme pour PF (OpenBSD). Réécrire du code n'est pas mauvais. + +(Originally on Twitter: [Sun Mar 29 08:19:58 +0000 2015](https://twitter.com/adulau/status/582094837928861696)) +---- +@thegrugq Journalist should dig in the Snowden stack for the slides formatted with latex-beamer. We might miss the good ones... @kyrah + +(Originally on Twitter: [Sun Mar 29 14:12:00 +0000 2015](https://twitter.com/adulau/status/582183427929194496)) +---- +@pbeyssac Une petite note. Bloquer pour un service de renseignement est contre productif car cela donne des indications sur les cibles... + +(Originally on Twitter: [Sun Mar 29 14:27:48 +0000 2015](https://twitter.com/adulau/status/582187403940651008)) +---- +@pbeyssac Donc c'est cohérent... le blocage n'est pas une demande des services mais juste une démarche politique médiatique. + +(Originally on Twitter: [Sun Mar 29 14:42:01 +0000 2015](https://twitter.com/adulau/status/582190984429244416)) +---- +@noktec It's a good news to see a spider... especially for a known to be pesticide-intensive culture. @TheCooperative + +(Originally on Twitter: [Sun Mar 29 15:37:34 +0000 2015](https://twitter.com/adulau/status/582204961234268160)) +---- +@noktec The probability to be a phoneutria and especially a phoneutria fera is quite low. The risk is somewhere else ;-) @TheCooperative + +(Originally on Twitter: [Sun Mar 29 15:53:35 +0000 2015](https://twitter.com/adulau/status/582208993944330241)) +---- +I'm searching for the "Bindex 2.0" paper or presentation done at VB2011 https://www.virusbtn.com/conference/vb2011/abstracts/Ebringer.xml Anyone could share a copy? @virusbtn + +(Originally on Twitter: [Sun Mar 29 20:50:44 +0000 2015](https://twitter.com/adulau/status/582283773875773441)) +---- +MongoDB before 2.4.13 and 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string http://cve.circl.lu/cve/CVE-2015-1609 + +(Originally on Twitter: [Mon Mar 30 19:41:32 +0000 2015](https://twitter.com/adulau/status/582628746085158912)) +---- +Everyday, it's just another novel from Philip K. Dick. + +(Originally on Twitter: [Mon Mar 30 19:58:35 +0000 2015](https://twitter.com/adulau/status/582633039009865728)) +---- +@lojikil More the second proposal... + +(Originally on Twitter: [Tue Mar 31 04:44:56 +0000 2015](https://twitter.com/adulau/status/582765495557951488)) +---- +RT @pinkflawd: So very excited to be presenting at this year's VirusBulletin conference in October on 'The elephant in the room' https://t.… + +(Originally on Twitter: [Tue Mar 31 12:23:57 +0000 2015](https://twitter.com/adulau/status/582881013707182080)) +---- +@brabram En Belgique, les tentatives d'historique législatif avec le moniteur belge furent des échecs notables... + +(Originally on Twitter: [Tue Mar 31 20:55:55 +0000 2015](https://twitter.com/adulau/status/583009851971747841)) +---- +While commuting in the train, I did a minimal html indexer in Python because I couldn't find something simple. https://github.com/adulau/minimal-webindexer + +(Originally on Twitter: [Tue Mar 31 21:03:28 +0000 2015](https://twitter.com/adulau/status/583011751823736832)) +---- +@brabram Oui. J'ai l'impression que le rôle de De Boeck en tant qu'éditeur monopolistique n'aide pas sur l'ouverture de la législation. + +(Originally on Twitter: [Tue Mar 31 21:16:10 +0000 2015](https://twitter.com/adulau/status/583014948936134657)) +---- +RT @brabram: @adulau des contacts indirect que j'en ai eu, il y a beaucoup plus de chances que ce soit lié à un mélange d'ignorance et d'in… + +(Originally on Twitter: [Tue Mar 31 21:23:00 +0000 2015](https://twitter.com/adulau/status/583016669297008640)) +---- +@radareorg I suppose you mean Liège for the beer not Bruxelles... @bartblaze + +(Originally on Twitter: [Wed Apr 01 12:17:47 +0000 2015](https://twitter.com/adulau/status/583241847708876801)) +---- +Why people sign a contract in the first place when they know in advance that they won't follow it. It's bureaucracy to kill your partner. + +(Originally on Twitter: [Wed Apr 01 20:22:48 +0000 2015](https://twitter.com/adulau/status/583363905898094592)) +---- +RT @OISFoundation: VOTE NOW! The election for @OISFoundation board of directors is now LIVE! Vote at https://www.surveymonkey.com/s/OISFBoardElections + +(Originally on Twitter: [Wed Apr 01 20:38:21 +0000 2015](https://twitter.com/adulau/status/583367818974011392)) +---- +@Tris_Acatrinei C'est aussi un moyen de financer une industrie... + +(Originally on Twitter: [Wed Apr 01 20:39:14 +0000 2015](https://twitter.com/adulau/status/583368041607630848)) +---- +Open Information Security Foundation is conducting its annual online elections, I'm one of the candidate. https://www.surveymonkey.com/s/OISFBoardElections + +(Originally on Twitter: [Wed Apr 01 20:44:56 +0000 2015](https://twitter.com/adulau/status/583369476437110784)) +---- +RT @shodanhq: Rsync (port 873) added to Shodan: http://buff.ly/1F7c5r4 ![](media/583696894938980352-CBmogI4W4AIenV0.png) + +(Originally on Twitter: [Thu Apr 02 18:25:58 +0000 2015](https://twitter.com/adulau/status/583696894938980352)) +---- +@martinvars Americans being CEO talking about Europeans and especially ecology are just plain wrong. + +(Originally on Twitter: [Sun Apr 05 17:26:18 +0000 2015](https://twitter.com/adulau/status/584769039001456640)) +---- +RT @OwariDa: Tor exit nodes sending connections through other hosts. Some of them probably not with the best of intentions... http://t.co/5… + +(Originally on Twitter: [Sun Apr 05 17:54:29 +0000 2015](https://twitter.com/adulau/status/584776133981241345)) +---- +RT @Dymaxion: If you liked Textsecure because you wanted encrypted SMS, not another chat application, http://smssecure.org is your soluti… + +(Originally on Twitter: [Sun Apr 05 17:54:53 +0000 2015](https://twitter.com/adulau/status/584776235588325376)) +---- +RT @jcfrog: Projet de loi sur le renseignement, Gandi se mobilise. - Le Bar de Gandi http://www.lebardegandi.net/post/2015/04/03/Projet-de-loi-sur-le-renseignement via @gandi_net + +(Originally on Twitter: [Sun Apr 05 18:57:08 +0000 2015](https://twitter.com/adulau/status/584791899510218752)) +---- +We had a lot of fun while a tourist in a natural reserve has confused a common crane with an emu.. #nature + +(Originally on Twitter: [Sun Apr 05 19:14:39 +0000 2015](https://twitter.com/adulau/status/584796306033385472)) +---- +War is over #photography #bunker https://www.flickr.com/photos/adulau/16869658698/ + +(Originally on Twitter: [Mon Apr 06 18:23:33 +0000 2015](https://twitter.com/adulau/status/585145834599219200)) +---- +RT @Cryptoki: By April 15, #SSL CAs need to explain in their CPS their use of RFC 6844 Certification Authority Authorization (CAA) per Base… + +(Originally on Twitter: [Mon Apr 06 18:57:36 +0000 2015](https://twitter.com/adulau/status/585154404195692544)) +---- +@MalwareMustDie Thanks for sharing. Have you check the commands? to see if they match previous version analyzed? https://www.circl.lu/pub/tr-23/ + +(Originally on Twitter: [Mon Apr 06 19:17:43 +0000 2015](https://twitter.com/adulau/status/585159466003345408)) +---- +This ISP based in HK still does a lot of SSH scanning/abuse and they recently changed their description to a comma... +http://bgpranking.circl.lu/asn_details?date=;source=;asn=63854 + +(Originally on Twitter: [Wed Apr 08 09:02:38 +0000 2015](https://twitter.com/adulau/status/585729451272445953)) +---- +RT @electrospaces: NEW: Torus: the antenna to significantly increase satellite interception: http://electrospaces.blogspot.com/2015/04/torus-antenna-to-significantly-increase.html + +(Originally on Twitter: [Wed Apr 08 20:27:24 +0000 2015](https://twitter.com/adulau/status/585901778077638658)) +---- +RT @pbeyssac: Je ne comprends pas comment il peut y avoir encore du terrorisme, la dernière loi sécuritaire était quasi-neuve. + +(Originally on Twitter: [Thu Apr 09 15:15:07 +0000 2015](https://twitter.com/adulau/status/586185577684279298)) +---- +Complaining is too easy in #infosec compared to network and system log analysis. + +(Originally on Twitter: [Thu Apr 09 15:29:15 +0000 2015](https://twitter.com/adulau/status/586189136467398656)) +---- +@plicplic @lesoir If you use the term "cyberwar", it's basically transforming civilian infrastructures into a playground for armies and IC. + +(Originally on Twitter: [Fri Apr 10 04:48:10 +0000 2015](https://twitter.com/adulau/status/586390190156947456)) +---- +Extracting the Private Key from a TREZOR ... with a 70$ Oscilloscope + http://johoe.mooo.com/trezor-power-analysis/ + +(Originally on Twitter: [Fri Apr 10 09:06:10 +0000 2015](https://twitter.com/adulau/status/586455117840252929)) +---- +Vulnerability in Boosted Boards skateboards allows physically proximate attackers to modify skateboard movement https://cve.circl.lu/cve/CVE-2015-2247 #fun + +(Originally on Twitter: [Fri Apr 10 21:23:14 +0000 2015](https://twitter.com/adulau/status/586640604974546944)) +---- +@reesmarc Cela semble être un beau spécimen de bombus magnus. + +(Originally on Twitter: [Sat Apr 11 11:50:00 +0000 2015](https://twitter.com/adulau/status/586858736569946113)) +---- +RT @ovh_fr: Le gouvernement veut-il contraindre les hébergeurs Internet à l'exil ? Lettre à @manuelvalls http://www.ovh.com/fr/news/articles/a1743.le-gouvernement-veut-il-contraindre-les-hebergeurs-internet-a-l-exil #PJLRenseig… + +(Originally on Twitter: [Sat Apr 11 11:56:21 +0000 2015](https://twitter.com/adulau/status/586860331420536832)) +---- +RT @aloria: "Do you have time for a quick call to..." No. And an hour conference call is not "quick." Send me the demo or GTFO. + +(Originally on Twitter: [Sun Apr 12 17:12:14 +0000 2015](https://twitter.com/adulau/status/587302215393607680)) +---- +RT @ClausHoumann: And when you do, vote for @adulau and @kramse !! ;) https://twitter.com/inliniac/status/587560796223307776 + +(Originally on Twitter: [Mon Apr 13 12:05:46 +0000 2015](https://twitter.com/adulau/status/587587478586023936)) +---- +@Tris_Acatrinei Je sens que l'on peut y arriver... https://medium.com/@adulau/eavesdropping-of-internet-what-can-we-do-a-revolution-eea128134584 cc - @rafi0t + +(Originally on Twitter: [Mon Apr 13 14:47:36 +0000 2015](https://twitter.com/adulau/status/587628206359846913)) +---- +@leashless It's just the beginning of a long series of failure. Ensuring diversity of systems, it's how to ensure stability on the long run. + +(Originally on Twitter: [Mon Apr 13 18:21:31 +0000 2015](https://twitter.com/adulau/status/587682039614177280)) +---- +A small reminder to people complaining about people trying to do better infosec tools, you should also try before ranting... + +(Originally on Twitter: [Mon Apr 13 20:58:29 +0000 2015](https://twitter.com/adulau/status/587721541774749697)) +---- +RT @circl_lu: Microsoft Windows NTLM automatically authenticates via SMB when following a file:// URL http://www.kb.cert.org/vuls/id/672268 + +(Originally on Twitter: [Mon Apr 13 21:01:13 +0000 2015](https://twitter.com/adulau/status/587722231142162432)) +---- +@lojikil Indeed, so true. + +(Originally on Twitter: [Mon Apr 13 21:03:15 +0000 2015](https://twitter.com/adulau/status/587722740284522496)) +---- +@alexanderjaeger Indeed but an over-experienced "ranting contributor" will say that "I won't open an issue on an already broken system"... + +(Originally on Twitter: [Mon Apr 13 21:07:53 +0000 2015](https://twitter.com/adulau/status/587723909119606784)) +---- +You should revoke 40 74 47 93 F5 5F 43 50 CB 4D 2F 03 07 95 E6 7F issued by your CA "thawte SHA256 Code Signing CA" @ThawteSupport + +(Originally on Twitter: [Tue Apr 14 09:31:32 +0000 2015](https://twitter.com/adulau/status/587911054727888896)) +---- +RT @dartalis: CIRCLean - USB key sanitizer #CIRCL #Luxembourg #Security https://www.circl.lu/projects/CIRCLean/ + +(Originally on Twitter: [Tue Apr 14 09:35:56 +0000 2015](https://twitter.com/adulau/status/587912159020986369)) +---- +@ThawteSupport Notification sent to your TS manager. Thank you. + +(Originally on Twitter: [Tue Apr 14 13:23:53 +0000 2015](https://twitter.com/adulau/status/587969523485016064)) +---- +@ClausHoumann I'm curious too. If you could get at least a formula and a paper, you might be eligible for a second USB cleaner @joshcorman + +(Originally on Twitter: [Tue Apr 14 13:54:09 +0000 2015](https://twitter.com/adulau/status/587977140630499329)) +---- +@ClausHoumann So you met the boss! + +(Originally on Twitter: [Tue Apr 14 20:50:39 +0000 2015](https://twitter.com/adulau/status/588081958976118785)) +---- +Could @virusbtn share the bindex presentation/paper of Tim Ebringer at VB2011? cc @martijn_grooten Thank you + +(Originally on Twitter: [Wed Apr 15 11:59:06 +0000 2015](https://twitter.com/adulau/status/588310579015770112)) +---- +@martijn_grooten Thanks a lot. This is really appreciated. We will see if this is possible to make an implementation. + +(Originally on Twitter: [Wed Apr 15 12:26:15 +0000 2015](https://twitter.com/adulau/status/588317408940666880)) +---- +RT @circl_lu: Vulnerability in IIS HTTP.sys Could Allow Remote Code Execution - MS15-034 https://cve.circl.lu/cve/CVE-2015-1635 + +(Originally on Twitter: [Wed Apr 15 17:43:37 +0000 2015](https://twitter.com/adulau/status/588397278584537091)) +---- +@gchampeau Pour les IMSI-catcher, ce sont toujours des FP. Je n'ai jamais vu une confirmation (TP) des opérateurs d'IMSI-catcher. @_GaLaK_ + +(Originally on Twitter: [Thu Apr 16 14:57:38 +0000 2015](https://twitter.com/adulau/status/588717893279289344)) +---- +RT @Regiteric: Detecting complex multi flow attacks with #suricata is now possible: https://twitter.com/inliniac/status/588624391912620032 + +(Originally on Twitter: [Thu Apr 16 19:05:39 +0000 2015](https://twitter.com/adulau/status/588780307656114176)) +---- +RT @OISFoundation: Call for Papers and Speakers! The @OISFoundation / @Suricata_IDS User Conference in Barcelona - info visit http://t.co… + +(Originally on Twitter: [Thu Apr 16 19:14:45 +0000 2015](https://twitter.com/adulau/status/588782598190686209)) +---- +For the curious, here is the 5 brave deputies who voted against the black-box interception law in France... http://www.numerama.com/magazine/32817-boites-noires-les-5-deputes-qui-ont-vote-contre.html + +(Originally on Twitter: [Thu Apr 16 19:28:39 +0000 2015](https://twitter.com/adulau/status/588786097561477120)) +---- +@ClausHoumann @Aristot73 5 smart people and able to work collectively ;-) @rafi0t @FrodeHommedal + +(Originally on Twitter: [Thu Apr 16 19:32:32 +0000 2015](https://twitter.com/adulau/status/588787073227816962)) +---- +RT @FrodeHommedal: @Aristot73 off the top of my head I'd say 70/30. But the 30 is -really- important. cc @adulau + +(Originally on Twitter: [Fri Apr 17 05:15:58 +0000 2015](https://twitter.com/adulau/status/588933898932985856)) +---- +RT @inliniac: #FF @OISFoundation just elected board: @adulau @PacketChaser @ckreibich @amarrathore plus some ppl I couldn't find on the twi… + +(Originally on Twitter: [Sun Apr 19 13:53:31 +0000 2015](https://twitter.com/adulau/status/589788922454134784)) +---- +RT @DahuCon: thanks to everyone, that was a memorable weekend ![](media/589822442308300800-CC9CqUUWAAAzy6F.jpg) + +(Originally on Twitter: [Sun Apr 19 16:06:43 +0000 2015](https://twitter.com/adulau/status/589822442308300800)) +---- +@DahuCon A big thumbs up for the organization and the great atmosphere. And thanks to the incredible & active art designer at the event ;-) + +(Originally on Twitter: [Sun Apr 19 16:11:02 +0000 2015](https://twitter.com/adulau/status/589823528029003777)) +---- +How can you publicly and review security of ISO/IEC standards when they cannot be shared? It's like commenting source code without it... + +(Originally on Twitter: [Sun Apr 19 16:57:45 +0000 2015](https://twitter.com/adulau/status/589835287464955904)) +---- +@kerouanton Nice to see @hack_lu and @Suricata_IDS tee-shirts spreading among others. + +(Originally on Twitter: [Sun Apr 19 17:00:13 +0000 2015](https://twitter.com/adulau/status/589835908972707840)) +---- +RT @hack_lu: hack.lu 2015 Call for Papers will be open in the next days... #hacklu #hack_lu + +(Originally on Twitter: [Sun Apr 19 17:04:09 +0000 2015](https://twitter.com/adulau/status/589836898614534145)) +---- +@ClausHoumann Keynote speakers should learn from Dan Geer... + +(Originally on Twitter: [Sun Apr 19 18:02:02 +0000 2015](https://twitter.com/adulau/status/589851464614469632)) +---- +@ClausHoumann Dan Geer approach to keynote is really what I expect from a keynote speaker humility and hard thinking. http://geer.tinho.net/geer.blackhat.6viii14.txt + +(Originally on Twitter: [Sun Apr 19 18:06:31 +0000 2015](https://twitter.com/adulau/status/589852590923509762)) +---- +@ClausHoumann Is this really important? We are there to listen and maybe learn something. If we learn something, I won't ask for more ;-) + +(Originally on Twitter: [Sun Apr 19 18:10:04 +0000 2015](https://twitter.com/adulau/status/589853484889067520)) +---- +Updated my very old Perl package Net-Whois-RIS http://search.cpan.org/~adulau/Net-Whois-RIS-0.7/ following a bug report. Glad to see people still use it. + +(Originally on Twitter: [Sun Apr 19 21:05:48 +0000 2015](https://twitter.com/adulau/status/589897710041505794)) +---- +RT @Dinosn: VolDiff malware analysis script based on Volatility + https://github.com/houcem/VolDiff + +(Originally on Twitter: [Mon Apr 20 05:21:37 +0000 2015](https://twitter.com/adulau/status/590022487557218304)) +---- +@nst021 @DahuCon the middle one too. Especially when it was a bit grilled. Maybe that was the magic part of the huge knife ;-) + +(Originally on Twitter: [Mon Apr 20 16:22:59 +0000 2015](https://twitter.com/adulau/status/590188923587964928)) +---- +RT @circl_lu: Internet Security Marketing: Buyer Beware http://www.circleid.com/posts/20150420_internet_security_marketing_buyer_beware/ + +(Originally on Twitter: [Mon Apr 20 16:34:31 +0000 2015](https://twitter.com/adulau/status/590191828273537024)) +---- +@ClausHoumann @Dejan_Kosutic "For full functionality of this site it is necessary to enable JavaScript." Reading is a full functionality? + +(Originally on Twitter: [Tue Apr 21 08:50:01 +0000 2015](https://twitter.com/adulau/status/590437320521752576)) +---- +HiTB Challenge: Build an open-source probe for IRMA and win conference tickets... http://blog.quarkslab.com/irma-hitb-challenge.html @quarkslab + +(Originally on Twitter: [Wed Apr 22 12:41:18 +0000 2015](https://twitter.com/adulau/status/590857911502512128)) +---- +RT @rommelfs: Great! For once Antivirus was worth it and detected a threat! Well, at least 50%. Ransomware was stopped, at the same time Dr… + +(Originally on Twitter: [Wed Apr 22 14:28:49 +0000 2015](https://twitter.com/adulau/status/590884969213472769)) +---- +RT @DavidGlaude: I found this Software Patent memory from 2003 with @zoobab @adulau @BernardLang @fcouchet ans manu other: https://t.co/yoM… + +(Originally on Twitter: [Wed Apr 22 19:56:55 +0000 2015](https://twitter.com/adulau/status/590967537246019584)) +---- +RT @circl_lu: Python Client API to query any Passive DNS using Common Output Format updated including a local cache https://github.com/CIRCL/PyPDNS + +(Originally on Twitter: [Wed Apr 22 20:03:17 +0000 2015](https://twitter.com/adulau/status/590969141168832513)) +---- +Forensic Zero-Knowledge Event Reconstruction on Filesystem Metadata http://subs.emis.de/LNI/Proceedings/Proceedings228/331.pdf + +(Originally on Twitter: [Thu Apr 23 04:48:44 +0000 2015](https://twitter.com/adulau/status/591101374701641728)) +---- +"A New Covert Channel over Cellular Voice Channel in Smartphones" http://arxiv.org/abs/1504.05647 where is the source code to reproduce it? ;-) + +(Originally on Twitter: [Thu Apr 23 11:54:54 +0000 2015](https://twitter.com/adulau/status/591208622744588288)) +---- +Lolcat and GIF can be dangerous especially if you have IBM Domino software https://cve.circl.lu/cve/CVE-2015-0135 and thanks to bilou for finding it ;-) + +(Originally on Twitter: [Fri Apr 24 07:26:14 +0000 2015](https://twitter.com/adulau/status/591503397389402112)) +---- +We will miss you, Roger Hurwitz https://citizenlab.org/2015/04/we-will-miss-you-roger-hurwitz/ + +(Originally on Twitter: [Fri Apr 24 13:43:32 +0000 2015](https://twitter.com/adulau/status/591598350832566272)) +---- +@H_Miser N'oublie pas que CozyDuke veut dire Le Duc douillet ;-) + +(Originally on Twitter: [Fri Apr 24 14:03:28 +0000 2015](https://twitter.com/adulau/status/591603365798260737)) +---- +@H_Miser Le premier de la série était MiniDuke https://www.circl.lu/pub/tr-14/ ;-) + +(Originally on Twitter: [Fri Apr 24 14:05:18 +0000 2015](https://twitter.com/adulau/status/591603826093785088)) +---- +RT @circl_lu: . @circl_lu designed some security challenges for the @MorpheusCup we hope that the team will enjoy these. + +(Originally on Twitter: [Fri Apr 24 14:37:58 +0000 2015](https://twitter.com/adulau/status/591612046749241344)) +---- +@quinnnorton Ouch... take care. + +(Originally on Twitter: [Fri Apr 24 19:16:32 +0000 2015](https://twitter.com/adulau/status/591682152938471424)) +---- +RT @FrennVunDerEnn: Our nodes will only stay alive if we can collect enough funds. Help us! Consider making a small donation -> http://t.co… + +(Originally on Twitter: [Fri Apr 24 20:49:44 +0000 2015](https://twitter.com/adulau/status/591705604181401601)) +---- +If you can have only one album in your car, it should be @thomasazier a great artist to support our trips, our hopes and our dreams. + +(Originally on Twitter: [Fri Apr 24 20:53:41 +0000 2015](https://twitter.com/adulau/status/591706598449504256)) +---- +RT @hashcat: oclHashcat v1.36 with support for cracking Bitcoin/Litecoin wallets, 7zip and SIP and other stuff just released: https://t.co/… + +(Originally on Twitter: [Sun Apr 26 07:18:01 +0000 2015](https://twitter.com/adulau/status/592226106528428033)) +---- +@B51404EE Nope. Indeed CVE-2015-0179 https://cve.circl.lu/cve/CVE-2015-0179 is quite nice... IBM Notes is also full of opportunities. #hint @r00tbsd + +(Originally on Twitter: [Sun Apr 26 09:47:33 +0000 2015](https://twitter.com/adulau/status/592263736737402880)) +---- +RT @B51404EE: @adulau @r00tbsd http://reniknet.blogspot.fr/2015/01/la-cas-de-la-backdoor-incluse-dans.html?m=1 (in french but screenshots are explicit) + +(Originally on Twitter: [Sun Apr 26 10:00:01 +0000 2015](https://twitter.com/adulau/status/592266874638893056)) +---- +RT @acmac35: Great section from The Year Without Pants by @berkun ![](media/592811635024273408-CDoUtEYWoAM6mSP.jpg) + +(Originally on Twitter: [Mon Apr 27 22:04:42 +0000 2015](https://twitter.com/adulau/status/592811635024273408)) +---- +RT @circl_lu: Just published - TR-36 Example setup of WordPress with static export + https://www.circl.lu/pub/tr-36/ a pragmatic approach to limit s… + +(Originally on Twitter: [Tue Apr 28 15:07:53 +0000 2015](https://twitter.com/adulau/status/593069126576275456)) +---- +It's a bad evening when you need to attach a debugger to tcpdump while analysing a suspicious network capture who triggers the crash... + +(Originally on Twitter: [Tue Apr 28 19:35:41 +0000 2015](https://twitter.com/adulau/status/593136523954016259)) +---- +@aris_ada tshark was fine with it. It seems more related to my libpcap with PF_RING enabled. + +(Originally on Twitter: [Tue Apr 28 19:44:47 +0000 2015](https://twitter.com/adulau/status/593138814115282945)) +---- +@AndersLybecker Here is an example of secure WordPress setup to generate static content https://www.circl.lu/pub/tr-36/ @Rasmuschristens + +(Originally on Twitter: [Wed Apr 29 04:45:15 +0000 2015](https://twitter.com/adulau/status/593274824891445249)) +---- +Belgium is on a label of some VPN/Router endpoints of the NSA classified as TS/SCI - a data feed exchange? http://electrospaces.blogspot.com/2015/04/some-equipment-that-connects-nsa-with.html + +(Originally on Twitter: [Wed Apr 29 06:41:59 +0000 2015](https://twitter.com/adulau/status/593304200047513601)) +---- +@xme I remember an incident in 2011 where we worked on where a projector was used as TCP bouncer via their broken embedded FTP server. + +(Originally on Twitter: [Wed Apr 29 07:24:58 +0000 2015](https://twitter.com/adulau/status/593315019997126656)) +---- +@marnickv @bartblaze You are more than welcome to @hack_lu 2015. + +(Originally on Twitter: [Thu Apr 30 04:46:00 +0000 2015](https://twitter.com/adulau/status/593637403358851073)) +---- +I will be at @brucon 0x07 with @pidgeyL to present cve-search https://github.com/adulau/cve-search/ #CVE + +(Originally on Twitter: [Thu Apr 30 06:35:59 +0000 2015](https://twitter.com/adulau/status/593665081742913536)) +---- +@undeadsecurity In this case, you will need to maintain a specific branch... https://lists.debian.org/debian-devel-announce/2015/04/msg00005.html @brucon @pidgeyL + +(Originally on Twitter: [Thu Apr 30 07:05:08 +0000 2015](https://twitter.com/adulau/status/593672415110103040)) +---- +Did someone review the security of the modified CurveCP used by CurveZMQ ?http://curvezmq.org/page:read-the-docs + +(Originally on Twitter: [Thu Apr 30 08:15:59 +0000 2015](https://twitter.com/adulau/status/593690243833925632)) +---- +RT @nethemba: cve-search is a tool to import CVE and CPE into a MongoDB to facilitate search and processing of CVEs. +http://adulau.github.com/cve-search/ + +(Originally on Twitter: [Thu Apr 30 18:14:41 +0000 2015](https://twitter.com/adulau/status/593840914788950016)) +---- +@jpmens The best would be to have an @archiveorg project storing the raw git repositories from @GitHub and others. + +(Originally on Twitter: [Fri May 01 08:13:05 +0000 2015](https://twitter.com/adulau/status/594051903585148928)) +---- +RT @circl_lu: Measuring Security by Dan Geer http://geer.tinho.net/measuringsecurity.tutorial.pdf + +(Originally on Twitter: [Fri May 01 08:21:56 +0000 2015](https://twitter.com/adulau/status/594054130248916993)) +---- +RT @Botconf: #MayDay Have a look at the #Botconf 2015 CFP and propose your work and join a great conference next Dec in Paris https://t.co/… + +(Originally on Twitter: [Fri May 01 11:38:59 +0000 2015](https://twitter.com/adulau/status/594103721514160129)) +---- +Thanks to @SteveClement for lending me an audio recorder... https://soundcloud.com/adulau/belgian-train-loop one of the belgian train loop for my next photo project + +(Originally on Twitter: [Fri May 01 12:42:09 +0000 2015](https://twitter.com/adulau/status/594119617137778692)) +---- +RT @newsycombinator: Congressman with CS degree: Encryption back-doors are ‘technologically stupid’ http://www.washingtonpost.com/blogs/the-switch/wp/2015/04/30/congressman-with-computer-science-degree-encryption-back-doors-are-technologically-stupid/ + +(Originally on Twitter: [Fri May 01 13:08:41 +0000 2015](https://twitter.com/adulau/status/594126293920264193)) +---- +Very nice performance of Marc Melià at @LESARALUNAIRES https://www.flickr.com/photos/adulau/17127288737/ #electronicmusic #photo + +(Originally on Twitter: [Fri May 01 19:02:40 +0000 2015](https://twitter.com/adulau/status/594215376457756673)) +---- +RT @SteveClement: What is happening to @CasinoLuxemburg :D testing @Level2Lu #syndilights install +@syn2cat et al. ![](media/594227234493300738-CD8b8OfUgAE7CwV.jpg) + +(Originally on Twitter: [Fri May 01 19:49:47 +0000 2015](https://twitter.com/adulau/status/594227234493300738)) +---- +RT @syn2cat: #hack of the #night @Level2Lu ^^ by @GunstickULM. 64 #neopixels directly on rPi with special usb5v cable. http://t.co/IcsscvsN… + +(Originally on Twitter: [Sun May 03 09:30:41 +0000 2015](https://twitter.com/adulau/status/594796208369102849)) +---- +Nice exhibition about "graphie" at the art school of @Braine_l_Alleud https://www.flickr.com/photos/adulau/16733270873/ + +(Originally on Twitter: [Sun May 03 12:33:49 +0000 2015](https://twitter.com/adulau/status/594842296060923905)) +---- +RT @circl_lu: @martijn_grooten The nice thing with PAC files. It's JavaScript parsing and usually it's bypassing any of the JavaScript bloc… + +(Originally on Twitter: [Sun May 03 17:54:12 +0000 2015](https://twitter.com/adulau/status/594922924294963200)) +---- +@bartblaze 20-22 October 2015. More to come soon. @hack_lu @marnickv + +(Originally on Twitter: [Mon May 04 17:50:57 +0000 2015](https://twitter.com/adulau/status/595284490404155392)) +---- +Read the answer of the MVP about "Word documents (doc, docx) - can they get malware?" It's quite fun or depressing. http://answers.microsoft.com/en-us/office/forum/office_2010-word/word-documents-doc-docx-can-they-get-malware/8a92872b-4536-4c35-ab40-39856db11213 + +(Originally on Twitter: [Tue May 05 09:15:36 +0000 2015](https://twitter.com/adulau/status/595517186371751936)) +---- +RT @Ingumito: It has been a long time, too much, but we are back... with a new release! Meet Bokken 1.7 http://ingumadev.blogspot.de/2015/05/welcome-bokken-17.html + +(Originally on Twitter: [Tue May 05 17:54:54 +0000 2015](https://twitter.com/adulau/status/595647872454041600)) +---- +RT @FredericJacobs: French legislators passed a law requiring Internet services to be able to secretly provide a backdoor on demand. http:/… + +(Originally on Twitter: [Tue May 05 18:00:45 +0000 2015](https://twitter.com/adulau/status/595649347284512768)) +---- +RT @circl_lu: An interesting approach to data security breach notification as required in California http://oag.ca.gov/ecrime/databreach/list #privacy #datab… + +(Originally on Twitter: [Tue May 05 18:33:56 +0000 2015](https://twitter.com/adulau/status/595657695417540608)) +---- +It seems that the new @hack_lu 2015 logo drops some black boxes... ![](media/595684593086390273-CERL-v0WMAATYOj.png) + +(Originally on Twitter: [Tue May 05 20:20:48 +0000 2015](https://twitter.com/adulau/status/595684593086390273)) +---- +RT @hack_lu: @kamui_57 @adulau It's just our new logo for the @hack_lu 2015 edition... + +(Originally on Twitter: [Tue May 05 21:10:50 +0000 2015](https://twitter.com/adulau/status/595697180742184960)) +---- +@taziden @hack_lu Sure. We hope to see you there. As the CFP will open soon, you might want to submit a talk. + +(Originally on Twitter: [Tue May 05 21:14:40 +0000 2015](https://twitter.com/adulau/status/595698145251721218)) +---- +@AndersLybecker Have you checked the logs of your webserver? StaticPress can take sometime for the static build. @Rasmuschristens + +(Originally on Twitter: [Thu May 07 15:33:38 +0000 2015](https://twitter.com/adulau/status/596337098245869569)) +---- +RT @Suricata_IDS: #Suricata 2.0.8 is available! Fixes security issues, please upgrade. Notes: http://suricata-ids.org/2015/05/06/suricata-2-0-8-available/ Download: http://t.co/… + +(Originally on Twitter: [Thu May 07 16:59:05 +0000 2015](https://twitter.com/adulau/status/596358602144649216)) +---- +RT @circl_lu: CIRCLean - the USB cleaner will be presented at @rmll2015 July 2015 - https://t.co/mSphdiCWF2 - https://t.co/thMLyUUkCZ + +(Originally on Twitter: [Thu May 07 17:15:02 +0000 2015](https://twitter.com/adulau/status/596362617385455617)) +---- +@4nc4p We knew that @r00tbsd was a kind of poet. Maybe next time he will reference "Pedicabo ego vos et irrumabo" ;-) @bartblaze + +(Originally on Twitter: [Thu May 07 17:25:16 +0000 2015](https://twitter.com/adulau/status/596365191283023872)) +---- +RT @cudeso: Curious which Belgian civil servant accessed your personal data? Check it yourself! http://www.vanimpe.eu/2015/05/08/accessed-personal-data-belgium/ #fb + +(Originally on Twitter: [Fri May 08 08:27:16 +0000 2015](https://twitter.com/adulau/status/596592187992715264)) +---- +@cudeso @magento https://cve.circl.lu/cve/CVE-2015-1397 https://cve.circl.lu/cve/CVE-2015-1398 https://cve.circl.lu/cve/CVE-2015-1399 FYI + +(Originally on Twitter: [Fri May 08 08:28:57 +0000 2015](https://twitter.com/adulau/status/596592611009245184)) +---- +Not only in computer science, it's always a queuing issue... https://www.flickr.com/photos/adulau/17456390566/ #photography + +(Originally on Twitter: [Sun May 10 11:10:19 +0000 2015](https://twitter.com/adulau/status/597357996117782528)) +---- +RT @hashbreaker: Really hoping the video worked for this: "I am the man in the middle." http://cr.yp.to/talks/2015.05.08/slides-djb-20150508-a4.pdf http://cr.yp.to/talks.html#2015.05.08 http:… + +(Originally on Twitter: [Sun May 10 12:30:56 +0000 2015](https://twitter.com/adulau/status/597378286071762944)) +---- +RT @mik235: Marc Stevens released a new 76-step (out of 80) SHA-1 collision, and SIMD libdetectcoll https://marc-stevens.nl/research/ + +(Originally on Twitter: [Sun May 10 14:38:44 +0000 2015](https://twitter.com/adulau/status/597410448284250112)) +---- +Wondering if the police in Germany is using Tor for investigation... now we have an answer. http://annalist.noblogs.org/post/2015/05/10/tracking-fuer-anfaenger-am-beispiel-der-deutschen-polizei/#english + +(Originally on Twitter: [Sun May 10 14:53:30 +0000 2015](https://twitter.com/adulau/status/597414161648353280)) +---- +RT @rafi0t: There are a few jobs, when you say you aren't using Tor, it only means you are not a relevant professional. https://t.co/wUNNi… + +(Originally on Twitter: [Sun May 10 15:25:14 +0000 2015](https://twitter.com/adulau/status/597422149352222722)) +---- +RT @circl_lu: Vulnerability in Dnsmasq allows remote attackers to read process memory and cause DoS via a malformed DNS request. https://t… + +(Originally on Twitter: [Mon May 11 06:39:36 +0000 2015](https://twitter.com/adulau/status/597652257732067328)) +---- +Very nice work from @Medor_mag about electronic voting in Belgium. Maybe a reference to the bug 2003 in Schaerbeek would valuable too... + +(Originally on Twitter: [Tue May 12 08:51:42 +0000 2015](https://twitter.com/adulau/status/598047890691358720)) +---- +RT @botherder: I've been online for just 24 hours and @headhntr already puts me on full conspiring duty. + +(Originally on Twitter: [Tue May 12 19:02:12 +0000 2015](https://twitter.com/adulau/status/598201524288782336)) +---- +Wondering why listening to Daan "Swedish Designer Drugs" https://www.youtube.com/watch?v=Ko_QKDM3Syw triggers me to an improved reflux processes. + +(Originally on Twitter: [Tue May 12 19:14:58 +0000 2015](https://twitter.com/adulau/status/598204737696210944)) +---- +RT @QKaiser: Pour les intéressés, l'analyse technique du système Digivote est disponible ici: http://qkaiser.github.io/analysis/2015/05/12/how-not-to-build-an-evoting-system/ cc @Medor_mag + +(Originally on Twitter: [Wed May 13 03:33:02 +0000 2015](https://twitter.com/adulau/status/598330080851533824)) +---- +Support for X.509 certificate authentication merged in MISP https://github.com/MISP/MISP/pull/464 thanks to @Iglocska and @capile + +(Originally on Twitter: [Wed May 13 18:57:58 +0000 2015](https://twitter.com/adulau/status/598562850320289792)) +---- +RT @blackswanburst: @FIRSTdotOrg Passive Detection and Reconnaissance: A taster from our SSL analysis @adulau ![](media/598563789198512128-CE5flS5WYAAl1Ul.png) + +(Originally on Twitter: [Wed May 13 19:01:42 +0000 2015](https://twitter.com/adulau/status/598563789198512128)) +---- +ozwpan driver accepts network packets, parses them, and converts +them into various USB functionality... https://lkml.org/lkml/2015/5/13/739 + +(Originally on Twitter: [Wed May 13 19:47:38 +0000 2015](https://twitter.com/adulau/status/598575348918411264)) +---- +Everything is connected. If you work in the infosec field and you do photography. You are in deep shit. http://sputniknews.com/military/20150513/1022092257.html + +(Originally on Twitter: [Thu May 14 05:18:00 +0000 2015](https://twitter.com/adulau/status/598718884426940417)) +---- +RT @jifa: Please. Please make that a trending topic. http://analbleed.com + +(Originally on Twitter: [Thu May 14 08:53:02 +0000 2015](https://twitter.com/adulau/status/598772998175330306)) +---- +@jifa ROFL I especially enjoyed the "/home/jbieber/" @Reversity + +(Originally on Twitter: [Thu May 14 08:55:29 +0000 2015](https://twitter.com/adulau/status/598773617372045313)) +---- +RT @fluxfingers: We won an award for "most fun CTF" and the "best pwnable" (among others) http://golden-flags.com/ – Thank you for your votes… + +(Originally on Twitter: [Thu May 14 09:10:58 +0000 2015](https://twitter.com/adulau/status/598777510898315264)) +---- +Every second is the beginning of something https://www.flickr.com/photos/adulau/17450085919/ #photography #train @SNCB + +(Originally on Twitter: [Thu May 14 12:20:06 +0000 2015](https://twitter.com/adulau/status/598825110909427714)) +---- +RT @hack_lu: hack.lu 2015 call for papers is now open - we hope to see you soon. http://2015.hack.lu/blog/Call-for-Paper/ - http://2015.hack.lu/cfp/ @hack_lu #… + +(Originally on Twitter: [Thu May 14 14:51:31 +0000 2015](https://twitter.com/adulau/status/598863216677146624)) +---- +RT @rafi0t: Hey, people, the #CFP of #Hack_lu is now open: http://2015.hack.lu/blog/Call-for-Paper/ Send us your awesome ideas! #infosec + +(Originally on Twitter: [Thu May 14 14:58:51 +0000 2015](https://twitter.com/adulau/status/598865060409257985)) +---- +@ClausHoumann @hack_lu Nope. + +(Originally on Twitter: [Thu May 14 15:06:23 +0000 2015](https://twitter.com/adulau/status/598866955366473729)) +---- +@freddyb Cool! Is the CSS flexbox reference a hint? ;-) @hack_lu + +(Originally on Twitter: [Thu May 14 15:29:41 +0000 2015](https://twitter.com/adulau/status/598872821658427393)) +---- +@jpoissonnier Thank you for the feedback. It's fixed. @hack_lu + +(Originally on Twitter: [Thu May 14 15:30:29 +0000 2015](https://twitter.com/adulau/status/598873020137082880)) +---- +Is there someone using PyNaCl for production code? Especially for encrypting more than 100 messages per second. Just curious. + +(Originally on Twitter: [Fri May 15 19:37:00 +0000 2015](https://twitter.com/adulau/status/599297446041296896)) +---- +RT @martijn_grooten: RT @hack_lu hack.lu 2015 (20-22 October 2015) - call for papers is now open http://2015.hack.lu/cfp/ < Never been there … + +(Originally on Twitter: [Sat May 16 07:30:42 +0000 2015](https://twitter.com/adulau/status/599477055982608384)) +---- +RT @hack_lu: If you want to sponsor a security conference in the heart of Europe, feel free to contact us info(AT)hack(DOT)lu @hack_lu + +(Originally on Twitter: [Sat May 16 08:02:09 +0000 2015](https://twitter.com/adulau/status/599484971934420992)) +---- +RT @hack_lu: "I have never let my schooling interfere with my education." from Mark Twain is the mantra for @hack_lu 2015 and also the @flu… + +(Originally on Twitter: [Sat May 16 08:27:29 +0000 2015](https://twitter.com/adulau/status/599491347373019136)) +---- +@Vertige__ Oui mais c'était un lapsang souchong ou un wulong/oolong oxydé à plus de 50%? @falzm + +(Originally on Twitter: [Sat May 16 08:34:27 +0000 2015](https://twitter.com/adulau/status/599493098394247168)) +---- +"Inferring distributed reflection denial of service attacks from darknet" good overview and summary of DRDoS state http://www.researchgate.net/profile/Claude_Fachkha/publication/272412690_Inferring_Distributed_Reflection_Denial_of_Service_Attacks_from_Darknet/links/54e5f82b0cf277664ff1cd86.pdf + +(Originally on Twitter: [Sat May 16 08:41:04 +0000 2015](https://twitter.com/adulau/status/599494763914596353)) +---- +RT @mattblaze: I'm also very curious about what happened to the aircraft after the FBI found the tampered connectors at PHL. Was it grounde… + +(Originally on Twitter: [Sat May 16 08:51:07 +0000 2015](https://twitter.com/adulau/status/599497292979281920)) +---- +RT @brucon: and here's our 2015 line up : http://2015.brucon.org/index.php/Schedule + +(Originally on Twitter: [Sat May 16 09:00:00 +0000 2015](https://twitter.com/adulau/status/599499526924296192)) +---- +We are not far away... was the message on my mobile. Is it the right place? https://www.flickr.com/photos/adulau/17120637654/ #photography #urbex + +(Originally on Twitter: [Sat May 16 20:14:10 +0000 2015](https://twitter.com/adulau/status/599669186999255040)) +---- +Being an old fan of HoneyToken, I like the idea https://github.com/SMAPPER/MimikatzHoneyToken but the implementation can be difficult for some... + +(Originally on Twitter: [Sun May 17 15:33:10 +0000 2015](https://twitter.com/adulau/status/599960859167817729)) +---- +In 2005, it was emailing for requests of STM1 snooping but they probably improved the process in 2015... http://images.derstandard.at/2015/05/15/1118176490202996984081774.jpg + +(Originally on Twitter: [Sun May 17 16:29:37 +0000 2015](https://twitter.com/adulau/status/599975065871097857)) +---- +If I tell you SCA 95 crypto chipset, is it Libelle or Chiasmus by default? + +(Originally on Twitter: [Sun May 17 16:46:43 +0000 2015](https://twitter.com/adulau/status/599979368102928384)) +---- +@tileo_ Another persistence mechanism, you can also have a look at Microsoft Queue Services while setting Message.Recoverable to True. + +(Originally on Twitter: [Sun May 17 19:02:10 +0000 2015](https://twitter.com/adulau/status/600013456297893889)) +---- +Just posted a small blog post about Mirrors and Photography http://www.foo.be/photoblog/posts/mirrors-and-photography.html #photography + +(Originally on Twitter: [Sun May 17 20:34:31 +0000 2015](https://twitter.com/adulau/status/600036698588839936)) +---- +@ClausHoumann @martijn_grooten Mentioning the "deep web", it's like telling there is a bookshelf in the middle of an open space. So what? + +(Originally on Twitter: [Mon May 18 09:10:42 +0000 2015](https://twitter.com/adulau/status/600226995348180992)) +---- +TLSH - Trend Micro Locality Sensitive Hash https://github.com/trendmicro/tlsh fuzzy hash for similarity comparisons. + +(Originally on Twitter: [Mon May 18 12:10:00 +0000 2015](https://twitter.com/adulau/status/600272119759446019)) +---- +RT @blackswanburst: @ihtehtahen @denartha Yay! We got her to say something instead of just retweet! Also, you two should be submitting to @… + +(Originally on Twitter: [Mon May 18 12:11:08 +0000 2015](https://twitter.com/adulau/status/600272404124999680)) +---- +People who think that there will be less surveillance because of new laws, they are just dreaming. + +(Originally on Twitter: [Mon May 18 20:20:49 +0000 2015](https://twitter.com/adulau/status/600395637297946625)) +---- +RT @alcyonsecurity: Now that's reassuring: ![](media/600402667911946241-CFUO6vPWAAA14Sp.png) + +(Originally on Twitter: [Mon May 18 20:48:45 +0000 2015](https://twitter.com/adulau/status/600402667911946241)) +---- +RT @meyny: Security challenges designed by CIRCL for the Morpheus Cup on May 19th https://www.circl.lu/pub/press/20150430/ @ICTSpring @circl_lu @MorpheusCup + +(Originally on Twitter: [Tue May 19 04:38:14 +0000 2015](https://twitter.com/adulau/status/600520814832803840)) +---- +RT @circl_lu: For the @MorpheusCup participants of security forensic/coding challenge, if you have questions, feel free to come at our boot… + +(Originally on Twitter: [Tue May 19 12:11:23 +0000 2015](https://twitter.com/adulau/status/600634853697028097)) +---- +@Dusterherz Ce sont des challenges sécurité et pour les résoudre, il y a de la programmation et du reversing. + +(Originally on Twitter: [Tue May 19 12:34:19 +0000 2015](https://twitter.com/adulau/status/600640625986248704)) +---- +@Dusterherz En effet, je comprends et je crois que la dénomination "coding", sur le site principal, n'était pas la plus judicieuse. + +(Originally on Twitter: [Tue May 19 15:09:18 +0000 2015](https://twitter.com/adulau/status/600679630052270080)) +---- +RT @circl_lu: The CTF security challenges for Morpheus Cup #MorpheusCup are now online https://ctf.circl.lu/ + +(Originally on Twitter: [Tue May 19 15:09:49 +0000 2015](https://twitter.com/adulau/status/600679760872611840)) +---- +"The attack recovers AES keys in the cross-VM setting on Xen 4.1 with +deduplication disabled," http://www.ieee-security.org/TC/SP2015/papers/6949a591.pdf + +(Originally on Twitter: [Tue May 19 16:32:17 +0000 2015](https://twitter.com/adulau/status/600700511797391360)) +---- +@kerouanton Is there any people from @asscert in the queue too? + +(Originally on Twitter: [Thu May 21 07:27:59 +0000 2015](https://twitter.com/adulau/status/601288310665777152)) +---- +A very nice art project - "WE ARE ALWAYS LISTENING" http://www.wearealwayslistening.com/recordings.html #privacy #NSA + +(Originally on Twitter: [Thu May 21 08:40:53 +0000 2015](https://twitter.com/adulau/status/601306658027933696)) +---- +RT @inliniac: New confirmed speaker at the @Suricata_IDS conference in Barcelona: @mozsec 's @MichalPurzynski +Join us, it's free! http://t… + +(Originally on Twitter: [Thu May 21 16:27:17 +0000 2015](https://twitter.com/adulau/status/601424029623439360)) +---- +Sometime, fire is the only way... https://www.flickr.com/photos/adulau/17315306114/ #photography + +(Originally on Twitter: [Thu May 21 16:50:55 +0000 2015](https://twitter.com/adulau/status/601429977658204160)) +---- +@veorq I especially enjoyed this quote "Blame no one. Expect nothing. Do something." + +(Originally on Twitter: [Thu May 21 18:00:27 +0000 2015](https://twitter.com/adulau/status/601447478559256577)) +---- +RT @circl_lu: . @r00tbsd Thank you. Indeed there are some interesting points that could be part of our Passive bitcoin project. https://t.c… + +(Originally on Twitter: [Thu May 21 19:22:47 +0000 2015](https://twitter.com/adulau/status/601468195434725377)) +---- +RT @pinkflawd: @m0n0sapiens @theweeZ dont tell the french, they still think i'm australian + +(Originally on Twitter: [Thu May 21 19:35:06 +0000 2015](https://twitter.com/adulau/status/601471297718071296)) +---- +RT @thegrugq: Containers will solve security! ![](media/601975028285108224-CFqk7AzUsAEwaAZ.jpg) + +(Originally on Twitter: [Sat May 23 04:56:45 +0000 2015](https://twitter.com/adulau/status/601975028285108224)) +---- +RT @cokebottle: @circl_lu @MorpheusCup I've made some writeups still working on some challenges https://github.com/cokebottle/ctf-writeups/ + +(Originally on Twitter: [Sat May 23 18:33:06 +0000 2015](https://twitter.com/adulau/status/602180469682081792)) +---- +RT @circl_lu: @cokebottle Great! There are two flags for B ;-) We are curious how you will solve D. Good luck and thank you for sharing. @M… + +(Originally on Twitter: [Sat May 23 18:33:13 +0000 2015](https://twitter.com/adulau/status/602180498970939392)) +---- +"A general-purpose, easy-to-use fuzzer with interesting analysis options." #fuzzing seems interesting (to test) https://github.com/google/honggfuzz + +(Originally on Twitter: [Sun May 24 08:13:16 +0000 2015](https://twitter.com/adulau/status/602386869062598656)) +---- +RT @jnazario: with/death of John Nash bunch of ppl thinking "i should learn #GameTheory" 2 to get u started: http://www.rand.org/pubs/commercial_books/CB113-1.html http://… + +(Originally on Twitter: [Sun May 24 15:33:33 +0000 2015](https://twitter.com/adulau/status/602497673753669632)) +---- +Maybe I should do a fake DNS server for the all domains recommending "curl https://install.<yourfavoritesoft> | /bin/sh" in dev conferences + +(Originally on Twitter: [Sun May 24 19:32:15 +0000 2015](https://twitter.com/adulau/status/602557741341642752)) +---- +@nikitab Sure but we can count on the "-k" curl option or the incredible "echo insecure >> ~/.curlrc" ;-) + +(Originally on Twitter: [Sun May 24 21:39:59 +0000 2015](https://twitter.com/adulau/status/602589887582240769)) +---- +RT @nikitab: @ralphholz @adulau good reason to put your install instructions somewhere with HSTS or HPKP. + +(Originally on Twitter: [Mon May 25 06:43:17 +0000 2015](https://twitter.com/adulau/status/602726613634125825)) +---- +@FredericJacobs @kerouanton How would you do it if you want to revoke one of the usage? Just like you can do with the Belgian eID . + +(Originally on Twitter: [Mon May 25 09:53:21 +0000 2015](https://twitter.com/adulau/status/602774444910759937)) +---- +@FredericJacobs Sure. You can even revoke when receiving the card. I did revoke it for the authentication. @kerouanton + +(Originally on Twitter: [Mon May 25 10:01:16 +0000 2015](https://twitter.com/adulau/status/602776437070929920)) +---- +RT @Dymaxion: @rafi0t Needed an Ethernet cable in her bag in the overhead bin. + +(Originally on Twitter: [Mon May 25 11:57:09 +0000 2015](https://twitter.com/adulau/status/602805599852703744)) +---- +I just hope that Ada Colau won't become the next Peter Garret... + +(Originally on Twitter: [Mon May 25 12:29:51 +0000 2015](https://twitter.com/adulau/status/602813829517549568)) +---- +Whistleblowers should use TV series to leak information, this would be more interesting than MediaWiki source code... http://moviecode.tumblr.com/post/114815574587/this-is-from-csi-cyber-s01e04-according-the-the + +(Originally on Twitter: [Mon May 25 14:43:06 +0000 2015](https://twitter.com/adulau/status/602847363330416640)) +---- +RT @hack_lu: If you want to visit #Luxembourg and presenting your security research don't forget the @hack_lu 2015 Call for Papers http://t… + +(Originally on Twitter: [Mon May 25 15:59:40 +0000 2015](https://twitter.com/adulau/status/602866630343798785)) +---- +RT @halvarflake: I finally wrote something on Wassenaar. I will post this link again tomorrow, since today is a holiday. Meanwhile: http://… + +(Originally on Twitter: [Mon May 25 18:03:50 +0000 2015](https://twitter.com/adulau/status/602897881553444864)) +---- +@StevenVanAcker @freddyb @0x6D6172696F I wonder how many banking website will do a default "Content-Security-Policy: default-src 'none';" + +(Originally on Twitter: [Mon May 25 20:35:43 +0000 2015](https://twitter.com/adulau/status/602936100974374913)) +---- +RT @thegrugq: @csoghoian @chriscappuccio @rabite I kinda thought it was the ACLU that was supposed to protect freedom of speech. + +(Originally on Twitter: [Mon May 25 20:54:36 +0000 2015](https://twitter.com/adulau/status/602940853389283329)) +---- +@rafi0t Terrible idea? I think it could part of a reading club and the first title to read aloud would be "Martian Time-Slip" @hack_lu + +(Originally on Twitter: [Tue May 26 20:14:39 +0000 2015](https://twitter.com/adulau/status/603293190297362433)) +---- +We just received the @hack_lu 2015 stickers... if you want some stickers, DM me. #hacklu http://2015.hack.lu ![](media/603473504823078913-CF_39FSVEAAGhjO.jpg) + +(Originally on Twitter: [Wed May 27 08:11:10 +0000 2015](https://twitter.com/adulau/status/603473504823078913)) +---- +@a_z_e_t The design is a bit different... some black-boxes.... @rafi0t @hack_lu + +(Originally on Twitter: [Wed May 27 15:09:30 +0000 2015](https://twitter.com/adulau/status/603578781438193665)) +---- +@evematringe Tout est possible... On pourrait imaginer un petit track John Callas, Werner Koch à @hack_lu sur le futur d'OpenPGP @rafi0t + +(Originally on Twitter: [Wed May 27 18:49:06 +0000 2015](https://twitter.com/adulau/status/603634048372703232)) +---- +RT @circl_lu: Dissecting Linux/Moose The Analysis of a Linux Router-based Worm http://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.pdf indicators in CIRCL MISP https://t.co… + +(Originally on Twitter: [Wed May 27 19:55:16 +0000 2015](https://twitter.com/adulau/status/603650697742176256)) +---- +I had a nightmare 2 weeks ago. Someone modified the official code base of IDA pro and include a back-door to modify basic blocks... + +(Originally on Twitter: [Wed May 27 20:05:21 +0000 2015](https://twitter.com/adulau/status/603653235325444097)) +---- +RT @rafi0t: One more proof encryption works and the attackers have to move to the endpoints. https://twitter.com/ccdcoe/status/603885444359725056 + +(Originally on Twitter: [Thu May 28 11:47:20 +0000 2015](https://twitter.com/adulau/status/603890295479074816)) +---- +RT @circl_lu: CIRCLean USB cleaner version 1.3 released https://www.circl.lu/projects/CIRCLean/ including new features and a critical security fix (polyglo… + +(Originally on Twitter: [Thu May 28 15:00:59 +0000 2015](https://twitter.com/adulau/status/603939025888616448)) +---- +@blackswanburst I'll have a look but should be fine. @rafi0t + +(Originally on Twitter: [Sat May 30 17:27:12 +0000 2015](https://twitter.com/adulau/status/604700601906278400)) +---- +@blackswanburst I just did a query and it works. Let me know if you have a specific issue. @rafi0t + +(Originally on Twitter: [Sat May 30 17:32:54 +0000 2015](https://twitter.com/adulau/status/604702035255169027)) +---- +@blackswanburst Ok, I'll check with you next week for the other findings we have on our side ;-) @rafi0t + +(Originally on Twitter: [Sat May 30 17:51:33 +0000 2015](https://twitter.com/adulau/status/604706728194781184)) +---- +Very nice concert from @MariaPalatine at "Sentiers des Songes", I took some pictures http://www.foo.be/mariapalatine/ #photography + +(Originally on Twitter: [Sat May 30 18:07:40 +0000 2015](https://twitter.com/adulau/status/604710782715215874)) +---- +@blackswanburst with me ;-) Query by FP of CA is possible (not in the API) @rafi0t + +(Originally on Twitter: [Sun May 31 16:06:08 +0000 2015](https://twitter.com/adulau/status/605042586072559617)) +---- +The API and the inferface are not as nice as GCHQ flying pigs but I'm working on it ;-) https://www.koen.io/2013/12/flying-pig-gchq-tls-ssl-knowledge-base/ @blackswanburst + +(Originally on Twitter: [Sun May 31 16:15:40 +0000 2015](https://twitter.com/adulau/status/605044984329449472)) +---- +@blackswanburst Excellent. Another funky one is Tor. You can spot Tor certificate by just looking at the Subject... https://raw.githubusercontent.com/sethhall/bro-junk-drawer/master/detect-tor.bro + +(Originally on Twitter: [Sun May 31 16:22:41 +0000 2015](https://twitter.com/adulau/status/605046749988798464)) +---- +Just spotted a random discussion at Fort Meade: "I'll add a route to the new MAINWAY servers range, should I remove the old ones?" + +(Originally on Twitter: [Sun May 31 20:46:10 +0000 2015](https://twitter.com/adulau/status/605113059280056323)) +---- +Tableau TD3 by @EnCase with a network interface has no support for NTP. It's not because time reference is important in forensic acquisition + +(Originally on Twitter: [Mon Jun 01 12:18:36 +0000 2015](https://twitter.com/adulau/status/605347714260451328)) +---- +RT @rommelfs: @adulau @encase Judge: "Explain how you did the acquisition two days before the incident happened?" - "Used a Tableau" - "Oh,… + +(Originally on Twitter: [Mon Jun 01 12:29:44 +0000 2015](https://twitter.com/adulau/status/605350514696560640)) +---- +RT @Peerlyst: Sharing information like this helps the whole community and improves tools&selection processes https://twitter.com/adulau/status/605347714260451328 + +(Originally on Twitter: [Mon Jun 01 14:17:50 +0000 2015](https://twitter.com/adulau/status/605377718629330944)) +---- +@Pinboard What's better in the refrigerant? Bromine or Chlorine ;-) It's just a matter of taste. + +(Originally on Twitter: [Mon Jun 01 21:24:19 +0000 2015](https://twitter.com/adulau/status/605485050197622784)) +---- +RT @circl_lu: AS63857 (HOTNETLIMITED) wins the top malicious activities on CIRCL BGP Ranking http://bgpranking.circl.lu/asn_details?date=;source=;asn=63857;ip_details=43.229.52.0/24 + +(Originally on Twitter: [Tue Jun 02 19:34:46 +0000 2015](https://twitter.com/adulau/status/605819867585912833)) +---- +RT @stilgherrian: This last point is why @0xmaro thinks FinSpy's crypto was so flawed. #AusCERT2015 ![](media/605955755825590272-CGjH4bpVAAEs8e-.jpg) + +(Originally on Twitter: [Wed Jun 03 04:34:44 +0000 2015](https://twitter.com/adulau/status/605955755825590272)) +---- +"What happened to Sourceforge?" https://blog.l0cal.com/2015/06/02/what-happened-to-sourceforge/ + +(Originally on Twitter: [Wed Jun 03 12:48:51 +0000 2015](https://twitter.com/adulau/status/606080100979900416)) +---- +RT @wikileaks: WikiLeaks release: 17 secret documents from the ongoing #TISA negotiations https://wikileaks.org/tisa/ #TTP #TTIP http://t.co/VL… + +(Originally on Twitter: [Wed Jun 03 13:26:22 +0000 2015](https://twitter.com/adulau/status/606089543574528001)) +---- +RT @plusvic: ClamAV now supports YARA rules. http://blog.clamav.net/2015/06/clamav-099b-meets-yara.html?m=1 + +(Originally on Twitter: [Thu Jun 04 07:35:44 +0000 2015](https://twitter.com/adulau/status/606363691429306368)) +---- +@xme Au contraire c'est une bonne nouvelle. Avec le papier, les assesseurs peuvent vérifier l'ensemble. @doegox @aris_ada @odauby @lalibrebe + +(Originally on Twitter: [Thu Jun 04 07:48:19 +0000 2015](https://twitter.com/adulau/status/606366856719568896)) +---- +RT @H_Miser: "J'ai pas reporté la vuln étant donné que l'auteur insulte les gens qui lui en remontent maintenant je fais juste des pocs" #s… + +(Originally on Twitter: [Thu Jun 04 16:24:26 +0000 2015](https://twitter.com/adulau/status/606496744692686848)) +---- +@blackswanburst Take care. I'm just very confused with the Twitter context surrounding your tweet ;-) ![](media/606497850214780928-CGq2lKhWgAEp8cJ.png) + +(Originally on Twitter: [Thu Jun 04 16:28:50 +0000 2015](https://twitter.com/adulau/status/606497850214780928)) +---- +RT @pidgeyL: @security_craig A nice project for CVE indexing is #CVESearch by @adulau @wimremes and myself. https://github.com/adulau/cve-search Might b… + +(Originally on Twitter: [Thu Jun 04 18:06:27 +0000 2015](https://twitter.com/adulau/status/606522415229861888)) +---- +@xme In photography, you need to know the rules to break them. But I suppose this applies to a lot of arts. + +(Originally on Twitter: [Thu Jun 04 19:58:40 +0000 2015](https://twitter.com/adulau/status/606550659102445569)) +---- +Thanks to @capile for documenting the first implementation of Global IRT (Incident Response Team) REST API https://github.com/adulau/global-irt/blob/master/api.md + +(Originally on Twitter: [Fri Jun 05 04:51:11 +0000 2015](https://twitter.com/adulau/status/606684668717637632)) +---- +. @letsencrypt Can you share the HSM used in the process and especially the random generator(s) involved? + +(Originally on Twitter: [Fri Jun 05 07:48:35 +0000 2015](https://twitter.com/adulau/status/606729314185433089)) +---- +@vloquet Un simple calcul. 500K pour 460 nouvelles start-up. Et si uniquement deux ou trois réussissent... c'est gagné. @BCazeneuve + +(Originally on Twitter: [Fri Jun 05 09:02:44 +0000 2015](https://twitter.com/adulau/status/606747974773960704)) +---- +RT @circl_lu: Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines (admin hijack) https://t.co/E788A4i… + +(Originally on Twitter: [Fri Jun 05 13:02:21 +0000 2015](https://twitter.com/adulau/status/606808275259146240)) +---- +RT @blackthorne: Malware Persistence With HKEY_CURRENT_USER Shell Extension Handlers, No Admin Required http://herrcore.blogspot.com/2015/06/malware-persistence-with.html + +(Originally on Twitter: [Fri Jun 05 20:33:29 +0000 2015](https://twitter.com/adulau/status/606921807262846976)) +---- +LibreCrypt: Transparent on-the-fly disk encryption for Windows. LUKS compatible. https://github.com/t-d-k/LibreCrypt + +(Originally on Twitter: [Sat Jun 06 05:54:59 +0000 2015](https://twitter.com/adulau/status/607063113414909952)) +---- +@Kaweechelchen Regarding ultrasound, I'm still looking for a good project to build an ultrasound detector to recognize bat species. + +(Originally on Twitter: [Sat Jun 06 13:29:56 +0000 2015](https://twitter.com/adulau/status/607177603829669888)) +---- +@Kaweechelchen I'm looking for a free hardware alternative to the Pettersson D240X. @aeroboticist + +(Originally on Twitter: [Sat Jun 06 13:33:01 +0000 2015](https://twitter.com/adulau/status/607178380228886528)) +---- +@iTabooD L'athéisme n'est pas un dogme car on peut changer d'avis s'il y avait une preuve scientifique. Pour un dogme, c'est figé @Sansdieux + +(Originally on Twitter: [Sat Jun 06 14:54:13 +0000 2015](https://twitter.com/adulau/status/607198815934935040)) +---- +RT @Sapmay: @RichardDawkins in the words of Stephen Fry: ![](media/607221738926129152-CG1ElT6U8AACrZV.jpg) + +(Originally on Twitter: [Sat Jun 06 16:25:18 +0000 2015](https://twitter.com/adulau/status/607221738926129152)) +---- +Summertime is not far away... https://www.flickr.com/photos/adulau/18569196732/ #photography #Belgium + +(Originally on Twitter: [Sun Jun 07 20:33:20 +0000 2015](https://twitter.com/adulau/status/607646543294930944)) +---- +@pyknite "Note that Polycom’s encryption is FIPS-140, certified by the United +States government." Il va falloir creuser... + +(Originally on Twitter: [Mon Jun 08 11:10:53 +0000 2015](https://twitter.com/adulau/status/607867388361633792)) +---- +@pyknite Je suppose que Polycom utilise plusieurs stack SIP ou proprio mais ceci pourrait aider: https://github.com/SIPp/polycom-sipped/tree/master/src + +(Originally on Twitter: [Mon Jun 08 12:19:03 +0000 2015](https://twitter.com/adulau/status/607884540724584448)) +---- +@lrz Now we know where all the Orval are going too ;-) + +(Originally on Twitter: [Mon Jun 08 13:44:34 +0000 2015](https://twitter.com/adulau/status/607906062285586433)) +---- +RT @gentilkiwi: #mimikatz now support DPAPI,some know what that means :) +(yeah Masterkeys were in LSASS cache) +cc:@jmichel_p @dfirfpi http:… + +(Originally on Twitter: [Tue Jun 09 04:45:49 +0000 2015](https://twitter.com/adulau/status/608132868867506177)) +---- +RT @circl_lu: hack.lu 2015 (20-22 October) in Luxembourg - registration is now open http://2015.hack.lu/info/ #conference #infosec #Luxembourg + +(Originally on Twitter: [Tue Jun 09 13:27:48 +0000 2015](https://twitter.com/adulau/status/608264231302111232)) +---- +RT @oliviertesquet: Laura Poitras a filmé Ai Weiwei et @ioerror en train de fourrer des documents de la NSA dans des pandas en peluche http… + +(Originally on Twitter: [Tue Jun 09 15:01:18 +0000 2015](https://twitter.com/adulau/status/608287762022862848)) +---- +@blackswanburst Dess code? I think the only we have is "to avoid being naked in public places"... @traciwei + +(Originally on Twitter: [Tue Jun 09 15:41:15 +0000 2015](https://twitter.com/adulau/status/608297817317212160)) +---- +RT @hack_lu: Registration for hack.lu 2015 is now open http://2015.hack.lu/info/ we hope to see you at the 11th edition of @hack_lu conference. + +(Originally on Twitter: [Tue Jun 09 17:07:31 +0000 2015](https://twitter.com/adulau/status/608319524123877377)) +---- +@bortzmeyer Sometime companies talk about more about legal issues surrounding logs than just reading, grepping and indexing their logs. + +(Originally on Twitter: [Wed Jun 10 08:10:20 +0000 2015](https://twitter.com/adulau/status/608546724811010048)) +---- +RT @blackswanburst: @FIRSTdotOrg @adulau SSL/TLS Teasers. ![](media/608983850094587904-CHOJw0NWcAAvzsn.png) + +(Originally on Twitter: [Thu Jun 11 13:07:18 +0000 2015](https://twitter.com/adulau/status/608983850094587904)) +---- +A honeypot targeting attackers actively exploiting the Elasticsearch Groovy vulnerability https://github.com/Novetta/delilah to test ;-) + +(Originally on Twitter: [Thu Jun 11 14:36:38 +0000 2015](https://twitter.com/adulau/status/609006329735319552)) +---- +What happens to a software designed with the Waterfall model given to some script kiddies? http://40.media.tumblr.com/b52cddd2b74d9ef86bdcf0fe3c0f2d98/tumblr_noo428N8jf1qza249o1_500.jpg + +(Originally on Twitter: [Thu Jun 11 18:12:42 +0000 2015](https://twitter.com/adulau/status/609060706638524417)) +---- +@craiu I'm sure @shrekts will answer this without having to drink beer ;-) @r0bertmart1nez + +(Originally on Twitter: [Thu Jun 11 21:12:22 +0000 2015](https://twitter.com/adulau/status/609105921323728896)) +---- +RT @circl_lu: Meet CIRCL at FIRST Annual Conference in Berlin https://www.circl.lu/pub/press/20150611/ @FIRSTdotOrg + +(Originally on Twitter: [Fri Jun 12 09:52:42 +0000 2015](https://twitter.com/adulau/status/609297264150999040)) +---- +RT @bascule: FourQ: new elliptic curve from Microsoft Research: http://research.microsoft.com/apps/pubs/default.aspx?id=246916 #ECCWorkshop + +(Originally on Twitter: [Sat Jun 13 05:15:59 +0000 2015](https://twitter.com/adulau/status/609590012645122048)) +---- +I'm sure you want to revoke "25 65 41 E2 04 61 90 33 F8 B0 9F 9E B7 C8 8E F8" #Duqu2 @VeriSignAuth https://www.virustotal.com/en/file/bc4ae56434b45818f57724f4cd19354a13e5964fd097d1933a30e2e31c9bdfa5/analysis/ + +(Originally on Twitter: [Sat Jun 13 07:42:24 +0000 2015](https://twitter.com/adulau/status/609626861187002368)) +---- +@matthew_d_green It's time to do an exhaustive search on all drivers code signed with SHA1 by Microsoft(?) in @virustotal @freddyb + +(Originally on Twitter: [Sat Jun 13 07:53:29 +0000 2015](https://twitter.com/adulau/status/609629648381693952)) +---- +@SnorreFagerland Not the driver itself but the MS authenticode discrepancies... @matthew_d_green @virustotal @freddyb @ioerror + +(Originally on Twitter: [Sat Jun 13 08:53:09 +0000 2015](https://twitter.com/adulau/status/609644666917646336)) +---- +@SnorreFagerland Ok assuming that collisions (ab)used authenticode/signing attributes. @matthew_d_green @virustotal @freddyb @ioerror + +(Originally on Twitter: [Sat Jun 13 08:56:47 +0000 2015](https://twitter.com/adulau/status/609645580189614080)) +---- +RT @mattblaze: We now have a weird situation where people who lack clearances may suddenly be *more* desirable for covert operations. + +(Originally on Twitter: [Sat Jun 13 09:04:55 +0000 2015](https://twitter.com/adulau/status/609647627676839936)) +---- +Want to know who are running MobileIron MDM gateways on Internet in one passive query? teaser for our talk @FIRSTdotOrg @blackswanburst + +(Originally on Twitter: [Sat Jun 13 09:31:09 +0000 2015](https://twitter.com/adulau/status/609654229192478720)) +---- +@Reversity @doegox The level ozone slightly increased in the past hours. It's also an additional factor for increasing #allergy. + +(Originally on Twitter: [Sat Jun 13 10:45:45 +0000 2015](https://twitter.com/adulau/status/609672999868985344)) +---- +RT @joshbloch: Oracle STILL installs Ask Toolbar by default when you install Java. Amusingly, Microsoft now removes it as malware: http://t… + +(Originally on Twitter: [Sat Jun 13 12:00:55 +0000 2015](https://twitter.com/adulau/status/609691917610283008)) +---- +A nice article about ethics in information technology and information security by @rafi0t http://boingboing.net/2015/06/13/on-ethics-in-information-techn.html + +(Originally on Twitter: [Sat Jun 13 15:43:27 +0000 2015](https://twitter.com/adulau/status/609747921240784896)) +---- +@evematringe @rafi0t On en veut aussi ;-) + +(Originally on Twitter: [Sat Jun 13 15:44:47 +0000 2015](https://twitter.com/adulau/status/609748254276866048)) +---- +RT @bkhowson: #ECCWorkshop ECDSA roots blogged with test URLs. @ivanristic @CertCouncil http://www.plaintextcity.com/2015/06/elliptic-curve-certificate-authority.html + +(Originally on Twitter: [Sun Jun 14 07:55:27 +0000 2015](https://twitter.com/adulau/status/609992531292647424)) +---- +@4nc4p Wondering how the proportionality of law is respected if governmental structures are not patching.... + +(Originally on Twitter: [Sun Jun 14 10:47:00 +0000 2015](https://twitter.com/adulau/status/610035703024648192)) +---- +Want to play some security challenges during @FIRSTdotOrg 2015 don't forget to register https://challenges.dragonresearchgroup.org/register/ (accessible from FIRST net) + +(Originally on Twitter: [Mon Jun 15 07:10:54 +0000 2015](https://twitter.com/adulau/status/610343709780131840)) +---- +RT @circl_lu: Building instantly exploitable detection and protection using MISP presented at @FIRSTdotOrg https://www.first.org/resources/papers/conf2015/first_2015_-_iklody-_andras_-_building_instantly_exploitable_protection_20150608_fw.pdf + +(Originally on Twitter: [Mon Jun 15 09:18:54 +0000 2015](https://twitter.com/adulau/status/610375922957578241)) +---- +An interesting point regarding threat sharing where collaboration on threats is key @FIRSTdotOrg https://www.misp-project.org/ + +(Originally on Twitter: [Mon Jun 15 13:56:51 +0000 2015](https://twitter.com/adulau/status/610445869423403008)) +---- +Oops... 06892001be0854570546b1e609d33a5510290e3b,C=US, ST=California, L=Mountain View, O=GeoTrust Inc., OU=GeoTrust Global CA, CN=*.* + +(Originally on Twitter: [Tue Jun 16 14:46:45 +0000 2015](https://twitter.com/adulau/status/610820816364769280)) +---- +@AcidRampage Compromised CA is a difficult definition ;-) But from CRL we have some with "CA compromise" as reason. + +(Originally on Twitter: [Wed Jun 17 12:37:58 +0000 2015](https://twitter.com/adulau/status/611150793874505728)) +---- +RT @MarieGMoe: Passive SSL research by @blackswanburst and @adulau tracks down compromised devices plus a lot of other interesting stuff! … + +(Originally on Twitter: [Wed Jun 17 12:38:09 +0000 2015](https://twitter.com/adulau/status/611150838074052609)) +---- +RT @ddurvaux: Presentation from @adulau and @blackswanburst at #firstcon15 is really great! Their research is based on info given by @snow… + +(Originally on Twitter: [Wed Jun 17 12:38:19 +0000 2015](https://twitter.com/adulau/status/611150880595951616)) +---- +RT @Janet_LegReg: Auto-generated certs may include/reveal non-public DNS names :( @adulau @blackswanburst #firstcon15 + +(Originally on Twitter: [Wed Jun 17 12:38:30 +0000 2015](https://twitter.com/adulau/status/611150928188731392)) +---- +Our presentation at @FIRSTdotOrg about Passive SSL is now online #firstcon15 @blackswanburst https://www.first.org/resources/papers/conf2015/first_2015_-_leverett_-_dulaunoy_-_passive_detection_20150604.pdf + +(Originally on Twitter: [Wed Jun 17 12:42:50 +0000 2015](https://twitter.com/adulau/status/611152019282378752)) +---- +RT @blackswanburst: Thanks to @achillean for data streams to analyse for my presentation with @adulau https://www.first.org/resources/papers/conf2015/first_2015_-_leverett_-_dulaunoy_-_passive_detection_20150604.pdf + +(Originally on Twitter: [Wed Jun 17 12:57:57 +0000 2015](https://twitter.com/adulau/status/611155821377003520)) +---- +@ClausHoumann It's just a fake certificate (self-signed) but it was indeed very suspicious. @kylefleming217 @blackswanburst + +(Originally on Twitter: [Wed Jun 17 22:49:03 +0000 2015](https://twitter.com/adulau/status/611304576784932865)) +---- +RT @circl_lu: Hack.lu 2015 (20-22 October 2015) - Call for papers and registration open https://www.circl.lu/pub/press/20150617/ @hack_lu #hacklu + +(Originally on Twitter: [Thu Jun 18 07:28:04 +0000 2015](https://twitter.com/adulau/status/611435194705387520)) +---- +RDAP (to replace WHOIS) seems interesting but the RDAP services at IANA is still empty... http://data.iana.org/rdap/ipv4.json @FIRSTdotOrg #firstcon15 + +(Originally on Twitter: [Thu Jun 18 07:38:32 +0000 2015](https://twitter.com/adulau/status/611437827117699072)) +---- +Very nice talk from @bsoman3 about malware classification using fuzzy hash functions. https://www.first.org/resources/papers/conf2015/first_2015_-_soman-_bhavna_-_evaluating_the_effectiveness_of_fuzzy_hashing_techniques_20150610.pdf #firstcon15 + +(Originally on Twitter: [Thu Jun 18 09:03:21 +0000 2015](https://twitter.com/adulau/status/611459172371165184)) +---- +@cloudjunky Right, the obfuscated vs unobfuscated dataset. Another trick is to look at RichHeader https://github.com/CIRCL/PyRichHeader @bsoman3 + +(Originally on Twitter: [Thu Jun 18 09:09:09 +0000 2015](https://twitter.com/adulau/status/611460630353215488)) +---- +Q&Q from the audience "What's the best to way to remove malicious application from a phone" tempted to say "Destroy this phone". #firstcon15 + +(Originally on Twitter: [Thu Jun 18 09:26:39 +0000 2015](https://twitter.com/adulau/status/611465036259815424)) +---- +For the people at @FIRSTdotOrg 2015 - I still have stickers for @hack_lu 2015 - feel free to grab me... #firstcon15 + +(Originally on Twitter: [Thu Jun 18 09:33:09 +0000 2015](https://twitter.com/adulau/status/611466671669276672)) +---- +RT @dakami: @adulau @amicaross s/best/only/ + +(Originally on Twitter: [Thu Jun 18 09:49:03 +0000 2015](https://twitter.com/adulau/status/611470673286930433)) +---- +@Kippelboy The lack of law regarding freedom of panorama is an advantage for the community than the today's over-legalization @dascritch + +(Originally on Twitter: [Fri Jun 19 07:24:12 +0000 2015](https://twitter.com/adulau/status/611796609068867585)) +---- +@Kippelboy The issue is that the FoP without law was allowing more freedom for Wikimedians than any future laws... @dascritch + +(Originally on Twitter: [Fri Jun 19 07:29:38 +0000 2015](https://twitter.com/adulau/status/611797976156098560)) +---- +"Unauthorized Cross-App Resource Access on +MAC OS X and iOS" The KeyChain part is very interesting. http://arxiv.org/pdf/1505.06836v1.pdf + +(Originally on Twitter: [Fri Jun 19 07:40:37 +0000 2015](https://twitter.com/adulau/status/611800737518067713)) +---- +Glad to see the "IAB Statement on the Trade in Security Technologies" https://www.iab.org/documents/correspondence-reports-documents/2015-2/iab-statement-on-the-trade-in-security-technologies/ + +(Originally on Twitter: [Fri Jun 19 12:52:12 +0000 2015](https://twitter.com/adulau/status/611879149943308288)) +---- +RT @piotrkijewski: Mining HTTP traffic for groups of closely related servers that are potentially involved in the same #malware campaign ht… + +(Originally on Twitter: [Fri Jun 19 12:58:55 +0000 2015](https://twitter.com/adulau/status/611880842286231552)) +---- +Don't grep too much for system, subprocess, popen... https://github.com/prometheus-ar/vot.ar @QKaiser @doegox #evoting + +(Originally on Twitter: [Sat Jun 20 08:19:04 +0000 2015](https://twitter.com/adulau/status/612172804943912960)) +---- +The Joy of Riding a Bike in Berlin https://www.flickr.com/photos/adulau/18795343629/ special dedication to @SteveClement #photography #firstcon15 + +(Originally on Twitter: [Sat Jun 20 10:14:25 +0000 2015](https://twitter.com/adulau/status/612201830647496705)) +---- +@blackswanburst Cool. It seems I have to fix my code for ECDHE_RSA_CHACHA20_POLY1305_SHA256 and ECDHE_ECDSA_CHACHA20_POLY1305_SHA256. + +(Originally on Twitter: [Sat Jun 20 11:45:10 +0000 2015](https://twitter.com/adulau/status/612224668532088832)) +---- +@shrekts @blackswanburst Around on the Internet my dear, board member... + +(Originally on Twitter: [Sat Jun 20 11:48:03 +0000 2015](https://twitter.com/adulau/status/612225394968760320)) +---- +It seems that @amicaross and @blackswanburst were attacked by the Berliner Bear threat actor https://www.flickr.com/photos/adulau/18983742455/ #photography + +(Originally on Twitter: [Sat Jun 20 12:05:08 +0000 2015](https://twitter.com/adulau/status/612229695548035072)) +---- +@Kaweechelchen I hoped they fixed the 1100 series and don't use an old version http://cve.circl.lu/cve/CVE-2009-0941 + +(Originally on Twitter: [Sat Jun 20 12:24:13 +0000 2015](https://twitter.com/adulau/status/612234498739208193)) +---- +@QKaiser @doegox In Argentina... + +(Originally on Twitter: [Sat Jun 20 19:27:48 +0000 2015](https://twitter.com/adulau/status/612341097063424000)) +---- +RT @travisgoodspeed: PoC||GTFO 0x08 is available at https://www.alchemistowl.org/pocorgtfo/ and http://mirror.capelis.dj/poc||gtfo/ Please add your own mirror! http://t… + +(Originally on Twitter: [Sat Jun 20 19:31:50 +0000 2015](https://twitter.com/adulau/status/612342109610352640)) +---- +RT @normative: @weems @csoghoian @EFF @CatoInstitute You think I want to do a clearance review? Good lord no. + +(Originally on Twitter: [Sat Jun 20 19:49:02 +0000 2015](https://twitter.com/adulau/status/612346439923015681)) +---- +A picture of @blackswanburst taking a picture of @ddurvaux taking a picture of the Soviet War Memorial https://www.flickr.com/photos/adulau/19017631002/ #photography + +(Originally on Twitter: [Sun Jun 21 15:58:39 +0000 2015](https://twitter.com/adulau/status/612650846971645952)) +---- +RT @blackswanburst: Dr Bochman sharing the interbank modelling work he is doing on financial contagion. #camrisk2015 @Risk_Cambridge http:/… + +(Originally on Twitter: [Mon Jun 22 11:31:26 +0000 2015](https://twitter.com/adulau/status/612945988379086848)) +---- +RT @circl_lu: For the past days, the following ASN 63857 in HK is just full of badness... http://bgpranking.circl.lu/asn_details?date=;source=;asn=63857 + +(Originally on Twitter: [Mon Jun 22 19:54:23 +0000 2015](https://twitter.com/adulau/status/613072561132466176)) +---- +RT @SnorreFagerland: As if not attribution was difficult enough - Multiple concurrent intrusions seems to be becoming more common. + +(Originally on Twitter: [Tue Jun 23 05:35:39 +0000 2015](https://twitter.com/adulau/status/613218843020894208)) +---- +RT @thegrugq: .@matalaz hacks all the AV products, nobody cares +NSA/GCHQ hack one AV product, everyone loses their minds! http://t.co/1uo10… + +(Originally on Twitter: [Tue Jun 23 05:36:14 +0000 2015](https://twitter.com/adulau/status/613218989259517952)) +---- +@bortzmeyer Intéressant mais comment calculer les contributions d'un hackerspace? Le nombre de projets/commits sur @github? le # de membres? + +(Originally on Twitter: [Tue Jun 23 08:21:02 +0000 2015](https://twitter.com/adulau/status/613260463254708224)) +---- +https://github.com/Shopify/ejson EJSON is a small library to manage encrypted secrets using asymmetric encryption. + +(Originally on Twitter: [Wed Jun 24 05:22:07 +0000 2015](https://twitter.com/adulau/status/613577825237487617)) +---- +RT @newsoft: Le mot de passe qui protège cette feuille Excel: http://www.ssi.gouv.fr/guide//lhomologation-de-securite-en-neuf-etapes-simples/ publiée par l'#ANSSI est 2b5b3b5b1b7b3. C'est un chall… + +(Originally on Twitter: [Thu Jun 25 07:33:06 +0000 2015](https://twitter.com/adulau/status/613973174057869312)) +---- +@ClausHoumann Another issue is all the signed DLLs from the AV engines with unsafe LoadLibrary calls... @matalaz @taviso + +(Originally on Twitter: [Thu Jun 25 08:57:49 +0000 2015](https://twitter.com/adulau/status/613994492094476288)) +---- +RT @quarkslab: [BLOG] @ChatSecure security assessment: when #privacy matters http://blog.quarkslab.com/security-assessment-of-instant-messaging-app-chatsecure-when-privacy-matters.html by @deesse_k @pod2g & @Agarri_FR for @… + +(Originally on Twitter: [Thu Jun 25 15:18:56 +0000 2015](https://twitter.com/adulau/status/614090407023128576)) +---- +. @quarkslab Nice work. Glad to see a @ChatSecure security analysis for @OpenITP + +(Originally on Twitter: [Thu Jun 25 15:33:44 +0000 2015](https://twitter.com/adulau/status/614094128335466497)) +---- +RT @gleeda: a @volatility tip: use the kdbgscan plugin to determine the Windows profile since it's quicker than imageinfo #DFIR + +(Originally on Twitter: [Thu Jun 25 15:43:14 +0000 2015](https://twitter.com/adulau/status/614096522460966913)) +---- +RT @thegrugq: I bet you APT analysts have contests to find the craziest personal histories in the OPM data. ![](media/614098953034928128-CIW2Z_0UsAAqq6W.jpg) + +(Originally on Twitter: [Thu Jun 25 15:52:54 +0000 2015](https://twitter.com/adulau/status/614098953034928128)) +---- +RT @FredericJacobs: If you're having a debate about the "morality" of ad blockers without discussing the implications of tracking, you're d… + +(Originally on Twitter: [Sat Jun 27 13:08:05 +0000 2015](https://twitter.com/adulau/status/614782250832523264)) +---- +@ClausHoumann @Enno_Insinuator Good question. I'm still looking for a huge dataset of PE authenticode to do some researches. + +(Originally on Twitter: [Sat Jun 27 13:13:44 +0000 2015](https://twitter.com/adulau/status/614783675188805632)) +---- +RT @Hexatomium: MS quietly pushes 18 root certificates http://hexatomium.github.io/2015/06/26/ms-very-quietly-adds-18-new-trusted-root-certs/ @schneierblog @NakedSecurity @TrendLabs @threatpost @briankre… + +(Originally on Twitter: [Sat Jun 27 13:44:02 +0000 2015](https://twitter.com/adulau/status/614791299280039936)) +---- +@pinkflawd I didn't know that you liked kangaroo so much ;-) + +(Originally on Twitter: [Sat Jun 27 14:03:41 +0000 2015](https://twitter.com/adulau/status/614796243684995072)) +---- +RT @hack_lu: You want to share your security discoveries? it's time to submit your talks for @hack_lu 2015 http://2015.hack.lu/blog/Call-for-Paper/ #infosec … + +(Originally on Twitter: [Sat Jun 27 14:05:03 +0000 2015](https://twitter.com/adulau/status/614796586770661380)) +---- +RT @bortzmeyer: @vincib @ioerror The draft has been submitted to IESG http://datatracker.ietf.org/doc/draft-ietf-dnsop-onion-tld/ but no IESG activity yet. + +(Originally on Twitter: [Sat Jun 27 16:27:52 +0000 2015](https://twitter.com/adulau/status/614832528801832961)) +---- +@fygrave Still time to submit a Rastafarian talk or any interesting talk to @hacklu 2015 ;-) @pinkflawd + +(Originally on Twitter: [Sat Jun 27 16:52:01 +0000 2015](https://twitter.com/adulau/status/614838605744328705)) +---- +Maybe the most nicest overstatement in the recent years... "through a continued growth-oriented programme" http://www.consilium.europa.eu/en/press/press-releases/2015/06/27-eurogroup-statement-greece/ #Eurogroup + +(Originally on Twitter: [Sat Jun 27 17:18:56 +0000 2015](https://twitter.com/adulau/status/614845379956355072)) +---- +RT @SHA2017Camp: We have an Acronym! + +(Originally on Twitter: [Sun Jun 28 21:22:59 +0000 2015](https://twitter.com/adulau/status/615269187020320768)) +---- +Glad to see my picture used for @SHA2017Camp I'm anxiously waiting for summer 2017.... + +(Originally on Twitter: [Sun Jun 28 21:25:49 +0000 2015](https://twitter.com/adulau/status/615269897736687616)) +---- +RT @doegox: I can't resist a little of self-promotion before ranking changes. Yep I'm yobibe on the scoreboard ;) @CHES2015 http://t.co/N4H… + +(Originally on Twitter: [Mon Jun 29 12:17:31 +0000 2015](https://twitter.com/adulau/status/615494302215610368)) +---- +RT @Maitre_Eolas: Troll level : ultimate ![](media/615544985564393472-CIqQUqtWUAA4KXY.jpg) + +(Originally on Twitter: [Mon Jun 29 15:38:55 +0000 2015](https://twitter.com/adulau/status/615544985564393472)) +---- +RT @rafi0t: If you are sad your talk has been refused to #camp2015, you can still propose it to @hack_lu => http://2015.hack.lu/blog/Call-for-Paper/ + +(Originally on Twitter: [Tue Jun 30 21:20:19 +0000 2015](https://twitter.com/adulau/status/615993287787331584)) +---- +RT @martijn_grooten: I made at least one of these deadlines. https://twitter.com/martijn_grooten/status/615776050014916609 + +(Originally on Twitter: [Tue Jun 30 21:26:04 +0000 2015](https://twitter.com/adulau/status/615994737347198976)) +---- +Disappointed that the @NSAGov didn't mention https://firstlook.org/theintercept/document/2015/07/01/user-agents/ the work in 2009 with User-Agent classification http://arxiv.org/pdf/1208.2877v1.pdf + +(Originally on Twitter: [Wed Jul 01 15:56:49 +0000 2015](https://twitter.com/adulau/status/616274265608953856)) +---- +RT @blackswanburst: Thanks to @Janet_LegReg @adulau and @MarieGMoe for a great @FIRSTdotOrg #firstcon15 Blog here: http://goo.gl/QkkmzX + +(Originally on Twitter: [Wed Jul 01 20:45:33 +0000 2015](https://twitter.com/adulau/status/616346930126397440)) +---- +RT @cudeso: Short list of configuration tips I encountered when using #MISP http://www.vanimpe.eu/2015/05/31/getting-started-misp-malware-information-sharing-platform-threat-sharing-part-3/ + +(Originally on Twitter: [Wed Jul 01 20:46:52 +0000 2015](https://twitter.com/adulau/status/616347260604035072)) +---- +RT @mikko_2010: For Star Wars, try "telnet http://towel.blinkenlights.nl" - /via @adulau + +(Originally on Twitter: [Sat Jul 04 04:44:24 +0000 2015](https://twitter.com/adulau/status/617192211696984065)) +---- +I woke-up this morning with the strong feeling of being in the Greenhouse Summer novel from @normanspinrad + +(Originally on Twitter: [Sat Jul 04 05:11:16 +0000 2015](https://twitter.com/adulau/status/617198973053497344)) +---- +@a_z_e_t Are you using M2Crypto? or another library? + +(Originally on Twitter: [Sat Jul 04 14:26:56 +0000 2015](https://twitter.com/adulau/status/617338811354357760)) +---- +@a_z_e_t Indeed. I'm using M2Crypto for parsing huge set of certificates in parallel and usually the major bottleneck is the filesystem... + +(Originally on Twitter: [Sat Jul 04 14:31:18 +0000 2015](https://twitter.com/adulau/status/617339910530449408)) +---- +@a_z_e_t I do this (LIST in Redis) but you still need to read the certificates from somewhere ;-) + +(Originally on Twitter: [Sat Jul 04 14:33:29 +0000 2015](https://twitter.com/adulau/status/617340458444963840)) +---- +@a_z_e_t Interesting. I wanted to test one for the Passive SSL/DNS flow processing... Any positive or negative feedback on the vendor APIs? + +(Originally on Twitter: [Sat Jul 04 14:38:03 +0000 2015](https://twitter.com/adulau/status/617341606988021760)) +---- +On Realistically Attacking Tor with Website Fingerprinting http://cacr.uwaterloo.ca/techreports/2015/cacr2015-09.pdf + +(Originally on Twitter: [Sat Jul 04 14:58:06 +0000 2015](https://twitter.com/adulau/status/617346651523518465)) +---- +@suffert I hope that @letsencrypt will answer us concerning the HSM and the RND generator used. + +(Originally on Twitter: [Sat Jul 04 14:59:56 +0000 2015](https://twitter.com/adulau/status/617347114830536704)) +---- +@MichelCleempoel 400 caméras dans une province comme Mazandaran cela semble très peu comparé aux 300000 déclarées en Belgique. + +(Originally on Twitter: [Sat Jul 04 15:03:20 +0000 2015](https://twitter.com/adulau/status/617347971433295872)) +---- +@pinkflawd I'm sure @thegrugq will tell you how a good obfuscation is the one that you cannot distinguish from nonsense code... + +(Originally on Twitter: [Sat Jul 04 15:07:31 +0000 2015](https://twitter.com/adulau/status/617349023796756480)) +---- +Some Bitcoin Miners Generating Invalid Blocks https://bitcoin.org/en/alert/2015-07-04-spv-mining + +(Originally on Twitter: [Sat Jul 04 18:18:53 +0000 2015](https://twitter.com/adulau/status/617397180601663488)) +---- +Anyone regularly grabbing SSH host keys (RSA, DSA, ECDSA) and willing to share their datasets? + +(Originally on Twitter: [Sat Jul 04 19:59:57 +0000 2015](https://twitter.com/adulau/status/617422614051618818)) +---- +RT @hack_lu: Hack.lu Call for Papers 2015 deadline has been extended to the 23rd July 2015 http://2015.hack.lu/cfp/ + +(Originally on Twitter: [Sun Jul 05 06:12:27 +0000 2015](https://twitter.com/adulau/status/617576757336653824)) +---- +Je viens de découvrir que je suis trop vieux pour participer à un #Hackathon http://www.hackxplor.org/fr/hackxplor-liege.html + +(Originally on Twitter: [Sun Jul 05 06:22:45 +0000 2015](https://twitter.com/adulau/status/617579348074340352)) +---- +@rbidule En voyant ton tweet, je relativise ;-) + +(Originally on Twitter: [Sun Jul 05 06:26:24 +0000 2015](https://twitter.com/adulau/status/617580269009248257)) +---- +@cbrocas Je crois que l'on va devoir faire un #hackathon sécurité avec @alexanderjaeger @shrekts @rafi0t @pidgeyL et les autres... + +(Originally on Twitter: [Sun Jul 05 15:52:19 +0000 2015](https://twitter.com/adulau/status/617722684017930240)) +---- +@taziden @fo0_ C'est un poney sans le o et avec un j ;-) + +(Originally on Twitter: [Sun Jul 05 16:03:50 +0000 2015](https://twitter.com/adulau/status/617725581778681856)) +---- +It seems that @rafi0t just won 6kg of chocolate. Thanks to #Greece. + +(Originally on Twitter: [Mon Jul 06 06:31:33 +0000 2015](https://twitter.com/adulau/status/617943953283895296)) +---- +@r00tbsd It will be dark chocolate... @rafi0t + +(Originally on Twitter: [Mon Jul 06 06:35:00 +0000 2015](https://twitter.com/adulau/status/617944821324513280)) +---- +RT @circl_lu: If you are at #RMLL2015 don't forget the talk of @rafi0t about CIRCLean USB key sanitizer https://2015.rmll.info/circlean-un-nettoyeur-de-cle-usb?lang=en https://t.c… + +(Originally on Twitter: [Mon Jul 06 07:54:42 +0000 2015](https://twitter.com/adulau/status/617964877915799553)) +---- +@ClausHoumann Yes it seems so http://pastebin.com/MP8zpQ26 @FrennVunDerEnn @c3l_ @rafi0t @virii @JanGuth @circl_lu + +(Originally on Twitter: [Mon Jul 06 09:31:10 +0000 2015](https://twitter.com/adulau/status/617989154656387072)) +---- +@ClausHoumann IANAL but @evematringe might have the answer @FrennVunDerEnn @c3l_ @rafi0t @virii @JanGuth @circl_lu + +(Originally on Twitter: [Mon Jul 06 09:52:33 +0000 2015](https://twitter.com/adulau/status/617994533578665984)) +---- +"e-voting summary in Buenos Aires" https://gist.github.com/sebadoom/f0eedcba2f39e3e07a1c + +(Originally on Twitter: [Mon Jul 06 13:49:33 +0000 2015](https://twitter.com/adulau/status/618054178829664256)) +---- +RT @FredericJacobs: The whole code-signing/walled-garden thing is supposedly to make you safer but Apple issued a cert for Hacking Team. +ht… + +(Originally on Twitter: [Mon Jul 06 15:25:53 +0000 2015](https://twitter.com/adulau/status/618078419134365696)) +---- +RT @hack_lu: If you do research with the recent release of #HackingTeam source code, don't forget to submit it to @hack_lu 2015 http://t.co… + +(Originally on Twitter: [Mon Jul 06 20:45:29 +0000 2015](https://twitter.com/adulau/status/618158849447587840)) +---- +I still read XKEYSCORE materials to discover new ideas to implement and then another huge stack of documents appear. Respect my sleep ;-) + +(Originally on Twitter: [Mon Jul 06 20:57:42 +0000 2015](https://twitter.com/adulau/status/618161926074404865)) +---- +RT @USENIXSecurity: ICYMI: the program for #woot15 is now online (and it's expanded to 2 days)! https://www.usenix.org/conference/woot15/workshop-program #sec15 + +(Originally on Twitter: [Mon Jul 06 21:00:07 +0000 2015](https://twitter.com/adulau/status/618162533606813696)) +---- +RT @doegox: . @rafi0t will present CIRCLean #RMLL2015 at 10:00am CET. Watch online http://video.rmll.info/ @circl_lu ![](media/618327618841088000-CJS4pksWgAAeusd.jpg) + +(Originally on Twitter: [Tue Jul 07 07:56:06 +0000 2015](https://twitter.com/adulau/status/618327618841088000)) +---- +RT @headhntr: Sometimes you're just being paranoid. Other times, @hackingteam is actually recording you. ![](media/618352165292261377-CJRE57aUwAA0ojU.jpg) + +(Originally on Twitter: [Tue Jul 07 09:33:39 +0000 2015](https://twitter.com/adulau/status/618352165292261377)) +---- +RT @kgerloff: In addition to all the other despicable things #HackingTeam does, they apparently also violate the GPL. http://blog.fefe.de/?ts=ab645846 + +(Originally on Twitter: [Tue Jul 07 11:22:53 +0000 2015](https://twitter.com/adulau/status/618379653829541888)) +---- +@circl_lu Some interesting certificates in the leak. There are two Facebook X509 certs with different modulus who seem valid. @ClausHoumann + +(Originally on Twitter: [Tue Jul 07 15:13:09 +0000 2015](https://twitter.com/adulau/status/618437602190983168)) +---- +@circl_lu Not sure if I fully understand how their SSL interception service would work in such cases. @ClausHoumann + +(Originally on Twitter: [Tue Jul 07 15:14:28 +0000 2015](https://twitter.com/adulau/status/618437934837055488)) +---- +RT @doegox: . @cvandeplas Damn-fast and effective malware info sharing with MISP Live 15:20 CET http://video.rmll.info #RMLL2015 http://t.c… + +(Originally on Twitter: [Tue Jul 07 15:15:15 +0000 2015](https://twitter.com/adulau/status/618438131273105408)) +---- +RT @esizkur: Just did an OCSP check: Apple has revoked HT's enterprise certificate. (Reason: keyCompromise, Revocation Time: Jul 7 03:38:1… + +(Originally on Twitter: [Tue Jul 07 15:15:26 +0000 2015](https://twitter.com/adulau/status/618438177481736192)) +---- +@newsoft You mean the unpatched Polycom device... + +(Originally on Twitter: [Wed Jul 08 08:00:19 +0000 2015](https://twitter.com/adulau/status/618691067320344576)) +---- +@piotrkijewski it seems interesting but it's a 404 ;-) any mirror? + +(Originally on Twitter: [Wed Jul 08 08:02:15 +0000 2015](https://twitter.com/adulau/status/618691550638440449)) +---- +@it4sec Interesting depending of your country of origin the "cached" option is not always there... Thanks for the info. @piotrkijewski + +(Originally on Twitter: [Wed Jul 08 08:15:26 +0000 2015](https://twitter.com/adulau/status/618694868672622592)) +---- +. @rafi0t The main issue for AnglerExploitKit devs to attract corporate customers is the ability to generate invoices... #HackingTeam + +(Originally on Twitter: [Wed Jul 08 08:24:17 +0000 2015](https://twitter.com/adulau/status/618697095801868288)) +---- +RT @piotrkijewski: Long term study of #ransomware attacks in the wild (2006 - 2014): http://www.eurecom.fr/en/publication/4548/download/rs-publi-4548.pdf (another link, previous stopped… + +(Originally on Twitter: [Wed Jul 08 08:50:16 +0000 2015](https://twitter.com/adulau/status/618703635090907136)) +---- +@bluetouff C'est la même adresse que le SGDSN 51, boulevard de la Tour-Maubourg + +(Originally on Twitter: [Wed Jul 08 09:04:08 +0000 2015](https://twitter.com/adulau/status/618707127281000448)) +---- +@Wh1t3Rabbit You mean it's better to keep the 0day on the blackmarket than forcing the vendors to fix it by disclosure? @cBekrar @lorenzoFB + +(Originally on Twitter: [Wed Jul 08 15:23:06 +0000 2015](https://twitter.com/adulau/status/618802495024951301)) +---- +RT @headhntr: Last time I was in Milan, @hackingteam secretly took pictures of me. If you want to watch me keynote @dimva2015 tomorrow, jus… + +(Originally on Twitter: [Thu Jul 09 07:16:28 +0000 2015](https://twitter.com/adulau/status/619042420215414784)) +---- +RT @circl_lu: OpenSSL Security Advisory - Alternative chains certificate forgery http://openssl.org/news/secadv_20150709.txt + +(Originally on Twitter: [Thu Jul 09 14:11:17 +0000 2015](https://twitter.com/adulau/status/619146812058927104)) +---- +RT @ioerror: In the hospital @CasparBowden asked that we work to ensure equal protection regardless of nationality. Privacy is a universal … + +(Originally on Twitter: [Thu Jul 09 14:51:03 +0000 2015](https://twitter.com/adulau/status/619156816216371201)) +---- +RT @hack_lu: You did security research on "parental control" software? submit your talk to @hack_lu 2015 cc @Hack4Kids http://t.co/EWFOVIm6… + +(Originally on Twitter: [Fri Jul 10 04:42:05 +0000 2015](https://twitter.com/adulau/status/619365955924312064)) +---- +Don't forget the excellent operational PGP guide from the @thegrugq and also the symmetric option "-c" in PGP https://gist.github.com/grugq/03167bed45e774551155 + +(Originally on Twitter: [Fri Jul 10 05:00:47 +0000 2015](https://twitter.com/adulau/status/619370661073522688)) +---- +RT @halvarflake: More progress on BinNavi open-sourcing happened today :-) hopeful to get it done soon. + +(Originally on Twitter: [Fri Jul 10 15:33:49 +0000 2015](https://twitter.com/adulau/status/619529967634894848)) +---- +@DavidGlaude Pas vraiment, il y avait déjà des licences FinFisher (70CD6D97) achetées par la Belgique en 2012. http://wiki.piratenpartei.de/FinFisher/70CD6D97#Licenses + +(Originally on Twitter: [Fri Jul 10 16:31:57 +0000 2015](https://twitter.com/adulau/status/619544599770595328)) +---- +@SylvainOuellet On peut aussi le voir sous l'angle "une introduction à la typographie pour les enfants de 2-5 ans" @DO101Mtl + +(Originally on Twitter: [Fri Jul 10 16:40:33 +0000 2015](https://twitter.com/adulau/status/619546764757102592)) +---- +RT @JonathanSalwan: Triton supports now the runtime SMT expression modifications to perform simplifications https://github.com/JonathanSalwan/Triton/wiki/SMT2-LIB-Representation :) + +(Originally on Twitter: [Fri Jul 10 20:47:57 +0000 2015](https://twitter.com/adulau/status/619609021444694016)) +---- +The EU FP7 project http://www.sapientproject.eu/ ? #HackingTeam couldn't decide if they participate or not. https://wikileaks.org/hackingteam/emails/emailid/79016 Bureaucracy... + +(Originally on Twitter: [Sat Jul 11 06:02:14 +0000 2015](https://twitter.com/adulau/status/619748513036017665)) +---- +did some work for my photographic exhibition of September 2015 - some spectrograms to be used for the soundscape http://www.foo.be/art/audio-cuestart2015/output.png + +(Originally on Twitter: [Sat Jul 11 10:07:11 +0000 2015](https://twitter.com/adulau/status/619810154964500480)) +---- +@taziden It will be in Cuest'Art 2015 in Virton - Belgium (the 2 first weekends of September) with http://www.brouilleursdeblanc.org/ + +(Originally on Twitter: [Sat Jul 11 10:10:43 +0000 2015](https://twitter.com/adulau/status/619811044345675776)) +---- +. @esperanzah Your festival is really cool but having 6+ sites of marketing and privacy tracking on the main page is not really alternative. + +(Originally on Twitter: [Sat Jul 11 11:01:01 +0000 2015](https://twitter.com/adulau/status/619823704382525440)) +---- +For the record another interesting FP of an SSL certificate seen at a strange place: 72850a50667fe73c281430e6f02c5c2a24f3804f + +(Originally on Twitter: [Sat Jul 11 22:01:12 +0000 2015](https://twitter.com/adulau/status/619989842693373952)) +---- +RT @rafi0t: #Condor isn't Luxembourg but the Kurdistan Regional Government (KRG) Source: https://www.wikileaks.org/hackingteam/emails/emailid/1122076 #HackingTeam http://t.co/t… + +(Originally on Twitter: [Sun Jul 12 13:50:38 +0000 2015](https://twitter.com/adulau/status/620228776098680833)) +---- +RT @verac_m: Some @hack_lu talks have been discussed by #HackedTeam, don't forget to register guys ! https://wikileaks.org/hackingteam/emails/?q=hack.lu&mfrom=&mto=&title=¬itle=&date=&nofrom=¬o=&count=50&sort=0#searchresult + +(Originally on Twitter: [Mon Jul 13 05:51:04 +0000 2015](https://twitter.com/adulau/status/620470479682449408)) +---- +RT @mattblaze: ICYMI, here's our "Keys Under Doormats" paper, on the problems of mandating law enforcement access to encrypted data. http:/… + +(Originally on Twitter: [Mon Jul 13 07:58:47 +0000 2015](https://twitter.com/adulau/status/620502618167709696)) +---- +RT @Agarri_FR: The HackingTeam exploit for Android 4.x using (very old) bugs from @scarybeasts and me is incredibly cool. Tons of XML and X… + +(Originally on Twitter: [Mon Jul 13 08:46:38 +0000 2015](https://twitter.com/adulau/status/620514660383649792)) +---- +Quite funny to see typographic errors in Merkle tree, especially nowadays when you know where such trees are used... + +(Originally on Twitter: [Mon Jul 13 09:06:09 +0000 2015](https://twitter.com/adulau/status/620519572945403904)) +---- +https://cabforum.org/wp-content/uploads/Baseline-requirements-for-codesigning-Feb-4-2015-3.pdf "CA MUST revoke a Code Signing Certificate within 24 hours" - "3. use of a Certificate to sign Suspect Code" + +(Originally on Twitter: [Mon Jul 13 13:19:15 +0000 2015](https://twitter.com/adulau/status/620583268166012928)) +---- +The document is still a draft. 24 hours would be great but the today's reality, it's more in days or even weeks... if everything goes well. + +(Originally on Twitter: [Mon Jul 13 13:21:25 +0000 2015](https://twitter.com/adulau/status/620583812515426304)) +---- +Quantum forensic effect: if you look long enough on computer or network evidences, you'll discover new incidents at a steady rate. + +(Originally on Twitter: [Mon Jul 13 14:55:48 +0000 2015](https://twitter.com/adulau/status/620607566524076032)) +---- +RT @CorneliaSchildt: Is wondering it you can reverse engineer a companies organigram via out of office replies #summertime #vacationtime #h… + +(Originally on Twitter: [Mon Jul 13 15:50:11 +0000 2015](https://twitter.com/adulau/status/620621251523051521)) +---- +I'm still positively surprised by the result of bulk_extractor https://github.com/simsong/bulk_extractor on some forensic data streams. + +(Originally on Twitter: [Mon Jul 13 21:27:48 +0000 2015](https://twitter.com/adulau/status/620706216021504001)) +---- +RT @Matthias_BY: Hey @adulau we followed up FIRST15 and created a free Splunk app for the community querying circl passive ssl http://t.co/… + +(Originally on Twitter: [Wed Jul 22 20:31:19 +0000 2015](https://twitter.com/adulau/status/623953491392917504)) +---- +I wanted to create an account on http://predict.org but if you are an EU researcher DHS didn't approve... https://predict.org/Portals/0/Documents/Help/PREDICT-UG-HTML5/PREDICT%20User%20Guide%20v7.htm#Public-Pages/International/DHS-Approved%20Locations.htm%3FTocPath%3DInternational%2520Participation|_____1 + +(Originally on Twitter: [Thu Jul 23 07:22:26 +0000 2015](https://twitter.com/adulau/status/624117348941864960)) +---- +@amicaross Yep, how to create new barriers in research... "DHS Protected REpository for the Defense of Infrastructure against Cyber Threats" + +(Originally on Twitter: [Thu Jul 23 07:45:11 +0000 2015](https://twitter.com/adulau/status/624123077174165504)) +---- +@doctorow or when you restrict the access to data for some researches in accepted countries.... https://www.predict.org/Portals/0/Documents/Help/PREDICT-UG-HTML5/PREDICT%20User%20Guide%20v7.htm#Public-Pages/International/DHS-Approved%20Locations.htm%3FTocPath%3DInternational%2520Participation|_____1 + +(Originally on Twitter: [Thu Jul 23 09:34:43 +0000 2015](https://twitter.com/adulau/status/624150639229145088)) +---- +RT @veorq: the PHC winner Argon2 is being fine-tuned, check updates on the mailing list or on the shared document at https://t.co/zhrwUcDX… + +(Originally on Twitter: [Thu Jul 23 09:35:24 +0000 2015](https://twitter.com/adulau/status/624150813695459328)) +---- +RT @doegox: . @CHES2015 Just for the fun I also broke the white-box AES key of chall4: 4A..FF +@jybu @foxTN @Seeluna your turn ;) + +(Originally on Twitter: [Thu Jul 23 09:50:20 +0000 2015](https://twitter.com/adulau/status/624154571787620352)) +---- +To break the flow of infosec, a small #urbex photography took in Iceland "Can I escape this mess?" https://www.flickr.com/photos/adulau/19750753328/ #photography + +(Originally on Twitter: [Thu Jul 23 10:23:00 +0000 2015](https://twitter.com/adulau/status/624162790836695040)) +---- +RT @i0n1c: Short reminder: Europeans are not allowed to disclose vulns privately to a foreign company like Apple without registering dual-u… + +(Originally on Twitter: [Thu Jul 23 11:07:28 +0000 2015](https://twitter.com/adulau/status/624173981302718464)) +---- +The future results of the Wassenaar Arrangement updates for exploits? Less reports to software vendors and less secure infrastructure... + +(Originally on Twitter: [Thu Jul 23 12:02:24 +0000 2015](https://twitter.com/adulau/status/624187807712571393)) +---- +RT @mainframed767: Building shellcode, egghunters and decoders. | Mainframe Security - My boy @bigendiansmalls telling you how... http://t.… + +(Originally on Twitter: [Thu Jul 23 15:39:52 +0000 2015](https://twitter.com/adulau/status/624242534873759744)) +---- +@Wort_EN No worries Belgium just announced that they will increased taxes on alcohol, tobacco and soda in 2016... http://www.lalibre.be/economie/actualite/alcool-sodas-tabac-carburant-les-mesures-qui-frappent-le-portefeuille-55b0d4493570b54652dfb9f3 + +(Originally on Twitter: [Thu Jul 23 15:44:00 +0000 2015](https://twitter.com/adulau/status/624243573358202881)) +---- +"Evaluation of Contactless Smartcard Antennas" http://arxiv.org/pdf/1507.06427v1.pdf + +(Originally on Twitter: [Fri Jul 24 10:07:30 +0000 2015](https://twitter.com/adulau/status/624521279740203008)) +---- +If this vul was only for the Hungarian dictionary, it could be a Monty Python sketch... https://cve.circl.lu/cve/CVE-2015-1288 - http://www.youtube.com/watch?v=G6D1YI-41ao + +(Originally on Twitter: [Fri Jul 24 14:53:19 +0000 2015](https://twitter.com/adulau/status/624593206991138816)) +---- +RT @hack_lu: Don't forget to register for @hack_lu 2015 and especially reserve your hotel as soon as possible. http://2015.hack.lu/info/ + +(Originally on Twitter: [Fri Jul 24 21:25:56 +0000 2015](https://twitter.com/adulau/status/624692013473136640)) +---- +@RichardDawkins Could be... maybe you should check this paper "waves on glacier bed" if applicable for this waves http://www.igsoc.org:8080/journal/35/120/igs_journal_vol35_issue120_pg179-182.pdf + +(Originally on Twitter: [Sat Jul 25 09:24:30 +0000 2015](https://twitter.com/adulau/status/624872844640538625)) +---- +@amicaross Are you really in control of your car sensors? ;-) + +(Originally on Twitter: [Sat Jul 25 09:29:28 +0000 2015](https://twitter.com/adulau/status/624874093754642432)) +---- +@gcouprie More binaries and more complexity increase the attack the surface by a significant factor. Less is usually better for review. + +(Originally on Twitter: [Sat Jul 25 21:22:34 +0000 2015](https://twitter.com/adulau/status/625053552344436738)) +---- +Running x86 and x86-64 assembly code directly from Lua.... https://github.com/luapower/dynasm/blob/master/dynasm.md + +(Originally on Twitter: [Mon Jul 27 06:58:58 +0000 2015](https://twitter.com/adulau/status/625560998133506048)) +---- +@r00tbsd I think the journalist is mixing up the TAO code names. + +(Originally on Twitter: [Mon Jul 27 09:04:29 +0000 2015](https://twitter.com/adulau/status/625592582542872576)) +---- +@r00tbsd Good one. So I suppose the best approach for the next software we write, we should use a very advanced names to be in the press... + +(Originally on Twitter: [Mon Jul 27 09:08:04 +0000 2015](https://twitter.com/adulau/status/625593486528659456)) +---- +RT @circl_lu: For the users of the CIRCL MISP, various hot fixes have been applied including the export of IDS rules. https://t.co/GlOTF1c… + +(Originally on Twitter: [Mon Jul 27 09:58:41 +0000 2015](https://twitter.com/adulau/status/625606221312208896)) +---- +If you plan to use typewriters to avoid malware for sensitive information, don't forget to review this NSA document https://www.nsa.gov/public_info/_files/cryptologic_histories/learning_from_the_enemy.pdf + +(Originally on Twitter: [Mon Jul 27 14:08:27 +0000 2015](https://twitter.com/adulau/status/625669080071147520)) +---- +@moo_pronto You'll need to carry your portable X-RAY machine to your favourite local coffee shop to find if the typewriter is bugged or not. + +(Originally on Twitter: [Mon Jul 27 14:15:24 +0000 2015](https://twitter.com/adulau/status/625670827372113920)) +---- +@cBekrar In which country @Zerodium is located? + +(Originally on Twitter: [Mon Jul 27 15:16:59 +0000 2015](https://twitter.com/adulau/status/625686324385828865)) +---- +Secret is the weak process for organizations to avoid public criticism (and improvement) and to skip hard work. The future is not there. + +(Originally on Twitter: [Tue Jul 28 17:48:08 +0000 2015](https://twitter.com/adulau/status/626086752944525312)) +---- +Wondering if someone already found backdoor in media sanitization software to write encrypted data acting as pseudo-random pattern.... + +(Originally on Twitter: [Wed Jul 29 07:05:35 +0000 2015](https://twitter.com/adulau/status/626287436507803648)) +---- +@CDSRV A backdoor to fake the sanitization of the disk and encrypting the data in a fake pseudo-random pattern (as in NIST.SP.800-88r1) + +(Originally on Twitter: [Wed Jul 29 07:37:42 +0000 2015](https://twitter.com/adulau/status/626295519778877441)) +---- +RT @circl_lu: Hacking Team's "Bad BIOS": A Commercial Rootkit for UEFI Firmware? http://www.intelsecurity.com/advanced-threat-research/blog.html + +(Originally on Twitter: [Wed Jul 29 15:47:20 +0000 2015](https://twitter.com/adulau/status/626418741702692865)) +---- +So many good papers and presentations submitted to @hack_lu 2015 I'm really impressed... + +(Originally on Twitter: [Wed Jul 29 18:23:04 +0000 2015](https://twitter.com/adulau/status/626457932700516352)) +---- +"Old and New" or my humble tentative to explain why I photograph old and abandoned places http://www.foo.be/photoblog/posts/old-and-new.html #photography + +(Originally on Twitter: [Wed Jul 29 20:01:44 +0000 2015](https://twitter.com/adulau/status/626482760845262848)) +---- +Attackers know that the vast majority of companies cannot filter "common services like Google or alike" so you know where to ex-filtrate. + +(Originally on Twitter: [Thu Jul 30 08:45:00 +0000 2015](https://twitter.com/adulau/status/626674843983966209)) +---- +@kaizeronion Acquisition mais aussi rétention et monétisation de vulnérabilités. + +(Originally on Twitter: [Thu Jul 30 09:10:56 +0000 2015](https://twitter.com/adulau/status/626681369184337921)) +---- +@pbeyssac Pour l'exploitation c'est pas mal ;-) https://blog.nelhage.com/2011/03/exploiting-pickle/ + +(Originally on Twitter: [Thu Jul 30 11:20:51 +0000 2015](https://twitter.com/adulau/status/626714066241912832)) +---- +@yenos I assume the ISO 27001 sales pitch after should be a joke to entertain the readers. + +(Originally on Twitter: [Thu Jul 30 13:21:44 +0000 2015](https://twitter.com/adulau/status/626744485070942208)) +---- +RT @circl_lu: Various bug fixes and improvement in PyMISP by @Iglocska , @adulau and @Starow_ https://github.com/CIRCL/PyMISP Thank you! + +(Originally on Twitter: [Thu Jul 30 14:37:49 +0000 2015](https://twitter.com/adulau/status/626763633276624896)) +---- +So @Verint is selling tons of "cyber security" software but they never published a single security advisory for their software. + +(Originally on Twitter: [Thu Jul 30 21:05:41 +0000 2015](https://twitter.com/adulau/status/626861240925749249)) +---- +RT @pinkflawd: After ~3h in customs such 9$ veggie noodle soup in a plastic bowl at SFO tastes DELICIOUS - Hello America ❤️‍ + +(Originally on Twitter: [Sat Aug 01 06:35:50 +0000 2015](https://twitter.com/adulau/status/627367114391818240)) +---- +You can find everything @esperanzah including sex shops... https://www.flickr.com/photos/adulau/20036859400/ or free runners https://www.flickr.com/photos/adulau/19602810333/ #esperanzah + +(Originally on Twitter: [Sun Aug 02 11:15:33 +0000 2015](https://twitter.com/adulau/status/627799895370543104)) +---- +@csoghoian Maybe it's an easier strategy to discredit full disclosure and continue to sell at high price on the grey market... + +(Originally on Twitter: [Sun Aug 02 13:39:11 +0000 2015](https://twitter.com/adulau/status/627836042977132544)) +---- +. @rafi0t Yep #Disque seems to be the next killer pub-sub broker maybe someone will do a CurveDisque on top of it. @antirez + +(Originally on Twitter: [Mon Aug 03 14:05:29 +0000 2015](https://twitter.com/adulau/status/628205048984674304)) +---- +@ploum "où l’alimentation végétarienne est disponible dans tous les supermarchés" alimentation végé et supermarché dans la même phrase... + +(Originally on Twitter: [Tue Aug 04 09:37:00 +0000 2015](https://twitter.com/adulau/status/628499869267828736)) +---- +@ploum Ok. Par contre, je ne vois pas en quoi attaquer et stopper la chasse récréative n'est pas justifié dans nos sociétés modernes. + +(Originally on Twitter: [Tue Aug 04 09:49:31 +0000 2015](https://twitter.com/adulau/status/628503020905570304)) +---- +@ploum Si tu fais un blog post sur le sujet, n'oublie de lire le bouquin de Watson http://www.actes-sud.fr/catalogue/societe/earthforce + +(Originally on Twitter: [Tue Aug 04 10:04:57 +0000 2015](https://twitter.com/adulau/status/628506902251610112)) +---- +Best of the day "We blocked the sinkhole IP address in our firewall, we have no more infected systems". #infosecblindness + +(Originally on Twitter: [Tue Aug 04 12:44:36 +0000 2015](https://twitter.com/adulau/status/628547081364447232)) +---- +RT @circl_lu: New malware sample upload API added in MISP and recently included in PyMISP https://github.com/CIRCL/PyMISP - https://github.com/MISP/MISP/commit/7db6e9ac47eb6ae065a7c5e840e5588b71b8e518 + +(Originally on Twitter: [Wed Aug 05 14:32:47 +0000 2015](https://twitter.com/adulau/status/628936695182921728)) +---- +Wandering in some random places and then you found the visualization of a Unix pipe https://www.flickr.com/photos/adulau/20324304915/ #photography + +(Originally on Twitter: [Wed Aug 05 20:26:26 +0000 2015](https://twitter.com/adulau/status/629025691321933824)) +---- +@robospatula Could you open an issue with your version (especially your MongoDB)? I'll have a look. https://github.com/adulau/cve-search/issues @wimremes + +(Originally on Twitter: [Sun Aug 09 13:20:36 +0000 2015](https://twitter.com/adulau/status/630368077557989376)) +---- +RT @IACR_News: CRYPTO 2015 proceedings now available, including HTML & ePub versions for the first time: http://www.iacr.org/services/springer.php + +(Originally on Twitter: [Sun Aug 09 13:42:36 +0000 2015](https://twitter.com/adulau/status/630373616350285825)) +---- +The broken "broken windows theory" https://www.flickr.com/photos/adulau/20419500792/ #photography @freakonomics + +(Originally on Twitter: [Sun Aug 09 14:06:47 +0000 2015](https://twitter.com/adulau/status/630379703732432896)) +---- +@quinnnorton If the election has "Assesseur" (like in Belgian elections), I will ask them about the execution of the last voting bureau. + +(Originally on Twitter: [Sun Aug 09 14:18:32 +0000 2015](https://twitter.com/adulau/status/630382660377047040)) +---- +@quinnnorton If there are "witnesses" during the course of an election, I will ask these people. Assuming there are some valid ones... + +(Originally on Twitter: [Sun Aug 09 14:23:08 +0000 2015](https://twitter.com/adulau/status/630383818558541825)) +---- +@quinnnorton So you can forget about easy control when you have computers in the course of a vote. https://medor.coop/fr/bug/ + +(Originally on Twitter: [Sun Aug 09 14:27:09 +0000 2015](https://twitter.com/adulau/status/630384827288682496)) +---- +@quinnnorton Wondering if Dave Eckhardt still works on reviewing voting machines in US? + +(Originally on Twitter: [Sun Aug 09 14:36:14 +0000 2015](https://twitter.com/adulau/status/630387111707979776)) +---- +Anyone has a clue of what are the FARNDALE and RECOVERY NSA code names? + +(Originally on Twitter: [Sun Aug 09 20:21:46 +0000 2015](https://twitter.com/adulau/status/630474070442803200)) +---- +@dublinnetsec Public Web API of cve-search https://www.circl.lu/services/cve-search/ + +(Originally on Twitter: [Sun Aug 09 20:30:39 +0000 2015](https://twitter.com/adulau/status/630476305469997056)) +---- +@FrenchRedFrog The document https://s3.amazonaws.com/s3.documentcloud.org/documents/2189962/cqv-fields-nov-2010-nsa.pdf on nsa-observer is missing and is there any other ref to FARNDALE? @evematringe @Skhaen + +(Originally on Twitter: [Mon Aug 10 04:43:09 +0000 2015](https://twitter.com/adulau/status/630600246175903745)) +---- +RT @circl_lu: CIRCL BGP Ranking mentioned by @wimremes in his @BlackHatEvents talk about the state of BGP security https://www.blackhat.com/docs/us-15/materials/us-15-Remes-Internet-Plumbing-For-Security-Professionals-The-State-Of-BGP-Security-wp.pdf + +(Originally on Twitter: [Mon Aug 10 06:19:13 +0000 2015](https://twitter.com/adulau/status/630624422517436416)) +---- +RT @rafi0t: Thank to @botherder, the #MISP module for #Viper merged! Expect more functionalities very soon -> https://github.com/viper-framework/viper + +(Originally on Twitter: [Mon Aug 10 07:45:07 +0000 2015](https://twitter.com/adulau/status/630646041101139968)) +---- +Describing a function of a malware from analysis would be controlled by export rules as anyone could re-implement. http://blogs.bis.gov.uk/exportcontrol/files/2015/08/Intrusion-Software-Tools-and-Export-Control1.pdf#page=9 + +(Originally on Twitter: [Tue Aug 11 04:43:42 +0000 2015](https://twitter.com/adulau/status/630962773867016192)) +---- +RT @natashenka: No, I really can't understand this blog post + +https://blogs.oracle.com/maryanndavidson/entry/no_you_really_can_t + +(Originally on Twitter: [Tue Aug 11 04:47:32 +0000 2015](https://twitter.com/adulau/status/630963739215429633)) +---- +How long it will take to hear "this was a draft post and we removed it from our blog" https://blogs.oracle.com/maryanndavidson/entry/no_you_really_can_t #infosecjoke + +(Originally on Twitter: [Tue Aug 11 04:49:32 +0000 2015](https://twitter.com/adulau/status/630964241265229824)) +---- +I have a feeling that this archive link might be useful in a near future https://web.archive.org/web/20150811090106/https://blogs.oracle.com/maryanndavidson/entry/no_you_really_can_t + +(Originally on Twitter: [Tue Aug 11 09:03:27 +0000 2015](https://twitter.com/adulau/status/631028140484259840)) +---- +RT @jifa: reverse engineering != "getting the source code and applying static analysis tools" + +(Originally on Twitter: [Tue Aug 11 09:17:18 +0000 2015](https://twitter.com/adulau/status/631031627603443712)) +---- +Downloading BIOS updates URL in HTTP clear text seems a very nice approach for MiTM script kiddies. http://download.lenovo.com/ideapad/windows/lsebios/win8_en-us_32_oko.json + +(Originally on Twitter: [Tue Aug 11 15:58:34 +0000 2015](https://twitter.com/adulau/status/631132610593472512)) +---- +@StephenBattista Yes, it could be signed but it seems to be an UEFI image as mentioned in http://arstechnica.com/civis/viewtopic.php?p=29497693&sid=ddf3e32512932172454de515091db014#p29497693 We need to find a sample. + +(Originally on Twitter: [Tue Aug 11 20:22:18 +0000 2015](https://twitter.com/adulau/status/631198980232347648)) +---- +RT @travisgoodspeed: Today is the anniversary of Smashing the Stack for Fun and Profit. Please celebrate by teaching a C developer how the… + +(Originally on Twitter: [Wed Aug 12 04:37:25 +0000 2015](https://twitter.com/adulau/status/631323577686577152)) +---- +I didn't test it but it seems a nice idea "simple hypervisor based monitoring" for Windows 8.1 and 10 (64) https://github.com/tandasat/Sushi + +(Originally on Twitter: [Wed Aug 12 07:28:37 +0000 2015](https://twitter.com/adulau/status/631366664265842688)) +---- +@yenos Will you apply? + +(Originally on Twitter: [Wed Aug 12 09:34:11 +0000 2015](https://twitter.com/adulau/status/631398263560781824)) +---- +RT @grittygrease: Full USENIX 2015 proceedings online (PDF, mobile-friendly PDF, ePub) https://www.usenix.org/conference/usenixsecurity15/technical-sessions + +(Originally on Twitter: [Wed Aug 12 10:53:25 +0000 2015](https://twitter.com/adulau/status/631418205127471104)) +---- +RT @circl_lu: PyMISP including bug fixes and new API https://www.circl.lu/assets/files/PyMISP.pdf - https://github.com/CIRCL/PyMISP thanks to @cudeso @rafi0t @Iglocska … + +(Originally on Twitter: [Wed Aug 12 12:06:10 +0000 2015](https://twitter.com/adulau/status/631436511523831808)) +---- +@AlecMuffett I still use UUCP over SSH. Maybe I should add a lower MX record pointing to an .onion record... @SteveBellovin @bortzmeyer + +(Originally on Twitter: [Wed Aug 12 13:46:32 +0000 2015](https://twitter.com/adulau/status/631461768800436224)) +---- +@AlecMuffett Interesting. The latest draft makes a lot of sense. Especially regarding the resolvers behavior. @SteveBellovin @bortzmeyer + +(Originally on Twitter: [Wed Aug 12 20:19:15 +0000 2015](https://twitter.com/adulau/status/631560601949573121)) +---- +There is an interesting increase of .git scanning folders against web honeypot in the last days. #honeypot + +(Originally on Twitter: [Thu Aug 13 07:23:57 +0000 2015](https://twitter.com/adulau/status/631727876518346752)) +---- +@xme Interesting. Maybe there is an increase of interest into git by the attackers. + +(Originally on Twitter: [Thu Aug 13 11:36:26 +0000 2015](https://twitter.com/adulau/status/631791416050589696)) +---- +@__courts__ @xme Indeed. We will see as I'm currently updating one honeypot with a git repo full of honeytoken. + +(Originally on Twitter: [Thu Aug 13 12:01:48 +0000 2015](https://twitter.com/adulau/status/631797799831605248)) +---- +RT @Jason_Healey: Livestream of IANA KSK key-signing ceremony is wonderfully dull & kinda fascinating, https://goo.gl/Uo0EaV http://t.co/… + +(Originally on Twitter: [Thu Aug 13 20:33:14 +0000 2015](https://twitter.com/adulau/status/631926507011731460)) +---- +RT @veorq: disassembly tool named "Uroboros" like the malware https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-wang-shuai.pdf + +(Originally on Twitter: [Fri Aug 14 09:46:16 +0000 2015](https://twitter.com/adulau/status/632126078941728768)) +---- +@veorq Maybe the author of the paper did work for an anti-virus vendor and especially in their "naming malware dept"... #turlaconfusion + +(Originally on Twitter: [Fri Aug 14 09:49:17 +0000 2015](https://twitter.com/adulau/status/632126838500929536)) +---- +@mikko from line 14 to line 20 makes the license non-free.... + +(Originally on Twitter: [Fri Aug 14 14:46:55 +0000 2015](https://twitter.com/adulau/status/632201742571204608)) +---- +RT @IACR_News: #Pub #ePrint The Secret Structure of the S-Box of Streebog, Kuznechik and Stribob, by Alex Biryukov and Léo Perrin a http://… + +(Originally on Twitter: [Fri Aug 14 21:21:37 +0000 2015](https://twitter.com/adulau/status/632301072770551811)) +---- +"Deep Neural Network Based Malware Detection Using Two Dimensional +Binary Program Features" http://arxiv.org/pdf/1508.03096.pdf Where is the source code? + +(Originally on Twitter: [Mon Aug 17 20:16:57 +0000 2015](https://twitter.com/adulau/status/633371958969794560)) +---- +RT @circl_lu: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks https://www.usenix.org/system/files/conference/woot15/woot15-paper-adamsky.pdf + +(Originally on Twitter: [Tue Aug 18 04:48:54 +0000 2015](https://twitter.com/adulau/status/633500796986986496)) +---- +@qjerom Are you claiming that academic research is not doing reproducible experiments? Especially in computer security? ;-) + +(Originally on Twitter: [Tue Aug 18 07:03:47 +0000 2015](https://twitter.com/adulau/status/633534741619318784)) +---- +RT @qjerom: @adulau Hard when your results depends on: the code, the dataset (sometime selected to fit the conclusion, never shared), the f… + +(Originally on Twitter: [Tue Aug 18 07:52:28 +0000 2015](https://twitter.com/adulau/status/633546990924775425)) +---- +@devops_lu @GiTlux My favourite methodology is http://programming-motherfucker.com/ and git everything... @circl_lu @syn2cat @HostedInLux @SteveClement + +(Originally on Twitter: [Tue Aug 18 15:01:11 +0000 2015](https://twitter.com/adulau/status/633654881715396608)) +---- +RT @esizkur: How to get screwed by mainframe virtualization, Exh. A: http://www.version2.dk/artikel/schengen-registret-delte-mainframe-partition-med-usikker-webserver-hos-csc-309574 <= CSC z/OS box hosted both webserver and Schen… + +(Originally on Twitter: [Tue Aug 18 15:13:16 +0000 2015](https://twitter.com/adulau/status/633657922522882048)) +---- +@matthew_d_green The day that the early adopters are seized by their local government, it will mean that Bitcoin succeeded. + +(Originally on Twitter: [Tue Aug 18 15:46:41 +0000 2015](https://twitter.com/adulau/status/633666334224740352)) +---- +@aeris22 Au niveau du MTA? ou des utilisateurs? + +(Originally on Twitter: [Tue Aug 18 15:47:40 +0000 2015](https://twitter.com/adulau/status/633666580623265792)) +---- +Wondering where you got all these electrons to run your next crappy software implant... https://www.flickr.com/photos/adulau/20677676392/ #photography + +(Originally on Twitter: [Tue Aug 18 19:49:16 +0000 2015](https://twitter.com/adulau/status/633727383103778816)) +---- +@faq Thx. Coding, testing and throwing away code are usually the most sane processes. The rest is just bureaucracy. @devops_lu @GiTlux + +(Originally on Twitter: [Tue Aug 18 20:15:52 +0000 2015](https://twitter.com/adulau/status/633734076051001344)) +---- +@faq Maybe this year we should be very high-tech and use an ANSI terminal twitter wall https://github.com/olliencc/ansitwitterwall @SteveClement @rafi0t + +(Originally on Twitter: [Tue Aug 18 20:28:27 +0000 2015](https://twitter.com/adulau/status/633737242708578304)) +---- +@faq Scrum master feels like a terminology for some kinky movies... DEC ANSI was quite visible on huge screens. @SteveClement @rafi0t + +(Originally on Twitter: [Tue Aug 18 20:32:42 +0000 2015](https://twitter.com/adulau/status/633738312335781888)) +---- +RT @bcrypt: did you know that you can't read Oracle's Terms of Service on their website without agreeing to it? workaround: http://t.co/AEd… + +(Originally on Twitter: [Wed Aug 19 04:43:41 +0000 2015](https://twitter.com/adulau/status/633861873440587777)) +---- +@troyhunt What about people putting random email addresses in Pastebin and wait to see if they appears in your list? + +(Originally on Twitter: [Thu Aug 20 08:33:39 +0000 2015](https://twitter.com/adulau/status/634282132916039680)) +---- +RT @AlecMuffett: Status of the .Onion RFC Draft: +solid progress, not done yet. + +https://lists.torproject.org/pipermail/tor-talk/2015-August/038812.html + +/ht @torproject @ioerror + +(Originally on Twitter: [Thu Aug 20 09:26:22 +0000 2015](https://twitter.com/adulau/status/634295400602685440)) +---- +@ClausHoumann Hmmm I'm sure you will mention @blackswanburst and his friends ;-) @_defcon_ + +(Originally on Twitter: [Thu Aug 20 14:09:06 +0000 2015](https://twitter.com/adulau/status/634366549462224896)) +---- +@ClausHoumann By the way, is there a way to read peerlyst without Javascript? That would a nice feature... @blackswanburst @_defcon_ + +(Originally on Twitter: [Thu Aug 20 14:25:03 +0000 2015](https://twitter.com/adulau/status/634370563524427777)) +---- +@Aristot73 "OR" is clearly the best operator for the academic editors (Springer and Elsevier).... + +(Originally on Twitter: [Thu Aug 20 14:39:14 +0000 2015](https://twitter.com/adulau/status/634374134781374465)) +---- +"From Pretty Good To Great: Enhancing PGP using Bitcoin +and the Blockchain (LONG)" http://arxiv.org/pdf/1508.04868v1.pdf Not really sure about the great. + +(Originally on Twitter: [Fri Aug 21 12:31:53 +0000 2015](https://twitter.com/adulau/status/634704475396046848)) +---- +http://www.faz.net/aktuell/rhein-main/mann-erhitzt-personalausweis-in-mikrowelle-13747024.html So if you burn your own data (from State ID) in the microwave, the German police doesn't like it (via @rommelfs ) + +(Originally on Twitter: [Sat Aug 22 10:02:53 +0000 2015](https://twitter.com/adulau/status/635029366829924353)) +---- +Plastic Dreams at #chassepierre https://www.flickr.com/photos/adulau/20781879856/ #photography #circus + +(Originally on Twitter: [Sun Aug 23 08:05:58 +0000 2015](https://twitter.com/adulau/status/635362330247868416)) +---- +Don't forget reflection is everywhere. Especially when you do shooting of someone typing on keyboard next to a glass of water. #infosec + +(Originally on Twitter: [Sun Aug 23 09:15:31 +0000 2015](https://twitter.com/adulau/status/635379831874682880)) +---- +@sam280 Usually it's the effect about the lack of transparency regarding the initial revocation process. (cf. Belgian eID) @rommelfs + +(Originally on Twitter: [Sun Aug 23 20:57:20 +0000 2015](https://twitter.com/adulau/status/635556449075245056)) +---- +@sam280 At the activation of the eID, citizen can revoke some of the certificates. For the Belgian eID, it's badly documented. @rommelfs + +(Originally on Twitter: [Sun Aug 23 21:11:26 +0000 2015](https://twitter.com/adulau/status/635560000048529408)) +---- +@sam280 It is indeed a better approach. For the Belgian eID, it's the reverse and they use the same PIN for sig and auth. @rommelfs + +(Originally on Twitter: [Sun Aug 23 21:17:46 +0000 2015](https://twitter.com/adulau/status/635561594580283396)) +---- +RT @ayourtch: The network is the computer. Honest. It's Turing-complete. http://infoscience.epfl.ch/record/187131/files/report_1.pdf (and more fun links here: http://t.co/uPkGG… + +(Originally on Twitter: [Mon Aug 24 10:04:12 +0000 2015](https://twitter.com/adulau/status/635754470757023744)) +---- +Self-patching Microsoft XML with misalignments and factorials http://www.phrack.org/papers/self-patching-msxml.html by @alisaesage + +(Originally on Twitter: [Wed Aug 26 13:46:10 +0000 2015](https://twitter.com/adulau/status/636535108007292928)) +---- +RT @FrennVunDerEnn: The number of #Tor Exit Nodes is falling... +Help us to keep our Nodes up and running! +https://enn.lu/donate/ /kp h… + +(Originally on Twitter: [Wed Aug 26 18:51:49 +0000 2015](https://twitter.com/adulau/status/636612028153602048)) +---- +I'll be at Cuest'Art 2015 with "Le collectif brouilleurs de blanc" to show some photographic (and sound) art works http://brouilleursdeblanc.org/articles/CuestArt-2015/ + +(Originally on Twitter: [Wed Aug 26 20:16:31 +0000 2015](https://twitter.com/adulau/status/636633341840752640)) +---- +@mailforlen Control is just a perception and often, it's just minimal sampling. Just like they do in Antwerp for goods (including food). + +(Originally on Twitter: [Thu Aug 27 10:02:22 +0000 2015](https://twitter.com/adulau/status/636841173747920896)) +---- +RT @circl_lu: CIRCL Passive SSL API version 2 is now available https://www.circl.lu/services/passive-ssl/ including search per fingerprint/CIDR block or fetch… + +(Originally on Twitter: [Thu Aug 27 13:20:59 +0000 2015](https://twitter.com/adulau/status/636891159118413824)) +---- +@Cyr_ Pas de soucis, nous sommes sans limites ;-) + +(Originally on Twitter: [Thu Aug 27 14:56:02 +0000 2015](https://twitter.com/adulau/status/636915076130308097)) +---- +"Foreign spy software found in Russian government information systems" http://tass.ru/en/russia/816543 Any malware samples to share? @tassagency_en + +(Originally on Twitter: [Thu Aug 27 14:58:42 +0000 2015](https://twitter.com/adulau/status/636915747655172104)) +---- +RT @rafi0t: Hashes or didn't happen. https://twitter.com/adulau/status/636915747655172104 + +(Originally on Twitter: [Thu Aug 27 15:21:03 +0000 2015](https://twitter.com/adulau/status/636921373768740864)) +---- +"observation camera honeypot" https://github.com/alexbredo/honeypot-camera interesting idea wondering about the possible honeytoken to leak in such fake images. + +(Originally on Twitter: [Fri Aug 28 08:55:05 +0000 2015](https://twitter.com/adulau/status/637186628503650304)) +---- +RT @hack_lu: The first batch of accepted paper for @hack_lu 2015 has been sent to the authors. The next batch will be sent by Monday. + +(Originally on Twitter: [Fri Aug 28 12:06:52 +0000 2015](https://twitter.com/adulau/status/637234892309446656)) +---- +@xme @cbrocas @hack_lu Damn it. It was already Friday in Honolulu... + +(Originally on Twitter: [Fri Aug 28 12:34:49 +0000 2015](https://twitter.com/adulau/status/637241929210707968)) +---- +@xme @cbrocas @hack_lu Maybe Kunia is more precise + +(Originally on Twitter: [Fri Aug 28 12:42:45 +0000 2015](https://twitter.com/adulau/status/637243922302021632)) +---- +Windows on sadness https://www.flickr.com/photos/adulau/20950043862/ #photography #sooc + +(Originally on Twitter: [Sat Aug 29 21:06:07 +0000 2015](https://twitter.com/adulau/status/637732986868342784)) +---- +@matthew_d_green Congrats. Don't bring your laptop ;-) + +(Originally on Twitter: [Sun Aug 30 07:04:41 +0000 2015](https://twitter.com/adulau/status/637883621387452416)) +---- +For the ones wondering about the certificate 2c8affce966430ba04c04f81dd4b49c71b5b81a0 Cisco RXC-R2 - check the policy http://www.cisco.com/security/pki/policies/CiscoRXC-CP.pdf + +(Originally on Twitter: [Sun Aug 30 08:07:49 +0000 2015](https://twitter.com/adulau/status/637899508765065216)) +---- +RT @pinkflawd: Plane tickets to Luxembourg finally booked, looking forward to @hack_lu like a kid to Christmas! http://2015.hack.lu/ + +(Originally on Twitter: [Sun Aug 30 21:51:22 +0000 2015](https://twitter.com/adulau/status/638106764278394881)) +---- +RT @y0m: "Dr. Honeypots or: How I Learned to Stop Worrying and Love My Enemies" - Workshop at @hack_lu 2015 with @glaslos - http://t.co/4Mt… + +(Originally on Twitter: [Sun Aug 30 21:51:52 +0000 2015](https://twitter.com/adulau/status/638106891055407106)) +---- +RT @hack_lu: Totally Spies! will be presented at @hack_lu 2015 by @pinkflawd @r00tbsd and @joancalvet http://2015.hack.lu/talks/#totally-spies + +(Originally on Twitter: [Mon Aug 31 12:59:25 +0000 2015](https://twitter.com/adulau/status/638335282681651200)) +---- +RT @hack_lu: Binary Constraint Solving with LLVM will be presented by Sophia D’Antoine at @hack_lu 2015 http://2015.hack.lu/talks/#binary-constraint-solving-with-llvm + +(Originally on Twitter: [Mon Aug 31 12:59:37 +0000 2015](https://twitter.com/adulau/status/638335333059428352)) +---- +RT @hack_lu: Advances in Secure Messaging Protocols talk by @FredericJacobs http://2015.hack.lu/talks/#advances-in-secure-messaging-protocols will be given at @hack_lu 2015 + +(Originally on Twitter: [Mon Aug 31 17:52:08 +0000 2015](https://twitter.com/adulau/status/638408945074335744)) +---- +RT @hack_lu: Key-Logger, Video, Mouse - How to turn your KVM into a raging key-logging monster by @ynvb and @oppenheim1 at hack.lu http://t… + +(Originally on Twitter: [Mon Aug 31 20:13:57 +0000 2015](https://twitter.com/adulau/status/638444636491657216)) +---- +RT @zataz: la boutique du journal Belge La Libre piratée. Bases de données clients impactées. http://www.zataz.com/le-site-de-la-libre-belgique-pirate/ @Damien_Bancal @DataSe… + +(Originally on Twitter: [Mon Aug 31 20:24:04 +0000 2015](https://twitter.com/adulau/status/638447181360439296)) +---- +RT @HalieNoble: You gotta check out this FREE, BA book: "Culture & Empire - #Digital Revolution" by @hintjens http://cultureandempire.com/#/ http:/… + +(Originally on Twitter: [Mon Aug 31 20:39:41 +0000 2015](https://twitter.com/adulau/status/638451112778039296)) +---- +@Cyr_ Merci pour le feedback. Il faudrait faire le mapping CPE des logiciels installés en local. Comme p.ex: https://www.redhat.com/security/data/metrics/ + +(Originally on Twitter: [Tue Sep 01 09:04:39 +0000 2015](https://twitter.com/adulau/status/638638588423503872)) +---- +RT @hack_lu: How not to build an electronic voting system by @QKaiser will be presented at @hack_lu 2015 http://2015.hack.lu/talks/#how-not-to-build-an-electronic-voting-system #belgium #… + +(Originally on Twitter: [Tue Sep 01 13:21:08 +0000 2015](https://twitter.com/adulau/status/638703134265737216)) +---- +@robferdman could be a codename. @MarietjeSchaake + +(Originally on Twitter: [Tue Sep 01 14:00:50 +0000 2015](https://twitter.com/adulau/status/638713127102750720)) +---- +"Endgame enables customers to successfully automate the hunt" Another marketing term for automatic exploitation? https://hire.jobvite.com/Jobvite/Job.aspx?b=n6iwlswc&j=oPuG1fwK + +(Originally on Twitter: [Tue Sep 01 21:04:41 +0000 2015](https://twitter.com/adulau/status/638819790811852801)) +---- +RT @MarieGMoe: This is going to be one of my most challenging talks so far. It is personal. https://twitter.com/hack_lu/status/639003322532392961 + +(Originally on Twitter: [Wed Sep 02 11:51:51 +0000 2015](https://twitter.com/adulau/status/639043052242341888)) +---- +RT @hack_lu: Why Johnny Can’t Unpack: Toward One Click Unpacking by @Shiftreduce at @hack_lu 2015 http://2015.hack.lu/talks/#why-johnny-cant-unpack-toward-one-click-unpacking + +(Originally on Twitter: [Thu Sep 03 11:51:51 +0000 2015](https://twitter.com/adulau/status/639405440531623936)) +---- +RT @infosecjerk: Him: It detects virii, but not malware. +Me: Huh? Explain the difference. +Him: Virii are worms and malware are unwanted ad… + +(Originally on Twitter: [Thu Sep 03 12:08:10 +0000 2015](https://twitter.com/adulau/status/639409546709106688)) +---- +I really hope that there won't be any software vulnerability between mid-November and mid-January for AT&T https://cabforum.org/pipermail/public/2015-September/005935.html + +(Originally on Twitter: [Thu Sep 03 13:08:52 +0000 2015](https://twitter.com/adulau/status/639424821340831744)) +---- +@kerouanton Whoaah... my favourite. It should be called the "rocky horror picture show" no? + +(Originally on Twitter: [Thu Sep 03 18:37:07 +0000 2015](https://twitter.com/adulau/status/639507430615969792)) +---- +I see CTF (and other) opportunities. "Detecting an asymmetric Curve25519 backdoor in RSA key generation algorithms" http://samvartaka.github.io/backdoors/2015/09/03/rsa-curve25519-backdoor/ + +(Originally on Twitter: [Fri Sep 04 06:31:27 +0000 2015](https://twitter.com/adulau/status/639687200150540288)) +---- +RT @cbrocas: #hacklu : talks from @angealbertini @r00tbsd @Sebdraven @tomchop_ + meet friends @doegox @adulau @xme @rafi0t @Regiteric etc :… + +(Originally on Twitter: [Mon Sep 07 12:09:17 +0000 2015](https://twitter.com/adulau/status/640859378787176448)) +---- +Geotrust/Symantec has revoked all SSL certificates for .PW TLD domains http://colin.keigher.ca/2015/09/geotrustsymantec-has-revoked-all-ssl.html + +(Originally on Twitter: [Tue Sep 08 07:34:00 +0000 2015](https://twitter.com/adulau/status/641152492177367040)) +---- +@cbrocas Just wondering how long it will take that malware use @letsencrypt for C&C servers. + +(Originally on Twitter: [Tue Sep 08 08:12:31 +0000 2015](https://twitter.com/adulau/status/641162182881882112)) +---- +Everyone can mirror a map? https://www.flickr.com/photos/adulau/21250977775/ even in #photography + +(Originally on Twitter: [Tue Sep 08 18:26:40 +0000 2015](https://twitter.com/adulau/status/641316738274095104)) +---- +Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code https://cve.circl.lu/cve/CVE-2015-2545 + +(Originally on Twitter: [Wed Sep 09 09:50:03 +0000 2015](https://twitter.com/adulau/status/641549117160837120)) +---- +Admiral Michael Rogers discovered that other countries have their TAO dept. http://www.atlanticcouncil.org/blogs/natosource/nsa-chief-says-cyberattack-at-pentagon-was-sophisticated-persistent + +(Originally on Twitter: [Wed Sep 09 19:05:58 +0000 2015](https://twitter.com/adulau/status/641689016409157632)) +---- +RT @hack_lu: Workshop: Radare2 - a framework for reverse engineering by @radareorg during @hack_lu 2015 http://2015.hack.lu/talks/#workshop-radare2---a-framework-for-reverse-engineering-4-hours + +(Originally on Twitter: [Thu Sep 10 13:24:50 +0000 2015](https://twitter.com/adulau/status/641965555373768705)) +---- +My experiment of ' Soundscape and Photography ' http://www.foo.be/photoblog/posts/soundscape-and-photography.html thanks to @SteveClement and @cbrocas for the support #photography + +(Originally on Twitter: [Fri Sep 11 19:40:15 +0000 2015](https://twitter.com/adulau/status/642422419886501888)) +---- +Repeat after me, "no one use qemu for security magic boxes" This sounds very convincing... + +(Originally on Twitter: [Sat Sep 12 07:04:52 +0000 2015](https://twitter.com/adulau/status/642594709660110848)) +---- +RT @doegox: GameBoy padding oracle @CHES2015 solved? Why not breaking its whitebox AES key just for fun? +http://wiki.yobi.be/wiki/CHES2015_Writeup#Second_step_revisited http://t.co… + +(Originally on Twitter: [Sun Sep 13 08:18:35 +0000 2015](https://twitter.com/adulau/status/642975649204977664)) +---- +@doegox Whoaahh. Congratulation (sic) one of the best write-up I read recently. @CHES2015 + +(Originally on Twitter: [Sun Sep 13 08:23:32 +0000 2015](https://twitter.com/adulau/status/642976894766424064)) +---- +@angealbertini I thought this was linked to Liège. But everything has different meaning on how you look. The story of your life. @Doegox + +(Originally on Twitter: [Sun Sep 13 08:50:04 +0000 2015](https://twitter.com/adulau/status/642983572144570368)) +---- +@angealbertini Yep ;-) It was at first reading... This should be a kind of linguistic biases on my side. @doegox + +(Originally on Twitter: [Sun Sep 13 09:00:45 +0000 2015](https://twitter.com/adulau/status/642986260999630848)) +---- +RT @kyrah: I'm serious. The people who tell you they can do attribution are mostly lying. That includes the people working for you. Sorry b… + +(Originally on Twitter: [Sun Sep 13 09:07:44 +0000 2015](https://twitter.com/adulau/status/642988020694679552)) +---- +. @privacyint So you are building a new tasking list for GCHQ? Especially with a new indicator list provided by the users themselves. + +(Originally on Twitter: [Mon Sep 14 12:32:34 +0000 2015](https://twitter.com/adulau/status/643401955541417984)) +---- +Sometime the Belgian beers are a dilemma https://www.flickr.com/photos/adulau/21418191875/ or https://www.flickr.com/photos/adulau/21230577469/ #orval versus #duvel even in #photography + +(Originally on Twitter: [Mon Sep 14 19:02:02 +0000 2015](https://twitter.com/adulau/status/643499968930648064)) +---- +@e3i5 @privacyint The goal is every similar to the anonymization of data. A noble cause but that we cannot achieve. + +(Originally on Twitter: [Mon Sep 14 19:06:33 +0000 2015](https://twitter.com/adulau/status/643501102651035649)) +---- +@y0m You should try "Monsieur Rock", "La Corne du Bois des Pendus" and "Saison Dupont". + +(Originally on Twitter: [Mon Sep 14 19:18:24 +0000 2015](https://twitter.com/adulau/status/643504085283524609)) +---- +@AlainGerlache Laurent Joffrin semble faire du Schopenhauer & utilise le stratagème VII pour induire la confusion du lecteur. @michelonfray + +(Originally on Twitter: [Tue Sep 15 07:36:45 +0000 2015](https://twitter.com/adulau/status/643689899628085248)) +---- +RT @CHES2015: Congratulation to Philippe Teuwen (aka yobibe @doegox) for being the first to catch all the flags! #ches2015challenge + +(Originally on Twitter: [Tue Sep 15 08:24:15 +0000 2015](https://twitter.com/adulau/status/643701851888701440)) +---- +RT @mattblaze: Crypto Wars are compelling but also a DoS attack against security people. Every hour we spend debating is time we aren't sec… + +(Originally on Twitter: [Tue Sep 15 15:46:13 +0000 2015](https://twitter.com/adulau/status/643813077541081088)) +---- +@headhntr (D) Fahrenheit 451 (only to meet Clarisse) + +(Originally on Twitter: [Wed Sep 16 11:28:49 +0000 2015](https://twitter.com/adulau/status/644110689183887360)) +---- +It seems that @zerodium just set the minimal entry values for the bug bounty programs of the software vendors https://twitter.com/Zerodium/status/644107653745016832 + +(Originally on Twitter: [Wed Sep 16 11:38:21 +0000 2015](https://twitter.com/adulau/status/644113086778056704)) +---- +RT @ClausHoumann: Cyber Attribution Dice donated to the @c3l_ charity auction at @hack_lu by @JC_SoCal ![](media/644161780219027456-COaNBYMUAAEqc1R.jpg) -> Rock on J… + +(Originally on Twitter: [Wed Sep 16 14:51:51 +0000 2015](https://twitter.com/adulau/status/644161780219027456)) +---- +An interesting master thesis "Using endpoints process information for malicious behavior" http://repository.tudelft.nl/view/ir/uuid:e1678077-9056-47ac-82e6-2762bfb40a63/ + +(Originally on Twitter: [Thu Sep 17 04:31:06 +0000 2015](https://twitter.com/adulau/status/644367955036368896)) +---- +It's time to learn some spraying techniques for your future stencils https://www.flickr.com/photos/adulau/21501028381/ #photography #streetart + +(Originally on Twitter: [Thu Sep 17 19:53:08 +0000 2015](https://twitter.com/adulau/status/644599991231750144)) +---- +@brianchoffman Nope. If you know someone let me know. + +(Originally on Twitter: [Fri Sep 18 14:07:33 +0000 2015](https://twitter.com/adulau/status/644875411030208512)) +---- +@alexanderjaeger Maybe somewhere else ;-) + +(Originally on Twitter: [Fri Sep 18 19:38:24 +0000 2015](https://twitter.com/adulau/status/644958671798149124)) +---- +RT @circl_lu: PyMISP (the Python library to access MISP) has been updated including various bug fixes https://github.com/CIRCL/PyMISP - https://t.c… + +(Originally on Twitter: [Sat Sep 19 08:14:37 +0000 2015](https://twitter.com/adulau/status/645148977256644608)) +---- +RT @jcfrog: La vérité sur la soit-disant transparence du #TTIP : même les eurodéputés sont dans le flou. http://action.sumofus.org/fr/a/ttip-transparency-french/ http://t.co… + +(Originally on Twitter: [Sat Sep 19 09:06:52 +0000 2015](https://twitter.com/adulau/status/645162128203194369)) +---- +added in cve-search an initial support to produce asciidoc from CVE https://github.com/adulau/cve-search and merged the db layer clean-up by @pidgeyL + +(Originally on Twitter: [Sat Sep 19 15:51:30 +0000 2015](https://twitter.com/adulau/status/645263958748852224)) +---- +I really hope(?) that the (P)RNG used for the @Zerodium PGP key https://www.zerodium.com/Zerodium-PGP-Key.asc generation was quite good... + +(Originally on Twitter: [Mon Sep 21 14:03:08 +0000 2015](https://twitter.com/adulau/status/645961460426907653)) +---- +@pinkflawd @r00tbsd @hack_lu keynote is just the central theme of a music. The rest is just left as an exercise for the reader ;-) + +(Originally on Twitter: [Tue Sep 22 09:51:04 +0000 2015](https://twitter.com/adulau/status/646260415043903488)) +---- +RT @CommitStrip: Software worth billions... + http://www.commitstrip.com/2015/09/22/software-worth-billions/ ![](media/646427039885586432-CPhlOW4WEAAUFE2.jpg) + +(Originally on Twitter: [Tue Sep 22 20:53:10 +0000 2015](https://twitter.com/adulau/status/646427039885586432)) +---- +@jedisct1 Did Mathematica evolved from the NeXTSTEP version of 1992? Which open source alternative do you use? SymPy? SageMath? @fs111 + +(Originally on Twitter: [Tue Sep 22 20:58:35 +0000 2015](https://twitter.com/adulau/status/646428402640154624)) +---- +RT @circl_lu: Cookies set via HTTP requests may be used to bypass HTTPS and reveal private information http://www.kb.cert.org/vuls/id/804060 + +(Originally on Twitter: [Thu Sep 24 14:58:06 +0000 2015](https://twitter.com/adulau/status/647062458759290881)) +---- +RT @Dymaxion: "Increasingly... recognizing the species of animals and plants around you, means opening yourself to constant grief" http://t… + +(Originally on Twitter: [Thu Sep 24 15:29:39 +0000 2015](https://twitter.com/adulau/status/647070398710980609)) +---- +For the ones looking for stock photo about pollution, cars and vw... I did this on Sunday. https://www.flickr.com/photos/adulau/21499221300/ #VWGate #photography + +(Originally on Twitter: [Thu Sep 24 21:25:18 +0000 2015](https://twitter.com/adulau/status/647159901232459777)) +---- +@nicoe Oui mais c'est plutôt des signatures multiples indépendantes. Tu peux concaténer des signatures détachées. -u 0xA -u 0xB -0xC --sign + +(Originally on Twitter: [Fri Sep 25 19:26:55 +0000 2015](https://twitter.com/adulau/status/647492496394600449)) +---- +. @FRAME00COM The ones interested in the "Spoiler Alert" art performance http://jasoneppink.com/spoiler-alert/ + +(Originally on Twitter: [Sun Sep 27 08:52:41 +0000 2015](https://twitter.com/adulau/status/648057662815502336)) +---- +RT @circl_lu: Allaple worm activity in 2015 and long-term persistence of worm (malware) in Local Area Networks https://www.circl.lu/pub/tr-40/ + +(Originally on Twitter: [Sun Sep 27 10:09:36 +0000 2015](https://twitter.com/adulau/status/648077019864006656)) +---- +@bortzmeyer "exploitants du logiciel" c'est aussi valable pour les auteurs de logiciels libres? ou il y a une définition précise du concept? + +(Originally on Twitter: [Sun Sep 27 12:46:52 +0000 2015](https://twitter.com/adulau/status/648116594091147264)) +---- +Monsieur @jcmarcourt il semble que vous avez oublié l'économique du libre dans votre plan numérique http://marcourt.wallonie.be/actualites/~propositions-pour-un-plan-numerique-le-conseil-a-remis-son-rapport.htm?lng=fr cc @npettiaux + +(Originally on Twitter: [Sun Sep 27 15:40:41 +0000 2015](https://twitter.com/adulau/status/648160337150255108)) +---- +If you are in a train and want to read : "Seriously, get off my cloud! Cross-VM RSA Key Recovery in a Public Cloud" http://eprint.iacr.org/2015/898.pdf + +(Originally on Twitter: [Sun Sep 27 18:47:52 +0000 2015](https://twitter.com/adulau/status/648207442879344641)) +---- +@Janet_LegReg Maybe there is an opportunity for improvement with the current CVE assignment process (time and easiness) @k8em0 @Hacker0x01 + +(Originally on Twitter: [Mon Sep 28 07:24:29 +0000 2015](https://twitter.com/adulau/status/648397852566274048)) +---- +Another recommendation for attackers, If you want to mess up the classification of the AV vendors. Just reuse loaders from other malware. + +(Originally on Twitter: [Tue Sep 29 08:17:22 +0000 2015](https://twitter.com/adulau/status/648773549893750784)) +---- +RT @Daeinar: When your paper title does not fit in 140 chars, think about it again. https://eprint.iacr.org/2015/935 + +(Originally on Twitter: [Tue Sep 29 09:23:29 +0000 2015](https://twitter.com/adulau/status/648790187959582720)) +---- +Maturity model of Vulnerability Disclosure looks nice... but what's the level of maturity if a software vendor does not provide a PGP key? + +(Originally on Twitter: [Tue Sep 29 21:46:22 +0000 2015](https://twitter.com/adulau/status/648977139606421504)) +---- +RT @gentilkiwi: Reminder about VSM and Credential Guard +It doesn't protect Local Account Credential Keys or TGS Kerberos Session Keys http:… + +(Originally on Twitter: [Thu Oct 01 04:26:46 +0000 2015](https://twitter.com/adulau/status/649440292177842176)) +---- +RT @RSWestmoreland: A modern Ad Network is indistinguishable from Exploits Kits: + +✅ Obfuscated js +✅ Hidden iframe +✅ Many forked redirects +✅… + +(Originally on Twitter: [Thu Oct 01 04:38:41 +0000 2015](https://twitter.com/adulau/status/649443293487566848)) +---- +"Hundred thousand ID card certificates issued with invalid public key encoding" http://cybersec.ee/2015/09/25/hundred-thousand-id-card-certificates-issued-with-invalid-public-key-encoding/ + +(Originally on Twitter: [Thu Oct 01 04:50:30 +0000 2015](https://twitter.com/adulau/status/649446266108276736)) +---- +@doegox Nice one especially if you can exploit the terminal of the user with a vulnerability like https://cve.circl.lu/cve/CVE-2010-2713 + +(Originally on Twitter: [Thu Oct 01 13:07:26 +0000 2015](https://twitter.com/adulau/status/649571322536796160)) +---- +@doegox So did you only played with the literal data packet (type 11) and the filename. Or is there an additional trick? + +(Originally on Twitter: [Thu Oct 01 13:09:56 +0000 2015](https://twitter.com/adulau/status/649571952387092480)) +---- +@doegox I like it very much ;-) Maybe this should be reported to GnuPG (works well in version 1.4 and 2) to fix this risky behaviour. + +(Originally on Twitter: [Thu Oct 01 13:20:39 +0000 2015](https://twitter.com/adulau/status/649574650163384320)) +---- +@pinkflawd Not really. The reasons are usually the footprint of the satellite beams and the unencrypted downstream (old VSAT) @k_sec @craiu + +(Originally on Twitter: [Thu Oct 01 14:31:07 +0000 2015](https://twitter.com/adulau/status/649592384624455680)) +---- +@k_sec If you could share the slides with us, I could check if this is the same with what you discovered. Thanks. @pinkflawd @craiu + +(Originally on Twitter: [Thu Oct 01 14:39:50 +0000 2015](https://twitter.com/adulau/status/649594574768340992)) +---- +@r00tbsd passport you mean? not password ;-) @ClausHoumann @ncsc_nl + +(Originally on Twitter: [Fri Oct 02 07:44:19 +0000 2015](https://twitter.com/adulau/status/649852393820160000)) +---- +Iran and K-root: The Rest of the Story https://labs.ripe.net/Members/emileaben/iran-and-k-root-the-rest-of-the-story + +(Originally on Twitter: [Fri Oct 02 20:34:20 +0000 2015](https://twitter.com/adulau/status/650046178311188480)) +---- +@aris_ada Will you couple it with a bus pirate? like @doegox did http://wiki.yobi.be/wiki/Bus_Pirate + +(Originally on Twitter: [Sat Oct 03 08:29:23 +0000 2015](https://twitter.com/adulau/status/650226125327757312)) +---- +@tomchop_ https://github.com/flier/asyncdns - will you benchmark these against random queries against a local or a recursive nameserver? + +(Originally on Twitter: [Sat Oct 03 08:44:06 +0000 2015](https://twitter.com/adulau/status/650229826851315712)) +---- +@tomchop_ Good idea. The major issue is usually finding the right time-out when you have to reach slow authoritative DNS. + +(Originally on Twitter: [Sat Oct 03 08:50:31 +0000 2015](https://twitter.com/adulau/status/650231443650691072)) +---- +@tomchop_ When I have to do a lot of queries, I measure the authoritative response time and have resolver queue per responsiveness speed. + +(Originally on Twitter: [Sat Oct 03 08:52:22 +0000 2015](https://twitter.com/adulau/status/650231908689932288)) +---- +@tomchop_ Yes, there is an initial time-out and if I have no answer from the NS the query go to other queues with bigger time-outs. + +(Originally on Twitter: [Sat Oct 03 13:56:49 +0000 2015](https://twitter.com/adulau/status/650308525235826688)) +---- +RT @doegox: @angealbertini @tathanhdinh And soon @xoreaxeaxeax will show us that NOP is Turing complete :D + +(Originally on Twitter: [Sat Oct 03 14:51:45 +0000 2015](https://twitter.com/adulau/status/650322351775711233)) +---- +RT @botherder: After #intelexit, @PengBerlin should launch #armyexit. I'm sure there are a few tired of being ordered to kill civilians and… + +(Originally on Twitter: [Sat Oct 03 15:06:55 +0000 2015](https://twitter.com/adulau/status/650326166990159872)) +---- +RT @matthew_d_green: Security audits are the worst way to realize secure software. Unfortunately they're better than most other ideas. http… + +(Originally on Twitter: [Mon Oct 05 06:24:19 +0000 2015](https://twitter.com/adulau/status/650919426292887552)) +---- +RT @angealbertini: "Radare from A to Z" slides, by @trufae +http://radare.org/get/RadareAZ-NN2015.pdf ![](media/650953407201722368-CQimC0FWsAElV-5.png) + +(Originally on Twitter: [Mon Oct 05 08:39:21 +0000 2015](https://twitter.com/adulau/status/650953407201722368)) +---- +Don't forget to update your emergency procedure with git-fire https://github.com/qw3rtman/git-fire + +(Originally on Twitter: [Mon Oct 05 11:58:44 +0000 2015](https://twitter.com/adulau/status/651003587271741440)) +---- +The funky self-signed certificate of the day, FP: 1613903afe82982b0b5196581c632cecef66ecfe CN=http://windowsupdate.microsoft.com on 212[.]69[.]36[.]86 + +(Originally on Twitter: [Mon Oct 05 13:50:23 +0000 2015](https://twitter.com/adulau/status/651031682129219584)) +---- +@ralphholz Another one ;-) https://www.virustotal.com/en/ip-address/212.69.36.86/information/ + +(Originally on Twitter: [Mon Oct 05 14:49:43 +0000 2015](https://twitter.com/adulau/status/651046614065410048)) +---- +RT @circl_lu: . @adulau from CIRCL and @pidgeyL will be @Brucon to talk about cve-search & the future of vulnerability management http://t.… + +(Originally on Twitter: [Mon Oct 05 18:49:55 +0000 2015](https://twitter.com/adulau/status/651107061984530432)) +---- +RT @ErrataRob: Watching the EU Parliament debate "hacking" is like watching 1600s Salem debating "witchcraft". +http://www.europarl.europa.eu/ep-live/en/plenary/video?date=05-10-2015 + +(Originally on Twitter: [Mon Oct 05 19:45:10 +0000 2015](https://twitter.com/adulau/status/651120967796658176)) +---- +RT @Aristot73: Not even build, just design... https://twitter.com/Kurt_Vonnegut/status/651306661508833280 + +(Originally on Twitter: [Tue Oct 06 08:38:30 +0000 2015](https://twitter.com/adulau/status/651315583439499264)) +---- +@Maijin212 @Iglocska Thank you for the tweet. We just started to work on it. More to come in the next days. + +(Originally on Twitter: [Tue Oct 06 12:17:53 +0000 2015](https://twitter.com/adulau/status/651370791532130304)) +---- +"Monitoring Potential Drug Interactions and Reactions via Network Analysis of Instagram User Timelines" http://arxiv.org/pdf/1510.01006v1.pdf + +(Originally on Twitter: [Wed Oct 07 11:25:25 +0000 2015](https://twitter.com/adulau/status/651719976336932864)) +---- +If you have a white-list and a black-list of GPS coordinates, don't mix up while setting up targets. + +(Originally on Twitter: [Wed Oct 07 13:33:31 +0000 2015](https://twitter.com/adulau/status/651752212654366720)) +---- +@ClausHoumann Yep, I'm always very confused by this "it's not now" statement but where the question should be "Is this fixed?". + +(Originally on Twitter: [Wed Oct 07 14:11:48 +0000 2015](https://twitter.com/adulau/status/651761849663422465)) +---- +Orange - Ceramic - 01 or what to do with some orange peeling recordings... https://soundcloud.com/adulau/orange-ceramic-01 #ambient + +(Originally on Twitter: [Wed Oct 07 19:01:01 +0000 2015](https://twitter.com/adulau/status/651834632439246848)) +---- +@xme People are just browsing way too much porn websites ;-) + +(Originally on Twitter: [Thu Oct 08 12:55:00 +0000 2015](https://twitter.com/adulau/status/652104907957387264)) +---- +@xme Have you improved the skin detection module? + +(Originally on Twitter: [Thu Oct 08 13:39:33 +0000 2015](https://twitter.com/adulau/status/652116121680781312)) +---- +@xme Will you generate Netflow records from the pcap files? and share it for the researchers? + +(Originally on Twitter: [Thu Oct 08 15:34:44 +0000 2015](https://twitter.com/adulau/status/652145107089534976)) +---- +@xme Cool. The idea is to distribute Netflow records without payload (for researchers and others) generated out of the BruCON pcaps. + +(Originally on Twitter: [Thu Oct 08 15:39:00 +0000 2015](https://twitter.com/adulau/status/652146182131609600)) +---- +"The Shappening: freestart collisions for SHA-1" https://sites.google.com/site/itstheshappening/ + +(Originally on Twitter: [Thu Oct 08 15:52:03 +0000 2015](https://twitter.com/adulau/status/652149465210421248)) +---- +@xme Sure. As long as you keep the pcaps, we are fine ;-) + +(Originally on Twitter: [Thu Oct 08 16:09:51 +0000 2015](https://twitter.com/adulau/status/652153943384965121)) +---- +RT @ChrisJohnRiley: #BruCON Sanboxes… check if there's less than 2 CPU cores and exit to avoid your exploit code running in a sandboxed sys… + +(Originally on Twitter: [Fri Oct 09 08:37:24 +0000 2015](https://twitter.com/adulau/status/652402469364998144)) +---- +@imifos Good question. Not sure if a new standard would help. The existing JSON format is a merge of CVE, CPE, CWE and CAPEC standards. + +(Originally on Twitter: [Fri Oct 09 10:11:01 +0000 2015](https://twitter.com/adulau/status/652426030674743296)) +---- +@imifos Good idea. We could provide a recommendation statement for responsible disclosure regarding vulnerability disclosure data format. + +(Originally on Twitter: [Fri Oct 09 10:28:25 +0000 2015](https://twitter.com/adulau/status/652430407267393536)) +---- +@imifos Anyway thank you for the idea. + +(Originally on Twitter: [Fri Oct 09 10:40:53 +0000 2015](https://twitter.com/adulau/status/652433544082534400)) +---- +Slides from our #Brucon talk about cve-search are available https://www.circl.lu/assets/files/brucon2015-cve-search.pdf + +(Originally on Twitter: [Fri Oct 09 10:47:10 +0000 2015](https://twitter.com/adulau/status/652435126870220800)) +---- +RT @Enno_Insinuator: .@adulau's cve-search https://github.com/adulau/cve-search just shown #brucon is a cool anyway. Still I love this +#sayhitomaryann … + +(Originally on Twitter: [Fri Oct 09 11:09:05 +0000 2015](https://twitter.com/adulau/status/652440641838968832)) +---- +RT @mwrlabs: Gremlins destroyed! #smashthehash scoreboard back up & oh my, it's all change at the top - pollypocket steam ahead! http://t.c… + +(Originally on Twitter: [Fri Oct 09 12:21:45 +0000 2015](https://twitter.com/adulau/status/652458927465086976)) +---- +RT @xme: SHA1 is dead you said? Really? #BruCON ![](media/652471195548446720-CQ3TI7MWgAIJL-S.png) + +(Originally on Twitter: [Fri Oct 09 13:10:30 +0000 2015](https://twitter.com/adulau/status/652471195548446720)) +---- +RT @mwrlabs: Congrats to pollypocket for winning the #smashthehash! Enjoy your #bb8 thanks for playing everyone @brucon #brucon http://t.co… + +(Originally on Twitter: [Fri Oct 09 13:12:11 +0000 2015](https://twitter.com/adulau/status/652471620762775553)) +---- +@dakami She will be fluent in French quite soon. Or maybe it was a clever reference to the work of Alan Turing. @quinnnorton + +(Originally on Twitter: [Fri Oct 09 19:56:43 +0000 2015](https://twitter.com/adulau/status/652573426008346625)) +---- +@Cyr_ It can be difficult (like openssl versus libssl). The CPE is an arbitrary and formal scheme. https://nvd.nist.gov/cpe.cfm + +(Originally on Twitter: [Fri Oct 09 20:09:10 +0000 2015](https://twitter.com/adulau/status/652576560399183872)) +---- +@Cyr_ Right. I would love to see the CPE names used for all the Debian packages... https://wiki.debian.org/CPEtagPackagesDep (an old proposal of 2012) + +(Originally on Twitter: [Fri Oct 09 20:28:29 +0000 2015](https://twitter.com/adulau/status/652581418648895489)) +---- +RT @___wr___: cvesearch "...vendors who provide a new open data +source are elligible for 1Kg of Belgian chocolade or a pack of 6 +Orval beer… + +(Originally on Twitter: [Sun Oct 11 10:20:16 +0000 2015](https://twitter.com/adulau/status/653153131979767808)) +---- +"Whitepaper : Writing Cisco IOS Rootkits" http://grid32.com/bb095447484a76e5c74d10f604b716f8/cisco_ios_rootkits.pdf by @Grid32InfoSec + +(Originally on Twitter: [Sun Oct 11 11:06:11 +0000 2015](https://twitter.com/adulau/status/653164689585774592)) +---- +@rafi0t This seems puzzling... + +(Originally on Twitter: [Mon Oct 12 06:15:08 +0000 2015](https://twitter.com/adulau/status/653453828973592577)) +---- +Collecting "travellers' biometric data" in Europe? http://www.statewatch.org/news/2015/oct/eu-council-smart-borders-FR-12272-15.pdf + +(Originally on Twitter: [Mon Oct 12 13:13:04 +0000 2015](https://twitter.com/adulau/status/653559008637419520)) +---- +When I saw this old shack https://www.flickr.com/photos/adulau/22126957171 I don't know why but this remembers some old software to maintain. #photography + +(Originally on Twitter: [Mon Oct 12 20:51:48 +0000 2015](https://twitter.com/adulau/status/653674449884065793)) +---- +@ClausHoumann Tools should be easy. Not sure where you blog draft was located. Simple text file in git/gist would ease reviewer access. + +(Originally on Twitter: [Tue Oct 13 08:26:39 +0000 2015](https://twitter.com/adulau/status/653849316029800448)) +---- +@ClausHoumann Don't know your case. I had to review a lot of text, doc and so on. The ones I quickly reviewed were easily accessible. + +(Originally on Twitter: [Tue Oct 13 08:30:16 +0000 2015](https://twitter.com/adulau/status/653850226277662720)) +---- +RT @rafi0t: Great piece of @lorenzoFB about the hackable heart of @MarieGMoe. Come to @hack_lu and attend the keynote! https://t.co/XnGYID3… + +(Originally on Twitter: [Wed Oct 14 04:46:00 +0000 2015](https://twitter.com/adulau/status/654156175248871428)) +---- +RT @SteveClement: Oh noes, Tweet count of @Pontifex is at an #unholy number. +Quick consult from @RichardDawkins on #NumberTheology? http://… + +(Originally on Twitter: [Wed Oct 14 08:11:35 +0000 2015](https://twitter.com/adulau/status/654207913964236800)) +---- +RT @solardiz: My OpenVZ security audit from 2005 is finally public: https://lists.openvz.org/pipermail/users/2015-October/006563.html The tarball contains some tiny custom tools + +(Originally on Twitter: [Wed Oct 14 09:18:54 +0000 2015](https://twitter.com/adulau/status/654224852145074176)) +---- +"Preserving Security in Belgium" https://www.facebook.com/notes/alex-stamos/preserving-security-in-belgium/10153678944202929 + +(Originally on Twitter: [Wed Oct 14 11:34:19 +0000 2015](https://twitter.com/adulau/status/654258931120906240)) +---- +RT @hack_lu: Want to register a 5 minutes lightning talk at @hack_lu fill this pad http://piratepad.net/duAsimuzi0 + +(Originally on Twitter: [Wed Oct 14 12:45:52 +0000 2015](https://twitter.com/adulau/status/654276935820935168)) +---- +@rommelfs just found @pinkflawd in a stack of paper. I hope she is not lost in bureaucracy. + +(Originally on Twitter: [Thu Oct 15 08:47:38 +0000 2015](https://twitter.com/adulau/status/654579373689974784)) +---- +@pauldevroede The cookie is just a tree hiding the forest of all the tracking techniques used. Tracking can be used for security too. @xme + +(Originally on Twitter: [Thu Oct 15 12:06:21 +0000 2015](https://twitter.com/adulau/status/654629380195532800)) +---- +RT @FredericJacobs: Factoring as a service: 512-bit RSA factored within 4 hours on EC2 for < $100 +http://seclab.upenn.edu/projects/faas/ +Paper: http://t.co… + +(Originally on Twitter: [Fri Oct 16 04:36:14 +0000 2015](https://twitter.com/adulau/status/654878492513931264)) +---- +RT @xme: Converting 225GB of pcap to netflow… I see stats ahead! :) #BruCON + +(Originally on Twitter: [Fri Oct 16 06:45:43 +0000 2015](https://twitter.com/adulau/status/654911079173259264)) +---- +got HW crypto? On the (in)security of a Self-Encrypting Drive series https://eprint.iacr.org/2015/1002.pdf + +(Originally on Twitter: [Fri Oct 16 12:00:03 +0000 2015](https://twitter.com/adulau/status/654990185361469440)) +---- +@radareorg I really enjoy when a tool can be used for your two very different passions. + +(Originally on Twitter: [Fri Oct 16 12:24:06 +0000 2015](https://twitter.com/adulau/status/654996235238121472)) +---- +RT @martijn_grooten: Short but good post by @SteveBellovin on WeakDH and why such a small set of moduli is used in practice https://t.co/VX… + +(Originally on Twitter: [Fri Oct 16 13:24:12 +0000 2015](https://twitter.com/adulau/status/655011359978057728)) +---- +RT @trevorpaglen: Autonomy Cube tor-relay-sculpture - opening next week @ioerror @wiretapped @torproject @EdithRussHaus http://t.co/zDE2Yw… + +(Originally on Twitter: [Fri Oct 16 14:21:05 +0000 2015](https://twitter.com/adulau/status/655025673824837632)) +---- +Sometime mist is nice too... https://www.flickr.com/photos/adulau/22057265720/ #photography #trees + +(Originally on Twitter: [Sat Oct 17 13:19:13 +0000 2015](https://twitter.com/adulau/status/655372493876822016)) +---- +No more uncompressed @usnistgov NVD database feed. cve-search updated https://github.com/cve-search/cve-search Thanks to @Grazfather - cc @pidgeyL + +(Originally on Twitter: [Sat Oct 17 15:40:04 +0000 2015](https://twitter.com/adulau/status/655407938593492996)) +---- +"Tool to crack encrypted PEM files" by @botnet_hunter https://github.com/bwall/pemcracker based on the initial work of @ErrataRob Seems interesting. + +(Originally on Twitter: [Sun Oct 18 09:49:27 +0000 2015](https://twitter.com/adulau/status/655682090676170752)) +---- +Just added the @exploitdb feed import in cve-search https://github.com/cve-search/cve-search more extensions to come soon @pidgeyL + +(Originally on Twitter: [Sun Oct 18 14:07:02 +0000 2015](https://twitter.com/adulau/status/655746914017759232)) +---- +RT @JacobTorrey: Starting the long slog to @hack_lu! Looking forward to seeing some friends and making new ones :) + +(Originally on Twitter: [Sun Oct 18 15:35:03 +0000 2015](https://twitter.com/adulau/status/655769064518893568)) +---- +RT @herrcore: Preparing workbooks for our Crowdsource Malware Triage Workshop at #Hacklu ![](media/655769200821186560-CRmvqq1WUAAvL0V.jpg) + +(Originally on Twitter: [Sun Oct 18 15:35:35 +0000 2015](https://twitter.com/adulau/status/655769200821186560)) +---- +RT @hack_lu: The day before @hack_lu 2015, there will a freely accessible MISP summit on Monday PM http://2015.hack.lu/misp-summit/ http://t.co/ilkvU… + +(Originally on Twitter: [Sun Oct 18 16:04:21 +0000 2015](https://twitter.com/adulau/status/655776437652299777)) +---- +RT @circl_lu: Visual correlation in MISP 2.4 (beta) - practical use of searching Sofacy related indicators https://www.circl.lu/services/misp-malware-information-sharing-platform/ http://t… + +(Originally on Twitter: [Sun Oct 18 17:31:02 +0000 2015](https://twitter.com/adulau/status/655798254702039040)) +---- +@gcouprie PF has an option for rule-set optimization http://www.openbsd.org/faq/pf/options.html not sure how this is implemented. + +(Originally on Twitter: [Mon Oct 19 07:43:27 +0000 2015](https://twitter.com/adulau/status/656012772787027968)) +---- +RT @cryptax: @Thus0 @Samouimi en plus, on boit du thé à #hacklu (cc: @adulau) + +(Originally on Twitter: [Wed Oct 21 09:00:24 +0000 2015](https://twitter.com/adulau/status/656756912843857921)) +---- +RT @hack_lu: MISP summit at @hack_lu slides are now available http://2015.hack.lu/archive/2015/mispsummit/ @cvandeplas @rafi0t @adulau #hacklu + +(Originally on Twitter: [Wed Oct 21 09:00:29 +0000 2015](https://twitter.com/adulau/status/656756933647581184)) +---- +Nice discovery from @herrcore a Yara lexical parser in Python https://github.com/8u1a/plyara #hacklu maybe a Yara validation integration in MISP? + +(Originally on Twitter: [Wed Oct 21 09:07:42 +0000 2015](https://twitter.com/adulau/status/656758750938796032)) +---- +RT @esizkur: Do we have twitch streams for people reversing already? I'd love to see proficient someone using radare2. I feel like a vim-no… + +(Originally on Twitter: [Wed Oct 21 10:46:50 +0000 2015](https://twitter.com/adulau/status/656783696847089664)) +---- +We (@blackswanburst and myself) are really proud of @MarieGMoe works to raise awareness in the field of medical device security. #hacklu + +(Originally on Twitter: [Wed Oct 21 12:20:10 +0000 2015](https://twitter.com/adulau/status/656807186430107648)) +---- +RT @ClausHoumann: The scary thing about @angealbertini's work is that bad specs can make innocent people go to jail or worse IMHO cc @hack_… + +(Originally on Twitter: [Wed Oct 21 12:28:53 +0000 2015](https://twitter.com/adulau/status/656809378364989440)) +---- +RT @pinkflawd: ".. specs that are fully theoretical, like the bible." This. @angealbertini #hacklu + +(Originally on Twitter: [Wed Oct 21 12:40:54 +0000 2015](https://twitter.com/adulau/status/656812402214875136)) +---- +In the @angealbertini talk at #hacklu, he mentioned the issues and risks of having closed and not accessible standards. cc/ @isostandards + +(Originally on Twitter: [Wed Oct 21 12:43:53 +0000 2015](https://twitter.com/adulau/status/656813152118685696)) +---- +RT @xme: Based on the latest tweets, for sure we generated some alerts on the #Iran monitoring system… #hacklu + +(Originally on Twitter: [Wed Oct 21 13:22:37 +0000 2015](https://twitter.com/adulau/status/656822902621360128)) +---- +Very nice demo from @ynvb of installing malware on air-gapped computers over KVM. How many organization review their KVM firmware? #hacklu + +(Originally on Twitter: [Wed Oct 21 15:33:18 +0000 2015](https://twitter.com/adulau/status/656855789643145216)) +---- +@GunstickULM Sure it's possible and was also a tempest issue - for your ref http://www.foo.be/docs-free/tempest/optical_tempest.pdf @verac_m @ynvb + +(Originally on Twitter: [Wed Oct 21 15:42:54 +0000 2015](https://twitter.com/adulau/status/656858205377679360)) +---- +RT @mvdevnull: Misp - The art of Information sharing, by @adulau http://2015.hack.lu/archive/2015/mispsummit/circl-artofinformationsharing.pdf + +(Originally on Twitter: [Wed Oct 21 16:10:46 +0000 2015](https://twitter.com/adulau/status/656865216307863552)) +---- +An interesting lightning talk at #hacklu about the REbus project https://bitbucket.org/iwseclabs/rebus + +(Originally on Twitter: [Thu Oct 22 11:10:44 +0000 2015](https://twitter.com/adulau/status/657152098379956224)) +---- +RT @Regiteric: If you serialize bamboo you get a wall, if you serialize in PHP you get a CVE. #hacklu + +(Originally on Twitter: [Thu Oct 22 11:12:41 +0000 2015](https://twitter.com/adulau/status/657152591277772800)) +---- +RT @JacobTorrey: Yes! Sophia's #hacklu talk is making the #Langsec case that AEG and program analysis/verification are two sides of the sam… + +(Originally on Twitter: [Thu Oct 22 11:12:58 +0000 2015](https://twitter.com/adulau/status/657152661431689217)) +---- +RT @JacobTorrey: Whoo! More powerpoint karaoke here at #hacklu! + +(Originally on Twitter: [Thu Oct 22 11:31:35 +0000 2015](https://twitter.com/adulau/status/657157346662227973)) +---- +RT @JacobTorrey: Now @Shiftreduce is presenting from VW's marketing deck on their American clean diesel program from 2014 at #hacklu PowerP… + +(Originally on Twitter: [Thu Oct 22 11:55:39 +0000 2015](https://twitter.com/adulau/status/657163401962070017)) +---- +RT @ckyvra: And what about LuxBamboourg for the name of the room ! #hacklu + +(Originally on Twitter: [Thu Oct 22 12:00:44 +0000 2015](https://twitter.com/adulau/status/657164681828802560)) +---- +Wondering about bamboo.exe https://www.reasoncoresecurity.com/bamboo.exe-cf822dc61f82cb6ccbbe4d039a653c5dfee9c39d.aspx here is report saying it's clean #hacklu + +(Originally on Twitter: [Thu Oct 22 12:03:34 +0000 2015](https://twitter.com/adulau/status/657165397599350784)) +---- +@JacobTorrey @rbidule was so scared to talk about cloud management that @SteveClement took over the cloud. #hacklu + +(Originally on Twitter: [Thu Oct 22 12:06:08 +0000 2015](https://twitter.com/adulau/status/657166039399190528)) +---- +RT @xme: @adulau Scaring! :) ![](media/657166203606204417-CR649rvWsAAjeFb.png) + +(Originally on Twitter: [Thu Oct 22 12:06:47 +0000 2015](https://twitter.com/adulau/status/657166203606204417)) +---- +For any malware author in the room at #hacklu, don't forget to name your malware after the bamboo topic of this year edition. + +(Originally on Twitter: [Thu Oct 22 12:09:19 +0000 2015](https://twitter.com/adulau/status/657166842092527621)) +---- +RT @cbrocas: Thank to the #hacklu team for the organisation of such a nice and rich event ! A perfect first try for me :) cc @adulau @rafi0t + +(Originally on Twitter: [Thu Oct 22 16:05:11 +0000 2015](https://twitter.com/adulau/status/657226199320633345)) +---- +Finally I know why I co-organized #hacklu for the past 11 years, to finally get a signed copy of 9/11 trilogy by @laurapoitras + +(Originally on Twitter: [Thu Oct 22 16:14:20 +0000 2015](https://twitter.com/adulau/status/657228502475886592)) +---- +RT @pinkflawd: Got a great high-speed intro to radare2 today, super powerful stuff ![](media/657300428783288321-CR8BUneUEAAM_m0.jpg) + +(Originally on Twitter: [Thu Oct 22 21:00:08 +0000 2015](https://twitter.com/adulau/status/657300428783288321)) +---- +RT @MarieGMoe: Thank you so much for the great conference! #hacklu @adulau @ClausHoumann ![](media/657300475423911936-CR7zy8RUcAArWP2.jpg) + +(Originally on Twitter: [Thu Oct 22 21:00:20 +0000 2015](https://twitter.com/adulau/status/657300475423911936)) +---- +RT @ddurvaux: #hacklu 11 was a great edition!! Tx to @circl_lu, @adulau, @rafi0t... Nice to met great friends there like @cudeso, @xme, @a_… + +(Originally on Twitter: [Thu Oct 22 21:00:36 +0000 2015](https://twitter.com/adulau/status/657300544189546500)) +---- +From this graph, can you deduce when the @fluxfingers CTF started at #hacklu ? ![](media/657303874680832000-CR82Y-5XAAAJk8V.png) + +(Originally on Twitter: [Thu Oct 22 21:13:50 +0000 2015](https://twitter.com/adulau/status/657303874680832000)) +---- +@cryptax UTC ;-) @fluxfingers + +(Originally on Twitter: [Thu Oct 22 21:18:16 +0000 2015](https://twitter.com/adulau/status/657304990332141568)) +---- +RT @JacobTorrey: Great to meet so many cool people at #hacklu & see friends again! Thanks @adulau @rbidule @ClausHoumann @rafi0t & more for… + +(Originally on Twitter: [Fri Oct 23 04:32:53 +0000 2015](https://twitter.com/adulau/status/657414363150688256)) +---- +@y0m la bannette? ;-) + +(Originally on Twitter: [Fri Oct 23 08:21:15 +0000 2015](https://twitter.com/adulau/status/657471834720440320)) +---- +RT @hack_lu: Slides from @radareorg workshop at #hacklu available http://2015.hack.lu/archive/2015/radare2-workshop-slides.pdf and support materials (including VM) https://t.co… + +(Originally on Twitter: [Fri Oct 23 09:55:05 +0000 2015](https://twitter.com/adulau/status/657495449432104960)) +---- +A nice use of @golang a wrapper around the Mimikatz executable for the purpose of anti-virus evasion. https://github.com/vyrus001/go-mimikatz + +(Originally on Twitter: [Fri Oct 23 13:52:25 +0000 2015](https://twitter.com/adulau/status/657555178300788736)) +---- +RT @marver: @doegox Here is the sound of sorting I mentioned during breakfast at #hack_lu: https://www.youtube.com/watch?v=kPRA0W1kECg and https://t.co/Etp5Wvk… + +(Originally on Twitter: [Fri Oct 23 20:57:10 +0000 2015](https://twitter.com/adulau/status/657662068074663936)) +---- +@plicplic https://www.flickr.com/photos/adulau/5075826879 + +(Originally on Twitter: [Sun Oct 25 13:24:21 +0000 2015](https://twitter.com/adulau/status/658272891008647168)) +---- +@plicplic Excellent. J'en suis à 19 plantations de pommiers, pruniers et poiriers... et ma première récolte de l'année était de 45 pommes. + +(Originally on Twitter: [Sun Oct 25 13:35:35 +0000 2015](https://twitter.com/adulau/status/658275714400145409)) +---- +RT @thegrugq: I reckon the Telegram servers are so thoroughly compromised by Western intelligence agencies they need more RAM for all the i… + +(Originally on Twitter: [Sun Oct 25 15:10:19 +0000 2015](https://twitter.com/adulau/status/658299556464062464)) +---- +I should play more often in Brussels to catch shooting tourists. it's full of opportunities. https://www.flickr.com/photos/adulau/22274275858/ #photography #brussels + +(Originally on Twitter: [Sun Oct 25 15:18:54 +0000 2015](https://twitter.com/adulau/status/658301718325673984)) +---- +@npua Mist and smoke can be a nice opportunity for photography... + +(Originally on Twitter: [Mon Oct 26 08:46:16 +0000 2015](https://twitter.com/adulau/status/658565295683014656)) +---- +Takedown is just like to remove dust in your home. You need to do it very regularly, this is never finished and just boring. + +(Originally on Twitter: [Mon Oct 26 20:32:12 +0000 2015](https://twitter.com/adulau/status/658742950692831232)) +---- +@pinkflawd He is on Twitter @ahejlsberg but I'm pretty sure Delphi was invented as an obfuscation mechanism for Malware from the east... + +(Originally on Twitter: [Mon Oct 26 20:40:02 +0000 2015](https://twitter.com/adulau/status/658744919012593664)) +---- +RT @circl_lu: Curious about VIPER integration with MISP - check out the @asciinema videos https://asciinema.org/a/28808 and https://t.co/rViKPTXP… + +(Originally on Twitter: [Wed Oct 28 08:45:13 +0000 2015](https://twitter.com/adulau/status/659289805214363648)) +---- +Don't search for "Do not use OpenPGP for message confidentiality" in this NIST draft "Trustworthy Email" http://csrc.nist.gov/publications/drafts/800-177/sp800-177_draft.pdf cc @gnupg + +(Originally on Twitter: [Thu Oct 29 13:17:30 +0000 2015](https://twitter.com/adulau/status/659720715072102400)) +---- +@X_Cli The point was more "centralized key management" versus "distributed/local key management". It's a matter of threat model. @gnupg + +(Originally on Twitter: [Thu Oct 29 14:51:48 +0000 2015](https://twitter.com/adulau/status/659744446389555200)) +---- +RT @glaslos: Demo web app honeypot which we wrote during the #hacklu training: https://gist.github.com/glaslos/ac8c32e90ba33e01624e cc: @hack_lu @y0m @ProjectHoneynet + +(Originally on Twitter: [Thu Oct 29 16:09:43 +0000 2015](https://twitter.com/adulau/status/659764058346930176)) +---- +RT @Enno_Insinuator: Had I been #hacklu this would've been one of my highlights: "Key-Logger, Video, Mouse" +http://archive.hack.lu/2015/key-logger-video-mouse.pdf [PDF] h… + +(Originally on Twitter: [Thu Oct 29 16:10:14 +0000 2015](https://twitter.com/adulau/status/659764185438531584)) +---- +RT @sekoia_fr: We published the source code of FastIR Collector on Github: https://github.com/SekoiaLab/Fastir_Collector #HES2015 + +(Originally on Twitter: [Thu Oct 29 16:36:36 +0000 2015](https://twitter.com/adulau/status/659770820290592768)) +---- +RT @circl_lu: Thanks to @sans_isc and @xme for the mention about CIRCLean - by the way there is a new standalone Python library https://t.c… + +(Originally on Twitter: [Thu Oct 29 16:44:38 +0000 2015](https://twitter.com/adulau/status/659772844193263616)) +---- +@cBekrar Don't forget the bad habit of @google for blogspot to modify the TLD with your location ;-) @daveaitel + +(Originally on Twitter: [Fri Oct 30 11:23:04 +0000 2015](https://twitter.com/adulau/status/660054307606306816)) +---- +RT @crypt0_o: from the talk at #hacklu https://twitter.com/a_z_e_t/status/660038663376650241 + +(Originally on Twitter: [Sat Oct 31 11:14:23 +0000 2015](https://twitter.com/adulau/status/660414507345453057)) +---- +@thegrugq Usually this market is for the organizations who don't have the capabilities to build their own (partial) devices. @marasawr + +(Originally on Twitter: [Sat Oct 31 14:53:30 +0000 2015](https://twitter.com/adulau/status/660469649725915136)) +---- +@thegrugq Such market survey often doesn't include custom devices relying on FPGA - ASIC and optical third-parties equipment. @marasawr + +(Originally on Twitter: [Sat Oct 31 14:56:30 +0000 2015](https://twitter.com/adulau/status/660470405451390977)) +---- +RT @FuzzySec: KeeFarce, extract KeePass 2.x credentials from memory - https://github.com/denandz/KeeFarce + +(Originally on Twitter: [Sat Oct 31 15:13:31 +0000 2015](https://twitter.com/adulau/status/660474689790345217)) +---- +RT @matalaz: Any Police in the world can access your data with or without a warrant. Anywhere. At any time. People don't understand that. + +(Originally on Twitter: [Sat Oct 31 15:14:48 +0000 2015](https://twitter.com/adulau/status/660475011984187392)) +---- +Fear and Loathing in 0days #0dayMovies + +(Originally on Twitter: [Sat Oct 31 15:33:42 +0000 2015](https://twitter.com/adulau/status/660479768186462208)) +---- +Everything is a matter of stack https://www.flickr.com/photos/adulau/22452329070/ #photography #Brussels #streetart + +(Originally on Twitter: [Sat Oct 31 15:35:54 +0000 2015](https://twitter.com/adulau/status/660480322837041152)) +---- +@ralphholz WSUSpect Proxy... Non-SSL but what's missing for the TLS part... https://github.com/ctxis/wsuspect-proxy/blob/master/README.md + +(Originally on Twitter: [Sat Oct 31 21:29:20 +0000 2015](https://twitter.com/adulau/status/660569264093536256)) +---- +@ralphholz Nope but seeing this reminds me of the cert and all the potential uses of it. + +(Originally on Twitter: [Sun Nov 01 06:29:13 +0000 2015](https://twitter.com/adulau/status/660705131655266304)) +---- +RT @nolimitsecu: #Podcast #cybersecurité + +L'épisode de la semaine est dédié à #hacklu avec @adulau + +http://www.nolimitsecu.fr/hack-lu-2015/ https://t.co/… + +(Originally on Twitter: [Mon Nov 02 07:08:54 +0000 2015](https://twitter.com/adulau/status/661077507454705664)) +---- +Discussion about back-doors (or "distributed" golden key) at #ncsra15 Did you need back-doors if you have already so much vulnerabilities? + +(Originally on Twitter: [Mon Nov 02 09:27:44 +0000 2015](https://twitter.com/adulau/status/661112446283857920)) +---- +"Select before we collect" at #ncsra15 maybe this is the definition of mass network interception when you strip the Ethernet LLC frame. + +(Originally on Twitter: [Mon Nov 02 09:34:41 +0000 2015](https://twitter.com/adulau/status/661114194088042496)) +---- +RT @ggreve: Oh, no. http://bit.ly/1M9QSOO ![](media/661577464162983936-CS5kUlfU8AA3JLO.jpg) + +(Originally on Twitter: [Tue Nov 03 16:15:33 +0000 2015](https://twitter.com/adulau/status/661577464162983936)) +---- +RT @threatintel: Former #HackingTeam employees discuss ordeal of leaving their old jobs http://motherboard.vice.com/read/the-hacking-team-defectors #Surveillance #Privacy + +(Originally on Twitter: [Tue Nov 03 17:06:50 +0000 2015](https://twitter.com/adulau/status/661590370531282944)) +---- +"any web browsers either fail to check certificate revocation information or ..." http://www.cs.umd.edu/~dml/papers/revocations_imc15.pdf + +(Originally on Twitter: [Tue Nov 03 20:24:03 +0000 2015](https://twitter.com/adulau/status/661640001868972032)) +---- +@pbeyssac Le plus marrant c'est l'article qui utilise des images en CC comme support pour l'article et le serveur Apache de @LaTribune + +(Originally on Twitter: [Tue Nov 03 20:40:03 +0000 2015](https://twitter.com/adulau/status/661644028576964608)) +---- +On January 1, 2016, Windows (>=7) and Windows Server will no longer trust any code that is signed with a SHA-1 cert http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx + +(Originally on Twitter: [Wed Nov 04 21:05:18 +0000 2015](https://twitter.com/adulau/status/662012767898046464)) +---- +RT @Regiteric: .@geofflangdale announcing that Intel plan to submit patches to #suricata adding hyperscan support and increase its speed. #… + +(Originally on Twitter: [Thu Nov 05 09:12:16 +0000 2015](https://twitter.com/adulau/status/662195717247795200)) +---- +Sure, everything should be fine. The xen ISO image updater starts by downloading over HTTP the /boot/vmlinuz... + +(Originally on Twitter: [Thu Nov 05 10:20:22 +0000 2015](https://twitter.com/adulau/status/662212856113418240)) +---- +RT @Kleissner: Anyone knows anything about these suspicious certs? Minutes after I reported them they magically disappeared here =O https:/… + +(Originally on Twitter: [Thu Nov 05 12:54:09 +0000 2015](https://twitter.com/adulau/status/662251556415361024)) +---- +@Kleissner Interesting. Could you share the SHA-1 fingerprints of the certs? + +(Originally on Twitter: [Thu Nov 05 12:58:09 +0000 2015](https://twitter.com/adulau/status/662252562394034176)) +---- +@Kleissner Could be. I have no hits in my passive certificate store. + +(Originally on Twitter: [Thu Nov 05 14:44:54 +0000 2015](https://twitter.com/adulau/status/662279424868511744)) +---- +RT @OISFoundation: @OISFoundation devs ready to tackle and prioritize community requests on @Suricata_IDS roadmap - #suricon https://t.co/p… + +(Originally on Twitter: [Thu Nov 05 15:00:57 +0000 2015](https://twitter.com/adulau/status/662283466848010241)) +---- +@fcouchet On the national security side, no country can ask for the source code to review for security matters. @UnGarage @wikileaks + +(Originally on Twitter: [Fri Nov 06 05:52:31 +0000 2015](https://twitter.com/adulau/status/662507835679485952)) +---- +@fcouchet Right. Event the exemption (the section after) of CI doesn't help as the definition of critical infrastructure is not included. + +(Originally on Twitter: [Fri Nov 06 07:43:32 +0000 2015](https://twitter.com/adulau/status/662535772348809216)) +---- +RT @doegox: Mais @veorq et @newsoft ont moins apprécié que je sois plutôt JCVD selon la typologie de @angealbertini ;) @bizcom https://t.co… + +(Originally on Twitter: [Fri Nov 06 08:08:41 +0000 2015](https://twitter.com/adulau/status/662542104355282944)) +---- +@Aristot73 Basically the article 14.17.1 doesn't allow to have regulations in a country to require access of source code for security audit. + +(Originally on Twitter: [Fri Nov 06 08:47:19 +0000 2015](https://twitter.com/adulau/status/662551826466799618)) +---- +@Aristot73 "the laws that are not inconsistent with this Agreement" Does this includes the article 14.17.1 itself? If yes the 3(b) is out? + +(Originally on Twitter: [Fri Nov 06 08:55:50 +0000 2015](https://twitter.com/adulau/status/662553970200748032)) +---- +If you have more classification elements around a simple indicator that you would like to share, there is something wrong. #infosec + +(Originally on Twitter: [Fri Nov 06 14:37:48 +0000 2015](https://twitter.com/adulau/status/662640025675395072)) +---- +RT @K4sperle: http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ very informative post about Java deserialisation vulnerabilities by @breenmachine + +(Originally on Twitter: [Sat Nov 07 14:31:26 +0000 2015](https://twitter.com/adulau/status/663000815112724480)) +---- +Sometime #photography is just finding a sign when there is no https://www.flickr.com/photos/adulau/22689228130/ #belgium + +(Originally on Twitter: [Sun Nov 08 18:29:12 +0000 2015](https://twitter.com/adulau/status/663423037333774336)) +---- +After a very short discussion with @SteveClement, DDoS ransom business case has still not explored when victim use it for money laundering. + +(Originally on Twitter: [Mon Nov 09 10:18:43 +0000 2015](https://twitter.com/adulau/status/663661990783643648)) +---- +@eromang Is the AML process really standardized among the BTC operators? @SteveClement + +(Originally on Twitter: [Mon Nov 09 18:34:13 +0000 2015](https://twitter.com/adulau/status/663786686053277696)) +---- +@eromang Assuming the fake victim BTC provider is based in a country where it is mandatory by law... @SteveClement + +(Originally on Twitter: [Mon Nov 09 19:22:36 +0000 2015](https://twitter.com/adulau/status/663798863514456064)) +---- +RT @codinghorror: @patrickc @baconmeteor @paulg I would argue that smart VCs now realize they have no idea what will "work", and the best s… + +(Originally on Twitter: [Tue Nov 10 07:52:32 +0000 2015](https://twitter.com/adulau/status/663987592292130816)) +---- +@quinnnorton Arghhhh. Then what? Eating haggis while listening to Metallica. + +(Originally on Twitter: [Tue Nov 10 13:42:51 +0000 2015](https://twitter.com/adulau/status/664075750417506304)) +---- +RT @circl_lu: released a beta version of an improved version of the CIRCLean (USB cleaner) image to run smoothly on older RPI https://t.co/… + +(Originally on Twitter: [Wed Nov 11 07:01:10 +0000 2015](https://twitter.com/adulau/status/664337050611642369)) +---- +Living our photographies... https://www.flickr.com/photos/adulau/22347892143/ #photography #landscape #belgium + +(Originally on Twitter: [Thu Nov 12 19:35:49 +0000 2015](https://twitter.com/adulau/status/664889353748029441)) +---- +RT @JacobTorrey: New #blog post: "The Depressing Effect of Bug Bounties" - http://blog.jacobtorrey.com/the-depressing-effect-of-bug-bounties + +(Originally on Twitter: [Fri Nov 13 20:37:12 +0000 2015](https://twitter.com/adulau/status/665267189671469058)) +---- +RT @circl_lu: Passive Bitcoin Project - open source project to collect information from the Bitcoin network in real-time https://t.co/5sWz5… + +(Originally on Twitter: [Fri Nov 13 20:57:22 +0000 2015](https://twitter.com/adulau/status/665272261885231105)) +---- +@ClausHoumann In such framework, the key should be "inventory of security incidents". To better understand the attackers but rarely done... + +(Originally on Twitter: [Fri Nov 13 21:55:35 +0000 2015](https://twitter.com/adulau/status/665286913985785857)) +---- +@ClausHoumann For ITIL, a major issue is the definition of incident. Usually security incident is not even part of an ITIL incident. + +(Originally on Twitter: [Fri Nov 13 22:04:25 +0000 2015](https://twitter.com/adulau/status/665289136413257730)) +---- +@ClausHoumann Not sure if it was the latest version of ITIL (v3). Reference or ISBN more than welcome. + +(Originally on Twitter: [Fri Nov 13 22:11:57 +0000 2015](https://twitter.com/adulau/status/665291033312382976)) +---- +@ClausHoumann "Incidents are the result of service failures or interruption." Still the same definition. Security incidents ->Problem (ITIL) + +(Originally on Twitter: [Fri Nov 13 22:16:39 +0000 2015](https://twitter.com/adulau/status/665292214013173760)) +---- +@ClausHoumann I tend to agree (based ISO 20000-1:2011) if quality includes security issues. For the rest, it's still a huge mess IMHO ;-) + +(Originally on Twitter: [Fri Nov 13 22:21:06 +0000 2015](https://twitter.com/adulau/status/665293334022373379)) +---- +@ClausHoumann You cannot do it right if you just look at random risks and controls coming from a reference document done by a committee. + +(Originally on Twitter: [Fri Nov 13 22:25:04 +0000 2015](https://twitter.com/adulau/status/665294336028884993)) +---- +@ClausHoumann But I never saw an ITSM done right based on real and concrete security incidents but just from paper-based risks. IMHO ;-) + +(Originally on Twitter: [Fri Nov 13 22:28:15 +0000 2015](https://twitter.com/adulau/status/665295136360964096)) +---- +@ClausHoumann I'm curious. I'll check his podcast. thx. @bryanbrake + +(Originally on Twitter: [Fri Nov 13 22:30:07 +0000 2015](https://twitter.com/adulau/status/665295606072545280)) +---- +I just want to quote Martin Luther King, Jr. "Violence begets violence" + +(Originally on Twitter: [Fri Nov 13 23:03:15 +0000 2015](https://twitter.com/adulau/status/665303942897598464)) +---- +RT @rafi0t: By "not being scared by the terrorists", what did Hollande mean exactly when he decided to close the borders? + +(Originally on Twitter: [Fri Nov 13 23:03:50 +0000 2015](https://twitter.com/adulau/status/665304091761885184)) +---- +"A propos d’un dispositif de surveillance trouvé, documenté et détruit à Paris" http://ladiscordia.noblogs.org/a-propos-dun-dispositif-de-surveillance-trouve-documente-et-detruit-a-paris/ Manque une copie des cartes mémoires + +(Originally on Twitter: [Sat Nov 14 15:31:34 +0000 2015](https://twitter.com/adulau/status/665552662880985088)) +---- +@cases_lu That would be nice but what about the requests of U.S. intelligence agencies in Europe using standard law enforcement requests? + +(Originally on Twitter: [Sat Nov 14 17:20:43 +0000 2015](https://twitter.com/adulau/status/665580128102187008)) +---- +RT @QKaiser: @adulau dommage d'avoir jeté tout à l'eau. J'aurais préféré lire une analyse forensic avec identification du c&c. + +(Originally on Twitter: [Sat Nov 14 17:43:50 +0000 2015](https://twitter.com/adulau/status/665585947334082561)) +---- +I'm looking for an open (freely redistributable) database of BIC, IBAN prefixes and SWIFT Codes. Any pointers? + +(Originally on Twitter: [Sun Nov 15 11:03:09 +0000 2015](https://twitter.com/adulau/status/665847498737623040)) +---- +@Secnewsbytes Good point. That's why CIRCLean with an air-gapped hardware can be used for https://www.circl.lu/projects/CIRCLean/ you'll just kill the RPI. + +(Originally on Twitter: [Sun Nov 15 11:10:45 +0000 2015](https://twitter.com/adulau/status/665849410857906176)) +---- +RT @codestandards: It's 2015. Why are there new specs still using XML? + +(Originally on Twitter: [Sun Nov 15 11:47:37 +0000 2015](https://twitter.com/adulau/status/665858691879608320)) +---- +@totally_unknown Thank you. The idea was to use it for MISP with financial indicators. https://github.com/MISP/MISP/issues/716 @shrekts @seecurity + +(Originally on Twitter: [Sun Nov 15 18:34:53 +0000 2015](https://twitter.com/adulau/status/665961184223449089)) +---- +RT @paulvixie: "My Six Top Global Cyber Risks" by @paulvixie on @LinkedIn https://www.linkedin.com/pulse/my-six-top-global-cyber-risks-paul-vixie + +(Originally on Twitter: [Sun Nov 15 21:12:53 +0000 2015](https://twitter.com/adulau/status/666000944023412736)) +---- +"Financial Action Task Force Report: Emerging Terrorist Financing Risks" https://publicintelligence.net/fatf-terrorist-financing/ + +(Originally on Twitter: [Sun Nov 15 21:19:01 +0000 2015](https://twitter.com/adulau/status/666002488479363072)) +---- +@Tiesler It's just the validation. Not the BIC prefixes database (handled by SWIFT)... if you find it somewhere. thx. @DominikTo @ambajorat + +(Originally on Twitter: [Mon Nov 16 07:54:21 +0000 2015](https://twitter.com/adulau/status/666162375238774784)) +---- +@newsoft and the keys handling and operation management is done by German-only operators on a German-only HSM I assume... + +(Originally on Twitter: [Mon Nov 16 10:15:41 +0000 2015](https://twitter.com/adulau/status/666197940705361920)) +---- +Can @BoeingAirplanes confirm the statement "Boeing 737 engine generates 10 terabytes every 30 minutes of flight"? http://avoa.com/2014/01/20/are-enterprises-prepared-for-the-data-tsunami/ + +(Originally on Twitter: [Mon Nov 16 12:54:43 +0000 2015](https://twitter.com/adulau/status/666237962917670912)) +---- +RT @rommelfs: @adulau @boeingairplanes I can almost (1/10) do this as well: dd if=/dev/zero of=/dev/null + +(Originally on Twitter: [Mon Nov 16 13:05:02 +0000 2015](https://twitter.com/adulau/status/666240558839504896)) +---- +@leifnixon Interesting. We were wondering which kind of data bus/disk/spectrum could handle such volume. Now this is maybe more realistic. + +(Originally on Twitter: [Mon Nov 16 13:06:14 +0000 2015](https://twitter.com/adulau/status/666240863383724032)) +---- +RT @pinkflawd: 'What I discovered from interviewing ISIS prisoners' http://www.thenation.com/article/what-i-discovered-from-interviewing-isis-prisoners/ + +(Originally on Twitter: [Tue Nov 17 07:21:54 +0000 2015](https://twitter.com/adulau/status/666516597968883712)) +---- +RT @circl_lu: If you use MISP don't forget to upgrade to 2.3 hotfix 160 many bug fixes, improvement and security fixes. https://t.co/is7QM… + +(Originally on Twitter: [Tue Nov 17 07:56:11 +0000 2015](https://twitter.com/adulau/status/666525223093706752)) +---- +@electrospaces More vulnerable software to protect vulnerable software. + +(Originally on Twitter: [Tue Nov 17 09:04:50 +0000 2015](https://twitter.com/adulau/status/666542502300819456)) +---- +RT @rommelfs: . @hgsupport I'm unhappy seeing you using the future tense in your reply for a #phishing report of last week. + +(Originally on Twitter: [Tue Nov 17 10:16:05 +0000 2015](https://twitter.com/adulau/status/666560430513512448)) +---- +. @rommelfs I think @HostGator is better to attract customer for $0.01 than removing phishing content from their own infrastructure. + +(Originally on Twitter: [Tue Nov 17 10:20:52 +0000 2015](https://twitter.com/adulau/status/666561633041391616)) +---- +@rommelfs I think the current @HostGator low-cost entry is a huge incentive for phishers to conduct their criminal activities. + +(Originally on Twitter: [Tue Nov 17 10:28:35 +0000 2015](https://twitter.com/adulau/status/666563576878993408)) +---- +@botherder ping + +(Originally on Twitter: [Tue Nov 17 13:49:00 +0000 2015](https://twitter.com/adulau/status/666614011933405184)) +---- +RT @botherder: I'm drafting an open letter to the Committee for #IPBill on the dangers of its CNE regulations. If you want to help or co-si… + +(Originally on Twitter: [Tue Nov 17 13:49:04 +0000 2015](https://twitter.com/adulau/status/666614030153474049)) +---- +RT @veorq: Yes terrorists use "encryption", and yes mobile apps help them, and yes it's a pain for intel and CT, but no gov or law can chan… + +(Originally on Twitter: [Tue Nov 17 19:55:18 +0000 2015](https://twitter.com/adulau/status/666706196519366656)) +---- +Don't forget when you use a Faraday bag for your mobile phone, sound and ultrasound are out of the scope... #hintforfree + +(Originally on Twitter: [Tue Nov 17 21:50:07 +0000 2015](https://twitter.com/adulau/status/666735089712275457)) +---- +@hanno Nice finding. I'm still looking for an official updated feed of IBAN prefixes freely usable for MISP. @angealbertini + +(Originally on Twitter: [Wed Nov 18 22:25:33 +0000 2015](https://twitter.com/adulau/status/667106396421365760)) +---- +@jepoirrier Thank you for the reminder. What was the initial blog post that triggers the discussion? http://www.foo.be/cgi-bin/wiki.pl/2007-02-11_RSS_Everything or another one? + +(Originally on Twitter: [Wed Nov 18 22:38:38 +0000 2015](https://twitter.com/adulau/status/667109686936797184)) +---- +RT @matthew_d_green: @veorq They've managed to find ways to communicate that are more than sufficient to foil prospective surveillance, eve… + +(Originally on Twitter: [Thu Nov 19 12:56:02 +0000 2015](https://twitter.com/adulau/status/667325457906466817)) +---- +@jlouis666 It's only collecting SMS. Analysing and mining are another complex parts. But the most difficult is to find selectors via HUMINT. + +(Originally on Twitter: [Thu Nov 19 16:04:22 +0000 2015](https://twitter.com/adulau/status/667372854674092033)) +---- +when I see "Clinton" and "encryption" in the same sentence. I hear the voice "clipper chip, clipper chip, clipper chip" + +(Originally on Twitter: [Thu Nov 19 16:08:26 +0000 2015](https://twitter.com/adulau/status/667373877580972033)) +---- +RT @rafi0t: We reached the point where @SteveClement explained vi to a kid @CoderDojoLu + +(Originally on Twitter: [Thu Nov 19 19:49:47 +0000 2015](https://twitter.com/adulau/status/667429581918478336)) +---- +RT @qb_triton: 32-bits support is now available and the merge into the master branch will be applied soon. https://github.com/JonathanSalwan/Triton/issues/212 + +(Originally on Twitter: [Sat Nov 21 11:47:52 +0000 2015](https://twitter.com/adulau/status/668033079504740353)) +---- +First proposal to use Admiralty Scale (NATO system) in MISP and infosec sharing tools using machine tags https://github.com/MISP/misp-taxonomies + +(Originally on Twitter: [Sat Nov 21 16:21:32 +0000 2015](https://twitter.com/adulau/status/668101953004707840)) +---- +RT @FioraAeterna: reminder there are practical browser data-stealing attacks based on denormal floating point performance differences: http… + +(Originally on Twitter: [Sun Nov 22 09:06:33 +0000 2015](https://twitter.com/adulau/status/668354870622208000)) +---- +If you want to summarize the current mess in Belgium with a Belgian cult movie... https://www.youtube.com/watch?v=vT0-hGducJ8 + +(Originally on Twitter: [Sun Nov 22 18:18:56 +0000 2015](https://twitter.com/adulau/status/668493881470750720)) +---- +RT @XavierKsawery: Les terroristes ont perdu d'avance, les belges sont beaucoup trop rusés... +#Bruxelles #Brussel #Belgique #België https:/… + +(Originally on Twitter: [Sun Nov 22 18:41:41 +0000 2015](https://twitter.com/adulau/status/668499609187164161)) +---- +For the ones that are seeking CC-BY pictures of Brussels https://www.flickr.com/photos/adulau/22274275858/ for their next article... #BrusselsLockdown #BrusselsAlert + +(Originally on Twitter: [Sun Nov 22 20:57:27 +0000 2015](https://twitter.com/adulau/status/668533776574738432)) +---- +@pssara I need to come back to take another meta-photography ;-) + +(Originally on Twitter: [Sun Nov 22 21:01:13 +0000 2015](https://twitter.com/adulau/status/668534725158506498)) +---- +@rafi0t It's a metatroll. + +(Originally on Twitter: [Sun Nov 22 21:27:37 +0000 2015](https://twitter.com/adulau/status/668541368625704960)) +---- +Another cat in Belgium who likes to read https://www.flickr.com/photos/adulau/20610791921/ #BrusselsLockdown not reading the news, it's too over hyped these days. + +(Originally on Twitter: [Sun Nov 22 21:43:18 +0000 2015](https://twitter.com/adulau/status/668545314253615106)) +---- +RT @runasand: The ISIS opsec manual that @WIRED wrote about last week is really a manual for journalists and activists from 2014: https://t… + +(Originally on Twitter: [Tue Nov 24 05:48:14 +0000 2015](https://twitter.com/adulau/status/669029738351042560)) +---- +RT @ClausHoumann: Ouch if true. Cc @iamthecavalry @MarieGMoe @adulau https://twitter.com/secmash/status/668943875893936128 + +(Originally on Twitter: [Tue Nov 24 10:35:38 +0000 2015](https://twitter.com/adulau/status/669102065348648960)) +---- +added Veris and some other classifications in MISP taxonomies https://github.com/MISP/misp-taxonomies all taxonomies are automatically available in MISP 2.4 + +(Originally on Twitter: [Tue Nov 24 10:37:21 +0000 2015](https://twitter.com/adulau/status/669102498326646784)) +---- +My colleagues just told that is snowing outside maybe I have another definition of snowing https://catmacros.files.wordpress.com/2011/01/coke_cat_freak.jpg + +(Originally on Twitter: [Tue Nov 24 14:32:13 +0000 2015](https://twitter.com/adulau/status/669161605494624256)) +---- +posted "Still Photography Versus Videography" http://www.foo.be/photoblog/posts/still-photography-versus-videography.html #photography + +(Originally on Twitter: [Tue Nov 24 21:59:26 +0000 2015](https://twitter.com/adulau/status/669274151727857664)) +---- +"MagSpoof - credit card/magstripe spoofer" https://github.com/samyk/magspoof + +(Originally on Twitter: [Tue Nov 24 22:19:37 +0000 2015](https://twitter.com/adulau/status/669279229813628928)) +---- +"A list of certificates shipped by various vendors and Open Source Projects" https://github.com/RedHatProductSecurity/Certificates-Shipped + +(Originally on Twitter: [Thu Nov 26 07:26:11 +0000 2015](https://twitter.com/adulau/status/669779166854832128)) +---- +Wondering about the security of some alarm signalling systems? A nice review of the CSL dualcom http://cybergibbons.com/security-2/csl-dualcom-cs2300-signalling-unit-vulnerabilities/ by @cybergibbons + +(Originally on Twitter: [Thu Nov 26 07:33:55 +0000 2015](https://twitter.com/adulau/status/669781112953184257)) +---- +@cryptax Yes + +(Originally on Twitter: [Thu Nov 26 08:56:03 +0000 2015](https://twitter.com/adulau/status/669801779366895616)) +---- +RT @Dinosn: Carnegie Melon binary bomb toppled by Radare and Angr - Writeup in Symbolic Execution http://ctfhacker.com/ctf/python/symbolic/execution/reverse/radare/2015/11/28/cmu-binary-bomb-flag2.html + +(Originally on Twitter: [Fri Nov 27 15:33:52 +0000 2015](https://twitter.com/adulau/status/670264282727243776)) +---- +RT @piotrkijewski: A repository of taxonomies that can be applied to threat information sharing https://github.com/MISP/misp-taxonomies (by @adulau) #threa… + +(Originally on Twitter: [Sat Nov 28 09:12:43 +0000 2015](https://twitter.com/adulau/status/670530751776104448)) +---- +Segmentation of networks, filtering and logging are still vital. If you have a security vendor who tells you the opposite, this is a lie. + +(Originally on Twitter: [Sun Nov 29 10:14:56 +0000 2015](https://twitter.com/adulau/status/670908795992866816)) +---- +RT @bortzmeyer: @StephaneBunel Oui, je me souviens des trolls fanatiques auto-radicalisés qui ne voulaient pas utiliser TCP/IP parce que "c… + +(Originally on Twitter: [Sun Nov 29 10:33:54 +0000 2015](https://twitter.com/adulau/status/670913568594857985)) +---- +@nixcraft If you use "ss -l" what are you then? an extremist hacker? @TimelessP + +(Originally on Twitter: [Sun Nov 29 10:40:28 +0000 2015](https://twitter.com/adulau/status/670915220232134656)) +---- +@Dymaxion Many security vendors are selling magic boxes for years and the investments of the organizations are shifting to magical beliefs. + +(Originally on Twitter: [Sun Nov 29 12:37:05 +0000 2015](https://twitter.com/adulau/status/670944567538110464)) +---- +RT @Dymaxion: @adulau It's enough to make you want to put on your wizard's robe and hat. + +(Originally on Twitter: [Sun Nov 29 12:38:15 +0000 2015](https://twitter.com/adulau/status/670944864167686144)) +---- +RT @herrcore: Every time I'm looking for sample code to automate some malware analysis I always find it on the @circl_lu github https://t.c… + +(Originally on Twitter: [Sun Nov 29 19:40:14 +0000 2015](https://twitter.com/adulau/status/671051056789528576)) +---- +RT @circl_lu: "Cyber War in Perspective: Russian Aggression against Ukraine" https://ccdcoe.org/multimedia/cyber-war-perspective-russian-aggression-against-ukraine.html + +(Originally on Twitter: [Tue Dec 01 08:16:50 +0000 2015](https://twitter.com/adulau/status/671603850026033152)) +---- +RT @pnotenboom: @adulau My Git might help: https://github.com/PeterNotenboom/SwiftCodes But unfortunately there's no "official" list, unless you pay at https://… + +(Originally on Twitter: [Tue Dec 01 10:07:38 +0000 2015](https://twitter.com/adulau/status/671631734564397056)) +---- +Side Channels "an adversary can break a private key of the secp256k1 curve used in Bitcoin after observing 6 sigs." http://eprint.iacr.org/2015/1141.pdf + +(Originally on Twitter: [Tue Dec 01 13:34:38 +0000 2015](https://twitter.com/adulau/status/671683827362897925)) +---- +RT @circl_lu: Curious about the automatic integration of new taxonomy in MISP 2.4 without software update. Here is a screenshot: https://t.… + +(Originally on Twitter: [Tue Dec 01 16:54:07 +0000 2015](https://twitter.com/adulau/status/671734028924506112)) +---- +Not related to infosec but I do a small photography exhibition in December and January http://www.halledehan.be/evenement-halle/si-loin-si-proche-de-la-semois/ @HalledeHan + +(Originally on Twitter: [Tue Dec 01 17:48:11 +0000 2015](https://twitter.com/adulau/status/671747634965671936)) +---- +"The Moral Character of Cryptographic Work" http://web.cs.ucdavis.edu/~rogaway/papers/moral-fn.pdf #cryptography + +(Originally on Twitter: [Wed Dec 02 08:09:18 +0000 2015](https://twitter.com/adulau/status/671964342246600704)) +---- +@H_Miser If the video is online (as mentioned in the slide), it should be TLP:WHITE ;-) https://www.circl.lu/pub/traffic-light-protocol/ + +(Originally on Twitter: [Wed Dec 02 16:48:06 +0000 2015](https://twitter.com/adulau/status/672094903120347136)) +---- +RT @rob_pike: Ironic that the biggest part of my executable binary file contains data called DWARF. + +(Originally on Twitter: [Wed Dec 02 16:50:26 +0000 2015](https://twitter.com/adulau/status/672095489932795905)) +---- +I suppose that's the 1st April in Kazakhstan http://telecom.kz/en/news/view/18729 or wait it's not? MiTM nation wide. + +(Originally on Twitter: [Wed Dec 02 17:11:38 +0000 2015](https://twitter.com/adulau/status/672100827448889344)) +---- +@blackswanburst Have you recently pasteurized your keyboard? ;-) + +(Originally on Twitter: [Wed Dec 02 18:44:08 +0000 2015](https://twitter.com/adulau/status/672124104829476865)) +---- +@blackswanburst Sure. Something about pasteurization? ;-) + +(Originally on Twitter: [Wed Dec 02 18:51:26 +0000 2015](https://twitter.com/adulau/status/672125942135959553)) +---- +@ClausHoumann You mean at national level or at corporate level? The second is already widely deployed unfortunately. + +(Originally on Twitter: [Wed Dec 02 21:09:36 +0000 2015](https://twitter.com/adulau/status/672160712949686272)) +---- +RT @rommelfs: RE productivity is measured by crappy music your playlist is playing (Justin Bieber) and you not realizing it. Thanks #collea… + +(Originally on Twitter: [Thu Dec 03 15:46:22 +0000 2015](https://twitter.com/adulau/status/672441755132936192)) +---- +RT @mxcl: Google: 90% of our engineers use the software you wrote (Homebrew), but you can’t invert a binary tree on a whiteboard so fuck of… + +(Originally on Twitter: [Thu Dec 03 18:18:24 +0000 2015](https://twitter.com/adulau/status/672480016681275392)) +---- +RT @SushiDude: Schwartz @cybermedrx: "FDA typically will not need to review or approve" med device changes that strengthen cybersec https:/… + +(Originally on Twitter: [Fri Dec 04 14:36:24 +0000 2015](https://twitter.com/adulau/status/672786534605697024)) +---- +RT @Maitre_Eolas: À ceux qui me demandent où est le problème avec les perquisitions quand on a rien à se reprocher, élément de réponse http… + +(Originally on Twitter: [Fri Dec 04 22:16:58 +0000 2015](https://twitter.com/adulau/status/672902440199548928)) +---- +YAF is a great tool written by the NetSA group of SEI/CMU https://tools.netsa.cert.org/yaf/index.html I just hope that they will create a git repository soon. + +(Originally on Twitter: [Fri Dec 04 22:45:15 +0000 2015](https://twitter.com/adulau/status/672909558755549184)) +---- +@doegox https://github.com/p0nce/bitoduc.fr/blob/gh-pages/traductions.json J'aime assez bien la chiffrofête en belge cela serait la cryptoguindaille ;-) + +(Originally on Twitter: [Sun Dec 06 11:25:22 +0000 2015](https://twitter.com/adulau/status/673463234909859840)) +---- +@bortzmeyer curl -s ipinfo.io | jq -r .ip + +(Originally on Twitter: [Sun Dec 06 11:33:07 +0000 2015](https://twitter.com/adulau/status/673465188155301888)) +---- +RT @old_sound: I’ve built my own crypto, Take 2 + + +media/673472047591383040-CU3Ib0mWsAE2W-k.mp4 + +(Originally on Twitter: [Sun Dec 06 12:00:23 +0000 2015](https://twitter.com/adulau/status/673472047591383040)) +---- +La police en France voudrait bloquer Tor http://abonnes.lemonde.fr/attaques-a-paris/article/2015/12/05/la-liste-musclee-des-envies-des-policiers_4825245_4809495.html donc ils n'utilisent pas Tor pour accéder aux sites des suspects? #opsec + +(Originally on Twitter: [Sun Dec 06 12:17:14 +0000 2015](https://twitter.com/adulau/status/673476290138275841)) +---- +@lrz Using Tor can be difficult even for law enforcement as recently "expressed" by this BKA policemen https://www.youtube.com/watch?v=D8JSb1v9D_o&feature=youtu.be&t=47m27s + +(Originally on Twitter: [Sun Dec 06 12:57:04 +0000 2015](https://twitter.com/adulau/status/673486311198715905)) +---- +RT @rafi0t: .@adulau ca explique l'incompétence. ou simplement la déconnexion entre techie et management. + +(Originally on Twitter: [Sun Dec 06 12:58:19 +0000 2015](https://twitter.com/adulau/status/673486628799778816)) +---- +@lrz Je sais mais je voulais partager cette jolie confusion de l'agent de la police criminelle allemande ;-) + +(Originally on Twitter: [Sun Dec 06 13:59:57 +0000 2015](https://twitter.com/adulau/status/673502139239501824)) +---- +RT @georgemaschke: @ggreenwald @feardept Calls to mind this Ministry of Information poster from Terry Gilliam's _Brazil_: https://t.co/rdYv… + +(Originally on Twitter: [Sun Dec 06 14:11:52 +0000 2015](https://twitter.com/adulau/status/673505136329773056)) +---- +Interesting overview of MLATs signed https://mlat.info/mlat-index and there are two for Belgium including China... + +(Originally on Twitter: [Sun Dec 06 16:09:37 +0000 2015](https://twitter.com/adulau/status/673534768890384384)) +---- +"Christmas, like BDSM, can be ruined by too much meta-chatter about how Christmas is going." by @quinnnorton https://medium.com/message/quinns-12-tips-for-beating-christmas-blues-b4a5a48186b5#.zitu137g7 + +(Originally on Twitter: [Sun Dec 06 17:36:04 +0000 2015](https://twitter.com/adulau/status/673556526838226948)) +---- +https://www.virustotal.com/en/file/9baaca230c2d759592254ff1cb5ba024ce49c65acd402126177cbbe999c880c5/analysis/ The IDA stealing module, for the curious, was found in Gatak in May/June 2015. + +(Originally on Twitter: [Sun Dec 06 17:59:06 +0000 2015](https://twitter.com/adulau/status/673562320942055426)) +---- +Some updates in cve-search https://github.com/cve-search including improvement in the web interface and various bug fixes by @pidgeyL and @adulau + +(Originally on Twitter: [Tue Dec 08 09:43:44 +0000 2015](https://twitter.com/adulau/status/674162434500874240)) +---- +RT @circl_lu: A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email. https://t.co/k… + +(Originally on Twitter: [Wed Dec 09 10:41:34 +0000 2015](https://twitter.com/adulau/status/674539378241310720)) +---- +"Disequilibrium: Tor’s Exit Node Selection Under the Stereoscope" https://www.researchgate.net/profile/Robert_Koch9/publication/283786308_Disequilibrium_Tor's_Exit_Node_Selection_Under_the_Stereoscope_Disequilibrium_Tor's_Exit_Node_Selection_Under_the_Stereoscope/links/56471c6508ae451880abd3b6.pdf #Tor #privacy + +(Originally on Twitter: [Wed Dec 09 10:45:27 +0000 2015](https://twitter.com/adulau/status/674540354528497664)) +---- +@nikitab The conclusions are not very detailed and don't provide a "ready to use" model of distribution. They list of some factors like + +(Originally on Twitter: [Wed Dec 09 11:02:20 +0000 2015](https://twitter.com/adulau/status/674544602406395904)) +---- +@nikitab Stability (lifetime), single ASN source,... that could be used to do a better distribution. But the survey itself is interesting. + +(Originally on Twitter: [Wed Dec 09 11:04:47 +0000 2015](https://twitter.com/adulau/status/674545220202156032)) +---- +On the internet, everyone can be a dog or the creator of the Bitcoin cryptocurrency. + +(Originally on Twitter: [Wed Dec 09 18:58:33 +0000 2015](https://twitter.com/adulau/status/674664447223455744)) +---- +RT @vhutsebaut: both ? :p https://twitter.com/adulau/status/674664447223455744 + +(Originally on Twitter: [Wed Dec 09 19:00:55 +0000 2015](https://twitter.com/adulau/status/674665041392717824)) +---- +RT @xme: Boom! http://pastebin.com/raw.php?i=gk72hirk + +(Originally on Twitter: [Wed Dec 09 20:22:56 +0000 2015](https://twitter.com/adulau/status/674685684125474817)) +---- +RT @Dinosn: Microsoft inadvertent disclosed private keys for *.xboxlive.com MSA 3123040 https://technet.microsoft.com/en-us/library/security/3123040.aspx + +(Originally on Twitter: [Wed Dec 09 20:24:21 +0000 2015](https://twitter.com/adulau/status/674686038091132928)) +---- +RT @circl_lu: . @rafi0t from @circl_lu and @pinkflawd will talk at @WEareTROOPERS "All the lame threats that own you but will never make yo… + +(Originally on Twitter: [Thu Dec 10 16:12:44 +0000 2015](https://twitter.com/adulau/status/674985105606189056)) +---- +@bascule Check the subkey: +sub 2048g/D6AAA69F 2008-10-30 +sig sbind 5EC948A1 2008-10-30 + +(Originally on Twitter: [Thu Dec 10 16:25:37 +0000 2015](https://twitter.com/adulau/status/674988348881137664)) +---- +@Aristot73 Wondering what are the exact requirements for the SSL/TLS handshakes in the UK proposal. + +(Originally on Twitter: [Sat Dec 12 08:56:24 +0000 2015](https://twitter.com/adulau/status/675600072776802304)) +---- +Back from deep-diving in incidents, I found boost tweets from my friends @blackswanburst and @MarieGMoe. Time for new interesting researches + +(Originally on Twitter: [Sat Dec 12 09:40:56 +0000 2015](https://twitter.com/adulau/status/675611280582033408)) +---- +"The religious organization of Zuism will cease to exist when its objectives have been met." http://www.zuistar.is/english.html #icelandlife + +(Originally on Twitter: [Sat Dec 12 15:42:54 +0000 2015](https://twitter.com/adulau/status/675702375433285632)) +---- +@aeris22 Merci pour le blog post. La question DNSSec me semble plutôt liée à la complexité même de DNSSec que celle de Let's Encrypt. + +(Originally on Twitter: [Sat Dec 12 15:49:24 +0000 2015](https://twitter.com/adulau/status/675704010666545153)) +---- +Not sure that everyone at the French Ministry of Education read the page 4 § 2 http://cache.media.education.gouv.fr/file/Partenaires/17/7/convention_signee_506177.pdf @EducationFrance #privacy + +(Originally on Twitter: [Sun Dec 13 10:05:46 +0000 2015](https://twitter.com/adulau/status/675979920116490240)) +---- +A kind reminder for the ones dropping bombs and mines... https://www.flickr.com/photos/adulau/23093784443/ #photography #art + +(Originally on Twitter: [Sun Dec 13 13:33:39 +0000 2015](https://twitter.com/adulau/status/676032233979932672)) +---- +@CthulhuSec @codermange Any sample to share? + +(Originally on Twitter: [Sun Dec 13 14:19:02 +0000 2015](https://twitter.com/adulau/status/676043654427996160)) +---- +RT @veorq: #opsec ![](media/676143318896615429-CWHUV26UsAAlOca.jpg) + +(Originally on Twitter: [Sun Dec 13 20:55:04 +0000 2015](https://twitter.com/adulau/status/676143318896615429)) +---- +RT @rafi0t: Hey, @FireEye, any plans to release samples from the new fancy malware you discovered last week? https://t.co/s4NgmyFCN0 + +(Originally on Twitter: [Mon Dec 14 09:48:57 +0000 2015](https://twitter.com/adulau/status/676338073035214848)) +---- +Wondering where the @SNCB takes its overall practises it's from this book (section Transportation: Railways) http://www.gutenberg.org/files/26184/page-images/26184-images.pdf + +(Originally on Twitter: [Mon Dec 14 16:17:45 +0000 2015](https://twitter.com/adulau/status/676435918803349504)) +---- +Just told a colleague @rommelfs "Sure we have documentation for this piece of software... I mean, at least, in my shell history..." + +(Originally on Twitter: [Wed Dec 16 09:58:02 +0000 2015](https://twitter.com/adulau/status/677065137526841344)) +---- +RT @kalyparker: @adulau @rommelfs It's more efficient than a word doc lost in a shared disk and never updated #quickandnotnecesarrydirty + +(Originally on Twitter: [Wed Dec 16 10:12:05 +0000 2015](https://twitter.com/adulau/status/677068673765548032)) +---- +"JoKER: Trusted Detection of Kernel Rootkits in Android Devices via JTAG Interface " http://arxiv.org/pdf/1512.04116v1.pdf + +(Originally on Twitter: [Wed Dec 16 14:38:53 +0000 2015](https://twitter.com/adulau/status/677135814212628481)) +---- +@JDMiron Avec plaisir. + +(Originally on Twitter: [Wed Dec 16 14:40:18 +0000 2015](https://twitter.com/adulau/status/677136172188049409)) +---- +"Attack Model and Threat for Certificate Transparency" Internet-Draft https://datatracker.ietf.org/doc/draft-ietf-trans-threat-analysis/ + +(Originally on Twitter: [Thu Dec 17 21:29:46 +0000 2015](https://twitter.com/adulau/status/677601603071905794)) +---- +Don't forget about all the back-doors code silently added, fixed or removed in proprietary and free software. It's an effect of software. + +(Originally on Twitter: [Fri Dec 18 07:32:55 +0000 2015](https://twitter.com/adulau/status/677753392777830401)) +---- +RT @FredericJacobs: I read the NSA's COMSEC guide and wrote down a few notes about what I found interesting. +https://www.fredericjacobs.com/blog/2015/12/18/COMSEC/ + +(Originally on Twitter: [Sat Dec 19 16:37:15 +0000 2015](https://twitter.com/adulau/status/678252767622864896)) +---- +https://github.com/MISP/MISP The version 2.4 of MISP Malware Information Sharing Platform & Threat Sharing has been released. + +(Originally on Twitter: [Sat Dec 19 22:00:06 +0000 2015](https://twitter.com/adulau/status/678334015053676544)) +---- +Un bel exemple de @fbon sur l'incompatibilité d'un État avec les travailleurs du cyberespace https://www.youtube.com/watch?v=MuNiYuB6V3Q + +(Originally on Twitter: [Sun Dec 20 08:36:59 +0000 2015](https://twitter.com/adulau/status/678494289270296576)) +---- +As backdoors seem hype, 19 CVEs were already declared as backdoor "search_fulltext.py -q "backdoor" | wc -l" https://github.com/cve-search/cve-search + +(Originally on Twitter: [Sun Dec 20 14:26:29 +0000 2015](https://twitter.com/adulau/status/678582246786363394)) +---- +. @sashank_dara Maybe a more careful review of all CVEs with CWE-798 and CWE-489 might lead to new discoveries. #backdoor + +(Originally on Twitter: [Sun Dec 20 14:57:24 +0000 2015](https://twitter.com/adulau/status/678590024561106944)) +---- +@Shiftreduce Maybe they review their white-box crypto implementation before sending it to you... + +(Originally on Twitter: [Sun Dec 20 15:16:55 +0000 2015](https://twitter.com/adulau/status/678594938871894016)) +---- +@kevinallix @rafi0t I checked C93C34EA90D9130C0F03004B98BD8B3570915611 but this CA cert has been only seen on 13 IPs. Not really used? + +(Originally on Twitter: [Sun Dec 20 17:23:50 +0000 2015](https://twitter.com/adulau/status/678626879113424896)) +---- +RT @unconed: Here's an elaboration of that last thought. Mathematicians are insane. Q.E.D. ![](media/678847837392773120-CWo0WURW4AIopoG.png) + +(Originally on Twitter: [Mon Dec 21 08:01:51 +0000 2015](https://twitter.com/adulau/status/678847837392773120)) +---- +Maybe the best incentive for regular code review... + +https://twitter.com/daveaitel/status/678998328667938816 + +(Originally on Twitter: [Tue Dec 22 10:58:31 +0000 2015](https://twitter.com/adulau/status/679254685870616576)) +---- +Maybe next time, I shouldn't give this document about backdoors and trap doors for reference to journalists http://csrc.nist.gov/publications/history/karg74.pdf + +(Originally on Twitter: [Tue Dec 22 22:02:24 +0000 2015](https://twitter.com/adulau/status/679421755576983552)) +---- +Comment se fait-il que @Test_Achats utilise des pratiques illégales de télémarketing en Belgique? @JulieTestAchats @plicplic + +(Originally on Twitter: [Wed Dec 23 11:30:03 +0000 2015](https://twitter.com/adulau/status/679625007547432960)) +---- +RT @aris_ada: @adulau @Test_Achats @JulieTestAchats @plicplic "faites ce qu'on dit, pas ce qu'on fait" + +(Originally on Twitter: [Wed Dec 23 11:35:54 +0000 2015](https://twitter.com/adulau/status/679626479374872576)) +---- +@JulieTestAchats Utilisation d'une base de données pour appeler et vendre des produits @Test_Achats sans l'accord de la personne @plicplic + +(Originally on Twitter: [Wed Dec 23 14:11:28 +0000 2015](https://twitter.com/adulau/status/679665632070230016)) +---- +"Abusing Phone Numbers and Cross-Application Features for Crafting Targeted Attacks" http://arxiv.org/abs/1512.07330 + +(Originally on Twitter: [Thu Dec 24 12:34:39 +0000 2015](https://twitter.com/adulau/status/680003654347304961)) +---- +If you contributed (from reporting issues to pull requests) to MISP, you are eligible for MISP stickers https://github.com/MISP/MISP/issues/789 #infosec + +(Originally on Twitter: [Thu Dec 24 16:44:53 +0000 2015](https://twitter.com/adulau/status/680066626990006272)) +---- +Just a kind reminder for any users of hybrid cryptosystems, metadata are often there in clear-text. So traffic analysis still applies. + +(Originally on Twitter: [Fri Dec 25 22:05:05 +0000 2015](https://twitter.com/adulau/status/680509595169779713)) +---- +RT @bin3ry: If you kill democracy's safeguards, you kill the safeguards for human rights, you kill the freedom we know. https://t.co/AgqVN9… + +(Originally on Twitter: [Sun Dec 27 12:08:03 +0000 2015](https://twitter.com/adulau/status/681084122920562688)) +---- +RT @alberto_cottica: #32c3 The Death Star of EU funding: 143 orgs dominate the 31,000 orgs network. http://bit.ly/1NIcIvI https://t.co/62… + +(Originally on Twitter: [Sun Dec 27 15:48:40 +0000 2015](https://twitter.com/adulau/status/681139641328775168)) +---- +RT @rafi0t: Who wants #MISP stickers? #32C3 ![](media/681213088079691776-CXQmEh1W8AUO8aB.jpg) + +(Originally on Twitter: [Sun Dec 27 20:40:31 +0000 2015](https://twitter.com/adulau/status/681213088079691776)) +---- +RT @Stef_van_Dop: #32c3 'lets put jtag inside the hsm'.. ![](media/681226160043331584-CXQzD9GWkAAODHe.jpg) + +(Originally on Twitter: [Sun Dec 27 21:32:27 +0000 2015](https://twitter.com/adulau/status/681226160043331584)) +---- +RT @BlnStreetArtist: Matroska on a wall - Alexandre Dulaunoy posted a photo: Matroska on a wall http://ow.ly/39sIKq + +(Originally on Twitter: [Sun Dec 27 21:51:42 +0000 2015](https://twitter.com/adulau/status/681231003394928641)) +---- +RT @bortzmeyer: Pauvre Anne Frank, victime des nazis, puis, à titre posthume, du #CopyrightMadness https://twitter.com/affordanceinfo/status/681396995576184832 + +(Originally on Twitter: [Mon Dec 28 09:52:55 +0000 2015](https://twitter.com/adulau/status/681412504275304453)) +---- +@Cyb3rOps Nice idea. Maybe I should add a taxonomy with all the #APT mapping https://github.com/MISP/misp-taxonomies per vendor. @elhoim + +(Originally on Twitter: [Mon Dec 28 11:12:38 +0000 2015](https://twitter.com/adulau/status/681432564876374016)) +---- +RT @Cyb3rOps: #APT Group Mapping v0.1 - still much work to do - DM if interested in co-work this +https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/edit?usp=sharing https://t.co/ZJlAX… + +(Originally on Twitter: [Mon Dec 28 12:04:33 +0000 2015](https://twitter.com/adulau/status/681445629827125248)) +---- +Maybe not as good as Robert Tappan Morris http://fei22.cn/project/Apology%20about%20my%20malware!.html information security is just a huge circular feedback loop. + +(Originally on Twitter: [Mon Dec 28 18:37:57 +0000 2015](https://twitter.com/adulau/status/681544633185341440)) +---- +RT @pinkflawd: Fascinating how folks are still stunned when they find malware thats not superdumb. Jeez.. its just software, you can develo… + +(Originally on Twitter: [Mon Dec 28 18:40:14 +0000 2015](https://twitter.com/adulau/status/681545204990656514)) +---- +@kurtseifried Why not starting a OSS CNA with a new prefix? @letoams + +(Originally on Twitter: [Mon Dec 28 19:02:02 +0000 2015](https://twitter.com/adulau/status/681550692381790212)) +---- +RT @blackswanburst: A extra special shout out to the "Unpatchable" team before @MarieGMoe and I speak tonight: @gradoisageek @xa329 @adulau + +(Originally on Twitter: [Mon Dec 28 21:00:05 +0000 2015](https://twitter.com/adulau/status/681580400079204352)) +---- +RT @torproject: "Tor onion services: more useful than you think" Hall 1, 12:45 pm today, with @RogerDingledine, Dave Goulet, and asn #32C3 + +(Originally on Twitter: [Tue Dec 29 09:56:07 +0000 2015](https://twitter.com/adulau/status/681775696570675201)) +---- +@cybergibbons Scanning the Internet. As an example 5fd81af280738f6fc3198abb03750e23315ed12c was seen on 134.222.94.214 and 62.41.58.1 + +(Originally on Twitter: [Tue Dec 29 13:24:44 +0000 2015](https://twitter.com/adulau/status/681828196917067776)) +---- +@kurtseifried A recent attempt on GitHub https://github.com/distributedweaknessfiling/CNA-Registry @letoams + +(Originally on Twitter: [Tue Dec 29 14:08:14 +0000 2015](https://twitter.com/adulau/status/681839144398635008)) +---- +@cybergibbons Just did a reverse search per certificate on CIRCL Passive SSL https://www.circl.lu/services/passive-ssl/ if you want an access let me know. + +(Originally on Twitter: [Tue Dec 29 14:40:04 +0000 2015](https://twitter.com/adulau/status/681847155842244608)) +---- +@Cyb3rOps Indeed http://safecurves.cr.yp.to/ especially for NIST P-256 and P-384 curves. + +(Originally on Twitter: [Wed Dec 30 17:21:16 +0000 2015](https://twitter.com/adulau/status/682250110923845632)) +---- +@Cyb3rOps The situation is even quite complex with the time-to-standardize at IETF. (e.g. GnuPG using Curve25519 for sign/encrypt) + +(Originally on Twitter: [Wed Dec 30 18:10:30 +0000 2015](https://twitter.com/adulau/status/682262501929684992)) +---- +"We cannot be more sensitive to pleasure without being more sensitive to pain." A. Watts. A huge thanks to Ian for everything he did for us + +(Originally on Twitter: [Wed Dec 30 20:49:13 +0000 2015](https://twitter.com/adulau/status/682302443414286336)) +---- +@cybergibbons Do you have a PGP key? I would like to send you the access credentials. + +(Originally on Twitter: [Thu Dec 31 08:02:16 +0000 2015](https://twitter.com/adulau/status/682471820038127617)) +---- +@taziden Si tu as un peu de temps @bortzmeyer https://github.com/ricochet-im/ricochet https://ricochet.im/ me semble assez prometteur. + +(Originally on Twitter: [Thu Dec 31 09:08:21 +0000 2015](https://twitter.com/adulau/status/682488449698533376)) +---- +@cybergibbons Just sent. Doc available https://www.circl.lu/services/passive-ssl/ and https://www.circl.lu/services/passive-dns/ Hope this helps. + +(Originally on Twitter: [Thu Dec 31 10:36:12 +0000 2015](https://twitter.com/adulau/status/682510558327865345)) +---- +@cybergibbons Glad if this is useful for security researchers. Let us know if you find interesting stuff and we need to notify someone ;-) + +(Originally on Twitter: [Thu Dec 31 10:37:55 +0000 2015](https://twitter.com/adulau/status/682510992065040384)) +---- +@y0m @taziden @bortzmeyer On peut remplacer le logo du Caméleon par un pygargue à tête blanche (bald Eagle), un bâtiment circulaire... + +(Originally on Twitter: [Thu Dec 31 10:42:42 +0000 2015](https://twitter.com/adulau/status/682512193506652160)) +---- +@pbeyssac Ensuite tu auras la pompe à insuline, le pacemaker et le détecteur de fumée puisque c'est aussi devenu de l'informatique... + +(Originally on Twitter: [Thu Dec 31 10:45:58 +0000 2015](https://twitter.com/adulau/status/682513018048147457)) +---- +I'm sure @RichardDawkins will enjoy this recent drawing. https://twitter.com/_IDM_/status/682520504176111616 + +(Originally on Twitter: [Thu Dec 31 11:33:16 +0000 2015](https://twitter.com/adulau/status/682524919264051200)) +---- +"Script to scan OpenSSH host key and known_hosts files for shared keys from server hoster Hetzner" https://github.com/hannob/ed25519hetzner by @hanno + +(Originally on Twitter: [Thu Dec 31 12:55:40 +0000 2015](https://twitter.com/adulau/status/682545656448290816)) +---- +RT @cudeso: "priority for 2016 will be to detect threats inside the firewall” <- isn't that the stuff we’re supposed to be doing for a cpl … + +(Originally on Twitter: [Thu Dec 31 13:27:31 +0000 2015](https://twitter.com/adulau/status/682553672765669377)) +---- +@cudeso Advanced logging of management (with access-lists to log everything) networks should be also a high priority.... + +(Originally on Twitter: [Thu Dec 31 13:28:45 +0000 2015](https://twitter.com/adulau/status/682553982548586496)) +---- +@YrB1rd The bakery or the "Sonnenstudio"? Looking at the picture ;-) + +(Originally on Twitter: [Thu Dec 31 14:15:02 +0000 2015](https://twitter.com/adulau/status/682565631003242496)) +---- +@YrB1rd The yellow label above the two cars on your picture ;-) + +(Originally on Twitter: [Thu Dec 31 14:23:46 +0000 2015](https://twitter.com/adulau/status/682567828927557634)) +---- +Just submitted some talk and workshop proposals for @FIRSTdotOrg 2016 conference with fellow security researchers. We'll see. + +(Originally on Twitter: [Thu Dec 31 14:24:16 +0000 2015](https://twitter.com/adulau/status/682567953427116032)) +---- +RT @circl_lu: libxml2 vulnerability leaking memory CVE-2015-8710 https://bugzilla.gnome.org/show_bug.cgi?id=746048 + +(Originally on Twitter: [Fri Jan 01 11:57:08 +0000 2016](https://twitter.com/adulau/status/682893313624682496)) +---- +RT @OpenTechFund: Today is the deadline for #InternetFreedom requests. Submit a concept note here: https://www.opentech.fund/requests/internet-freedom-fund https://t.co/Dvs… + +(Originally on Twitter: [Fri Jan 01 13:09:16 +0000 2016](https://twitter.com/adulau/status/682911468078129153)) +---- +RT @_Rahra_: »The Administrator’s TLS Certificate Hell« https://www.cypherpunk.at/2015/12/the-administrators-ssl-certificate-hell/ #tls #owncloud #wordpress + +(Originally on Twitter: [Fri Jan 01 13:12:12 +0000 2016](https://twitter.com/adulau/status/682912208116920322)) +---- +RT @Cyb3rOps: sCap +scan, capture and hexdump incoming tcp/udp/icmp traffic without libcap +https://github.com/kala13x/scap ![](media/682956949835628544-CXoUnWGWwAAD8w7.png) + +(Originally on Twitter: [Fri Jan 01 16:10:00 +0000 2016](https://twitter.com/adulau/status/682956949835628544)) +---- +@thegrugq @natashenka The issue gets even worst with the CPE allocation which can be incorrectly narrowed or broaden. + +(Originally on Twitter: [Fri Jan 01 16:20:32 +0000 2016](https://twitter.com/adulau/status/682959602112196608)) +---- +If someone stumble upon the malware sample... let me know. https://ics.sans.org/blog/2016/01/01/potential-sample-of-malware-from-the-ukrainian-cyber-attack-uncovered# + +(Originally on Twitter: [Fri Jan 01 16:25:07 +0000 2016](https://twitter.com/adulau/status/682960756070027264)) +---- +RT @craiu: @RobertMLee - variants of this wiper: +66676deaa9dfe98f8497392064aefbab +cd1aa880f30f9b8bb6cf4d4f9e41ddf4 +72bd40cd60769baffd412b8… + +(Originally on Twitter: [Fri Jan 01 18:10:05 +0000 2016](https://twitter.com/adulau/status/682987169309392897)) +---- +RT @kautoh: Many #mediumwave stations around Europe were closed midnight last night. Including the classic Luxembourg 1440 kHz. https://t.c… + +(Originally on Twitter: [Fri Jan 01 18:31:14 +0000 2016](https://twitter.com/adulau/status/682992493701533698)) +---- +@jpmens BY-ND? It should be BY only? as the patrimonial rights have expired? + +(Originally on Twitter: [Fri Jan 01 19:00:43 +0000 2016](https://twitter.com/adulau/status/682999913995743232)) +---- +Thanks to the beavers for the water reflection... https://www.flickr.com/photos/adulau/24111714205/ #photography #trees + +(Originally on Twitter: [Fri Jan 01 21:26:57 +0000 2016](https://twitter.com/adulau/status/683036712247914498)) +---- +Starting to aggregate publicly accessible info about malware names and classification https://github.com/adulau/malware-encyclopedias to make machine readable JSON + +(Originally on Twitter: [Fri Jan 01 21:37:29 +0000 2016](https://twitter.com/adulau/status/683039364893569024)) +---- +@Dymaxion @aestetix Maybe it should be titled social inequality because economy remains a social science. + +(Originally on Twitter: [Sat Jan 02 22:02:03 +0000 2016](https://twitter.com/adulau/status/683407935754625024)) +---- +Sometime, it's just better to get lost in a "Journey to the Center of the Earth" https://www.flickr.com/photos/adulau/23859715470/ #photography + +(Originally on Twitter: [Sun Jan 03 21:08:12 +0000 2016](https://twitter.com/adulau/status/683756769357643777)) +---- +RT @maartenvhb: However, it pays off. Rohan Amin's dissertation on targeted attack e-mail detection took longer, but was worth it. https://… + +(Originally on Twitter: [Sun Jan 03 21:16:56 +0000 2016](https://twitter.com/adulau/status/683758967470878720)) +---- +RT @FredericJacobs: That thing when you have no encrypted way of sending docs (copies of passports, birth certificate…) to your Embassy htt… + +(Originally on Twitter: [Mon Jan 04 07:28:55 +0000 2016](https://twitter.com/adulau/status/683912978278805505)) +---- +RT @RobertMLee: A few friends recommended MISP (IOC sharing platform) - started digging into it - very impressed so far https://t.co/JiXQ4U… + +(Originally on Twitter: [Mon Jan 04 10:00:28 +0000 2016](https://twitter.com/adulau/status/683951116904742912)) +---- +@pstirparo Good point. It's highly probable that the 2nd MISP summit will take place the Monday 17th October 2016... @circl_lu @hack_lu + +(Originally on Twitter: [Mon Jan 04 12:46:43 +0000 2016](https://twitter.com/adulau/status/683992958065111040)) +---- +RT @circl_lu: New internship regarding AIL framework - Analysis Information Leak framework https://www.circl.lu/projects/internships/datamining02/ - https://t.co/xq9j61bp… + +(Originally on Twitter: [Mon Jan 04 19:07:31 +0000 2016](https://twitter.com/adulau/status/684088788436520964)) +---- +So an A/V vendor include deep learning in their software? I'm curious which algorithms they use and their algorithmic complexity... + +(Originally on Twitter: [Mon Jan 04 20:16:30 +0000 2016](https://twitter.com/adulau/status/684106148153266176)) +---- +"binary elliptic curves with 256 bits field size ... could only claim a security level of about 2 power 85" http://eprint.iacr.org/2016/003.pdf + +(Originally on Twitter: [Mon Jan 04 21:12:41 +0000 2016](https://twitter.com/adulau/status/684120288120930305)) +---- +@pidgeyL @bluejay00 The data is in MISP. There is an attribute with the vulnerability id. I could export it as a source feed for cve-search. + +(Originally on Twitter: [Tue Jan 05 17:13:07 +0000 2016](https://twitter.com/adulau/status/684422386947637248)) +---- +@lhausermann We found many samples from various sources. Not sure if the samples are the ones used in the case mentioned. + +(Originally on Twitter: [Wed Jan 06 05:51:03 +0000 2016](https://twitter.com/adulau/status/684613125019201537)) +---- +@lhausermann Right. If you want access to the CIRCL MISP for @sentryo to review the indicators, just send your PGP https://www.circl.lu/services/misp-malware-information-sharing-platform/ + +(Originally on Twitter: [Wed Jan 06 09:01:52 +0000 2016](https://twitter.com/adulau/status/684661146763300864)) +---- +RT @circl_lu: "Support for older versions of Internet Explorer ends on January 12, 2016" https://www.microsoft.com/en-us/WindowsForBusiness/End-of-IE-support and "no longer provide sec… + +(Originally on Twitter: [Wed Jan 06 12:28:43 +0000 2016](https://twitter.com/adulau/status/684713203171987456)) +---- +@FGTBwallonne Et pourquoi ne pas faire des actions prévues "trains gratuits" ? Cela ferait venir des nouveaux usagers sans tuer le rail. + +(Originally on Twitter: [Wed Jan 06 21:09:06 +0000 2016](https://twitter.com/adulau/status/684844162164912129)) +---- +@FreddyVisconti @FGTBwallonne Si les journées sans contrôle sont prévues à l'avance, c'est aussi un avantage pour les abonnés mensuelles. + +(Originally on Twitter: [Thu Jan 07 05:43:37 +0000 2016](https://twitter.com/adulau/status/684973642166472704)) +---- +@FreddyVisconti @FGTBwallonne Le manque de contrôle (l'accompagnateur est tjs présent), cela ne change rien pour les assurances. + +(Originally on Twitter: [Thu Jan 07 05:44:52 +0000 2016](https://twitter.com/adulau/status/684973958450556928)) +---- +@FreddyVisconti Pour les abonnés mensuelles, décaler le renouvellement. @FGTBwallonne + +(Originally on Twitter: [Thu Jan 07 09:09:19 +0000 2016](https://twitter.com/adulau/status/685025410338451456)) +---- +@FreddyVisconti L’argumentaire des assurances est fallacieux. Même pour les non-payants. Cela serait une action plus positive @FGTBwallonne + +(Originally on Twitter: [Thu Jan 07 09:13:23 +0000 2016](https://twitter.com/adulau/status/685026432561614848)) +---- +@FreddyVisconti Donc vous ne comptez pas expérimenter ce genre de nouvelles actions? C'est dommage pour nous tous. @FGTBwallonne + +(Originally on Twitter: [Thu Jan 07 10:07:29 +0000 2016](https://twitter.com/adulau/status/685040045980516352)) +---- +RT @rootlabs: Show me 9 servers. I'll show you one HDD firmware, one CPU foundry, one BIOS source, one microcode signing key, ... #realworl… + +(Originally on Twitter: [Thu Jan 07 10:12:07 +0000 2016](https://twitter.com/adulau/status/685041214354288640)) +---- +@FreddyVisconti C'est une demande régulière des navetteurs à la place des grèves de blocage. Donc c'est une bonne occasion? @FGTBwallonne + +(Originally on Twitter: [Thu Jan 07 10:19:19 +0000 2016](https://twitter.com/adulau/status/685043023881834496)) +---- +@FreddyVisconti Merci beaucoup. Bonne journée. @FGTBwallonne + +(Originally on Twitter: [Thu Jan 07 13:41:17 +0000 2016](https://twitter.com/adulau/status/685093852273864704)) +---- +RT @circl_lu: Reserve the date: MISP Training in Luxembourg 22nd March 2016 (10:00 - 15:00) more information will be available soon. #MISP … + +(Originally on Twitter: [Thu Jan 07 16:29:14 +0000 2016](https://twitter.com/adulau/status/685136116530442241)) +---- +RT @circl_lu: Flexible taxonomies for information sharing will be presented by @adulau https://www.terena.org/activities/tf-csirt/meeting47/ at @FIRSTdotOrg TC Prague #T… + +(Originally on Twitter: [Thu Jan 07 19:06:59 +0000 2016](https://twitter.com/adulau/status/685175818692222976)) +---- +"Root Certification Authority of the Republic of Kazakhstan" https://bugzilla.mozilla.org/show_bug.cgi?id=1232689 that's the 1st April follow-up https://twitter.com/adulau/status/672100827448889344 + +(Originally on Twitter: [Thu Jan 07 21:57:16 +0000 2016](https://twitter.com/adulau/status/685218669824229377)) +---- +RT @ttaubert: IKE nonce is exactly 32 bytes and comes directly from Dual EC's buffer. #realworldcrypto ![](media/685224117465919488-CYJmHy4UQAAbFTE.jpg) + +(Originally on Twitter: [Thu Jan 07 22:18:55 +0000 2016](https://twitter.com/adulau/status/685224117465919488)) +---- +RT @veorq: slides from #realworldcrypto appearing at http://www.realworldcrypto.com/rwc2016/program + +(Originally on Twitter: [Thu Jan 07 22:21:12 +0000 2016](https://twitter.com/adulau/status/685224695256494080)) +---- +@FreddyVisconti Comme si l'assurance fonctionnait lors des blocages et vous demandiez l'accord du CEO de la SNCB avant... @FGTBwallonne + +(Originally on Twitter: [Fri Jan 08 05:46:16 +0000 2016](https://twitter.com/adulau/status/685336698239217664)) +---- +@FreddyVisconti J'ai plutôt l'impression que c'est une question de stratégie des syndicats pour rester dans le statu quo. @FGTBwallonne + +(Originally on Twitter: [Fri Jan 08 05:48:38 +0000 2016](https://twitter.com/adulau/status/685337294807633921)) +---- +@ekoivune You're welcome. We hope to see you soon. Cheers. @rafi0t @circl_lu + +(Originally on Twitter: [Fri Jan 08 10:19:02 +0000 2016](https://twitter.com/adulau/status/685405340792401924)) +---- +RT @doegox: Our ePassport security survey announced on http://csur.acm.org/ but if you don't like paywall, just go +https://t.co/MZ4b0MV… + +(Originally on Twitter: [Fri Jan 08 14:30:01 +0000 2016](https://twitter.com/adulau/status/685468505324556292)) +---- +"[2016-01-08 21:00:13] Rejected 666 packets during decode: (0.01%)" Should I be worried? + +(Originally on Twitter: [Fri Jan 08 21:26:59 +0000 2016](https://twitter.com/adulau/status/685573439449645056)) +---- +@doegox Just after the install of PF_RING with the ZC support. It's maybe the sign of the binary blob I installed just before ;-) + +(Originally on Twitter: [Fri Jan 08 21:30:54 +0000 2016](https://twitter.com/adulau/status/685574423341101056)) +---- +RT @decalage2: just released ExeFilter v1.1.4-alpha6 - from 2011, but still functional to clean files with active content: https://t.co/LP4… + +(Originally on Twitter: [Sat Jan 09 15:52:39 +0000 2016](https://twitter.com/adulau/status/685851686141845505)) +---- +Notes if you want to implement a new backdoor on Juniper ScreenOS avoid the "hot spots" http://forums.juniper.net/t5/Security-Incident-Response/Advancing-the-Security-of-Juniper-Products/ba-p/286383 + +(Originally on Twitter: [Sat Jan 09 15:58:37 +0000 2016](https://twitter.com/adulau/status/685853187727835136)) +---- +"NIT to identify IP address of users on Tor" https://assets.documentcloud.org/documents/2124281/fbi-tor-busting-227-1.pdf If the target abused the Flash code to redirect the traffic to decoys? + +(Originally on Twitter: [Sun Jan 10 10:22:52 +0000 2016](https://twitter.com/adulau/status/686131084694806528)) +---- +RT @JGamblin: My tires have RFID tags in them. Yours probably do also. ![](media/686134117365379076-CYPNtvaUsAIEHQr.jpg) + +(Originally on Twitter: [Sun Jan 10 10:34:55 +0000 2016](https://twitter.com/adulau/status/686134117365379076)) +---- +@piotrkijewski Interesting document from @enisa_eu I hope they will do updates and revision of the document to include the evolutions. + +(Originally on Twitter: [Sun Jan 10 10:50:27 +0000 2016](https://twitter.com/adulau/status/686138025890451456)) +---- +Don't search for "DGSE" or whatever in the Hillary Clinton emails... https://foia.state.gov/Search/results.aspx?searchText=DGSE&caseNumber=F-2014-20439 + +(Originally on Twitter: [Sun Jan 10 12:15:52 +0000 2016](https://twitter.com/adulau/status/686159521195098113)) +---- +RT @Tinolle1955: TrueCrypt 7.1a / 7.2 DLL Hijacking - Intelligent Exploit http://www.intelligentexploit.com/view-details.html?id=23004 + +(Originally on Twitter: [Sun Jan 10 12:22:10 +0000 2016](https://twitter.com/adulau/status/686161106654605312)) +---- +If someone has access to the IEEE paywall could they share "Using linkography to understand cyberattacks" to the medium called Internet. + +(Originally on Twitter: [Sun Jan 10 15:05:46 +0000 2016](https://twitter.com/adulau/status/686202276252389376)) +---- +@4Dgifts I did too for my ACM membership. I still dream of each security researcher publishing it on http://arxiv.org/list/cs.CR/recent @raistolo + +(Originally on Twitter: [Sun Jan 10 15:16:06 +0000 2016](https://twitter.com/adulau/status/686204878692167680)) +---- +RT @veorq: ZUC is the Chinese stream cipher in 4G/LTE. We don't know how the 8x8 S-boxes were generated. +http://www.gsma.com/aboutus/wp-content/uploads/2014/12/eea3eia3zucv16.pdf + +(Originally on Twitter: [Sun Jan 10 15:28:17 +0000 2016](https://twitter.com/adulau/status/686207943872765952)) +---- +MISP taxonomies - Flexible Classification for Information Sharing overview https://github.com/MISP/misp-taxonomies #ThreatIntel ![](media/686233292471926785-CYX9iu3UEAEV-7A.png) + +(Originally on Twitter: [Sun Jan 10 17:09:01 +0000 2016](https://twitter.com/adulau/status/686233292471926785)) +---- +RT @circl_lu: MISP training in Luxembourg on March 22, 2016 - for more information and registration https://www.circl.lu/pub/press/20160108/ #ThreatIntel #i… + +(Originally on Twitter: [Mon Jan 11 11:37:59 +0000 2016](https://twitter.com/adulau/status/686512372526280704)) +---- +@Secnewsbytes So it seems to be the NATO admiralty scale extended with a confidence level. If you know other -> https://github.com/MISP/misp-taxonomies/ + +(Originally on Twitter: [Mon Jan 11 14:27:40 +0000 2016](https://twitter.com/adulau/status/686555076199079939)) +---- +@EncryptionNews Maybe the title should be "able to decipher vulnerable implementation of PGP like TopPGP or GhostPGP with physical access" + +(Originally on Twitter: [Tue Jan 12 07:52:36 +0000 2016](https://twitter.com/adulau/status/686818042542731264)) +---- +A law proposal in France to force vendor to include backdoor in their hardware http://www.assemblee-nationale.fr/14/amendements/3318/CION_LOIS/CL92.asp or how to increase an attack surface + +(Originally on Twitter: [Tue Jan 12 08:52:04 +0000 2016](https://twitter.com/adulau/status/686833008507236352)) +---- +@pbeyssac Si la surface d'attaque augmente par ces backdoors, c'est nuisible pour les utilisateurs de ce produit incluant l'état. + +(Originally on Twitter: [Tue Jan 12 09:40:23 +0000 2016](https://twitter.com/adulau/status/686845166586560512)) +---- +My popcorn was ready and then... they cut the video stream https://www.youtube.com/watch?v=oVIDHorvAVk "Wassenaar: Cybersecurity and Export Control " + +(Originally on Twitter: [Tue Jan 12 19:51:33 +0000 2016](https://twitter.com/adulau/status/686998974373429248)) +---- +@marasawr Did they officially cut the stream? + +(Originally on Twitter: [Tue Jan 12 19:53:42 +0000 2016](https://twitter.com/adulau/status/686999515002466304)) +---- +@FredericJacobs Finally my popcorn will be useful ;-) + +(Originally on Twitter: [Tue Jan 12 19:54:52 +0000 2016](https://twitter.com/adulau/status/686999807680999425)) +---- +RT @pidgeyL: #CVESearch now has an interface to integrate your #MISP information on CVEs https://github.com/pidgeyl/cve-search @adulau @wimremes + +(Originally on Twitter: [Wed Jan 13 16:25:45 +0000 2016](https://twitter.com/adulau/status/687309570805469184)) +---- +Patched Microsoft DLL https://www.virustotal.com/en/file/76b01828fc2f57790a9a6b22aeda3b18e2d33398a055c6be877af315f4ee4480/analysis/ everything is fine for A/V and OS all together. Not all core DLLs are signed... + +(Originally on Twitter: [Thu Jan 14 08:40:51 +0000 2016](https://twitter.com/adulau/status/687554960867901440)) +---- +@DidierStevens Interesting. Which version of Windows? + +(Originally on Twitter: [Thu Jan 14 21:19:30 +0000 2016](https://twitter.com/adulau/status/687745882314436608)) +---- +@DidierStevens Indeed but the patched binary (hash in the previous tweet) is unsigned and is still run. cf. https://www.lexsi.com/securityhub/dridex-ammyy-admin-post-infection-move/?lang=en + +(Originally on Twitter: [Fri Jan 15 08:21:40 +0000 2016](https://twitter.com/adulau/status/687912520078725120)) +---- +@DidierStevens Right and still executed. Except if you use an AppLocker rule but the reality is far away from it. + +(Originally on Twitter: [Fri Jan 15 10:05:56 +0000 2016](https://twitter.com/adulau/status/687938758939947009)) +---- +@DidierStevens Indeed but for such critical part (hardtoken). The enforcement of signed DLL at OS level should be a requirement? + +(Originally on Twitter: [Fri Jan 15 10:07:35 +0000 2016](https://twitter.com/adulau/status/687939174901612544)) +---- +RT @DidierStevens: @adulau agreed but Windows is not well suited to do this properly. You can force signature validation, but attacker can … + +(Originally on Twitter: [Fri Jan 15 10:19:23 +0000 2016](https://twitter.com/adulau/status/687942147073523713)) +---- +@DidierStevens True. Even today, those patched DLLs are used for more than 1 year without a single detection. + +(Originally on Twitter: [Fri Jan 15 10:21:42 +0000 2016](https://twitter.com/adulau/status/687942728181747712)) +---- +RT @circl_lu: Many concerns related to cybersecurity in "THE 2016 NTI NUCLEAR SECURITY INDEX: THEFT AND SABOTAGE" http://www.ntiindex.org/wp-content/uploads/2013/12/NTI_2016-Index_FINAL.pdf + +(Originally on Twitter: [Fri Jan 15 13:44:39 +0000 2016](https://twitter.com/adulau/status/687993801865064448)) +---- +@neu5ron Maybe some open source tools try to have an UI/API which is useful for the analysts like we try to do with https://github.com/MISP/MISP + +(Originally on Twitter: [Fri Jan 15 14:29:54 +0000 2016](https://twitter.com/adulau/status/688005191589859328)) +---- +@neu5ron Maybe sometime the support is much better by a set of random folks on Internet than a commercial company ;-) + +(Originally on Twitter: [Fri Jan 15 14:46:31 +0000 2016](https://twitter.com/adulau/status/688009373101256705)) +---- +Preparing the tomorrow's session "how to learn Redis, git, tshark and Python in 4 hours." http://www.foo.be/cours/dess-20152016/Redis-Introduction.pdf ![](media/688020629908525057-CYxXHc9WwAA0XZc.png) + +(Originally on Twitter: [Fri Jan 15 15:31:15 +0000 2016](https://twitter.com/adulau/status/688020629908525057)) +---- +@SteveBellovin Easy part? it's relative. Beside Postfix sec design from Wietse Venema & OpenSSH priv-sep, this is not widely implemented. + +(Originally on Twitter: [Fri Jan 15 21:23:13 +0000 2016](https://twitter.com/adulau/status/688109205622894594)) +---- +Disappointing to see many journalists being surprised of the risks of drug trials. They forgot the drug trials in India with many deaths... + +(Originally on Twitter: [Fri Jan 15 21:27:22 +0000 2016](https://twitter.com/adulau/status/688110248859533313)) +---- +Testing @feathub to add or/and vote for features in MISP (the information and threat sharing platform). http://feathub.com/MISP/MISP @Iglocska + +(Originally on Twitter: [Sat Jan 16 21:16:19 +0000 2016](https://twitter.com/adulau/status/688469854622461953)) +---- +If you produce OSINT don't forget it's not OSINT until it's really human and machine readable at the same time. #threatintelligence + +(Originally on Twitter: [Sun Jan 17 09:28:22 +0000 2016](https://twitter.com/adulau/status/688654082534420480)) +---- +RT @bortzmeyer: Un OS souverain, c'est quoi, et ça mène à quoi ? http://www.bortzmeyer.org/os-souverain.html + +(Originally on Twitter: [Sun Jan 17 11:04:02 +0000 2016](https://twitter.com/adulau/status/688678156237148160)) +---- +did a small photography in dedication to Joseph Beuys https://www.flickr.com/photos/adulau/23807385644/ "the tree is an element of regeneration" #photography + +(Originally on Twitter: [Sun Jan 17 13:05:52 +0000 2016](https://twitter.com/adulau/status/688708816922406912)) +---- +A corpse next to the backdoor... https://www.flickr.com/photos/adulau/24436166395/ #photography We knew that backdoors are utterly creepy and not only for software. + +(Originally on Twitter: [Sun Jan 17 13:32:17 +0000 2016](https://twitter.com/adulau/status/688715467826024449)) +---- +@rafi0t Maybe it's time to rename the CryptoParty into OPSECParty. Crypto without OPSEC, this is just like photography without light. + +(Originally on Twitter: [Sun Jan 17 14:58:54 +0000 2016](https://twitter.com/adulau/status/688737262767632384)) +---- +@rafi0t IMHO, the problem is even more fundamental. Maybe we enter into the "Lo Tek" period as described in the sci-fi cyberpunk movement. + +(Originally on Twitter: [Sun Jan 17 15:26:55 +0000 2016](https://twitter.com/adulau/status/688744313346478080)) +---- +RT @rafi0t: @shiromarieke @adulau I call it privacy salon in Luxemburg, works fairly good + +(Originally on Twitter: [Sun Jan 17 15:27:32 +0000 2016](https://twitter.com/adulau/status/688744471714992129)) +---- +@cudeso Take care. I hope your mobility will get better than the @SNCB... + +(Originally on Twitter: [Mon Jan 18 08:14:18 +0000 2016](https://twitter.com/adulau/status/688997832628547585)) +---- +RT @circl_lu: New version of ssdeep Cluster from @botnet_hunter by @rafi0t to support a Redis backend and multiprocessing https://t.co/3Cfs… + +(Originally on Twitter: [Mon Jan 18 08:59:10 +0000 2016](https://twitter.com/adulau/status/689009120624668672)) +---- +@faq http://www.foo.be/photoblog/posts/surveillance-camera-versus-photography.html "The aggressive feeling against video surveillance is transferred to a mere allusion, the street photographer." + +(Originally on Twitter: [Mon Jan 18 09:06:54 +0000 2016](https://twitter.com/adulau/status/689011069973610497)) +---- +What's the best software to backdoor after a compiler? sshexport https://gitlab.com/esr/sshexport/blob/master/sshexport a nice entry to have a self-replicating backdoor. + +(Originally on Twitter: [Mon Jan 18 21:19:45 +0000 2016](https://twitter.com/adulau/status/689195495386927105)) +---- +RT @Cyb3rOps: LOKI pulls IOCs from @circl_lu #MISP & @alienvault #OTX +> easy threat intel application +https://github.com/Neo23x0/Loki https://t.co/… + +(Originally on Twitter: [Tue Jan 19 08:10:59 +0000 2016](https://twitter.com/adulau/status/689359384565157888)) +---- +Is b647b16ce43858eb835d285b43b486de4f0267c5 the SHA1 of the Alrawi apk mentioned in http://www.ibtimes.co.uk/alrawi-isis-builds-secure-android-messaging-app-replace-telegram-says-anonymous-affiliate-ghostsec-1537948? + +(Originally on Twitter: [Tue Jan 19 08:19:20 +0000 2016](https://twitter.com/adulau/status/689361486767099904)) +---- +@revskills Right. Drop me your email, I'll send you the samples. + +(Originally on Twitter: [Tue Jan 19 10:26:31 +0000 2016](https://twitter.com/adulau/status/689393493437878272)) +---- +@wopot Yep, I'm still looking for the correct sample. + +(Originally on Twitter: [Tue Jan 19 19:57:34 +0000 2016](https://twitter.com/adulau/status/689537200858464256)) +---- +Can you release or share the samples or the hash of the "Alrawi" app? @IBTimesUK @concertina226 @GhostSecGroup http://www.ibtimes.co.uk/alrawi-isis-builds-secure-android-messaging-app-replace-telegram-says-anonymous-affiliate-ghostsec-1537948 + +(Originally on Twitter: [Tue Jan 19 20:27:23 +0000 2016](https://twitter.com/adulau/status/689544704627740673)) +---- +RT @cuckoosandbox: Whenever yet another overpriced proprietary sandbox knocks at your door, just remember there's some open source love her… + +(Originally on Twitter: [Tue Jan 19 21:04:10 +0000 2016](https://twitter.com/adulau/status/689553962794651649)) +---- +RT @rafi0t: Hey @lenovo, what about you provide your BIOS updates over HTTPS and don't leave the hashes empty? ![](media/689811914801692672-CZKzYBiWIAAsWCm.png) + +(Originally on Twitter: [Wed Jan 20 14:09:11 +0000 2016](https://twitter.com/adulau/status/689811914801692672)) +---- +@ssantosv It's not this one. We investigated many samples but not a single one is matching was is stated in the article. Still searching... + +(Originally on Twitter: [Wed Jan 20 14:18:30 +0000 2016](https://twitter.com/adulau/status/689814260797546496)) +---- +@ssantosv @revskills I also asked the journalists yesterday to give samples without success until now https://twitter.com/adulau/status/689544704627740673 + +(Originally on Twitter: [Wed Jan 20 14:37:19 +0000 2016](https://twitter.com/adulau/status/689818995185295360)) +---- +@iblametom @revskills @ssantosv Until we have some hard evidences (like samples), it seems fake. + +(Originally on Twitter: [Wed Jan 20 18:22:59 +0000 2016](https://twitter.com/adulau/status/689875784895483905)) +---- +I'm tempted to submit a talk for the RMLL 2016 in Paris, you should do it too https://sec2016.rmll.info/cfp/ - @cbrocas + +(Originally on Twitter: [Wed Jan 20 21:21:26 +0000 2016](https://twitter.com/adulau/status/689920694629613568)) +---- +@cryptax At the beginning, I read your tweet with NNTP and then I saw it was NTP. Maybe for the past 3 months, UUCP would have been useful. + +(Originally on Twitter: [Wed Jan 20 21:29:25 +0000 2016](https://twitter.com/adulau/status/689922703533461504)) +---- +RT @ssantosv: @adulau @iblametom @revskills Ok, @GhostSecGroup, did you really find it? Your group seems to be the first source... will you… + +(Originally on Twitter: [Thu Jan 21 11:04:37 +0000 2016](https://twitter.com/adulau/status/690127854546350080)) +---- +RT @blackswanburst: #thiscouldbeusbutyouplayin ![](media/690164585056309248-CZPy8b1W0AAEjWH.jpg) + +(Originally on Twitter: [Thu Jan 21 13:30:34 +0000 2016](https://twitter.com/adulau/status/690164585056309248)) +---- +This fefe blog entry is funny https://blog.fefe.de/?ts=a86b75ea but when you read the advisory from Sophos https://www.sophos.com/en-us/support/knowledgebase/118311.aspx it's even more fun + +(Originally on Twitter: [Thu Jan 21 13:55:53 +0000 2016](https://twitter.com/adulau/status/690170956594159616)) +---- +What's the real meaning behind of an organizationalUnitName https://crt.sh/?q=* with a single wildcard in a X.509 certificate.... + +(Originally on Twitter: [Thu Jan 21 19:58:52 +0000 2016](https://twitter.com/adulau/status/690262305486036992)) +---- +RT @tqbf: A short secure messaging glossary: decipherable = plaintext. Not e2e encrypted = not encrypted. Maybe exploited = definitely expl… + +(Originally on Twitter: [Thu Jan 21 20:06:36 +0000 2016](https://twitter.com/adulau/status/690264249898266624)) +---- +Thanks to @markarenaau for pointing me about the certainty scale, just added in OSINT of MISP taxonomies https://github.com/MISP/misp-taxonomies/commit/154213c2aa4ec34d7fd20a139def0b31d4f4faf2#diff-e420004fb826fa38bfa5354ba2466bd0R48 + +(Originally on Twitter: [Thu Jan 21 22:06:46 +0000 2016](https://twitter.com/adulau/status/690294493535440897)) +---- +Deliberately hidden backdoor account in several AMX (HARMAN Professional) devices http://blog.sec-consult.com/2016/01/deliberately-hidden-backdoor-account-in.html + +(Originally on Twitter: [Thu Jan 21 22:31:26 +0000 2016](https://twitter.com/adulau/status/690300699079475200)) +---- +RT @muumuuk: @GeorgeMonbiot @LeoDiCaprio @algore a sample of Tajamar's victims. The mangrove was bulldozed in a matter of hours https://t.c… + +(Originally on Twitter: [Fri Jan 22 09:13:53 +0000 2016](https://twitter.com/adulau/status/690462377884647424)) +---- +"A tool for predicting the output of random number generators " https://github.com/ALSchwalm/foresight + +(Originally on Twitter: [Fri Jan 22 12:49:43 +0000 2016](https://twitter.com/adulau/status/690516694842916864)) +---- +Nice @GitHub how to remove sensitive data https://help.github.com/articles/remove-sensitive-data/ if someone accidentally commit sensitive information. + +(Originally on Twitter: [Fri Jan 22 15:11:16 +0000 2016](https://twitter.com/adulau/status/690552315808456706)) +---- +@wopot Wondering if @github does data mining on all git objects to find sensitive information. Some revert commits but don't "git gc" after. + +(Originally on Twitter: [Sat Jan 23 16:24:07 +0000 2016](https://twitter.com/adulau/status/690933038302236672)) +---- +I'm wondering if someone check for the compatibility between free software licensing and Contributor Covenant -> https://github.com/CoralineAda/contributor_covenant/issues/217 + +(Originally on Twitter: [Sat Jan 23 16:57:17 +0000 2016](https://twitter.com/adulau/status/690941384837173248)) +---- +Internal backdoors, unintended vulnerability turning into backdoors, support-team backdoors, adversary backdoors,... pick one or more. + +(Originally on Twitter: [Sat Jan 23 19:44:01 +0000 2016](https://twitter.com/adulau/status/690983341907165185)) +---- +@jpmens I knew that translation for software vty is joke. Mais ici, c'est du foutage de gueule. + +(Originally on Twitter: [Sat Jan 23 20:01:36 +0000 2016](https://twitter.com/adulau/status/690987769930387456)) +---- +"A Reasonably Secure Travel Laptop Setup" https://github.com/CrowdStrike/travel-laptop by @ochsff + +(Originally on Twitter: [Mon Jan 25 08:41:24 +0000 2016](https://twitter.com/adulau/status/691541367265366016)) +---- +@bortzmeyer On dirait la description des activités CNE et CNA d'un service de renseignement. + +(Originally on Twitter: [Mon Jan 25 10:37:31 +0000 2016](https://twitter.com/adulau/status/691570588389920769)) +---- +@TaekiroHeru https://www.schneier.com/blog/archives/2014/03/computer_networ.html @bortzmeyer + +(Originally on Twitter: [Mon Jan 25 10:46:48 +0000 2016](https://twitter.com/adulau/status/691572924185088006)) +---- +@bortzmeyer Maybe the military guys in France expect to have other intelligence agencies in the audience to "influence" capabilities memos. + +(Originally on Twitter: [Mon Jan 25 10:53:14 +0000 2016](https://twitter.com/adulau/status/691574543467560960)) +---- +Very nice statement from @alexanderjaeger : "We are good enough to release TLP:WHITE information" #ThreatIntel + +(Originally on Twitter: [Mon Jan 25 14:35:30 +0000 2016](https://twitter.com/adulau/status/691630476621123586)) +---- +RT @againsthimself: In Defense of Reverse Engineering https://medium.com/@againsthimself/in-defense-of-reverse-engineering-e07fe19b26c#.ot02j78jl + +(Originally on Twitter: [Mon Jan 25 15:06:14 +0000 2016](https://twitter.com/adulau/status/691638211391655936)) +---- +"People tend to share with people who already shared." You know what you have to do... #ThreatIntel #FIC2016 @FIRSTdotOrg + +(Originally on Twitter: [Tue Jan 26 10:00:31 +0000 2016](https://twitter.com/adulau/status/691923665412362241)) +---- +@evanderburg Maybe the best would be to make the ISO 2700x documents freely accessible documents just like the IETF does. + +(Originally on Twitter: [Tue Jan 26 11:51:42 +0000 2016](https://twitter.com/adulau/status/691951642883801088)) +---- +rfc7748 - Elliptic Curves for Security has been published https://www.rfc-editor.org/rfc/rfc7748.txt + +(Originally on Twitter: [Tue Jan 26 13:18:23 +0000 2016](https://twitter.com/adulau/status/691973458163560448)) +---- +RT @hashbreaker: Still not decapitating the RC4 zombie but looks like a solid shot to the body: http://eprint.iacr.org/2016/063 Is RC4 still the sm… + +(Originally on Twitter: [Tue Jan 26 13:56:59 +0000 2016](https://twitter.com/adulau/status/691983172100345856)) +---- +RT @circl_lu: slides of Information Sharing and Taxonomies Practical Classification of Threat Indicators using MISP https://www.circl.lu/assets/files/2016-FIRST-MISP-taxonomies.pdf… + +(Originally on Twitter: [Tue Jan 26 15:48:29 +0000 2016](https://twitter.com/adulau/status/692011234670071809)) +---- +RT @kurtseifried: http://netpatterns.blogspot.ca/2016/01/the-rising-sophistication-of-network.html TL;DR: NTP - the one service configured to send out packets, enables attackers to find IPv6 hosts… + +(Originally on Twitter: [Wed Jan 27 06:38:42 +0000 2016](https://twitter.com/adulau/status/692235263003729920)) +---- +Thanks to @shrekts who points me to https://github.com/rieck/harry "Harry - A Tool for Measuring String Similarity" seems very nice. I'll test it. + +(Originally on Twitter: [Wed Jan 27 13:39:19 +0000 2016](https://twitter.com/adulau/status/692341116859990017)) +---- +An open idea for cve-search to generate UUID when CVEs are not assigned for vulnerability. What do you think? https://github.com/cve-search/cve-search/issues/120 + +(Originally on Twitter: [Wed Jan 27 14:08:03 +0000 2016](https://twitter.com/adulau/status/692348346401439744)) +---- +RT @circl_lu: Putting the spotlight on firmware malware + http://blog.virustotal.com/2016/01/putting-spotlight-on-firmware-malware_27.html #Malware + +(Originally on Twitter: [Thu Jan 28 09:39:43 +0000 2016](https://twitter.com/adulau/status/692643203716104192)) +---- +RT @headhntr: "Don't assume a crack is too small to be exploited." -- Rob Joyce, TAO, NSA #enigma2016 + +(Originally on Twitter: [Thu Jan 28 10:18:02 +0000 2016](https://twitter.com/adulau/status/692652848719462400)) +---- +"How Difficulties in Recognizing One's Own Incompetence Lead to Inflated Self-Assessments" http://mastercodeprofessional.com/library_files/Kruger-Dunning---Unskilled_and_Unaware_of_It_(2009).pdf + +(Originally on Twitter: [Thu Jan 28 21:23:18 +0000 2016](https://twitter.com/adulau/status/692820268297904129)) +---- +RT @SteveClement: In #Luxembourg you demonstrate on 1 lane. Because cars need to pass before any civil liberties. + + +media/693022424892243968-VaJWgvT5U0bUDUW3.mp4 + +(Originally on Twitter: [Fri Jan 29 10:46:36 +0000 2016](https://twitter.com/adulau/status/693022424892243968)) +---- +RT @circl_lu: MISP 2.4.14 has been released including bug fixes, improvement in the UI and support for merging organizations. https://t.co/… + +(Originally on Twitter: [Fri Jan 29 13:52:15 +0000 2016](https://twitter.com/adulau/status/693069145299120128)) +---- +Maybe a solution to test for the JSON abuse contact sharing and update https://github.com/Kinto/kinto/ @Kaplan_CERTat @shrekts ? + +(Originally on Twitter: [Fri Jan 29 22:10:51 +0000 2016](https://twitter.com/adulau/status/693194622269526016)) +---- +RT @FredericJacobs: Discriminatory new Visa law keeps an @EPFL_en professor out of the US. +https://theintercept.com/2016/01/29/discriminatory-new-visa-law-keeps-german-iranian-professor-out-of-u-s/ + +(Originally on Twitter: [Sat Jan 30 05:49:59 +0000 2016](https://twitter.com/adulau/status/693310165551046658)) +---- +Recommendation for the Entropy Sources Used for Random Bit Generation http://csrc.nist.gov/publications/drafts/800-90/sp800-90b_second_draft.pdf Second DRAFT NIST Special Publication 800-90B + +(Originally on Twitter: [Sat Jan 30 05:52:56 +0000 2016](https://twitter.com/adulau/status/693310910954344448)) +---- +I puzzled with IRCv3 where OTR is still not part of the protocol. But SILC has this for 10 years and nobody uses it. http://silcnet.org/ + +(Originally on Twitter: [Sun Jan 31 18:42:05 +0000 2016](https://twitter.com/adulau/status/693866860199165952)) +---- +RT @simula77: Browsing the fiction section... ![](media/693868458988158976-CWgV0ruUsAAcUD7.jpg) + +(Originally on Twitter: [Sun Jan 31 18:48:26 +0000 2016](https://twitter.com/adulau/status/693868458988158976)) +---- +RT @doegox: I'm very happy and excited to join @quarkslab team from today on! ![](media/694071811928113153-CaFxt7DWcAQBTz9.jpg) + +(Originally on Twitter: [Mon Feb 01 08:16:29 +0000 2016](https://twitter.com/adulau/status/694071811928113153)) +---- +RT @pidgeyL: #CVESearch was mentioned on todays SANS podcast @adulau @xme @wimremes + +(Originally on Twitter: [Mon Feb 01 09:41:05 +0000 2016](https://twitter.com/adulau/status/694093102131322880)) +---- +FFT is still under rated for log analysis https://github.com/wllm-rbnt/fft_process a small implementation from @___wr___ + +(Originally on Twitter: [Mon Feb 01 17:26:06 +0000 2016](https://twitter.com/adulau/status/694210127105253377)) +---- +@btabaka Oui mais il ne faut pas oublier que l’infrastructure SMS n'était qu'un effet collatéral de l’infrastructure mobile. + +(Originally on Twitter: [Tue Feb 02 07:45:15 +0000 2016](https://twitter.com/adulau/status/694426337919045632)) +---- +@btabaka Oui. La commodité monte de plus en plus dans les couches protocoles. + +(Originally on Twitter: [Tue Feb 02 07:47:57 +0000 2016](https://twitter.com/adulau/status/694427018390298624)) +---- +RT @Soniasuponia: Philip K Dick ![](media/694428973766418432-CaJpAgFWkAE2xUK.jpg) + +(Originally on Twitter: [Tue Feb 02 07:55:43 +0000 2016](https://twitter.com/adulau/status/694428973766418432)) +---- +@martijn_grooten https://github.com/cve-search/cve-search/graphs/contributors ;-) @xme + +(Originally on Twitter: [Tue Feb 02 08:09:02 +0000 2016](https://twitter.com/adulau/status/694432322209320960)) +---- +Would be nice to have an official statement from @Electrabel regarding this cooling issue http://www.tagesschau.de/ausland/belgien-akw-105.html @Ilse_Electrabel + +(Originally on Twitter: [Tue Feb 02 12:39:56 +0000 2016](https://twitter.com/adulau/status/694500497248632834)) +---- +@blackswanburst maybe @cigitalgem or @cigital have some cap-recap statistics? + +(Originally on Twitter: [Tue Feb 02 13:40:05 +0000 2016](https://twitter.com/adulau/status/694515636186251266)) +---- +Maybe at some point, I should write a book about information sharing good practices. It's not something that is inherent to our societies. + +(Originally on Twitter: [Wed Feb 03 08:40:04 +0000 2016](https://twitter.com/adulau/status/694802521798393856)) +---- +Looking for some good references for a "state of the art" for your next data mining paper, just have a look at https://www.documentcloud.org/documents/2702948-Problem-Book-Redacted.html + +(Originally on Twitter: [Wed Feb 03 10:34:05 +0000 2016](https://twitter.com/adulau/status/694831215153696768)) +---- +@kevinallix Indeed very good point ;-) + +(Originally on Twitter: [Wed Feb 03 10:34:51 +0000 2016](https://twitter.com/adulau/status/694831407382827008)) +---- +Ongoing activities with student the next 2 days http://www.foo.be/cours/dess-20152016/AIL.pdf "Collecting, monitoring and analyzing unstructured data" @rafi0t + +(Originally on Twitter: [Thu Feb 04 16:56:50 +0000 2016](https://twitter.com/adulau/status/695289925307121664)) +---- +@sansforensics @rickhholland Maybe they should have a look at MISP https://github.com/MISP/MISP #CTISUmmit #ThreatIntel + +(Originally on Twitter: [Thu Feb 04 17:02:25 +0000 2016](https://twitter.com/adulau/status/695291329014808576)) +---- +RT @circl_lu: Thanks to @alexanderjaeger for new MISP taxonomies - @FIRSTdotOrg csirt and malware classification https://github.com/MISP/misp-taxonomies #T… + +(Originally on Twitter: [Thu Feb 04 17:44:12 +0000 2016](https://twitter.com/adulau/status/695301844814454784)) +---- +Wondering if the system admins at http://ohchr.org reviewed recently their logs for potential exfiltration or implant beacons... + +(Originally on Twitter: [Fri Feb 05 08:51:47 +0000 2016](https://twitter.com/adulau/status/695530247098388480)) +---- +@LucDockendorf I really hope that the infosec team of @UNHumanRights is staffed adequately to handle cases with advanced implants... + +(Originally on Twitter: [Fri Feb 05 12:36:50 +0000 2016](https://twitter.com/adulau/status/695586880784568320)) +---- +RT @Cryptoki: One week view of #SSL problem areas allowing drill down by CA https://crt.sh/?cablint=issues argh teletextString + +(Originally on Twitter: [Fri Feb 05 13:07:27 +0000 2016](https://twitter.com/adulau/status/695594586241114112)) +---- +"An open-source software framework for live and historical BGP data analysis" https://bgpstream.caida.org/ + +(Originally on Twitter: [Fri Feb 05 20:42:33 +0000 2016](https://twitter.com/adulau/status/695709115776110596)) +---- +@y0m BGPplay from @RIPE_NCC https://stat.ripe.net/213.182.32.0%2F19#tabId=routing provides already history. Bgpstream opens a new world for future applications. + +(Originally on Twitter: [Sat Feb 06 15:42:12 +0000 2016](https://twitter.com/adulau/status/695995920132001792)) +---- +@quota_atypique Pourtant l'introduction de git, et son utilisation, va beaucoup plus loin qu'un simple modus operandi "programmeur"? + +(Originally on Twitter: [Sat Feb 06 15:54:47 +0000 2016](https://twitter.com/adulau/status/695999085464199169)) +---- +Deep black in Prague https://www.flickr.com/photos/adulau/24228235933 #photography but with a small reference to a book... + +(Originally on Twitter: [Sat Feb 06 21:31:44 +0000 2016](https://twitter.com/adulau/status/696083880139423744)) +---- +@hintjens The key value of GitHub are the users. If users move, investors will lost their biggest opportunity. Corp users came from users. + +(Originally on Twitter: [Sun Feb 07 11:52:00 +0000 2016](https://twitter.com/adulau/status/696300373137604611)) +---- +RT @circl_lu: MISP taxonomies and classification doc updated https://www.circl.lu/doc/misp-taxonomies/ to classify your cybersecurity events and indicators.… + +(Originally on Twitter: [Mon Feb 08 11:45:24 +0000 2016](https://twitter.com/adulau/status/696661099710717952)) +---- +Major updates of CIRCL AIL - Analysis Information Leak framework https://github.com/CIRCL/AIL-framework including a simpler way to create new modules + +(Originally on Twitter: [Mon Feb 08 14:51:46 +0000 2016](https://twitter.com/adulau/status/696708001248493568)) +---- +RT @zoobab: German Ministry of Justice seems to prepare for UPC ratification, software patents like a letter to the post #swpat #nodebate + +(Originally on Twitter: [Tue Feb 09 09:28:09 +0000 2016](https://twitter.com/adulau/status/696988949756190721)) +---- +"Scalable Text Mining with Sparse Generative Models" http://arxiv.org/abs/1602.02332 + +(Originally on Twitter: [Tue Feb 09 13:38:56 +0000 2016](https://twitter.com/adulau/status/697052059829403648)) +---- +@Timo_Steffens I have the impression that there is a small mix-up of various actors using satellite upstream for exfil. IOCs to share? + +(Originally on Twitter: [Tue Feb 09 14:48:11 +0000 2016](https://twitter.com/adulau/status/697069486160142336)) +---- +RT @Timo_Steffens: @adulau It's a different style than Turla/Snake. You might want to contact @dimitribest for Poseidon IoCs and satcom det… + +(Originally on Twitter: [Tue Feb 09 15:32:58 +0000 2016](https://twitter.com/adulau/status/697080759815954432)) +---- +Many mentions to information sharing in http://europeanfiles.eu/wp-content/uploads/issues/2016-january-40.pdf but I still wonder why EU cannot fund directly free software like MISP. + +(Originally on Twitter: [Wed Feb 10 11:01:53 +0000 2016](https://twitter.com/adulau/status/697374926353858560)) +---- +@asfakian Maybe but knowing a bit the H2020 process, it was like impossible for a group of free software authors to apply for H2020 calls. + +(Originally on Twitter: [Wed Feb 10 13:02:56 +0000 2016](https://twitter.com/adulau/status/697405387163758592)) +---- +@imifos The public tenders are often designed for organization from the past and not really free software team. Any pointers to OpenNCP? + +(Originally on Twitter: [Wed Feb 10 13:14:29 +0000 2016](https://twitter.com/adulau/status/697408297381601281)) +---- +RT @mattblaze: Even if you don't fear the NSA/PLA/FSB, what intel agencies do today, criminals do next week. + +(Originally on Twitter: [Wed Feb 10 20:59:05 +0000 2016](https://twitter.com/adulau/status/697525216491257858)) +---- +RT @trevorpaglen: Find the new secret satellite with this ;-) ![](media/697537381575094275-Ca4kMVZWIAAGL0H.png) + +(Originally on Twitter: [Wed Feb 10 21:47:26 +0000 2016](https://twitter.com/adulau/status/697537381575094275)) +---- +RT @FredericJacobs: .@AlexanderDeCroo believes it's OK for GCHQ to infiltrate Belgian telco if Belgian Justice Dept agreed. https://t.co/N7… + +(Originally on Twitter: [Thu Feb 11 08:19:38 +0000 2016](https://twitter.com/adulau/status/697696480975523840)) +---- +@FredericJacobs Did they agree? Maybe a notification memo was sent to VSSE before the CNE? No, it's too risky for FVEY. @alexanderdecroo + +(Originally on Twitter: [Thu Feb 11 08:24:25 +0000 2016](https://twitter.com/adulau/status/697697686716346368)) +---- +RT @ydklijnsma: Found open VNC on a server where a criminal was cashing out paypal accounts, talk about getting caught in the act... https:… + +(Originally on Twitter: [Thu Feb 11 16:35:59 +0000 2016](https://twitter.com/adulau/status/697821392704827392)) +---- +RT @circl_lu: New version of MISP 2.4.17 has been released including bug fixes and various improvements https://github.com/MISP/MISP #threatintel + +(Originally on Twitter: [Thu Feb 11 16:36:12 +0000 2016](https://twitter.com/adulau/status/697821446953963521)) +---- +"Verifying Public Keys without Trust: How Anonymity Can Guarantee Data Integrity" http://arxiv.org/pdf/1602.03316v1.pdf Multipath probing can be difficult + +(Originally on Twitter: [Thu Feb 11 20:21:36 +0000 2016](https://twitter.com/adulau/status/697878169886597120)) +---- +RT @circl_lu: MISP 2.4.18 released with delegation of publication - a simple way to share indicators pseudo-anonymously. https://t.co/is7QM… + +(Originally on Twitter: [Sat Feb 13 13:10:41 +0000 2016](https://twitter.com/adulau/status/698494501774585857)) +---- +RT @martijn_grooten: The grammar nazis from OpenDNS scrutinize malware and phishing. https://labs.opendns.com/2016/02/08/grammar-and-spelling-errors-in-phishing-and-malware/ ![](media/698498235296567297-CbFkKNcXEAAMzOL.png) + +(Originally on Twitter: [Sat Feb 13 13:25:31 +0000 2016](https://twitter.com/adulau/status/698498235296567297)) +---- +@blackswanburst I thought guards can provide anything as long as you have cash. + +(Originally on Twitter: [Sat Feb 13 19:20:02 +0000 2016](https://twitter.com/adulau/status/698587452970237952)) +---- +@blackswanburst That's the design of a prison promoting bad behaviour. I won't call it a dilemma but more a conjecture ;-) + +(Originally on Twitter: [Sat Feb 13 19:25:58 +0000 2016](https://twitter.com/adulau/status/698588946922676226)) +---- +@blackswanburst By the way, it looks like a question from a @google job interview ;-) + +(Originally on Twitter: [Sat Feb 13 19:28:19 +0000 2016](https://twitter.com/adulau/status/698589535328927744)) +---- +Can you trust your risk management team when the risk of ransomware probability is 0 and you have a BYOD policy with more than 7000 users? + +(Originally on Twitter: [Sat Feb 13 19:31:18 +0000 2016](https://twitter.com/adulau/status/698590286373584896)) +---- +RT @blackswanburst: The prisoner's seating dilemma: do you put prisoners who pass drugs near guards or pedos near the family visiting the p… + +(Originally on Twitter: [Sat Feb 13 19:31:31 +0000 2016](https://twitter.com/adulau/status/698590341579022336)) +---- +The stencil of the morning https://www.flickr.com/photos/adulau/25014660385/ "You keep me under your spell" #photography + +(Originally on Twitter: [Sun Feb 14 07:40:28 +0000 2016](https://twitter.com/adulau/status/698773789757345792)) +---- +RT @cryptoron: Got this fantastic birthday present from the Crypto guys. The very first 'military grade' payload encryptor. @foxit https://… + +(Originally on Twitter: [Mon Feb 15 08:28:31 +0000 2016](https://twitter.com/adulau/status/699148270443110400)) +---- +@fredraynal Congrats my dear. + +(Originally on Twitter: [Mon Feb 15 09:10:24 +0000 2016](https://twitter.com/adulau/status/699158809156194304)) +---- +@TimelessP @voodooKobra http://code.activestate.com/lists/python-checkins/32587/ + +(Originally on Twitter: [Mon Feb 15 19:22:44 +0000 2016](https://twitter.com/adulau/status/699312909650886657)) +---- +Killing us slowly 3 https://www.flickr.com/photos/adulau/24754951230/ a photographic series of industrial patrimony in #Belgium #photography + +(Originally on Twitter: [Mon Feb 15 20:08:49 +0000 2016](https://twitter.com/adulau/status/699324503994855429)) +---- +Une édition paradoxale chez @LarcierGrp "Open access et droit d'auteur" http://editionslarcier.larciergroup.com/titres/133671_2/open-access-et-droit-d-auteur.html La version open access dans plus de 70 ans? + +(Originally on Twitter: [Mon Feb 15 21:54:27 +0000 2016](https://twitter.com/adulau/status/699351087069978625)) +---- +RT @_pst: #share your bloody #IOCs @circl_lu #misp ![](media/699669680454242305-CbW4_V6UAAAXzNM.jpg) + +(Originally on Twitter: [Tue Feb 16 19:00:25 +0000 2016](https://twitter.com/adulau/status/699669680454242305)) +---- +RT @XipiterSec: The recent GLIBC bug by @fjserna (CVE-2015-7547) https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html is an example of a bug that will plague IoT/Embedd… + +(Originally on Twitter: [Tue Feb 16 20:55:45 +0000 2016](https://twitter.com/adulau/status/699698703506997248)) +---- +@Bry_Campbell Ransomware business is rising up. + +(Originally on Twitter: [Tue Feb 16 21:38:34 +0000 2016](https://twitter.com/adulau/status/699709479722577920)) +---- +I remember a speaker telling us that honeypots are dead but today we have seen that email honeypots are still the first sources of samples. + +(Originally on Twitter: [Wed Feb 17 16:23:56 +0000 2016](https://twitter.com/adulau/status/699992687911550976)) +---- +RT @piotrkijewski: @adulau I think honeypots are far from dead, I would say even more relevant than before :) + +(Originally on Twitter: [Wed Feb 17 16:26:56 +0000 2016](https://twitter.com/adulau/status/699993443821625344)) +---- +@piotrkijewski I strongly follows you on this topic. Even the honeytokens are still under used nowadays... + +(Originally on Twitter: [Wed Feb 17 16:28:18 +0000 2016](https://twitter.com/adulau/status/699993787481899008)) +---- +RT @circl_lu: 500 samples of malicious XLS (Locky) in 30 minutes from a catchall honeypot domain. We can say that the attackers want to pur… + +(Originally on Twitter: [Thu Feb 18 10:56:44 +0000 2016](https://twitter.com/adulau/status/700272730453733376)) +---- +Just a small reminder of the advanced capabilities from Apple regarding encryption, it's coming from one single motivator called DRM. + +(Originally on Twitter: [Thu Feb 18 13:45:38 +0000 2016](https://twitter.com/adulau/status/700315237086588930)) +---- +RT @hashbreaker: I wonder what the reaction would be to headlines saying "FBI orders Apple engineers to build tools to help FBI spy on civi… + +(Originally on Twitter: [Thu Feb 18 21:34:26 +0000 2016](https://twitter.com/adulau/status/700433215174144000)) +---- +Follow the leader... #photography in #Bruxelles https://www.flickr.com/photos/adulau/25134286525/ + +(Originally on Twitter: [Fri Feb 19 21:35:54 +0000 2016](https://twitter.com/adulau/status/700795970448072704)) +---- +Writing and heritage https://www.flickr.com/photos/adulau/25050054801/ another photography of #Bruxelles #streetart + +(Originally on Twitter: [Sat Feb 20 08:47:04 +0000 2016](https://twitter.com/adulau/status/700964877012180992)) +---- +Maybe the CVSS standard should be clarified on the rating scale for CVSS which are not set or unknown. None is set to 0.0 in the standard... + +(Originally on Twitter: [Sat Feb 20 08:54:12 +0000 2016](https://twitter.com/adulau/status/700966673596153856)) +---- +@imifos Thanks. Sure, it's in the freezone in front of the tour-&-taxis site in Bruxelles. You just need to pass a construction fence. + +(Originally on Twitter: [Sat Feb 20 10:35:42 +0000 2016](https://twitter.com/adulau/status/700992213485035520)) +---- +@shrekts Good point, I'll do. We have a lot users relying on cve-search and assuming that an unset value is 0 for a vulnerability. @pidgeyL + +(Originally on Twitter: [Sat Feb 20 11:55:46 +0000 2016](https://twitter.com/adulau/status/701012362665529344)) +---- +RT @eromang: #LinuxMint 17.3 #Cinnamon edition ISO #backdoor “man.cy” http://bit.ly/1SJjBld http://bit.ly/1SJjztv https://t.co/EMYbc4L3… + +(Originally on Twitter: [Sun Feb 21 09:47:24 +0000 2016](https://twitter.com/adulau/status/701342447864049664)) +---- +Don't trust a #DFIR software more than any other software. A #DFIR software is full of parsing assumptions. Some adversaries know this fact. + +(Originally on Twitter: [Sun Feb 21 10:00:40 +0000 2016](https://twitter.com/adulau/status/701345785909268480)) +---- +RT @it4sec: #LinuxMint, IMO,is not the first backdoored ISO in history, but the first OS distro creator that found out and agree to announc… + +(Originally on Twitter: [Sun Feb 21 10:01:11 +0000 2016](https://twitter.com/adulau/status/701345914808614912)) +---- +Working on an adversary taxonomy https://github.com/MISP/misp-taxonomies/blob/master/adversary/machinetag.json for classifying of adversary infrastructure PR welcome. https://github.com/MISP/misp-taxonomies/ + +(Originally on Twitter: [Sun Feb 21 10:25:50 +0000 2016](https://twitter.com/adulau/status/701352119526420481)) +---- +RT @Timo_Steffens: Very useful taxonomy to avoid many of the typical pitfalls with information sharing https://twitter.com/adulau/status/701352119526420481 + +(Originally on Twitter: [Sun Feb 21 10:39:59 +0000 2016](https://twitter.com/adulau/status/701355682361114624)) +---- +@GunstickULM ;-) + +(Originally on Twitter: [Sun Feb 21 14:51:15 +0000 2016](https://twitter.com/adulau/status/701418913972822017)) +---- +Maybe nowadays more people will understand the objective of such MSc internship... @thegrugq +https://twitter.com/circl_lu/status/701465048259108866 + +(Originally on Twitter: [Sun Feb 21 18:14:24 +0000 2016](https://twitter.com/adulau/status/701470040458141701)) +---- +@ViolaRoberto Let's hope information security is not forgotten for those new shiny "Internet of Things" devices. + +(Originally on Twitter: [Sun Feb 21 18:27:40 +0000 2016](https://twitter.com/adulau/status/701473376133632002)) +---- +@teamcymru is totalhash down? + +(Originally on Twitter: [Sun Feb 21 21:57:41 +0000 2016](https://twitter.com/adulau/status/701526227773947908)) +---- +Good idea @rommelfs "Should we replace the wording of critical infrastructure by fragile infrastructure?" It would be indeed more accurate.. + +(Originally on Twitter: [Mon Feb 22 13:38:10 +0000 2016](https://twitter.com/adulau/status/701762908011806720)) +---- +"Your request is outside the scope of CVE's published priorities." Now I have a trigger to develop an alternative with cve-search. @pidgeyL + +(Originally on Twitter: [Mon Feb 22 18:32:50 +0000 2016](https://twitter.com/adulau/status/701837064719966208)) +---- +https://www.us-cert.gov/ais Interesting that the AIS model is based on the old producer consumer model and not on bidirectional contributions. + +(Originally on Twitter: [Mon Feb 22 19:57:18 +0000 2016](https://twitter.com/adulau/status/701858322513788929)) +---- +@altquinn BMI overflow? + +(Originally on Twitter: [Mon Feb 22 22:31:02 +0000 2016](https://twitter.com/adulau/status/701897010669080577)) +---- +@altquinn Whoaaaa that's heavy. Can I mention it's very "heavy metal" style ;-) + +(Originally on Twitter: [Mon Feb 22 22:34:50 +0000 2016](https://twitter.com/adulau/status/701897966244786176)) +---- +@bortzmeyer Comme c'est SCS, cela peut être aussi un(e) analyste à la CIA. @amaelle_g + +(Originally on Twitter: [Tue Feb 23 09:28:34 +0000 2016](https://twitter.com/adulau/status/702062482639159296)) +---- +@amaelle_g SCS alimente la CIA. SCS n'est que la partie collection qui est une mixture CIA (HUMINT) - NSA (SIGINT/CNE) @bortzmeyer + +(Originally on Twitter: [Tue Feb 23 09:52:34 +0000 2016](https://twitter.com/adulau/status/702068525284913152)) +---- +@amaelle_g Pour info, les analystes ne sont pas directement dans la partie SCS. Il y a souvent cette confusion dans les médias. @bortzmeyer + +(Originally on Twitter: [Tue Feb 23 09:59:59 +0000 2016](https://twitter.com/adulau/status/702070391909576706)) +---- +@gcouprie I'm curious what's the performance difference of this compared to redis servers with simple sharding with HKEY or SET. + +(Originally on Twitter: [Tue Feb 23 10:19:27 +0000 2016](https://twitter.com/adulau/status/702075290537869312)) +---- +@gcouprie But it's still IPC (via TCP/IP or RDMA) in the back to map the various memory areas so context-switching wise it seems similar. + +(Originally on Twitter: [Tue Feb 23 10:27:35 +0000 2016](https://twitter.com/adulau/status/702077337500778500)) +---- +@gcouprie Ok good to know. So for the same query, it won't be a constant algorithm complexity. + +(Originally on Twitter: [Tue Feb 23 10:36:45 +0000 2016](https://twitter.com/adulau/status/702079640857399300)) +---- +Let me know if you want an actor as a speaker for @hack_lu 2016 ;-) + +(Originally on Twitter: [Tue Feb 23 14:33:13 +0000 2016](https://twitter.com/adulau/status/702139152859537410)) +---- +RT @piotrkijewski: A proposal for a taxonomy of adversary infrastructure by @adulau https://github.com/MISP/misp-taxonomies/blob/master/adversary/machinetag.json #ThreatIntel + +(Originally on Twitter: [Tue Feb 23 22:04:15 +0000 2016](https://twitter.com/adulau/status/702252656618819585)) +---- +RT @righettod: @adulau @__Thanat0s__ Received the same response this night for a new cve. If your product is not into the list there no v… + +(Originally on Twitter: [Wed Feb 24 09:15:00 +0000 2016](https://twitter.com/adulau/status/702421455762550785)) +---- +RT @__courts__: @adulau @pidgeyL Same here today, strange. Did someone hit the wrong button or is the CVE system really going down the drai… + +(Originally on Twitter: [Wed Feb 24 09:52:16 +0000 2016](https://twitter.com/adulau/status/702430834989654016)) +---- +If you hear "semi-automatic" in #threatintel discussion, this means "delayed email exchanges with unstructured information" @FIRSTdotOrg + +(Originally on Twitter: [Wed Feb 24 09:53:31 +0000 2016](https://twitter.com/adulau/status/702431151655407616)) +---- +RT @righettod: @adulau New response from mitre. They will perhaps add the impacted product to their list and I will perhaps obtains a cve i… + +(Originally on Twitter: [Thu Feb 25 09:09:47 +0000 2016](https://twitter.com/adulau/status/702782534665576448)) +---- +RT @circl_lu: . @Iglocska and @adulau from @circl_lu will present a historical perspective of MISP at @FIRSTdotOrg TC today at 14:30 #Threa… + +(Originally on Twitter: [Thu Feb 25 09:18:23 +0000 2016](https://twitter.com/adulau/status/702784698628620288)) +---- +An interesting talk from @treyka http://prognos.is/talks/munich_first_tc_threat_intelligence/ "Moving Beyond Threatbutt" at @FIRSTdotOrg + +(Originally on Twitter: [Thu Feb 25 09:43:10 +0000 2016](https://twitter.com/adulau/status/702790935344750592)) +---- +A tool from @jpcert_en to visualize "APT campaign information and to visualize relations of IOC" https://github.com/S03D4-164/Hiryu + +(Originally on Twitter: [Thu Feb 25 11:13:27 +0000 2016](https://twitter.com/adulau/status/702813654446694400)) +---- +RT @circl_lu: 4 years of practical information sharing MISP - Malware Information Sharing Platform & Threat Sharing @FIRSTdotOrg https://t.… + +(Originally on Twitter: [Thu Feb 25 15:21:58 +0000 2016](https://twitter.com/adulau/status/702876193746505728)) +---- +RT @a_z_e_t: when I ask uber drivers how they're doing (EU) - usually been with it for a few months (and leave), barely pay rent: https://t… + +(Originally on Twitter: [Sat Feb 27 08:31:27 +0000 2016](https://twitter.com/adulau/status/703497662809640960)) +---- +"Set of Maltego transforms to inferface with a MISP instance" has been released https://github.com/MISP/MISP-maltego + +(Originally on Twitter: [Sat Feb 27 19:20:41 +0000 2016](https://twitter.com/adulau/status/703661046721081344)) +---- +A Python library to support JSON-based encryption and signing - JOSE https://github.com/bifurcation/pyjose + +(Originally on Twitter: [Sat Feb 27 20:18:23 +0000 2016](https://twitter.com/adulau/status/703675566629724161)) +---- +RT @antirez: Very cool genetic approach to password cracking: https://github.com/lyle-nel/siga + +(Originally on Twitter: [Sun Feb 28 20:46:47 +0000 2016](https://twitter.com/adulau/status/704045100846997504)) +---- +Seeing how many new interior equipments proposed in the market with connectivity at @BATIBOUW a brand new world for adversaries... + +(Originally on Twitter: [Sun Feb 28 20:53:22 +0000 2016](https://twitter.com/adulau/status/704046757332779008)) +---- +@xme My best experience was with Talent Src https://labsblog.f-secure.com/2015/09/03/linkedin-sockpuppets-targeting-security-researchers/ especially when I call the school alumni club... + +(Originally on Twitter: [Mon Feb 29 10:48:00 +0000 2016](https://twitter.com/adulau/status/704256801265618944)) +---- +Thanks to @Cyb3rOps for his work on APT groups, I started a JSON with threat actors https://github.com/MISP/misp-galaxy/blob/master/elements/adversary-groups.json to be included soon in MISP + +(Originally on Twitter: [Mon Feb 29 15:42:03 +0000 2016](https://twitter.com/adulau/status/704330801807278080)) +---- +@alexanderjaeger @Cyb3rOps Yep until now, it's mainly the RU and CN part. I'll do an element for the tools and operation/campaigns too. + +(Originally on Twitter: [Mon Feb 29 18:21:58 +0000 2016](https://twitter.com/adulau/status/704371044744826881)) +---- +A honeypot for malware that propagates via USB storage devices https://github.com/honeynet/ghost-usb-honeypot @rafi0t + +(Originally on Twitter: [Mon Feb 29 19:39:23 +0000 2016](https://twitter.com/adulau/status/704390530092961793)) +---- +"Fighting Cyber Attacks during the Burmese Elections" +http://unleashed.blinkhackergroup.org/release/ + +(Originally on Twitter: [Mon Feb 29 21:17:08 +0000 2016](https://twitter.com/adulau/status/704415128633155584)) +---- +I found some "J'existe" stickers in Bruxelles https://www.flickr.com/photos/adulau/25359825976/ #sticker #streetart + +(Originally on Twitter: [Mon Feb 29 22:01:21 +0000 2016](https://twitter.com/adulau/status/704426253269381120)) +---- +Sniff.... https://www.flickr.com/photos/adulau/25300206662/ "I am interested in the creativity of the criminal attitude..." as stated by Joseph Beuys #photography + +(Originally on Twitter: [Tue Mar 01 21:49:23 +0000 2016](https://twitter.com/adulau/status/704785631579389952)) +---- +RT @veorq: crypto students should be taught security engineering not just math; univs should output more software and fewer papers + +(Originally on Twitter: [Wed Mar 02 07:16:57 +0000 2016](https://twitter.com/adulau/status/704928464265191424)) +---- +RT @doegox: Our white-box attack tools got released at https://github.com/SideChannelMarvels , see you @WEareTROOPERS +https://twitter.com/Insinuator/status/705078496868093953 + +(Originally on Twitter: [Wed Mar 02 17:53:55 +0000 2016](https://twitter.com/adulau/status/705088762498453504)) +---- +RT @xme: [/dev/random] Running #MISP in a #Docker Container https://blog.rootshell.be/?p=30204 + +(Originally on Twitter: [Thu Mar 03 20:35:00 +0000 2016](https://twitter.com/adulau/status/705491686538002432)) +---- +Sometime reading some standards, I have this strange feeling "Using computers to limit yourself". + +(Originally on Twitter: [Thu Mar 03 21:06:51 +0000 2016](https://twitter.com/adulau/status/705499702377185280)) +---- +@Cyb3rOps Interesting. Not sure about the robustness of the TCP reassembly part https://github.com/vikwin/pcapfex/blob/master/core/Streams/TCPStream.py based n-tuples only. + +(Originally on Twitter: [Fri Mar 04 08:23:48 +0000 2016](https://twitter.com/adulau/status/705670062338908160)) +---- +About recent CVE assignment issues, we (cve-search) started to work on a proposal for identifier assignment https://github.com/cve-search/allocator + +(Originally on Twitter: [Fri Mar 04 21:12:59 +0000 2016](https://twitter.com/adulau/status/705863635458002944)) +---- +@shrekts As a new CNA? maybe but here is the current state http://seclists.org/oss-sec/2016/q1/512 + +(Originally on Twitter: [Fri Mar 04 21:32:32 +0000 2016](https://twitter.com/adulau/status/705868553203916800)) +---- +RT @bartblaze: When someone asks me what cyber pathogens are. + + +media/706223861923233792-Cc0B1nXW4AAeKE6.mp4 + +(Originally on Twitter: [Sat Mar 05 21:04:24 +0000 2016](https://twitter.com/adulau/status/706223861923233792)) +---- +RT @jedisct1: RT @jpmens: A shell command to create JSON: jo http://jpmens.net/2016/03/05/a-shell-command-to-create-json-jo/ + +(Originally on Twitter: [Sat Mar 05 21:45:08 +0000 2016](https://twitter.com/adulau/status/706234111669760004)) +---- +RT @npua: Although the public, from time to time, begs to differ. https://twitter.com/sgdickinson/status/706825767670276096 + +(Originally on Twitter: [Mon Mar 07 13:29:36 +0000 2016](https://twitter.com/adulau/status/706834182174015488)) +---- +@bortzmeyer How do you proceed with TLS traffic? + +(Originally on Twitter: [Mon Mar 07 14:38:16 +0000 2016](https://twitter.com/adulau/status/706851462672994304)) +---- +@bortzmeyer I haven't seen "practical" solutions to security and authentication of cached objects in ICN security models. I might be wrong + +(Originally on Twitter: [Mon Mar 07 14:49:10 +0000 2016](https://twitter.com/adulau/status/706854206737661952)) +---- +@bortzmeyer The funny part is ICN models want to drop X.509 but at the end, you still need to verify the signature with "something"TM ;-) + +(Originally on Twitter: [Mon Mar 07 14:58:14 +0000 2016](https://twitter.com/adulau/status/706856489474981888)) +---- +Better than godwin's law, the blockchain law where any technical discussion can be stopped when someone propose to use Merkle trees... + +(Originally on Twitter: [Mon Mar 07 19:26:51 +0000 2016](https://twitter.com/adulau/status/706924089479446528)) +---- +Some updates and addition in the adversary groups https://github.com/MISP/misp-galaxy/blob/master/elements/adversary-groups.json for the misp-galaxy. PR welcome. + +(Originally on Twitter: [Mon Mar 07 21:17:40 +0000 2016](https://twitter.com/adulau/status/706951975435378688)) +---- +It seems that the attack surface of LibreOffice is so huge that @pinkflawd started to work on it ;-) + +(Originally on Twitter: [Tue Mar 08 16:45:35 +0000 2016](https://twitter.com/adulau/status/707245893544763392)) +---- +RT @pinkflawd: @adulau attack? whatfor? it crashes when I just stare at it -.- + +(Originally on Twitter: [Tue Mar 08 16:53:18 +0000 2016](https://twitter.com/adulau/status/707247834635091968)) +---- +@npua Funny, I always think of books from @GreatDismal when people try to buy bizarre services in a future world. + +(Originally on Twitter: [Wed Mar 09 14:36:56 +0000 2016](https://twitter.com/adulau/status/707575904185229312)) +---- +"ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels" https://www.cs.tau.ac.il/~tromer/mobilesc/ + +(Originally on Twitter: [Wed Mar 09 14:48:11 +0000 2016](https://twitter.com/adulau/status/707578737806671872)) +---- +@shrekts Yep. By the way, we started some prototypes and we are on a good track. But still some work to be done... + +(Originally on Twitter: [Wed Mar 09 21:09:41 +0000 2016](https://twitter.com/adulau/status/707674744238317569)) +---- +@shrekts Sure. I can drop a mail in the @FIRSTdotOrg mailing-list about our current ideas at https://github.com/cve-search/ + +(Originally on Twitter: [Wed Mar 09 21:28:23 +0000 2016](https://twitter.com/adulau/status/707679449609838592)) +---- +@ClausHoumann IOCs and hashes to share would be nice... @AshiqJA @Peerlyst + +(Originally on Twitter: [Wed Mar 09 21:29:39 +0000 2016](https://twitter.com/adulau/status/707679769320624128)) +---- +Don't forget if you rely on a "cloud provider" for your services and something goes wrong, don't expect to do forensic on their logs. + +(Originally on Twitter: [Wed Mar 09 22:07:46 +0000 2016](https://twitter.com/adulau/status/707689358795653120)) +---- +@Seifreed Indeed but don't expect huge providers to export raw logs from their infrastructure... it's very rare. + +(Originally on Twitter: [Wed Mar 09 22:12:57 +0000 2016](https://twitter.com/adulau/status/707690665979867136)) +---- +RT @xme: This sounds like coming from a real case :-) https://twitter.com/adulau/status/707689358795653120 + +(Originally on Twitter: [Thu Mar 10 05:38:09 +0000 2016](https://twitter.com/adulau/status/707802703750164480)) +---- +RT @ProjectHoneynet: The Cedric Blancher scholarship, and more http://sanantonio2016.honeynet.org/scholarships/ #hnw2016 ![](media/707802969069260800-CdIHR3mW8AAwCJi.jpg) + +(Originally on Twitter: [Thu Mar 10 05:39:12 +0000 2016](https://twitter.com/adulau/status/707802969069260800)) +---- +@ralphholz Didn't know that you had PhD students in the crypto-ransomware business... + +(Originally on Twitter: [Thu Mar 10 07:26:29 +0000 2016](https://twitter.com/adulau/status/707829967896375296)) +---- +RT @doegox: Second tutorial to attack white-boxes got published: +https://github.com/SideChannelMarvels/Deadpool/wiki/Tutorial-%232%3A-DCA-against-Hack.lu-2009-challenge See you at my talk at @WEareTROOPERS https://t.co… + +(Originally on Twitter: [Thu Mar 10 13:28:11 +0000 2016](https://twitter.com/adulau/status/707920993268981760)) +---- +RT @Timo_Steffens: Want to work on cyber-espionage incidents in Germany on a secure job position? CERT-Bund is hiring: https://t.co/Ek7GqOT… + +(Originally on Twitter: [Thu Mar 10 13:28:59 +0000 2016](https://twitter.com/adulau/status/707921192141848577)) +---- +@cyber_kaser Drop me a DM with your snail mail address. + +(Originally on Twitter: [Thu Mar 10 16:00:25 +0000 2016](https://twitter.com/adulau/status/707959303651590144)) +---- +RT @MalwareTechBlog: Bitcoin technical analysis according to Locky researchers ![](media/708283029966426112-CdRPJ9wWEAETKk3.jpg) + +(Originally on Twitter: [Fri Mar 11 13:26:48 +0000 2016](https://twitter.com/adulau/status/708283029966426112)) +---- +@MalwareTechBlog What's the daily volume of ransomware victims trying to find BTC? I haven't see good refs. just https://blogs.mcafee.com/mcafee-labs/ransomware-insight-financial-gain/ + +(Originally on Twitter: [Fri Mar 11 13:34:08 +0000 2016](https://twitter.com/adulau/status/708284874617184256)) +---- +"L-Root IPv6 Address renumbering" +https://lists.dns-oarc.net/pipermail/dns-operations/2016-March/014489.html sometime updating an IPv6 address is a whole project. + +(Originally on Twitter: [Fri Mar 11 19:12:40 +0000 2016](https://twitter.com/adulau/status/708370071563980801)) +---- +RT @circl_lu: MISP 2.4.26 released with a new feed fetcher functionality https://github.com/MISP/MISP to ease the sharing of infosec feed. + +(Originally on Twitter: [Fri Mar 11 21:08:02 +0000 2016](https://twitter.com/adulau/status/708399103856799745)) +---- +@peteskomoroch transparent versus transperent ;-) + +(Originally on Twitter: [Fri Mar 11 21:26:17 +0000 2016](https://twitter.com/adulau/status/708403698679078912)) +---- +RT @abuse_ch: TeslaCrypt is fluxing its infrastructure heavily and is sharing at least some of its IPs with Matsnu and Corebot https://t.co… + +(Originally on Twitter: [Sat Mar 12 16:27:18 +0000 2016](https://twitter.com/adulau/status/708690842056335361)) +---- +Demonstrating to the students how to cool down an HDD with a cold can while doing a forensic disk acquisition #DFIR ![](media/708692700284002305-CdXIQRUWEAAVobW.jpg) + +(Originally on Twitter: [Sat Mar 12 16:34:41 +0000 2016](https://twitter.com/adulau/status/708692700284002305)) +---- +"Broken windows theory" or maybe the theory is also so broken. https://www.flickr.com/photos/adulau/25735909285/ #photography #urbex + +(Originally on Twitter: [Sat Mar 12 21:40:54 +0000 2016](https://twitter.com/adulau/status/708769761589592064)) +---- +RT @taviso: @martijn_grooten But I dont want to have this debate with you. Lets work on improving the situation. You could help! https://t.… + +(Originally on Twitter: [Sat Mar 12 21:46:24 +0000 2016](https://twitter.com/adulau/status/708771147165335552)) +---- +RT @drscriptt: Give the heat somewhere to go. https://twitter.com/adulau/status/708692700284002305 + +(Originally on Twitter: [Sun Mar 13 07:49:58 +0000 2016](https://twitter.com/adulau/status/708923037949755392)) +---- +RT @spyblog: no SIM inserted in GSM/3G/4G Ipad or phone = still tracked by cell towers in case of emergency 999/112/911 calls @worrellscott… + +(Originally on Twitter: [Sun Mar 13 07:58:46 +0000 2016](https://twitter.com/adulau/status/708925255746772993)) +---- +The reasons for a malware author to put birthmarks are different from a software vendor. https://www.cs.arizona.edu/people/collberg/content/research/papers/myles05k-gram.pdf vs http://delivery.acm.org/10.1145/2880000/2875476/p41-vemparala.pdf + +(Originally on Twitter: [Sun Mar 13 09:09:47 +0000 2016](https://twitter.com/adulau/status/708943126581399552)) +---- +RT @rafi0t: Than moment when you spend an evening on multiprocessing with python, go to bed and solve it in in 30min in the morning with gn… + +(Originally on Twitter: [Sun Mar 13 12:26:49 +0000 2016](https://twitter.com/adulau/status/708992712263905281)) +---- +@kash_pande "Malware Detection Using Dynamic Birthmarks" seems dead indeed but was publicly available on the ACM website 2 hours ago. + +(Originally on Twitter: [Sun Mar 13 20:47:10 +0000 2016](https://twitter.com/adulau/status/709118626813632512)) +---- +@kash_pande Here is a copy of the paper http://www.foo.be/vemparala2016.pdf + +(Originally on Twitter: [Sun Mar 13 20:53:24 +0000 2016](https://twitter.com/adulau/status/709120196066283520)) +---- +@DSMeu or could we say instead "Level of neutrality will determine their success"? @AKrzyzanowska + +(Originally on Twitter: [Mon Mar 14 13:22:01 +0000 2016](https://twitter.com/adulau/status/709368992012574720)) +---- +My colleague @rommelfs plays experimental music while instrumenting malware, he is generating random noises from a bunch of JS alert boxes. + +(Originally on Twitter: [Mon Mar 14 15:08:22 +0000 2016](https://twitter.com/adulau/status/709395756386488326)) +---- +RT @xme: @adulau @rommelfs This reminds me the ‘snoop -a’ command on Solaris which used /dev/audio to “listen” to packets :-) + +(Originally on Twitter: [Mon Mar 14 17:26:58 +0000 2016](https://twitter.com/adulau/status/709430633366491136)) +---- +Sometime I wonder what is the most broken https://www.flickr.com/photos/adulau/25697455931/ the physical world or the "cyberspace". #photography #urbex + +(Originally on Twitter: [Mon Mar 14 20:17:32 +0000 2016](https://twitter.com/adulau/status/709473558116880384)) +---- +@thegrugq The blockchain is the new Godwin's law of technical proposals. + +(Originally on Twitter: [Tue Mar 15 07:30:18 +0000 2016](https://twitter.com/adulau/status/709642864293257216)) +---- +Sometime I wonder if the ISO pay-wall for the standards is just a way to finance some bureaucracy or just limit the review of the standards. + +(Originally on Twitter: [Tue Mar 15 21:58:29 +0000 2016](https://twitter.com/adulau/status/709861352110735361)) +---- +RT @reyammer: From Android ART (binary-only) to DEX? Yes, we can!™ (kinda). My writeup for #0ctf's "state of the ART" challenge: https://t.… + +(Originally on Twitter: [Wed Mar 16 05:43:48 +0000 2016](https://twitter.com/adulau/status/709978453823660032)) +---- +RT @angealbertini: 2 signed copies of PoC||GTFO (one issue 0x10, one 0x11) will be auctioned in the #TR16 charity. + +(Originally on Twitter: [Wed Mar 16 15:22:16 +0000 2016](https://twitter.com/adulau/status/710124029928194048)) +---- +I still think that silent fixes (with official disclosing 60 days later) in free software are much better than any other complex schemes. + +(Originally on Twitter: [Wed Mar 16 16:27:29 +0000 2016](https://twitter.com/adulau/status/710140440905969664)) +---- +@revskills No I'm not. If you announce and fix the same day, the timeslot of exploitation is usually bigger for adversaries. + +(Originally on Twitter: [Wed Mar 16 16:32:20 +0000 2016](https://twitter.com/adulau/status/710141663042248705)) +---- +@revskills Sure, I know. My point is just that the ratio of exploitation is maybe lower than a full announce done the same day of the fix. + +(Originally on Twitter: [Wed Mar 16 16:38:34 +0000 2016](https://twitter.com/adulau/status/710143229782523904)) +---- +@rafi0t Indeed. + +(Originally on Twitter: [Wed Mar 16 16:39:34 +0000 2016](https://twitter.com/adulau/status/710143481780502529)) +---- +@revskills Correct. The issue (I have) for choosing the strategy is that we don't have too much metrics on the exploitation aspects ;-) + +(Originally on Twitter: [Wed Mar 16 16:47:18 +0000 2016](https://twitter.com/adulau/status/710145425739792385)) +---- +RT @bluejay00: Interesting discussion between @adulau & @revskills about vuln. disclosure in free sw. Care to add @attritionorg ? https://t… + +(Originally on Twitter: [Wed Mar 16 16:55:00 +0000 2016](https://twitter.com/adulau/status/710147364179283968)) +---- +Wondering if adversaries are scanning and abusing TR-069, here is a TR-069 honeypot https://github.com/omererdem/honeything + +(Originally on Twitter: [Wed Mar 16 20:25:42 +0000 2016](https://twitter.com/adulau/status/710200390659252225)) +---- +@aeris22 Ils sont super actifs. + +(Originally on Twitter: [Wed Mar 16 20:46:13 +0000 2016](https://twitter.com/adulau/status/710205552933085184)) +---- +@DRX_Sicher It's a medium-interaction honeypot. One functionnaility is to create a fake CPE so attackers could leak more info. + +(Originally on Twitter: [Wed Mar 16 20:56:24 +0000 2016](https://twitter.com/adulau/status/710208117145997312)) +---- +RT @alexanderjaeger: People ask: „Why should I use MISP instead X Y Z?“ - answer: „it works“ @circl_lu @rafi0t + +(Originally on Twitter: [Thu Mar 17 07:23:47 +0000 2016](https://twitter.com/adulau/status/710366002849193984)) +---- +RT @MarieGMoe: APT research based on MISP data by @pinkflawd and @rafi0t #TR16 ![](media/710417576292192256-Cdvn1LGW4AA8Q5g.jpg) + +(Originally on Twitter: [Thu Mar 17 10:48:43 +0000 2016](https://twitter.com/adulau/status/710417576292192256)) +---- +RT @eitatli: Attending today #ETISCertSoc meeting in #Istanbul The topics are #redteaming #CSIRT #MISP #vulnerabilitymng #malwaredistributi… + +(Originally on Twitter: [Thu Mar 17 10:53:01 +0000 2016](https://twitter.com/adulau/status/710418655545315328)) +---- +RT @rafi0t: As promised, the code or our #TR16 talk with @pinkflawd is available here: https://github.com/MISP/data-processing Happy hacking! https://t.co/… + +(Originally on Twitter: [Thu Mar 17 15:21:22 +0000 2016](https://twitter.com/adulau/status/710486190902878208)) +---- +@LucDockendorf The talk is more about the current use of cryptocurrencies instead of cash, prepaid card by criminals. @secin_lu @circl_lu + +(Originally on Twitter: [Fri Mar 18 10:31:46 +0000 2016](https://twitter.com/adulau/status/710775697460088833)) +---- +RT @cudeso: Did you know that #MISP now also allows you to import #osint feeds from external providers? #threatintel ![](media/711469795175231488-Cd8d_uOWwAA2q4Z.jpg) + +(Originally on Twitter: [Sun Mar 20 08:29:52 +0000 2016](https://twitter.com/adulau/status/711469795175231488)) +---- +Started listing tools used by threat actors/adversaries https://github.com/MISP/misp-galaxy/blob/master/elements/threat-actor-tools.json for the next major version of MISP https://github.com/MISP/misp-galaxy/ + +(Originally on Twitter: [Sun Mar 20 08:46:13 +0000 2016](https://twitter.com/adulau/status/711473912383672320)) +---- +"To Du or not to Du: A Security Analysis of Du-Vote" https://hal.inria.fr/hal-01238894/document Such generic problem as ballot stuffing... @DavidGlaude + +(Originally on Twitter: [Mon Mar 21 07:25:23 +0000 2016](https://twitter.com/adulau/status/711815957191196672)) +---- +@aeris22 Another one, @Le_Figaro do a lot of funky tracking including WebRTC tracking... Have you disable media.peerconnection.enabled ? + +(Originally on Twitter: [Mon Mar 21 11:28:12 +0000 2016](https://twitter.com/adulau/status/711877063674863616)) +---- +@metaconflict We are three @Iglocska @rafi0t and @adulau ;-) + +(Originally on Twitter: [Mon Mar 21 19:42:56 +0000 2016](https://twitter.com/adulau/status/712001565809315840)) +---- +"Maltego Transform to put entities into MISP events" released https://github.com/MISP/MISPego + +(Originally on Twitter: [Mon Mar 21 22:06:36 +0000 2016](https://twitter.com/adulau/status/712037723524243457)) +---- +MISP modules is now part of MISP 2.4.28 to create easily your own expansion modules in Python https://github.com/MISP/misp-modules + +(Originally on Twitter: [Mon Mar 21 22:09:39 +0000 2016](https://twitter.com/adulau/status/712038489345368064)) +---- +RT @BrusselsAirport: There have been 2 explosions at the airport. Building is being evacuated. Don't come to the airport area. + +(Originally on Twitter: [Tue Mar 22 07:42:57 +0000 2016](https://twitter.com/adulau/status/712182766704664576)) +---- +RT @aszy: The EMV Protocol Fuzzer https://labs.mwrinfosecurity.com/system/assets/1137/original/MWR_InfoSecurity_POS_Fuzzer_v1_summary.pdf + +(Originally on Twitter: [Tue Mar 22 12:02:57 +0000 2016](https://twitter.com/adulau/status/712248195884126209)) +---- +Another good reason to keep your fixed phone line/PSTN at home +https://twitter.com/CrisiscenterBE/status/712266490146394113 + +(Originally on Twitter: [Tue Mar 22 13:22:48 +0000 2016](https://twitter.com/adulau/status/712268292581429248)) +---- +I like when @rafi0t is ranting about XML and STIX. It's just like putting milk in tea. #threatintelligence + +(Originally on Twitter: [Tue Mar 22 14:01:25 +0000 2016](https://twitter.com/adulau/status/712278008565010433)) +---- +RT @metaconflict: @adulau @Iglocska @rafi0t thanks for the great training and great organisation as usual.... 👍👍👍👍 @circl_lu + +(Originally on Twitter: [Tue Mar 22 18:20:02 +0000 2016](https://twitter.com/adulau/status/712343092611911681)) +---- +@metaconflict Thank you! Glad to see many people interested in information sharing. @Iglocska @rafi0t @circl_lu + +(Originally on Twitter: [Tue Mar 22 18:21:51 +0000 2016](https://twitter.com/adulau/status/712343549908545537)) +---- +RT @kptnpez: Big thanks to @circl_lu for hosting the MISP Training today - I really had a great time! Keep up the good work :) + +(Originally on Twitter: [Wed Mar 23 22:13:59 +0000 2016](https://twitter.com/adulau/status/712764355805331457)) +---- +RT @circl_lu: MISP training materials published including slides and virtual machine https://www.circl.lu/services/misp-training-materials/ #threatintel + +(Originally on Twitter: [Thu Mar 24 15:19:50 +0000 2016](https://twitter.com/adulau/status/713022519289188352)) +---- +Published the slides about MISP modules https://www.circl.lu/assets/files/misp-training/3.1-MISP-modules.pdf extending MISP with simple Python modules. https://github.com/MISP/misp-modules + +(Originally on Twitter: [Thu Mar 24 16:13:10 +0000 2016](https://twitter.com/adulau/status/713035942270005248)) +---- +RT @PassiveTotal: Completely rewrote the @PassiveTotal extension for newer versions of #MISP. Pull request in! https://github.com/MISP/misp-modules/pull/5 http… + +(Originally on Twitter: [Fri Mar 25 05:41:25 +0000 2016](https://twitter.com/adulau/status/713239345050886144)) +---- +@PassiveTotal Thank you very much! This is great. Pull request will be merged today. We will also fix the issues you mentioned. + +(Originally on Twitter: [Fri Mar 25 05:42:55 +0000 2016](https://twitter.com/adulau/status/713239719736381440)) +---- +@eromang Which back-door are you talking about? Any ref? I'm curious. + +(Originally on Twitter: [Fri Mar 25 08:34:57 +0000 2016](https://twitter.com/adulau/status/713283013107388416)) +---- +Special exploit kit dedication to @rafi0t @shrekts @alexanderjaeger ;-) https://twitter.com/jedisct1/status/713279190292893696 + +(Originally on Twitter: [Fri Mar 25 08:35:39 +0000 2016](https://twitter.com/adulau/status/713283190635540480)) +---- +@eromang It seems there is a confusion between CNE used by law-enforcement and back-doors. Do you have a source of the draft law? + +(Originally on Twitter: [Fri Mar 25 08:48:54 +0000 2016](https://twitter.com/adulau/status/713286524503252993)) +---- +@eromang The case from BKA was more CNE than a back-door as such. We should have the draft law for a better understanding. @CNPD_Luxembourg + +(Originally on Twitter: [Fri Mar 25 08:55:56 +0000 2016](https://twitter.com/adulau/status/713288296923840512)) +---- +@eromang In the case of BKA, you need to exploit your target in order to install a malware. A back-door is something permanent in the SLC. + +(Originally on Twitter: [Fri Mar 25 09:00:55 +0000 2016](https://twitter.com/adulau/status/713289547388481536)) +---- +@eromang It seems to be a matter of definition. In the case of broad definition of back-doors, every piece of RAT or malware is one? + +(Originally on Twitter: [Fri Mar 25 09:03:13 +0000 2016](https://twitter.com/adulau/status/713290130006663168)) +---- +@eromang So an A/V changing the control flow and exporting the PE for analysis will fall into the category too? + +(Originally on Twitter: [Fri Mar 25 09:07:27 +0000 2016](https://twitter.com/adulau/status/713291193497550848)) +---- +@eromang Sure. CNE is, in addition, very risky for law enforcement... + +(Originally on Twitter: [Fri Mar 25 09:21:43 +0000 2016](https://twitter.com/adulau/status/713294784140599297)) +---- +"A Colorimetric Sensor Array for Detection of Triacetone Triperoxide Vapor" +http://www.scs.illinois.edu/suslick/documents/jacs.tatp.2010.pdf for the media saying its undetectable. + +(Originally on Twitter: [Fri Mar 25 14:39:07 +0000 2016](https://twitter.com/adulau/status/713374658674966528)) +---- +@Tijgernest Maybe. Not sure about the detection of vapor. For liquid, it should be quite accurate for low concentration. + +(Originally on Twitter: [Fri Mar 25 21:02:19 +0000 2016](https://twitter.com/adulau/status/713471095085596672)) +---- +RT @eldracote: Malware with a periodicity of 6'40" in its C&C .@PaulosV . Update of 4am in the bottom. https://www.virustotal.com/en/file/8a17fcf6eec6f6ddcac7d459ce9b517610b091a242ddcbc88dee0fc68db2e125/analysis/ https://t.co… + +(Originally on Twitter: [Sat Mar 26 08:23:18 +0000 2016](https://twitter.com/adulau/status/713642471478190080)) +---- +"A house without books is like a room without windows." or a different self-portrait https://www.flickr.com/photos/adulau/25768610440/ #photography #sooc + +(Originally on Twitter: [Sat Mar 26 08:34:39 +0000 2016](https://twitter.com/adulau/status/713645325152567296)) +---- +An interesting "PDF parser and validator" including a PDF normalizer in a strict syntax. https://github.com/ANSSI-FR/caradoc + +(Originally on Twitter: [Sun Mar 27 06:16:09 +0000 2016](https://twitter.com/adulau/status/713972860663029760)) +---- +Curious about the current researches on acquiring disparate data sources for the intelligence communities? https://scholar.google.com/scholar?start=30&q=FA8650-10-C-7058+OR+FA8650-10-C-7059+OR+FA8650-10-C-7060+OR+FA8650-10-C-7061+OR+FA8650-10-C-7062&hl=en&as_sdt=0,47 + +(Originally on Twitter: [Sun Mar 27 20:30:04 +0000 2016](https://twitter.com/adulau/status/714187753509011456)) +---- +RT @circl_lu: MISP 2.4.30 released including bug fixes and new features in authentication, organization filtering, user management https://… + +(Originally on Twitter: [Mon Mar 28 07:50:56 +0000 2016](https://twitter.com/adulau/status/714359101359333376)) +---- +My mood of Today - "Bureaucracy, the rule of no one, has become the modern form of despotism." Mary McCarthy + +(Originally on Twitter: [Tue Mar 29 08:25:58 +0000 2016](https://twitter.com/adulau/status/714730307107348481)) +---- +RT @Iglocska: Threat Intel sharing sucks when you have to first convince your partners to purchase a product. + +(Originally on Twitter: [Tue Mar 29 09:44:23 +0000 2016](https://twitter.com/adulau/status/714750039776739328)) +---- +RT @SMSSecure_: Hey @CellTrust! Did you send the same letter to @whispersystems? ![](media/714895234174476288-CevODhgWEAAA4Ad.jpg) + +(Originally on Twitter: [Tue Mar 29 19:21:20 +0000 2016](https://twitter.com/adulau/status/714895234174476288)) +---- +What are the recommended CTPH / fuzzy hashing algorithms for very small chunk of data? + +(Originally on Twitter: [Tue Mar 29 20:56:49 +0000 2016](https://twitter.com/adulau/status/714919262440321024)) +---- +RT @MISPProject: MISP version 2.4.31 released including bug fixes and enhancement in the misp-modules support https://github.com/MISP/MISP #Thre… + +(Originally on Twitter: [Wed Mar 30 09:03:43 +0000 2016](https://twitter.com/adulau/status/715102194056503296)) +---- +@Serianox_ "...eliminate back-office jobs and costs." The journalist forgot to add "world peace" and a pony. + +(Originally on Twitter: [Thu Mar 31 19:31:18 +0000 2016](https://twitter.com/adulau/status/715622517365415937)) +---- +If you know more/other adversaries or tools used feel free to contribute https://github.com/MISP/misp-galaxy/blob/master/elements/adversary-groups.json https://github.com/MISP/misp-galaxy/blob/master/elements/threat-actor-tools.json @MISPProject + +(Originally on Twitter: [Sat Apr 02 07:57:24 +0000 2016](https://twitter.com/adulau/status/716172666382770176)) +---- +RT @eldracote: .@verovaleros in .@SecSessionCZ botnet creating custom passwords for login from the content of the website. https://t.co/NDM… + +(Originally on Twitter: [Sat Apr 02 12:28:41 +0000 2016](https://twitter.com/adulau/status/716240936540307456)) +---- +@cudeso I can confirm, they do it very often without a single identity proof... + +(Originally on Twitter: [Sat Apr 02 13:00:00 +0000 2016](https://twitter.com/adulau/status/716248819760017408)) +---- +"Active Cyber Defense Dynamics Exhibiting Rich Phenomena" +http://arxiv.org/pdf/1603.08314v1.pdf To summarize this paper, CNE and CND are just messy. + +(Originally on Twitter: [Sat Apr 02 18:56:02 +0000 2016](https://twitter.com/adulau/status/716338416275890176)) +---- +"Killing us slowly 4" Another photo in the photographic series of industries https://www.flickr.com/photos/adulau/26187339276/ #photography + +(Originally on Twitter: [Sun Apr 03 17:32:17 +0000 2016](https://twitter.com/adulau/status/716679730158833664)) +---- +. @wikileaks will you release the raw data of the #PanamaLeaks ? + +(Originally on Twitter: [Sun Apr 03 18:40:18 +0000 2016](https://twitter.com/adulau/status/716696845666398208)) +---- +RT @doegox: Video of my @WEareTROOPERS talk now available : https://www.youtube.com/watch?v=ws77zK4p9qs (slides: https://speakerdeck.com/doegox/hiding-your-white-box-designs-is-not-enough-1) #TR16 + +(Originally on Twitter: [Mon Apr 04 05:24:34 +0000 2016](https://twitter.com/adulau/status/716858981617115136)) +---- +RT @LucDockendorf: This is not a good day for the #EU. https://twitter.com/patrickkingsley/status/716843527485931521 + +(Originally on Twitter: [Mon Apr 04 05:26:53 +0000 2016](https://twitter.com/adulau/status/716859566059876352)) +---- +@evanderburg A note: "highly vetted" feed is the most difficult part. Sharing is a way to review and increase the vetting of the feeds. + +(Originally on Twitter: [Mon Apr 04 06:59:24 +0000 2016](https://twitter.com/adulau/status/716882846439317504)) +---- +Commitment of the NL government at #NCSC2016 to support the use of cryptography in the society. Glad to hear it publicly. + +(Originally on Twitter: [Tue Apr 05 07:48:58 +0000 2016](https://twitter.com/adulau/status/717257707665899520)) +---- +RT @circl_lu: If you are at #NCSC2016 and want to chat about information sharing and get some MISP stickers find out @adulau or @rafi0t cc… + +(Originally on Twitter: [Tue Apr 05 09:22:18 +0000 2016](https://twitter.com/adulau/status/717281197420912640)) +---- +Restrictive classification : "A scheme to limit the review of a document" + +(Originally on Twitter: [Wed Apr 06 10:29:28 +0000 2016](https://twitter.com/adulau/status/717660488327364608)) +---- +Someone could share one of their last dump that was available at "http://osvdb.org/file/dumps" ? +https://twitter.com/OSVDB/status/717598186114670592 + +(Originally on Twitter: [Wed Apr 06 10:46:19 +0000 2016](https://twitter.com/adulau/status/717664729146241024)) +---- +cve-search includes various feeds (not only the MITRE feeds) for software vulnerability, you can easily add others https://github.com/cve-search/cve-search + +(Originally on Twitter: [Wed Apr 06 10:54:23 +0000 2016](https://twitter.com/adulau/status/717666759768207360)) +---- +RT @martijn_grooten: The UK gov't never tried to ban encryption. Just encryption they couldn't read. More practically feasible. And thus mo… + +(Originally on Twitter: [Wed Apr 06 12:16:34 +0000 2016](https://twitter.com/adulau/status/717687442652979201)) +---- +Looks like the blacklight free software project will receive some free code reviews https://github.com/projectblacklight/blacklight +https://twitter.com/nark0polo/status/717473567286411266 + +(Originally on Twitter: [Wed Apr 06 21:24:46 +0000 2016](https://twitter.com/adulau/status/717825398424338432)) +---- +RT @circl_lu: Presentation of @pinkflawd and @rafi0t given at @WEareTROOPERS is now online https://www.circl.lu/pub/press/20160318/ about malware classifica… + +(Originally on Twitter: [Thu Apr 07 08:47:25 +0000 2016](https://twitter.com/adulau/status/717997194385747968)) +---- +RT @bortzmeyer: Est-ce que le réglement du concours des plus idiots amendements sur l'informatique est disponible quelque part ? https://t.… + +(Originally on Twitter: [Thu Apr 07 15:28:25 +0000 2016](https://twitter.com/adulau/status/718098108954124288)) +---- +RT @SushiDude: .@hellNbak_ VDB maintenance isn't just "data entry" tho - also need analytical/technical/diligence/writing/collaboration ski… + +(Originally on Twitter: [Thu Apr 07 15:45:03 +0000 2016](https://twitter.com/adulau/status/718102293175013376)) +---- +RT @belathoud: As usual, CIRCL is showing the way :) +It shows how a small but very dedicated team can shake the security landscape! https:/… + +(Originally on Twitter: [Fri Apr 08 12:23:30 +0000 2016](https://twitter.com/adulau/status/718413960798711808)) +---- +Today's world is just the eighties with the Internet. http://nypost.com/2016/04/07/why-new-york-city-has-to-beat-the-cancer-of-graffiti/ #graffiti #art + +(Originally on Twitter: [Sat Apr 09 09:02:31 +0000 2016](https://twitter.com/adulau/status/718725770592534528)) +---- +Malware Beaconing Detection by Mining Large-scale DNS Logs for Targeted Attack Identification http://www.waset.org/publications/10004242 + +(Originally on Twitter: [Sat Apr 09 09:16:25 +0000 2016](https://twitter.com/adulau/status/718729269434839040)) +---- +RT @fpietrosanti: A reminder about the use of cloud for sensitive information from investigative journalism activities #ijf16 https://t.co/… + +(Originally on Twitter: [Sat Apr 09 09:19:23 +0000 2016](https://twitter.com/adulau/status/718730015228227584)) +---- +RT @hack_lu: hack.lu 2016 - the infosec conference in Luxembourg. 18-20 October 2016 - @hack_lu cfp to be open very soon. https://t.co/VVA1… + +(Originally on Twitter: [Sat Apr 09 14:43:23 +0000 2016](https://twitter.com/adulau/status/718811550098800642)) +---- +@swannysec Good point. RFC1918 is also very important in network indicators but depends of analysis context. @chrisdoman @alienvault + +(Originally on Twitter: [Sun Apr 10 18:46:46 +0000 2016](https://twitter.com/adulau/status/719235188266557441)) +---- +RT @MISPProject: We have an interesting pull request for Kerberos authentication in MISP https://github.com/MISP/MISP/pull/976 Any volunteer for a securi… + +(Originally on Twitter: [Sun Apr 10 18:51:17 +0000 2016](https://twitter.com/adulau/status/719236326491602944)) +---- +@swannysec In MISP we have the signature whitelist functionality but we could add some default entries too. @chrisdoman @alienvault + +(Originally on Twitter: [Sun Apr 10 18:54:43 +0000 2016](https://twitter.com/adulau/status/719237188383305729)) +---- +@swannysec @chrisdoman @alienvault From Passive DNS, you can build a list but it doesn't help when the infrastructure is compromised too. + +(Originally on Twitter: [Sun Apr 10 20:17:36 +0000 2016](https://twitter.com/adulau/status/719258047403659264)) +---- +@SushiDude The CfP for @hack_lu 2016 will open very soon ;-) (12th edition) https://2016.hack.lu/blog/Call-for-Papers/ + +(Originally on Twitter: [Sun Apr 10 21:37:10 +0000 2016](https://twitter.com/adulau/status/719278072671924224)) +---- +RT @hack_lu: hack.lu 2016 call for papers and presentations is now open https://2016.hack.lu/cfp/ - https://2016.hack.lu/blog/Call-for-Papers/ #infosec #confer… + +(Originally on Twitter: [Mon Apr 11 07:01:06 +0000 2016](https://twitter.com/adulau/status/719419988407414784)) +---- +@TrendLabs @TrendMicro Thank you for sharing. MISP JSON files with the indicators available here https://www.circl.lu/doc/misp/feed-osint/570b9eee-6f60-41d4-bd1b-40d2950d210f.json @MISPProject + +(Originally on Twitter: [Mon Apr 11 13:02:40 +0000 2016](https://twitter.com/adulau/status/719510980347228160)) +---- +Is there an official statement from @EUparliament or @JunckerEU about the freedom to use encryption in Europe - HU? +https://twitter.com/Dunja_Mijatovic/status/718711766482608128 + +(Originally on Twitter: [Mon Apr 11 14:44:40 +0000 2016](https://twitter.com/adulau/status/719536650196500481)) +---- +So what's better http://badlock.org early 90-days silent fix before tam-tam or tam-tam without a fix? https://twitter.com/adulau/status/710140440905969664 + +(Originally on Twitter: [Tue Apr 12 06:51:34 +0000 2016](https://twitter.com/adulau/status/719779977877680128)) +---- +Attacks on Biometric Systems: A Case Study in Fingerprints +http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.10.7168&rep=rep1&type=pdf #biometrics + +(Originally on Twitter: [Tue Apr 12 20:33:14 +0000 2016](https://twitter.com/adulau/status/719986756876124164)) +---- +RT @bartblaze: @bartblaze +Sample: +https://www.reverse.it/sample/45aa5036f15dd16ee1f2b2183cfb26459dcec1c8a6bd5ffe66926419d97c5006?environmentId=4 +Info: https://www.circl.lu/pub/tr-23/ && http://researchcenter.paloaltonetworks.com/2014/08/new-release-decrypting-netwire-c2-traffic/ + +(Originally on Twitter: [Tue Apr 12 20:37:13 +0000 2016](https://twitter.com/adulau/status/719987760304693249)) +---- +RT @doegox: Just pushed a 4th tutorial on how to break white-boxes, here Karroumi https://github.com/SideChannelMarvels/Deadpool/wiki/Tutorial-%234:-DCA-against-Karroumi-2010-challenge @WEareTROOPERS https://t.co/1pdeZ… + +(Originally on Twitter: [Wed Apr 13 04:43:06 +0000 2016](https://twitter.com/adulau/status/720110037394440193)) +---- +RT @MISPProject: What's cooking in MISP development - Sighting support to be added in the next version - a preview about the API https://t.… + +(Originally on Twitter: [Wed Apr 13 20:18:16 +0000 2016](https://twitter.com/adulau/status/720345378579619840)) +---- +RT @doegox: . @rafi0t malware analyst presenting his findings at a hacking conf. (Leiden Anatomy Theatre 1609) @WEareTROOPERS https://t.co/… + +(Originally on Twitter: [Thu Apr 14 19:15:02 +0000 2016](https://twitter.com/adulau/status/720691855218896897)) +---- +Pafish is a tool using several techniques to detect sandboxes/analysis tools https://github.com/a0rtega/pafish a nice tricks collection by @a0rtega + +(Originally on Twitter: [Fri Apr 15 10:57:00 +0000 2016](https://twitter.com/adulau/status/720928906719731712)) +---- +RT @___wr___: .@doegox Side-Channel Attacks on Human Brain (thesis proposal, description in french) http://perso.uclouvain.be/vincent.legat/teaching/iCampusOpen/memoShow.php?id=mJKV&type=proposition +#SideChannelMar… + +(Originally on Twitter: [Fri Apr 15 10:57:57 +0000 2016](https://twitter.com/adulau/status/720929146755530753)) +---- +"Voynich Manuscript coding and decoding methods. Part 1" +https://arxiv.org/abs/1604.04149 + +(Originally on Twitter: [Fri Apr 15 12:48:41 +0000 2016](https://twitter.com/adulau/status/720957014852153344)) +---- +@ToolsWatch Keep it accessible. That's useful to everyone including for various free software including https://github.com/cve-search/ @pidgeyL + +(Originally on Twitter: [Fri Apr 15 17:17:43 +0000 2016](https://twitter.com/adulau/status/721024717302444034)) +---- +Another recommendation for malware authors: "DNS exfiltration, beaconing and c&c with 8.8.8.8" simple, excluded from IOCs and white-listed. + +(Originally on Twitter: [Sun Apr 17 18:58:31 +0000 2016](https://twitter.com/adulau/status/721774860880519168)) +---- +RT @ValaAfshar: Don't be impressed by: +1 money +2 titles +3 degrees +4 fancy talk + +Be impressed by: +1 generosity +2 integrity +3 humility +4 sh… + +(Originally on Twitter: [Sun Apr 17 19:15:03 +0000 2016](https://twitter.com/adulau/status/721779022871597056)) +---- +RT @jpgoldberg: Back door analogy from @SMBCComics http://smbc-comics.com/index.php?id=4083 ![](media/721923956643667972-CgSYn5jVIAApUR7.jpg) + +(Originally on Twitter: [Mon Apr 18 04:50:58 +0000 2016](https://twitter.com/adulau/status/721923956643667972)) +---- +@ncweaver I have seen cases where this was sent over Ethernet VC or PtP link in clear-text. + +(Originally on Twitter: [Mon Apr 18 15:10:00 +0000 2016](https://twitter.com/adulau/status/722079743068225536)) +---- +RT @circl_lu: Curious about what kind of indicators are often shared in @MISPProject ? https://www.circl.lu/doc/misp-stats/attributes.json https://www.circl.lu/doc/misp-stats/categories.json #Thr… + +(Originally on Twitter: [Mon Apr 18 18:09:49 +0000 2016](https://twitter.com/adulau/status/722124994222899200)) +---- +RT @FredericJacobs: Viber’s encryption appears to be a custom C++ implementation. Super reassuring they use MD5 for attachments. https://t.… + +(Originally on Twitter: [Tue Apr 19 19:28:47 +0000 2016](https://twitter.com/adulau/status/722507251790049280)) +---- +RT @thegrugq: solid security advice for drug dealers: "Be white and dress/look like a librarian." + +https://www.reddit.com/r/DarkNetMarkets/comments/4f0lzj/irl_dealer_opsec_tips_everyone_give_me_your/d257s5k + +(Originally on Twitter: [Wed Apr 20 08:33:25 +0000 2016](https://twitter.com/adulau/status/722704714962505728)) +---- +RT @MarieGMoe: @sawaba @itgirljs I needed encouragement to do the "Unpatchable" talk at @hack_lu and @ccc. Thanks to @adulau @blackswanburs… + +(Originally on Twitter: [Wed Apr 20 08:53:36 +0000 2016](https://twitter.com/adulau/status/722709791836139520)) +---- +"By default, WMI events are not traced." https://msdn.microsoft.com/en-us/library/windows/desktop/aa826686(v=vs.85).aspx - http://pastebin.com/raw/0SNSvyjJ To add in the notes of http://pastebin.com/raw/0SNSvyjJ + +(Originally on Twitter: [Wed Apr 20 20:09:03 +0000 2016](https://twitter.com/adulau/status/722879776222916609)) +---- +@jedisct1 Maybe it was again one of the broken "PGP implementation" on Blackberry? + +(Originally on Twitter: [Thu Apr 21 12:54:28 +0000 2016](https://twitter.com/adulau/status/723132796777037824)) +---- +@X_Cli We are not on Friday ;-) @jedisct1 + +(Originally on Twitter: [Thu Apr 21 13:05:19 +0000 2016](https://twitter.com/adulau/status/723135526925000704)) +---- +A special dedication to the @SNCB "Waiting for a train..." +https://www.flickr.com/photos/adulau/26497925911/ #photography + +(Originally on Twitter: [Thu Apr 21 20:08:12 +0000 2016](https://twitter.com/adulau/status/723241948258156544)) +---- +@SleuthKid Good idea. I'll add it in the #MISP warning lists. @MISPProject + +(Originally on Twitter: [Thu Apr 21 21:03:31 +0000 2016](https://twitter.com/adulau/status/723255869727715328)) +---- +Thanks to @gouv_lu to ask for the shut-down of Doel 3 and Tihange 2 until further analysis are performed. http://www.gouvernement.lu/5929024/22-conseil-gouvernement #Belgium + +(Originally on Twitter: [Fri Apr 22 15:45:37 +0000 2016](https://twitter.com/adulau/status/723538257326297088)) +---- +Here is what happens when you stay too long in standardization committees and you are bored. http://pastebin.com/XURia1Ww + +(Originally on Twitter: [Fri Apr 22 15:55:27 +0000 2016](https://twitter.com/adulau/status/723540731999182848)) +---- +Some new tools and trojan added like SPIVY, Laziok and PWOBot https://github.com/MISP/misp-galaxy/blob/master/elements/threat-actor-tools.json PR welcome + +(Originally on Twitter: [Fri Apr 22 20:33:04 +0000 2016](https://twitter.com/adulau/status/723610595598176256)) +---- +RT @MISPProject: MISP 2.4.38 released including warning list support, many fixes and improvement. https://github.com/MISP/MISP/ #infosec https://… + +(Originally on Twitter: [Sat Apr 23 15:11:25 +0000 2016](https://twitter.com/adulau/status/723892035476959233)) +---- +A nice challenge for DoD having "Sensitive Compartmented Information" and "information sharing" in the same doc https://cryptome.org/dodi/2016/dodi-5200-01.pdf + +(Originally on Twitter: [Sat Apr 23 19:12:32 +0000 2016](https://twitter.com/adulau/status/723952717274722305)) +---- +@SushiDude for @hack_lu 2016 PC we tried to improve (and still looking for additional PC members) https://2016.hack.lu/cfp/users?t=pc @selenakyle + +(Originally on Twitter: [Sat Apr 23 20:18:39 +0000 2016](https://twitter.com/adulau/status/723969352765190144)) +---- +@selenakyle @SushiDude @hack_lu is mainly for the infosec and hacking community, it's the 12th edition of the conference. + +(Originally on Twitter: [Sat Apr 23 20:28:21 +0000 2016](https://twitter.com/adulau/status/723971797801132032)) +---- +@selenakyle @wimremes @blackswanburst Sure let me know. We will be glad to have you on board. @hack_lu + +(Originally on Twitter: [Sun Apr 24 07:56:27 +0000 2016](https://twitter.com/adulau/status/724144959985688576)) +---- +RT @blackswanburst: Part of the reason my circle of hacker friends has a good gender balance is @hack_lu Please continue that tradition! ht… + +(Originally on Twitter: [Sun Apr 24 07:58:53 +0000 2016](https://twitter.com/adulau/status/724145576133169156)) +---- +@bortzmeyer Interesting. Any good existing implementation of DNCP in free software? @Seb_Net + +(Originally on Twitter: [Sun Apr 24 08:02:25 +0000 2016](https://twitter.com/adulau/status/724146464356753408)) +---- +Trying to explain my photographic addiction to trees... +https://www.foo.be/photoblog/posts/A%20photographic%20addiction%20to%20trees.html #photography #trees + +(Originally on Twitter: [Sun Apr 24 20:06:25 +0000 2016](https://twitter.com/adulau/status/724328664876355586)) +---- +If you plan to compromise a company, you don't need to be lucky to find CentOS installation with outdated PHP. This is enterprise practises. + +(Originally on Twitter: [Mon Apr 25 19:57:29 +0000 2016](https://twitter.com/adulau/status/724688804079108096)) +---- +@iteanu marrant, ce n'est pas le cas pour le flashage/numérisation chez les imprimeurs pour le compte d'un éditeur n'ayant pas les droits. + +(Originally on Twitter: [Mon Apr 25 20:10:59 +0000 2016](https://twitter.com/adulau/status/724692201951866886)) +---- +http://www.zerohedge.com/news/2016-04-25/computer-virus-discovered-german-nuclear-power-plant I don't know why but reading "system built in 2008" I read it like this "system never patched from 2008". + +(Originally on Twitter: [Tue Apr 26 06:32:57 +0000 2016](https://twitter.com/adulau/status/724848722631364608)) +---- +RT @FabianEberhard: "Erdogan + goats = True Love" +Graffiti on a train in Switzerland (pic: @molinafab) ![](media/725225199533211648-Cg_Ne6sWUAEK8fa.jpg) + +(Originally on Twitter: [Wed Apr 27 07:28:56 +0000 2016](https://twitter.com/adulau/status/725225199533211648)) +---- +We recently found that @Rita_Bre is the Credit-Card Cerberus. The CCC acronym led us to some confusion. @rommelfs @rafi0t + +(Originally on Twitter: [Wed Apr 27 09:01:45 +0000 2016](https://twitter.com/adulau/status/725248560543993857)) +---- +RT @vhutsebaut: @thalesgroup @sth4ck Bravo! (heuu en passant je ne bosse pas chez Thales, donc soit vous m'engagez soit vous corrigez votre… + +(Originally on Twitter: [Wed Apr 27 12:00:23 +0000 2016](https://twitter.com/adulau/status/725293512804171776)) +---- +RT @MISPProject: MISP 2.4.39 has been released including S/MIME support in addition to PGP. https://github.com/MISP/MISP/ http://www.misp-project.org/Changelog.txt + +(Originally on Twitter: [Wed Apr 27 15:21:59 +0000 2016](https://twitter.com/adulau/status/725344246878838784)) +---- +@CYINT_dude If you need to classify a lot of acquired evidences and want to focus on a specific actor 63b720b261ce3bc0756f449724a27b0b + +(Originally on Twitter: [Wed Apr 27 18:34:22 +0000 2016](https://twitter.com/adulau/status/725392660727533569)) +---- +@Regiteric Indeed, very nice stencil. It's from the @FaileArt studio. @_c_o_n_t_a_c_t_ + +(Originally on Twitter: [Wed Apr 27 18:57:44 +0000 2016](https://twitter.com/adulau/status/725398541556965376)) +---- +Don't assume that your proprietary SIEM keeps the raw logs, this is not often the case. Logs are mangled, modified and often truncated. + +(Originally on Twitter: [Wed Apr 27 19:35:01 +0000 2016](https://twitter.com/adulau/status/725407926152736769)) +---- +@FredLB Send a raw log to your proprietary SIEM and try to extract a raw copy of the logs. If the output matches you are safe, if not... + +(Originally on Twitter: [Thu Apr 28 04:36:45 +0000 2016](https://twitter.com/adulau/status/725544255058374656)) +---- +@PowerDNS_Bert If they do pull request and contribution, it's usually fine. But if they don't RTFM before, it starts to be annoying. + +(Originally on Twitter: [Thu Apr 28 09:39:04 +0000 2016](https://twitter.com/adulau/status/725620335480037376)) +---- +@kyrah If you have some details that you could share for PGP... + +(Originally on Twitter: [Fri Apr 29 04:54:17 +0000 2016](https://twitter.com/adulau/status/725911057705791488)) +---- +I bring some chocolate today at the office to celebrate the signing of the Chemical Weapons Convention which outlaws chemical weapons. + +(Originally on Twitter: [Fri Apr 29 06:26:39 +0000 2016](https://twitter.com/adulau/status/725934302374940673)) +---- +RT @hack_lu: We just received the @hack_lu 2016 stickers. You want some? drop an email to info(AT)hack(DOT)lu with your address. https://t.… + +(Originally on Twitter: [Fri Apr 29 08:36:42 +0000 2016](https://twitter.com/adulau/status/725967029841367041)) +---- +. @CiscoSecurity software-defined segmentation? You mean adding more software to reduce the attack surface of existing software? + +(Originally on Twitter: [Fri Apr 29 09:54:05 +0000 2016](https://twitter.com/adulau/status/725986502564519936)) +---- +RT @JDMiron: @adulau Voici un dessin d'après une de photos coup cœur ! ![](media/726506575251255298-ChUDASUUgAI_aVq.jpg) + +(Originally on Twitter: [Sat Apr 30 20:20:40 +0000 2016](https://twitter.com/adulau/status/726506575251255298)) +---- +@JDMiron Superbe! Heureux de voir cette nouvelle perspective https://www.flickr.com/photos/adulau/22126957171/ #photography + +(Originally on Twitter: [Sat Apr 30 20:27:40 +0000 2016](https://twitter.com/adulau/status/726508338939310082)) +---- +Optical music at @LESARALUNAIRES https://www.flickr.com/photos/adulau/26669545421/ #photography + +(Originally on Twitter: [Sat Apr 30 20:41:55 +0000 2016](https://twitter.com/adulau/status/726511925409009664)) +---- +cve-search version 2.0 released https://github.com/cve-search/cve-search - migration doc https://github.com/cve-search/UpdateLog/blob/master/v1_to_v2/db_actions.md with the plug-ins framework by @pidgeyL + +(Originally on Twitter: [Sun May 01 20:07:26 +0000 2016](https://twitter.com/adulau/status/726865634148114432)) +---- +The circle of life https://www.flickr.com/photos/adulau/26757106045/ #photography #trees + +(Originally on Twitter: [Sun May 01 20:19:57 +0000 2016](https://twitter.com/adulau/status/726868784615702528)) +---- +With the recent Craig Wright statement(s), some people are just rolling on the floor laughing. + +(Originally on Twitter: [Mon May 02 08:11:28 +0000 2016](https://twitter.com/adulau/status/727047842234261504)) +---- +RT @PassiveTotal: See if @MISPProject and @PassiveTotal could be a good fit for your organization in this quick video overview. https://t.c… + +(Originally on Twitter: [Mon May 02 15:27:09 +0000 2016](https://twitter.com/adulau/status/727157487812632577)) +---- +RT @hanno: 273 moduli and gcd results from full keyserver dataset /cc @solardiz https://github.com/hannob/pgpmoduli (getting corresponding keys will ta… + +(Originally on Twitter: [Mon May 02 18:02:29 +0000 2016](https://twitter.com/adulau/status/727196576448393221)) +---- +"Quotations are useful in periods of ignorance or obscurantist beliefs." Thanks to Guy Debord to summarize Twitter in such good terms. ;-) + +(Originally on Twitter: [Mon May 02 19:53:33 +0000 2016](https://twitter.com/adulau/status/727224530490527745)) +---- +RT @stevesantorelli: using pDNS logs to spot malicious activity on your networks: what to look for for low FPs http://buff.ly/1Ob7rez http… + +(Originally on Twitter: [Mon May 02 20:02:10 +0000 2016](https://twitter.com/adulau/status/727226696823410688)) +---- +RT @thegrugq: ![](media/727227720883687425-ChefQQfUcAAe2yU.jpg) + +(Originally on Twitter: [Mon May 02 20:06:14 +0000 2016](https://twitter.com/adulau/status/727227720883687425)) +---- +RT @doegox: Maybe Satoshi did the same mistake as James Howells and can't prove himself anymore https://www.theguardian.com/technology/2013/nov/27/hard-drive-bitcoin-landfill-site https://t.co/cjHOZZ… + +(Originally on Twitter: [Tue May 03 07:03:43 +0000 2016](https://twitter.com/adulau/status/727393180182831104)) +---- +@ralphholz For easily expressing key and value? + +(Originally on Twitter: [Tue May 03 13:36:43 +0000 2016](https://twitter.com/adulau/status/727492082810630145)) +---- +@ralphholz In this case, the JSON array is maybe already too much. So the CSV makes sense... + +(Originally on Twitter: [Tue May 03 13:39:13 +0000 2016](https://twitter.com/adulau/status/727492713688514560)) +---- +RT @damienmiller: An update on SSH protocol 1 + +https://lists.mindrot.org/pipermail/openssh-unix-dev/2016-May/035069.html + +(Originally on Twitter: [Thu May 05 09:24:33 +0000 2016](https://twitter.com/adulau/status/728153399997370369)) +---- +The Myth of Software and Hardware Vulnerability Management +https://www.foo.be/2016/05/The_Myth_of_Vulnerability_Management/ + +(Originally on Twitter: [Thu May 05 13:27:32 +0000 2016](https://twitter.com/adulau/status/728214547887210496)) +---- +Extracting again all the CRL URLs and OCSP from a huge set of certificates and again it's a great opportunity for ex-filtration. + +(Originally on Twitter: [Thu May 05 14:43:54 +0000 2016](https://twitter.com/adulau/status/728233768444645378)) +---- +@ToolsWatch Thank you. We really need to have vendors supporting more our works (in vFeed and cve-search) by providing data. @circl_lu + +(Originally on Twitter: [Thu May 05 16:03:20 +0000 2016](https://twitter.com/adulau/status/728253758233292801)) +---- +"Darknet as a Source of Cyber Intelligence: +Survey, Taxonomy and Characterization" +https://www.researchgate.net/profile/Claude_Fachkha/publication/283827224_Darknet_as_a_Source_of_Cyber_Intelligence_Survey_Taxonomy_and_Characterization/links/5656265a08ae1ef92979db33.pdf + +(Originally on Twitter: [Fri May 06 04:52:48 +0000 2016](https://twitter.com/adulau/status/728447400201748481)) +---- +RT @MISPProject: We created MISP taxonomies 6 months ago, we have more than 16 default taxonomies https://github.com/MISP/misp-taxonomies and there are 5 n… + +(Originally on Twitter: [Fri May 06 20:20:16 +0000 2016](https://twitter.com/adulau/status/728680802138099713)) +---- +RT @circl_lu: libpam-sshauth vulnerability might allow context-dependent attackers to bypass authentication or gain privileges https://t.co… + +(Originally on Twitter: [Sat May 07 05:41:42 +0000 2016](https://twitter.com/adulau/status/728822093794689024)) +---- +Doing bug hunting of "5.2.4.1. Subpacket Hints" in RFC4880 to discover that everyone can have multiple feelings with expiration validations. + +(Originally on Twitter: [Sat May 07 07:32:42 +0000 2016](https://twitter.com/adulau/status/728850025871200256)) +---- +@CthulhuSec http://jsimlo.sk/griddlers/ @codermange @DeftNerd + +(Originally on Twitter: [Sun May 08 09:03:33 +0000 2016](https://twitter.com/adulau/status/729235279765241856)) +---- +I still wonder who said having slides requiring JavaScript to be viewable is an improvement. This is just a torture. + +(Originally on Twitter: [Sun May 08 09:55:58 +0000 2016](https://twitter.com/adulau/status/729248469102276608)) +---- +RT @bortzmeyer: A small DNS trick to see Sci-Hub despite censorship attempts http://www.bortzmeyer.org/sci-hub-dns.html + +(Originally on Twitter: [Sun May 08 16:38:32 +0000 2016](https://twitter.com/adulau/status/729349780506333184)) +---- +@drscriptt Not really sure where JS can be of a help especially on indexing, readability and archiving aspects. Maybe I'm too old school... + +(Originally on Twitter: [Sun May 08 19:18:57 +0000 2016](https://twitter.com/adulau/status/729390146706100224)) +---- +RT @Iglocska: @zenithar @MISPProject It sure is, simply create a MISP taxonomy JSON and drop it in the taxonomy dir. We always welcome pull… + +(Originally on Twitter: [Mon May 09 20:46:58 +0000 2016](https://twitter.com/adulau/status/729774687044182016)) +---- +RT @JohnDCook: "I'm confident that only minimalism will work. We've tried maximalism and it's just not effective." -- Douglas Crockford on… + +(Originally on Twitter: [Tue May 10 04:40:32 +0000 2016](https://twitter.com/adulau/status/729893865197604864)) +---- +@alexanderjaeger It will be sooner. Maybe @blackswanburst will join us in Seoul for doing some "stuff" ;-) @rafi0t + +(Originally on Twitter: [Wed May 11 21:02:56 +0000 2016](https://twitter.com/adulau/status/730503479010201600)) +---- +RT @maradydd: I don't know why anyone bitches about parentheses in Lisp when Java exists + +(Originally on Twitter: [Thu May 12 04:42:38 +0000 2016](https://twitter.com/adulau/status/730619167162830849)) +---- +RT @blackswanburst: @pinkflawd @rafi0t @adulau Anybody up for this? It'd be nice toolsmith with you folks. +https://citizenlab.org/summerinstitute/2016.html + +(Originally on Twitter: [Thu May 12 08:48:12 +0000 2016](https://twitter.com/adulau/status/730680964691660800)) +---- +RT @circl_lu: Data Mining in Incident Response - Challenges and Opportunities https://www.circl.lu/assets/files/circl-datamining-incidentresponse.pdf slides presented at @uni_lu https://… + +(Originally on Twitter: [Fri May 13 13:58:18 +0000 2016](https://twitter.com/adulau/status/731121394646405120)) +---- +"Equihash: Asymmetric Proof-of-Work Based on the Generalized Birthday Problem" https://www.internetsociety.org/sites/default/files/blogs-media/equihash-asymmetric-proof-of-work-based-generalized-birthday-problem.pdf by @alexcryptan + +(Originally on Twitter: [Fri May 13 14:11:11 +0000 2016](https://twitter.com/adulau/status/731124637871046656)) +---- +I suppose they will translate the Streisand effect in France to "l'effet Baupin" very soon. https://blogs.mediapart.fr/edwy-plenel/blog/120516/denis-baupin-demande-mediapart-de-se-censurer + +(Originally on Twitter: [Fri May 13 15:21:11 +0000 2016](https://twitter.com/adulau/status/731142250382675970)) +---- +wood Reverse Engineering https://www.flickr.com/photos/adulau/26965247941/ #photography + +(Originally on Twitter: [Sun May 15 18:52:37 +0000 2016](https://twitter.com/adulau/status/731920237046706176)) +---- +500 years of Hieronymus Bosch https://www.flickr.com/photos/adulau/27012905086/ nice art-exhibition within the city of +@shertogenbosch #photography + +(Originally on Twitter: [Mon May 16 10:59:31 +0000 2016](https://twitter.com/adulau/status/732163566674055168)) +---- +Wondering about the security of some "Mobile Banking application". An interesting case... https://boris.in/blog/2016/the-bank-job/ + +(Originally on Twitter: [Mon May 16 12:30:28 +0000 2016](https://twitter.com/adulau/status/732186453854294016)) +---- +RT @ietf: The IESG Retreat: Connecting and looking ahead to find ways to make the IETF work better: https://www.ietf.org/blog/2016/05/iesg-retreat-2/ https://t.co/ht… + +(Originally on Twitter: [Mon May 16 16:30:42 +0000 2016](https://twitter.com/adulau/status/732246908291452928)) +---- +just did my second pond in the garden to attract more diversity. Now I wait for the rain. #biodiversity ![](media/732249384927285248-Cil47sBWgAQm7u9.jpg) + +(Originally on Twitter: [Mon May 16 16:40:32 +0000 2016](https://twitter.com/adulau/status/732249384927285248)) +---- +RT @elceef: Radically improved Volatility Framework plugin for recovering BitLocker encryption keys (FVEK): https://github.com/elceef/bitlocker #DFIR + +(Originally on Twitter: [Tue May 17 19:03:58 +0000 2016](https://twitter.com/adulau/status/732647867731615744)) +---- +I hope that @wborsus and @maggie_deblock will vote in favour of the public health tomorrow and not for the interest of the chemical sector. + +(Originally on Twitter: [Tue May 17 19:06:30 +0000 2016](https://twitter.com/adulau/status/732648507484557312)) +---- +If you see in a report "a weak cyber-posture" this probably means "they don't give a sh*t to secure their infrastructure". #cybersecurity + +(Originally on Twitter: [Wed May 18 04:47:08 +0000 2016](https://twitter.com/adulau/status/732794626940227586)) +---- +@2xyo @paulvixie @Kaplan_CERTat There is still a small typo to correct in ABNF grammar, we will release (I hope) a last draft before pub. + +(Originally on Twitter: [Wed May 18 13:55:21 +0000 2016](https://twitter.com/adulau/status/732932591846891520)) +---- +@2xyo @paulvixie @Kaplan_CERTat https://github.com/adulau/pdns-qof/commit/9e23c318fad725b655963dc82cae491e83c6aaed if you have any PR in mean time let us know. thx. + +(Originally on Twitter: [Wed May 18 13:58:05 +0000 2016](https://twitter.com/adulau/status/732933279746248704)) +---- +If you want to submit a security analysis of OpenPGP here is a good opportunity https://gnupg.org/conf/cfp.html OpenPGP conference + +(Originally on Twitter: [Wed May 18 14:58:24 +0000 2016](https://twitter.com/adulau/status/732948458714320896)) +---- +RT @SushiDude: I want negative results too, but who'd be brave enough to admit it? They "fail" once somebody else finds a vuln https://t.co… + +(Originally on Twitter: [Thu May 19 21:45:30 +0000 2016](https://twitter.com/adulau/status/733413296229867520)) +---- +RT @ChiOnwurah: I've written to Energy Secretary asking her whether she meant to say that Energy companies own smart meter data: https://t.… + +(Originally on Twitter: [Thu May 19 21:47:44 +0000 2016](https://twitter.com/adulau/status/733413856245092352)) +---- +If you operate a huge botnet infrastructure, the dead man's switch approach is not too bad when you are stuck at a law enforcement agency. + +(Originally on Twitter: [Thu May 19 21:57:32 +0000 2016](https://twitter.com/adulau/status/733416324857094144)) +---- +"Attribution of Cyber Attacks on Industrial Control Systems" +https://www.researchgate.net/profile/Leandros_Maglaras/publication/293811556_Attribution_of_Cyber_Attacks_on_Industrial_Control_Systems/links/56bc70dd08aebaa770e863de.pdf + +(Originally on Twitter: [Sat May 21 11:32:51 +0000 2016](https://twitter.com/adulau/status/733983892261208064)) +---- +@Timo_Steffens Indeed, they only focus on the acquisition problems. Maybe this is due to the lack of public datasets for analysis? @RidT + +(Originally on Twitter: [Sat May 21 14:18:29 +0000 2016](https://twitter.com/adulau/status/734025574990131200)) +---- +RT @Astantler: "It is easy and cheap to make complex systems. It is difficult and expensive to make simple ones that do the same work" @hin… + +(Originally on Twitter: [Sun May 22 21:12:53 +0000 2016](https://twitter.com/adulau/status/734492250579820544)) +---- +"Potential mass surveillance and privacy violations in proximity-based social applications" #privacy https://arxiv.org/pdf/1605.06533v1.pdf + +(Originally on Twitter: [Tue May 24 12:07:32 +0000 2016](https://twitter.com/adulau/status/735079784573718528)) +---- +Security fraud in Europe's "Quantum Manifesto" +https://blog.cr.yp.to/20160516-quantum.html + +(Originally on Twitter: [Tue May 24 18:24:06 +0000 2016](https://twitter.com/adulau/status/735174549852000256)) +---- +@zoobab You are trolling so early in the week.... @rafi0t + +(Originally on Twitter: [Wed May 25 09:11:50 +0000 2016](https://twitter.com/adulau/status/735397954861826048)) +---- +What could go wrong when you have a photographer in a military plane? https://scontent-ams3-1.xx.fbcdn.net/t31.0-8/13235602_1703870233212444_1781506890891396100_o.jpg + +(Originally on Twitter: [Wed May 25 12:48:09 +0000 2016](https://twitter.com/adulau/status/735452392687325184)) +---- +Alors le vote de la proposition de loi en faveur du service minimum @SNCB ? C'est pour quand @lecdh @Ecolo @mr_officiel @de_NVA @PSofficiel + +(Originally on Twitter: [Thu May 26 07:40:05 +0000 2016](https://twitter.com/adulau/status/735737253754863617)) +---- +RT @MISPProject: Would you join a @MISPProject #hackathon in Luxembourg on Thursday 4th august 2016? #threatintel #coding #hackdoc + +(Originally on Twitter: [Thu May 26 09:19:33 +0000 2016](https://twitter.com/adulau/status/735762284480335873)) +---- +RT @fbon: « still photography vs videography » par @adulau http://www.foo.be/photoblog/posts/still-photography-versus-videography.html *** + +(Originally on Twitter: [Sat May 28 08:22:12 +0000 2016](https://twitter.com/adulau/status/736472629356449792)) +---- +Sur le même sujet, un excellent billet de @fbon sur http://www.tierslivre.net/krnk/spip.php?article1913 "ne plus faire de photos ou si quand même" #photographie + +(Originally on Twitter: [Sat May 28 08:23:34 +0000 2016](https://twitter.com/adulau/status/736472975315226624)) +---- +@fbon Je suis principalement sur flickr https://www.flickr.com/photos/adulau/ mais c'est un vieux dilemme. Choisir R'lyeh ou Iram ? + +(Originally on Twitter: [Sat May 28 08:29:13 +0000 2016](https://twitter.com/adulau/status/736474395997278208)) +---- +RT @otti_sat: Around 500kHz wide data signal on 1691MHz from Meteosat, with #airspy and 120cm Inmarsat-B umbrella dish https://t.co/7GMIZZy… + +(Originally on Twitter: [Sat May 28 08:34:34 +0000 2016](https://twitter.com/adulau/status/736475742960246784)) +---- +RT @a_z_e_t: #IETF credo: "we believe in rough consensus, running code, five star hotels in exotic places & 800$ for attendance to particip… + +(Originally on Twitter: [Sat May 28 12:07:23 +0000 2016](https://twitter.com/adulau/status/736529297645686784)) +---- +RT @paddyncl: @josephbonneau "Bitcoin mining using around 500 MW, about 1 power station" less than I expected!! #btcschool https://t.co/Ej6… + +(Originally on Twitter: [Mon May 30 14:04:50 +0000 2016](https://twitter.com/adulau/status/737283631404699652)) +---- +"Helping Johnny to Analyze Malware - A Usability-Optimized Decompiler and Malware Analysis User Study" http://www.ieee-security.org/TC/SP2016/papers/0824a158.pdf + +(Originally on Twitter: [Tue May 31 04:52:52 +0000 2016](https://twitter.com/adulau/status/737507112473886720)) +---- +@MalwareTechBlog Very interesting. How did you calculate the pay up rate? BTC addresses are not different per sample/install? + +(Originally on Twitter: [Tue May 31 07:44:32 +0000 2016](https://twitter.com/adulau/status/737550312630714368)) +---- +@SNCB Quelle est la procédure d'extension gratuite d'une semaine de l’abonnement suite aux grèves ? Merci @jpflorent + +(Originally on Twitter: [Tue May 31 15:08:45 +0000 2016](https://twitter.com/adulau/status/737662105386659840)) +---- +@SNCB Merci mais le service clientèle est inaccessible en raison de la grève. Pourrais-je rouler une semaine sans un abonnement? @jpflorent + +(Originally on Twitter: [Tue May 31 15:46:13 +0000 2016](https://twitter.com/adulau/status/737671534614024192)) +---- +Don't forget that a VPN is not a measure to protect your #privacy. Even if some commercial providers try to attract you... + +(Originally on Twitter: [Tue May 31 21:12:41 +0000 2016](https://twitter.com/adulau/status/737753693232189440)) +---- +A little challenge: which point is true? +https://twitter.com/ccdcoe/status/737989371413057537 + +(Originally on Twitter: [Wed Jun 01 12:57:00 +0000 2016](https://twitter.com/adulau/status/737991336478019584)) +---- +@ccdcoe In our experience, a lax model of sharing is usually more attractive than a constraint model where sharing is under a strict policy. + +(Originally on Twitter: [Wed Jun 01 19:39:01 +0000 2016](https://twitter.com/adulau/status/738092505464459266)) +---- +How to not break LTE crypto - https://www.sstic.org/media/SSTIC2016/SSTIC-actes/how_to_not_break_lte_crypto/SSTIC2016-Article-how_to_not_break_lte_crypto-michau_devine.pdf + +(Originally on Twitter: [Thu Jun 02 14:33:21 +0000 2016](https://twitter.com/adulau/status/738377971141103616)) +---- +RT @botherder: Found this while walking. I think Morpheus is trying to tell me something... ![](media/738465725468299264-Cj999CcW0AAD7WJ.jpg) + +(Originally on Twitter: [Thu Jun 02 20:22:03 +0000 2016](https://twitter.com/adulau/status/738465725468299264)) +---- +RT @samnewman: So the most popular spell checking extension for visual studio code sends the entire document unencrypted over HTTP. https:/… + +(Originally on Twitter: [Fri Jun 03 06:21:00 +0000 2016](https://twitter.com/adulau/status/738616457064415232)) +---- +The delivery paradox - "Forwarding #phishing emails for analysis has the inverted difficulty level compared to receiving those emails." + +(Originally on Twitter: [Fri Jun 03 08:41:31 +0000 2016](https://twitter.com/adulau/status/738651815982555136)) +---- +The interview... #urbex in #belgium https://www.flickr.com/photos/adulau/27423059046/ #photography + +(Originally on Twitter: [Sat Jun 04 16:05:22 +0000 2016](https://twitter.com/adulau/status/739125905096839168)) +---- +RT @LucDockendorf: I wrote a pamphlet on #humanrights #diplomacy. @Medium says it'll take you 10 minutes to read it: https://t.co/UsxSHwHFe… + +(Originally on Twitter: [Sat Jun 04 21:56:11 +0000 2016](https://twitter.com/adulau/status/739214190385213440)) +---- +Sometime the best thing to do is "phoning home" https://www.flickr.com/photos/adulau/27208106130/ @2600 #photography + +(Originally on Twitter: [Sun Jun 05 20:33:44 +0000 2016](https://twitter.com/adulau/status/739555828508852224)) +---- +RT @pidgeyL: Make sure to update your plug-ins when you update #CVESearch! Lots of new features and bugfixes are added +@adulau @wimremes + +(Originally on Twitter: [Wed Jun 08 08:08:17 +0000 2016](https://twitter.com/adulau/status/740455392195534848)) +---- +If you want to discuss about cve-search, there is a new @gitter chat https://gitter.im/cve-search/cve-search @pidgeyL @wimremes + +(Originally on Twitter: [Wed Jun 08 08:39:39 +0000 2016](https://twitter.com/adulau/status/740463286802616320)) +---- +Someone did some brute-forcing to find collision on short PGP key id and uploaded the keys with existing collision to the key servers... + +(Originally on Twitter: [Wed Jun 08 12:21:58 +0000 2016](https://twitter.com/adulau/status/740519233659019264)) +---- +"Scallion lets you create vanity GPG keys ... using OpenCL." https://github.com/lachesis/scallion maybe the tool used to https://twitter.com/adulau/status/740519233659019264 + +(Originally on Twitter: [Wed Jun 08 12:50:33 +0000 2016](https://twitter.com/adulau/status/740526428668710912)) +---- +@blackswanburst You don't have the latest @hack_lu sticker which is an excluding factor for some executives... to be solved in 2 days. + +(Originally on Twitter: [Thu Jun 09 09:01:51 +0000 2016](https://twitter.com/adulau/status/740831260243832832)) +---- +@da_667 Open a support issue there https://github.com/MISP/MISP/issues @bartblaze + +(Originally on Twitter: [Thu Jun 09 13:43:53 +0000 2016](https://twitter.com/adulau/status/740902238307127296)) +---- +RT @PascalHenrard: "C'est quoi ce pays qui veut autoriser le Round Up et interdire la tarte au riz?" (Muriel Gerkens) #OnlyInBelgium #AFSCA + +(Originally on Twitter: [Thu Jun 09 18:05:42 +0000 2016](https://twitter.com/adulau/status/740968128419663872)) +---- +Tomorrow there will be a first #hackathon at @FIRSTdotOrg https://www.first.org/conference/2016/program#pfirst-hackathon-park-studio-room want to work on some cool security projects, join us! + +(Originally on Twitter: [Sat Jun 11 09:25:01 +0000 2016](https://twitter.com/adulau/status/741561869521936385)) +---- +RT @rafi0t: If you want to see what we will be working on today, and propose your own ideas -> https://public.etherpad-mozilla.org/p/FIRST2016 #FIRST16 #hackaton + +(Originally on Twitter: [Sun Jun 12 04:04:37 +0000 2016](https://twitter.com/adulau/status/741843622878838788)) +---- +Looks like the Google blog has been compromised... "The Trans-Pacific Partnership: A Step Forward for the Internet" +https://publicpolicy.googleblog.com/2016/06/the-trans-pacific-partnership-step.html + +(Originally on Twitter: [Sun Jun 12 09:02:49 +0000 2016](https://twitter.com/adulau/status/741918669849034752)) +---- +Some of the projects started or expanded during @FIRSTdotOrg 1st #hackathon https://github.com/kwouffe/halloffame https://github.com/FIRSTdotorg/global-irt @Kaplan_CERTat + +(Originally on Twitter: [Mon Jun 13 01:11:08 +0000 2016](https://twitter.com/adulau/status/742162352498315265)) +---- +RT @rafi0t: If you have any question regarding @MISPProject and attending #FIRST16, get in touch with us: @adulau, @Iglocska or me. + +(Originally on Twitter: [Mon Jun 13 04:24:50 +0000 2016](https://twitter.com/adulau/status/742211099206897664)) +---- +RT @MISPProject: Want to improve the state of information sharing? Join the MISP #hackathon https://www.eventbrite.com/e/misp-hackathon-tickets-25734461467 #threatintel https://t… + +(Originally on Twitter: [Tue Jun 14 02:12:10 +0000 2016](https://twitter.com/adulau/status/742540099993243650)) +---- +"If anyone wants to see a unified threat actor library instead of relying on a small homegrown one:" @USCERT_gov -> https://github.com/MISP/misp-galaxy/blob/master/elements/adversary-groups.json + +(Originally on Twitter: [Tue Jun 14 04:25:45 +0000 2016](https://twitter.com/adulau/status/742573717243367424)) +---- +RT @MarieGMoe: Our talk on #cyber #insurance is on at 3PM in Grand Ballroom 3 #FIRSTCON16 ![](media/742576080532344832-Ck4ounnW0AAkI2z.jpg) + +(Originally on Twitter: [Tue Jun 14 04:35:08 +0000 2016](https://twitter.com/adulau/status/742576080532344832)) +---- +Not convinced that a "private IP address" is by default "bad indicators". Custom malware targeting your internal infrastructure. #FIRSTCON16 + +(Originally on Twitter: [Tue Jun 14 04:42:27 +0000 2016](https://twitter.com/adulau/status/742577922322489344)) +---- +@cmatthewbrooks @rafi0t @MISPProject @Iglocska Sure just after the lighting talks around 17:30? + +(Originally on Twitter: [Tue Jun 14 06:12:49 +0000 2016](https://twitter.com/adulau/status/742600662177873920)) +---- +@cmatthewbrooks @rafi0t @MISPProject @Iglocska in front of the park ballroom after the lightning talks? + +(Originally on Twitter: [Tue Jun 14 06:33:16 +0000 2016](https://twitter.com/adulau/status/742605808756629504)) +---- +economic modelling is hard in cyber-insurance because it's not a zero-sum game as said by @blackswanburst and @MarieGMoe #FIRSTCON16 + +(Originally on Twitter: [Tue Jun 14 06:47:54 +0000 2016](https://twitter.com/adulau/status/742609491829526528)) +---- +Nice to have secure boot installed by default with a tool in user-space allowed to sign any drivers... + +(Originally on Twitter: [Wed Jun 15 05:23:46 +0000 2016](https://twitter.com/adulau/status/742950708438282240)) +---- +RT @maartenvhb: Implementing indicators and threat sharing? Attend the MISP workshop with @adulau and @rafi0t today, 10:15-2pm Park Ballroo… + +(Originally on Twitter: [Thu Jun 16 22:55:24 +0000 2016](https://twitter.com/adulau/status/743577746517917697)) +---- +RT @MISPProject: Towards a Methodology for Evaluating Threat Intelligence Feeds by @CERT_Polska_en with @certcc https://www.first.org/resources/papers/conf2016/FIRST-2016-63.pdf @pi… + +(Originally on Twitter: [Thu Jun 16 22:56:12 +0000 2016](https://twitter.com/adulau/status/743577948691664896)) +---- +"Remote by default" is a nice and efficient way to ensure great communication among a security team. #FIRSTCON16 + +(Originally on Twitter: [Fri Jun 17 00:33:28 +0000 2016](https://twitter.com/adulau/status/743602427199315968)) +---- +Where is the reality? #photography #starcraft #seoul https://www.flickr.com/photos/adulau/27697059586/ + +(Originally on Twitter: [Fri Jun 17 17:02:49 +0000 2016](https://twitter.com/adulau/status/743851403265740800)) +---- +@blackswanburst Lovely. We should have all RFCs and @OASISopen standards printed with Hello Kitty templates. @treyka + +(Originally on Twitter: [Sat Jun 18 08:37:41 +0000 2016](https://twitter.com/adulau/status/744086672384499712)) +---- +Thanks to @alexanderjaeger @Kaplan_CERTat @treyka @OASISopen (Richard Struse) @blackswanburst and many others for the fruitful discussions. + +(Originally on Twitter: [Sat Jun 18 15:44:34 +0000 2016](https://twitter.com/adulau/status/744194100044267520)) +---- +Don't forget that the #callforpapers is still open for @hack_lu 2016 https://2016.hack.lu/cfp submit your security research projects. + +(Originally on Twitter: [Sun Jun 19 00:51:03 +0000 2016](https://twitter.com/adulau/status/744331628185411584)) +---- +"Intel VT-x based hypervisor aiming to provide a thin VM-exit filtering platform on Windows." https://github.com/tandasat/HyperPlatform + +(Originally on Twitter: [Sun Jun 19 01:13:47 +0000 2016](https://twitter.com/adulau/status/744337348352081921)) +---- +RT @MISPProject: Don't forget to join the @MISPProject local and remote hackathon 2016 (4th August 2016) https://github.com/MISP/MISP/wiki/Hackathon-2016 tasks can… + +(Originally on Twitter: [Sun Jun 19 01:54:58 +0000 2016](https://twitter.com/adulau/status/744347713840386048)) +---- +The point in software vulnerability is not if a software is vulnerable or not but if a human takes care of the vulnerability on both sides. + +(Originally on Twitter: [Sun Jun 19 02:03:50 +0000 2016](https://twitter.com/adulau/status/744349943603703808)) +---- +@altquinn At least, you are at the right place to find the right seasoning and condiment. + +(Originally on Twitter: [Sun Jun 19 10:47:22 +0000 2016](https://twitter.com/adulau/status/744481694711971840)) +---- +@altquinn Indeed. Maybe the "zhu xie gao" is more appropriate for Asia. And you would need less blood compared to traditional "boudin noir". + +(Originally on Twitter: [Sun Jun 19 10:52:18 +0000 2016](https://twitter.com/adulau/status/744482938276945920)) +---- +RT @mdowd: Contracts written in JS instead of legalese.. what a time to be alive + +(Originally on Twitter: [Sun Jun 19 12:03:59 +0000 2016](https://twitter.com/adulau/status/744500977131204608)) +---- +You do a security conference and it's always difficult to have visa for security researchers. If they played or watched soccer, no visa. + +(Originally on Twitter: [Sun Jun 19 15:41:49 +0000 2016](https://twitter.com/adulau/status/744555794709024768)) +---- +A proposition for a security metric and analysis, are software prefixed with the word "smart" more vulnerable and/or targeted than others? + +(Originally on Twitter: [Sun Jun 19 16:12:35 +0000 2016](https://twitter.com/adulau/status/744563539445161985)) +---- +@daniel_bilar yep it's easier for non-eu soccer supporters to see a footbal match in eu than inviting a non-eu speakers at an infosec conf. + +(Originally on Twitter: [Sun Jun 19 16:15:19 +0000 2016](https://twitter.com/adulau/status/744564226904162304)) +---- +@daniel_bilar yep. I suppose the priorities are somewhere else. + +(Originally on Twitter: [Sun Jun 19 16:19:05 +0000 2016](https://twitter.com/adulau/status/744565173969641472)) +---- +@it4sec or you have to find some detours to talk about... + +(Originally on Twitter: [Mon Jun 20 06:46:38 +0000 2016](https://twitter.com/adulau/status/744783500826468352)) +---- +@csoghoian Looks like to be a new challenge for @thereaIbanksy... + +(Originally on Twitter: [Tue Jun 21 06:46:09 +0000 2016](https://twitter.com/adulau/status/745145767937998854)) +---- +@ErrataRob At least, you have the list describing a part of the complexity. In a proprietary software, you have an EULA hiding the list... + +(Originally on Twitter: [Tue Jun 21 06:51:16 +0000 2016](https://twitter.com/adulau/status/745147052657512451)) +---- +RT @MISPProject: A new MISP taxonomy for the FIRST Information Exchange Policy (IEP) framework https://github.com/MISP/misp-taxonomies/blob/master/iep/machinetag.json cc @FIRSTdotOrg + +(Originally on Twitter: [Tue Jun 21 13:02:07 +0000 2016](https://twitter.com/adulau/status/745240381864943616)) +---- +@rafi0t "Cyber Warfare" as we discussed... + +(Originally on Twitter: [Tue Jun 21 14:28:21 +0000 2016](https://twitter.com/adulau/status/745262083030269953)) +---- +RT @inliniac: Don't disagree, but I think it also shows how important it is to have well funded OSS tools. 2 much taken 4 granted https://t… + +(Originally on Twitter: [Tue Jun 21 16:41:45 +0000 2016](https://twitter.com/adulau/status/745295655179010048)) +---- +Interesting discussions about dynamic funding of research projects to tackle cybersecurity issues in Europe at @phishinitiative meeting + +(Originally on Twitter: [Wed Jun 22 09:42:31 +0000 2016](https://twitter.com/adulau/status/745552536682147840)) +---- +RT @astepanovich: OECD on "cybersecurity": + +#cybercybercyber #OECDdigitalMX ![](media/745641728410005504-ClkJYLqXIAA2NGe.jpg) + +(Originally on Twitter: [Wed Jun 22 15:36:56 +0000 2016](https://twitter.com/adulau/status/745641728410005504)) +---- +Everyday I'm still amazed by the information you can collect using a simple packet capture on an open wifi. + +(Originally on Twitter: [Wed Jun 22 20:41:02 +0000 2016](https://twitter.com/adulau/status/745718258737778688)) +---- +My humble dedication to @AndreasGehm https://www.flickr.com/photos/adulau/27853501345/ and especially his awesome creative use of the TB-303 #photography + +(Originally on Twitter: [Thu Jun 23 09:26:27 +0000 2016](https://twitter.com/adulau/status/745910883877019650)) +---- +You can spot the corporate policy regarding free software contributions looking at the members of an org on @GitHub https://github.com/orgs/GovernmentCommunicationsHeadquarters/people + +(Originally on Twitter: [Thu Jun 23 14:35:38 +0000 2016](https://twitter.com/adulau/status/745988693245190144)) +---- +.@Calimaq Il manque la 4ième loi de la robotique "Un robot doit aider la communauté et publier des œuvres libres". + +(Originally on Twitter: [Thu Jun 23 14:40:04 +0000 2016](https://twitter.com/adulau/status/745989807290073088)) +---- +RT @w3c: Subresource Integrity is now a @W3C Recommendation. https://www.w3.org/TR/SRI/ (What's the hash for that? #SRI) + +(Originally on Twitter: [Thu Jun 23 20:21:29 +0000 2016](https://twitter.com/adulau/status/746075729473978368)) +---- +RT @maartenvhb: The selfrando mitigation work in @torproject is really nice. Rare and focused effort mitigating a specific threat. https://… + +(Originally on Twitter: [Sat Jun 25 06:09:49 +0000 2016](https://twitter.com/adulau/status/746586173343150080)) +---- +Usually you don't need people who understand voting, you just need an army of consumers https://www.flickr.com/photos/adulau/27914225935/ #photography #belgium + +(Originally on Twitter: [Sun Jun 26 09:08:28 +0000 2016](https://twitter.com/adulau/status/746993521580720128)) +---- +@Tris_Acatrinei http://data.europa.eu/euodp/en/data ? + +(Originally on Twitter: [Sun Jun 26 12:48:18 +0000 2016](https://twitter.com/adulau/status/747048843112484864)) +---- +@Tris_Acatrinei Tu cherches quoi exactement ? Une directive EU, les données des MEP ? + +(Originally on Twitter: [Sun Jun 26 12:53:08 +0000 2016](https://twitter.com/adulau/status/747050060282728449)) +---- +@Tris_Acatrinei https://data.europa.eu/euodp/en/data/dataset/members-of-the-european-parliament et http://parltrack.euwiki.org/ + +(Originally on Twitter: [Sun Jun 26 12:57:43 +0000 2016](https://twitter.com/adulau/status/747051213854736386)) +---- +@Tris_Acatrinei http://parltrack.euwiki.org/dumps/ maintenant il faudrait préciser ce que tu cherches... + +(Originally on Twitter: [Sun Jun 26 13:03:54 +0000 2016](https://twitter.com/adulau/status/747052769333420032)) +---- +RT @6vis_pacem: Just attended a presentation of @MISPProject platform by @adulau @ @ABBLbanking. Interesting tool for #InformationSharing.… + +(Originally on Twitter: [Mon Jun 27 15:26:39 +0000 2016](https://twitter.com/adulau/status/747451080582303744)) +---- +You have 2 options: either being in a group discussing or a group coding & tasking https://www.amazon.com/Cyber-Conflict-After-Stuxnet-Rubicon/dp/0989327442 this book is for the first group. + +(Originally on Twitter: [Mon Jun 27 19:06:25 +0000 2016](https://twitter.com/adulau/status/747506389602402304)) +---- +@thegrugq The reality is maybe more difficult to hear. Can sheer-luck be considered as a capability for an AV vendor? @k_sec + +(Originally on Twitter: [Mon Jun 27 19:37:40 +0000 2016](https://twitter.com/adulau/status/747514252496347136)) +---- +Interesting tool from @ANSSI_FR to extract BMC (RDP cached bitmap) https://github.com/ANSSI-FR/bmc-tools a nice complementary source for #DFIR + +(Originally on Twitter: [Tue Jun 28 19:53:07 +0000 2016](https://twitter.com/adulau/status/747880529165434882)) +---- +@PayloadSecurity Very nice. Would you be interested to create a new parsable taxonomy and/ore reuse some from https://github.com/MISP/misp-taxonomies + +(Originally on Twitter: [Wed Jun 29 07:10:24 +0000 2016](https://twitter.com/adulau/status/748050971238998017)) +---- +@JacobTorrey An outline is fine too. The more the reviewers have, it's easier for them to review the proposal. See you soon. @hack_lu + +(Originally on Twitter: [Wed Jun 29 19:38:58 +0000 2016](https://twitter.com/adulau/status/748239352921227264)) +---- +@angealbertini Very nice. The reviewers can already deduce a lot from this outline ;-) @JacobTorrey + +(Originally on Twitter: [Thu Jun 30 04:34:18 +0000 2016](https://twitter.com/adulau/status/748374074045440008)) +---- +@angealbertini If you do the stunts, I'm pretty sure you could get an invited speaker slot at @hack_lu 2016 ;-) + +(Originally on Twitter: [Thu Jun 30 07:24:30 +0000 2016](https://twitter.com/adulau/status/748416906386870272)) +---- +About information sharing and #brexit - let me be clear "People sharing will continue and the others will use it as an excuse to not share" + +(Originally on Twitter: [Thu Jun 30 08:35:53 +0000 2016](https://twitter.com/adulau/status/748434873652776960)) +---- +Exceptions are really overrated these days. + +(Originally on Twitter: [Thu Jun 30 17:28:56 +0000 2016](https://twitter.com/adulau/status/748569019091980290)) +---- +Beside ICD 203 https://fas.org/irp/dni/icd/icd-203.pdf, do you know any other public standard to express level of uncertainty of an analysis or likelihood? + +(Originally on Twitter: [Fri Jul 01 13:19:02 +0000 2016](https://twitter.com/adulau/status/748868515361423360)) +---- +@jnazario Good point. We support IPv6 in @MISPProject and we have some IPv6 addresses but these are really outliers compared to IPv4. + +(Originally on Twitter: [Fri Jul 01 15:46:36 +0000 2016](https://twitter.com/adulau/status/748905652739837952)) +---- +@bortzmeyer la b12 est synthetisee par des bacteries. L'intestin peut contenir ces bacteries meme chez un vegetarien. + +(Originally on Twitter: [Fri Jul 01 17:23:16 +0000 2016](https://twitter.com/adulau/status/748929979015163904)) +---- +@PowerDNS_Bert The B-12 are only synthesized by bacteria. I don't see where the bullshit is... @bortzmeyer + +(Originally on Twitter: [Fri Jul 01 20:18:10 +0000 2016](https://twitter.com/adulau/status/748973996964732928)) +---- +@PowerDNS_Bert My factual point was only: B-12 is only synthesized by bacteria. The rest was just a joke ;-) @bortzmeyer + +(Originally on Twitter: [Fri Jul 01 20:24:45 +0000 2016](https://twitter.com/adulau/status/748975651668000768)) +---- +RT @vnik5287: VMware told me this bug wasn't exploitable and now they're "requesting" me not to release the exploit! ![](media/748976866585931777-ClsFlJWUgAAb0BL.jpg) + +(Originally on Twitter: [Fri Jul 01 20:29:34 +0000 2016](https://twitter.com/adulau/status/748976866585931777)) +---- +@martinvol In French, it means "I exist". I suppose the artist's idea is to show his revolt by showing his act to add stickers. @Flickr + +(Originally on Twitter: [Fri Jul 01 20:36:16 +0000 2016](https://twitter.com/adulau/status/748978551223881728)) +---- +@nice2kn0w Thank you. It's very interesting but not sure how I can translate the complexity of the matrix into a MISP taxonomy. I'll check. + +(Originally on Twitter: [Sat Jul 02 05:09:10 +0000 2016](https://twitter.com/adulau/status/749107627481718788)) +---- +@martinvol Maybe it's an art performance following the initial VLP project where "j'existe" was stated by a graffiti http://lesmursmurs.chez.com/vlp.html + +(Originally on Twitter: [Sat Jul 02 05:18:50 +0000 2016](https://twitter.com/adulau/status/749110060257718272)) +---- +RT @StratosphereIPS: New Vawtrak malware capture! 12GB of pcap during 4 months! SPAM, Web, > 20 binaries & Normal traffic! See it here http… + +(Originally on Twitter: [Sat Jul 02 10:11:06 +0000 2016](https://twitter.com/adulau/status/749183612331945984)) +---- +@nice2kn0w Indeed. Admiralty scale is already there https://github.com/MISP/misp-taxonomies/tree/master/admiralty-scale https://github.com/MISP/misp-taxonomies if you see other to add let me know. thx + +(Originally on Twitter: [Sat Jul 02 15:08:42 +0000 2016](https://twitter.com/adulau/status/749258504985309184)) +---- +Eager to know the inner working of Suricata and extend it, there is a 5-day training in Paris https://www.eventbrite.com/e/5-day-suricata-developer-training-in-paris-open-to-the-public-tickets-21116214165 @Suricata_IDS + +(Originally on Twitter: [Sat Jul 02 15:15:07 +0000 2016](https://twitter.com/adulau/status/749260118030778368)) +---- +I remember Michel Rocard who helped and supported us to avoid a dangerous software patent directive some years ago. Thank you. + +(Originally on Twitter: [Sat Jul 02 18:29:23 +0000 2016](https://twitter.com/adulau/status/749309006800384000)) +---- +RT @dchest: Let’s just quit the Web ![](media/749341866206892032-CmYv2mAXYAEZqOE.jpg) + +(Originally on Twitter: [Sat Jul 02 20:39:57 +0000 2016](https://twitter.com/adulau/status/749341866206892032)) +---- +RT @_arkon: Introducing diStormX! +https://github.com/gdabah/distormx +Code reviews are most welcome :) +#hooking #lib #opensource #distorm3 #bsd +Yalla b… + +(Originally on Twitter: [Sun Jul 03 06:12:41 +0000 2016](https://twitter.com/adulau/status/749485999957413888)) +---- +RT @OASISopen: Hear @adulau on ‘Best practices in information sharing’ – learn more at http://borderlesscyber.oasis-open.org/eu16 #threatintel + +(Originally on Twitter: [Sun Jul 03 09:37:54 +0000 2016](https://twitter.com/adulau/status/749537642853851136)) +---- +The noise is from downstairs... https://www.flickr.com/photos/adulau/27807842780/ #urbex #Belgium + +(Originally on Twitter: [Mon Jul 04 20:05:23 +0000 2016](https://twitter.com/adulau/status/750057941320003585)) +---- +Even when I don't take the train, I take pictures of trains. https://www.flickr.com/photos/adulau/28008116302/ @SNCB @Flickr #photography #Belgium + +(Originally on Twitter: [Tue Jul 05 19:25:02 +0000 2016](https://twitter.com/adulau/status/750410175098552320)) +---- +@ErrataRob Which is the reality with many classified networks... using non-classified networks to get work done or share/exfil those docs. + +(Originally on Twitter: [Tue Jul 05 20:12:05 +0000 2016](https://twitter.com/adulau/status/750422015706796033)) +---- +RT @internetofshit: TP-LINK lost control of two domains used to configure its devices https://www.helpnetsecurity.com/2016/07/05/tp-link-config-domains/ via @hardillb https://t.co/Tf… + +(Originally on Twitter: [Tue Jul 05 20:21:58 +0000 2016](https://twitter.com/adulau/status/750424503596019713)) +---- +RT @StratosphereIPS: @tomchop_ @rafi0t @adulau We are going to Luxembourg to give a Workshop:IDS and Net analsyis. CFP is open for talks! h… + +(Originally on Twitter: [Fri Jul 08 05:43:04 +0000 2016](https://twitter.com/adulau/status/751290484384010241)) +---- +@2xyo Looks good. (tested with "cat misp-taxonomies-ETSI-GS-ISI.json | jq .") Maybe adding a description field might help. Thank you. + +(Originally on Twitter: [Sat Jul 09 18:16:51 +0000 2016](https://twitter.com/adulau/status/751842566602194944)) +---- +Funny to see many media using my old picture of a robot targeting an IED https://www.flickr.com/photos/adulau/1331582337/ and they discovered potential other usages. + +(Originally on Twitter: [Sat Jul 09 19:46:02 +0000 2016](https://twitter.com/adulau/status/751865013669863424)) +---- +My recent publication of a photographic series about the "road movie" topic http://www.foo.be/akdt/2016/a-trip-before-today_lowres.pdf #photography + +(Originally on Twitter: [Sun Jul 10 15:08:21 +0000 2016](https://twitter.com/adulau/status/752157518680424449)) +---- +RT @circl_lu: Use-after-free vulnerability in LibreOffice allows remote attackers to execute arbitrary code via a crafted RTF file https://… + +(Originally on Twitter: [Sun Jul 10 18:13:58 +0000 2016](https://twitter.com/adulau/status/752204232187637760)) +---- +You investigate a docker container, discover a bunch libraries and then you see a library there that does the same without the dependencies. + +(Originally on Twitter: [Sun Jul 10 20:50:02 +0000 2016](https://twitter.com/adulau/status/752243506945589248)) +---- +. @MISPProject hackathon (4/08), if you have any crazy ideas or enhancement feel free to join the fun https://twitter.com/MISPProject/status/752416220712951808 #threatintel + +(Originally on Twitter: [Mon Jul 11 08:23:56 +0000 2016](https://twitter.com/adulau/status/752418131335843840)) +---- +An increase of vulnerabilities in a software are often just due to someone looking at its security. So this is only an interest metric. + +(Originally on Twitter: [Mon Jul 11 18:01:19 +0000 2016](https://twitter.com/adulau/status/752563436282847232)) +---- +@find_evil Any details of what they need to log? Full packet capture up to a year, storage could be challenging... + +(Originally on Twitter: [Tue Jul 12 07:34:17 +0000 2016](https://twitter.com/adulau/status/752768025527455744)) +---- +@LOVocabularies in the @MISPProject taxonomies, there are a many security related machine tags https://github.com/MISP/misp-taxonomies how to add it to LOV? + +(Originally on Twitter: [Tue Jul 12 07:46:22 +0000 2016](https://twitter.com/adulau/status/752771064585912320)) +---- +Someone asked us how to generate a PGP key when they have 3 endorsement for cryptography in @LinkedIn. Where is the best metric? + +(Originally on Twitter: [Tue Jul 12 10:53:29 +0000 2016](https://twitter.com/adulau/status/752818156058583041)) +---- +RT @martijn_grooten: @adulau Depending on how random the endorsements are, they may or may not provide you with enough entropy to generate… + +(Originally on Twitter: [Tue Jul 12 13:37:52 +0000 2016](https://twitter.com/adulau/status/752859522344058880)) +---- +This is what happens when you arrive too late for an urban exploration. https://www.flickr.com/photos/adulau/28186356561/ #urbex #photography + +(Originally on Twitter: [Tue Jul 12 16:22:32 +0000 2016](https://twitter.com/adulau/status/752900961090342917)) +---- +@GunstickULM I'll do if you improve my Tai Shi metric ;-) + +(Originally on Twitter: [Wed Jul 13 04:18:57 +0000 2016](https://twitter.com/adulau/status/753081255189684224)) +---- +RT @achillean: New version of the Shodan Python library which includes the speed improvement by @beda_kosata - to upgrade run: easy_install… + +(Originally on Twitter: [Sun Jul 17 20:34:50 +0000 2016](https://twitter.com/adulau/status/754776396136910848)) +---- +Stuck in a shining-like hotel in Iceland and found this. At least it's the 2nd edition. #Iceland is so funky. ![](media/755144525463650304-CnrP0q5WcAA6COk.jpg) + +(Originally on Twitter: [Mon Jul 18 20:57:39 +0000 2016](https://twitter.com/adulau/status/755144525463650304)) +---- +@RaNma__ I'm sure we can find some space for old books on a shelf in a haunted hotel in Iceland. 📚 + +(Originally on Twitter: [Mon Jul 18 23:00:25 +0000 2016](https://twitter.com/adulau/status/755175421499564032)) +---- +RT @ANSSI_FR: ANSSI joins @OISFoundation & @Suricata_IDS to drive the next generation of open source #IDS / #IPS engines. +https://t.co/iq5J… + +(Originally on Twitter: [Tue Jul 19 08:09:43 +0000 2016](https://twitter.com/adulau/status/755313656041177088)) +---- +RT @shrekts: That will get interesting! https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080 + +(Originally on Twitter: [Tue Jul 19 22:28:49 +0000 2016](https://twitter.com/adulau/status/755529855169622017)) +---- +RT @binitamshah: LTE security, protocol exploits and location tracking experimentation with low-cost software radio : https://t.co/bdTaOmek… + +(Originally on Twitter: [Thu Jul 21 06:31:16 +0000 2016](https://twitter.com/adulau/status/756013654915555328)) +---- +@dascritch Merci alors une petite musique bien EU et bien belge... https://m.youtube.com/watch?v=PHqojdPQOjI + +(Originally on Twitter: [Thu Jul 21 18:24:06 +0000 2016](https://twitter.com/adulau/status/756193048640512001)) +---- +RT @MISPProject: Open Threat Taxonomy v1.1 added in MISP https://github.com/MISP/misp-taxonomies/tree/master/open-threat thanks to the contributors. + +(Originally on Twitter: [Thu Jul 21 21:42:18 +0000 2016](https://twitter.com/adulau/status/756242924724158464)) +---- +#iceland is so great for doing a photographic road film - posted some pictures https://www.flickr.com/photos/adulau/28426287446/ on my @Flickr #photography stream + +(Originally on Twitter: [Thu Jul 21 21:45:52 +0000 2016](https://twitter.com/adulau/status/756243822192058368)) +---- +After XML-RPC, SOAP, SOA and now Microservice... they might discover static and cacheable content but this could take 10 years more. + +(Originally on Twitter: [Thu Jul 21 21:55:14 +0000 2016](https://twitter.com/adulau/status/756246180586192896)) +---- +RT @hacks4pancakes: By the way, I'll restate my yearly, "If you are in a forensics college program, and you're studying steganography and n… + +(Originally on Twitter: [Thu Jul 21 22:02:31 +0000 2016](https://twitter.com/adulau/status/756248012553326592)) +---- +@forenslut bmc-tools est une super idée (merci yam-anssi). Il peut avoir bcp de "chunks", un algo d'assemblage probabiliste serait cool... + +(Originally on Twitter: [Fri Jul 22 08:40:24 +0000 2016](https://twitter.com/adulau/status/756408544207990785)) +---- +@gatemezing It's not #JSON-LD but a simpler JSON representation of machine tags. I'll try to do an exporter. @MISPProject @LOVocabularies + +(Originally on Twitter: [Fri Jul 22 09:22:21 +0000 2016](https://twitter.com/adulau/status/756419097454313472)) +---- +@gatemezing Indeed, I just checked the JSON-LD specs and it's a huge beast compared to simple machine tags. @MISPProject @LOVocabularies + +(Originally on Twitter: [Fri Jul 22 09:28:22 +0000 2016](https://twitter.com/adulau/status/756420613464592385)) +---- +RT @Enno_Insinuator: Fingerprinting Mobile Devices Using Personalized Configurations +https://www1.cs.fau.de/filepool/projects/unique/unique.pdf [PDF] +by @aykay et.al. https:/… + +(Originally on Twitter: [Fri Jul 22 09:37:04 +0000 2016](https://twitter.com/adulau/status/756422800945057793)) +---- +RT @MISPProject: Want to improve or extend @MISPProject the open source #threatintel sharing platform? join our #hackathon https://t.co/rJI… + +(Originally on Twitter: [Fri Jul 22 12:22:13 +0000 2016](https://twitter.com/adulau/status/756464363792396288)) +---- +RT @MISPProject: MISP 2.4.49 released with many fixes, improvements and features. http://www.misp-project.org/Changelog.txt thanks to all contributors. https… + +(Originally on Twitter: [Fri Jul 22 15:44:56 +0000 2016](https://twitter.com/adulau/status/756515380424765440)) +---- +@brabram Alors je dois changer mes sélections Futura, Helvetica Neue ou Neutraface en cas de doutes suivant ta recommandation ;-) + +(Originally on Twitter: [Sat Jul 23 12:52:00 +0000 2016](https://twitter.com/adulau/status/756834247097409536)) +---- +Very nifty tool from @jedisct1 https://github.com/jedisct1/piknik "piknik copy/paste anything over the network" also useful for quick exfiltration need + +(Originally on Twitter: [Sat Jul 23 12:58:39 +0000 2016](https://twitter.com/adulau/status/756835919336968192)) +---- +@brabram Ouf c'est tellement beau ;-) Il faudrait que j’arrête de lire @EdwardTufte + +(Originally on Twitter: [Sat Jul 23 14:12:15 +0000 2016](https://twitter.com/adulau/status/756854443354841088)) +---- +@_c_o_n_t_a_c_t_ @NoSuchCon Maybe you should come to @hack_lu this year. + +(Originally on Twitter: [Sat Jul 23 14:58:57 +0000 2016](https://twitter.com/adulau/status/756866197128372224)) +---- +I dream of a #CTF solely based on solving open issues and providing PR on @github instead of solving designed challenges. + +(Originally on Twitter: [Sun Jul 24 08:12:01 +0000 2016](https://twitter.com/adulau/status/757126173868589056)) +---- +@AlanScherf FYI, I took the picture of the robot many years ago at a demonstration to deactivate an IED. @FutureTenseNow + +(Originally on Twitter: [Sun Jul 24 09:38:47 +0000 2016](https://twitter.com/adulau/status/757148011617259520)) +---- +@scanlime @angealbertini Indeed, I'll try to make some proposals on a page on how to do it. + +(Originally on Twitter: [Sun Jul 24 20:19:22 +0000 2016](https://twitter.com/adulau/status/757309219972448258)) +---- +@arnaudsoullie @github @hack_lu Good idea. We will check the possibilities. + +(Originally on Twitter: [Sun Jul 24 20:25:34 +0000 2016](https://twitter.com/adulau/status/757310777783119874)) +---- +"The world's easiest TRNG to get right" https://github.com/waywardgeek/infnoise Interesting simple design but the notes are even more interesting. + +(Originally on Twitter: [Sun Jul 24 20:34:53 +0000 2016](https://twitter.com/adulau/status/757313122545856513)) +---- +Don't waste your time cloning cards or doing SMS interception, go to the mobile operator shop, ask for a new sim card and that's it. + +(Originally on Twitter: [Tue Jul 26 08:30:11 +0000 2016](https://twitter.com/adulau/status/757855520589963265)) +---- +RT @MISPProject: Want to automatically integrate MISP taxonomies in your software? A new Python library PyTaxonomies https://t.co/qhqKe7mg… + +(Originally on Twitter: [Tue Jul 26 12:05:04 +0000 2016](https://twitter.com/adulau/status/757909598158356480)) +---- +RT @martijn_grooten: I wrote a new blog: It's 2016. Can we stop using MD5 in malware analyses? https://www.virusbulletin.com/blog/2016/07/its-2016-can-we-stop-using-md5-malware-analyses/ + +(Originally on Twitter: [Tue Jul 26 17:40:47 +0000 2016](https://twitter.com/adulau/status/757994086808821760)) +---- +RT @hasherezade: Hiding Data from Forensic Imagers - Using the Service Area of a Hard Disk Drive https://articles.forensicfocus.com/2016/07/22/hiding-data-from-forensic-imagers-using-the-service-area-of-a-hard-disk-drive/ via @forensicfocus + +(Originally on Twitter: [Tue Jul 26 17:57:58 +0000 2016](https://twitter.com/adulau/status/757998411878719488)) +---- +@blackswanburst If you reach the dilemma level of August Landmesser, you obviously need some support from us... + +(Originally on Twitter: [Wed Jul 27 11:40:21 +0000 2016](https://twitter.com/adulau/status/758265767989313536)) +---- +RT @tqbf: Pay high bug bounties: Internet drama about underbidding the black market. Pay low ones: same drama. + +(Originally on Twitter: [Wed Jul 27 16:46:47 +0000 2016](https://twitter.com/adulau/status/758342883023982596)) +---- +@martin_u Pour info, Tor est dérivé d'un acronyme mais n'est plus un acronyme en tant que tel. + +(Originally on Twitter: [Thu Jul 28 10:07:35 +0000 2016](https://twitter.com/adulau/status/758604809847136257)) +---- +@electrospaces also fan of nice b&w fine art photographers (lower right corner is interesting), bronze sculpture and coffee. + +(Originally on Twitter: [Sat Jul 30 16:39:49 +0000 2016](https://twitter.com/adulau/status/759428294420946944)) +---- +@piotrkijewski Very nice. Some very valuable info to be added into the @MISPProject galaxy. @a_de_pasquale + +(Originally on Twitter: [Mon Aug 01 13:16:07 +0000 2016](https://twitter.com/adulau/status/760101808689774592)) +---- +RT @virusbtn: VB author/speaker @pinkflawd is organising another reverse engineering workshop for women in November http://0x1338.blogspot.com/2016/07/blackhoodie-2-we-roll-again.html + +(Originally on Twitter: [Tue Aug 02 07:39:09 +0000 2016](https://twitter.com/adulau/status/760379393197895680)) +---- +@blackswanburst Very nice for you and even more for the community at large. + +(Originally on Twitter: [Tue Aug 02 14:02:27 +0000 2016](https://twitter.com/adulau/status/760475856141688832)) +---- +RT @thorsheim: Why Argon2 and not scrypt? +#passwords16 ![](media/760553763874758657-Co4HaO2VUAA-b9h.jpg) + +(Originally on Twitter: [Tue Aug 02 19:12:02 +0000 2016](https://twitter.com/adulau/status/760553763874758657)) +---- +@Baybe_Doll @revrance @ihackcharities @defcon @rancesdad1 Very nice idea. We have a huge series of @hack_lu shirts from past 12 years... + +(Originally on Twitter: [Tue Aug 02 20:00:35 +0000 2016](https://twitter.com/adulau/status/760565984465973252)) +---- +@InfoSecMatters @MISPProject I think we will release both. @rafi0t @Iglocska + +(Originally on Twitter: [Wed Aug 03 04:33:53 +0000 2016](https://twitter.com/adulau/status/760695159126392834)) +---- +@S_Team_Approved Je n'avais plus de tshirts propres donc j'ai utilisé mon stock de chemises... + +(Originally on Twitter: [Wed Aug 03 17:47:51 +0000 2016](https://twitter.com/adulau/status/760894966902251520)) +---- +RT @halvarflake: On the vendor floor at Blackhat. If I did not know better I would think someone has hired 1000 ppl to troll me. + +(Originally on Twitter: [Thu Aug 04 05:05:32 +0000 2016](https://twitter.com/adulau/status/761065511815786496)) +---- +So mobile operators offer "free" access to play game like #PokemonGO but access to universal knowledge like @wikipedia is billed... + +(Originally on Twitter: [Thu Aug 04 14:08:14 +0000 2016](https://twitter.com/adulau/status/761202085501161472)) +---- +@quinnnorton At least two mobile operators in Belgium http://www.bemobile.be/2016/08/03/proximus-offre-a-son-tour-lacces-a-pokemon-go/ (sorry it's not Shakespeare) + +(Originally on Twitter: [Thu Aug 04 14:12:39 +0000 2016](https://twitter.com/adulau/status/761203197763543040)) +---- +RT @MISPProject: We are glad to see security vendors of proprietary threat intel platforms using MISP as a keyword for advertising. Very f… + +(Originally on Twitter: [Fri Aug 05 12:25:00 +0000 2016](https://twitter.com/adulau/status/761538493206126592)) +---- +RT @piotrkijewski: A study describing an approach to deep packet inspection directly on encrypted network traffic https://eprint.iacr.org/2015/264.pdf + +(Originally on Twitter: [Sat Aug 06 15:12:22 +0000 2016](https://twitter.com/adulau/status/761942999853072384)) +---- +Fingerprinting is everywhere even in #Reykjavik https://www.flickr.com/photos/adulau/28193871513/ #photography #streetart + +(Originally on Twitter: [Sat Aug 06 20:01:23 +0000 2016](https://twitter.com/adulau/status/762015735694647296)) +---- +Qui sont les terroristes ? http://flickr.com/photos/adulau/28236741874 at @esperanzah #photography ou la perspective du bloc de béton en #Bel + +(Originally on Twitter: [Mon Aug 08 19:31:48 +0000 2016](https://twitter.com/adulau/status/762733066460725249)) +---- +@cbrocas https://www.foo.be/photoblog/posts/photography-is-not-only-a-matter-of-cameras.html cheers ;-) + +(Originally on Twitter: [Mon Aug 08 20:15:47 +0000 2016](https://twitter.com/adulau/status/762744136780881920)) +---- +@cbrocas Indeed, this basically changes my way to do photography. + +(Originally on Twitter: [Mon Aug 08 20:27:30 +0000 2016](https://twitter.com/adulau/status/762747083182993409)) +---- +@cbrocas Never tested the X-E1. I tested other Fujifilm models and I found the menu and the ergonomic a bit too complex for my practices... + +(Originally on Twitter: [Mon Aug 08 20:35:22 +0000 2016](https://twitter.com/adulau/status/762749062223364097)) +---- +misp-workbench uses the MISP galaxy to find the actors using a full-text matching. https://github.com/MISP/misp-galaxy +https://twitter.com/MISPProject/status/763289004351643649 + +(Originally on Twitter: [Wed Aug 10 08:34:25 +0000 2016](https://twitter.com/adulau/status/763292404044668928)) +---- +Direct Memory Access (DMA) Attack Software using USB3380 chip +https://github.com/ufrisk/pcileech + +(Originally on Twitter: [Wed Aug 10 12:42:33 +0000 2016](https://twitter.com/adulau/status/763354849480146944)) +---- +For the curious and the historians, I reimported the old darcs repo of mosvm / mosquito in git https://github.com/adulau/mosvm @craiu @emgent + +(Originally on Twitter: [Wed Aug 10 14:02:14 +0000 2016](https://twitter.com/adulau/status/763374903307493376)) +---- +@ldelavaissiere The Intranet is always the Internet of someone else. @georgesoros + +(Originally on Twitter: [Mon Aug 15 08:06:57 +0000 2016](https://twitter.com/adulau/status/765097434703888384)) +---- +#FirstSevenLanguages +Sinclair & GFA BASIC +MC 68K assembly +Modula-2 +C +KSH +AWK +Perl + +(Originally on Twitter: [Mon Aug 15 14:12:43 +0000 2016](https://twitter.com/adulau/status/765189481100091392)) +---- +Who did forget to commit the implant certificate validation? + +(Originally on Twitter: [Mon Aug 15 17:57:46 +0000 2016](https://twitter.com/adulau/status/765246117089017856)) +---- +Here is what happens when you have too much back-doors https://www.flickr.com/photos/adulau/28721866200/ #photography @Flickr + +(Originally on Twitter: [Mon Aug 15 20:27:05 +0000 2016](https://twitter.com/adulau/status/765283695313952769)) +---- +On the reception and detection of pseudo-profound bullshit +http://journal.sjdm.org/15/15923a/jdm15923a.pdf + +(Originally on Twitter: [Tue Aug 16 13:09:24 +0000 2016](https://twitter.com/adulau/status/765535936025362432)) +---- +RT @circl_lu: https://news.ycombinator.com/item?id=12298230 evil32 researcher founds old (local) backup of the private keys and used it to generate revocation ce… + +(Originally on Twitter: [Tue Aug 16 18:29:07 +0000 2016](https://twitter.com/adulau/status/765616392423018496)) +---- +@github Can you explain the logic behind the disabling of this mirror repository https://github.com/adulau/Library-Genesis ? + +(Originally on Twitter: [Tue Aug 16 18:50:58 +0000 2016](https://twitter.com/adulau/status/765621892912939008)) +---- +@GitHubHelp I already did via support. Message-ID: +CAD6CYKPWF6xGCazkYNXTcmJJsTXzG8zXOrODnPNi7fJGa=jU1g@mail.gmail.com Thank you. + +(Originally on Twitter: [Wed Aug 17 18:36:42 +0000 2016](https://twitter.com/adulau/status/765980688529125376)) +---- +RT @musalbas: Here's a quick writeup. BENIGNCERTAIN: remote exploit to extract Cisco VPN private keys. Will update as info comes. https://t… + +(Originally on Twitter: [Thu Aug 18 19:58:12 +0000 2016](https://twitter.com/adulau/status/766363589498302464)) +---- +When you have multiple times security indicators from different sources, this is a significant security metric and not something useless. + +(Originally on Twitter: [Thu Aug 18 20:28:20 +0000 2016](https://twitter.com/adulau/status/766371170182631424)) +---- +@quinnnorton I suck at everything. But that's again a good baseline metric. + +(Originally on Twitter: [Thu Aug 18 20:42:38 +0000 2016](https://twitter.com/adulau/status/766374769663078400)) +---- +RT @williballenthin: IDAPython script to generate a YARA script to match the current function. byte sigs for each basic block. relocs ok. h… + +(Originally on Twitter: [Thu Aug 18 20:45:41 +0000 2016](https://twitter.com/adulau/status/766375538118254593)) +---- +@quinnnorton Tonight it's the metric night http://geer.tinho.net/fgm/fgm.geer.1203.pdf - http://geer.tinho.net/fgm/ and security metrics are just too harsh for us. + +(Originally on Twitter: [Thu Aug 18 20:51:48 +0000 2016](https://twitter.com/adulau/status/766377079319457792)) +---- +"Entropy Loss and Output Predictability in the Libgcrypt PRNG" +http://formal.iti.kit.edu/~klebanov/pubs/libgcrypt-cve-2016-6313.pdf Read carefully the last sentence in the conclusion. + +(Originally on Twitter: [Thu Aug 18 21:31:46 +0000 2016](https://twitter.com/adulau/status/766387133410050048)) +---- +RT @MalwareJake: Cisco should be mad at NSA for holding vulns for years in it's products. EXTRABACON hurts Cisco's market position. +https:/… + +(Originally on Twitter: [Fri Aug 19 14:54:46 +0000 2016](https://twitter.com/adulau/status/766649616397901824)) +---- +RT @MISPProject: US DoD wants to "Exploit the Power of Trusted Information Sharing" - supporting open source projects in the field? https:/… + +(Originally on Twitter: [Sat Aug 20 08:30:29 +0000 2016](https://twitter.com/adulau/status/766915293813673984)) +---- +Would be nice if @SNCB could basically coordinate the temporary bus schedule when you come from Luxembourg... + +(Originally on Twitter: [Mon Aug 22 16:11:22 +0000 2016](https://twitter.com/adulau/status/767756055283654657)) +---- +@Aristot73 L'objectif législatif EU de la France est donc d'ajouter des fonctionnalités d'interception sur du chiffrement "end-to-end" ? + +(Originally on Twitter: [Tue Aug 23 08:59:25 +0000 2016](https://twitter.com/adulau/status/768009741448704001)) +---- +@ClausHoumann The request is more subtle. It's more into the ability to perform LI on request. Weakening end-to-end crypto? @Aristot73 + +(Originally on Twitter: [Tue Aug 23 12:38:50 +0000 2016](https://twitter.com/adulau/status/768064959183986688)) +---- +@ClausHoumann Indeed, you cannot have LI on requests and end-to-end crypto. It's mutually exclusive. @Aristot73 + +(Originally on Twitter: [Tue Aug 23 12:54:07 +0000 2016](https://twitter.com/adulau/status/768068805092401152)) +---- +RT @circl_lu: major updates in the Analysis of Information Leaks AIL framework including sentiment analysis, terms tracking & more https://… + +(Originally on Twitter: [Tue Aug 23 16:19:27 +0000 2016](https://twitter.com/adulau/status/768120478733066240)) +---- +Just saw the work of @EamonnD1 at @rencontresarles stunning photographies in an incredible soundscape & scenography. #photography + +(Originally on Twitter: [Sat Aug 27 14:01:12 +0000 2016](https://twitter.com/adulau/status/769535239362342913)) +---- +I love those linguistic analysis where a single word can define your affiliation with the British army or the Monty Python. #antiforensic + +(Originally on Twitter: [Sat Aug 27 14:21:09 +0000 2016](https://twitter.com/adulau/status/769540258128130050)) +---- +RT @botherder: For those that asked me, @citizenlab can't share the NSO/Pegasus samples, until the investigations are completed. + +(Originally on Twitter: [Sat Aug 27 14:38:30 +0000 2016](https://twitter.com/adulau/status/769544624088154112)) +---- +RT @d_olex: I made another small backdoor/infector for UEFI compatible firmwares, this time for PEI phase https://github.com/Cr4sh/PeiBackdoor + +(Originally on Twitter: [Sun Aug 28 05:56:58 +0000 2016](https://twitter.com/adulau/status/769775762320809985)) +---- +RT @ThreatMiner: FYI: the SSL cert showing overlap b/w the DNC breach and Sofacy (APT28) #threatintel #dfir #infosec thanks:@circl_lu https… + +(Originally on Twitter: [Sun Aug 28 20:33:34 +0000 2016](https://twitter.com/adulau/status/769996367532097536)) +---- +RT @circl_lu: Want to see the new functionalities in AIL framework - Analysis Information Leak framework https://www.youtube.com/watch?v=1_ZrZkRKmNo check the… + +(Originally on Twitter: [Mon Aug 29 08:53:49 +0000 2016](https://twitter.com/adulau/status/770182655627460608)) +---- +@grischard @pietercolpaert @andrewsu @OpenDataLU @dancohen CC BY legally implies much more. Including copyleft license Incompatibilities. + +(Originally on Twitter: [Tue Aug 30 16:37:08 +0000 2016](https://twitter.com/adulau/status/770661641197355012)) +---- +RT @pietercolpaert: "#OpenData should mean CC0" by @andrewsu → CC0 is indeed the only license that makes sense for the data itself https://… + +(Originally on Twitter: [Tue Aug 30 16:37:26 +0000 2016](https://twitter.com/adulau/status/770661717131091970)) +---- +RT @FIRSTdotOrg: FIRST announces Traffic Light Protocol (TLP) version 1.0. http://ow.ly/VUOG303L9nI + +(Originally on Twitter: [Thu Sep 01 05:14:19 +0000 2016](https://twitter.com/adulau/status/771214581230219264)) +---- +@FIRSTdotOrg Thank you for your work. TLP in @MISPProject taxonomies have been updated. https://github.com/MISP/misp-taxonomies + +(Originally on Twitter: [Thu Sep 01 05:18:24 +0000 2016](https://twitter.com/adulau/status/771215608738254848)) +---- +Making security information sharing fun might become a reality with the gamification project for @MISPProject @Iglocska + +(Originally on Twitter: [Thu Sep 01 05:36:59 +0000 2016](https://twitter.com/adulau/status/771220284665802753)) +---- +@Aristot73 @MISPProject @Iglocska I would love to see the attribution dices where players vote for the most probable attribution ;-) + +(Originally on Twitter: [Thu Sep 01 06:12:57 +0000 2016](https://twitter.com/adulau/status/771229335709548544)) +---- +RT @benkow_: MMD-0056-2016 - Linux/Mirai, how an old ELF malcode is recycled.. http://blog.malwaremustdie.org/2016/08/mmd-0056-2016-linuxmirai-just.html?m=1 + +(Originally on Twitter: [Thu Sep 01 06:28:49 +0000 2016](https://twitter.com/adulau/status/771233330280804352)) +---- +@6vis_pacem @MISPProject @Iglocska Sure. The idea is to extend social, collaboration and fun in MISP. Feel free to share ideas. + +(Originally on Twitter: [Thu Sep 01 08:01:39 +0000 2016](https://twitter.com/adulau/status/771256691690057729)) +---- +RT @vloquet: Don't forget to take your Pass for @hardwear_io +Hardware Security Conference. Sept. 22-23 The Hague, Netherlands https://t.co… + +(Originally on Twitter: [Fri Sep 02 04:35:08 +0000 2016](https://twitter.com/adulau/status/771567109461508097)) +---- +RT @halvarflake: I wrote up some thoughts about management in larger organisations and the interplay between process and flexibility. https… + +(Originally on Twitter: [Sat Sep 03 16:45:32 +0000 2016](https://twitter.com/adulau/status/772113308753289216)) +---- +RT @JacobTorrey: Hoo boy! Going back to @hack_lu this year! Super pumped for another great year! + +(Originally on Twitter: [Sun Sep 04 11:54:08 +0000 2016](https://twitter.com/adulau/status/772402362325540864)) +---- +Thanks to @mikko for stating "You cannot regulate math" #outofcontext #cryptography + +(Originally on Twitter: [Tue Sep 06 08:33:51 +0000 2016](https://twitter.com/adulau/status/773076737567625216)) +---- +Tonight @_saadk abused the following terms: warfare randomcyber fusion center hybrid cloud protection and all in a single sentence. + +(Originally on Twitter: [Tue Sep 06 18:55:25 +0000 2016](https://twitter.com/adulau/status/773233156409454593)) +---- +Geolocalisation of potential VSAT terminals with the support of geospatial data was already a 2009 capability... https://prod01-cdn07.cdn.firstlook.org/wp-uploads/sites/1/2016/07/ghosthunter3.jpg + +(Originally on Twitter: [Tue Sep 06 21:34:40 +0000 2016](https://twitter.com/adulau/status/773273233785225216)) +---- +@hackerfantastic FYI, it looks like the NRO did the imaging so it's most likely the image of a spy satellite. + +(Originally on Twitter: [Tue Sep 06 21:51:56 +0000 2016](https://twitter.com/adulau/status/773277579415609344)) +---- +@hackerfantastic VSAT localization can be done with the frequency difference of arrival (FDOA) and combined with additional parameters. + +(Originally on Twitter: [Tue Sep 06 22:02:18 +0000 2016](https://twitter.com/adulau/status/773280186737582084)) +---- +@hackerfantastic The ellipse gave me the idea of the interference localization. Many interference tool gives you an ellipse-like footprint. + +(Originally on Twitter: [Tue Sep 06 22:06:34 +0000 2016](https://twitter.com/adulau/status/773281263805431809)) +---- +RT @davidbizeul: @adulau define the @MISPProject beginning : "There was never a plan. There was just a series of mitakes". Now a success ! + +(Originally on Twitter: [Thu Sep 08 09:33:19 +0000 2016](https://twitter.com/adulau/status/773816478705606656)) +---- +RT @riedelinc: #borderlesscyber - The art of information sharing is to share more than your adversaries - @adulau #ThreatIntelligence #cybe… + +(Originally on Twitter: [Thu Sep 08 09:34:07 +0000 2016](https://twitter.com/adulau/status/773816676144087040)) +---- +TTPs and IOCs versus Strategic and Tactical - a very interesting perspective from @shrekts at #borderlesscyber @OASISopen + +(Originally on Twitter: [Thu Sep 08 09:42:23 +0000 2016](https://twitter.com/adulau/status/773818758049783808)) +---- +@metaconflict da39a3ee5e6b4b0d3255bfef95601890afd80709 + +(Originally on Twitter: [Thu Sep 08 10:31:22 +0000 2016](https://twitter.com/adulau/status/773831086078132224)) +---- +@hashproofs Maybe you want to add an exclusion list for the values of empty hashes https://github.com/MISP/misp-warninglists/blob/master/lists/empty-hashes/list.json @metaconflict + +(Originally on Twitter: [Thu Sep 08 10:34:57 +0000 2016](https://twitter.com/adulau/status/773831987127787521)) +---- +Blockchain and threatintel were mentioned in the same sentence. Not really sure if I take this as a challenge or not? #borderlesscyber + +(Originally on Twitter: [Thu Sep 08 13:34:48 +0000 2016](https://twitter.com/adulau/status/773877247178575873)) +---- +RT @shrekts: So just learned we may solve trust problems in indicator sharing with blockchains. @adulau something for @MISPProject + +(Originally on Twitter: [Thu Sep 08 13:35:13 +0000 2016](https://twitter.com/adulau/status/773877353957224449)) +---- +@treyka Will this be kinetic like NATO recently proposed? @Iglocska @shrekts + +(Originally on Twitter: [Thu Sep 08 13:38:49 +0000 2016](https://twitter.com/adulau/status/773878259905855488)) +---- +@hashproofs Indeed good point. The probability is low but it's an interesting case of colliding values... Is your code available? + +(Originally on Twitter: [Thu Sep 08 18:24:57 +0000 2016](https://twitter.com/adulau/status/773950265355534336)) +---- +"A Survey on Honeypot Software and Data Analysis" http://arxiv.org/pdf/1608.06249v1.pdf Nice state of the art and an exhaustive data analysis approach. + +(Originally on Twitter: [Sat Sep 10 06:44:54 +0000 2016](https://twitter.com/adulau/status/774498867303878656)) +---- +@dipdip11 Donc Mr @JacquesMyard n'utilise jamais aucun service web TLS sur Internet comme http://portail.assemblee-nationale.fr .... + +(Originally on Twitter: [Sat Sep 10 09:17:11 +0000 2016](https://twitter.com/adulau/status/774537190919573504)) +---- +RT @MISPProject: We work on a new confidence level to be used in @MISPProject to rank sources, events and attributes https://t.co/vIyBtFtp0… + +(Originally on Twitter: [Sat Sep 10 10:38:03 +0000 2016](https://twitter.com/adulau/status/774557542437486592)) +---- +"Enabling Network Security Through Active DNS Datasets" http://www.cc.gatech.edu/~ynadji3/docs/pubs/activedns.pdf Interesting & waiting for http://www.activednsproject.org/ to open + +(Originally on Twitter: [Sun Sep 11 08:33:35 +0000 2016](https://twitter.com/adulau/status/774888609677709312)) +---- +RT @angealbertini: Reverse engineering tip: it's perfectly fine to +- have no idea what to do next +- have made wrong assumptions +- take 'too… + +(Originally on Twitter: [Sun Sep 11 08:46:46 +0000 2016](https://twitter.com/adulau/status/774891927485423616)) +---- +@angealbertini I would add to the list - to create new tools and throw away them due to wrong assumptions + +(Originally on Twitter: [Sun Sep 11 08:50:16 +0000 2016](https://twitter.com/adulau/status/774892804954882052)) +---- +This strange feeling when the X.509 certificate grows significantly in your passive SSL repository and wondering if this is good or bad... + +(Originally on Twitter: [Sun Sep 11 09:00:06 +0000 2016](https://twitter.com/adulau/status/774895281234186241)) +---- +@travisgoodspeed @angealbertini Good question. Maybe the academic data analysis field but I assume RE can be considered as a sub-field. + +(Originally on Twitter: [Sun Sep 11 09:02:17 +0000 2016](https://twitter.com/adulau/status/774895830176243712)) +---- +@Aristot73 If you remove the jargon in p618/619, it describes the incompatibility of the national interests with the necessity of sharing. + +(Originally on Twitter: [Sun Sep 11 09:21:14 +0000 2016](https://twitter.com/adulau/status/774900600517648385)) +---- +RT @Aristot73: posting long reads on twitter and waiting for ppl better than myself to point out the good/bad. works like a charm @cynicals… + +(Originally on Twitter: [Sun Sep 11 09:34:30 +0000 2016](https://twitter.com/adulau/status/774903938990702592)) +---- +What's the best obscure jargon ever https://twitter.com/Aristot73/status/774916912191049729 @_saadk it seems we found our masters at "Strategic Studies Institute" @Iglocska + +(Originally on Twitter: [Sun Sep 11 15:06:41 +0000 2016](https://twitter.com/adulau/status/774987533893640192)) +---- +RT @MISPProject: Our paper about MISP accepted at the 3rd ACM Workshop on Information Sharing and Collaborative Security (WISCS 2016) https… + +(Originally on Twitter: [Mon Sep 12 12:30:28 +0000 2016](https://twitter.com/adulau/status/775310608556298240)) +---- +RT @LucDockendorf: #NetFreedomCoE conclusions with homework for states, the @coe itself, the private sector and NGOs. https://t.co/Ul2kuTSo… + +(Originally on Twitter: [Tue Sep 13 16:13:12 +0000 2016](https://twitter.com/adulau/status/775729050644021248)) +---- +RT @thegrugq: You could hire the world's top talent security researchers for less than the cost of all those FireEye licenses. Would stop m… + +(Originally on Twitter: [Wed Sep 14 04:39:35 +0000 2016](https://twitter.com/adulau/status/775916882243170304)) +---- +@msuiche Yep we are ;-) @rafi0t + +(Originally on Twitter: [Wed Sep 14 08:47:51 +0000 2016](https://twitter.com/adulau/status/775979363686907904)) +---- +RT @gcouprie: the first ten years of Curve25519 https://nginx.nieman.de/slides-djb-20160309-4x3.cleaned.pdf great slides about the background and evolution of that curve + +(Originally on Twitter: [Thu Sep 15 18:14:09 +0000 2016](https://twitter.com/adulau/status/776484261767553024)) +---- +"“Flow Size Difference” Can Make a Difference: Detecting +Malicious TCP Network Flows Based on Benford’s Law" http://arxiv.org/pdf/1609.04214v1.pdf + +(Originally on Twitter: [Sat Sep 17 05:43:06 +0000 2016](https://twitter.com/adulau/status/777020030739415041)) +---- +Various fixes and updates in cve-search https://github.com/cve-search/cve-search don't forget to update @pidgeyL @wimremes + +(Originally on Twitter: [Sat Sep 17 10:56:42 +0000 2016](https://twitter.com/adulau/status/777098953527525376)) +---- +@martijn_grooten Sure ;-) Another good example of a missing dot can change the surrounding world of @pidgeyL @wimremes + +(Originally on Twitter: [Sat Sep 17 11:00:34 +0000 2016](https://twitter.com/adulau/status/777099925939228672)) +---- +RT @MISPProject: We will present Building and Designing MISP at @OReillySecurity 11 November, 2016 in Amsterdam http://conferences.oreilly.com/security/network-data-security-eu/public/schedule/detail/52807 + +(Originally on Twitter: [Sun Sep 18 06:12:56 +0000 2016](https://twitter.com/adulau/status/777389925238964224)) +---- +The intelligence community doesn't care about online privacy but do you really think that the advertising business does better? #privacy + +(Originally on Twitter: [Sun Sep 18 09:53:26 +0000 2016](https://twitter.com/adulau/status/777445418267504640)) +---- +RT @marver: If you wondered about the impact of the vulnerabilities we (@veorq and me) discovered in Signal, here's the update: https://t.c… + +(Originally on Twitter: [Wed Sep 21 04:34:18 +0000 2016](https://twitter.com/adulau/status/778452267418591232)) +---- +"Fast Algorithms for the Maximum Clique Problem on Massive Graphs" http://cucis.ece.northwestern.edu/publications/pdf/PatPat14.pdf Interesting new candidate for networkx + +(Originally on Twitter: [Thu Sep 22 04:52:38 +0000 2016](https://twitter.com/adulau/status/778819268842393600)) +---- +RT @halvarflake: When comparing security appliances and homeopathy, remember that the latter at least provably provides a placebo effect. + +(Originally on Twitter: [Thu Sep 22 05:39:37 +0000 2016](https://twitter.com/adulau/status/778831095542448128)) +---- +@MarieGMoe @hardwear_io have you checked the firmware of each device surrounding you? It seems like a huge attack surface ;-) + +(Originally on Twitter: [Thu Sep 22 09:11:36 +0000 2016](https://twitter.com/adulau/status/778884440755998720)) +---- +@Dymaxion Any reference? Often it's no so black and white. There might be some valid fraud detection use-cases. + +(Originally on Twitter: [Thu Sep 22 10:14:55 +0000 2016](https://twitter.com/adulau/status/778900376607154176)) +---- +@Dymaxion Are the slides available? Curious about the scope of sharing in their cases. + +(Originally on Twitter: [Thu Sep 22 10:24:59 +0000 2016](https://twitter.com/adulau/status/778902908565856256)) +---- +The recent blog post http://hintjens.com/blog:125 of @hintjens is interesting especially his experience with the standardization aspects. + +(Originally on Twitter: [Thu Sep 22 10:38:57 +0000 2016](https://twitter.com/adulau/status/778906423837257728)) +---- +RT @REhints: The winners of Hex-Rays Plugin Contest 2016: 1) Ponce, 2) VMAttack, 3) Keypatch. Congrats!! https://www.hex-rays.com/contests/2016/index.shtml + +(Originally on Twitter: [Sat Sep 24 07:16:17 +0000 2016](https://twitter.com/adulau/status/779580194894016512)) +---- +I see a lot of statements about "machine learning" and evaluating "threatintel" but cannot find a good paper or implementation. And you? + +(Originally on Twitter: [Sat Sep 24 07:32:05 +0000 2016](https://twitter.com/adulau/status/779584171882807296)) +---- +@metaconflict LangSec is a different topic, it's about parsers security and so on. + +(Originally on Twitter: [Sat Sep 24 07:54:06 +0000 2016](https://twitter.com/adulau/status/779589714395488256)) +---- +@cmatthewbrooks Indeed, tiq-test (@alexcpsec) is the only implementation I'm aware of. We plan to experiment it as a module in @MISPProject + +(Originally on Twitter: [Sat Sep 24 07:58:26 +0000 2016](https://twitter.com/adulau/status/779590802855059456)) +---- +RT @piotrkijewski: @adulau @cmatthewbrooks @alexcpsec @MISPProject We released a tool for overlap tests https://github.com/pp-/feed-evaluation (also: http… + +(Originally on Twitter: [Sat Sep 24 10:46:56 +0000 2016](https://twitter.com/adulau/status/779633210317733888)) +---- +@alexcpsec Great I'll be there to present @MISPProject @cmatthewbrooks nice timing. + +(Originally on Twitter: [Sat Sep 24 14:14:03 +0000 2016](https://twitter.com/adulau/status/779685330337337344)) +---- +RT @olesovhcom: This botnet with 145607 cameras/dvr (1-30Mbps per IP) is able to send >1.5Tbps DDoS. Type: tcp/ack, tcp/ack+psh, tcp/syn. + +(Originally on Twitter: [Sun Sep 25 14:51:13 +0000 2016](https://twitter.com/adulau/status/780057071962161156)) +---- +@jpmens you mean a series of CWE... + +(Originally on Twitter: [Tue Sep 27 06:45:35 +0000 2016](https://twitter.com/adulau/status/780659632855482368)) +---- +RT @piotrkijewski: 850k IPs still out there with Cisco IOS IKEv1 packet processing vuln allowing remote unauth memory content retrieval htt… + +(Originally on Twitter: [Tue Sep 27 08:23:18 +0000 2016](https://twitter.com/adulau/status/780684223766208516)) +---- +RT @ajhdock: @IamStan @AlecMuffett To clarify, the threat model we're looking at here is not tampering during dl, but enumerating what pkgs… + +(Originally on Twitter: [Tue Sep 27 08:47:26 +0000 2016](https://twitter.com/adulau/status/780690299777650691)) +---- +RT @zmanion: Finally captured on film: 2nd best chops in infosec (at #CyberGreen workshop). CC @SushiDude ![](media/780872496203591684-CtY2oJNWAAAvY84.jpg) + +(Originally on Twitter: [Tue Sep 27 20:51:25 +0000 2016](https://twitter.com/adulau/status/780872496203591684)) +---- +"Analyzing Malware Putty using Function Alignment in the Binary" +http://pi.informatik.uni-siegen.de/stt/36_2/01_Fachgruppenberichte/WSRE2016/WSRE2016_08_paper_15.pdf #vizsec + +(Originally on Twitter: [Wed Sep 28 04:44:28 +0000 2016](https://twitter.com/adulau/status/780991541095567361)) +---- +RT @WeldPond: We have different hardware plugs for electical safety. Do we need different software plugs for IoT network bandwidth safety?… + +(Originally on Twitter: [Wed Sep 28 14:51:15 +0000 2016](https://twitter.com/adulau/status/781144242529992704)) +---- +'cyber-surveillance technology' includes 'digital forensics' http://trade.ec.europa.eu/doclib/docs/2016/september/tradoc_154976.pdf considered as "dual-use" items and subject of control? + +(Originally on Twitter: [Thu Sep 29 17:42:09 +0000 2016](https://twitter.com/adulau/status/781549640562905088)) +---- +Scanning from passive DNS records including the "static" string gives much faster results than direct wide scanning. Maybe it's just me... + +(Originally on Twitter: [Thu Sep 29 17:47:58 +0000 2016](https://twitter.com/adulau/status/781551102932246528)) +---- +RT @cBekrar: @adulau I tell you, this EU self-made list of dual-use items is going to be worst than Wassenaar, bad effects to be seen in 1… + +(Originally on Twitter: [Thu Sep 29 17:49:51 +0000 2016](https://twitter.com/adulau/status/781551578734010368)) +---- +RT @circl_lu: Want to do an internship with @circl_lu team check out the open projects https://www.circl.lu/projects/internships/ in forensic, data mining and… + +(Originally on Twitter: [Fri Sep 30 10:23:17 +0000 2016](https://twitter.com/adulau/status/781801584451878912)) +---- +@Jipe_ Everything can be considered as "dual-use" from Scapy to gdb including @Suricata_IDS or even @MISPProject as monitoring centers. + +(Originally on Twitter: [Sat Oct 01 06:44:57 +0000 2016](https://twitter.com/adulau/status/782109026746236928)) +---- +Neural Redis is a Redis loadable module that implements feed forward neural networks as a native data type for Redis https://github.com/antirez/neural-redis + +(Originally on Twitter: [Sat Oct 01 07:32:01 +0000 2016](https://twitter.com/adulau/status/782120873373335553)) +---- +"As of October 1, 2016, the IANA functions contract has expired." http://www.ntia.doc.gov/press-release/2016/statement-assistant-secretary-strickling-iana-functions-contract This might become a date in the Internet history + +(Originally on Twitter: [Sat Oct 01 10:31:52 +0000 2016](https://twitter.com/adulau/status/782166133839425536)) +---- +@ClausHoumann Good question. Maybe the future will tell us... + +(Originally on Twitter: [Sat Oct 01 19:28:55 +0000 2016](https://twitter.com/adulau/status/782301283298533376)) +---- +"Introduction to Cyberdeception" http://www.springer.com/us/book/9783319411859 The topic seems interesting but the @SpringerOpen paywall seems like a deception. + +(Originally on Twitter: [Sat Oct 01 19:36:41 +0000 2016](https://twitter.com/adulau/status/782303241522581504)) +---- +RT @kafeine: RIG evolves, Neutrino waves goodbye, Empire Pack appears http://malware.dontneedcoffee.com/2016/10/rig-evolves-neutrino-waves-goodbye.html ![](media/782497984806215680-Ctu--GCW8AA25Bv.jpg) + +(Originally on Twitter: [Sun Oct 02 08:30:32 +0000 2016](https://twitter.com/adulau/status/782497984806215680)) +---- +@evematringe Si je trouve une version en ligne, je fais une review... + +(Originally on Twitter: [Sun Oct 02 08:35:52 +0000 2016](https://twitter.com/adulau/status/782499326165676032)) +---- +RT @MISPProject: Upcoming activities in October and November for the MISP core team http://www.misp-project.org/2016/10/02/MISP-Upcoming-Activities.html Join us in Amsterdam, Vienna, U… + +(Originally on Twitter: [Sun Oct 02 10:08:08 +0000 2016](https://twitter.com/adulau/status/782522547124461568)) +---- +Many thanks to @hintjens for his continuous investment in free software, building better communities and being a great human. We love you. + +(Originally on Twitter: [Sun Oct 02 17:37:17 +0000 2016](https://twitter.com/adulau/status/782635578408001536)) +---- +Sometime a vulnerability can be fun "Unspecified vulnerability in the kernel-uek component" UEK stands for Unbreakable Enterprise Kernel + +(Originally on Twitter: [Sun Oct 02 18:32:50 +0000 2016](https://twitter.com/adulau/status/782649558979506178)) +---- +Just saw @Snowden on a bridge in Maastricht https://www.flickr.com/photos/adulau/29958847802/ #photography #Stickers + +(Originally on Twitter: [Sun Oct 02 20:13:48 +0000 2016](https://twitter.com/adulau/status/782674967011946497)) +---- +Seeing the signal/wire discussion, I suppose the path would be to make an Internet-Draft/RFC but I suppose it's too RFC 4880 for some. + +(Originally on Twitter: [Mon Oct 03 13:45:21 +0000 2016](https://twitter.com/adulau/status/782939598817226752)) +---- +RT @circl_lu: Mirai scanner set the TCP ISN with the destination IP address https://github.com/jgamblin/Mirai-Source-Code/blob/6a5941be681b839eeff8ece1de8b245bcd5ffb02/mirai/bot/scanner.c#L225 nice way to classify the scanning post-… + +(Originally on Twitter: [Mon Oct 03 14:44:59 +0000 2016](https://twitter.com/adulau/status/782954606263500801)) +---- +@cnoanalysis Good point. It's indeed the main challenge for us as the @MISPProject community. https://github.com/MISP + +(Originally on Twitter: [Mon Oct 03 18:29:21 +0000 2016](https://twitter.com/adulau/status/783011069879001088)) +---- +@ClausHoumann Regulation of technology is very hard. Usually the impact on the good guys is higher and the bad guys overcome the restriction + +(Originally on Twitter: [Mon Oct 03 19:50:31 +0000 2016](https://twitter.com/adulau/status/783031497523662848)) +---- +RT @hack_lu: Some last minutes changes to @hack_lu 2016 agenda https://2016.hack.lu/agenda/ and still some seats left. Don't forget to register… + +(Originally on Twitter: [Tue Oct 04 15:40:55 +0000 2016](https://twitter.com/adulau/status/783331070909542400)) +---- +@cases_lu Not sure airgapping is really improving security at the end. Especially if your software cannot be connected in untrusted networks + +(Originally on Twitter: [Tue Oct 04 16:41:45 +0000 2016](https://twitter.com/adulau/status/783346381960384512)) +---- +@cafeNArlon Sure. Any topic of interest? + +(Originally on Twitter: [Tue Oct 04 18:40:46 +0000 2016](https://twitter.com/adulau/status/783376329467109376)) +---- +RT @WeldPond: Sources say Marissa Mayer giving US govt permission to spy on Yahoo mail users is why Alex Stamos left. https://t.co/2Z3HDutR… + +(Originally on Twitter: [Tue Oct 04 18:53:08 +0000 2016](https://twitter.com/adulau/status/783379444480241664)) +---- +@cafeNArlon @remi_laurent Building an Information Sharing Platform and Community. Ok? + +(Originally on Twitter: [Tue Oct 04 19:35:52 +0000 2016](https://twitter.com/adulau/status/783390197065064449)) +---- +@find_evil maybe the best is to build real communities and really face the difficulty of sharing information check @MISPProject + +(Originally on Twitter: [Tue Oct 04 19:59:54 +0000 2016](https://twitter.com/adulau/status/783396245222096897)) +---- +@github What's the best way to list all pull requests for all the repositories where you have write access to? https://twitter.com/rafi0t/status/783294819426824201 + +(Originally on Twitter: [Wed Oct 05 08:38:28 +0000 2016](https://twitter.com/adulau/status/783587145982304256)) +---- +RT @taviso: @hanno I think ghostscript has been neglected by fuzzers (perhaps people don't realize how easy it is to reach remotely?). Help… + +(Originally on Twitter: [Wed Oct 05 20:23:28 +0000 2016](https://twitter.com/adulau/status/783764565049896960)) +---- +@hanno Don't forget what's trigger the deprecation roadmap, Microsoft had probably very good reason to do so. + +(Originally on Twitter: [Thu Oct 06 06:46:23 +0000 2016](https://twitter.com/adulau/status/783921326100709376)) +---- +@hanno It's maybe one of them who triggers further analysis... + +(Originally on Twitter: [Thu Oct 06 07:08:46 +0000 2016](https://twitter.com/adulau/status/783926957700505601)) +---- +I would like to thank @Iglocska for the today remembering of the old history between Perl and PHP. Every data-structure has his history. + +(Originally on Twitter: [Thu Oct 06 17:40:54 +0000 2016](https://twitter.com/adulau/status/784086042651533312)) +---- +@Aristot73 Page 39, there is a mention of some data collection but the researchers pinpoint our limited view on this. Privacy vs potential? + +(Originally on Twitter: [Fri Oct 07 06:36:57 +0000 2016](https://twitter.com/adulau/status/784281339096727552)) +---- +RT @circl_lu: So Mirai has 63 passwords in its brute-force list when the Morris worm had 432 words for brute-force? Don't forget the Morris… + +(Originally on Twitter: [Fri Oct 07 08:43:13 +0000 2016](https://twitter.com/adulau/status/784313117291401216)) +---- +Again during useless and dangerous hunting season in Belgium, media is relaying bullshit http://mobile.lesoir.be/1336251/article/demain-terre/biodiversite/2016-10-07/une-chauve-souris-enragee-mord-un-promeneur-en-belgique + +(Originally on Twitter: [Fri Oct 07 16:45:26 +0000 2016](https://twitter.com/adulau/status/784434469637939200)) +---- +RT @MISPProject: MISP 2.4.52 released including flexible freetext feed import to add any #threatintel feed and @Bro_IDS export. https://t.c… + +(Originally on Twitter: [Fri Oct 07 20:13:05 +0000 2016](https://twitter.com/adulau/status/784486725489979392)) +---- +@SteveClement Have you seen any advanced glorifications of synthesized organic components beside the mass-produced ethyl alcohol? + +(Originally on Twitter: [Sun Oct 09 10:18:02 +0000 2016](https://twitter.com/adulau/status/785061752266514432)) +---- +@SteveClement Could be an Argiope but difficult to say from profile + +(Originally on Twitter: [Sun Oct 09 10:25:36 +0000 2016](https://twitter.com/adulau/status/785063657059282944)) +---- +Gathering the datasets for this year academic session, this year's session will have a strong focus on distributed blackhole monitoring. + +(Originally on Twitter: [Sun Oct 09 21:07:39 +0000 2016](https://twitter.com/adulau/status/785225234693627906)) +---- +RT @artem_i_baranov: 64-bit ver of kgate #Remsec plugin uses same 64-bit code from orig kgate, but exploits AVAST! Virtualization Driver. D… + +(Originally on Twitter: [Mon Oct 10 16:19:09 +0000 2016](https://twitter.com/adulau/status/785515018469138433)) +---- +RT @leifnixon: 103. 176.68.218.240 ![](media/785736747468533760-Cud9apuWAAEq-9C.jpg) + +(Originally on Twitter: [Tue Oct 11 07:00:13 +0000 2016](https://twitter.com/adulau/status/785736747468533760)) +---- +@FredericJacobs Very nifty at border controls. Take a tea, have a chat and charge your phone. @Cellebrite_UFED + +(Originally on Twitter: [Tue Oct 11 10:32:19 +0000 2016](https://twitter.com/adulau/status/785790124562972672)) +---- +At @MISPProject summit we will talk about our new internet-draft who defines the simple threat sharing format behind misp @Iglocska + +(Originally on Twitter: [Tue Oct 11 11:03:15 +0000 2016](https://twitter.com/adulau/status/785797908306227200)) +---- +RT @Iglocska: @shrekts @adulau @MISPProject https://t.co/8XYlNQjYLn + +(Originally on Twitter: [Tue Oct 11 15:41:31 +0000 2016](https://twitter.com/adulau/status/785867934698770432)) +---- +@ddurvaux remind me of the good old days we were insulting attackers with the support of reforcement learning in our honeypots. + +(Originally on Twitter: [Tue Oct 11 16:45:23 +0000 2016](https://twitter.com/adulau/status/785884009826050048)) +---- +@ddurvaux https://www.researchgate.net/publication/220673421_Heliza_Talking_dirty_to_the_attackers + +(Originally on Twitter: [Tue Oct 11 17:11:33 +0000 2016](https://twitter.com/adulau/status/785890595684384768)) +---- +@_Sn0rkY Sometime the best is to grab some popcorns and listen to the silly vendor statements... + +(Originally on Twitter: [Tue Oct 11 18:03:27 +0000 2016](https://twitter.com/adulau/status/785903655547441152)) +---- +RT @craiu: Cybercriminals attempt to clone the index page of our sinkhole servers to avoid takedowns: https://securelist.com/blog/incidents/76357/trust-me-i-have-a-pen/ + +(Originally on Twitter: [Wed Oct 12 05:40:04 +0000 2016](https://twitter.com/adulau/status/786078964469161985)) +---- +@craiu Nice finding. I'm still strugling to find the right approach, should we publish publicly all the known and trusted sinkholes? + +(Originally on Twitter: [Wed Oct 12 05:42:12 +0000 2016](https://twitter.com/adulau/status/786079501302263808)) +---- +RT @craiu: @adulau I think that would be the right way, yet many other still prefer to run their sinkholes in a more obscure fashion + +(Originally on Twitter: [Wed Oct 12 06:06:01 +0000 2016](https://twitter.com/adulau/status/786085497173057536)) +---- +@Aristot73 When reading your tweet, I though initially it was the eCall initiative. It's maybe due to the word "surveillance" @EP_ThinkTank + +(Originally on Twitter: [Wed Oct 12 08:12:21 +0000 2016](https://twitter.com/adulau/status/786117286750924800)) +---- +Lesson of the day: free software was developed (and successful) apart from the standard funding schemes. Especially for security software. + +(Originally on Twitter: [Thu Oct 13 15:25:30 +0000 2016](https://twitter.com/adulau/status/786588680378920961)) +---- +IoTPOT – Analysing the Rise of IoT Compromises http://ipsr.ynu.ac.jp/iot/index.html The datasets seem interesting for further analysis. #honeypot + +(Originally on Twitter: [Fri Oct 14 06:53:31 +0000 2016](https://twitter.com/adulau/status/786822223399116800)) +---- +RT @MISPProject: "The Kings In Your Castle Part #1" https://cyber.wtf/2016/10/12/the-kings-in-your-castle-all-the-lame-threats-that-own-you-but-will-never-make-you-famous/ insightful malware analysis using @MISPProject by @pinkflawd @r… + +(Originally on Twitter: [Fri Oct 14 15:23:30 +0000 2016](https://twitter.com/adulau/status/786950567461519364)) +---- +@ralphholz Indeed we did various experiments and one is published http://www.foo.be/papers/sdbf.pdf "SDBF: Smart DNS Brute-Forcer" @hashbreaker + +(Originally on Twitter: [Sat Oct 15 07:20:55 +0000 2016](https://twitter.com/adulau/status/787191506348154880)) +---- +RT @cyb3rops: AVClass +malware labeling tool +> give AV labels of samples (e.g. VT JSON) & it outputs the most likely family name +https://t.c… + +(Originally on Twitter: [Sat Oct 15 15:02:53 +0000 2016](https://twitter.com/adulau/status/787307767757406208)) +---- +@adriengnt Maybe some authors of ransomware understood it as the Random Shitty Algorithm? + +(Originally on Twitter: [Sun Oct 16 08:25:36 +0000 2016](https://twitter.com/adulau/status/787570172022427648)) +---- +@kevinallix Thanks for the info. I'll do some tests with our datasets. @cyb3rops + +(Originally on Twitter: [Sun Oct 16 08:50:22 +0000 2016](https://twitter.com/adulau/status/787576406893101056)) +---- +@tomchop_ I would ring the blank ones, it seems very promising. @Aristot73 #antiforensic + +(Originally on Twitter: [Sun Oct 16 09:40:14 +0000 2016](https://twitter.com/adulau/status/787588955009126400)) +---- +we just published a first Internet-Draft https://tools.ietf.org/html/draft-dulaunoy-misp-core-format-00 for the @MISPProject core format #threatintel #misp cc @Iglocska + +(Originally on Twitter: [Sun Oct 16 10:11:03 +0000 2016](https://twitter.com/adulau/status/787596709761277952)) +---- +Maybe some future interesting security considerations in " Next-Generation Vehicle-Initiated Emergency Calls"? https://tools.ietf.org/html/draft-ietf-ecrit-car-crash-15 + +(Originally on Twitter: [Sun Oct 16 12:31:33 +0000 2016](https://twitter.com/adulau/status/787632069375582208)) +---- +@pbeyssac L'interception de masse est une réalité. Pourquoi on parlotte sur la législation ? Le "threat model" a changé. @manhack + +(Originally on Twitter: [Sun Oct 16 18:16:46 +0000 2016](https://twitter.com/adulau/status/787718948091465728)) +---- +@marcosorallo Nothing to do with it. It's basically to help people wanting to use MISP format to have an adequate ref @MISPProject @Iglocska + +(Originally on Twitter: [Mon Oct 17 08:10:54 +0000 2016](https://twitter.com/adulau/status/787928860918677504)) +---- +RT @xme: So true! ;) ![](media/788018617011011585-Cu-aVlPWIAAto0H.jpg) + +(Originally on Twitter: [Mon Oct 17 14:07:33 +0000 2016](https://twitter.com/adulau/status/788018617011011585)) +---- +RT @ln4711: Tor 0.2.8.9 is released (with security fixes) https://lists.torproject.org/pipermail/tor-announce/2016-October/000115.html Please upgrade clients, onion services, relays and author… + +(Originally on Twitter: [Mon Oct 17 21:12:41 +0000 2016](https://twitter.com/adulau/status/788125602930954240)) +---- +RT @cory_scott: Day 1 of #hacklu ended with @shellphish talk on Mechanical Phish - a killer robot that automatically finds bugs and kills t… + +(Originally on Twitter: [Tue Oct 18 23:54:02 +0000 2016](https://twitter.com/adulau/status/788528597015363584)) +---- +@blackswanburst Every single dirty and little hacks should seen the light of day. We started some bigger projects from dirty little hacks. + +(Originally on Twitter: [Wed Oct 19 09:48:43 +0000 2016](https://twitter.com/adulau/status/788678255717060608)) +---- +@blackswanburst This was the ping message of the day from the #hacklu friendly battlefield @rafi0t @pinkflawd @message4bob see you soon + +(Originally on Twitter: [Wed Oct 19 09:51:06 +0000 2016](https://twitter.com/adulau/status/788678853409595392)) +---- +RT @blackswanburst: Also, @message4bob could you please invite these people to come present in Cambridge? -----> @pinkflawd @adulau @rafi0t + +(Originally on Twitter: [Wed Oct 19 11:51:48 +0000 2016](https://twitter.com/adulau/status/788709229049868288)) +---- +RT @message4bob: Yes! Great idea. We hold security seminars, so if you're interested we should make it happen :) @blackswanburst @pinkflawd… + +(Originally on Twitter: [Wed Oct 19 11:53:35 +0000 2016](https://twitter.com/adulau/status/788709677571907584)) +---- +The future of forensic analysis with @ECCOUNCIL ... yep just kidding. #DFIR ![](media/788841936786427905-CvKHi2aWgAAaquR.jpg) + +(Originally on Twitter: [Wed Oct 19 20:39:08 +0000 2016](https://twitter.com/adulau/status/788841936786427905)) +---- +RT @pinkflawd: #hacklu talks have advanced to different levels ![](media/789016039245905920-CvJo26tXYAEF3dN.jpg) + +(Originally on Twitter: [Thu Oct 20 08:10:57 +0000 2016](https://twitter.com/adulau/status/789016039245905920)) +---- +RT @MISPProject: Asking the @MISPProject community: Would you like a way to vote for and share your reviews of organisations? + +(Originally on Twitter: [Thu Oct 20 09:12:24 +0000 2016](https://twitter.com/adulau/status/789031504294907904)) +---- +RT @Ivanlef0u: Dans les coulisses de Microsoft Windows http://ntoskrnl.org + +(Originally on Twitter: [Thu Oct 20 09:30:06 +0000 2016](https://twitter.com/adulau/status/789035956326326272)) +---- +RT @JacobTorrey: The amazing @pinkflawd hacking into the minds and though-processes of malware actors at #hacklu! + +(Originally on Twitter: [Thu Oct 20 09:34:02 +0000 2016](https://twitter.com/adulau/status/789036948283326464)) +---- +@ClausHoumann The likelyhood seems the most difficult one to calculate especially without real dataset. + +(Originally on Twitter: [Thu Oct 20 10:09:02 +0000 2016](https://twitter.com/adulau/status/789045754467848193)) +---- +RT @cbrocas: @pstirparo @tomchop_ @xme @adulau @y0m @DidierStevens @cryptage @o0tAd0o @metabrik so nice to meet you and all of you too :-)… + +(Originally on Twitter: [Thu Oct 20 15:27:30 +0000 2016](https://twitter.com/adulau/status/789125899920797696)) +---- +RT @therealsaumil: @adulau @rbidule @rafi0t @Ministraitor @ClausHoumann and the awesome @hack_lu crew, thank you so much for another great… + +(Originally on Twitter: [Thu Oct 20 15:55:11 +0000 2016](https://twitter.com/adulau/status/789132865263038465)) +---- +RT @ClausHoumann: @therealsaumil @adulau @rbidule @rafi0t @Ministraitor @hack_lu next year you'll do the karaoke Saumil? :) was great from… + +(Originally on Twitter: [Fri Oct 21 05:09:32 +0000 2016](https://twitter.com/adulau/status/789332771298828288)) +---- +RT @opexxx: firminsight - Automatic collect firmwares from internet,decompress,find binary code,extract info. Use Capstone/ https://t.co/Qh… + +(Originally on Twitter: [Fri Oct 21 06:31:34 +0000 2016](https://twitter.com/adulau/status/789353414220185600)) +---- +RT @MISPProject: MISP Internet Drafts Published http://www.misp-project.org/2016/10/21/MISP-Internet-Drafts-Published.html more information about our approach regarding specifications + +(Originally on Twitter: [Fri Oct 21 11:36:07 +0000 2016](https://twitter.com/adulau/status/789430057420910592)) +---- +RT @pstirparo: Was nice meeting @tomchop_ @xme @adulau @y0m @DidierStevens @cbrocas @cryptax @o0tAd0o @metabrik the @circl_lu team + all th… + +(Originally on Twitter: [Fri Oct 21 11:37:23 +0000 2016](https://twitter.com/adulau/status/789430378482327552)) +---- +Academics often tell me that Passive DNS is not "hype" for research but I have the impression this might change in the next hours. #Internet + +(Originally on Twitter: [Fri Oct 21 19:54:38 +0000 2016](https://twitter.com/adulau/status/789555512476069888)) +---- +Is the ISN still set with the destination IP address in the new variant of Mirai like we saw? Filtering opportunity. +https://twitter.com/circl_lu/status/782954260682113024 + +(Originally on Twitter: [Fri Oct 21 20:02:17 +0000 2016](https://twitter.com/adulau/status/789557441222541314)) +---- +Glad to see my past twelve years of minimal tshirt design for @hack_lu in the @fluxfingers CTF https://twitter.com/___wr___/status/789565525231886336 + +(Originally on Twitter: [Fri Oct 21 20:44:49 +0000 2016](https://twitter.com/adulau/status/789568144402767872)) +---- +RT @frennkie: @hack_lu #hacklu also great: reporting a bug/feature request to @MISPProject and getting it implemented within minutes. Aweso… + +(Originally on Twitter: [Fri Oct 21 21:13:03 +0000 2016](https://twitter.com/adulau/status/789575250111504384)) +---- +RT @RobertMLee: Internet availability should give serious pause to any industrial site thinking SCADA in the cloud is a good idea. + +(Originally on Twitter: [Sat Oct 22 05:57:38 +0000 2016](https://twitter.com/adulau/status/789707265708269568)) +---- +The special quote of the day "Do or Die" for @pidgeyL @rafi0t @Iglocska @pinkflawd @cvandeplas @PatriceAuffret @rotanid @alexanderjaeger + +(Originally on Twitter: [Sat Oct 22 07:40:57 +0000 2016](https://twitter.com/adulau/status/789733266349813761)) +---- +RT @MISPProject: MISP 2.4.53 released including critical security fixes and new features. Update asap. +http://www.misp-project.org/2016/10/22/MISP-2.4.53-released.html + +(Originally on Twitter: [Sat Oct 22 13:47:15 +0000 2016](https://twitter.com/adulau/status/789825448339501056)) +---- +You can replace "Cyber" by "IoT, Secure Software, Cloud, APT, Machine Learning, Dark Web, Threat Intelligence, War" +https://twitter.com/ccdcoe/status/789833810942763008 + +(Originally on Twitter: [Sat Oct 22 14:39:14 +0000 2016](https://twitter.com/adulau/status/789838530621087744)) +---- +RT @MISPProject: Wondering about @MISPProject and the EU Personal Data Regulation including GDPR checkout the slides from MISP summit https… + +(Originally on Twitter: [Sun Oct 23 13:21:32 +0000 2016](https://twitter.com/adulau/status/790181362594615301)) +---- +@rafi0t "All languages and none" as Salvatore is used to do. + +(Originally on Twitter: [Sun Oct 23 20:39:11 +0000 2016](https://twitter.com/adulau/status/790291500919906305)) +---- +@rj_gallagher Looking at the customer lists, there are many legitimate use-cases for them to use #Endace cards. @theintercept + +(Originally on Twitter: [Mon Oct 24 08:06:23 +0000 2016](https://twitter.com/adulau/status/790464440986722304)) +---- +@Aristot73 Diversity versus Monoculture http://geer.tinho.net/acm.geer.0704.pdf as described by Dan Geer. Some cloud services are clearly monoculture. + +(Originally on Twitter: [Mon Oct 24 08:38:55 +0000 2016](https://twitter.com/adulau/status/790472628809138176)) +---- +If everyone take the same vendor source for "darkweb monitoring", this might be the best approach to support your adversaries. + +(Originally on Twitter: [Mon Oct 24 13:33:23 +0000 2016](https://twitter.com/adulau/status/790546732505530368)) +---- +RT @ClausHoumann: @nrx_ch @hack_lu btw last year the big word was bamboo. Somehow didn't make it on the logo .... @adulau to blame I think 🎍 + +(Originally on Twitter: [Mon Oct 24 18:04:59 +0000 2016](https://twitter.com/adulau/status/790615082329894912)) +---- +@ClausHoumann the stegano was too strong at the end... @nrx_ch @hack_lu + +(Originally on Twitter: [Mon Oct 24 18:06:20 +0000 2016](https://twitter.com/adulau/status/790615422009741312)) +---- +RT @MISPProject: "MISP - The Design and Implementation of a Collaborative Threat Intelligence Sharing Platform" http://www.foo.be/papers/misp.pdf #Th… + +(Originally on Twitter: [Mon Oct 24 19:46:12 +0000 2016](https://twitter.com/adulau/status/790640554027655168)) +---- +RT @doegox: PoC||GTFO 0x13 PostScript maze made easier: +sed -i 's/40\( % twistiness\)/1\1/' pocorgtfo13.pdf ![](media/790782822994808832-CviMueCWAAAYKQD.jpg) + +(Originally on Twitter: [Tue Oct 25 05:11:31 +0000 2016](https://twitter.com/adulau/status/790782822994808832)) +---- +@Aristot73 Maybe the number of adversaries on the same compromised device is higher. N times Carna-like Botnet. @ErrataRob @Maliciouslink + +(Originally on Twitter: [Tue Oct 25 05:45:56 +0000 2016](https://twitter.com/adulau/status/790791481946738688)) +---- +@Aristot73 Mitigation is similar to other network of compromised devices. Notification and/or active take-downs. @ErrataRob @Maliciouslink + +(Originally on Twitter: [Tue Oct 25 05:47:53 +0000 2016](https://twitter.com/adulau/status/790791975234666496)) +---- +A high performance DNS cache designed for Content Delivery Networks, with built-in security mechanisms by @jedisct1 https://github.com/jedisct1/edgedns + +(Originally on Twitter: [Tue Oct 25 08:54:16 +0000 2016](https://twitter.com/adulau/status/790838880014573568)) +---- +RT @hashbreaker: Unscientific studies strongly suggest that the most common lie told by Americans is "I have read and agree to these terms… + +(Originally on Twitter: [Tue Oct 25 20:22:53 +0000 2016](https://twitter.com/adulau/status/791012174915309568)) +---- +RT @anttitikkanen: I love that @virustotal has not gone for a #cyber rebranding, even if most APT threat intel reports rely heavily on thei… + +(Originally on Twitter: [Tue Oct 25 22:09:40 +0000 2016](https://twitter.com/adulau/status/791039049972740096)) +---- +I just experienced a false-positive detection of explosive on my bag with a puffer machine at the airport. Then a friendly police interview. + +(Originally on Twitter: [Wed Oct 26 14:05:57 +0000 2016](https://twitter.com/adulau/status/791279705144131584)) +---- +@Ministraitor the interesting part is they don't do a second test. It seems they have a paper logbook with detect time and passport number. + +(Originally on Twitter: [Wed Oct 26 14:21:36 +0000 2016](https://twitter.com/adulau/status/791283640965660672)) +---- +@Ministraitor yep and the best I pass a bottle of water. The security circus at its best. + +(Originally on Twitter: [Wed Oct 26 14:28:08 +0000 2016](https://twitter.com/adulau/status/791285285313212416)) +---- +@aris_ada I had this litmus/puffer test many times in various airports but first FP. German police was fine but imagine in non-friendly env. + +(Originally on Twitter: [Wed Oct 26 16:42:22 +0000 2016](https://twitter.com/adulau/status/791319070192852992)) +---- +RT @6vis_pacem: Tomorrow during our #CPSI forum we will have a @MISPProject présentation by @adulau because for CISOs too #InformationShari… + +(Originally on Twitter: [Thu Oct 27 05:57:26 +0000 2016](https://twitter.com/adulau/status/791519155082108928)) +---- +The @IKEA quality is lowering down : a simple proof with a walnut. Model lack table 14729. ![](media/791610580142583813-CvxdnQUXEAAAguh.jpg) + +(Originally on Twitter: [Thu Oct 27 12:00:44 +0000 2016](https://twitter.com/adulau/status/791610580142583813)) +---- +RT @5aelo: So here's my writeup for CVE-2016-4622: http://www.phrack.org/papers/attacking_javascript_engines.html enjoy! #phrack + +(Originally on Twitter: [Thu Oct 27 17:37:23 +0000 2016](https://twitter.com/adulau/status/791695302751358985)) +---- +@xme looks like a honeytrap... #physicalhoneypot + +(Originally on Twitter: [Fri Oct 28 06:20:05 +0000 2016](https://twitter.com/adulau/status/791887242625163264)) +---- +RT @IACR_News: #ePrint A Formal Security Analysis of the Signal Messaging Protocol: K Cohn-Gordon, C Cremers, B Dowling, L Garratt, https:/… + +(Originally on Twitter: [Fri Oct 28 06:21:33 +0000 2016](https://twitter.com/adulau/status/791887609232519168)) +---- +RT @capstone_engine: A new tool uses Capstone inside: RePEconstruct to auto unpack Windows binary & rebuild the Import Address Table. + +http… + +(Originally on Twitter: [Fri Oct 28 06:22:01 +0000 2016](https://twitter.com/adulau/status/791887726178144256)) +---- +"DE-CIX developed a PCAP parser to decode BGP messages collected with tcpdump/pcap" https://github.com/de-cix/pbgp-parser + +(Originally on Twitter: [Fri Oct 28 13:00:31 +0000 2016](https://twitter.com/adulau/status/791988014037729281)) +---- +Next time someone, who never committed a line of code, puts free software and governance in a sentence. I'll burn a random management book. + +(Originally on Twitter: [Fri Oct 28 19:35:41 +0000 2016](https://twitter.com/adulau/status/792087460461350912)) +---- +@belathoud IMHO, a "robust governance" is when a free software is used and maintained by a group of active contributors without bureaucracy. + +(Originally on Twitter: [Fri Oct 28 20:29:23 +0000 2016](https://twitter.com/adulau/status/792100975024766976)) +---- +Another perspective to the @ecb tower https://www.flickr.com/photos/adulau/30589603716 #photography #blackandwhite + +(Originally on Twitter: [Fri Oct 28 21:31:19 +0000 2016](https://twitter.com/adulau/status/792116562111135744)) +---- +@belathoud No worries, it was just an opportunity for me to extend my point of view in 140 characters more. + +(Originally on Twitter: [Sat Oct 29 09:04:15 +0000 2016](https://twitter.com/adulau/status/792290942661365760)) +---- +@blackswanburst Nice stencils. Do you know which kind of printers made the cutting? + +(Originally on Twitter: [Sat Oct 29 09:38:15 +0000 2016](https://twitter.com/adulau/status/792299498299088896)) +---- +RT @MISPProject: . @adulau will present the @MISPProject - the OSS #threatintel platform at @OReillySecurity conference in Amsterdam https:… + +(Originally on Twitter: [Sat Oct 29 18:35:10 +0000 2016](https://twitter.com/adulau/status/792434620650418176)) +---- +Not sure if you can define "surveillance software" adequately which is the core issue of export regulations. @blackswanburst @Aristot73 + +(Originally on Twitter: [Sat Oct 29 19:07:22 +0000 2016](https://twitter.com/adulau/status/792442722070192128)) +---- +RT @fbon: J'ai ajouté une vidéo à une playlist @YouTube - Lovecraft - La Chose sur le Seuil (France Culture) http://youtu.be/I64-uiTElg4?a + +(Originally on Twitter: [Sat Oct 29 20:10:20 +0000 2016](https://twitter.com/adulau/status/792458569723572224)) +---- +@Iglocska @kantare18 @deresz666 @cvandeplas @rafi0t We are currently reviewing the overall galaxy structure but the implementation is near. + +(Originally on Twitter: [Sun Oct 30 08:40:37 +0000 2016](https://twitter.com/adulau/status/792647381586239488)) +---- +RT @kurtseifried: Re: ASUS http://www.theregister.co.uk/2016/02/23/asus_router_flaws_settlement/ where are all the CVEs for issues that got fixed? They did find and fix new issues right… + +(Originally on Twitter: [Sun Oct 30 12:26:14 +0000 2016](https://twitter.com/adulau/status/792704161334910976)) +---- +How is difficult to maintain free software network forensic tools? https://bugs.launchpad.net/ubuntu/+source/tcpick/+bug/364688 patch submitted 7 years ago in @ubuntu launchpad + +(Originally on Twitter: [Mon Oct 31 14:39:53 +0000 2016](https://twitter.com/adulau/status/793100185328988161)) +---- +@revskills "no one objects within 3 days, the reporter may take over the package. " Nice approach. @ubuntu maybe something to implement? + +(Originally on Twitter: [Mon Oct 31 14:44:24 +0000 2016](https://twitter.com/adulau/status/793101321155076096)) +---- +Interesting bug hunting session and ongoing work on @MISPProject with @Iglocska @rafi0t to build new crazy #ThreatIntel sharing features + +(Originally on Twitter: [Mon Oct 31 20:22:55 +0000 2016](https://twitter.com/adulau/status/793186512670224384)) +---- +I'll be at the @MISPProject #hackathon to work on scoring & feed evaluator protocol/implementation https://twitter.com/MISPProject/status/793335493714964480 #ThreatIntel + +(Originally on Twitter: [Tue Nov 01 06:27:29 +0000 2016](https://twitter.com/adulau/status/793338656236900352)) +---- +"Finding Street Gang Members on Twitter" +https://arxiv.org/pdf/1610.09516v1.pdf Emoji symbols can be useful for data mining. + +(Originally on Twitter: [Tue Nov 01 06:55:33 +0000 2016](https://twitter.com/adulau/status/793345717142188032)) +---- +I'm wondering how long it will take before trojaned #zcash binaries appear especially seeing the current build process. + +(Originally on Twitter: [Tue Nov 01 10:08:58 +0000 2016](https://twitter.com/adulau/status/793394394464415745)) +---- +RT @pinkflawd: Parsing radare2 callgraphs & shaping them into NetworkX turns out works reasonably well + plotting with pydotplus lets you d… + +(Originally on Twitter: [Tue Nov 01 17:04:39 +0000 2016](https://twitter.com/adulau/status/793499001349935108)) +---- +RT @circl_lu: "Our commitment to our customer’s security" https://blogs.technet.microsoft.com/mmpc/2016/11/01/our-commitment-to-our-customers-security/ but will you share the indicators @msftsecurity @msftsecr… + +(Originally on Twitter: [Wed Nov 02 08:38:52 +0000 2016](https://twitter.com/adulau/status/793734106198736896)) +---- +@netresec Of course. But reported a bunch of vulnerability (with patches) in many tools like tcpick many years ago but the process is slow. + +(Originally on Twitter: [Wed Nov 02 12:09:01 +0000 2016](https://twitter.com/adulau/status/793786994484736000)) +---- +@netresec Our old paper "Towards an estimation of the accuracy of TCP reassembly in network forensics" http://www.foo.be/papers/wagener-dulaunoy-engel-networkforensicaccuracy.pdf today? + +(Originally on Twitter: [Wed Nov 02 12:10:37 +0000 2016](https://twitter.com/adulau/status/793787395896446976)) +---- +RT @netresec: @adulau Nice paper, reminds me of the current discrepancy in TCP reassembly tools when it comes to overlapping segments with… + +(Originally on Twitter: [Wed Nov 02 12:19:44 +0000 2016](https://twitter.com/adulau/status/793789689119510529)) +---- +@netresec Thank you. Many "network security" black boxes still need TCP reassembly to work and I'm not really confident in their efficiency. + +(Originally on Twitter: [Wed Nov 02 12:30:53 +0000 2016](https://twitter.com/adulau/status/793792494534332417)) +---- +@netresec Another part which is under-evaluated nowadays is the hardware TCP offload engines which might be vulnerable too. + +(Originally on Twitter: [Wed Nov 02 12:40:38 +0000 2016](https://twitter.com/adulau/status/793794947694600196)) +---- +RT @netresec: @adulau It would be interesting to see a follow-up study of your paper that identifies shitty TCP implementations that #break… + +(Originally on Twitter: [Wed Nov 02 12:56:00 +0000 2016](https://twitter.com/adulau/status/793798815451058177)) +---- +RT @headhntr: Hospitals shutdown by ransomware attacks. I've previously said that no-one would die from ransomware. I was wrong. https://t.… + +(Originally on Twitter: [Thu Nov 03 16:16:54 +0000 2016](https://twitter.com/adulau/status/794211763684343809)) +---- +RT @cyb3rops: Plasma +Interactive disassembler for x86/ARM/MIPS +> generates pseudo-code with colored syntax +via @_Cyber_Punk_ +https://t.co/… + +(Originally on Twitter: [Thu Nov 03 18:41:11 +0000 2016](https://twitter.com/adulau/status/794248072196980745)) +---- +RT @halvarflake: Modest proposal: Can we all stfu on vendor liability, bug bounties, prices etc? Can we discuss *gasp* technical things ? + +(Originally on Twitter: [Thu Nov 03 20:36:27 +0000 2016](https://twitter.com/adulau/status/794277078363500544)) +---- +@anton_chuvakin The issue is the goodwill of the analysts. A good old awk script with gnu parallel can do the job for a creative analyst. + +(Originally on Twitter: [Fri Nov 04 19:54:34 +0000 2016](https://twitter.com/adulau/status/794628927968997376)) +---- +RT @MISPProject: MISP 2.4.54 has been released http://www.misp-project.org/2016/11/04/MISP-2.4.54-released.html including multiple improvements and bug fixes. #ThreatIntel + +(Originally on Twitter: [Sat Nov 05 07:37:58 +0000 2016](https://twitter.com/adulau/status/794805944119070720)) +---- +For a matter of sanity, @asscert website should be bring back online. + +(Originally on Twitter: [Sat Nov 05 21:16:10 +0000 2016](https://twitter.com/adulau/status/795011848743583744)) +---- +Glad to be at @OReillySecurity to talk about the challenges in information sharing and our open source project @MISPProject #ThreatIntel + +(Originally on Twitter: [Sat Nov 05 21:33:09 +0000 2016](https://twitter.com/adulau/status/795016123339182080)) +---- +Do you know why in EU funded ICT research projects the deliverables are often just documents and not actual code or/and software? + +(Originally on Twitter: [Sun Nov 06 10:29:36 +0000 2016](https://twitter.com/adulau/status/795211525292101633)) +---- +@biou Indeed maybe one of the many arguments. I'm trying to list all of them for a blog post. + +(Originally on Twitter: [Sun Nov 06 10:45:28 +0000 2016](https://twitter.com/adulau/status/795215519112536064)) +---- +@piotrkijewski Indeed but I have a strong impression having a new deliverables approach would be a risk for your proposal evaluation. + +(Originally on Twitter: [Sun Nov 06 13:36:13 +0000 2016](https://twitter.com/adulau/status/795258488523997185)) +---- +RT @Openwall: DES-based crypt(3) cracking on ZTEX 1.15y FPGA boards with JtR: 740M/s, 40W, mask & hybrid, multi-hash, multi-board https://t… + +(Originally on Twitter: [Sun Nov 06 15:04:23 +0000 2016](https://twitter.com/adulau/status/795280674777403392)) +---- +@PascClau Comme la publicité qui occupe l'espace publique et ne permet aucune critique ?@lapremiere + +(Originally on Twitter: [Sun Nov 06 16:33:27 +0000 2016](https://twitter.com/adulau/status/795303089540632580)) +---- +RT @hkashfi: An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/andriesse nice field comparison of RE tools + +(Originally on Twitter: [Sun Nov 06 22:51:43 +0000 2016](https://twitter.com/adulau/status/795398286681276416)) +---- +@MarieGMoe Great! @OReillySecurity @MISPProject + +(Originally on Twitter: [Mon Nov 07 08:41:06 +0000 2016](https://twitter.com/adulau/status/795546609484447744)) +---- +Can't Touch This: Using Hover to Compromise the Confidentiality of User Input on Android https://arxiv.org/abs/1611.01477 + +(Originally on Twitter: [Mon Nov 07 08:46:40 +0000 2016](https://twitter.com/adulau/status/795548006900760576)) +---- +Some book ideas to keep in mind "the 101 of trusted groups" or "trusted groups as living organisms, a biological perspective". #infosec + +(Originally on Twitter: [Mon Nov 07 13:15:04 +0000 2016](https://twitter.com/adulau/status/795615552005869569)) +---- +RT @TheHive_Project: Introducing TheHive: a Scalable, Open Source and Free Incident Response Platform https://blog.thehive-project.org/2016/11/07/introducing-thehive/ #DFIR + +(Originally on Twitter: [Mon Nov 07 14:52:39 +0000 2016](https://twitter.com/adulau/status/795640111455207428)) +---- +RT @certbund: Threat Intelligence ist kein Allheilmittel - @Timo_Steffens mit Hinweisen zum sinnvollen Einsatz https://www.heise.de/security/artikel/Threat-Intelligence-IT-Sicherheit-zum-Selbermachen-3453595.html @MIS… + +(Originally on Twitter: [Mon Nov 07 20:50:18 +0000 2016](https://twitter.com/adulau/status/795730116282302464)) +---- +#EU prepping for talks on #encryption. Take action w/ @accessnow to tell legislators to protect #privacy & #security http://bit.ly/2erHkHK + +(Originally on Twitter: [Mon Nov 07 21:51:04 +0000 2016](https://twitter.com/adulau/status/795745407917850625)) +---- +"Forensics in Industrial Control System: A Case Study" +https://arxiv.org/pdf/1611.01754v1.pdf or why volatile data remains important in #DFIR + +(Originally on Twitter: [Tue Nov 08 07:17:27 +0000 2016](https://twitter.com/adulau/status/795887945215606784)) +---- +RT @ErrataRob: This guy is going to keynote RSA Conference 2017. https://twitter.com/neiltyson/status/551378648578916353 + +(Originally on Twitter: [Tue Nov 08 08:13:46 +0000 2016](https://twitter.com/adulau/status/795902119001858048)) +---- +RT @furtherfield: Invisible Committee poster in Seattle, WA - http://bit.ly/2figIHO ![](media/795919533051670528-CwslCzTXAAAMicZ.jpg) + +(Originally on Twitter: [Tue Nov 08 09:22:58 +0000 2016](https://twitter.com/adulau/status/795919533051670528)) +---- +@cryptax when a compromised device is a source of a significant pps in the local network, colateral damages are easy for small flat topology + +(Originally on Twitter: [Tue Nov 08 09:35:05 +0000 2016](https://twitter.com/adulau/status/795922582193242112)) +---- +@petaramesh On peut se demander l'application de ceci suivant la GDPR qui change la donne. Notification supprimée, mesures tech. @Skhaen + +(Originally on Twitter: [Tue Nov 08 10:18:03 +0000 2016](https://twitter.com/adulau/status/795933394827902976)) +---- +RT @alexcpsec: Preview of some of the subjects on my @OReillySecurity Europe talk on Nov 10, 11:20am, after the keynotes + +https://t.co/sLg… + +(Originally on Twitter: [Tue Nov 08 11:10:48 +0000 2016](https://twitter.com/adulau/status/795946668592156672)) +---- +@sarahsharp It seems very interesting. Does it work only at repository level? Will it work at organization level too? To aggregate contribs? + +(Originally on Twitter: [Tue Nov 08 11:14:08 +0000 2016](https://twitter.com/adulau/status/795947508035964928)) +---- +RT @MISPProject: Don't hesitate to meet @adulau this Friday at @OReillySecurity to talk about @MISPProject and the ongoing projects https:/… + +(Originally on Twitter: [Tue Nov 08 13:39:50 +0000 2016](https://twitter.com/adulau/status/795984173253193728)) +---- +@MiodVallat The main issue is the removal of the copyright notice as the license is a permissive one but not "public domain" as is. + +(Originally on Twitter: [Tue Nov 08 14:02:01 +0000 2016](https://twitter.com/adulau/status/795989757998366720)) +---- +@pinkflawd It's a pretty decent classification result. I tested some where the cat can be replaced by a bulldozer with a big malware sticker + +(Originally on Twitter: [Tue Nov 08 14:48:02 +0000 2016](https://twitter.com/adulau/status/796001338211598337)) +---- +@sarahsharp Thank you. I'll do some tests for @MISPProject . If I have something working, I'll do a PR. + +(Originally on Twitter: [Tue Nov 08 15:52:27 +0000 2016](https://twitter.com/adulau/status/796017548324204544)) +---- +RT @blackswanburst: Today is a good day. ![](media/796028815663316992-CwwO2vTXcAAX4AM.jpg) + +(Originally on Twitter: [Tue Nov 08 16:37:13 +0000 2016](https://twitter.com/adulau/status/796028815663316992)) +---- +@blackswanburst I knew that you were a performance artist in your essence. + +(Originally on Twitter: [Tue Nov 08 16:40:25 +0000 2016](https://twitter.com/adulau/status/796029618591584257)) +---- +@inbarraz It seems @blackswanburst deceived us and probably relied on https://github.com/bartobri/no-more-secrets ;-) + +(Originally on Twitter: [Tue Nov 08 17:13:55 +0000 2016](https://twitter.com/adulau/status/796038050732240896)) +---- +@blackswanburst Quite common with control characters on vty but it's also a nice vector of exploitation https://www.proteansec.com/linux/blast-past-executing-code-terminal-emulators-via-escape-sequences/ @inbarraz + +(Originally on Twitter: [Tue Nov 08 17:21:05 +0000 2016](https://twitter.com/adulau/status/796039852135501824)) +---- +@blackswanburst The vector is underestimated with the code monster behind like terminal emulation, unicode, UI or fonts display @inbarraz + +(Originally on Twitter: [Tue Nov 08 17:24:17 +0000 2016](https://twitter.com/adulau/status/796040658519818240)) +---- +I thought that I would never said this but the last album by @ArielleDombasle and @NicolasKer is great with a strong dark EBM-like mood. + +(Originally on Twitter: [Tue Nov 08 17:45:42 +0000 2016](https://twitter.com/adulau/status/796046047424499712)) +---- +@vincib Avec le nouveau règlement EU cela ne me semble pas bien réaliste pour respecter le motif 49 http://eur-lex.europa.eu/legal-content/FR/TXT/PDF/?uri=CELEX:32016R0679&from=EN @rafi0t + +(Originally on Twitter: [Tue Nov 08 18:32:26 +0000 2016](https://twitter.com/adulau/status/796057810551373825)) +---- +An easy deception for SIGINT? "An Easy Way to Win: Using SIGINT to Learn about New Viruses" https://edwardsnowden.com/wp-content/uploads/2015/06/project-camberdada.pdf + +(Originally on Twitter: [Tue Nov 08 19:23:19 +0000 2016](https://twitter.com/adulau/status/796070616755568641)) +---- +RT @slowtiger: Warum das mit den #33C3 Tickets so schwierig ist: ![](media/796080182314549249-CwsGf2JXEAA_iUt.jpg) + +(Originally on Twitter: [Tue Nov 08 20:01:20 +0000 2016](https://twitter.com/adulau/status/796080182314549249)) +---- +Our condition https://www.flickr.com/photos/adulau/30777169521/ #photography #blackandwhitephotography #Belgium + +(Originally on Twitter: [Tue Nov 08 20:52:20 +0000 2016](https://twitter.com/adulau/status/796093016960339968)) +---- +RT @treyka: Chuffed to be speaking amidst illustrious company at #OReillySecurity. @k8em0 @selenakyle @dakami @alexcpsec @MarieGMoe @halvar… + +(Originally on Twitter: [Wed Nov 09 07:23:10 +0000 2016](https://twitter.com/adulau/status/796251772746690560)) +---- +RT @GermanyDiplo: Today, we remember one of the happiest days in German history: The fall of the #BerlinWall on #9November1989. #9Nov #9Nov… + +(Originally on Twitter: [Wed Nov 09 17:31:07 +0000 2016](https://twitter.com/adulau/status/796404765206999040)) +---- +RT @Regiteric: Now on stage at #SuriCon @Iglocska to talk about MISP (Malware Information Sharing Platform) http://www.misp-project.org/ https:/… + +(Originally on Twitter: [Wed Nov 09 19:14:56 +0000 2016](https://twitter.com/adulau/status/796430891149037568)) +---- +RT @Botconf: #Botconf2016 Workshop04 "MISP, the Threat Sharing Platform, a Developer Perspective to Extensions and Collaboration" https://t… + +(Originally on Twitter: [Wed Nov 09 20:32:19 +0000 2016](https://twitter.com/adulau/status/796450367416467456)) +---- +Just check the netflow signing from @dakami https://github.com/dakami/overflowd/blob/master/overflowd.py first seen, last seen on srcip/dstip in a signed bloomfilter might work + +(Originally on Twitter: [Thu Nov 10 20:24:59 +0000 2016](https://twitter.com/adulau/status/796810910052601857)) +---- +@dakami You mention in your talk how to distribute and validate from other networks. You won't need to distribute the flow records as is. + +(Originally on Twitter: [Thu Nov 10 20:33:16 +0000 2016](https://twitter.com/adulau/status/796812993073913856)) +---- +@dakami Not sure if we could use a BGP community to propagate this (maybe too much data). + +(Originally on Twitter: [Thu Nov 10 20:34:29 +0000 2016](https://twitter.com/adulau/status/796813300935880704)) +---- +@dakami Just (re)reading the code. So overflowd would be already a quick win on blackhole networks/honeypots for the backscatter traffic? + +(Originally on Twitter: [Thu Nov 10 21:09:15 +0000 2016](https://twitter.com/adulau/status/796822047439646720)) +---- +RT @MarieGMoe: For those of you not present at #OReillySecurity I highly recommend reading this write-up of @treyka's talk: https://t.co/tN… + +(Originally on Twitter: [Fri Nov 11 06:11:56 +0000 2016](https://twitter.com/adulau/status/796958619568848896)) +---- +Really glad we invited @MarieGMoe at @hack_lu 2015 to talk about trust in medical devices. My hope grows for improved security in healthcare + +(Originally on Twitter: [Fri Nov 11 08:47:44 +0000 2016](https://twitter.com/adulau/status/796997829134843904)) +---- +RT @MarieGMoe: @adulau @hack_lu Thank you for convincing me to do it. I had no idea what I was getting my self into, but it is worth it! + +(Originally on Twitter: [Fri Nov 11 09:13:53 +0000 2016](https://twitter.com/adulau/status/797004408945049600)) +---- +RT @selenakyle: spot the problem (oh myyyy)...trust graphs from @halvarflake at #OReillySecurity AMS ![](media/797006134007762944-Cw9814dUcAUz9x-.jpg) + +(Originally on Twitter: [Fri Nov 11 09:20:44 +0000 2016](https://twitter.com/adulau/status/797006134007762944)) +---- +Estimative languages should be more used when talking about attribution @OReillySecurity some in @mispproject https://github.com/MISP/misp-taxonomies/blob/master/estimative-language/machinetag.json + +(Originally on Twitter: [Fri Nov 11 09:28:11 +0000 2016](https://twitter.com/adulau/status/797008010098966529)) +---- +@Jipe_ The swimming pool is my favourite located at Yunusemre Mh 5.Akyuz Sk No 8 2 Yildirim BURSA ;-) + +(Originally on Twitter: [Fri Nov 11 11:09:23 +0000 2016](https://twitter.com/adulau/status/797033475941552128)) +---- +RT @halvarflake: Slides for my speech this morning: https://drive.google.com/file/d/0B5hBKwgSgYFacC1jejJYSE1LTlk/view?usp=sharing + +(Originally on Twitter: [Fri Nov 11 15:14:32 +0000 2016](https://twitter.com/adulau/status/797095170286166016)) +---- +Listening to a talk again mentioning monoculture and security risk. But what are we actually doing to promote diversity? #OReillySecurity + +(Originally on Twitter: [Fri Nov 11 15:31:01 +0000 2016](https://twitter.com/adulau/status/797099318733836290)) +---- +@DonAndrewBailey Indeed. But diversity cannot be easily controlled and that's the whole point of ecosystem/biology stability. @JacobTorrey + +(Originally on Twitter: [Fri Nov 11 16:02:05 +0000 2016](https://twitter.com/adulau/status/797107135071002624)) +---- +@Aristot73 The solutions proposed by @halvarflake are very practical and even economically sane. You can play a role for RE policies in EU. + +(Originally on Twitter: [Fri Nov 11 16:09:15 +0000 2016](https://twitter.com/adulau/status/797108939557113857)) +---- +@Aristot73 but having a legal framework allowing reversing for security reasons would be great as it's only interoperability allowed in EU. + +(Originally on Twitter: [Fri Nov 11 16:20:54 +0000 2016](https://twitter.com/adulau/status/797111872860393472)) +---- +RT @attrc: Still true… #DFIR https://twitter.com/attrc/status/660884858177085440 + +(Originally on Twitter: [Fri Nov 11 16:23:22 +0000 2016](https://twitter.com/adulau/status/797112493567070208)) +---- +@DonAndrewBailey Curious about your PoV about this paper from Dan Geer http://geer.tinho.net/acm.geer.0704.pdf @JacobTorrey + +(Originally on Twitter: [Fri Nov 11 17:11:11 +0000 2016](https://twitter.com/adulau/status/797124525666209793)) +---- +Just in case you need arguments while discussing budget with your boss "NIP for Fiscal Year 2016 was $53.0 billion" https://www.dni.gov/index.php/newsroom/press-releases/215-press-releases-2016/1443-dni-releases-budget-figure-for-2016-national-intelligence-program + +(Originally on Twitter: [Fri Nov 11 20:12:29 +0000 2016](https://twitter.com/adulau/status/797170150604754944)) +---- +RT @botherder: New Public Notice on attacks against Iranian activists - deanonymization attacks through WebRTC and fake profiles https://t.… + +(Originally on Twitter: [Fri Nov 11 20:25:48 +0000 2016](https://twitter.com/adulau/status/797173501572554752)) +---- +Did a research already evaluate the quality of papers following the number of Sun Tzu quotes mentioned? #iseeapattern ![](media/797341911946326016-CxC6LcYXUAQ95Wh.jpg) + +(Originally on Twitter: [Sat Nov 12 07:35:00 +0000 2016](https://twitter.com/adulau/status/797341911946326016)) +---- +@robinlaude mon tweet est ouvert sur le sujet mais mon évaluation non-significative se dirige aussi vers une qualité moindre... + +(Originally on Twitter: [Sat Nov 12 07:46:52 +0000 2016](https://twitter.com/adulau/status/797344899385479168)) +---- +@adriengnt Si le papier ne l'utilise que pour la forme, c'est probablement un facteur négatif. Si c'est comme ref. bibliographique, neutre? + +(Originally on Twitter: [Sat Nov 12 07:50:16 +0000 2016](https://twitter.com/adulau/status/797345755954638848)) +---- +RT @Ministraitor: @adulau There was a conf drinking game where you had to do a shot for each mention... + +(Originally on Twitter: [Sat Nov 12 07:59:44 +0000 2016](https://twitter.com/adulau/status/797348138143125504)) +---- +The attack surface for @ClearChannel advertising boards seem bigger than I initially expected... ![](media/797373418639360000-CxDW4H2XgAAsuhB.jpg) + +(Originally on Twitter: [Sat Nov 12 09:40:12 +0000 2016](https://twitter.com/adulau/status/797373418639360000)) +---- +@altquinn one week of American fast-food. + +(Originally on Twitter: [Sun Nov 13 21:34:10 +0000 2016](https://twitter.com/adulau/status/797915484758929408)) +---- +@_pst Nice it was the quote for @hack_lu 2015 "I have never let my schooling interfere with my education. Mark Twain." + +(Originally on Twitter: [Mon Nov 14 14:09:36 +0000 2016](https://twitter.com/adulau/status/798165994107760640)) +---- +RT @piotrkijewski: A gmail honeypot driven study into how leaked webmail credentials are used after hack http://www0.cs.ucl.ac.uk/staff/G.Stringhini/papers/gmail-IMC2016.pdf code: http… + +(Originally on Twitter: [Tue Nov 15 05:34:34 +0000 2016](https://twitter.com/adulau/status/798398766407700481)) +---- +Nice to see people interested in our work on Passive DNS standards - latest version is https://tools.ietf.org/html/draft-dulaunoy-dnsop-passive-dns-cof-02 +https://twitter.com/t1msammut/status/798245365677834241 + +(Originally on Twitter: [Tue Nov 15 08:24:07 +0000 2016](https://twitter.com/adulau/status/798441434995113984)) +---- +"A Living System has no designer, no road-maps, no clear future plans except "survive and grow."" by @hintjens https://hintjens.gitbooks.io/social-architecture/content/chapter6.html + +(Originally on Twitter: [Tue Nov 15 16:10:51 +0000 2016](https://twitter.com/adulau/status/798558894490550272)) +---- +RT @cyb3rops: DTCC and FS-ISAC announce #Soltra Wind Down +> @MISPProject http://soltra.com/en/articles/soltra-wind-down/ + +(Originally on Twitter: [Tue Nov 15 17:52:50 +0000 2016](https://twitter.com/adulau/status/798584558761504768)) +---- +@shirkdog maybe you want to have a look at @MISPProject an open source alternative. + +(Originally on Twitter: [Tue Nov 15 17:54:32 +0000 2016](https://twitter.com/adulau/status/798584985947172864)) +---- +@ISPuuuv I knew that I was traveling to a black-hole every evening. + +(Originally on Twitter: [Tue Nov 15 18:53:10 +0000 2016](https://twitter.com/adulau/status/798599741462474752)) +---- +RT @MISPProject: @asfakian Sure. We love open source and free software because you can be independent from any vendors (crucial in #infosec) + +(Originally on Twitter: [Tue Nov 15 18:55:12 +0000 2016](https://twitter.com/adulau/status/798600254404890624)) +---- +RT @OReillySecurity: Let’s fix this thing. @dakami shares the results of #OReillySecurity’s first hackathon to make web security easier. ht… + +(Originally on Twitter: [Tue Nov 15 20:32:47 +0000 2016](https://twitter.com/adulau/status/798624809877991425)) +---- +RT @MISPProject: Independence and Threat Intelligence Platforms +http://www.misp-project.org/2016/11/16/Independence-and-Threat-Intelligence-Platforms.html + +(Originally on Twitter: [Wed Nov 16 06:50:44 +0000 2016](https://twitter.com/adulau/status/798780325518131201)) +---- +Investing resources in a free software infosec project is always a reciprocal benefit on the long run http://www.misp-project.org/2016/11/16/Independence-and-Threat-Intelligence-Platforms.html + +(Originally on Twitter: [Thu Nov 17 06:42:29 +0000 2016](https://twitter.com/adulau/status/799140636200988672)) +---- +RT @RonDeibert: New @citizenlab report "It's Parliamentary" on Tibetan targeted attacks https://citizenlab.org/2016/11/parliament-keyboy/ ; "just enough" technical s… + +(Originally on Twitter: [Thu Nov 17 17:37:11 +0000 2016](https://twitter.com/adulau/status/799305397874126848)) +---- +RT @botherder: KeyBoy, a malware I first discovered more than 3 years ago, has been found again used against Tibetan communities https://t.… + +(Originally on Twitter: [Thu Nov 17 17:38:14 +0000 2016](https://twitter.com/adulau/status/799305660219408384)) +---- +Equipment Interference is the novlang for computer exploitation, CNE, interception, jamming or tracking. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/557861/IP_Bill_-_Draft_EI_code_of_practice.pdf + +(Originally on Twitter: [Fri Nov 18 06:50:59 +0000 2016](https://twitter.com/adulau/status/799505164013109248)) +---- +RT @anttitikkanen: I always think its funny that signature-based AV is "dead and useless" but we are all very happy to write Yara rules to… + +(Originally on Twitter: [Fri Nov 18 11:02:14 +0000 2016](https://twitter.com/adulau/status/799568390109200384)) +---- +RT @certbund: You see, we're on a mission.. Big up to @treyka @halvarflake @MarieGMoe @dakami @adulau & @selenakyle #MakeSecurityEasy #ORei… + +(Originally on Twitter: [Fri Nov 18 12:27:07 +0000 2016](https://twitter.com/adulau/status/799589753821609984)) +---- +RT @circl_lu: A new updated VM with @MISPProject 2.4.54 is available for training, testing and evaluation. https://www.circl.lu/services/misp-training-materials/#misp-virtual-machine #ThreatI… + +(Originally on Twitter: [Fri Nov 18 13:50:53 +0000 2016](https://twitter.com/adulau/status/799610832590086146)) +---- +RT @LeFloatingGhost: Hey #Soltra friends, it's time to rescue your data! I've made you a nice little way to move to #misp https://t.co/vIqT… + +(Originally on Twitter: [Fri Nov 18 14:50:17 +0000 2016](https://twitter.com/adulau/status/799625782863732736)) +---- +RT @skier_t: Your weekly reminder to put more effort into project such as @MISPProject, @cuckoosandbox, Viper, @Suricata_IDS / Bro, and ali… + +(Originally on Twitter: [Sat Nov 19 15:37:43 +0000 2016](https://twitter.com/adulau/status/800000105885605890)) +---- +RT @dakami: @certbund @treyka @halvarflake @MarieGMoe @adulau @selenakyle yeah we are ;) + +(Originally on Twitter: [Sat Nov 19 15:37:55 +0000 2016](https://twitter.com/adulau/status/800000155495694336)) +---- +"Moving Target Defense for Web Applications using Bayesian Stackelberg Games" +https://arxiv.org/pdf/1602.07024v3.pdf but risks of switching strategies? + +(Originally on Twitter: [Sat Nov 19 16:07:23 +0000 2016](https://twitter.com/adulau/status/800007571990052864)) +---- +After a short rant with @quinnnorton, the anthropologists discover that the Internet is the new auto-generated TV shows that we fought. + +(Originally on Twitter: [Sat Nov 19 16:17:25 +0000 2016](https://twitter.com/adulau/status/800010097216946176)) +---- +@archillect a screenshot of a picture showing an amber terminal displaying output of the top command with a curious germex process + +(Originally on Twitter: [Sun Nov 20 09:15:58 +0000 2016](https://twitter.com/adulau/status/800266425961250816)) +---- +@archillect using Cool-Retro-Term. You need a more historically validated picture ;-) + +(Originally on Twitter: [Sun Nov 20 09:21:24 +0000 2016](https://twitter.com/adulau/status/800267790984695808)) +---- +In the past 2 years, I maintained an unofficial repository of ssldump with various patches https://github.com/adulau/ssldump pull-request welcome + +(Originally on Twitter: [Sun Nov 20 10:34:00 +0000 2016](https://twitter.com/adulau/status/800286061075329024)) +---- +@cudeso Where is this located? + +(Originally on Twitter: [Sun Nov 20 10:51:05 +0000 2016](https://twitter.com/adulau/status/800290359720841216)) +---- +RT @rafi0t: Congrats to @pinkflawd and @struppigel for #BlackHoodie, this such a great initiative. I'm looking forward to see your trainees… + +(Originally on Twitter: [Sun Nov 20 11:38:11 +0000 2016](https://twitter.com/adulau/status/800302213071536128)) +---- +@cudeso Interesting finding (it would be a nice forensic challenge ;-). Is this a Hasler/Teloc? or another brand? the box below is the TBL+? + +(Originally on Twitter: [Sun Nov 20 14:18:48 +0000 2016](https://twitter.com/adulau/status/800342635810529280)) +---- +we (@pidgeyL and @adulau) updated cve-search to add NIST and vendors cross-references https://github.com/cve-search/cve-search more open refs welcome. + +(Originally on Twitter: [Sun Nov 20 14:26:18 +0000 2016](https://twitter.com/adulau/status/800344523440148480)) +---- +@2xyo En effet. Sauf si la présentation est devenue TLP:WHITE entre temps. + +(Originally on Twitter: [Sun Nov 20 14:40:23 +0000 2016](https://twitter.com/adulau/status/800348065920122882)) +---- +@NewSocietyPub @thomhartmann @davidbollier The book is licensed under CC-NC-BY-SA so it means that I can share publicly your epub? + +(Originally on Twitter: [Sun Nov 20 14:51:54 +0000 2016](https://twitter.com/adulau/status/800350962976247808)) +---- +RT @GreatDismal: Thinking yesterday of the fine irony of Ballard having become the literally prescient one, not the "hard science" crew. No… + +(Originally on Twitter: [Sun Nov 20 15:18:35 +0000 2016](https://twitter.com/adulau/status/800357678178410496)) +---- +RT @ZeroNights: FIRST - IDA plugin that allows RE to more quickly compleate static analysis. http://first-plugin.us/ Release by @TalosSecur… + +(Originally on Twitter: [Mon Nov 21 07:28:23 +0000 2016](https://twitter.com/adulau/status/800601737769943040)) +---- +RT @ydklijnsma: Monitoring ‘DNS’ inside the Tor network - http://blog.0x3a.com/post/153468210759/monitoring-dns-inside-the-tor-network ![](media/800759712874713090-Cxx0bHVW8AAgAMi.jpg) + +(Originally on Twitter: [Mon Nov 21 17:56:07 +0000 2016](https://twitter.com/adulau/status/800759712874713090)) +---- +RT @adamcaudill: Alexa has killed the public top 1M sites list - a lot of security research just became a lot more complex. https://t.co/8x… + +(Originally on Twitter: [Mon Nov 21 21:35:36 +0000 2016](https://twitter.com/adulau/status/800814946472837120)) +---- +"Roads and Bridges: The Unseen Labor Behind Our Digital Infrastructure" +https://fordfoundcontent.blob.core.windows.net/media/2976/roads-and-bridges-the-unseen-labor-behind-our-digital-infrastructure.pdf Maybe they should read more @hintjens ? + +(Originally on Twitter: [Tue Nov 22 05:53:27 +0000 2016](https://twitter.com/adulau/status/800940235001630720)) +---- +RT @MISPProject: MISP 2.4.55 released including bug fixes and sighting is now enabled by default http://www.misp-project.org/2016/11/22/MISP-2.4.55.released.html #ThreatIntel + +(Originally on Twitter: [Tue Nov 22 17:15:39 +0000 2016](https://twitter.com/adulau/status/801111918412988416)) +---- +@quinnnorton Great news for both of you. The only looser is the European social security. + +(Originally on Twitter: [Tue Nov 22 17:22:07 +0000 2016](https://twitter.com/adulau/status/801113544121090048)) +---- +RT @xme: So, they're fans of #MISP at the Belgian Cyber Security Center? :) ![](media/801133739686248448-Cx4yXisXAAAHDpQ.jpg) + +(Originally on Twitter: [Tue Nov 22 18:42:22 +0000 2016](https://twitter.com/adulau/status/801133739686248448)) +---- +@blackswanburst @hack_lu 2017 seems to be a good year. @mir_ripe_labs should add it in her agenda. Slot reserved. + +(Originally on Twitter: [Tue Nov 22 21:13:34 +0000 2016](https://twitter.com/adulau/status/801171789758001152)) +---- +RT @blackswanburst: An amazing morning with @circl_lu talking tools, and understanding weird files. Thanks @adulau !!! + +(Originally on Twitter: [Wed Nov 23 12:58:13 +0000 2016](https://twitter.com/adulau/status/801409520224337920)) +---- +@thegrugq In Belgium, this is the Mitraillette https://en.wikipedia.org/wiki/Mitraillette aka submachine gun but if you ask for an "Americain" it's raw meat. + +(Originally on Twitter: [Thu Nov 24 07:12:29 +0000 2016](https://twitter.com/adulau/status/801684898603995136)) +---- +Mitchell's Law of Committees: Any simple problem can be made insoluble if enough meetings are held to discuss it. #threatintelformat + +(Originally on Twitter: [Fri Nov 25 00:42:31 +0000 2016](https://twitter.com/adulau/status/801949148136218625)) +---- +The most funny commit message of the week https://github.com/jbremer/goatse.mbr/pull/1/commits/994e44a631d2448654c0b70e39914586080c49aa "Made butthole red" + +(Originally on Twitter: [Fri Nov 25 19:45:50 +0000 2016](https://twitter.com/adulau/status/802236872932159488)) +---- +Analog synthesizers are still ruling the world. "Modular on the Roof 2" https://www.youtube.com/watch?v=V5Z0R9DS4u0 + +(Originally on Twitter: [Sun Nov 27 11:41:13 +0000 2016](https://twitter.com/adulau/status/802839691959697408)) +---- +RT @dakami: The most brutal figure I've seen in any pen test report. + +It's about election systems. + +Halderman's co-author. + +https://t.co/vs… + +(Originally on Twitter: [Sun Nov 27 13:25:21 +0000 2016](https://twitter.com/adulau/status/802865897128034305)) +---- +"European Union wants to regulate cryptography?" +https://blog.lukaszolejnik.com/european-union-wants-to-regulate-cryptography/ In the nineties, we fought to free the use of cryptography. Again? + +(Originally on Twitter: [Sun Nov 27 18:40:55 +0000 2016](https://twitter.com/adulau/status/802945312226738180)) +---- +Why Belgium doesn't want to disclose the answers about cryptography? @CharlesMichel https://www.asktheeu.org/en/request/3347/response/11727/attach/html/4/16%202007.en.zen.ld%20ws%20mf.docx.html @lalibrebe @lesoir + +(Originally on Twitter: [Sun Nov 27 18:54:07 +0000 2016](https://twitter.com/adulau/status/802948633897287680)) +---- +@martijn_grooten Depending of ministries but there is an intersecting issue with "Wassenaar arrangement" which could be extended and abused. + +(Originally on Twitter: [Sun Nov 27 18:56:54 +0000 2016](https://twitter.com/adulau/status/802949337659490304)) +---- +@Kleissner I know, the regulation had a crypto exemption but the new survey of the Council might restrict it https://twitter.com/adulau/status/802949337659490304 + +(Originally on Twitter: [Sun Nov 27 21:03:42 +0000 2016](https://twitter.com/adulau/status/802981245072371712)) +---- +@HerraBRE Great news. The software @MailpileTeam will remain free for the benefit of the community. Copyright assignement is just so lame. + +(Originally on Twitter: [Mon Nov 28 13:06:50 +0000 2016](https://twitter.com/adulau/status/803223628997332992)) +---- +RT @sans_isc: Bot exploiting millions of vulnerable DSL Routers. Port 7547. The next #Mirai? http://i5c.us/2fsqt9V + +(Originally on Twitter: [Mon Nov 28 14:40:08 +0000 2016](https://twitter.com/adulau/status/803247106307653634)) +---- +RT @maartenvhb: Dynstruct: useful tool to recover data structures in use by a program. https://kar.kent.ac.uk/58461/ + +(Originally on Twitter: [Mon Nov 28 17:22:37 +0000 2016](https://twitter.com/adulau/status/803287996820688896)) +---- +Looking at dff digital forensics framework, a robust open source alternative to proprietary forensic tools https://github.com/arxsys/dff @ArxSys + +(Originally on Twitter: [Mon Nov 28 22:26:42 +0000 2016](https://twitter.com/adulau/status/803364520160874498)) +---- +RT @mubix: {SharedLinks} Hit Shift-F10 during Windows Update gives you CMD.exe which also bypasses Bitlocker... http://blog.win-fu.com/2016/11/every-windows-10-in-place-upgrade-is.html + +(Originally on Twitter: [Tue Nov 29 23:27:23 +0000 2016](https://twitter.com/adulau/status/803742182590980096)) +---- +Don't forget when the IC claim investment in some technology. It's just a statement and sometime just to add more fog in capabilities. + +(Originally on Twitter: [Tue Nov 29 23:48:40 +0000 2016](https://twitter.com/adulau/status/803747537018638336)) +---- +RT @cryptocephaly: New ECDLP record! We solved a 117.35-bit ECLDP on a binary curve! Update soon on http://eprint.iacr.org/2016/382 + +(Originally on Twitter: [Wed Nov 30 06:53:44 +0000 2016](https://twitter.com/adulau/status/803854510649180160)) +---- +@SoltraEdge Still ontrack for the open source release? + +(Originally on Twitter: [Wed Nov 30 07:37:02 +0000 2016](https://twitter.com/adulau/status/803865405907435521)) +---- +RT @circl_lu: New training or test VM with the latest version of @MISPProject 2.4.55 has been released https://circl.lu/services/misp-training-materials/#misp-virtual-machine #ThreatIntel + +(Originally on Twitter: [Wed Nov 30 08:46:40 +0000 2016](https://twitter.com/adulau/status/803882929894080513)) +---- +RT @kevinallix: I'm looking for a new IT challenge in Luxembourg https://lu.linkedin.com/in/kevin-allix-891a9a129 Ask me for my CV. #BigData #security + +(Originally on Twitter: [Wed Nov 30 10:43:14 +0000 2016](https://twitter.com/adulau/status/803912265586135040)) +---- +We had a great @MISPProject workshop at @Botconf many interesting feedback, issues open and improvement ideas for the future. @Iglocska + +(Originally on Twitter: [Wed Nov 30 11:02:13 +0000 2016](https://twitter.com/adulau/status/803917040482471936)) +---- +@theosint do you know what is exactly required as sharing attributes for such use-case of information sharing? @MISPProject + +(Originally on Twitter: [Wed Nov 30 11:18:16 +0000 2016](https://twitter.com/adulau/status/803921079823724545)) +---- +@Iglocska @SoltraEdge I hope it will be licensed under a free software license as defined by the FSF to ensure compatibility with others. + +(Originally on Twitter: [Wed Nov 30 12:24:55 +0000 2016](https://twitter.com/adulau/status/803937855009492992)) +---- +@jbfavre @Skhaen @carl_chenet Nice it's also my longterm view, copyleft is supporting the community on the long run. Check @hintjens books. + +(Originally on Twitter: [Wed Nov 30 12:53:53 +0000 2016](https://twitter.com/adulau/status/803945144965861376)) +---- +RT @kyrah: So a supply of iridium-192 was stolen from Bushehr. Ugh. http://www.thetower.org/4221-report-nuclear-material-stolen-from-iran-raises-concerns-over-dirty-bomb/ HT @CustosDivini + +(Originally on Twitter: [Wed Nov 30 14:39:27 +0000 2016](https://twitter.com/adulau/status/803971710139691008)) +---- +@xme Could this work with a large passive DNS dataset where only the answers are known? + +(Originally on Twitter: [Wed Nov 30 14:53:57 +0000 2016](https://twitter.com/adulau/status/803975357464539137)) +---- +@xme that would be great. Thanks a Iot. + +(Originally on Twitter: [Wed Nov 30 14:57:52 +0000 2016](https://twitter.com/adulau/status/803976346439471105)) +---- +RT @keystone_engine: A nice tool+framework uses @capstone_engine & @keystone_engine to manipulate live memory of Linux process: Proctal. + +h… + +(Originally on Twitter: [Wed Nov 30 15:08:01 +0000 2016](https://twitter.com/adulau/status/803978900816674817)) +---- +@ggreve Interesting, you also use the open source terminology to avoid the ambiguity when the audience is not aware of the subtile diff. + +(Originally on Twitter: [Wed Nov 30 15:55:45 +0000 2016](https://twitter.com/adulau/status/803990911113920512)) +---- +The Cyber Swiss Army Knife from @GCHQ is really nice https://github.com/gchq/CyberChef but they should drop the copyright assignment form. + +(Originally on Twitter: [Wed Nov 30 20:08:37 +0000 2016](https://twitter.com/adulau/status/804054546980945920)) +---- +RT @circl_lu: CIRCL offers scholarships and internships opportunities for student in Luxembourg and abroad. https://www.circl.lu/projects/internships/ + +(Originally on Twitter: [Wed Nov 30 20:21:03 +0000 2016](https://twitter.com/adulau/status/804057677940801542)) +---- +@taziden Pour votre info https://gist.github.com/adulau/39c0d3b648d2879bdba618e79d547ca8 @pbeyssac @solimanhindy + +(Originally on Twitter: [Thu Dec 01 13:10:06 +0000 2016](https://twitter.com/adulau/status/804311610714128384)) +---- +@DavidMelons The video was recorded at @Botconf for the @MISPProject workshop, it should be released soon. Another for Zurich is foreseen. + +(Originally on Twitter: [Thu Dec 01 13:12:36 +0000 2016](https://twitter.com/adulau/status/804312242212761600)) +---- +RT @pidgeyL: New sister Project of #CVESearch: #VIA4: a Vulnerability Information Aggregator for CVEs. +https://github.com/cve-search/VIA4CVE +@adulau @wim… + +(Originally on Twitter: [Thu Dec 01 16:17:19 +0000 2016](https://twitter.com/adulau/status/804358726555750400)) +---- +@verovaleros Some malware were using Crypto-PAN too. It's quite efficient to lure Passive DNS. + +(Originally on Twitter: [Fri Dec 02 10:01:15 +0000 2016](https://twitter.com/adulau/status/804626472791146496)) +---- +RT @pidgeyL: #OVAL information now available in #VIA4 https://github.com/cve-search/VIA4CVE More sources coming soon! @adulau @wimremes #CVESearch + +(Originally on Twitter: [Fri Dec 02 15:52:29 +0000 2016](https://twitter.com/adulau/status/804714867399790593)) +---- +@SoltraEdge Thank you for the feedback. So you abandon the idea to go open source? + +(Originally on Twitter: [Fri Dec 02 21:24:30 +0000 2016](https://twitter.com/adulau/status/804798419223117825)) +---- +There are so many pyramid scheme video nowadays... https://www.youtube.com/watch?v=ZOeg8Vp5deY https://www.youtube.com/watch?v=whEWE6WC1Ew&t=4s @shrekts + +(Originally on Twitter: [Fri Dec 02 22:29:10 +0000 2016](https://twitter.com/adulau/status/804814693382688768)) +---- +RT @jedisct1: Since jq was featured on Hacker News today, I'd like to remind you of a more powerful and super fast alternative: rq https://… + +(Originally on Twitter: [Sat Dec 03 12:20:29 +0000 2016](https://twitter.com/adulau/status/805023902489604096)) +---- +@shrekts My worst nightmare is in one of these parties with you shaking your #CISSP certificate while burning your @github account. + +(Originally on Twitter: [Sat Dec 03 13:05:07 +0000 2016](https://twitter.com/adulau/status/805035132667265024)) +---- +RT @RidT: Perhaps the biggest German intel-related leak ever: BND-NSA Inquiry files, 90GB, 2,420 docs (many 400p+), searchable—source likel… + +(Originally on Twitter: [Sat Dec 03 19:47:12 +0000 2016](https://twitter.com/adulau/status/805136322037948416)) +---- +@cropprotection What's the residual pesticides level in the produced crops from @BauerHolti ? and in the soils, waters and air? + +(Originally on Twitter: [Sun Dec 04 08:54:22 +0000 2016](https://twitter.com/adulau/status/805334420601311233)) +---- +RT @_argp: Reminder that @snare's Voltron (https://github.com/snare/voltron) is fucking awesome! + +(Originally on Twitter: [Tue Dec 06 07:32:16 +0000 2016](https://twitter.com/adulau/status/806038534813577216)) +---- +RT @UlfFrisk: PCILeech update; USB2 DMA is finally stable, albeit a bit slow. + +(Originally on Twitter: [Tue Dec 06 07:32:39 +0000 2016](https://twitter.com/adulau/status/806038628497584128)) +---- +RT @pstirparo: Ready for a great 2days @MISPProject event in Zurich w/ @circl_lu @switchcert @adulau #DFIR + +(Originally on Twitter: [Tue Dec 06 08:28:47 +0000 2016](https://twitter.com/adulau/status/806052756033306624)) +---- +RT @pstirparo: new features + galaxy + workbench,@MISPProject is really moving towards full fledge TIP platform,amazing job guys @rafi0t @I… + +(Originally on Twitter: [Tue Dec 06 17:05:44 +0000 2016](https://twitter.com/adulau/status/806182849284100096)) +---- +If you join today (locally or remotely) the @MISPProject #hackathon the etherpad is available at https://e.pastebin.lu:9001/p/MISPHackathon2016 #ThreatIntel + +(Originally on Twitter: [Wed Dec 07 08:30:34 +0000 2016](https://twitter.com/adulau/status/806415591238148096)) +---- +@shrekts The video of 5 hours contains a huge @FIRSTdotOrg sticker ;-) @switchcert @MISPProject @rafi0t @Iglocska + +(Originally on Twitter: [Wed Dec 07 12:57:36 +0000 2016](https://twitter.com/adulau/status/806482792477495296)) +---- +RT @rafi0t: Hey twitter, how can I create a zip encrypted file *in memory* in python? + +(Originally on Twitter: [Wed Dec 07 18:21:36 +0000 2016](https://twitter.com/adulau/status/806564329348861952)) +---- +RT @MISPProject: MISP 2.4.56 released has been released including the galaxy support +http://www.misp-project.org/2016/12/07/MISP.2.4.56.released.html to add your favourite threat a… + +(Originally on Twitter: [Wed Dec 07 18:23:33 +0000 2016](https://twitter.com/adulau/status/806564821219082241)) +---- +RT @IgorSkochinsky: A nice story about an argument on SAT solvers resulting in a check from Knuth. https://www.reddit.com/r/ReverseEngineering/comments/5h23u3/comment/daww68q?st=IWG18HB9&sh=9165646b + +(Originally on Twitter: [Thu Dec 08 09:01:20 +0000 2016](https://twitter.com/adulau/status/806785721616908288)) +---- +The good advice of the day: get rid of "stakeholder" in papers or article but define which organisations or people are fuc*ing interested. + +(Originally on Twitter: [Thu Dec 08 15:43:59 +0000 2016](https://twitter.com/adulau/status/806887052767854592)) +---- +"Efficient Distinct Heavy Hitters for DNS DDoS Attack Detection" +https://arxiv.org/pdf/1612.02636v1.pdf + +(Originally on Twitter: [Fri Dec 09 08:22:23 +0000 2016](https://twitter.com/adulau/status/807138310955077632)) +---- +"A History of the ARPANET: The First Decade" http://www.dtic.mil/cgi-bin/GetTRDoc?Location=U2&doc=GetTRDoc.pdf&AD=ADA115440 It's always important to know the Internet roots and keep them in mind. + +(Originally on Twitter: [Sat Dec 10 10:18:00 +0000 2016](https://twitter.com/adulau/status/807529790974656517)) +---- +@meneergent "In 1983 the Defense Communications Agency decided that the ARPANET had grown large enough that security was now a concern." + +(Originally on Twitter: [Sat Dec 10 10:35:15 +0000 2016](https://twitter.com/adulau/status/807534134000291840)) +---- +@meneergent which is my favorite quote from this book. Indeed, it's also an exhaustive reference beyond the technical considerations. + +(Originally on Twitter: [Sat Dec 10 10:36:38 +0000 2016](https://twitter.com/adulau/status/807534483838791681)) +---- +RT @MISPProject: We just found the quote for the next @MISPProject t-shirt https://twitter.com/dakami/status/806268127478562816 the Open Source feedback loop described… + +(Originally on Twitter: [Sat Dec 10 14:59:40 +0000 2016](https://twitter.com/adulau/status/807600677019156480)) +---- +@kautoh Some PGP users forgot that OpenPGP format is used for long lasting storage, potential key escrow and revocation. Different than e2e. + +(Originally on Twitter: [Sun Dec 11 20:26:29 +0000 2016](https://twitter.com/adulau/status/808045308836016129)) +---- +Do you know any forensic or security tool that really requires picoseconds resolution? #askingforacommittee + +(Originally on Twitter: [Sun Dec 11 22:26:01 +0000 2016](https://twitter.com/adulau/status/808075391327961090)) +---- +@ralphholz @ErrataRob If you want to read the whole discussion... http://markmail.org/message/ese63smxa7ovasyi?q=picosecond+list:org%2Eoasis-open%2Elists%2Ecti + +(Originally on Twitter: [Mon Dec 12 05:51:53 +0000 2016](https://twitter.com/adulau/status/808187599194128384)) +---- +RT @0xAmit: Netgear vuln - temporary fix is to use the exploit to kill the https. Un-fucking-real. ![](media/808188284597846016-CzbNIUPVQAAJxhz.jpg) + +(Originally on Twitter: [Mon Dec 12 05:54:37 +0000 2016](https://twitter.com/adulau/status/808188284597846016)) +---- +@ErrataRob I suppose it will be the next topic on the agenda: "Going beyond physics to express a timestamp" @ralphholz + +(Originally on Twitter: [Mon Dec 12 07:09:57 +0000 2016](https://twitter.com/adulau/status/808207244181512192)) +---- +"No domain left behind: is Let’s Encrypt democratizing encryption?" +https://arxiv.org/pdf/1612.03005v1.pdf + +(Originally on Twitter: [Mon Dec 12 07:20:00 +0000 2016](https://twitter.com/adulau/status/808209775280422912)) +---- +RT @SHA2017Camp: If you want to have a talk on SHA2017 or know someone, let him/her fill in the CfP. Deadline is till 1 Feb. https://t.co/K… + +(Originally on Twitter: [Mon Dec 12 20:49:50 +0000 2016](https://twitter.com/adulau/status/808413575022866432)) +---- +Just submitted a lecture for @SHA2017Camp Maybe I'll submit an art performance too... with @rafi0t (if @Iglocska is not afraid of hornets) + +(Originally on Twitter: [Mon Dec 12 20:57:58 +0000 2016](https://twitter.com/adulau/status/808415622061244420)) +---- +RT @communia_eu: The Commission proposal for #TDM is a strategic mistake: http://www.communia-association.org/2016/12/12/commissions-proposal-text-data-mining-strategic-mistake/ #FixCopyright + +(Originally on Twitter: [Mon Dec 12 21:13:14 +0000 2016](https://twitter.com/adulau/status/808419464819699712)) +---- +You can also interact to tarpit them. Don't forget the funky use of PBX functionality like eternal-wait or confcall. +https://mobile.twitter.com/circl_lu/status/808322127048937472 + +(Originally on Twitter: [Tue Dec 13 06:54:42 +0000 2016](https://twitter.com/adulau/status/808565795332755456)) +---- +RT @sergedroz: I recommend this Counter-Script: https://egbg.home.xs4all.nl/counterscript.html https://twitter.com/adulau/status/808565795332755456 + +(Originally on Twitter: [Tue Dec 13 10:31:49 +0000 2016](https://twitter.com/adulau/status/808620431775334400)) +---- +When you do free software, many people might ask you about how your software compare to the proprietary version. It's usually a good sign. + +(Originally on Twitter: [Wed Dec 14 08:44:10 +0000 2016](https://twitter.com/adulau/status/808955728560058368)) +---- +@Aristot73 Yes, especially that LE might involve external parties to find vulnerabilities. Will you report the vulnerability to the vendor? + +(Originally on Twitter: [Thu Dec 15 15:45:07 +0000 2016](https://twitter.com/adulau/status/809424054604197896)) +---- +@Aristot73 Ok but the issue is similar. If you compromise a device using a third-party equipment, you might have weaken the security of it. + +(Originally on Twitter: [Thu Dec 15 16:23:17 +0000 2016](https://twitter.com/adulau/status/809433657018564608)) +---- +Why every time I touch a web application I found a vulnerability without looking for them? + +(Originally on Twitter: [Thu Dec 15 16:50:48 +0000 2016](https://twitter.com/adulau/status/809440583806750722)) +---- +"Using Bitcoin for Fun and Profit" +http://www.diva-portal.org/smash/get/diva2:1051913/FULLTEXT01.pdf #bitcoin + +(Originally on Twitter: [Thu Dec 15 19:37:08 +0000 2016](https://twitter.com/adulau/status/809482442604167168)) +---- +@emilianodc_ Maybe written using a Markov chain? + +(Originally on Twitter: [Fri Dec 16 11:47:26 +0000 2016](https://twitter.com/adulau/status/809726628075016192)) +---- +RT @MISPProject: MISP galaxy is now integrated and you can add directly threat actors and actor tools for your events and share. https://t.… + +(Originally on Twitter: [Sat Dec 17 09:52:46 +0000 2016](https://twitter.com/adulau/status/810060158617391104)) +---- +@bortzmeyer Donc on pourrait faire du TikZ vers SVG pour les prochains I-Ds. http://www.texample.net/tikz/examples/tag/diagrams/ + +(Originally on Twitter: [Sat Dec 17 13:55:56 +0000 2016](https://twitter.com/adulau/status/810121353462448128)) +---- +@jedisct1 I'm curious about their capabilities regarding OpenVPN and which set-ups are relatively safe nowadays. @binitamshah + +(Originally on Twitter: [Sat Dec 17 14:09:16 +0000 2016](https://twitter.com/adulau/status/810124706456207368)) +---- +@cnoanalysis @MISPProject @Iglocska Could you provide us a list of the activity groups? We can create a new activity group galaxy. Thx. + +(Originally on Twitter: [Sat Dec 17 19:24:47 +0000 2016](https://twitter.com/adulau/status/810204111362781185)) +---- +RT @Iglocska: Dealing with time zones - most sensible vid out there. Conclusion: Stop trying to build it, reuse OSS https://www.youtube.com/watch?v=-5wpm-gesOY… + +(Originally on Twitter: [Sun Dec 18 12:31:40 +0000 2016](https://twitter.com/adulau/status/810462532435640320)) +---- +RT @taviso: Looks like intel open sourced xed. There are other disasm libraries, but I've always found xed the nicest to use. https://t.co/… + +(Originally on Twitter: [Sun Dec 18 19:39:55 +0000 2016](https://twitter.com/adulau/status/810570308776316929)) +---- +We finally did a warning-lists support in MISP API . So you can get rid of potential false positives at API level. +https://twitter.com/MISPProject/status/810894713956012032 + +(Originally on Twitter: [Mon Dec 19 17:24:35 +0000 2016](https://twitter.com/adulau/status/810898638926974977)) +---- +RT @Aristot73: my thoughts to my german friends. hope they and their families and loved ones are safe. + +(Originally on Twitter: [Mon Dec 19 20:22:57 +0000 2016](https://twitter.com/adulau/status/810943524287946752)) +---- +RT @rafi0t: Can we please stop saying OpenGPG is in the same category of tools as Signal or WhatsApp? This is a gross misunderstanding of t… + +(Originally on Twitter: [Tue Dec 20 07:07:52 +0000 2016](https://twitter.com/adulau/status/811105821149003780)) +---- +@matthew_d_green What do you recommend instead of PGP to support "nobody should read our emails"? @rantyben @daveaitel @thegrugq + +(Originally on Twitter: [Tue Dec 20 13:55:56 +0000 2016](https://twitter.com/adulau/status/811208517063471105)) +---- +@matthew_d_green Can you archive securely your communications? Can you do key escrow on LE request? @rantyben @daveaitel @thegrugq + +(Originally on Twitter: [Tue Dec 20 14:00:03 +0000 2016](https://twitter.com/adulau/status/811209553471737857)) +---- +@matthew_d_green Sometime "--show-session-key" in GnuPG can save your life. @rantyben @daveaitel @thegrugq + +(Originally on Twitter: [Tue Dec 20 14:05:04 +0000 2016](https://twitter.com/adulau/status/811210816695451648)) +---- +I'll write a blog post "Still using OpenPGP because it's fucking working well for many use-cases. And there is no other alternative..." + +(Originally on Twitter: [Tue Dec 20 18:46:59 +0000 2016](https://twitter.com/adulau/status/811281762777231362)) +---- +"A Bayesian Approach to Identify Bitcoin Users" +https://arxiv.org/pdf/1612.06747v2.pdf + +(Originally on Twitter: [Thu Dec 22 07:34:07 +0000 2016](https://twitter.com/adulau/status/811837203647201280)) +---- +RT @botherder: Hacking-assisted military intelligence is pretty standard. Don't freak out people, no "cyberwar started". These operations a… + +(Originally on Twitter: [Thu Dec 22 21:15:18 +0000 2016](https://twitter.com/adulau/status/812043862957027328)) +---- +RT @circl_lu: Many new features and updates in the AIL framework - Analysis Information Leak framework https://github.com/CIRCL/AIL-framework #datamining… + +(Originally on Twitter: [Thu Dec 22 21:29:09 +0000 2016](https://twitter.com/adulau/status/812047349199540224)) +---- +@alexanderjaeger If you have any specific issue, just let us know. Testing can be done with https://github.com/MISP/PyMISP/tree/master/examples/events @bambenek @MISPProject + +(Originally on Twitter: [Thu Dec 22 21:46:11 +0000 2016](https://twitter.com/adulau/status/812051634998169600)) +---- +”420 Friendly”: Revealing Marijuana Use via Craigslist Rental Ads https://arxiv.org/pdf/1612.07630v1.pdf + +(Originally on Twitter: [Fri Dec 23 08:34:02 +0000 2016](https://twitter.com/adulau/status/812214671436550144)) +---- +With the recent improvements in the cve-search project https://www.cve-search.org/ a new web site to inform about updates. @wimremes @pidgeyL + +(Originally on Twitter: [Sat Dec 24 16:45:57 +0000 2016](https://twitter.com/adulau/status/812700854641946624)) +---- +Be careful especially when you see weak adversaries targeting your infrastructure, they might win. Underestimating asymmetry is risky. ![](media/813019074838011904-C0hryQtWgAAhrqd.jpg) + +(Originally on Twitter: [Sun Dec 25 13:50:27 +0000 2016](https://twitter.com/adulau/status/813019074838011904)) +---- +@botherder "How the Weak Win Wars, +A Theory of Asymmetric Conflict" and art: "The Death of the Author by +Roland Barthes" + +(Originally on Twitter: [Sun Dec 25 16:59:01 +0000 2016](https://twitter.com/adulau/status/813066531139682305)) +---- +Assignments In Photography https://www.foo.be/photoblog/posts/assignments-in-photography.html #photography #bookworm ![](media/813072790718971904-C0idQvJXgAAbXBf.jpg) + +(Originally on Twitter: [Sun Dec 25 17:23:54 +0000 2016](https://twitter.com/adulau/status/813072790718971904)) +---- +"Atom: Scalable Anonymity Resistant to Traffic Analysis" +https://arxiv.org/pdf/1612.07841v1.pdf waiting for "to-be-released" code @ https://github.com/kwonalbert/atom + +(Originally on Twitter: [Mon Dec 26 09:40:02 +0000 2016](https://twitter.com/adulau/status/813318444217233408)) +---- +Nowadays, the consecration for a photographer is not the fame of an exhibition or publishing a new book but to be in the @archillect stream. + +(Originally on Twitter: [Mon Dec 26 11:02:12 +0000 2016](https://twitter.com/adulau/status/813339121460592640)) +---- +@bin3ry I really enjoyed the storm in the night, the law-enforcement bus, John Gilmore and Tor talks and the lightning talk of @halvarflake + +(Originally on Twitter: [Mon Dec 26 11:28:07 +0000 2016](https://twitter.com/adulau/status/813345645201420288)) +---- +RT @xme: This makes me always laugh… This is the modern version of “The keys are under the doormat” ![](media/813376245291511808-C0mvTFnWgAAXhAF.jpg) + +(Originally on Twitter: [Mon Dec 26 13:29:43 +0000 2016](https://twitter.com/adulau/status/813376245291511808)) +---- +RT @halvarflake: Oh man, memory lane. I *so* enjoyed that event. https://twitter.com/adulau/status/813345645201420288 + +(Originally on Twitter: [Mon Dec 26 16:01:07 +0000 2016](https://twitter.com/adulau/status/813414347515056128)) +---- +@ekoivune Not sure if this is really enforced with the US brands. US is known to use regulation as an economical arm against competitors. + +(Originally on Twitter: [Tue Dec 27 19:07:35 +0000 2016](https://twitter.com/adulau/status/813823662084227072)) +---- +Don't forget your camouflage when you are "defensive cyberspace operations engineer" https://hackinginprogress.tumblr.com/post/155068641593/for-when-you-need-to-camouflage-against-your-desk and yes, it's from a real ads. + +(Originally on Twitter: [Wed Dec 28 12:51:42 +0000 2016](https://twitter.com/adulau/status/814091452632416256)) +---- +RT @hack_lu: Take your agenda and be prepared for @hack_lu October 16-19, 2017 #conference #Luxembourg #infosec ![](media/814199107279589376-C0xqKWIWQAABgif.jpg) + +(Originally on Twitter: [Wed Dec 28 19:59:28 +0000 2016](https://twitter.com/adulau/status/814199107279589376)) +---- +RT @MISPProject: We'll do a new MISP release before the end of the year with a new sharing functionality. Because sharing is caring. #Thre… + +(Originally on Twitter: [Wed Dec 28 20:29:23 +0000 2016](https://twitter.com/adulau/status/814206633056337921)) +---- +RT @pidgeyL: Lightning talk about #CVESearch at #33C3, 1:05PM. Introduction for newcomers & announcement of the latest major updates @adula… + +(Originally on Twitter: [Thu Dec 29 08:45:03 +0000 2016](https://twitter.com/adulau/status/814391770100461568)) +---- +We released a new version of cve-search v2.2 including bug fixes and the new default cross-reference VIA4CVE database. @pidgeyL @wimremes + +(Originally on Twitter: [Thu Dec 29 09:38:36 +0000 2016](https://twitter.com/adulau/status/814405249247117313)) +---- +RT @MISPProject: .@Timo_Steffens Yep. 38 correlations (see screen-shot) with other older events including a lot of historical reports. #Gri… + +(Originally on Twitter: [Thu Dec 29 22:57:31 +0000 2016](https://twitter.com/adulau/status/814606300835446785)) +---- +"Multi-Party Privacy-Preserving Record Linkage using Bloom Filters" https://arxiv.org/pdf/1612.08835v1.pdf + +(Originally on Twitter: [Fri Dec 30 09:58:03 +0000 2016](https://twitter.com/adulau/status/814772529940271104)) +---- +@Timo_Steffens Any public ref for "Carperblike"? I would like to add it in @MISPProject galaxy @codelancer @RidT https://github.com/MISP/misp-galaxy + +(Originally on Twitter: [Fri Dec 30 10:26:36 +0000 2016](https://twitter.com/adulau/status/814779714535559172)) +---- +Many tor exit nodes in the IP addresses of the NCCIC's GRIZZLY STEPPE report. @RidT @Timo_Steffens ![](media/814780997812289536-C06uet2XUAAIijR.jpg) + +(Originally on Twitter: [Fri Dec 30 10:31:42 +0000 2016](https://twitter.com/adulau/status/814780997812289536)) +---- +@Timo_Steffens Thank you, added. https://github.com/MISP/misp-galaxy/blob/master/clusters/tool.json#L1078 @MISPProject + +(Originally on Twitter: [Fri Dec 30 10:40:13 +0000 2016](https://twitter.com/adulau/status/814783142993268736)) +---- +@kautoh Indeed. Some are also well-known regularly compromised hosts too... @vpkivimaki @RidT @Timo_Steffens @MISPProject @circl_lu + +(Originally on Twitter: [Fri Dec 30 11:12:56 +0000 2016](https://twitter.com/adulau/status/814791373496926209)) +---- +@goenie It's the standard graphical visualization in MISP http://www.misp-project.org/ @RidT @Timo_Steffens @MISPProject @circl_lu + +(Originally on Twitter: [Fri Dec 30 11:29:35 +0000 2016](https://twitter.com/adulau/status/814795565712162816)) +---- +@cjmunich It's a difficult question especially when a single host is used for operating a Tor exit node, a dropper zone and a mail relay. + +(Originally on Twitter: [Fri Dec 30 11:32:09 +0000 2016](https://twitter.com/adulau/status/814796210095656960)) +---- +@cjmunich That's why keeping historical data from Passive DNS, Passive SSL or alike is usually a quick win to discover such cases. + +(Originally on Twitter: [Fri Dec 30 11:32:45 +0000 2016](https://twitter.com/adulau/status/814796360969060352)) +---- +"We are not far away" https://www.flickr.com/photos/adulau/31613100080/ #photography #blackandwhitephotography + +(Originally on Twitter: [Fri Dec 30 19:56:20 +0000 2016](https://twitter.com/adulau/status/814923090824232966)) +---- +@LeFloatingGhost Maybe it's %s and %d and this is the visual representation of the "sprintf"-protection advanced cherry-red padlock. + +(Originally on Twitter: [Sat Dec 31 09:50:21 +0000 2016](https://twitter.com/adulau/status/815132980536545280)) +---- +If you think that the energy infrastructure is better protected than a regularly updated server on Internet, you are most probably wrong. + +(Originally on Twitter: [Sat Dec 31 09:59:48 +0000 2016](https://twitter.com/adulau/status/815135358597865472)) +---- +@electrospaces Quite good indeed but the "kinetic" newspeak + should be really avoided. + +(Originally on Twitter: [Sat Dec 31 12:45:47 +0000 2016](https://twitter.com/adulau/status/815177128090238976)) +---- +@cyb3rops Thank you for sharing. I just added in MISP. Have you done a full retro-hunt in VT? @JGamblin @USCERT_gov + +(Originally on Twitter: [Sat Dec 31 13:04:42 +0000 2016](https://twitter.com/adulau/status/815181891338899456)) +---- +RT @pidgeyL: #CVESearch v2.2 is pretty leet @wimremes @adulau ![](media/815226732743507969-C1A_sW6XEAAb91F.jpg) + +(Originally on Twitter: [Sat Dec 31 16:02:53 +0000 2016](https://twitter.com/adulau/status/815226732743507969)) +---- +RT @halvarflake: One of my wishes for 2017: Europe recognizes it needs & starts building a DARPA. + +(Originally on Twitter: [Sun Jan 01 11:05:12 +0000 2017](https://twitter.com/adulau/status/815514203868069889)) +---- +OpenPGP really works https://www.foo.be/2016/12/OpenPGP-really-works #PGP + +(Originally on Twitter: [Sun Jan 01 17:34:19 +0000 2017](https://twitter.com/adulau/status/815612128497434624)) +---- +RT @MISPProject: Start 2017 with a new MISP release 2.4.59 including major updates to the external feed functionality. https://t.co/EcU9eR… + +(Originally on Twitter: [Sun Jan 01 19:12:26 +0000 2017](https://twitter.com/adulau/status/815636821644341248)) +---- +RT @martijn_grooten: In 2017 we should make progress with encrypted email. Pointing out what works about PGP, as @adulau did, does help. ht… + +(Originally on Twitter: [Sun Jan 01 21:19:29 +0000 2017](https://twitter.com/adulau/status/815668793221480448)) +---- +"Two factor authentication using EEG augmented passwords" https://arxiv.org/pdf/1612.09423v1.pdf #brainwaves + +(Originally on Twitter: [Mon Jan 02 08:59:53 +0000 2017](https://twitter.com/adulau/status/815845056414437378)) +---- +@doegox Indeed, I do but I forgot to mention it in the blog post... https://github.com/MISP/MISP/commit/057a5fa759b222eeaa32347348f5745ebd9af525 + +(Originally on Twitter: [Mon Jan 02 09:56:30 +0000 2017](https://twitter.com/adulau/status/815859302531563520)) +---- +@doegox Thank you for the hint, I updated the blog post https://www.foo.be/2016/12/OpenPGP-really-works#signed-git-commits + +(Originally on Twitter: [Mon Jan 02 10:31:07 +0000 2017](https://twitter.com/adulau/status/815868013723402241)) +---- +RT @doegox: @adulau Never too late: https://github.com/doegox/ElectronicColoringBook/commit/c26de114c583ed53d7941d0e963ee1802a13a754 + +(Originally on Twitter: [Mon Jan 02 11:28:35 +0000 2017](https://twitter.com/adulau/status/815882478309244928)) +---- +RT @doegox: @hanno @adulau if git+gpg, the risk is limited to signed commits trusting older unsigned commits and SHA1 is safe against preim… + +(Originally on Twitter: [Mon Jan 02 11:39:31 +0000 2017](https://twitter.com/adulau/status/815885228225032192)) +---- +RT @p_ameline: OpenPGP really works, as investigated by @adulau https://www.foo.be/2016/12/OpenPGP-really-works Still integrated in many daily used utilities. poke… + +(Originally on Twitter: [Mon Jan 02 17:35:37 +0000 2017](https://twitter.com/adulau/status/815974845498454017)) +---- +"Classification of Smartphone Users Using Internet Traffic" +https://arxiv.org/pdf/1701.00220v1.pdf the sample is very limited but the acknowledgement ;-) + +(Originally on Twitter: [Tue Jan 03 09:21:21 +0000 2017](https://twitter.com/adulau/status/816212845314666496)) +---- +@jedisct1 Maybe because it's so easy to break software and so complex to build secure A/V software. + +(Originally on Twitter: [Tue Jan 03 20:45:57 +0000 2017](https://twitter.com/adulau/status/816385128540860417)) +---- +@ClausHoumann When will you do the guide for @asscert or even one for http://programming-motherfucker.com/ ? + +(Originally on Twitter: [Tue Jan 03 20:56:35 +0000 2017](https://twitter.com/adulau/status/816387805886738432)) +---- +For the cheese lovers around, if you want to have some fun with US "food" read this http://www.fooducate.com/app#!page=product&id=DB73B008-0CEB-11E0-BF92-FEFD45A4D471 and especially the comments. + +(Originally on Twitter: [Wed Jan 04 21:19:29 +0000 2017](https://twitter.com/adulau/status/816755958944792576)) +---- +RT @MISPProject: New MISP galaxy added with exploit kits and TDS description. https://github.com/MISP/misp-galaxy Big thanks to @kafeine @node5 @kahuse… + +(Originally on Twitter: [Thu Jan 05 20:03:34 +0000 2017](https://twitter.com/adulau/status/817099238903578624)) +---- +RT @SteveClement: Training materials for a safe use of #agrochemicals| by @LIST_Luxembourg +Doesn't sound #organic to me… + +https://t.co/yO5B… + +(Originally on Twitter: [Thu Jan 05 20:29:23 +0000 2017](https://twitter.com/adulau/status/817105736308293633)) +---- +Large corporations try to sell "big data" mining for security to organisations that lack the raw data to do effective grep search. #DFIR + +(Originally on Twitter: [Thu Jan 05 21:19:31 +0000 2017](https://twitter.com/adulau/status/817118352527290368)) +---- +@kyrah At least some "vendors" claim to have exploitation support and some WAPPush vulnerabilities were on sale in late 2007/2008. + +(Originally on Twitter: [Thu Jan 05 21:39:55 +0000 2017](https://twitter.com/adulau/status/817123488104321027)) +---- +@LiorKesh Interesting analysis. Could you share the sample or at least the hash? + +(Originally on Twitter: [Thu Jan 05 22:48:43 +0000 2017](https://twitter.com/adulau/status/817140800597401600)) +---- +@LiorKesh Super, thank you! + +(Originally on Twitter: [Fri Jan 06 09:11:57 +0000 2017](https://twitter.com/adulau/status/817297642338324480)) +---- +"Unlikely" is only used in the estimative language description in https://www.dni.gov/files/documents/ICA_2017_01.pdf "the Russian activities report in US elections". + +(Originally on Twitter: [Fri Jan 06 21:11:38 +0000 2017](https://twitter.com/adulau/status/817478758449942528)) +---- +"Criteria for assessing security of OSINT tools" is a nifty list when selecting software or services to do/support OSINT gathering/mining. ![](media/817685706491498496-C1j5H3WWgAAm4gY.jpg) + +(Originally on Twitter: [Sat Jan 07 10:53:58 +0000 2017](https://twitter.com/adulau/status/817685706491498496)) +---- +@timb_machine I think the first positive point with accreditation is the less useful one especially for open source tools or services. + +(Originally on Twitter: [Sat Jan 07 12:06:42 +0000 2017](https://twitter.com/adulau/status/817704009712762880)) +---- +One of my favourite song of @paraoner https://soundcloud.com/para-one/para-one-finale-1 dark and positive at the same time. #electronicmusic + +(Originally on Twitter: [Sat Jan 07 16:24:20 +0000 2017](https://twitter.com/adulau/status/817768844651532288)) +---- +Take a software with pseudo machine learning, analyse a dataset of 1 year chat logs and ask a question. The output: https://twitter.com/Iglocska/status/817827681446330368 + +(Originally on Twitter: [Sat Jan 07 20:21:25 +0000 2017](https://twitter.com/adulau/status/817828506197512193)) +---- +@Iglocska Thank @CeoEnron for the initial test of filtering swear words. Time for @NLTK_org to have a default corpus http://bastian.rieck.ru/blog/posts/2015/enron_swear_words/ + +(Originally on Twitter: [Sat Jan 07 20:32:49 +0000 2017](https://twitter.com/adulau/status/817831376636542976)) +---- +@Iglocska @CeoEnron @NLTK_org Maybe we should involve @bsb_ebooks @thegrugq_ebooks in the discussion. https://github.com/mispy/twitter_ebooks + +(Originally on Twitter: [Sat Jan 07 20:40:30 +0000 2017](https://twitter.com/adulau/status/817833311456337920)) +---- +"The GUNMAN Project" (1985) You can be a bit disappointed nowadays by US and Russia in comparison while reading this +https://www.foo.be/docs/intelligence/Learning_From_the_Enemy_The_GUNMAN_Project.pdf ![](media/818021861451853824-C1oycCUXgAA4mpM.jpg) + +(Originally on Twitter: [Sun Jan 08 09:09:44 +0000 2017](https://twitter.com/adulau/status/818021861451853824)) +---- +RT @MISPProject: @RobertMLee We love estimative languages too. https://github.com/MISP/misp-taxonomies/blob/master/estimative-language/machinetag.json By the way, it's integrated in MISP if you enable th… + +(Originally on Twitter: [Sun Jan 08 13:32:57 +0000 2017](https://twitter.com/adulau/status/818088101205671937)) +---- +@seamustuohy Only the chapter 10 is interesting, the rest is "so so". DM me your email... @MISPProject + +(Originally on Twitter: [Sun Jan 08 14:16:04 +0000 2017](https://twitter.com/adulau/status/818098953493291008)) +---- +RT @piotrkijewski: "Catching Predators at Watering Holes: Finding and Understanding Strategically Compromised Websites" https://t.co/BXYseE… + +(Originally on Twitter: [Sun Jan 08 14:59:10 +0000 2017](https://twitter.com/adulau/status/818109797786615808)) +---- +@BlakeDarche Maybe the situation is now much clearer with a public release. Previously the source code was released under closed circles. + +(Originally on Twitter: [Sun Jan 08 16:41:36 +0000 2017](https://twitter.com/adulau/status/818135576742338561)) +---- +RT @TrumpOnCrypto: AES is from a designer from a NATO member state. Can't trust it. I ordered NIST to make KGB's GOST the block cipher for… + +(Originally on Twitter: [Mon Jan 09 07:31:46 +0000 2017](https://twitter.com/adulau/status/818359593126494208)) +---- +"Shallow and Deep Networks Intrusion Detection System: A Taxonomy and Survey" https://arxiv.org/pdf/1701.02145v1.pdf + +(Originally on Twitter: [Tue Jan 10 09:23:18 +0000 2017](https://twitter.com/adulau/status/818750053154230272)) +---- +RT @circl_lu: Slides about the @MISPProject galaxies where you can describe threat actors or anything you care about in MISP https://t.co/k… + +(Originally on Twitter: [Tue Jan 10 15:39:28 +0000 2017](https://twitter.com/adulau/status/818844717010026496)) +---- +RT @quarkslab: [BLOG] Differential Fault Analysis on White-box AES Implementations http://blog.quarkslab.com/differential-fault-analysis-on-white-box-aes-implementations.html #reverse #crypto by @doegox & @h… + +(Originally on Twitter: [Tue Jan 10 17:47:51 +0000 2017](https://twitter.com/adulau/status/818877025159147521)) +---- +"SIPHON: Towards Scalable High-Interaction Physical Honeypots" https://arxiv.org/pdf/1701.02446v1.pdf #IoT + +(Originally on Twitter: [Wed Jan 11 07:25:46 +0000 2017](https://twitter.com/adulau/status/819082860174917632)) +---- +RT @Regiteric: So @DHSgov Hunting and IR Team is using @MISPProject when on the field #flocon17 + +(Originally on Twitter: [Wed Jan 11 19:17:05 +0000 2017](https://twitter.com/adulau/status/819261870485991425)) +---- +Any idea why this user on gist is generating series of UUID at regular interval on gist @github? https://gist.github.com/teruteru128 + +(Originally on Twitter: [Wed Jan 11 21:20:50 +0000 2017](https://twitter.com/adulau/status/819293014170419202)) +---- +@LucDockendorf You mean with the stock graphics used for "cyber cyber security" articles ;-) for more ref: https://hackinginprogress.tumblr.com/ @secin_lu + +(Originally on Twitter: [Thu Jan 12 08:48:19 +0000 2017](https://twitter.com/adulau/status/819466021891346432)) +---- +@bortzmeyer https://www.abuse.ch/?p=3581 "Cybercriminals Moving Over To TLD .su" C'est toujours le cas ? + @dascritch @AdrienneCharmet @Rue89 + +(Originally on Twitter: [Thu Jan 12 08:55:14 +0000 2017](https://twitter.com/adulau/status/819467764817686528)) +---- +Repeat after me "everything will be fine" https://www.ssllabs.com/ssltest/analyze.html?d=www.giulianisecurity.com + +(Originally on Twitter: [Thu Jan 12 22:01:58 +0000 2017](https://twitter.com/adulau/status/819665749656662017)) +---- +@halvarflake Who will be the next Keith Haring? We are back in the eighties from IoT security to Giuliani/broken windows theory.. ![](media/819668324091105281-C2ALd65WQAA2ez8.jpg) + +(Originally on Twitter: [Thu Jan 12 22:12:11 +0000 2017](https://twitter.com/adulau/status/819668324091105281)) +---- +"The Protection of Information in Computer Systems" +http://www.cs.virginia.edu/~evans/cs551/saltzer/ It was 1975 and it's still accurate when designing software. + +(Originally on Twitter: [Fri Jan 13 20:02:09 +0000 2017](https://twitter.com/adulau/status/819997987489411072)) +---- +"A Contemporary Look at Saltzer and Schroeder’s 1975 Design Principles" https://courses.cs.washington.edu/courses/cse484/14au/reading/look-at-1975.pdf for the follow-up in 2012. + +(Originally on Twitter: [Fri Jan 13 20:17:34 +0000 2017](https://twitter.com/adulau/status/820001866012590080)) +---- +"Is Cyberattack the Next Pearl Harbor?" http://ncjolt.org/wp-content/uploads/2016/12/Trautman_Final.pdf With a good sense of humour and self derision, you can read it for fun. + +(Originally on Twitter: [Sun Jan 15 10:51:15 +0000 2017](https://twitter.com/adulau/status/820584125304279040)) +---- +as stated by the @guerrillagirls https://www.flickr.com/photos/adulau/31509359673/ "It's even worse in Europe." #photography #museum + +(Originally on Twitter: [Sun Jan 15 11:00:47 +0000 2017](https://twitter.com/adulau/status/820586524370751488)) +---- +RT @kafeine: Neutrino += CVE-2016-7200/7201 (Microsoft Edge). Post updated: http://malware.dontneedcoffee.com/2017/01/CVE-2016-7200-7201.html ![](media/820730408660848640-C2JFs-DXEAAOMTg.png) + +(Originally on Twitter: [Sun Jan 15 20:32:32 +0000 2017](https://twitter.com/adulau/status/820730408660848640)) +---- +RT @herrcore: Weekend project: automatic IAT rebuilder in Python! I built it because I couldn’t find one… +https://github.com/OALabs/PyIATRebuild +#DFIR #m… + +(Originally on Twitter: [Mon Jan 16 07:55:59 +0000 2017](https://twitter.com/adulau/status/820902406405980163)) +---- +RT @sawaba: Failing is a good sign, actually. Anyone in InfoSec without significant failures under their belt likely lacks experience. http… + +(Originally on Twitter: [Mon Jan 16 18:10:02 +0000 2017](https://twitter.com/adulau/status/821056935499800582)) +---- +"Static Detection of DoS Vulnerabilities in Programs that use Regular Expressions" https://arxiv.org/pdf/1701.04045v1.pdf + +(Originally on Twitter: [Tue Jan 17 07:33:30 +0000 2017](https://twitter.com/adulau/status/821259133131390976)) +---- +@__Thanat0s__ See you there ;-) + +(Originally on Twitter: [Tue Jan 17 08:07:53 +0000 2017](https://twitter.com/adulau/status/821267785359773696)) +---- +RT @MISPProject: First version of the Information Sharing Maturity Level (ISML) +http://www.misp-project.org/2017/01/16/Information-Sharing-Maturity-Model.html has been published. Feedback welcom… + +(Originally on Twitter: [Tue Jan 17 15:48:14 +0000 2017](https://twitter.com/adulau/status/821383637165862918)) +---- +So @PalantirTech https://www.flickr.com/photos/doctorow/32215763362/ has a pavilion at the World Economic Forum @Davos and you still think software shouldn't be free? + +(Originally on Twitter: [Tue Jan 17 16:21:33 +0000 2017](https://twitter.com/adulau/status/821392021613056000)) +---- +RT @thorstenholz: Code for our ACSAC'16 paper on "EvilCoder: Automated Bug Insertion" is now available at https://github.com/RUB-SysSec/EvilCoder + +(Originally on Twitter: [Tue Jan 17 17:19:40 +0000 2017](https://twitter.com/adulau/status/821406646161276930)) +---- +RT @MISPProject: MISP 2.4.60 released including the awaited attribute-level tagging feature. https://www.misp.software/2017/01/17/MISP.2.4.60.released.html #ThreatIntelligence ht… + +(Originally on Twitter: [Tue Jan 17 17:20:45 +0000 2017](https://twitter.com/adulau/status/821406920858894387)) +---- +Love to receive promotional emails advertising for artificial intelligence in "cyber security" where my last name is %LASTNAME% #parseordie + +(Originally on Twitter: [Tue Jan 17 18:43:11 +0000 2017](https://twitter.com/adulau/status/821427667241205761)) +---- +Joining an ISAC "The act of three or more people talking or sharing secret tlp:white information among themselves in the same trusted rooms" + +(Originally on Twitter: [Tue Jan 17 21:21:07 +0000 2017](https://twitter.com/adulau/status/821467410851106816)) +---- +@notdan Or the ransomware authors are posting random messages to make his criminal business more acceptable and forcing contact @FourOctets + +(Originally on Twitter: [Wed Jan 18 07:43:10 +0000 2017](https://twitter.com/adulau/status/821623952917270528)) +---- +@X_Cli I'm more interested in the paper from "Japan's National Institute of Informatics" about the fingerprint image extraction. Any ref? + +(Originally on Twitter: [Wed Jan 18 08:08:21 +0000 2017](https://twitter.com/adulau/status/821630292523884544)) +---- +RT @a_z_e_t: NSA posts three key recovery attacks on current CFRG AES-GCM-SIV drafts: https://mailarchive.ietf.org/arch/attach/cfrg/pdfL0pM_N.pdf + +thread: +https://t.co/rT4Y6tP… + +(Originally on Twitter: [Wed Jan 18 19:04:28 +0000 2017](https://twitter.com/adulau/status/821795407642628096)) +---- +@Virgo_no_Kenshi Une ecole autonome sans influence politique ou religieuse hors des normalisations OCDE? C'est une possibilité @WATTENBERGH + +(Originally on Twitter: [Wed Jan 18 19:18:10 +0000 2017](https://twitter.com/adulau/status/821798855649927168)) +---- +@lrz Si c'est pour apprendre des technologies propriétaires, évitons de les introduire à l'école. @Virgo_no_Kenshi @WATTENBERGH + +(Originally on Twitter: [Wed Jan 18 19:40:10 +0000 2017](https://twitter.com/adulau/status/821804392768802817)) +---- +@lrz Peut-être avoir plusieurs milieux d’apprentissage (ex. hackerspace) plutôt qu'une école monolithique. @Virgo_no_Kenshi @WATTENBERGH + +(Originally on Twitter: [Wed Jan 18 19:42:19 +0000 2017](https://twitter.com/adulau/status/821804934639259649)) +---- +Wondering which version of Windows still in use at the @usairforce ? https://twitter.com/USAFCENT/status/822077403346284544 + +(Originally on Twitter: [Thu Jan 19 18:39:49 +0000 2017](https://twitter.com/adulau/status/822151595194544128)) +---- +@patricialopezmg DM me your contact details. + +(Originally on Twitter: [Fri Jan 20 08:56:26 +0000 2017](https://twitter.com/adulau/status/822367167353999360)) +---- +It's always hard for an adversary to set the TCP ISN especially when they write raw packets... #honeypot #infovis (5 minutes sample) ![](media/822546328911810561-C2pEpTeXgAE2sOF.jpg) + +(Originally on Twitter: [Fri Jan 20 20:48:21 +0000 2017](https://twitter.com/adulau/status/822546328911810561)) +---- +RT @SHA2017Badge: Original OHM2013 picture by @adulau - https://www.flickr.com/photos/adulau/9464930917/ + +(Originally on Twitter: [Sat Jan 21 18:41:29 +0000 2017](https://twitter.com/adulau/status/822876787394969601)) +---- +@altquinn hug hug + +(Originally on Twitter: [Sat Jan 21 19:03:37 +0000 2017](https://twitter.com/adulau/status/822882360861532160)) +---- +More on TCP ISN from honeypot captures with some version of Mirai where ISN=dst_ip or many scanners set ISN to 0 -> https://www.foo.be/isn.html ![](media/823196776731672577-C2yS07cXgAAVNQw.png) + +(Originally on Twitter: [Sun Jan 22 15:53:00 +0000 2017](https://twitter.com/adulau/status/823196776731672577)) +---- +@QKaiser I played with @BokehPlots it's a great library - here is the script https://gist.github.com/adulau/e85e315f14a18974a52ef7d195edf9f8 and the tshark command line in comment. + +(Originally on Twitter: [Sun Jan 22 16:06:30 +0000 2017](https://twitter.com/adulau/status/823200174340210688)) +---- +@RobertMLee Nice. Looks like many team members of @MISPProject just ordered it ;-) + +(Originally on Twitter: [Sun Jan 22 16:15:27 +0000 2017](https://twitter.com/adulau/status/823202424844386304)) +---- +RT @MISPProject: MISP 2.4.61 released https://www.misp.software/2017/01/22/MISP.2.4.61.released.html including new features (warning-lists improvements) and critical fixes. #Thre… + +(Originally on Twitter: [Sun Jan 22 19:51:14 +0000 2017](https://twitter.com/adulau/status/823256730511544321)) +---- +@bortzmeyer C'est quoi ce "livre"? + +(Originally on Twitter: [Sun Jan 22 20:06:45 +0000 2017](https://twitter.com/adulau/status/823260636608102400)) +---- +@rafi0t We should do a full batch with many funny sentences with all the known codename. @ahmetasabanci @electrospaces + +(Originally on Twitter: [Sun Jan 22 21:19:52 +0000 2017](https://twitter.com/adulau/status/823279037283975171)) +---- +"To end membership of the United States in the United Nations." https://www.congress.gov/bill/115th-congress/house-bill/193/text It's only a bill but can this pass the Congress? + +(Originally on Twitter: [Mon Jan 23 08:51:10 +0000 2017](https://twitter.com/adulau/status/823453005882200065)) +---- +@cudeso The repo didn't change, these are both in sync. git remote add and will do the job ;-) @MISPProject + +(Originally on Twitter: [Tue Jan 24 07:56:27 +0000 2017](https://twitter.com/adulau/status/823801626481795072)) +---- +RT @Iglocska: @_saadk talking about workflows in @TheHive_Project utilising @MISPProject events at @FIRSTdotOrg . Super impressive stuff! + +(Originally on Twitter: [Tue Jan 24 12:47:33 +0000 2017](https://twitter.com/adulau/status/823874882345779200)) +---- +@asfakian I'm wondering if there will be, at some point, an open source alternative for i2 Analysts' Notebook. + +(Originally on Twitter: [Tue Jan 24 12:54:26 +0000 2017](https://twitter.com/adulau/status/823876614517882880)) +---- +@martijn_grooten I like the idea but maybe a static website (Jekyll) is less risky than a running a full-blown CMS https://www.circl.lu/pub/tr-36/ + +(Originally on Twitter: [Tue Jan 24 19:57:44 +0000 2017](https://twitter.com/adulau/status/823983141039800321)) +---- +@Cyr_ Not sure, I just checked CPU oct2008 and it was only a specific version mentioned. https://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html + +(Originally on Twitter: [Wed Jan 25 10:49:27 +0000 2017](https://twitter.com/adulau/status/824207550589632512)) +---- +@Cyr_ Which is most probably the case for a lot of vendors. If you check the CPE, a majority of vendor just tag it with the latest version. + +(Originally on Twitter: [Wed Jan 25 10:54:29 +0000 2017](https://twitter.com/adulau/status/824208817789562880)) +---- +"The Monkey Wrench Gang" will become a reality with the current resistance of @AltNatParkSer At least, some lights in this sea of ignorance. + +(Originally on Twitter: [Wed Jan 25 13:15:57 +0000 2017](https://twitter.com/adulau/status/824244417573879808)) +---- +@Cyr_ If you check the CPE value, it's more the current/latest version which is specified https://cve.circl.lu/cve/CVE-2017-2972 + +(Originally on Twitter: [Wed Jan 25 13:26:55 +0000 2017](https://twitter.com/adulau/status/824247176540942336)) +---- +@swborders 502 Bad Gateway + +(Originally on Twitter: [Wed Jan 25 18:50:05 +0000 2017](https://twitter.com/adulau/status/824328505257234433)) +---- +@swborders Indeed, here is an OpenPGP key showing the behaviour +3B12 DCC2 82FA 2931 2F5B 709A 09E2 CD49 44E6 CBCD + +(Originally on Twitter: [Wed Jan 25 19:20:59 +0000 2017](https://twitter.com/adulau/status/824336282495176713)) +---- +"Python script designed to perform a quick offline analysis of the boot records used by BIOS" https://github.com/ANSSI-FR/bootcode_parser #dfir + +(Originally on Twitter: [Wed Jan 25 19:34:48 +0000 2017](https://twitter.com/adulau/status/824339760009400321)) +---- +I dreamed of news with malware samples. It's just a dream... "Swedish forces exposed to extensive cyber attack" +http://news.trust.org/item/20170125191030-8ssd2/ + +(Originally on Twitter: [Wed Jan 25 20:38:32 +0000 2017](https://twitter.com/adulau/status/824355798314840064)) +---- +RT @MISPProject: We welcome new contributions in @MISPProject galaxy which can expand "intelligence" https://github.com/MISP/misp-galaxy #ThreatIntel #… + +(Originally on Twitter: [Wed Jan 25 21:19:04 +0000 2017](https://twitter.com/adulau/status/824365997704572928)) +---- +Everyone tried but some did with less success "Dutch secret service tries to recruit Tor-admin" http://www.burojansen.nl/bvd-aivd/dutch-secret-service-tries-to-recruit-tor-admin/ + +(Originally on Twitter: [Wed Jan 25 21:40:19 +0000 2017](https://twitter.com/adulau/status/824371345542840320)) +---- +@droecher At least, the less noisy ones on the HUMINT aspects. + +(Originally on Twitter: [Wed Jan 25 21:51:32 +0000 2017](https://twitter.com/adulau/status/824374169131434000)) +---- +@90n Oui, en effet PBA/Opal ou UEFI. Mais c'est une toujours une base pour démarrer un outil plus évolué. Je suppose qu'il accepte les PR. + +(Originally on Twitter: [Thu Jan 26 05:41:04 +0000 2017](https://twitter.com/adulau/status/824492331831296002)) +---- +@90n Pas de soucis. C'est la fête pour les adversaires avec le mix de standards. Exploiter Opal SSC SED offre aussi des possibilités... + +(Originally on Twitter: [Thu Jan 26 05:50:35 +0000 2017](https://twitter.com/adulau/status/824494725596123136)) +---- +Another example where PGP really works +https://twitter.com/gexcolo/status/823236591862870017 and why it's important to improve OpenPGP standards into a modern cryptosys + +(Originally on Twitter: [Thu Jan 26 19:36:52 +0000 2017](https://twitter.com/adulau/status/824702666689380353)) +---- +Refreshing my 4 hours training session "Malware Classifier From Network Capture" for tomorrow https://github.com/adulau/MalwareClassifier/ @Gephi really improved ![](media/825082181236191232-C3NGdn6XUAQB-40.jpg) + +(Originally on Twitter: [Fri Jan 27 20:44:55 +0000 2017](https://twitter.com/adulau/status/825082181236191232)) +---- +RT @certbund: #Windows Tech #Supportscam - you can either hang up or troll back https://arstechnica.com/information-technology/2017/01/take-your-sweet-time-how-i-scammed-a-tech-support-scammer-for-nearly-two-hours/ Credits @TeamViewer cc @adulau + +(Originally on Twitter: [Fri Jan 27 20:55:08 +0000 2017](https://twitter.com/adulau/status/825084752449277952)) +---- +@certbund Trolling back is such a pleasure especially when gathering more information about their techniques. @TeamViewer @arstechnica + +(Originally on Twitter: [Fri Jan 27 20:56:40 +0000 2017](https://twitter.com/adulau/status/825085137339691012)) +---- +RT @guedou: ShellcodeSmuggler/IAT_POC: POC for IAT Parsing Payloads #reconbrx https://github.com/ShellcodeSmuggler/IAT_POC + +(Originally on Twitter: [Sat Jan 28 17:23:49 +0000 2017](https://twitter.com/adulau/status/825393959157510144)) +---- +RT @GEndignoux: Caradoc now features an interactive console UI https://github.com/ANSSI-FR/caradoc PDF stats, search, obj browsing, stream decoding. Co… + +(Originally on Twitter: [Sun Jan 29 13:48:41 +0000 2017](https://twitter.com/adulau/status/825702205248380928)) +---- +https://crack.sh The World’s Fastest (public) DES Cracker - an evolution compared to EFF "Deep Crack" https://www.foo.be/docs/eff-des-cracker/ #crypto + +(Originally on Twitter: [Sun Jan 29 16:16:35 +0000 2017](https://twitter.com/adulau/status/825739428127731712)) +---- +@blackswanburst You really think so? ;-) @ReverseICS @bsb_ebooks + +(Originally on Twitter: [Sun Jan 29 18:32:40 +0000 2017](https://twitter.com/adulau/status/825773672757592065)) +---- +@blackswanburst @ReverseICS Many people are confused while configuring Ruby code ;-) @bsb_ebooks @__bsb_ebooks__ + +(Originally on Twitter: [Sun Jan 29 18:40:28 +0000 2017](https://twitter.com/adulau/status/825775635352150016)) +---- +@blackswanburst a group of computer scientists might have created a series of @Twitter bots to give social media contact to TSA agents. + +(Originally on Twitter: [Sun Jan 29 19:32:04 +0000 2017](https://twitter.com/adulau/status/825788621210939393)) +---- +So there is a new tcpdump release 4.9.0 fixing more than 40 vulnerabilities https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html but nothing on http://tcpdump.org? + +(Originally on Twitter: [Sun Jan 29 20:11:24 +0000 2017](https://twitter.com/adulau/status/825798519252463616)) +---- +"Open Source Operational Risk: Should Public Blockchains Serve as Financial Market Infrastructures?" https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2879239 + +(Originally on Twitter: [Sun Jan 29 22:35:22 +0000 2017](https://twitter.com/adulau/status/825834750304800770)) +---- +A small important note for the tcpdump vulnerabilities, capturing & recording (-w) is "mainly" not affected. +https://twitter.com/adulau/status/825798519252463616 + +(Originally on Twitter: [Tue Jan 31 09:50:00 +0000 2017](https://twitter.com/adulau/status/826366914465259520)) +---- +RT @alexcpsec: Sage advice from Cliff Stoll about dealing with intruders at #CTISummit (left: "normal", right: his method) https://t.co/Fh3… + +(Originally on Twitter: [Tue Jan 31 17:55:50 +0000 2017](https://twitter.com/adulau/status/826489181148946432)) +---- +@___wr___ goodiff is no more running and should be rewritten from scratch. Dataset is still available. + +(Originally on Twitter: [Tue Jan 31 20:22:49 +0000 2017](https://twitter.com/adulau/status/826526170531430403)) +---- +I still don't get all the fuss about panda in information security and awareness campaigns. For me a panda is https://m.youtube.com/watch?v=lPmbL5G8rJY + +(Originally on Twitter: [Wed Feb 01 11:51:15 +0000 2017](https://twitter.com/adulau/status/826759818903961600)) +---- +RT @Aristot73: General William Devereaux: The Army is a broadsword, not a scalpel. Trust me, senator, you do not want the Army in an Americ… + +(Originally on Twitter: [Wed Feb 01 12:57:24 +0000 2017](https://twitter.com/adulau/status/826776464938954754)) +---- +RT @MISPProject: MISP 2.4.63 released https://www.misp.software/2017/02/01/MISP.2.4.63.released.html A big thanks to @bambenek for improvements in high-volume use-cases. #Threat… + +(Originally on Twitter: [Wed Feb 01 16:13:50 +0000 2017](https://twitter.com/adulau/status/826825898418659329)) +---- +RT @kylemaxwell: "If you don't have notebooks and whiteboards full of drawings, I don't think you can call yourself an analyst". Rob Dartna… + +(Originally on Twitter: [Wed Feb 01 16:40:02 +0000 2017](https://twitter.com/adulau/status/826832492934131713)) +---- +Wondering how we prioritize developments in @MISPProject ? we use #akodice . #ThreatIntel ![](media/827070201581694976-C3pX8tAWQAA3k98.jpg) + +(Originally on Twitter: [Thu Feb 02 08:24:36 +0000 2017](https://twitter.com/adulau/status/827070201581694976)) +---- +RT @netresec: @adulau @MISPProject Monte Carlo algorithms often yield good results! + +(Originally on Twitter: [Thu Feb 02 09:51:45 +0000 2017](https://twitter.com/adulau/status/827092132074835968)) +---- +"... the increased operational focus being placed on undersea clandestine operations." https://fas.org/irp/congress/2016_hr/innovation.pdf p158 #sigint #Intelligence + +(Originally on Twitter: [Thu Feb 02 20:50:13 +0000 2017](https://twitter.com/adulau/status/827257841043992576)) +---- +@X_Cli I'm quite lucky as my colleague (@SteveClement) purchased these for their kickstarter. + +(Originally on Twitter: [Thu Feb 02 20:57:05 +0000 2017](https://twitter.com/adulau/status/827259569072005121)) +---- +"Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations" Anyone already read/review the v2.0? +https://ccdcoe.org/tallinn-manual-20-international-law-applicable-cyber-operations-be-launched.html + +(Originally on Twitter: [Sat Feb 04 20:11:05 +0000 2017](https://twitter.com/adulau/status/827972765776965632)) +---- +Developing open source software for infosec communities is a tedious organic process but this worth it. #threatintel +https://twitter.com/MISPProject/status/827981176715423744 + +(Originally on Twitter: [Sat Feb 04 20:52:40 +0000 2017](https://twitter.com/adulau/status/827983232020865024)) +---- +RT @cynicalsecurity: @aristot73 @adulau once they are done with their missile tests and have a chance to put it in the “usual place” I’m su… + +(Originally on Twitter: [Sun Feb 05 08:47:53 +0000 2017](https://twitter.com/adulau/status/828163220703571969)) +---- +RT @kaitai_io: Hey #FOSDEM, a talk about dissecting binary formats & protocols with #KaitaiStruct is today: https://fosdem.org/2017/schedule/event/om_kaitai/ https:/… + +(Originally on Twitter: [Sun Feb 05 09:31:40 +0000 2017](https://twitter.com/adulau/status/828174240335564800)) +---- +@sans_isc Talking about Pastes you might enjoy the latest status of AIL https://www.first.org/resources/papers/valencia2017/hamm-michael_slides.pdf the slides are now TLP:WHITE @xme + +(Originally on Twitter: [Sun Feb 05 10:26:46 +0000 2017](https://twitter.com/adulau/status/828188108063531008)) +---- +misp-darwin https://github.com/MISP/misp-darwin to automatically translate in natural language technical info from @MISPProject early Work-in-Progress + +(Originally on Twitter: [Sun Feb 05 15:50:11 +0000 2017](https://twitter.com/adulau/status/828269496745889792)) +---- +@mjos_crypto As a historical book on cryptography, it's still valuable. But books from Michal Zalewski are really a must. @mikko @lcamtuf + +(Originally on Twitter: [Sun Feb 05 16:18:55 +0000 2017](https://twitter.com/adulau/status/828276730116706304)) +---- +@DFIR_tools and a second tool to test if the first one works as expected. + +(Originally on Twitter: [Sun Feb 05 19:16:19 +0000 2017](https://twitter.com/adulau/status/828321373994913792)) +---- +cinematography of Molenbeek https://www.flickr.com/photos/adulau/31887744034/ #photography #blackandwhitephotography #Molenbeek + +(Originally on Twitter: [Sun Feb 05 20:17:44 +0000 2017](https://twitter.com/adulau/status/828336829057282048)) +---- +The more I do photography, the more I become allergic to technology in photography. https://www.flickr.com/photos/adulau/32351726280/ #photography #leica + +(Originally on Twitter: [Sun Feb 05 20:59:13 +0000 2017](https://twitter.com/adulau/status/828347270143762432)) +---- +@lcheylus https://github.com/Microsoft/GVFS/issues/9 and take some popcorn while reading the issue. + +(Originally on Twitter: [Mon Feb 06 20:15:50 +0000 2017](https://twitter.com/adulau/status/828698737979568128)) +---- +An analysis of Bitcoin OP_RETURN metadata https://arxiv.org/abs/1702.01024 + +(Originally on Twitter: [Mon Feb 06 21:51:08 +0000 2017](https://twitter.com/adulau/status/828722721148186624)) +---- +RT @WawaSeb: ThX everyone for @MISPProject training @adulau @circl_lu @secin_lu. +It was really interesting. + +(Originally on Twitter: [Tue Feb 07 19:54:40 +0000 2017](https://twitter.com/adulau/status/829055800207302656)) +---- +RT @archillect: ![](media/829307542299885569-C4H73KTWIAYYI11.jpg) + +(Originally on Twitter: [Wed Feb 08 12:35:00 +0000 2017](https://twitter.com/adulau/status/829307542299885569)) +---- +RT @Maliciouslink: I hadn't really ever read through ISO27001/2 before. But now that I have, I understand why the cyber world is a garbage… + +(Originally on Twitter: [Wed Feb 08 18:07:16 +0000 2017](https://twitter.com/adulau/status/829391159457820677)) +---- +@alexcryptan Sure. Check your mailbox ;-) If you need more info, ping me. + +(Originally on Twitter: [Wed Feb 08 19:38:51 +0000 2017](https://twitter.com/adulau/status/829414208097751040)) +---- +@Botconf Thank you very much for your work! @MISPProject @DavidMelons @udgover + +(Originally on Twitter: [Thu Feb 09 08:54:30 +0000 2017](https://twitter.com/adulau/status/829614438659588096)) +---- +RT @giorgiofox: TPMS (Tire Pressure Monitoring System) "wardriving" with #hackrf and portapack with Havoc firmware ![](media/829756226573578240-C31sjtOWMAA0Om0.jpg) + +(Originally on Twitter: [Thu Feb 09 18:17:55 +0000 2017](https://twitter.com/adulau/status/829756226573578240)) +---- +@CyberJocko https://www.amazon.com/Practical-Forensic-Imaging-Securing-Evidence/dp/1593277938 Practical Forensic Imaging: Securing Digital Evidence with Linux Tools + +(Originally on Twitter: [Fri Feb 10 19:01:32 +0000 2017](https://twitter.com/adulau/status/830129591012323329)) +---- +"Reading is our freedom" https://www.flickr.com/photos/adulau/32009941273/ #photography #blackandwhite the positive side of waiting a @SNCB train + +(Originally on Twitter: [Fri Feb 10 19:22:13 +0000 2017](https://twitter.com/adulau/status/830134796324003841)) +---- +If you want to fuzz your various Yara parsers, the best nowadays is to use the enhanced GRIZZLY STEPPE report. @yararules + +(Originally on Twitter: [Sat Feb 11 17:26:02 +0000 2017](https://twitter.com/adulau/status/830467947856486400)) +---- +@cyb3rops Very nice. This could be a great extension to the @MISPProject VT expansion module https://github.com/Neo23x0/Loki/blob/master/tools/vt-checker.py @LeFloatingGhost + +(Originally on Twitter: [Sun Feb 12 10:31:17 +0000 2017](https://twitter.com/adulau/status/830725957598056448)) +---- +Squashfs As A Forensic Container https://www.foo.be/2017/01/Squashfs_As_A_Forensic_Container #DFIR #ForensicScience #infosec + +(Originally on Twitter: [Sun Feb 12 15:02:32 +0000 2017](https://twitter.com/adulau/status/830794221049176066)) +---- +Forensic analysis is often a matter of traces but photography is very close too https://www.flickr.com/photos/adulau/32741079681/ #photography + +(Originally on Twitter: [Sun Feb 12 20:00:24 +0000 2017](https://twitter.com/adulau/status/830869182879133696)) +---- +@HenrikJohansen We have ideas of implementation in MISP to describe the course of action/export BH identifier. @MSwannMSFT @0xdabbad00 + +(Originally on Twitter: [Mon Feb 13 08:22:52 +0000 2017](https://twitter.com/adulau/status/831056031191031812)) +---- +@HenrikJohansen Indeed, our plan is misp-objects soon then you can define more CoA. Feedback welcome. @MSwannMSFT @0xdabbad00 @Iglocska + +(Originally on Twitter: [Mon Feb 13 08:30:27 +0000 2017](https://twitter.com/adulau/status/831057940337532928)) +---- +Don't forget that false positives and false negatives have different impacts when sharing information but it's highly depend of their uses. ![](media/831225081980334083-C4kacbNXUAE-dfY.jpg) + +(Originally on Twitter: [Mon Feb 13 19:34:37 +0000 2017](https://twitter.com/adulau/status/831225081980334083)) +---- +@botherder Did you discuss with @rafi0t ? + +(Originally on Twitter: [Mon Feb 13 20:08:29 +0000 2017](https://twitter.com/adulau/status/831233602843078656)) +---- +Reading HTTP logs is not only a way to discover the WordPress vulnerability scanners but to confirm "society of the spectacle" of Guy Debord + +(Originally on Twitter: [Mon Feb 13 21:29:07 +0000 2017](https://twitter.com/adulau/status/831253897750605824)) +---- +"Adversarial Examples In The Physical World" +https://arxiv.org/pdf/1607.02533.pdf https://www.youtube.com/watch?v=zQ_uMenoBCk #MachineLearning + +(Originally on Twitter: [Tue Feb 14 20:51:21 +0000 2017](https://twitter.com/adulau/status/831606778307579905)) +---- +Don't forget when you read "cyber strategy" replace it with "stack of papers" and you'll understand why adversaries are drinking cocktails. + +(Originally on Twitter: [Tue Feb 14 22:19:56 +0000 2017](https://twitter.com/adulau/status/831629073130467328)) +---- +@pinkflawd We still love you. + +(Originally on Twitter: [Tue Feb 14 22:37:22 +0000 2017](https://twitter.com/adulau/status/831633461270106114)) +---- +Beyond Free Riding: Quality of Indicators for Assessing Participation in Information Sharing for Threat Intelligence https://arxiv.org/pdf/1702.00552.pdf ![](media/831986512610758656-C4vPKjfWMAA5P8t.jpg) + +(Originally on Twitter: [Wed Feb 15 22:00:16 +0000 2017](https://twitter.com/adulau/status/831986512610758656)) +---- +The point one is hilarious "No targeting of companies or critical infrastructure" https://blogs.microsoft.com/on-the-issues/2017/02/14/need-digital-geneva-convention/ But poor human like us can be. + +(Originally on Twitter: [Wed Feb 15 22:17:47 +0000 2017](https://twitter.com/adulau/status/831990917791784960)) +---- +RT @MISPProject: We are not at #RSAC, we don't have sales guys bothering you (as we have nothing to sell) but feel free to pass by at https… + +(Originally on Twitter: [Thu Feb 16 13:38:32 +0000 2017](https://twitter.com/adulau/status/832222634221895681)) +---- +RT @MISPProject: MISP 2.4.66 released with new extended sighting support for expiration and false-positive notification https://t.co/mdOJ02… + +(Originally on Twitter: [Fri Feb 17 17:14:58 +0000 2017](https://twitter.com/adulau/status/832639489969442816)) +---- +@DFIRMarine The idea was more the strategy alone doesn't help without an execution plan (including funding). Papers for the sake of papers. + +(Originally on Twitter: [Fri Feb 17 17:47:31 +0000 2017](https://twitter.com/adulau/status/832647680018898945)) +---- +RT @LaF0rge: @LaF0rge blog post about unintended GSM re-broadcast overr satellite http://laforge.gnumonks.org/blog/20170216-cellular_rebroadcast_over_sat/ + +(Originally on Twitter: [Fri Feb 17 19:03:44 +0000 2017](https://twitter.com/adulau/status/832666862924095488)) +---- +@MalwareJake If you overlay the efficiently of exploits with meterpreter in Base85/encrypted, you need a logscale next to 100%. @CrowdStrike + +(Originally on Twitter: [Sat Feb 18 09:11:51 +0000 2017](https://twitter.com/adulau/status/832880297784008704)) +---- +@Aristot73 @ErrataRob Every day in security, we come back 10 years ago https://www.foo.be/docs/diversity/cyberinsecurity.pdf maybe we should wait for biology to takeover. + +(Originally on Twitter: [Sat Feb 18 11:18:59 +0000 2017](https://twitter.com/adulau/status/832912292463439872)) +---- +@QKaiser Video surveillance where classification is used for detection. The threat is maybe not so present today but in a near future... + +(Originally on Twitter: [Sat Feb 18 15:16:52 +0000 2017](https://twitter.com/adulau/status/832972156573216769)) +---- +Updated @jwz quote "Confronted with a problem? "I know, I'll use blockchain." Now they have two problems." Example> http://roberts.pm/exploit_markets + +(Originally on Twitter: [Sat Feb 18 17:13:27 +0000 2017](https://twitter.com/adulau/status/833001495113170949)) +---- +"On Ladder Logic Bombs in Industrial Control Systems" https://arxiv.org/pdf/1702.05241.pdf #ics #scada + +(Originally on Twitter: [Mon Feb 20 07:52:51 +0000 2017](https://twitter.com/adulau/status/833585191767650304)) +---- +@martinvol IMHO he means the reference that I put earlier to explain the background of some art performance. Glad that we found @andalltha + +(Originally on Twitter: [Tue Feb 21 13:40:39 +0000 2017](https://twitter.com/adulau/status/834035107321217024)) +---- +Welcome to TNC17 "submit their final papers in Word format" https://tnc16.geant.org/includes/tnc16/documents/fullpaper_guidelines2016.doc Maybe it's time to use LaTeX? @GEANTnews + +(Originally on Twitter: [Tue Feb 21 14:52:41 +0000 2017](https://twitter.com/adulau/status/834053233685491712)) +---- +"Rotten Apples or Bad Harvest? What We Are Measuring When We +Are Measuring Abuse" #infosec https://arxiv.org/pdf/1702.01624.pdf ![](media/834161696994373634-C5OJZuhWAAAAqwj.jpg) + +(Originally on Twitter: [Tue Feb 21 22:03:41 +0000 2017](https://twitter.com/adulau/status/834161696994373634)) +---- +RT @electrospaces: NEW: Trump's "beautiful" Oval Office phones and what was changed on them: http://electrospaces.blogspot.com/2017/02/trumps-beautiful-oval-office-phones-and.html ![](media/834278357743317000-C5OQaieW8AAq4vr.jpg) + +(Originally on Twitter: [Wed Feb 22 05:47:15 +0000 2017](https://twitter.com/adulau/status/834278357743317000)) +---- +"LED-it-GO Leaking (a lot of) Data from Air-Gapped Computers via the (small) Hard Drive LED" https://www.arxiv.org/pdf/1702.06715.pdf + +(Originally on Twitter: [Thu Feb 23 07:14:21 +0000 2017](https://twitter.com/adulau/status/834662667415597057)) +---- +Google should add "public" between first and SHA1 - "Announcing the first SHA1 collision" https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html + +(Originally on Twitter: [Thu Feb 23 13:14:45 +0000 2017](https://twitter.com/adulau/status/834753363711516676)) +---- +Trojan of Things: Embedding Malicious NFC Tags into Common Objects +https://arxiv.org/pdf/1702.07124.pdf #ioTsecurity + +(Originally on Twitter: [Fri Feb 24 07:48:55 +0000 2017](https://twitter.com/adulau/status/835033754485800961)) +---- +RT @andreasdotorg: Here's one for the #langsec crowd. CloudFlare used a parser generator named Ragel, they didn't parse manually. + +Bug was… + +(Originally on Twitter: [Fri Feb 24 12:02:39 +0000 2017](https://twitter.com/adulau/status/835097607705870338)) +---- +Bed bugs are everywhere. Maybe playing your favorite EBM song with your SDR equipments might get rid of them . https://mobile.twitter.com/officialmcafee/status/835160583418740737 + +(Originally on Twitter: [Fri Feb 24 16:25:39 +0000 2017](https://twitter.com/adulau/status/835163791411261440)) +---- +RT @MISPProject: MISP 2.4.67 has been released https://www.misp.software/2017/02/24/MISP.2.4.67.released.html including improved sighting, user management and many bug fixes. #Th… + +(Originally on Twitter: [Fri Feb 24 21:05:45 +0000 2017](https://twitter.com/adulau/status/835234282121613312)) +---- +"further to control the content of news and editorial pages through directives distributed in daily conferences" https://www.ushmm.org/wlc/en/article.php?ModuleId=10007655 + +(Originally on Twitter: [Fri Feb 24 21:23:58 +0000 2017](https://twitter.com/adulau/status/835238865539645440)) +---- +I don't ask for bug bounties, fame, cash or even tshirt. I just want a good security point of contact to fix the issues. + +(Originally on Twitter: [Sun Feb 26 09:00:37 +0000 2017](https://twitter.com/adulau/status/835776572615446528)) +---- +@ClausHoumann @zeroXten @Peerlyst Don't forget to commit the list on github and make it available under CC-0 licensing ;-) + +(Originally on Twitter: [Sun Feb 26 12:29:31 +0000 2017](https://twitter.com/adulau/status/835829144013385728)) +---- +@jimhalfpenny @zeroXten At least a way to easily gather PoC/abuse contacts (Product CSIRT, CSIRT, abuse, privacy) via TXT rec @ClausHoumann + +(Originally on Twitter: [Sun Feb 26 14:02:49 +0000 2017](https://twitter.com/adulau/status/835852623743967237)) +---- +I just applied for the DNS Measurements Hackathon by @RIPE_Atlas Passive DNS can be improved with Atlas sensors. +https://twitter.com/RIPE_Atlas/status/836159642279477248 + +(Originally on Twitter: [Mon Feb 27 10:54:59 +0000 2017](https://twitter.com/adulau/status/836167742524960768)) +---- +@k8em0 It's a great step. The issue with ISO is the restricted distribution model. Could we translate ISO29147 to an IETF I-D? @zeroXten + +(Originally on Twitter: [Mon Feb 27 11:38:34 +0000 2017](https://twitter.com/adulau/status/836178708339752960)) +---- +RT @alexanderjaeger: Who is doing incident response pro bono? https://github.com/deralexxx/awesome-incident-response-pro-bono Please RT to get more in the list. + +(Originally on Twitter: [Mon Feb 27 12:37:54 +0000 2017](https://twitter.com/adulau/status/836193639554498561)) +---- +Look at layer 2 packets on VPS, these are full of surprises like IP addresses. Set an IP as alias from the pool & then ping. #cloudsecurity + +(Originally on Twitter: [Mon Feb 27 20:08:18 +0000 2017](https://twitter.com/adulau/status/836306986316759042)) +---- +Don't forget stability/security of an ecosystem (or a network of systems) increases by their diversity. Dan Geer -> http://queue.acm.org/detail.cfm?id=1242500 + +(Originally on Twitter: [Tue Feb 28 21:40:17 +0000 2017](https://twitter.com/adulau/status/836692525448589312)) +---- +RT @MISPProject: A privacy-aware exchange module to securely and privately share your indicators from MISP. https://github.com/MISP/misp-privacy-aware-exchange alpha v… + +(Originally on Twitter: [Wed Mar 01 13:30:28 +0000 2017](https://twitter.com/adulau/status/836931647396261889)) +---- +Support from the European Commission? I hope the journalist mixed up LE requests versus weakening crypto-systems. https://www.theregister.co.uk/2017/02/28/german_french_ministers_breaking_encryption/?mt=1488435198269 + +(Originally on Twitter: [Thu Mar 02 06:18:11 +0000 2017](https://twitter.com/adulau/status/837185244155412480)) +---- +RT @circl_lu: AIL Framework Analysis Information Leak Framework https://www.first.org/conference/2017/program#pail-framework-analysis-information-leak-framework will be presented at @FIRSTdotOrg conference @adula… + +(Originally on Twitter: [Thu Mar 02 08:30:04 +0000 2017](https://twitter.com/adulau/status/837218437743009793)) +---- +RT @kberlin: Please checkout @joshua_saxe and my new paper on featureless malware detection https://arxiv.org/abs/1702.08568 + +(Originally on Twitter: [Fri Mar 03 06:56:19 +0000 2017](https://twitter.com/adulau/status/837557230882824192)) +---- +ste-GAN-ography: Generating Steganographic Images via Adversarial +Training https://arxiv.org/pdf/1703.00371.pdf + +(Originally on Twitter: [Fri Mar 03 08:57:54 +0000 2017](https://twitter.com/adulau/status/837587826288050178)) +---- +@nextleap2020 Will you share the slides deck? Thank you @IOActive @IMDEA_Software + +(Originally on Twitter: [Fri Mar 03 10:34:42 +0000 2017](https://twitter.com/adulau/status/837612187560607745)) +---- +@ReverseICS and don't misstype your RFC-1918 addresses https://www.circl.lu/assets/files/circl-blackhole-honeynetworkshop2014.pdf in your resolver too... + +(Originally on Twitter: [Sun Mar 05 15:30:07 +0000 2017](https://twitter.com/adulau/status/838411307430850560)) +---- +RT @MISPProject: MISP objects will be soon in MISP core, so we work on new objects like DDoS https://github.com/MISP/misp-objects/blob/master/objects/ddos/definition.json https://t.co/Umw2MbBNy… + +(Originally on Twitter: [Sun Mar 05 16:22:56 +0000 2017](https://twitter.com/adulau/status/838424601004761088)) +---- +What's the state in EU for these infras? "Green Lights Forever: Analyzing the Security of Traffic Infrastructure" +https://jhalderm.com/pub/papers/traffic-woot14.pdf + +(Originally on Twitter: [Sun Mar 05 16:39:46 +0000 2017](https://twitter.com/adulau/status/838428835783794690)) +---- +RT @nextleap2020: .@adulau @IOActive @IMDEA_Software https://drop.unixcorn.org/f.php?h=0DjLivCb&d=1 link is active for one week. We will put it on our website lat… + +(Originally on Twitter: [Tue Mar 07 09:28:11 +0000 2017](https://twitter.com/adulau/status/839045002084896772)) +---- +I need to update my malware author recommendations https://www.sstic.org/media/SSTIC2013/SSTIC-actes/conf_invit2_j3_2013/SSTIC2013-Slides-conf_invit2_j3_2013-dulaunoy.pdf with the recent input from @CIA https://wikileaks.org/ciav7p1/cms/page_14587109.html thanks. + +(Originally on Twitter: [Tue Mar 07 16:06:58 +0000 2017](https://twitter.com/adulau/status/839145356923400193)) +---- +Want to provide some persistence for your shiny malware after OS reinstall? "Persistent storage option using UEFI" +https://wikileaks.org/ciav7p1/cms/page_31227915.html + +(Originally on Twitter: [Tue Mar 07 16:21:25 +0000 2017](https://twitter.com/adulau/status/839148994475479040)) +---- +RT @jeremiahg: "Comodo was defeated by CIA malware placing itself in the Window's "Recycle Bin.” + +Lol. + +(Originally on Twitter: [Tue Mar 07 19:52:30 +0000 2017](https://twitter.com/adulau/status/839202115348271104)) +---- +RT @MICSELu: Inspiring @pinkflawd: Pick challenging tasks, do difficult things, stick to it, practise, stay hungry, stay humble, trust Yoda… + +(Originally on Twitter: [Wed Mar 08 12:11:51 +0000 2017](https://twitter.com/adulau/status/839448577281773569)) +---- +RT @S_Team_Approved: @gbillois voir la très bonne présentation de @adulau de @circl_lu https://twitter.com/adulau/status/839145356923400193 + +(Originally on Twitter: [Wed Mar 08 20:25:07 +0000 2017](https://twitter.com/adulau/status/839572712238563328)) +---- +RT @MISPProject: MISP 2.4.68 released including multiple bug fixes and improvements. +https://www.misp.software/2017/03/08/MISP.2.4.68.released.html the last release before the aw… + +(Originally on Twitter: [Wed Mar 08 21:57:45 +0000 2017](https://twitter.com/adulau/status/839596023500660737)) +---- +While you were doing your cyber security exercise, your outdated WordPress install got compromised. #infosec + +(Originally on Twitter: [Thu Mar 09 22:35:34 +0000 2017](https://twitter.com/adulau/status/839967928015552513)) +---- +"Recommendations ... for Integrated Approaches to Cyber Defense" but @NATO underestimates open source soft potential https://arxiv.org/pdf/1703.03306.pdf ![](media/840111381621821441-C6irlRtU0AILIgD.jpg) + +(Originally on Twitter: [Fri Mar 10 08:05:36 +0000 2017](https://twitter.com/adulau/status/840111381621821441)) +---- +RT @pidgeyL: The new #CVESearch API is available for testing: https://github.com/PidgeyL/cve-search +Please report any bugs, so we can fix them before rel… + +(Originally on Twitter: [Fri Mar 10 15:59:31 +0000 2017](https://twitter.com/adulau/status/840230646278676484)) +---- +RT @UlfFrisk: PCILeech v1.5 released! Stable generic Win10 signature based on HAL exploitation. Initial "Creators Update" support. +https://… + +(Originally on Twitter: [Sat Mar 11 11:52:48 +0000 2017](https://twitter.com/adulau/status/840530947481174017)) +---- +@didierheck @Gameofcode_lu @SAP_Belgium I hope they won't have to deal with the proprietary crap from various vendors and use open source. + +(Originally on Twitter: [Mon Mar 13 16:25:17 +0000 2017](https://twitter.com/adulau/status/841324294714060800)) +---- +I suppose that finding a sample or hash is left as an exercise to the reader? "PROTON - A New MAC OS RAT" https://www.cybersixgill.com/wp-content/uploads/2017/02/02072017%20-%20Proton%20-%20A%20New%20MAC%20OS%20RAT%20-%20Sixgill%20Threat%20Report.pdf + +(Originally on Twitter: [Mon Mar 13 20:05:13 +0000 2017](https://twitter.com/adulau/status/841379640488927236)) +---- +@npua over ssh? Is the Nagle algorithm still needed? + +(Originally on Twitter: [Mon Mar 13 21:20:34 +0000 2017](https://twitter.com/adulau/status/841398603126038528)) +---- +RT @hack_lu: 1st Open Source Security Software Hackathon will bring developers of security tools together. https://hackathon.hack.lu/ Join us… + +(Originally on Twitter: [Tue Mar 14 16:44:13 +0000 2017](https://twitter.com/adulau/status/841691448236003328)) +---- +There is a fundamental issue when discussions are more around the format used than the actual information exchanged. #ThreatIntel + +(Originally on Twitter: [Tue Mar 14 22:31:28 +0000 2017](https://twitter.com/adulau/status/841778834991128582)) +---- +@workentin Indeed. If you have a simple and functional exchange format in place, the focus is about the information being or to be shared. + +(Originally on Twitter: [Wed Mar 15 05:38:24 +0000 2017](https://twitter.com/adulau/status/841886275082833920)) +---- +Bug bounties are fueling the economy of the market for vulnerabilities. Everything positive has a negative side. + +(Originally on Twitter: [Wed Mar 15 21:26:25 +0000 2017](https://twitter.com/adulau/status/842124854358880256)) +---- +RT @travisgoodspeed: PoC||GTFO 14 will be released on paper in Heidelberg, Canberra, and Miami. It has sixty pages, and its MD5 hash is on… + +(Originally on Twitter: [Wed Mar 15 21:26:35 +0000 2017](https://twitter.com/adulau/status/842124895718907907)) +---- +"Malicious URL Detection using Machine Learning: A Survey" https://arxiv.org/pdf/1701.07179.pdf Wondering how many are still in large-scale use? + +(Originally on Twitter: [Fri Mar 17 16:42:36 +0000 2017](https://twitter.com/adulau/status/842778205320859648)) +---- +Don't forget that @volatility has dot export for many analysis plugins then you can use @Gephi to make your memory analysis more accessible. ![](media/842845338851561473-C7JiGY1X0AA9Kl1.jpg) + +(Originally on Twitter: [Fri Mar 17 21:09:22 +0000 2017](https://twitter.com/adulau/status/842845338851561473)) +---- +"117 A secret living thing kept and fed in an old house" +https://www.flickr.com/photos/adulau/33516349715/ using the H.P. Lovecraft commonplace book for #photography + +(Originally on Twitter: [Sat Mar 18 21:02:53 +0000 2017](https://twitter.com/adulau/status/843206096043020288)) +---- +. @Jon_Creasey I added the visualisation in my quick introduction to Incident Response and Memory Forensic https://www.foo.be/cours/dess-20162017/pub/incident-response.pdf @attrc + +(Originally on Twitter: [Sun Mar 19 11:36:07 +0000 2017](https://twitter.com/adulau/status/843425851706429440)) +---- +@mikko When you purchase the used cars? How are you supposed to verify? Using a software/hw embedded? @BoschIotLab @ethereumproject + +(Originally on Twitter: [Sun Mar 19 14:28:21 +0000 2017](https://twitter.com/adulau/status/843469195782373378)) +---- +@AubeavecHamon Et le parlement européen avec ses élus directs? Pourquoi ne pas donner plus de pouvoir au PE à la place. @benoithamon + +(Originally on Twitter: [Sun Mar 19 15:56:23 +0000 2017](https://twitter.com/adulau/status/843491348938416128)) +---- +I feel younger everyday when I plug a new system on Internet. TCP/23 telnet port is scanned like in the nineties. + +(Originally on Twitter: [Sun Mar 19 18:46:53 +0000 2017](https://twitter.com/adulau/status/843534257490477056)) +---- +@BE_Satcom Just wondering, could it be MF-TDMA? + +(Originally on Twitter: [Sun Mar 19 19:59:06 +0000 2017](https://twitter.com/adulau/status/843552428410716161)) +---- +@S_Team_Approved I fear the classical fight between "compliance" versus concrete security. + +(Originally on Twitter: [Tue Mar 21 20:51:15 +0000 2017](https://twitter.com/adulau/status/844290328182079488)) +---- +@S_Team_Approved processor(s) and controller(s). It's where the fun beginning both can be responsible. #pingpong @metaconflict + +(Originally on Twitter: [Tue Mar 21 21:18:46 +0000 2017](https://twitter.com/adulau/status/844297253661691904)) +---- +@S_Team_Approved IMHO the legal framework won't improve anything. Personal data processing is huge and becoming bigger every second. + +(Originally on Twitter: [Tue Mar 21 21:24:28 +0000 2017](https://twitter.com/adulau/status/844298691267739649)) +---- +@martijn_grooten I won't trust the hex editor. It might play random music or even talk some "crypto Belgian memes" @angealbertini @doegox + +(Originally on Twitter: [Tue Mar 21 21:27:18 +0000 2017](https://twitter.com/adulau/status/844299401778659328)) +---- +@metaconflict Secure your processing, read & analyse your logs and take incident response seriously. Compliance follows... @S_Team_Approved + +(Originally on Twitter: [Tue Mar 21 21:31:11 +0000 2017](https://twitter.com/adulau/status/844300378824957952)) +---- +@S_Team_Approved If some security principles are brand new. The issue is not the GDPR but the security posture of the organisation. + +(Originally on Twitter: [Tue Mar 21 21:32:22 +0000 2017](https://twitter.com/adulau/status/844300676876394498)) +---- +Nice to see @GitHub allowing copyright assignment to free software authors. 16 years ago, I tried too ;-) https://www.foo.be/librecontrat/ + +(Originally on Twitter: [Tue Mar 21 22:00:31 +0000 2017](https://twitter.com/adulau/status/844307761924132865)) +---- +@S_Team_Approved New security principles? I suppose Saltzer and Schroeder won't like this. http://www.cs.virginia.edu/~evans/cs551/saltzer/ (1975) + +(Originally on Twitter: [Tue Mar 21 22:04:15 +0000 2017](https://twitter.com/adulau/status/844308702723293184)) +---- +RT @certlv: We are inviting you to submit proposals to our annual Cybersecurity conference "Cyberchess 2017" https://cert.lv/en/2017/03/call-for-papers-cybersecurity-conference-cyberchess-2017 + +(Originally on Twitter: [Wed Mar 22 08:46:59 +0000 2017](https://twitter.com/adulau/status/844470448448557056)) +---- +@electrospaces In estimative language, can we say "Likely - probable - 55-80%" or even "Very likely - highly probable - 80-95%"? + +(Originally on Twitter: [Wed Mar 22 09:31:27 +0000 2017](https://twitter.com/adulau/status/844481640474836992)) +---- +Just did new @MISPProject objects for info leak (AIL) and geolocation https://github.com/MISP/misp-objects/blob/master/objects/ail-leak/definition.json https://github.com/MISP/misp-objects/tree/master/objects feedback - PR welcome + +(Originally on Twitter: [Wed Mar 22 09:43:25 +0000 2017](https://twitter.com/adulau/status/844484652010274816)) +---- +"Dissecting Ponzi schemes on Ethereum: identification, analysis, and impact" https://arxiv.org/pdf/1703.03779.pdf + +(Originally on Twitter: [Wed Mar 22 15:26:37 +0000 2017](https://twitter.com/adulau/status/844571022561099776)) +---- +@TrisAcatrinei Il lui reste combien d'exemplaires de l'Insurrection qui vient ? @laurentchemla + +(Originally on Twitter: [Wed Mar 22 20:18:35 +0000 2017](https://twitter.com/adulau/status/844644495186673664)) +---- +A standard without a single implementation is a storyboard which is never filmed. + +(Originally on Twitter: [Wed Mar 22 21:27:14 +0000 2017](https://twitter.com/adulau/status/844661772904730624)) +---- +RT @cbrocas: FAME, @MISPProject , YETI, @TheHive_Project, FIR ... when #freesoftware and cooperation lead DFIR! Congrats @tomchop_ @adulau… + +(Originally on Twitter: [Thu Mar 23 05:35:28 +0000 2017](https://twitter.com/adulau/status/844784639520653312)) +---- +RT @Aristot73: @adulau but still art :) +do checkout Jodorowsky's Dune https://en.m.wikipedia.org/wiki/Jodorowsky's_Dune + +(Originally on Twitter: [Thu Mar 23 05:35:47 +0000 2017](https://twitter.com/adulau/status/844784720273551360)) +---- +RT @rafi0t: "Information sharing isn't sexy, there is no money, and when you do it, everyone hates you" - @marasawr on terrorism #TR17 + +(Originally on Twitter: [Thu Mar 23 09:55:58 +0000 2017](https://twitter.com/adulau/status/844850199440764928)) +---- +@x0rz https://github.com/ufrisk/pcileech + +(Originally on Twitter: [Thu Mar 23 13:31:50 +0000 2017](https://twitter.com/adulau/status/844904522245980160)) +---- +RT @swagitda_: "Vendors like having really classy leaflets containing nothing." 😂 - .@rafi0t & .@pinkflawd on vendors & indicator feeds #TR… + +(Originally on Twitter: [Thu Mar 23 13:51:37 +0000 2017](https://twitter.com/adulau/status/844909501941796865)) +---- +Don't forget that you cannot use "disclosure" as a metric when some companies are not disclosing. They only outperform at non-disclosing. + +(Originally on Twitter: [Thu Mar 23 16:18:21 +0000 2017](https://twitter.com/adulau/status/844946428631896064)) +---- +RT @rossjanderson: How many of today's cars will still be getting security patches by then? We can't even patch phones for 2 years let alon… + +(Originally on Twitter: [Fri Mar 24 05:46:27 +0000 2017](https://twitter.com/adulau/status/845149793366163457)) +---- +RT @certbund: Feel free to use our #MISP Yara-Exporter for THOR APT Scanner https://github.com/BSI-CERT-Bund/yara-exporter @thor_scanner @MISPProject thanks @0x3c7 + +(Originally on Twitter: [Fri Mar 24 09:39:36 +0000 2017](https://twitter.com/adulau/status/845208468625805312)) +---- +@letsencrypt Why don't you release a daily dump of all (full) certificates issued? It would be useful for security research and DFIR. + +(Originally on Twitter: [Fri Mar 24 10:53:14 +0000 2017](https://twitter.com/adulau/status/845226997374734337)) +---- +@shrekts full certificate is the way to go ;-) + +(Originally on Twitter: [Fri Mar 24 11:35:28 +0000 2017](https://twitter.com/adulau/status/845237626441469952)) +---- +@shrekts It's not only the hashes/signatures? + +(Originally on Twitter: [Fri Mar 24 12:29:02 +0000 2017](https://twitter.com/adulau/status/845251108314533888)) +---- +OpenSSL re-licensing approach is broken "If we do not hear from you, we will assume that you have no objection." +https://marc.info/?l=openbsd-tech&m=149028593819547&w=2 + +(Originally on Twitter: [Fri Mar 24 21:53:05 +0000 2017](https://twitter.com/adulau/status/845393054248980482)) +---- +. @pombr That's why we have VIA4CVE https://github.com/cve-search/VIA4CVE which expands http://cve-search.org data - #FOSS needs open data. @pidgeyL + +(Originally on Twitter: [Sat Mar 25 05:44:05 +0000 2017](https://twitter.com/adulau/status/845511583983943681)) +---- +@quinnnorton I know how it will end up. Chocolate is from Australia and the fries are from Moscow. + +(Originally on Twitter: [Sat Mar 25 13:59:31 +0000 2017](https://twitter.com/adulau/status/845636266280542208)) +---- +This release showed the strength of open source. A great bug hunting session with @alexanderjaeger @Iglocska https://twitter.com/MISPProject/status/846074341917888513 + +(Originally on Twitter: [Sun Mar 26 19:09:03 +0000 2017](https://twitter.com/adulau/status/846076549648580609)) +---- +RT @TheHive_Project: An analyzer use case to highlight a fixed issue with the all-in-one binary package http://blog.thehive-project.org/2017/03/27/buckfast-1-and-cortex-all-in-one-package https://t.c… + +(Originally on Twitter: [Mon Mar 27 11:27:37 +0000 2017](https://twitter.com/adulau/status/846322814290407424)) +---- +@vagnerpilar @volatility @Gephi Sure, here is the slide deck I gave for the training https://www.foo.be/cours/dess-20162017/pub/incident-response.pdf + +(Originally on Twitter: [Mon Mar 27 17:35:23 +0000 2017](https://twitter.com/adulau/status/846415367559921665)) +---- +. @TheHive_Project just joined for the Open Source Security Software Hackathon 2-3 May 2017 - will you join us? https://hackathon.hack.lu/ + +(Originally on Twitter: [Mon Mar 27 21:12:02 +0000 2017](https://twitter.com/adulau/status/846469889451810817)) +---- +@pombr @TheHive_Project Just register and come over ;-) https://hackathon.hack.lu/practical/ + +(Originally on Twitter: [Mon Mar 27 21:17:03 +0000 2017](https://twitter.com/adulau/status/846471150070910978)) +---- +@pombr Hotels in Kirchberg are close to the event location. City center hotels are fine too. Many buses to/from Kirchberg. + +(Originally on Twitter: [Tue Mar 28 06:10:30 +0000 2017](https://twitter.com/adulau/status/846605395858788352)) +---- +A clever use of Bloom filter to have compact local db of certificate revocation. http://www.ccs.neu.edu/home/cbw/static/pdf/larisch-oakland17.pdf + +(Originally on Twitter: [Wed Mar 29 05:56:59 +0000 2017](https://twitter.com/adulau/status/846964385071423489)) +---- +RT @decalage2: #oletools: just improved rtfobj to handle malformed RTF files as shown in http://blog.talosintelligence.com/2017/03/how-malformed-rtf-defeats-security.html - How to update: https://t… + +(Originally on Twitter: [Thu Mar 30 05:24:42 +0000 2017](https://twitter.com/adulau/status/847318645936082945)) +---- +Page 16: An interesting budget overview of the Finnish IC (where does the revenues part come from?) http://www.supo.fi/instancedata/prime_product_julkaisu/intermin/embeds/supowwwstructure/72829_SUPO_2016_ENG.pdf #intel + +(Originally on Twitter: [Thu Mar 30 07:16:02 +0000 2017](https://twitter.com/adulau/status/847346663635034112)) +---- +@Iglocska I was not sleeping just resting in the field. https://www.flickr.com/photos/adulau/33626519996/ @cvandeplas + +(Originally on Twitter: [Thu Mar 30 15:50:58 +0000 2017](https://twitter.com/adulau/status/847476253552656385)) +---- +I'm sure (with @MISPProject OSINT) you can correlate the time of publication of AV vendors public reports with security conferences dates. + +(Originally on Twitter: [Thu Mar 30 16:12:17 +0000 2017](https://twitter.com/adulau/status/847481618168139777)) +---- +@Iglocska Oh shit, I'm unmasked. @cvandeplas + +(Originally on Twitter: [Thu Mar 30 16:17:04 +0000 2017](https://twitter.com/adulau/status/847482821815840771)) +---- +@Aristot73 While reading this, I immediately thought of this https://w2.eff.org/Censorship/Internet_censorship_bills/barlow_0296.declaration we are always back to the State’s sovereignty discussion. ![](media/847542045715693569-C8MQhsRXgAAWrPN.jpg) + +(Originally on Twitter: [Thu Mar 30 20:12:24 +0000 2017](https://twitter.com/adulau/status/847542045715693569)) +---- +RT @Aristot73: TIL "Qui peut et n'empêche pèche" - +Cyber-Attacks – Prevention-Reactions: The Role of States and Private Actors +https://t.c… + +(Originally on Twitter: [Thu Mar 30 20:12:34 +0000 2017](https://twitter.com/adulau/status/847542087222525957)) +---- +@Aristot73 But does this make sense? when CNE tool storage is hosted in another country, CPU execution in another and router at an IX from another one? + +(Originally on Twitter: [Thu Mar 30 20:26:19 +0000 2017](https://twitter.com/adulau/status/847545546067804160)) +---- +@Aristot73 It's indeed very good (especially some footnotes ;-) and the references are also very exhaustive. But the hack-back doctrine remains risky. + +(Originally on Twitter: [Thu Mar 30 20:33:50 +0000 2017](https://twitter.com/adulau/status/847547437652856835)) +---- +Discussing with @Aristot73 while reading a common paper, IMHO there is an opportunity for a real-time PDF annotation software with twitter. + +(Originally on Twitter: [Thu Mar 30 20:39:05 +0000 2017](https://twitter.com/adulau/status/847548757596151809)) +---- +RT @LeFloatingGhost: We now have TAXII -> MISP sync working! + +https://github.com/MISP/MISP-Taxii-Server/ + + +media/847780797604139008-C8PNwARVYAIkdlg.mp4 + +(Originally on Twitter: [Fri Mar 31 12:01:07 +0000 2017](https://twitter.com/adulau/status/847780797604139008)) +---- +It looks like the EU commission wants to kill the @DSMeu +"EU to propose new rules targeting encrypted apps" +https://www.euractiv.com/section/data-protection/news/eu-to-propose-new-rules-on-police-access-to-encrypted-data-in-june/ + +(Originally on Twitter: [Fri Mar 31 12:46:55 +0000 2017](https://twitter.com/adulau/status/847792320321867776)) +---- +@haxelion @UrLabBxl Licensing and CTF? What's the relationship between the two in this case? @doegox + +(Originally on Twitter: [Fri Mar 31 12:49:04 +0000 2017](https://twitter.com/adulau/status/847792863178096640)) +---- +@doegox @haxelion @UrLabBxl Oh man... Is the license AGPL? This would be even more fun for them. + +(Originally on Twitter: [Fri Mar 31 12:57:33 +0000 2017](https://twitter.com/adulau/status/847794996988321792)) +---- +@chrisdoman @swannysec @alienvault Nice work! Glad that you use the @MISPProject galaxy and clusters. Feedback and updates more than welcome. + +(Originally on Twitter: [Fri Mar 31 15:29:30 +0000 2017](https://twitter.com/adulau/status/847833236789231616)) +---- +@seamustuohy The document looks like a CTF challenge with a series of matroesjka within a set of obscure classification scheme. Then to see a screenshot. + +(Originally on Twitter: [Sat Apr 01 07:51:54 +0000 2017](https://twitter.com/adulau/status/848080468193026048)) +---- +@Iglocska @LeFloatingGhost The hills? I suppose you mean these ones https://www.flickr.com/photos/adulau/27622621884/ I let you choose which hill with either me, 🐻 or @OASISopen ;-) + +(Originally on Twitter: [Sat Apr 01 08:04:30 +0000 2017](https://twitter.com/adulau/status/848083639334301697)) +---- +The 1st April of http://phrack.org is quite good https://twitter.com/4Dgifts/status/847859442163036162 + +(Originally on Twitter: [Sat Apr 01 08:12:30 +0000 2017](https://twitter.com/adulau/status/848085652042338304)) +---- +RT @AlecMuffett: Literally cannot decide for myself whether this is intentional social commentary or just plain surveillance? https://t.co/… + +(Originally on Twitter: [Sat Apr 01 10:16:06 +0000 2017](https://twitter.com/adulau/status/848116755771863040)) +---- +@Bry_Campbell I saw a similar trend in passive dns where more typosquatters suffix a decimal value. Wondering if there is a reasoning behind. + +(Originally on Twitter: [Sat Apr 01 10:32:10 +0000 2017](https://twitter.com/adulau/status/848120798078533633)) +---- +"HVACKer: Bridging the Air - Gap by Attacking the Air Conditioning System" https://arxiv.org/pdf/1703.10454.pdf thermal communication protocol... + +(Originally on Twitter: [Sat Apr 01 12:16:48 +0000 2017](https://twitter.com/adulau/status/848147129285705728)) +---- +When I took this photography https://www.flickr.com/photos/adulau/33772637245/ I thought of how @archillect would looks like in the physical world. ![](media/848158655014879232-C8VDUMIXsAA3yGm.jpg) + +(Originally on Twitter: [Sat Apr 01 13:02:36 +0000 2017](https://twitter.com/adulau/status/848158655014879232)) +---- +To my French-speaking followers working as analyst, what's the equivalence language of the US estimative language ICD 203 in French? + +(Originally on Twitter: [Sat Apr 01 20:53:47 +0000 2017](https://twitter.com/adulau/status/848277232657321984)) +---- +@pombr In French. + +(Originally on Twitter: [Sun Apr 02 05:56:48 +0000 2017](https://twitter.com/adulau/status/848413887162699776)) +---- +@pombr Just perfect (p14). I'll add it as @mispproject taxonomy for french-speaking analysts. + +(Originally on Twitter: [Sun Apr 02 15:04:41 +0000 2017](https://twitter.com/adulau/status/848551766119636993)) +---- +RT @veorq: sponge functions are collapsing! (a good thing) +(is this a new thing to add a ToC and index to your research paper?) https://t.c… + +(Originally on Twitter: [Mon Apr 03 16:06:56 +0000 2017](https://twitter.com/adulau/status/848929822529257472)) +---- +RT @netresec: Which top 1M domain list is the best whitelist for #ThreatHunting? +Read our benchmark of Alexa vs Cisco Umbrella. +https://t.c… + +(Originally on Twitter: [Mon Apr 03 17:25:57 +0000 2017](https://twitter.com/adulau/status/848949704826245120)) +---- +@pombr @MISPProject Done and available in @MISPProject https://github.com/MISP/misp-taxonomies/blob/master/vocabulaire-des-probabilites-estimatives/machinetag.json Just discover that the table from Canada is not fully mapping ICD 203 table. + +(Originally on Twitter: [Mon Apr 03 17:39:03 +0000 2017](https://twitter.com/adulau/status/848953002878795776)) +---- +"A Study of MAC Address Randomization in Mobile Devices and +When it Fails" https://arxiv.org/pdf/1703.02874.pdf + +(Originally on Twitter: [Mon Apr 03 17:50:49 +0000 2017](https://twitter.com/adulau/status/848955963457638401)) +---- +RT @karpathy: "Personally, I do not trust paper results at all. I tend to read papers for inspiration" A correct rant. https://t.co/mQOY7hj… + +(Originally on Twitter: [Tue Apr 04 13:40:28 +0000 2017](https://twitter.com/adulau/status/849255348045328385)) +---- +RT @rh0main: Glad to open-source with @quarkslab LIEF: a library to parse and manipulate executable formats: http://lief.quarkslab.com/ + +(Originally on Twitter: [Tue Apr 04 13:43:15 +0000 2017](https://twitter.com/adulau/status/849256051228725248)) +---- +@e_kaspersky 43.3% where is the remaining (56.7%) source of malware for ICS? + +(Originally on Twitter: [Tue Apr 04 20:31:07 +0000 2017](https://twitter.com/adulau/status/849358691782598656)) +---- +@thegrugq And all these messaging solutions were supposedly easier (and sometime safer) than using email and OpenPGP. /sarcasm on + +(Originally on Twitter: [Wed Apr 05 05:29:11 +0000 2017](https://twitter.com/adulau/status/849494104375533569)) +---- +RT @electrospaces: Inside the British signals intelligence agency #GCHQ, with Nortel M3900-series and Cisco 9900-series telephone sets: htt… + +(Originally on Twitter: [Wed Apr 05 19:47:26 +0000 2017](https://twitter.com/adulau/status/849710086654222336)) +---- +RT @malwaregroup: Automated static malware analysis & indicator extraction using @radareorg & @neo4j by @pinkflawd / @rafi0t https://t.co/v… + +(Originally on Twitter: [Thu Apr 06 06:04:20 +0000 2017](https://twitter.com/adulau/status/849865337113899008)) +---- +RT @MISPProject: @tuxpanik @circl_lu @GemaltoFrance Thank you, Julien! It was great to meet many clever users & contributors to MISP. If so… + +(Originally on Twitter: [Thu Apr 06 06:04:34 +0000 2017](https://twitter.com/adulau/status/849865393925697536)) +---- +To summarize the discussions of yesterday. All tor exit nodes are evil except the ones I operate. + +(Originally on Twitter: [Thu Apr 06 06:45:09 +0000 2017](https://twitter.com/adulau/status/849875608058384384)) +---- +RT @rafi0t: Great article about #CIRCLean #KittenGroomer by @dputtick : http://danielputtick.com/circlean.html + +(Originally on Twitter: [Thu Apr 06 10:27:36 +0000 2017](https://twitter.com/adulau/status/849931588062281729)) +---- +RT @__phw: We published our analysis of ten years worth of archived #Tor relay RSA keys: https://nymity.ch/anomalous-tor-keys/ + +(Originally on Twitter: [Thu Apr 06 12:47:15 +0000 2017](https://twitter.com/adulau/status/849966733410652160)) +---- +chemical safari https://www.flickr.com/photos/adulau/33879971165/ #photography #StreetArt + +(Originally on Twitter: [Thu Apr 06 19:18:55 +0000 2017](https://twitter.com/adulau/status/850065301542756352)) +---- +@malwaregroup @yararules Nice. We will do a @MISPProject object https://github.com/MISP/misp-objects/tree/master/objects which makes sense as we could benefit from correlations among Yara rules. + +(Originally on Twitter: [Thu Apr 06 19:43:43 +0000 2017](https://twitter.com/adulau/status/850071540225933313)) +---- +@malwaregroup @yararules @MISPProject Good idea. Any git repository with this code? I will be interested to have a look at it. + +(Originally on Twitter: [Thu Apr 06 19:52:30 +0000 2017](https://twitter.com/adulau/status/850073749147856896)) +---- +@malwaregroup @yararules @MISPProject Indeed, expressing a deterministic finite automaton can be difficult ;-) + +(Originally on Twitter: [Thu Apr 06 19:56:00 +0000 2017](https://twitter.com/adulau/status/850074630564048896)) +---- +RT @yararules: Yara Rules Strings: Statistical study +http://yararules.com/2017/04/06/yara-rules-strings-statistical-study/ + +(Originally on Twitter: [Thu Apr 06 20:00:29 +0000 2017](https://twitter.com/adulau/status/850075760350154754)) +---- +@LeFloatingGhost Antique snuff... I see Perl 4 code running on HP/UX. + +(Originally on Twitter: [Fri Apr 07 16:14:18 +0000 2017](https://twitter.com/adulau/status/850381228666703873)) +---- +RT @flyryan: Conclusions. Whew lordy what a ride. Signal needs some love. @InfiltrateCon #youkillityoueatit ![](media/850449950995599361-C81nPxpXYAApPPN.jpg) + +(Originally on Twitter: [Fri Apr 07 20:47:23 +0000 2017](https://twitter.com/adulau/status/850449950995599361)) +---- +"Reputation Metrics Design to Improve Intermediary Incentives +for Security of TLDs" http://hesselman.net/publicaties/SPEurope2017Korczynski.pdf #tld + +(Originally on Twitter: [Sat Apr 08 07:52:52 +0000 2017](https://twitter.com/adulau/status/850617424818966529)) +---- +RT @tombkeeper: HP's vulnerability response policy, interesting: ![](media/850619759678959618-C8zIZrdUAAE0U4r.jpg) + +(Originally on Twitter: [Sat Apr 08 08:02:09 +0000 2017](https://twitter.com/adulau/status/850619759678959618)) +---- +Dear @wikileaks could you add at least release the SHA256 of all the files contained in https://wikileaks.org/ciav7p1/cms/page_12353659.html the #grasshopper archives? + +(Originally on Twitter: [Sat Apr 08 09:15:05 +0000 2017](https://twitter.com/adulau/status/850638117153513472)) +---- +If you work at the DoD and you know when the Tomahawk missiles will be used, don't forget to buy some shares in advance. ![](media/850644026172878848-C84WvyjXkAAzEyi.jpg) + +(Originally on Twitter: [Sat Apr 08 09:38:34 +0000 2017](https://twitter.com/adulau/status/850644026172878848)) +---- +@MalwareJake The interesting part for GRASSHOPPER are the archives but WL released the file lists only. Having the hashes might help for some old cases. + +(Originally on Twitter: [Sat Apr 08 12:51:53 +0000 2017](https://twitter.com/adulau/status/850692677008060417)) +---- +@codefiscal Those missiles are often using UHF SATCOM and I'm not sure SES got such satellite in their fleet with UHF transponders on-board. + +(Originally on Twitter: [Sat Apr 08 14:35:07 +0000 2017](https://twitter.com/adulau/status/850718653226024960)) +---- +@pidgeyL Are you ok? I hope you didn't break the wood with your head. + +(Originally on Twitter: [Sun Apr 09 05:31:59 +0000 2017](https://twitter.com/adulau/status/850944358765428737)) +---- +@quinnnorton I feel a tension between St Gall-Peters dogma and St Robinson schism. + +(Originally on Twitter: [Sun Apr 09 06:57:16 +0000 2017](https://twitter.com/adulau/status/850965821925019648)) +---- +@codefiscal Looks like marketing stuff. You should really compare transponders capabilities on each satellites and you'll see many private & gov players + +(Originally on Twitter: [Sun Apr 09 19:04:56 +0000 2017](https://twitter.com/adulau/status/851148945795559424)) +---- +RT @cyb3rops: I missed that @MISPProject support our Sigma rules since v2.4.70 - Thx +http://www.misp-project.org/2017/03/26/MISP.2.4.70.released.html +Sigma +https://github.com/Neo23x0/sigma… + +(Originally on Twitter: [Mon Apr 10 11:38:20 +0000 2017](https://twitter.com/adulau/status/851398942583644160)) +---- +"GLoP: Enabling Massively Parallel Incident Response Through GPU Log Processing" https://arxiv.org/pdf/1704.02278.pdf Why testing with synthetic logs? + +(Originally on Twitter: [Mon Apr 10 19:30:25 +0000 2017](https://twitter.com/adulau/status/851517745862672384)) +---- +RT @pstirparo: @MISPProject @hack_lu Me too, trying to match it with other two trips in a row... #WorkInProgress @adulau + +(Originally on Twitter: [Tue Apr 11 04:36:53 +0000 2017](https://twitter.com/adulau/status/851655265841709056)) +---- +just updated the @MISPProject taxonomy format internet-draft https://tools.ietf.org/html/draft-dulaunoy-misp-taxonomy-format-02 to include the JSON schema #ThreatIntelligence + +(Originally on Twitter: [Tue Apr 11 08:07:28 +0000 2017](https://twitter.com/adulau/status/851708261543940096)) +---- +"CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight" https://github.com/TryCatchHCF/Cloakify Clever use of Belgian Beers & PokemonGo Monsters + +(Originally on Twitter: [Tue Apr 11 08:35:31 +0000 2017](https://twitter.com/adulau/status/851715320184221696)) +---- +RT @MISPProject: We just released MISP 2.4.71, PyMISP 2.4.71 and also updated the Internet-Drafts for the MISP formats. https://t.co/ugJtwj… + +(Originally on Twitter: [Tue Apr 11 15:37:27 +0000 2017](https://twitter.com/adulau/status/851821502945263617)) +---- +RT @artkond: CVE-2017-3881 Cisco Catalyst Remote Code Execution PoC #cisco #infosec https://artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/ + +(Originally on Twitter: [Tue Apr 11 21:19:31 +0000 2017](https://twitter.com/adulau/status/851907588811890688)) +---- +I don't want to bet on anything but the Chinese Lottery might become a reality soon seeing on how mobile phone users install random apps. ![](media/852102005300621315-C9ND5NvXkAACXc5.jpg) + +(Originally on Twitter: [Wed Apr 12 10:12:04 +0000 2017](https://twitter.com/adulau/status/852102005300621315)) +---- +RT @halvarflake: Personally, I am opposed to secure boot. Let people boot what they want but provide means of verifying themselves. + +(Originally on Twitter: [Wed Apr 12 10:18:43 +0000 2017](https://twitter.com/adulau/status/852103682749550596)) +---- +@hanno ISC2 is just the reflect of the old society who has still not understood that free, independent and autonomous human is the cyberspace. + +(Originally on Twitter: [Wed Apr 12 21:00:43 +0000 2017](https://twitter.com/adulau/status/852265243493453825)) +---- +RT @Aristot73: Study: (EU) Legal Frameworks for Hacking by Law Enforcement: Identification, Evaluation and Comparison of Practices https://… + +(Originally on Twitter: [Thu Apr 13 06:19:54 +0000 2017](https://twitter.com/adulau/status/852405968604463104)) +---- +"Forensic Analysis of TomTom Navigation Application" +https://arxiv.org/pdf/1704.03524.pdf #dfir + +(Originally on Twitter: [Thu Apr 13 08:07:28 +0000 2017](https://twitter.com/adulau/status/852433036687921152)) +---- +@Nokiatelefoon Yep you can do seach via cpe on the vty but you might need some scripting to match your requirements. + +(Originally on Twitter: [Thu Apr 13 19:29:59 +0000 2017](https://twitter.com/adulau/status/852604799195459584)) +---- +Today we decided to read one spam mail carefully and then a huge stack of crap hits the ventilator. + +(Originally on Twitter: [Thu Apr 13 19:45:12 +0000 2017](https://twitter.com/adulau/status/852608627093504000)) +---- +@Nokiatelefoon Check search.py and you can do search per cpe like this `search.py -p cisco:ios:12.4` + +(Originally on Twitter: [Fri Apr 14 15:21:35 +0000 2017](https://twitter.com/adulau/status/852904676219637761)) +---- +RT @pinkflawd: Proud to be presenting IoC economics and resilience research together w @blackswanburst at @FIRSTdotOrg conference https://t… + +(Originally on Twitter: [Fri Apr 14 19:30:51 +0000 2017](https://twitter.com/adulau/status/852967404518899712)) +---- +Timing of the leak might give some interesting insight with the recent alternative to SWIFT introduced in Russia https://www.rt.com/business/382017-russia-swift-central-bank/ ![](media/852983712887296000-C9ZoIt4WsAA5A6e.png) + +(Originally on Twitter: [Fri Apr 14 20:35:39 +0000 2017](https://twitter.com/adulau/status/852983712887296000)) +---- +RT @MISPProject: Many updates to MISP galaxy (threat actors, tools, Exploit kits) thanks to @deltalimasierra @kafeine https://t.co/uLAbQYKC… + +(Originally on Twitter: [Sat Apr 15 06:45:56 +0000 2017](https://twitter.com/adulau/status/853137293955276800)) +---- +cve-search team at OSSS hackathon @pidgeyL @rafi0t and myself will be there https://www.cve-search.org/2017/cve-search-at-OSSS-hackathon/ #vulnerability #infosec + +(Originally on Twitter: [Sat Apr 15 12:05:53 +0000 2017](https://twitter.com/adulau/status/853217812453761029)) +---- +Contributions and pull-requests more than welcome https://twitter.com/MISPProject/status/853330282803589121 as naming is hard and difficult in #infosec + +(Originally on Twitter: [Sat Apr 15 19:42:20 +0000 2017](https://twitter.com/adulau/status/853332684516491264)) +---- +@alexanderjaeger Why not. It would make the life of the analyst easier. @Iglocska what do you think? + +(Originally on Twitter: [Sat Apr 15 20:22:45 +0000 2017](https://twitter.com/adulau/status/853342852688031744)) +---- +In this world, a bit of abstraction is often required https://www.flickr.com/photos/adulau/33909240702/ #photography #wabi_sabi @Flickr + +(Originally on Twitter: [Sun Apr 16 08:26:39 +0000 2017](https://twitter.com/adulau/status/853525028993892352)) +---- +@thegrugq @semibogan A request from security researchers for non-attribution can be sane. Some security researchers doesn't want the fame and/or the problems. + +(Originally on Twitter: [Sun Apr 16 08:48:16 +0000 2017](https://twitter.com/adulau/status/853530470931476480)) +---- +@thegrugq @semibogan Indeed, we have seen many cases. "Serving in silence" works also for non-traditional ICs like group of hackers or humans trusting a cause. + +(Originally on Twitter: [Sun Apr 16 08:55:47 +0000 2017](https://twitter.com/adulau/status/853532363044900864)) +---- +@zoobab He is indeed quite strong on free software but the European aspect is inconsistent https://laec.fr/chapitre/4/sortir-des-traites-europeens and https://laec.fr/section/52/appliquer-un-plan-b-en-cas-d-echec-des-negociations + +(Originally on Twitter: [Sun Apr 16 09:43:34 +0000 2017](https://twitter.com/adulau/status/853544388307415042)) +---- +@jedisct1 Why they don't release the initial designs, prototypes and software as open source? or it was a real well-done scam? + +(Originally on Twitter: [Sun Apr 16 10:41:35 +0000 2017](https://twitter.com/adulau/status/853558988536856577)) +---- +RT @pombr: And I will be there too. Join us in #Luxembourg #cybersecurity needs #OpenData for #foss and #opensource https://twitter.com/adulau/status/853217812453761029 + +(Originally on Twitter: [Mon Apr 17 06:14:12 +0000 2017](https://twitter.com/adulau/status/853854087665864704)) +---- +@xme We will try to merge it with the MISP galaxy with the ransomware cluster https://github.com/MISP/misp-galaxy/blob/master/clusters/ransomware.json + +(Originally on Twitter: [Tue Apr 18 16:24:44 +0000 2017](https://twitter.com/adulau/status/854370118683566080)) +---- +RT @headhntr: .@lorenzoFB @josephfcox @SecureDrop @FreedomofPress A summary of the types of data that the two hackers stole from FlexiSpy a… + +(Originally on Twitter: [Tue Apr 18 17:36:18 +0000 2017](https://twitter.com/adulau/status/854388129553420289)) +---- +@Maliciouslink Mastodon instance might fall into the category of "intermediary service providers"? + +(Originally on Twitter: [Wed Apr 19 05:27:11 +0000 2017](https://twitter.com/adulau/status/854567027775877124)) +---- +Congrats to the @thestudenthotel in Amsterdam to put an art photography book in the rooms much better than the bloody bibles. ![](media/854703471974633473-C9yEPvlXUAEwn3v.jpg) + +(Originally on Twitter: [Wed Apr 19 14:29:21 +0000 2017](https://twitter.com/adulau/status/854703471974633473)) +---- +"Enabling an Anatomic View to Investigate Honeypot Systems: A Survey" +https://arxiv.org/pdf/1704.05357.pdf + +(Originally on Twitter: [Wed Apr 19 15:13:19 +0000 2017](https://twitter.com/adulau/status/854714535667785729)) +---- +RT @alexanderjaeger: What is @rafi0t doing on easter? Simple he is controbuting a lot code to viper.li #awesome #python3 cc @botherder + +(Originally on Twitter: [Wed Apr 19 16:50:58 +0000 2017](https://twitter.com/adulau/status/854739108907950082)) +---- +@alexanderjaeger @Iglocska @rafi0t @botherder You should see him in the office when he discovers a Python2 only library. He seems like the mad scientist who has an evil plan. + +(Originally on Twitter: [Wed Apr 19 16:53:42 +0000 2017](https://twitter.com/adulau/status/854739794907332610)) +---- +Working on a taxonomy describing the analyst capabilities or counter-analysis to limit bias. To be in @MISPProject https://github.com/MISP/misp-taxonomies/commit/081be4fcddbf510eaafd8f3af518ee7c7e794671 + +(Originally on Twitter: [Wed Apr 19 19:30:30 +0000 2017](https://twitter.com/adulau/status/854779256047534081)) +---- +At @RIPE_Atlas dns measurement #hackathon working on gathering statistics & passive dns records from Atlas https://github.com/adulau/passive-dns-atlas promising + +(Originally on Twitter: [Thu Apr 20 14:13:54 +0000 2017](https://twitter.com/adulau/status/855061968222380032)) +---- +Checking SOA RR from @RIPE_Atlas DNS measurements give an idea of the critical TLD operators +https://www.foo.be/ripe-atlas/MAINTAINERNAME.html https://github.com/adulau/passive-dns-atlas ![](media/855391197434720256-C970YaBXYAAqqT1.jpg) + +(Originally on Twitter: [Fri Apr 21 12:02:08 +0000 2017](https://twitter.com/adulau/status/855391197434720256)) +---- +@tuxpanik @rafi0t Maybe more as a modules to do a lookup up against https://github.com/adulau/nsrlsvr or similar server? We have an open issue https://github.com/MISP/MISP/issues/1832 + +(Originally on Twitter: [Fri Apr 21 16:21:17 +0000 2017](https://twitter.com/adulau/status/855456413610594304)) +---- +RT @ISCdotORG: From the @RIPE_Atlas DNS Hackathon in Amsterdam, yesterday and today. https://github.com/recdnsfp DNS resolver fingerprinting. ^… + +(Originally on Twitter: [Sat Apr 22 04:57:15 +0000 2017](https://twitter.com/adulau/status/855646660357218304)) +---- +Don't forget, any covert listening devices will always benefit from surrounding commodities like TV, phone or Internet-connected toasters. + +(Originally on Twitter: [Sat Apr 22 05:27:28 +0000 2017](https://twitter.com/adulau/status/855654263804108800)) +---- +@fredraynal I knew that you recently gave up your microwave for a toaster ;-) + +(Originally on Twitter: [Sat Apr 22 07:16:37 +0000 2017](https://twitter.com/adulau/status/855681732879814656)) +---- +@CESIN_France @virtualabs Une partie significative des 70% devrait plutôt se trouver dans les "je ne sais pas" par manque de détection. + +(Originally on Twitter: [Sat Apr 22 07:56:27 +0000 2017](https://twitter.com/adulau/status/855691757312503808)) +---- +@LeFloatingGhost @ISPuuuv You have more belgian flags at your place than I never had in the past years. + +(Originally on Twitter: [Sat Apr 22 08:28:54 +0000 2017](https://twitter.com/adulau/status/855699924507381760)) +---- +If you want to break some rules in photography, maybe you want to take this challenge. https://www.flickr.com/photos/adulau/33837521190/ @Flickr #photography + +(Originally on Twitter: [Sun Apr 23 19:02:33 +0000 2017](https://twitter.com/adulau/status/856221772777222147)) +---- +RT @hack_lu: Stickers for hack.lu 2017 are now available. If you want some, drop your physical/postal address at info(AT)hack(DOT)lu https:… + +(Originally on Twitter: [Mon Apr 24 08:52:20 +0000 2017](https://twitter.com/adulau/status/856430596498874368)) +---- +@benkow_ People (Tor users) travelling for a conference in France? IP reallocation? Some French researchers having fun? Broken geolocation? + +(Originally on Twitter: [Mon Apr 24 13:02:56 +0000 2017](https://twitter.com/adulau/status/856493660371918848)) +---- +RT @angealbertini: Manticore: dynamic binary analysis tool +https://github.com/trailofbits/manticore ![](media/856615813712932869-C-McaxcXgAE85q3.jpg) + +(Originally on Twitter: [Mon Apr 24 21:08:19 +0000 2017](https://twitter.com/adulau/status/856615813712932869)) +---- +RT @RANDCorporation: "For now, cryptocurrencies are unlikely to be stable enough or trusted enough for widespread use [by terrorists]." htt… + +(Originally on Twitter: [Mon Apr 24 21:11:37 +0000 2017](https://twitter.com/adulau/status/856616641869877249)) +---- +@dcuthbert Did you share the export? This would be a great addition to @MISPProject galaxy https://github.com/MISP/misp-galaxy + +(Originally on Twitter: [Tue Apr 25 05:22:25 +0000 2017](https://twitter.com/adulau/status/856740155725684738)) +---- +@S_Team_Approved Measuring security is hard but evaluating risks is even harder, often lead to misleading measurements and inadequate counter measures. + +(Originally on Twitter: [Wed Apr 26 20:33:02 +0000 2017](https://twitter.com/adulau/status/857331708932259840)) +---- +Tons of interesting topics to work on at the @hack_lu #hackathon of next week. https://hackathon.hack.lu/ I'll be there. + +(Originally on Twitter: [Thu Apr 27 14:34:04 +0000 2017](https://twitter.com/adulau/status/857603759169568768)) +---- +@Secnewsbytes Looks like again the proprietary vendors forgot what is done in the open source community like in the @MISPProject ;-) + +(Originally on Twitter: [Thu Apr 27 15:12:02 +0000 2017](https://twitter.com/adulau/status/857613315731804160)) +---- +RT @halvarflake: Func identification is an important building block for RE tools. Which paper is right ? https://syssec.mistakenot.net/papers/eurosp-2017.pdf or https:/… + +(Originally on Twitter: [Thu Apr 27 19:21:17 +0000 2017](https://twitter.com/adulau/status/857676039744573440)) +---- +@martijn_grooten Don't take KLF too seriously, it's part of their HOWTO ;-) http://freshonthenet.co.uk/the-manual-by-the-klf/ + +(Originally on Twitter: [Thu Apr 27 20:07:33 +0000 2017](https://twitter.com/adulau/status/857687682771800064)) +---- +What's better? Finding a cool name/logo for a vulnerability you found or providing a pull-request to fix it. I value more the second way. + +(Originally on Twitter: [Sat Apr 29 07:44:46 +0000 2017](https://twitter.com/adulau/status/858225529773752321)) +---- +@r00tbsd Obviously the second ;-) + +(Originally on Twitter: [Sat Apr 29 07:54:38 +0000 2017](https://twitter.com/adulau/status/858228016899600384)) +---- +@ClausHoumann and without "sudo" ;-) + +(Originally on Twitter: [Sat Apr 29 11:48:39 +0000 2017](https://twitter.com/adulau/status/858286907737993217)) +---- +@malwareunicorn We maintain a series of JSON for threat-actors with synonyms https://github.com/MISP/misp-galaxy/blob/master/clusters/threat-actor.json contribution welcome @MISPProject + +(Originally on Twitter: [Sat Apr 29 11:53:04 +0000 2017](https://twitter.com/adulau/status/858288019526340608)) +---- +RT @MISPProject: All @MISPProject taxonomies updated, published and browsable on the website https://www.misp.software/taxonomies.html #SecurityTools #threat… + +(Originally on Twitter: [Sun Apr 30 09:58:02 +0000 2017](https://twitter.com/adulau/status/858621458024673280)) +---- +RT @Kurt_Vonnegut: Future generations will look back on TV as the lead in the water pipes that slowly drove the Romans mad. + +(Originally on Twitter: [Sun Apr 30 16:16:41 +0000 2017](https://twitter.com/adulau/status/858716746093654016)) +---- +#backtothestreet is back https://www.flickr.com/photos/adulau/34232153121/ a good use of the public space for art exhibition. @Flickr + +(Originally on Twitter: [Sun Apr 30 16:47:16 +0000 2017](https://twitter.com/adulau/status/858724443736211456)) +---- +RT @MISPProject: MISP core team will be tomorrow at @hack_lu OS3 hackathon https://hackathon.hack.lu/ including @deltalimasierra @rafi0t @Iglo… + +(Originally on Twitter: [Mon May 01 09:16:16 +0000 2017](https://twitter.com/adulau/status/858973336122122240)) +---- +yalda seems a good start to automate analysis of mail/files gathered with spamtrap/honeypot systems by @gitaziabri https://github.com/fideliscyber/yalda/ + +(Originally on Twitter: [Mon May 01 12:43:10 +0000 2017](https://twitter.com/adulau/status/859025403326996488)) +---- +RT @hack_lu: The call for papers for @hack_lu 2017 is now open https://2017.hack.lu/blog/Call-for-Papers/ https://2017.hack.lu/cfp/ #callforpapers #infosec #lux… + +(Originally on Twitter: [Mon May 01 16:37:37 +0000 2017](https://twitter.com/adulau/status/859084401954652160)) +---- +RT @JeremyCliffe: 9) Commission said impossible to reconcile this with need to square off member states & European Parliament, so documents… + +(Originally on Twitter: [Tue May 02 05:12:58 +0000 2017](https://twitter.com/adulau/status/859274492950007808)) +---- +@pstirparo @hack_lu @MISPProject @circl_lu The PAD for the @hack_lu hackathon is available at the following location https://pad.riseup.net/p/OS3hackathon #os3hackathon + +(Originally on Twitter: [Tue May 02 07:02:17 +0000 2017](https://twitter.com/adulau/status/859302002328838144)) +---- +RT @quarkslab: [BLOG] Exploiting MS16-145: MS Edge TypedArray.sort UAF http://blog.quarkslab.com/exploiting-ms16-145-ms-edge-typedarraysort-use-after-free-cve-2016-7288.html by @fdfalcon Using Quicksort as mirrored wri… + +(Originally on Twitter: [Wed May 03 04:37:01 +0000 2017](https://twitter.com/adulau/status/859627835371212800)) +---- +@FloFian @ColinMaillard_ @EmilioCasabona @Korben Une belle cible (surtout les utilisateurs du réseau) pour faire un AP avec les mêmes paramètres pour cibler les utilisateurs par la suite. + +(Originally on Twitter: [Wed May 03 06:10:23 +0000 2017](https://twitter.com/adulau/status/859651331933573123)) +---- +@FloFian @ColinMaillard_ @EmilioCasabona @Korben Non, le "threat-model" est sur le roaming en dehors des locaux de TF1 des utilisateurs ayant une connexion configurée avec ces paramètres. + +(Originally on Twitter: [Wed May 03 12:49:35 +0000 2017](https://twitter.com/adulau/status/859751790883069952)) +---- +@FloFian @ColinMaillard_ @EmilioCasabona @Korben https://www.enisa.europa.eu/publications/info-notes/passive-wifi-surveillance-and-access-point-hijacking + +(Originally on Twitter: [Wed May 03 13:16:37 +0000 2017](https://twitter.com/adulau/status/859758594509729792)) +---- +@FloFian @ColinMaillard_ @EmilioCasabona @Korben En effet mais le risque est important pour la "recherche" future de cibles significatives après le débat et en dehors de la limite physique. + +(Originally on Twitter: [Wed May 03 13:47:48 +0000 2017](https://twitter.com/adulau/status/859766444313243648)) +---- +RT @SnT_uni_lu: The first Open Source Security Software #Hackathon in full swing, with @circl_lu @hack_lu & @PwC_Luxembourg. #CyberSecurity… + +(Originally on Twitter: [Wed May 03 21:32:51 +0000 2017](https://twitter.com/adulau/status/859883476891389952)) +---- +It's always great to work with @gallypette especially with his experience in analysis of competing hypotheses (ACH) https://twitter.com/MISPProject/status/860204993546158080 + +(Originally on Twitter: [Thu May 04 18:58:03 +0000 2017](https://twitter.com/adulau/status/860206907767885825)) +---- +"Virtual Machine Introspection Based Malware Behavior Profiling and Family Grouping" the phylogenetic tree is back. https://arxiv.org/pdf/1705.01697.pdf + +(Originally on Twitter: [Fri May 05 07:13:45 +0000 2017](https://twitter.com/adulau/status/860392055310340096)) +---- +RT @joshgondelman: At the very least, you've got to use a smaller font, guys. ![](media/860572274713399298-C_Bz6kPU0AAE9-C.jpg) + +(Originally on Twitter: [Fri May 05 19:09:53 +0000 2017](https://twitter.com/adulau/status/860572274713399298)) +---- +Even leaking information can be hard for an adversary. Dumping raw data, without selection, limits the intended effects. #frenchelection + +(Originally on Twitter: [Fri May 05 22:34:45 +0000 2017](https://twitter.com/adulau/status/860623832348020736)) +---- +Even if the leaks don't contain anything useful for an adversary, trollers will jump on it to support their bogus claims. #frenchelection + +(Originally on Twitter: [Fri May 05 22:46:14 +0000 2017](https://twitter.com/adulau/status/860626720000536578)) +---- +RT @MISPProject: The @MISPProject galaxy is also browsable via the website directly https://www.misp.software/galaxy.html including threat actors, expl… + +(Originally on Twitter: [Sat May 06 07:06:54 +0000 2017](https://twitter.com/adulau/status/860752716393566208)) +---- +RT @RidT: Macron team said real files were mixed with forged ones to sow "doubt and misinformation"—likely correct. Forgeries are the histo… + +(Originally on Twitter: [Sat May 06 09:54:44 +0000 2017](https://twitter.com/adulau/status/860794956017016832)) +---- +@__Thanat0s__ There are some macros but it's a huge mess in the various RAR. Maybe we should create a @MISPProject event with all the payloads found. + +(Originally on Twitter: [Sat May 06 10:00:14 +0000 2017](https://twitter.com/adulau/status/860796338967105536)) +---- +@martijn_grooten I would not generalize to the whole US IC. Some team have obviously such attacks especially that crypto materials are priority 1 over TS. + +(Originally on Twitter: [Sat May 06 10:08:45 +0000 2017](https://twitter.com/adulau/status/860798480431931392)) +---- +@__Thanat0s__ @MISPProject My first dice roll and here is the results: #MacronLeaks ![](media/860799864816513024-C_IsrRnWsAMLgQG.jpg) + +(Originally on Twitter: [Sat May 06 10:14:15 +0000 2017](https://twitter.com/adulau/status/860799864816513024)) +---- +"The Multiple Source Effect in Persuasion: The Effects of Distraction" why psychology is important when leaking info https://www.foo.be/docs/intelligence/harkins1981.pdf + +(Originally on Twitter: [Sat May 06 10:46:27 +0000 2017](https://twitter.com/adulau/status/860807966903107584)) +---- +@a_z_e_t Because empty entropy pool can be a source of availability issue and sometime availability is first before confidentiality... + +(Originally on Twitter: [Sat May 06 13:40:35 +0000 2017](https://twitter.com/adulau/status/860851790161604609)) +---- +@a_z_e_t With many TLS and ZMQ (CurveZMQ) connections on the same systems and haveged provided a way to keep the pool at a reasonable level. + +(Originally on Twitter: [Sat May 06 13:46:10 +0000 2017](https://twitter.com/adulau/status/860853194557149185)) +---- +@a_z_e_t Indeed and it was blocking. In any case, additional TRNGs are usually a must for some use-cases. I know there is a lot of hate for haveged. + +(Originally on Twitter: [Sat May 06 13:54:03 +0000 2017](https://twitter.com/adulau/status/860855178827902976)) +---- +@a_z_e_t I suppose it was not a modern Linux system ;-) + +(Originally on Twitter: [Sat May 06 14:03:28 +0000 2017](https://twitter.com/adulau/status/860857551184908290)) +---- +@a_z_e_t I still think it's important to have an additional TRNG for sensitive systems. Relying on a single source (e.g. Intel TRNG) could be risky. + +(Originally on Twitter: [Sat May 06 14:09:06 +0000 2017](https://twitter.com/adulau/status/860858968750661634)) +---- +RT @MISPProject: Significant improvements in MISP documentation of galaxy https://www.misp.software/galaxy.pdf and taxonomies https://www.misp.software/taxonomies.pdf #t… + +(Originally on Twitter: [Sun May 07 10:49:25 +0000 2017](https://twitter.com/adulau/status/861171101405245441)) +---- +Bug report to the "crawler" running on 93.17.79.58 and using Python scrapy appending %0A to URL might not help for scraping the Web... + +(Originally on Twitter: [Sun May 07 11:00:24 +0000 2017](https://twitter.com/adulau/status/861173869188702208)) +---- +Every moment is a photographic opportunity even if it's raining https://www.flickr.com/photos/adulau/34376746461/ @Flickr #photography #blackandwhitephotography + +(Originally on Twitter: [Sun May 07 12:50:37 +0000 2017](https://twitter.com/adulau/status/861201606330765314)) +---- +Trace and Opportunity in Photography https://www.foo.be/photoblog/posts/trace-and-opportunity-in-photography.html #written while thinking of @fbon work and reading Margaret Iversen #photography + +(Originally on Twitter: [Sun May 07 14:32:24 +0000 2017](https://twitter.com/adulau/status/861227219204673537)) +---- +RT @hack_lu: Registration for @hack_lu 2017 is now open. https://2017.hack.lu/info/ #Luxembourg #infosec + +(Originally on Twitter: [Mon May 08 10:07:05 +0000 2017](https://twitter.com/adulau/status/861522836376170496)) +---- +Malware Detection on General-Purpose Computers Using Power Consumption Monitoring: A Proof of Concept and Case Study +https://arxiv.org/pdf/1705.01977.pdf + +(Originally on Twitter: [Mon May 08 12:17:47 +0000 2017](https://twitter.com/adulau/status/861555728095596546)) +---- +RT @MISPProject: Next release of MISP will include a "feed overlap analysis matrix" to analyse the overlap of indicators among feed provide… + +(Originally on Twitter: [Mon May 08 15:30:38 +0000 2017](https://twitter.com/adulau/status/861604260072620033)) +---- +RT @alexcpsec: This is amazing! Always wanted to have @MLSecProject Tiq-test inside @MISPProject . Thanks, @adulau ! https://twitter.com/mispproject/status/861599627799396352 + +(Originally on Twitter: [Mon May 08 19:41:11 +0000 2017](https://twitter.com/adulau/status/861667313455685633)) +---- +@alexcpsec @MLSecProject @MISPProject We still have in target to add your Tiq-test in @MISPProject and this new feature introduced is the basis to support it. Thanks for the work + +(Originally on Twitter: [Mon May 08 19:45:50 +0000 2017](https://twitter.com/adulau/status/861668486296342528)) +---- +RT @MISPProject: MISP 2.4.73 released including new features like the feed overlap matrix +https://www.misp.software/2017/05/09/MISP.2.4.73.released.html and support for @TheHive… + +(Originally on Twitter: [Tue May 09 16:23:21 +0000 2017](https://twitter.com/adulau/status/861979915826204673)) +---- +RT @circl_lu: Unintended/Covert Storage Channel for sensitive data in Conexant HD Audio Driver Package. https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt HP Audiodr… + +(Originally on Twitter: [Thu May 11 10:05:54 +0000 2017](https://twitter.com/adulau/status/862609705113444352)) +---- +RT @MalwareTechBlog: Timeline of a Botnet Investigation ![](media/862749554961244160-C_kZOBjXYAEzjDq.jpg) + +(Originally on Twitter: [Thu May 11 19:21:37 +0000 2017](https://twitter.com/adulau/status/862749554961244160)) +---- +Want to share your security research? found new attacks and/or defences in hardware or software? @hack_lu 2017 #CFP https://2017.hack.lu/blog/Call-for-Papers/ + +(Originally on Twitter: [Thu May 11 19:55:33 +0000 2017](https://twitter.com/adulau/status/862758094924894208)) +---- +RT @cbrocas: Would also like to meet other security researchers/pro in a cool, open minded environment? Just submit :) #rightchoice https:/… + +(Originally on Twitter: [Thu May 11 20:05:49 +0000 2017](https://twitter.com/adulau/status/862760676158296069)) +---- +@swannysec If you see some missing analytical aspects in MISP, let us know. We have many features and especially to include the workbench. + +(Originally on Twitter: [Thu May 11 20:25:43 +0000 2017](https://twitter.com/adulau/status/862765685092626432)) +---- +Some vendors are still in the eighties. "NOTE: the vendor reportedly has stated this is "a feature, not a bug."" https://cve.circl.lu/cve/CVE-2017-8912 + +(Originally on Twitter: [Fri May 12 13:28:06 +0000 2017](https://twitter.com/adulau/status/863022975934713857)) +---- +@swannysec With the new objects, we have some ideas of UI update that could be an opportunity too https://github.com/MISP/misp-objects/tree/master/objects + +(Originally on Twitter: [Fri May 12 13:50:23 +0000 2017](https://twitter.com/adulau/status/863028582804840448)) +---- +@SushiDude IMHO this is a confusion between a local admin/root of a system versus the admin of the CMS. For an adversary, the confusion is a quick gain + +(Originally on Twitter: [Fri May 12 13:53:37 +0000 2017](https://twitter.com/adulau/status/863029397770702848)) +---- +@vloquet Oui. Je dois encore avoir quelques anciennes références sous le coude. + +(Originally on Twitter: [Fri May 12 16:29:34 +0000 2017](https://twitter.com/adulau/status/863068642669416514)) +---- +RT @circl_lu: If you don't patch your EOL Windows ASAP, you are putting people and your organisation at risk! https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/ #Wan… + +(Originally on Twitter: [Sat May 13 07:48:07 +0000 2017](https://twitter.com/adulau/status/863299805275205633)) +---- +RT @publidave: Imagine pitching a book where NSA exploits, released by Russians, were used to knock out hospitals & demand cryptocurrency.… + +(Originally on Twitter: [Sat May 13 08:03:27 +0000 2017](https://twitter.com/adulau/status/863303662705278977)) +---- +@Wort_EN could you relay the information from @circl_lu https://mobile.twitter.com/circl_lu/status/863295346524516354 about the current vulnerabilities in EOL Windows and patches + +(Originally on Twitter: [Sat May 13 08:49:43 +0000 2017](https://twitter.com/adulau/status/863315306470674432)) +---- +An advice for security vendors when doing a blog post, add a @MISPProject export of the indicators and information along to ease sharing. + +(Originally on Twitter: [Sat May 13 09:47:46 +0000 2017](https://twitter.com/adulau/status/863329915239845888)) +---- +@xbouwman @MarietjeSchaake But the regulation won't apply to the intelligence community, secret services and stuff failling in national security exemptions... + +(Originally on Twitter: [Sat May 13 11:57:32 +0000 2017](https://twitter.com/adulau/status/863362573449797633)) +---- +The difficulty of disk forensic acquisition is not to succeed one time but to repeat the success on a series of random disks. #dfir + +(Originally on Twitter: [Sun May 14 06:46:52 +0000 2017](https://twitter.com/adulau/status/863646780310921216)) +---- +RT @__ths__: #HP did not remove the #keylogger functions in new version. Simply turn it on by setting SeeScanCode and EnableLog = 1 in Wind… + +(Originally on Twitter: [Sun May 14 12:10:22 +0000 2017](https://twitter.com/adulau/status/863728189318848512)) +---- +@MiodVallat Is the cheese really on a computer? + +(Originally on Twitter: [Sun May 14 19:58:09 +0000 2017](https://twitter.com/adulau/status/863845911088308224)) +---- +"On the potential of IPv6 open resolvers for DDoS attacks" +http://wwwhome.cs.utwente.nl/~schmidtr/docs/pam2017hendriks.pdf #DDoS #DNS + +(Originally on Twitter: [Mon May 15 07:25:13 +0000 2017](https://twitter.com/adulau/status/864018817608974336)) +---- +Small remark for journalists interviewing for #WannaCry don't ask too much questions about statistics but ask about direct socio-eco impacts + +(Originally on Twitter: [Mon May 15 10:13:56 +0000 2017](https://twitter.com/adulau/status/864061274749054980)) +---- +@martijn_grooten @Mario_Vilas This is an interesting case to refine the automation flag for such cases in @MISPProject we work on an improved model for it. Idea welcome + +(Originally on Twitter: [Mon May 15 10:58:41 +0000 2017](https://twitter.com/adulau/status/864072539328454656)) +---- +RT @martijn_grooten: I doubt this is the rationale behind it, but #wannacry really damages the sensible practice of blocking all new domain… + +(Originally on Twitter: [Mon May 15 11:00:44 +0000 2017](https://twitter.com/adulau/status/864073053852094464)) +---- +@martijn_grooten @Mario_Vilas @MISPProject Indeed that's why I always think fully public and authenticated sinkholing is the way to go. + +(Originally on Twitter: [Mon May 15 11:12:04 +0000 2017](https://twitter.com/adulau/status/864075908231180288)) +---- +@Mario_Vilas @martijn_grooten @MISPProject Indeed. But we still love solving hard problems as human in the sea of the infosec mess... + +(Originally on Twitter: [Mon May 15 11:51:29 +0000 2017](https://twitter.com/adulau/status/864085825398726657)) +---- +@ncweaver In the various leaks, the passive DNS capability in XKEYSCORE seemed quite poor compared to passive SSL with FLYINGPIGS from GCHQ. Some ref? + +(Originally on Twitter: [Mon May 15 13:58:34 +0000 2017](https://twitter.com/adulau/status/864117807008624641)) +---- +@ncweaver I hope their EDNS decoder works seamlessly and they won't end up on the upstream resolver only... + +(Originally on Twitter: [Mon May 15 14:02:30 +0000 2017](https://twitter.com/adulau/status/864118798525362177)) +---- +@xme @ddurvaux Good point. We should update https://gist.github.com/adulau/6209099 to add a specific section regarding reporting publicly malicious content. + +(Originally on Twitter: [Mon May 15 15:09:55 +0000 2017](https://twitter.com/adulau/status/864135763599994881)) +---- +RT @mir_ripe_labs: Find the results of the recent RIPE NCC DNS Measurements Hackathon on #RIPELabs: https://labs.ripe.net/Members/becha/results-dns-measurements-hackathon https://t.co/xm… + +(Originally on Twitter: [Mon May 15 21:24:05 +0000 2017](https://twitter.com/adulau/status/864229927025070081)) +---- +@alexanderjaeger @MISPProject @martijn_grooten @Mario_Vilas PAP is nice to describe the actions allowed or not by the analysts. But not for the differentiation between silently drop or loudly reject + +(Originally on Twitter: [Tue May 16 05:56:19 +0000 2017](https://twitter.com/adulau/status/864358833681858561)) +---- +RT @Aristot73: - how many stars are there in the sky? +- less than the ransomware names in the @MISPProject galaxy... :) https://t.co/at3HT1… + +(Originally on Twitter: [Wed May 17 06:30:03 +0000 2017](https://twitter.com/adulau/status/864729710995148800)) +---- +RT @TheHive_Project: Cortex 1.1.1: Two Way @MISPProject Integration Now a Reality thanks to @adulau & @Iglocska http://blog.thehive-project.org/2017/05/17/cortex-1-1-1-two-way-misp-integration-now-a-reality/ + +(Originally on Twitter: [Wed May 17 21:00:58 +0000 2017](https://twitter.com/adulau/status/864948882140213248)) +---- +RT @TheHive_Project: @Iglocska @MISPProject @adulau It was the same here! We are looking forward to a continued collaboration that embodies… + +(Originally on Twitter: [Wed May 17 21:01:06 +0000 2017](https://twitter.com/adulau/status/864948918941036544)) +---- +RT @__Obzy__: So basically set your smartphone's name to %x%x%x%x and test for format string vulns in connected devices . here's a 2011 BMW… + +(Originally on Twitter: [Thu May 18 04:40:14 +0000 2017](https://twitter.com/adulau/status/865064462344126464)) +---- +RT @SushiDude: #WannaCry -related Siemens advisories for Healthineers products, incl CT, MRI, X-ray, diagnostics, & imaging https://t.co/5q… + +(Originally on Twitter: [Thu May 18 06:01:08 +0000 2017](https://twitter.com/adulau/status/865084822523449344)) +---- +straight lines https://www.flickr.com/photos/adulau/33930587953/ #blackandwhitephotography #defocus + +(Originally on Twitter: [Thu May 18 20:12:50 +0000 2017](https://twitter.com/adulau/status/865299156826566656)) +---- +RT @0xDUDE: The best way 2 piss off lawyers & lawmakers is explaining them how the #GDPR is going 2 facilitate blackmail after victims paid… + +(Originally on Twitter: [Fri May 19 06:04:07 +0000 2017](https://twitter.com/adulau/status/865447960892461056)) +---- +Detect kernel-mode rootkits via real time logging & controlling memory access - Intel VT-x https://arxiv.org/pdf/1705.06784.pdf https://github.com/tandasat/MemoryMon/tree/rwe_cdfs + +(Originally on Twitter: [Mon May 22 07:50:23 +0000 2017](https://twitter.com/adulau/status/866561866293813249)) +---- +RT @tricaud: @WeldPond because no government has a Mozart like @adriengnt: they need to build team and make meetings before coding then tal… + +(Originally on Twitter: [Mon May 22 10:31:03 +0000 2017](https://twitter.com/adulau/status/866602299816280064)) +---- +RT @vpkivimaki: Chaff cloud visible in Finnish weather radar. Air Defence Exercise ongoing in the area. ![](media/866611805656928257-DAa3oREXcAAreR4.jpg) + +(Originally on Twitter: [Mon May 22 11:08:49 +0000 2017](https://twitter.com/adulau/status/866611805656928257)) +---- +How many NAS and file servers run Samba (>=3.5.0)? +CVE-2017-7494 https://twitter.com/circl_lu/status/867320093033865217 + +(Originally on Twitter: [Wed May 24 10:14:19 +0000 2017](https://twitter.com/adulau/status/867322864394960896)) +---- +@PatriceAuffret The most critical part is the probability of exploitation in the internal networks from a single compromised host. + +(Originally on Twitter: [Wed May 24 11:22:56 +0000 2017](https://twitter.com/adulau/status/867340133120581632)) +---- +@r_73en @kmkz_security In internal networks, there are many opportunities. Just think of all the shared directory for temporary use with write access. + +(Originally on Twitter: [Wed May 24 11:28:44 +0000 2017](https://twitter.com/adulau/status/867341589475151873)) +---- +@josephfcox This is probably lower compared to the decode()/encode()/UTF/Bytes/String Python 2 and Python 3 questions... + +(Originally on Twitter: [Wed May 24 12:34:21 +0000 2017](https://twitter.com/adulau/status/867358102735245312)) +---- +@erwinkooi Curtius from Liège. I hope it's not like the old Tchantches virus ;-) + +(Originally on Twitter: [Wed May 24 16:43:02 +0000 2017](https://twitter.com/adulau/status/867420687950073857)) +---- +@pategaumais Indeed I'm one of the author. Let me know if you need more info. + +(Originally on Twitter: [Thu May 25 05:34:21 +0000 2017](https://twitter.com/adulau/status/867614797529059328)) +---- +@Aristot73 "...interesting high-level observation is that while efforts to secure email systems with PGP that were interoperable across providers" ![](media/867667779528404992-DAqS2adXgAEiKlq.jpg) + +(Originally on Twitter: [Thu May 25 09:04:53 +0000 2017](https://twitter.com/adulau/status/867667779528404992)) +---- +RT @Aristot73: @adulau @gnupg ![](media/867668956299055104-DAqULaSXsAA-ti4.jpg) + +(Originally on Twitter: [Thu May 25 09:09:34 +0000 2017](https://twitter.com/adulau/status/867668956299055104)) +---- +The work of @MSF_Sea is just incredible. It's where humans can make a difference. So you know what to do. https://twitter.com/MSF_Sea/status/867657278723432449 + +(Originally on Twitter: [Thu May 25 09:15:24 +0000 2017](https://twitter.com/adulau/status/867670425966448640)) +---- +Ad when searching for @MISPProject on Google. Seeing this, I immediately thought of the @montypython sketch https://www.youtube.com/watch?v=grbSQ6O6kbs ![](media/867714917322948610-DAq9EU9XUAIHSnb.jpg) + +(Originally on Twitter: [Thu May 25 12:12:12 +0000 2017](https://twitter.com/adulau/status/867714917322948610)) +---- +@GossiTheDog Not sure how the scanner is done but it could be an effect of how the IP ranges are allocated by the RIR. + +(Originally on Twitter: [Thu May 25 13:11:30 +0000 2017](https://twitter.com/adulau/status/867729840543342592)) +---- +@pategaumais Sure my email is the single letter 'a' followed by foo dot be + +(Originally on Twitter: [Thu May 25 14:02:01 +0000 2017](https://twitter.com/adulau/status/867742556112781313)) +---- +@maaverix If you have access to the system, 'smbd -V'. Remotely, you should check smb-os-discovery.nse from nmap (check (response.lanmanager)). + +(Originally on Twitter: [Fri May 26 04:42:59 +0000 2017](https://twitter.com/adulau/status/867964256683040770)) +---- +RT @AusCERT: Michael Hamm & @Iglocska all the way from CIRCL Luxembourg speaking on 'Seamless threat intel sharing & automation using MISP'… + +(Originally on Twitter: [Fri May 26 05:58:38 +0000 2017](https://twitter.com/adulau/status/867983295778140161)) +---- +Fuzzers can help but don't forget additional and recurring human code reviews/tests are always required https://git.samba.org/?p=samba.git;a=commit;h=5a82cc21379e3fe28441cd82647313c9390b41e7 + +(Originally on Twitter: [Fri May 26 10:00:34 +0000 2017](https://twitter.com/adulau/status/868044178432950273)) +---- +RT @blackswanburst: @FIRSTdotOrg Quite a few! https://goo.gl/vXoQdr https://www.first.org/conference/2017/program#pail-framework-analysis-information-leak-framework https://www.first.org/conference/2017/program#pchange-is-the-only-constant-the-progression-of-detection-and-response-at-google https://t.co/4Ue8wYBj… + +(Originally on Twitter: [Fri May 26 18:28:24 +0000 2017](https://twitter.com/adulau/status/868171979408408577)) +---- +Training materials of "Security of BIOS/UEFI System Firmware from Attacker and Defender Perspectives" https://github.com/advanced-threat-research/firmware-security-training + +(Originally on Twitter: [Sat May 27 05:22:32 +0000 2017](https://twitter.com/adulau/status/868336597598687233)) +---- +If you send a paper questionnaire to your security partners to ask for indicators, you should start to use computers to do automated sharing + +(Originally on Twitter: [Sat May 27 05:50:23 +0000 2017](https://twitter.com/adulau/status/868343608453320704)) +---- +@ClausHoumann @Maliciouslink @rafi0t There is a basic rule when doing CNE and CNA, don't do it on the infrastructure that you rely on too ;-) @Iglocska + +(Originally on Twitter: [Sat May 27 15:26:55 +0000 2017](https://twitter.com/adulau/status/868488695053254656)) +---- +Nothing beats meta photography in Belgium https://www.flickr.com/photos/adulau/34539649180/ @Flickr #belgitude + +(Originally on Twitter: [Sat May 27 16:08:29 +0000 2017](https://twitter.com/adulau/status/868499158281441280)) +---- +We should find a way to sustain a large and global honeypot network like @RIPE_Atlas did successfully on the measurement aspect. + +(Originally on Twitter: [Sun May 28 21:27:49 +0000 2017](https://twitter.com/adulau/status/868941908210589696)) +---- +@meileaben @RIPE_Atlas Today, it's quite disparate among the various security communities and organisations. Would it be possible to run honeypot on @RIPE_Atlas? + +(Originally on Twitter: [Mon May 29 14:41:13 +0000 2017](https://twitter.com/adulau/status/869201971957432321)) +---- +@meileaben @RIPE_Atlas Indeed. Maybe we should investigate what you guys are doing on the procurement and deployment aspects to copy the good ideas... + +(Originally on Twitter: [Mon May 29 14:53:31 +0000 2017](https://twitter.com/adulau/status/869205066250629121)) +---- +@cudeso Maybe @Ecolo @jpflorent should share the indicators to see if there are any other potential targets or/and victims. + +(Originally on Twitter: [Tue May 30 06:16:42 +0000 2017](https://twitter.com/adulau/status/869437391660085252)) +---- +Any idea why @spacelabs healthcare removed their #WannaCry statement from their website? https://webcache.googleusercontent.com/search?q=cache:levnVcF91NkJ:https://www.spacelabshealthcare.com/wp-content/uploads/2017/05/WannaCry-Malware-Assessment-and-Compatibility-Statement_23_May_2017.pdf+&cd=1&hl=en&ct=clnk&gl=us&client=ubuntu + +(Originally on Twitter: [Tue May 30 07:41:01 +0000 2017](https://twitter.com/adulau/status/869458613013708800)) +---- +RT @MISPProject: MISP 2.4.74 released including a new improved pub-sub ZMQ system and a host of default feeds https://www.misp.software/2017/05/30/MISP.2.4.74.released.html #Thre… + +(Originally on Twitter: [Tue May 30 17:03:31 +0000 2017](https://twitter.com/adulau/status/869600168970252288)) +---- +I'll be at @FIRSTdotOrg conference to talk about blackhole monitoring. A small teaser with ISN value visualisation. https://www.first.org/conference/2017/program#pblackhole-networks-an-underestimated-source-for-information-leaks ![](media/869852007728914432-DBJUH7rXcAEhQoJ.jpg) + +(Originally on Twitter: [Wed May 31 09:44:14 +0000 2017](https://twitter.com/adulau/status/869852007728914432)) +---- +RT @hackerfantastic: We (@x0rz and me) have decided to attempt to crowd source the funds and buy the @shadowbrokerss exploits - details htt… + +(Originally on Twitter: [Wed May 31 16:09:15 +0000 2017](https://twitter.com/adulau/status/869948902736363520)) +---- +RT @shrekts: Our internal bug bounty program ;) ![](media/870311829930684417-DBP3tXrXcAAIAH0.jpg) + +(Originally on Twitter: [Thu Jun 01 16:11:24 +0000 2017](https://twitter.com/adulau/status/870311829930684417)) +---- +"I’ve discovered that most people are really good at finding obstacles. I don’t fund these people." https://blog.ycombinator.com/paul-buchheit-on-lessons-learned-from-investing-in-200-startups/ + +(Originally on Twitter: [Thu Jun 01 17:06:10 +0000 2017](https://twitter.com/adulau/status/870325612182986752)) +---- +Really glad that @thomasazier is coming to Luxembourg. "He could never be closer". A great artist following his own artistic path. + +(Originally on Twitter: [Thu Jun 01 20:56:40 +0000 2017](https://twitter.com/adulau/status/870383618035679232)) +---- +"Security Investment, Hacking, and Information Sharing between Firms and between Hackers" http://www.mdpi.com/2073-4336/8/2/23/pdf ![](media/870390694476689409-DBQ_kncW0AA_Jbk.jpg) + +(Originally on Twitter: [Thu Jun 01 21:24:47 +0000 2017](https://twitter.com/adulau/status/870390694476689409)) +---- +@verovaleros I remember you did some work on RAT history, Maybe you want to contribute some RATs to the @MISPProject https://twitter.com/MISPProject/status/870647690698403841 + +(Originally on Twitter: [Fri Jun 02 14:28:34 +0000 2017](https://twitter.com/adulau/status/870648338391199744)) +---- +@y0m I'm curious if those contain new concepts compared to https://www.foo.be/docs/intelligence/PsychofIntelNew.pdf "Psychology of Intelligence Analysis" + +(Originally on Twitter: [Sun Jun 04 06:35:18 +0000 2017](https://twitter.com/adulau/status/871254012795826176)) +---- +I love all those consulting companies talking about GDPR but who forget that data portability applies for their customers too. + +(Originally on Twitter: [Sun Jun 04 07:30:11 +0000 2017](https://twitter.com/adulau/status/871267824790102017)) +---- +RT @MISPProject: We will be at #FIRSTCON17 and @adulau from @MISPProject will join the #hackathon to work on new and ongoing projects https… + +(Originally on Twitter: [Sun Jun 04 14:58:00 +0000 2017](https://twitter.com/adulau/status/871380520306962434)) +---- +Following the craziness surrounding the BTC prices, do you think the threat model/security measures for SaaS managed wallets still adequate? + +(Originally on Twitter: [Sun Jun 04 16:10:10 +0000 2017](https://twitter.com/adulau/status/871398683811753984)) +---- +@Iglocska @LeFloatingGhost Maybe Richard M. Stallman should do the test using his w3m-emacs browser? ![](media/872062398819127296-DBou29vWAAA0hU7.jpg) + +(Originally on Twitter: [Tue Jun 06 12:07:32 +0000 2017](https://twitter.com/adulau/status/872062398819127296)) +---- +@thegrugq @y0m @SteveBellovin "Digital Watermarking and Steganography" Page 5 of ISBN 9780080555805 + +(Originally on Twitter: [Tue Jun 06 12:43:06 +0000 2017](https://twitter.com/adulau/status/872071347991715842)) +---- +Another question for the recent NSA report leak. Why an analysis of spear phishing(s) is classified as TS? Why no sharing for detection? + +(Originally on Twitter: [Tue Jun 06 18:46:19 +0000 2017](https://twitter.com/adulau/status/872162753217277952)) +---- +@veorq They have urban in the abstract. But I'm disappointed, where are the street art and Jon156 graffiti in the paper? ;-) + +(Originally on Twitter: [Tue Jun 06 19:04:57 +0000 2017](https://twitter.com/adulau/status/872167444223324160)) +---- +RT @hack_lu: Don't forget the call for papers for hack.lu 2017 https://2017.hack.lu/blog/Call-for-Papers/ an unique opportunity to join us at the 13th editio… + +(Originally on Twitter: [Tue Jun 06 21:14:42 +0000 2017](https://twitter.com/adulau/status/872200097379094531)) +---- +Some people are worried about false negatives in #threathunting but maybe this one for Borrelia is a bit more scary. ![](media/872407399294001152-DBtpzTPXYAA-CPg.jpg) + +(Originally on Twitter: [Wed Jun 07 10:58:27 +0000 2017](https://twitter.com/adulau/status/872407399294001152)) +---- +RT @H_Miser: #sstic +- speaker: on a écrit un outil pour analyser des fichiers pdf +- CERTs: cool +- speaker: on l'a écrit en CAML +- CERTs: h… + +(Originally on Twitter: [Wed Jun 07 15:40:23 +0000 2017](https://twitter.com/adulau/status/872478351180648450)) +---- +@jedisct1 Does the "/dev/tcp/<host>/<port>" trick works under the Apple "proprietary" OS/shell? + +(Originally on Twitter: [Wed Jun 07 17:37:38 +0000 2017](https://twitter.com/adulau/status/872507857559748612)) +---- +@jedisct1 I think it is but some other shells provide a similar interface. + +(Originally on Twitter: [Wed Jun 07 17:51:14 +0000 2017](https://twitter.com/adulau/status/872511279809933312)) +---- +RT @cnoanalysis: I recommend #infosec professionals learn to keep an engineering notebook documenting your work and research #DFIR https://… + +(Originally on Twitter: [Thu Jun 08 19:30:07 +0000 2017](https://twitter.com/adulau/status/872898554033000449)) +---- +@msuiche @lippard Check out @MISPProject galaxy https://github.com/MISP/misp-galaxy/tree/master/clusters threat actors with synonyms in parseable json. PR welcome ;-) + +(Originally on Twitter: [Sat Jun 10 05:01:22 +0000 2017](https://twitter.com/adulau/status/873404702733590528)) +---- +RT @msuiche: Awesome work from the @MISPProject team ! https://twitter.com/adulau/status/873404702733590528 + +(Originally on Twitter: [Sat Jun 10 05:11:00 +0000 2017](https://twitter.com/adulau/status/873407123501322240)) +---- +@lostinsecurity @y0m @msuiche @lippard @MISPProject The misp galaxy clusters are used in many tools including @MISPProject. So you can build additional tools from it. + +(Originally on Twitter: [Sat Jun 10 12:11:01 +0000 2017](https://twitter.com/adulau/status/873512827046301696)) +---- +Live etherpad for the today's @FIRSTdotOrg #hackathon http://piratepad.net/bob-the-pirate + +(Originally on Twitter: [Sun Jun 11 16:00:02 +0000 2017](https://twitter.com/adulau/status/873932849690402816)) +---- +Today I'll talk at @FIRSTdotOrg about AIL an Analysis Information Leak framework https://github.com/CIRCL/AIL-framework https://www.first.org/conference/2017/program#pail-framework-analysis-information-leak-framework #FIRSTCON17 + +(Originally on Twitter: [Mon Jun 12 08:56:49 +0000 2017](https://twitter.com/adulau/status/874188730797568000)) +---- +I'll give a pack of chocolates to @alexstamos about his great point regarding information sharing and the need of openess. #FIRSTCON17 + +(Originally on Twitter: [Mon Jun 12 14:25:26 +0000 2017](https://twitter.com/adulau/status/874271429969235968)) +---- +talk from @alexcpsec at #FIRSTCON17 has good points for maliciousness ratio calculation. Can we improve the current bgpranking ranking algo? + +(Originally on Twitter: [Mon Jun 12 15:43:20 +0000 2017](https://twitter.com/adulau/status/874291032606875649)) +---- +RT @blackswanburst: Getting gangsta with @pinkflawd on IoCs and Cannons at @FIRSTdotOrg in 🇵🇷 greetz to @rafi0t @adulau @dallendoug @privac… + +(Originally on Twitter: [Mon Jun 12 15:49:58 +0000 2017](https://twitter.com/adulau/status/874292701751062530)) +---- +The logistical burden for attackers/adversaries for their campaigns as described by @blackswanburst @pinkflawd at @FIRSTdotOrg ![](media/874297794747609090-DCIhMwNUIAIwOUt.jpg) + +(Originally on Twitter: [Mon Jun 12 16:10:12 +0000 2017](https://twitter.com/adulau/status/874297794747609090)) +---- +Nice perspective with the cost for attackers to change "IoC". Maybe a model/taxonomy to add in @MISPProject by @pinkflawd @blackswanburst ![](media/874299122026721283-DCIiaRzXsAE4GpU.jpg) + +(Originally on Twitter: [Mon Jun 12 16:15:29 +0000 2017](https://twitter.com/adulau/status/874299122026721283)) +---- +@daniel_bilar @manu2342 @MISPProject @pinkflawd @blackswanburst It's from @blackswanburst and @pinkflawd presentation at @FIRSTdotOrg conference. The slides and github will be available soon. + +(Originally on Twitter: [Mon Jun 12 17:39:23 +0000 2017](https://twitter.com/adulau/status/874320236387999744)) +---- +RT @blackswanburst: @daniel_bilar @adulau @manu2342 @MISPProject @pinkflawd I looked at rough costs in the legitimate economy. OFC attacker… + +(Originally on Twitter: [Mon Jun 12 17:40:23 +0000 2017](https://twitter.com/adulau/status/874320488641818624)) +---- +RT @MirekMaj: Open policy of @circl_lu regarding monitored pastes. All is published at https://www.circl.lu/pub/tr-46/ #FIRSTCON17 presentation by… + +(Originally on Twitter: [Mon Jun 12 22:42:19 +0000 2017](https://twitter.com/adulau/status/874396473164804097)) +---- +A nifty project by @halvarflake to demonstrate how to perform code similarity searches using MinHashing of subgraphs https://github.com/thomasdullien/functionsimsearch + +(Originally on Twitter: [Tue Jun 13 04:06:53 +0000 2017](https://twitter.com/adulau/status/874478155578343425)) +---- +Very good point from Google IRT when doing postmortem incident response. Write a blameless postmortem. #DFIR #FIRSTCON17 ![](media/874630791996821505-DCNQDz1XoAUXYaa.jpg) + +(Originally on Twitter: [Tue Jun 13 14:13:25 +0000 2017](https://twitter.com/adulau/status/874630791996821505)) +---- +An interesting discussion during the SIG information sharing at #FIRSTCON17 to expand the @MISPProject galaxy with virus/malware from A/V. + +(Originally on Twitter: [Tue Jun 13 23:38:52 +0000 2017](https://twitter.com/adulau/status/874773093339803649)) +---- +RT @attritionorg: .@msftsecurity Do you have a document that definitively links MS ShadowBroker exploit names to CVE IDs? (not just MS advi… + +(Originally on Twitter: [Wed Jun 14 20:27:50 +0000 2017](https://twitter.com/adulau/status/875087407384846337)) +---- +@dallendoug @jwunder @alexstamos Maybe there is still space of improvement to relax committees process and build standards from functional implementations. + +(Originally on Twitter: [Wed Jun 14 20:46:19 +0000 2017](https://twitter.com/adulau/status/875092058393989121)) +---- +"State of the Art in Lightweight Symmetric Cryptography" http://orbilu.uni.lu/bitstream/10993/31319/1/SoK___lightweight_crypto.pdf by @alexcryptan very well detailed + +(Originally on Twitter: [Thu Jun 15 12:13:12 +0000 2017](https://twitter.com/adulau/status/875325316725694464)) +---- +Curious about what you can learn from IP darkspace monitoring, check my presentation at #FIRSTCON17 at 14:00 today. https://www.first.org/conference/2017/program#pblackhole-networks-an-underestimated-source-for-information-leaks + +(Originally on Twitter: [Thu Jun 15 12:20:11 +0000 2017](https://twitter.com/adulau/status/875327071915999232)) +---- +RT @cherepanov74: @nullandnull @ESET @DragosInc 195.16.88[.]6 is correct one + +(Originally on Twitter: [Thu Jun 15 13:43:00 +0000 2017](https://twitter.com/adulau/status/875347913500766209)) +---- +@DSMeu @ViolaRoberto Some devices don't need all the bandwidth available to operate. Limiting bandwidth help to avoid compromised IoT to DDoS at full speed. + +(Originally on Twitter: [Thu Jun 15 14:10:01 +0000 2017](https://twitter.com/adulau/status/875354713776173058)) +---- +RT @blackswanburst: @adulau and @circl_lu have scripted gartner for AV. Lolol. ![](media/875425934287015936-DCYa5NjXYAIBB1f.jpg) + +(Originally on Twitter: [Thu Jun 15 18:53:02 +0000 2017](https://twitter.com/adulau/status/875425934287015936)) +---- +RT @blackswanburst: @adulau with the raw packets and the raw truth from their blackholes. @FIRSTdotOrg #FirstCon17 ![](media/875425975907045382-DCYZMiaWsAA-O3z.jpg) + +(Originally on Twitter: [Thu Jun 15 18:53:11 +0000 2017](https://twitter.com/adulau/status/875425975907045382)) +---- +"Blackhole Networks - an Underestimated Source for Information Leaks" +https://www.circl.lu/assets/files/circl-blackhole-first2017.pdf slides given at @FIRSTdotOrg 2017 #FIRSTCON17 + +(Originally on Twitter: [Thu Jun 15 19:15:08 +0000 2017](https://twitter.com/adulau/status/875431496886214656)) +---- +@t0rnade Sure https://twitter.com/adulau/status/875431496886214656 + +(Originally on Twitter: [Fri Jun 16 10:05:59 +0000 2017](https://twitter.com/adulau/status/875655687719624706)) +---- +@mckeay @blackswanburst Trolling is also called "vulnerability disclosure to a vendor who doesn't give a f*ck". + +(Originally on Twitter: [Fri Jun 16 13:40:24 +0000 2017](https://twitter.com/adulau/status/875709646362873856)) +---- +RT @blackswanburst: #FIRSTCON17 ![](media/875722880453050368-DCcvzUpWsAAVPnK.jpg) + +(Originally on Twitter: [Fri Jun 16 14:32:59 +0000 2017](https://twitter.com/adulau/status/875722880453050368)) +---- +Should we bet that the PQ-safe protocols will be out before TAXII 2.0 is released and used? #FIRSTCON17 ![](media/875726191600250881-DCc0TvNWsAAd6Z2.jpg) + +(Originally on Twitter: [Fri Jun 16 14:46:08 +0000 2017](https://twitter.com/adulau/status/875726191600250881)) +---- +A good summary of the common challenges in IR and especially the lateral movement detection issue. By @jpcert_en #FIRSTCON17 ![](media/875742664397918212-DCdDTTfXgAAe_rG.jpg) + +(Originally on Twitter: [Fri Jun 16 15:51:36 +0000 2017](https://twitter.com/adulau/status/875742664397918212)) +---- +RT @jwunder: @xg5_datafiend @MITREattack @MISPProject Hey @adulau let's figure this out + +(Originally on Twitter: [Fri Jun 16 16:10:58 +0000 2017](https://twitter.com/adulau/status/875747538158202880)) +---- +@jwunder @xg5_datafiend @MITREattack @MISPProject That would indeed great! A galaxy could be done as the att&ck is super clean. I'll have look and John showed me the json files. + +(Originally on Twitter: [Fri Jun 16 16:17:55 +0000 2017](https://twitter.com/adulau/status/875749288122429440)) +---- +RT @jwunder: @adulau @xg5_datafiend @MITREattack @MISPProject JSON files here, the techniques are attack-patterns: https://github.com/mitre/cti + +(Originally on Twitter: [Fri Jun 16 17:01:37 +0000 2017](https://twitter.com/adulau/status/875760283679154176)) +---- +My quick notes (on amendment 116) https://gist.github.com/adulau/c7544880919ddec0e8ccbd8888badca3 regarding the proposal of regulation in Europe for encrypted communications. + +(Originally on Twitter: [Sat Jun 17 13:41:41 +0000 2017](https://twitter.com/adulau/status/876072357898670080)) +---- +RT @rafi0t: Really cool project of @knowtheory to see microdots on documents: https://knowtheory.github.io/microdotty/ + +(Originally on Twitter: [Sat Jun 17 13:49:38 +0000 2017](https://twitter.com/adulau/status/876074359760318465)) +---- +RT @halvarflake: TIL: Microsoft has published an *ancient* lecture of mine on BinDiff. https://www.youtube.com/watch?v=rN_unxKRkLc - also features a clean-shav… + +(Originally on Twitter: [Sat Jun 17 13:55:32 +0000 2017](https://twitter.com/adulau/status/876075841763069954)) +---- +"Il n’est pas question ici de « portes dérobées »" mais d'une "possibilité d’accès" https://www.interieur.gouv.fr/Actualites/Communiques/Utilisation-de-l-Internet-a-des-fins-terroristes-plan-d-actions-franco-britannique une différence subtile #backdoor ![](media/876103859910963200-DCiKrqAXsAAuqBA.jpg) + +(Originally on Twitter: [Sat Jun 17 15:46:52 +0000 2017](https://twitter.com/adulau/status/876103859910963200)) +---- +RT @root75: "Frustra fit per plura, quod potest fieri per pauciora" +I tend to agree with @adulau - shout-out to @MISPProject https://t.co/… + +(Originally on Twitter: [Sat Jun 17 16:45:52 +0000 2017](https://twitter.com/adulau/status/876118710146256896)) +---- +@root75 @MISPProject https://en.wikiquote.org/wiki/William_of_Ockham + +(Originally on Twitter: [Sat Jun 17 16:57:49 +0000 2017](https://twitter.com/adulau/status/876121715633516545)) +---- +RT @Iglocska: @adulau @root75 @MISPProject With that said, when it comes to @MISPProject, more people working on it would always be welcome… + +(Originally on Twitter: [Sat Jun 17 17:33:24 +0000 2017](https://twitter.com/adulau/status/876130672896876544)) +---- +RT @swagitda_: .@pinkflawd giving a killer talk as usual at #Recon17 on her r2graphity tool for static binary analysis data viz https://t.c… + +(Originally on Twitter: [Sat Jun 17 18:41:16 +0000 2017](https://twitter.com/adulau/status/876147749380599810)) +---- +RT @pinkflawd: #RECon17 slides are up at https://github.com/pinkflawd/r2graphity/blob/master/GraphDracula_Recon17.pdf and Gephi prints are here https://github.com/pinkflawd/r2graphity/tree/master/output/gephi + +(Originally on Twitter: [Sat Jun 17 23:23:25 +0000 2017](https://twitter.com/adulau/status/876218757621972992)) +---- +RT @droethlisberger: Released #acefile 0.2.1 - read/test/extract ACE 1.0 and 2.0 archives in pure python https://www.roe.ch/acefile https://t.… + +(Originally on Twitter: [Sat Jun 17 23:26:40 +0000 2017](https://twitter.com/adulau/status/876219574668210177)) +---- +@MalwareJake @LastWeekTonight Two script kiddies who use the same PHP shell on a multi-homed compromised system. + +(Originally on Twitter: [Sun Jun 18 19:05:20 +0000 2017](https://twitter.com/adulau/status/876516195448623106)) +---- +@TheHive_Project @__Emilien__ @MISPProject @virustotal It seems @SteveClement works a new MISP VM including The Hive suite to make training, testing and evaluation. #ThreatHunting + +(Originally on Twitter: [Mon Jun 19 14:18:02 +0000 2017](https://twitter.com/adulau/status/876806279871819776)) +---- +RT @FordFoundation: Meet @mozilla Open Web Fellow @blackswanburst and learn about the public interest tech work he’s doing @privacyint http… + +(Originally on Twitter: [Mon Jun 19 14:21:29 +0000 2017](https://twitter.com/adulau/status/876807151964082177)) +---- +Interesting concept. Will this be reciprocal for Luxembourg to host in Estonia for critical elements? @GillesFeith +https://mobile.twitter.com/Yafsec/status/876844966278041600 + +(Originally on Twitter: [Mon Jun 19 16:59:31 +0000 2017](https://twitter.com/adulau/status/876846919737372672)) +---- +RT @root_kitty: New capabilities for miasm RE framework including symbolic execution @reconmtl #RECon17 http://www.miasm.re/blog/index.html https://t.c… + +(Originally on Twitter: [Mon Jun 19 17:09:36 +0000 2017](https://twitter.com/adulau/status/876849459271016448)) +---- +@lucianadrian @halvarflake Indeed, it moved to the official Google https://github.com/google/functionsimsearch + +(Originally on Twitter: [Tue Jun 20 09:46:54 +0000 2017](https://twitter.com/adulau/status/877100434732855296)) +---- +RT @MISPProject: Want to track spammer infrastructures? and techniques? Install @MISPProject and configure mail_to_misp https://t.co/iEnocO… + +(Originally on Twitter: [Tue Jun 20 17:58:22 +0000 2017](https://twitter.com/adulau/status/877224117157720064)) +---- +@x0rz Maybe it's time to get rid of certification and evaluate people on what they do (open source security tools, documentation, howto, projects) + +(Originally on Twitter: [Tue Jun 20 18:09:47 +0000 2017](https://twitter.com/adulau/status/877226990591512576)) +---- +@kafeine @PaulWebSec @MISPProject @Iglocska and @kafeine is the guy who made the exploit-kit MISP galaxy a reality ;-) https://github.com/MISP/misp-galaxy/blob/master/clusters/exploit-kit.json + +(Originally on Twitter: [Wed Jun 21 15:06:24 +0000 2017](https://twitter.com/adulau/status/877543229406806017)) +---- +IC 2142 @SNCB pas de climatisation dans ces vieux modèles. On crève de chaud et il n'y pas d'eau pour les voyageurs et la porte est en panne + +(Originally on Twitter: [Wed Jun 21 17:47:57 +0000 2017](https://twitter.com/adulau/status/877583883830575104)) +---- +@_SharleneMay Don't forget that a military presence can also trigger more violence than without one. They are often a target and by so increase risks. + +(Originally on Twitter: [Wed Jun 21 17:56:18 +0000 2017](https://twitter.com/adulau/status/877585986657669128)) +---- +@SNCB ![](media/877588185336889344-DC3RyVxXkAEy3_M.jpg) + +(Originally on Twitter: [Wed Jun 21 18:05:02 +0000 2017](https://twitter.com/adulau/status/877588185336889344)) +---- +@_SharleneMay Sure. It was just a small remark to not forget about it and avoid going too much in such direction. Thank you for your constructive feedback + +(Originally on Twitter: [Wed Jun 21 18:29:07 +0000 2017](https://twitter.com/adulau/status/877594245716209664)) +---- +@Kazansky137 @SNCB C'est un tag RFID avec une adresse 48-bit. En effet, une MAC adresse Ethernet est aussi une EUI-48. + +(Originally on Twitter: [Wed Jun 21 19:44:16 +0000 2017](https://twitter.com/adulau/status/877613158495473664)) +---- +@sergedroz The funny part for you: it was the old train doing Bruxelles-Basel. But CH and FR refused this old crap on their railways. Now it's lux-be. + +(Originally on Twitter: [Wed Jun 21 19:46:42 +0000 2017](https://twitter.com/adulau/status/877613769765003265)) +---- +RT @alexcryptan: A few more days for the job openings at CryptoLUX https://twitter.com/alexcryptan/status/869597518178525192 + +(Originally on Twitter: [Wed Jun 21 20:15:00 +0000 2017](https://twitter.com/adulau/status/877620890959319040)) +---- +My reading for tonight. Ping @root75 for the swimming memories and @trevorpaglen for the art work. #photography #trace ![](media/877622871006232576-DC3xS67XUAApRYp.jpg) + +(Originally on Twitter: [Wed Jun 21 20:22:52 +0000 2017](https://twitter.com/adulau/status/877622871006232576)) +---- +Just found back my old laptop Tadpole SPARCbook 2. Yep, the laptop had a Sparc processor ;-) ![](media/877943345917509632-DC8UwQ6XoAAdcvN.jpg) + +(Originally on Twitter: [Thu Jun 22 17:36:19 +0000 2017](https://twitter.com/adulau/status/877943345917509632)) +---- +@Iglocska Oh man, this was easy. https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSivz-xzVO-TaIowlZELayVq4F6uBbxsdNYA5UJalj_XmFnG4fIYg + +(Originally on Twitter: [Thu Jun 22 17:46:52 +0000 2017](https://twitter.com/adulau/status/877945999578288128)) +---- +@alexanderjaeger The design of the cover is nice. A serie of straight lines getting closer. Those days, stickers were not so common. We didn't have MISP ;-) + +(Originally on Twitter: [Thu Jun 22 21:07:17 +0000 2017](https://twitter.com/adulau/status/877996435488337920)) +---- +Notes from yesterday, are all the pcap DNS extractors the same? To be tested with a reference pcap with multiple DNS q/r. #dns #DFIR ![](media/878144106530095104-DC_KrmPXUAAiLES.png) + +(Originally on Twitter: [Fri Jun 23 06:54:04 +0000 2017](https://twitter.com/adulau/status/878144106530095104)) +---- +@aris_ada Indeed Solaris 2.4/SunOS 5.4. + +(Originally on Twitter: [Fri Jun 23 07:17:29 +0000 2017](https://twitter.com/adulau/status/878149997417472000)) +---- +@vloquet @TechRepublic Good opportunity to try open source security tools instead. If it's crap, you can drop it asap. If it's good, you keep it. + +(Originally on Twitter: [Fri Jun 23 17:00:29 +0000 2017](https://twitter.com/adulau/status/878296715119529986)) +---- +RT @xme: My slides are available online: Unity Makes Strength (https://www.slideshare.net/xme/unity-makes-strength-77234478) #BSidesAth + +(Originally on Twitter: [Sun Jun 25 08:31:04 +0000 2017](https://twitter.com/adulau/status/878893292821385216)) +---- +Social engineering works with everyone including security professionals. This is just a matter of how your adversary is informed. + +(Originally on Twitter: [Sun Jun 25 16:52:49 +0000 2017](https://twitter.com/adulau/status/879019560355147776)) +---- +@rafi0t The google index and search engine are slowly drifting to a reduce spot of the Internet and putting all of us in a knowledge darkness. + +(Originally on Twitter: [Sun Jun 25 17:14:00 +0000 2017](https://twitter.com/adulau/status/879024892049600512)) +---- +@ClausHoumann @CrowdStrike @Tanium Is this a good news or a bad news for the security at large and on the long run? + +(Originally on Twitter: [Sun Jun 25 17:46:40 +0000 2017](https://twitter.com/adulau/status/879033114370207746)) +---- +@ClausHoumann @CrowdStrike @Tanium Not sure if large round of investment s are going into direct R&D and not short terms investments like marketing to increase return quickly. + +(Originally on Twitter: [Sun Jun 25 19:40:02 +0000 2017](https://twitter.com/adulau/status/879061644529283074)) +---- +http://bjoern.brembs.net/2016/02/sci-hub-as-necessary-effective-civil-disobedience/ ...one big raised middle finger. Clearly, two decades of negotiations, talks and diplomacy have led us nowhere. + +(Originally on Twitter: [Mon Jun 26 05:43:30 +0000 2017](https://twitter.com/adulau/status/879213510881837058)) +---- +RT @MISPProject: Detection Maturity Level (DML) model added to @MISPProject taxonomies https://www.misp-project.org/taxonomies.html#_dml model by @ryanstillions - @… + +(Originally on Twitter: [Mon Jun 26 08:53:53 +0000 2017](https://twitter.com/adulau/status/879261422693363713)) +---- +Dear @redhatopen could you open the answer publicly? It'll help OSS projects which requires to support your distrib https://access.redhat.com/solutions/896363 + +(Originally on Twitter: [Mon Jun 26 09:05:27 +0000 2017](https://twitter.com/adulau/status/879264333515063296)) +---- +Using MISP in a crazy way? contributing to MISP? or willing to share your experience of #threatintel integration? +https://twitter.com/MISPProject/status/879602264285073408 + +(Originally on Twitter: [Tue Jun 27 07:45:47 +0000 2017](https://twitter.com/adulau/status/879606672372764673)) +---- +There is something wrong with any organisation when you need to vote for agreeing on a standard especially if you have to pay for voting. + +(Originally on Twitter: [Tue Jun 27 21:16:28 +0000 2017](https://twitter.com/adulau/status/879810688474066945)) +---- +@Iglocska democracies is a large set of diverse definitions. Sometime you need to redefine it and make it better for the large set of citizen. + +(Originally on Twitter: [Tue Jun 27 21:26:22 +0000 2017](https://twitter.com/adulau/status/879813180289146880)) +---- +@Iglocska Maybe where DoOcracy plays a role https://communitywiki.org/wiki/DoOcracy especially in the open source/free software community. + +(Originally on Twitter: [Tue Jun 27 21:29:55 +0000 2017](https://twitter.com/adulau/status/879814069888458753)) +---- +During @FIRSTdotOrg 2017 we had an interesting debate about #WannaCry (supervised by @sergedroz) and now some hypothesis discussed are back + +(Originally on Twitter: [Tue Jun 27 21:40:00 +0000 2017](https://twitter.com/adulau/status/879816608105062400)) +---- +@FIRSTdotOrg @sergedroz One of the hypothesis was the use of the ransomware as a marketing show-off for capabilities of some team willing to sell their "services". + +(Originally on Twitter: [Tue Jun 27 21:41:24 +0000 2017](https://twitter.com/adulau/status/879816960921489411)) +---- +Looks like the #Petya adversary(ies) did some psexec recycling from various sources. Based on @McAfee_Labs report https://securingtomorrow.mcafee.com/mcafee-labs/new-variant-petya-ransomware-spreading-like-wildfire/ ![](media/879820471042273282-DDW_Y5PXYAAGMm8.jpg) + +(Originally on Twitter: [Tue Jun 27 21:55:21 +0000 2017](https://twitter.com/adulau/status/879820471042273282)) +---- +@pstirparo @FIRSTdotOrg @sergedroz @sans_isc I would classify it as H5 "private actor (trying?) to sell services to state-affiliated actor and did some marketing before" + +(Originally on Twitter: [Tue Jun 27 21:58:50 +0000 2017](https://twitter.com/adulau/status/879821349551833088)) +---- +@jaimeblascob @McAfee_Labs @MISPProject Yep. Recyling is one of the key technique to introduce confusion. But such indicators are still useful to decrease confidence level or alike + +(Originally on Twitter: [Wed Jun 28 04:49:52 +0000 2017](https://twitter.com/adulau/status/879924788910850049)) +---- +@marnixdekker @NATO @CERTEU We are proud to see our humble open source project @MISPProject to be used by so many organisations. + +(Originally on Twitter: [Wed Jun 28 17:46:00 +0000 2017](https://twitter.com/adulau/status/880120108064157696)) +---- +Thanks to @thomasazier https://www.flickr.com/photos/adulau/35558229066/ for his incredible performance in Luxembourg @denAtelier #photography https://www.flickr.com/photos/adulau/35558229066/ + +(Originally on Twitter: [Wed Jun 28 21:38:43 +0000 2017](https://twitter.com/adulau/status/880178676096217088)) +---- +RT @MISPProject: The ongoing development for the misp-object is very active. Screenshots of the misp-object template . Still time -> https:… + +(Originally on Twitter: [Thu Jun 29 07:20:09 +0000 2017](https://twitter.com/adulau/status/880324996647849984)) +---- +RT @jepayneMSFT: While many places are focused on a patch or a 'kill switch,' that is not what Petya counted on, it counted on missing secu… + +(Originally on Twitter: [Thu Jun 29 18:31:26 +0000 2017](https://twitter.com/adulau/status/880493931586351104)) +---- +RT @samykamkar: I'm looking at the datasheet for the Wifi/Bluetooth radio on the Raspberry Pi 3 and it has an FM receiver built in! But pin… + +(Originally on Twitter: [Fri Jun 30 05:29:20 +0000 2017](https://twitter.com/adulau/status/880659497370484736)) +---- +@swannysec @MISPProject Any pointer? There are different MISP communities at NATO including @NICPnews + +(Originally on Twitter: [Fri Jun 30 05:32:48 +0000 2017](https://twitter.com/adulau/status/880660368208560130)) +---- +"Rational Trust Modeling" https://arxiv.org/pdf/1706.09861.pdfseems applicable to build sharing communities where utility is key and the rationality is high. + +(Originally on Twitter: [Fri Jun 30 06:16:25 +0000 2017](https://twitter.com/adulau/status/880671347231391744)) +---- +@NICPnews @swannysec @MISPProject @CERTEU We are joyful to see all the sharing, so many communities popping up http://www.misp-project.org/communities/ like @circl_lu @FidelisCyber @FIRSTdotOrg + +(Originally on Twitter: [Fri Jun 30 08:55:04 +0000 2017](https://twitter.com/adulau/status/880711273041850368)) +---- +RT @swannysec: @adulau @MISPProject @NICPnews http://www.npr.org/2017/06/29/534835108/how-europe-is-grappling-with-increased-threats-to-cybersecurity Toward the end. + +(Originally on Twitter: [Fri Jun 30 13:33:52 +0000 2017](https://twitter.com/adulau/status/880781432276365313)) +---- +RT @ThomasAzierFC: New photos of @thomasazier at @sirenscallfestival in Luxembourg .24.06.2017. +More pictures on : https://t.co/B4eeq3ecRd.… + +(Originally on Twitter: [Sat Jul 01 14:49:33 +0000 2017](https://twitter.com/adulau/status/881162869143982080)) +---- +Idea of the day proposed by a large CERT in germany: "##comma## should be the name of a new threat actor" & watch the TIP burning. @shrekts + +(Originally on Twitter: [Mon Jul 03 17:52:31 +0000 2017](https://twitter.com/adulau/status/881933686945533953)) +---- +"DeltaPhish: Detecting Phishing Webpages in Compromised Websites" +https://arxiv.org/pdf/1707.00317.pdf + +(Originally on Twitter: [Wed Jul 05 04:43:52 +0000 2017](https://twitter.com/adulau/status/882459994351861760)) +---- +@codelancer @lorenzoFB Any hashes to share regarding SIO "products"? + +(Originally on Twitter: [Wed Jul 05 08:21:44 +0000 2017](https://twitter.com/adulau/status/882514820087599110)) +---- +Literally my two honeypots were intercepted at the border control of an airport. ![](media/882555085187952641-DD93KKkW0AAUAet.jpg) + +(Originally on Twitter: [Wed Jul 05 11:01:44 +0000 2017](https://twitter.com/adulau/status/882555085187952641)) +---- +Threat intelligence is the stuff mentioned in a slide deck to make a CSV file impressive for the audience. #ThreatIntelligence + +(Originally on Twitter: [Thu Jul 06 05:32:24 +0000 2017](https://twitter.com/adulau/status/882834593417768960)) +---- +@r00tbsd indeed large binaries distributed on obscure compromised websites where you click on random advertising links is so much safer nowadays ;-) + +(Originally on Twitter: [Thu Jul 06 05:52:19 +0000 2017](https://twitter.com/adulau/status/882839609738240001)) +---- +"A Survey on Security and Privacy Issues of Bitcoin" +https://arxiv.org/pdf/1706.00916.pdf an exhaustive state-of-the-art #privacy #bitcoin + +(Originally on Twitter: [Thu Jul 06 07:57:18 +0000 2017](https://twitter.com/adulau/status/882871060403826688)) +---- +RT @MISPProject: During @SHA2017Camp we will talk about the @MISPProject https://program.sha2017.org/events/23.html a good opportunity to meet the community.… + +(Originally on Twitter: [Fri Jul 07 11:49:30 +0000 2017](https://twitter.com/adulau/status/883291885288251393)) +---- +RT @pinkflawd: BlackHoodie enters round #3: It will take place in Luxembourg 25./26. of November, again free & women-only \m/-.-\m/ +https:/… + +(Originally on Twitter: [Fri Jul 07 13:40:40 +0000 2017](https://twitter.com/adulau/status/883319859727278080)) +---- +RT @pinkflawd: Thats the scary part: “We never anticipated that our critical infrastructure control systems would be facing advanced levels… + +(Originally on Twitter: [Fri Jul 07 15:16:40 +0000 2017](https://twitter.com/adulau/status/883344020704944128)) +---- +@IgorSkochinsky Indeed, it seems systemd is becoming the de-facto standard to compromise recent GNU/Linux distribution and add a reverse shell easily ;-) + +(Originally on Twitter: [Fri Jul 07 20:37:14 +0000 2017](https://twitter.com/adulau/status/883424690764644353)) +---- +Every quarter, we come back with a discussion to reimplement a simpler OpenPGP key server to support our usage in @MISPProject should we? + +(Originally on Twitter: [Sat Jul 08 08:48:51 +0000 2017](https://twitter.com/adulau/status/883608807565340672)) +---- +@nwalfield The idea is to run a set of OpenPGP key server per trust group to support @MISPProject events signing https://github.com/MISP/MISP/wiki/AuthenticationProject + +(Originally on Twitter: [Sat Jul 08 09:08:21 +0000 2017](https://twitter.com/adulau/status/883613716419420160)) +---- +@nwalfield @MISPProject Looking at your list, onak could be an option looking at the possibility to have a static version using flat-files (which is our main req.) + +(Originally on Twitter: [Sat Jul 08 09:12:10 +0000 2017](https://twitter.com/adulau/status/883614676403269632)) +---- +@nwalfield @MISPProject Exactly and should work like a static repository of JSON files with the associated and signed PGP keys of each MISP orgs/uuids. + +(Originally on Twitter: [Sat Jul 08 09:13:12 +0000 2017](https://twitter.com/adulau/status/883614936588529664)) +---- +@nwalfield @MISPProject That would be indeed an option. The issue is many MISP community can be private and doesn't want their keys published in public key servers. + +(Originally on Twitter: [Sat Jul 08 09:19:50 +0000 2017](https://twitter.com/adulau/status/883616608782036992)) +---- +@nwalfield @MISPProject I agree with you to rely on the crypto-properties. We have a signing component in PyMISP but the difficult part is the key distribution. + +(Originally on Twitter: [Sat Jul 08 09:28:14 +0000 2017](https://twitter.com/adulau/status/883618722015006720)) +---- +@nwalfield @MISPProject MISP is already actively using PGP (encrypted and signed notification) but it's bound to single instances. Maybe we could discuss it f2f. + +(Originally on Twitter: [Sat Jul 08 09:30:32 +0000 2017](https://twitter.com/adulau/status/883619298308239360)) +---- +"lines are everywhere" https://www.flickr.com/photos/adulau/34988297173/ #blackandwhitephotography #StreetArt #Bruxelles + +(Originally on Twitter: [Sat Jul 08 15:51:59 +0000 2017](https://twitter.com/adulau/status/883715295533297664)) +---- +@cudeso @circl_lu Good point. We might have one during @hack_lu or just after. There is also the hackathon 20/10 http://hackathon.hack.lu including AIL. + +(Originally on Twitter: [Sat Jul 08 20:49:36 +0000 2017](https://twitter.com/adulau/status/883790193744113665)) +---- +@wimremes Together with @pidgeyL + +(Originally on Twitter: [Sun Jul 09 14:04:33 +0000 2017](https://twitter.com/adulau/status/884050643857670145)) +---- +RT @root75: The Helsinki Bus Station Theory: find your own vision in photography by staying on the bus https://petapixel.com/2013/03/13/the-helsinki-bus-station-theory-finding-your-own-vision-in-photography/ cc/ @adulau + +(Originally on Twitter: [Mon Jul 10 06:12:22 +0000 2017](https://twitter.com/adulau/status/884294205610315776)) +---- +@root75 This is maybe the most important advice in photography. Perserverence is key. You might want to read Art and Fear. Atm stuck in a bus ;-) + +(Originally on Twitter: [Mon Jul 10 06:21:48 +0000 2017](https://twitter.com/adulau/status/884296580026822658)) +---- +@LSELabs @wimremes @pidgeyL Thank you. Maybe you should add some other security projects like https://github.com/MISP or https://github.com/CIRCL/AIL-framework ? + +(Originally on Twitter: [Mon Jul 10 14:00:26 +0000 2017](https://twitter.com/adulau/status/884411997714075650)) +---- +@S_Team_Approved @metaconflict Le risque est nul? Ah bon les devices sont connectées, traitent des données personnelles et ne sont pas maintenues. + +(Originally on Twitter: [Mon Jul 10 20:16:21 +0000 2017](https://twitter.com/adulau/status/884506600861573120)) +---- +RT @solardiz: European Commission is "looking for organiser of open source bug-bounty", up to 60k EUR (admin + bounties), 2 months https://… + +(Originally on Twitter: [Mon Jul 10 20:20:51 +0000 2017](https://twitter.com/adulau/status/884507732598034432)) +---- +"Why Modern Open Source Projects Fail" +https://arxiv.org/pdf/1707.02327.pdf + +(Originally on Twitter: [Tue Jul 11 07:34:30 +0000 2017](https://twitter.com/adulau/status/884677260938268673)) +---- +The @asscert certification is missing from this 'incredible cyber cyber cyber website' http://cyberwarfareofficer.com + +(Originally on Twitter: [Tue Jul 11 11:19:12 +0000 2017](https://twitter.com/adulau/status/884733812005122048)) +---- +Thanks to @chrisdoman for the new @MISPProject expansion modules for @OTX and @threatcrowd #ThreatIntelligence https://github.com/MISP/misp-modules + +(Originally on Twitter: [Tue Jul 11 18:24:15 +0000 2017](https://twitter.com/adulau/status/884840778836701184)) +---- +@xme Paper, pencil and a wallet. + +(Originally on Twitter: [Wed Jul 12 09:14:50 +0000 2017](https://twitter.com/adulau/status/885064899407302657)) +---- +RT @MISPProject: We will join the second @hack_lu Open Source Security Software Hackathon 19 and 20 October 2017 https://hackathon.hack.lu/ w… + +(Originally on Twitter: [Wed Jul 12 09:15:17 +0000 2017](https://twitter.com/adulau/status/885065013253296129)) +---- +@pbeyssac Le marteau ne pollue pas directement l'eau de distribution de toute une ville ou d'un village. C'est le cas des pesticides. + +(Originally on Twitter: [Wed Jul 12 11:29:30 +0000 2017](https://twitter.com/adulau/status/885098791128494082)) +---- +@a_z_e_t @BetterCrypto I still think that having multiple sources for entropy is still better than relying on a single one having a single internal state. 😉 + +(Originally on Twitter: [Wed Jul 12 15:12:49 +0000 2017](https://twitter.com/adulau/status/885154988724555777)) +---- +@a_z_e_t @BetterCrypto Leaking key materials via other sources might be indeed a risk. But I still remember too much the valgrind on OpenSSL bug report ;-) + +(Originally on Twitter: [Wed Jul 12 15:23:33 +0000 2017](https://twitter.com/adulau/status/885157690690949126)) +---- +@a_z_e_t @BetterCrypto Silent security patches in the Linux kernel never happened *cough cough* ;-) + +(Originally on Twitter: [Wed Jul 12 15:26:22 +0000 2017](https://twitter.com/adulau/status/885158399801008129)) +---- +@SNCB Did you really change the name of Jemelle to Rochefort/Jemelle due to @FrancoisBELLOT ? + +(Originally on Twitter: [Wed Jul 12 16:23:38 +0000 2017](https://twitter.com/adulau/status/885172809152040960)) +---- +@Krands_ @SNCB @FrancoisBELLOT This is a fuck*ng incredible including for a question of where the priorities are or even for pratical issues with GIS train station ref. + +(Originally on Twitter: [Wed Jul 12 16:30:12 +0000 2017](https://twitter.com/adulau/status/885174461548376064)) +---- +@CYINT_dude Microsoft should provide a JSON dump and not a limited authenticated API. This would be better for cve-search https://github.com/cve-search/cve-search + +(Originally on Twitter: [Wed Jul 12 18:45:08 +0000 2017](https://twitter.com/adulau/status/885208419422154752)) +---- +I miss Pieter Hintjens, his blog posts, books and git commits. ![](media/885236473745813504-DEj9DqKXkAAqg19.jpg) + +(Originally on Twitter: [Wed Jul 12 20:36:36 +0000 2017](https://twitter.com/adulau/status/885236473745813504)) +---- +"Onions in the Crosshairs, When The Man really is out to get you" +https://arxiv.org/pdf/1706.10292.pdf some insightful adversary models against #tor + +(Originally on Twitter: [Wed Jul 12 20:42:47 +0000 2017](https://twitter.com/adulau/status/885238028968632322)) +---- +@SaiGonSeamus U.S. Navy still needs a network to capture open source intelligence. By reaching a critical mass of mixed users, this helps many objectives. + +(Originally on Twitter: [Wed Jul 12 20:54:09 +0000 2017](https://twitter.com/adulau/status/885240889999753217)) +---- +@SaiGonSeamus If you have a good way to identify the Tor users in the network maybe you should submit a talk/paper to a security conference. + +(Originally on Twitter: [Thu Jul 13 04:32:27 +0000 2017](https://twitter.com/adulau/status/885356222622445569)) +---- +RT @tqbf: 1. Accidentally publish TLS key on website. +2. Revoke certificate. +3. Get new certificate =WITH SAME KEY=. + +https://t.co/bUXrKPP… + +(Originally on Twitter: [Thu Jul 13 05:24:33 +0000 2017](https://twitter.com/adulau/status/885369335535075329)) +---- +RT @uhf_satcom: Great to catch up with Roland!! ![](media/885896925207310337-DEswEdrXoAUKn5r.jpg) + +(Originally on Twitter: [Fri Jul 14 16:21:00 +0000 2017](https://twitter.com/adulau/status/885896925207310337)) +---- +@r00tbsd So you did like me? ![](media/885898382522417152-DEtX0sZW0AAAoxF.jpg) + +(Originally on Twitter: [Fri Jul 14 16:26:48 +0000 2017](https://twitter.com/adulau/status/885898382522417152)) +---- +RT @antirez: Redis 4.0.0 GA is out! My notes here: https://groups.google.com/d/msg/redis-db/5Kh3viziYGQ/58TKLwX0AAAJ + +(Originally on Twitter: [Fri Jul 14 19:21:54 +0000 2017](https://twitter.com/adulau/status/885942449331372036)) +---- +Why the documents mentioning "C-level" don't reference Dennis Ritchie? #readingcrappydocs + +(Originally on Twitter: [Fri Jul 14 20:21:24 +0000 2017](https://twitter.com/adulau/status/885957423470714881)) +---- +RT @MISPProject: During @hack_lu 2017, there will be a joint workshop with @MISPProject and @TheHive_Project we hope to see you there. #Thr… + +(Originally on Twitter: [Sat Jul 15 15:49:06 +0000 2017](https://twitter.com/adulau/status/886251283786715136)) +---- +@1sand0s It's in the family of the Syrphidae (Hoverfly) with this picture, I would said a "Volucella zonaria". It's a diptera (a kind of fly ;-) + +(Originally on Twitter: [Sat Jul 15 19:33:13 +0000 2017](https://twitter.com/adulau/status/886307685486014466)) +---- +@LSELabs I try to maintain a version with the myriad of patches available for ssldump. https://github.com/adulau/ssldump + +(Originally on Twitter: [Sat Jul 15 19:35:01 +0000 2017](https://twitter.com/adulau/status/886308138600865793)) +---- +@1sand0s Cool so it's matching. Just saw your picture ;-) + +(Originally on Twitter: [Sat Jul 15 19:36:12 +0000 2017](https://twitter.com/adulau/status/886308436383858689)) +---- +I still think there is something completely broken with CLA https://github.com/facebook/rocksdb/blob/master/CONTRIBUTING.md and looking at the recent relicensing. It's a validation + +(Originally on Twitter: [Sun Jul 16 08:28:46 +0000 2017](https://twitter.com/adulau/status/886502856605478913)) +---- +@hackerfantastic I remember reporting heartbleed vulnerable devices. The company told us they don't use OpenSSL but a vendor X appliance. So all is fine... + +(Originally on Twitter: [Sun Jul 16 08:42:08 +0000 2017](https://twitter.com/adulau/status/886506222781947904)) +---- +RT @circl_lu: "An extended analysis of an IoT malware from a blackhole network" #mirai https://www.circl.lu/assets/files/tnc17_paper_Fullpaper-IoTBlackholeCW.pdf joint work between @circl_l… + +(Originally on Twitter: [Mon Jul 17 08:03:45 +0000 2017](https://twitter.com/adulau/status/886858949806481408)) +---- +"PyREBox is a Python scriptable Reverse Engineering sandbox" https://github.com/Cisco-Talos/pyrebox relying on QEMU. I need to test it. + +(Originally on Twitter: [Tue Jul 18 09:17:20 +0000 2017](https://twitter.com/adulau/status/887239857638182913)) +---- +What's the current ratio of fake, compromised or abused sinkholes? One out of ten? Or more? #measuringsecurity + +(Originally on Twitter: [Tue Jul 18 18:31:44 +0000 2017](https://twitter.com/adulau/status/887379375506829312)) +---- +RT @nickm_tor: The paper's over at https://petsymposium.org/2017/papers/issue3/paper01-2017-3-source.pdf + +(Originally on Twitter: [Tue Jul 18 21:16:07 +0000 2017](https://twitter.com/adulau/status/887420742270365696)) +---- +@a_z_e_t Trolling question: does an additional user-space RNG would have helped or mitigated the back-doored RNG part? ;-) + +(Originally on Twitter: [Thu Jul 20 14:27:08 +0000 2017](https://twitter.com/adulau/status/888042597146669060)) +---- +RT @a_z_e_t: A Systematic Analysis of the Juniper Dual EC Incident: https://www.ietf.org/proceedings/99/slides/slides-99-irtfopen-anrp-stephen-checkoway-a-systematic-analysis-of-the-juniper-dual-ec-incident-00.pdf + +#IETF99 + +(Originally on Twitter: [Thu Jul 20 14:27:25 +0000 2017](https://twitter.com/adulau/status/888042668147830789)) +---- +RT @tqbf: More great work from @hanno, this time demonstrating Symantec’s inability to compare RSA keys. https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html + +(Originally on Twitter: [Thu Jul 20 19:29:02 +0000 2017](https://twitter.com/adulau/status/888118571544399873)) +---- +The #opsec aspect of buying drugs online and registering to the same website is so awkward. + +(Originally on Twitter: [Thu Jul 20 19:51:45 +0000 2017](https://twitter.com/adulau/status/888124289924292608)) +---- +@S_Team_Approved @hack_lu http://archive.hack.lu/2007/hacklu2007_barisani_bianco.pdf At hack.lu in 2007. + +(Originally on Twitter: [Thu Jul 20 20:02:24 +0000 2017](https://twitter.com/adulau/status/888126966238507008)) +---- +When you don't know what to do with a threat actor or an adversary, seize some random C2 (proxy or compromised hosts) to make press releases + +(Originally on Twitter: [Fri Jul 21 05:43:14 +0000 2017](https://twitter.com/adulau/status/888273138147966976)) +---- +RT @piotrkijewski: Insight into attacks, backscatter, misconfigured devices observed thru blackhole networks (darknets) (by @circl_lu) http… + +(Originally on Twitter: [Fri Jul 21 06:38:03 +0000 2017](https://twitter.com/adulau/status/888286935709474816)) +---- +"On the Economics of Ransomware" https://arxiv.org/pdf/1707.06247.pdf Now "backup and restore strategies" finally become academic relevant. #Ransomware ![](media/888306740625899520-DFPln17WsAEAjRS.jpg) + +(Originally on Twitter: [Fri Jul 21 07:56:45 +0000 2017](https://twitter.com/adulau/status/888306740625899520)) +---- +How to "protect" your children by installing malware, weakening mobile security and leaking their data to the world. +https://mobile.twitter.com/FlexiSPYLtd/status/888351886289629184 + +(Originally on Twitter: [Fri Jul 21 11:10:29 +0000 2017](https://twitter.com/adulau/status/888355496046063616)) +---- +RT @rafi0t: @ayoul3__ @okhin @BlackHatUSA @defcon @BSidesLV @usa Hey, wanna come to @hack_lu in October? Our CFP is still open => https://t… + +(Originally on Twitter: [Fri Jul 21 21:19:46 +0000 2017](https://twitter.com/adulau/status/888508826223124481)) +---- +Glad to see my picture done at OHM on the @SHA2017Camp badge https://twitter.com/SHA2017Badge/status/888503622312570881 https://www.flickr.com/photos/adulau/9464930917/ see you there! + +(Originally on Twitter: [Sat Jul 22 12:06:03 +0000 2017](https://twitter.com/adulau/status/888731867763146752)) +---- +@martijn_grooten @bartblaze The motive overview is very good and quite complete compared to Veris. Maybe I should do a motive taxonomy from it. https://github.com/MISP/misp-taxonomies + +(Originally on Twitter: [Sat Jul 22 12:32:08 +0000 2017](https://twitter.com/adulau/status/888738431307849728)) +---- +RT @SHA2017Badge: @adulau @SHA2017Camp Well, it is a fantastic picture! ![](media/888748981899145217-DFV37cnXsAERCT1.jpg) + +(Originally on Twitter: [Sat Jul 22 13:14:04 +0000 2017](https://twitter.com/adulau/status/888748981899145217)) +---- +graffiti versus light https://www.flickr.com/photos/adulau/35276279693/ #photography #graffiti #urbex + +(Originally on Twitter: [Sat Jul 22 14:01:42 +0000 2017](https://twitter.com/adulau/status/888760971971493888)) +---- +RT @MISPProject: "MISP threat sharing platform" lecture at @SHA2017Camp https://program.sha2017.org/events/23.html by @adulau 2017-08-07 at 14:25. We hope to… + +(Originally on Twitter: [Sun Jul 23 07:24:06 +0000 2017](https://twitter.com/adulau/status/889023301187768320)) +---- +@lehtior2 or security software will become a commodity and the majority of security products will be open source beside the ones requiring > resources + +(Originally on Twitter: [Sun Jul 23 08:51:21 +0000 2017](https://twitter.com/adulau/status/889045256704020481)) +---- +@lehtior2 Indeed but the mistake is to not have a "commoditized" version of VirusTotal. I suppose the cost of operating is still too high. + +(Originally on Twitter: [Sun Jul 23 09:11:25 +0000 2017](https://twitter.com/adulau/status/889050308026015744)) +---- +@lehtior2 I would be curious to know the overall cost of a Yara retro-hunt against the VT repository. + +(Originally on Twitter: [Sun Jul 23 09:20:07 +0000 2017](https://twitter.com/adulau/status/889052497150717952)) +---- +@MonsantoEurope "Potential toxic effects of glyphosate and its commercial formulations +below regulatory limits" http://biomar.ulb.ac.be/wp-content/uploads/2015/11/Mesnage-et-al-2015.pdf + +(Originally on Twitter: [Sun Jul 23 12:11:28 +0000 2017](https://twitter.com/adulau/status/889095618970386435)) +---- +@MonsantoEurope "Toxicity of glyphosate herbicide on Nile tilapia (Oreochromis niloticus) juvenile" +http://www.academicjournals.org/journal/AJAR/article-full-text-pdf/6E4299538453 + +(Originally on Twitter: [Sun Jul 23 12:14:01 +0000 2017](https://twitter.com/adulau/status/889096260812189696)) +---- +@jedisct1 Have you tested it? The major issue usually is the speed of write from wire to disk. Not sure how they buffer and handle the issue. + +(Originally on Twitter: [Sun Jul 23 12:27:27 +0000 2017](https://twitter.com/adulau/status/889099639949074434)) +---- +@Th3PeKo @BalCC0n @FSEChr Maybe you want to have a look at @hack_lu 17-19 October in #Luxembourg + +(Originally on Twitter: [Sun Jul 23 15:58:46 +0000 2017](https://twitter.com/adulau/status/889152819642716160)) +---- +@dascritch Sig alarm rules. + +(Originally on Twitter: [Tue Jul 25 16:21:43 +0000 2017](https://twitter.com/adulau/status/889883370389372929)) +---- +After @hack_lu and during @BSidesLux we organise a hackathon for the open source security projects. Join us at https://hackathon.hack.lu + +(Originally on Twitter: [Wed Jul 26 14:04:52 +0000 2017](https://twitter.com/adulau/status/890211320653643780)) +---- +RT @veorq: the crypto testing tool we presented at Black Hat https://github.com/kudelskisecurity/cdf + +(Originally on Twitter: [Thu Jul 27 06:18:30 +0000 2017](https://twitter.com/adulau/status/890456342128885761)) +---- +@BrianHonan Indeed. This is highly due to the marketing of vendors trying to sell magical things instead of supporting the staff to do analytical works. + +(Originally on Twitter: [Thu Jul 27 07:15:10 +0000 2017](https://twitter.com/adulau/status/890470603320434688)) +---- +@marcosorallo @MISPProject We welcome pull-request ;-) The dev guide you mean for extension like misp-modules? We might move the content of the trainings to the book. + +(Originally on Twitter: [Fri Jul 28 06:58:34 +0000 2017](https://twitter.com/adulau/status/890828813613006848)) +---- +@MrAdz350 Where have you seen that? I'm curious do you have a pointer to share? Thank you. + +(Originally on Twitter: [Fri Jul 28 07:05:22 +0000 2017](https://twitter.com/adulau/status/890830522926198784)) +---- +@marcosorallo @MISPProject Good point. So an extension to the contributing markdown. We'll look into it. Thanks. + +(Originally on Twitter: [Fri Jul 28 07:34:20 +0000 2017](https://twitter.com/adulau/status/890837812903370752)) +---- +RT @botherder: Are you a techie and want to work in human rights? We're looking for a technologist to join me in Berlin at @Amnesty https:/… + +(Originally on Twitter: [Fri Jul 28 13:39:40 +0000 2017](https://twitter.com/adulau/status/890929752915292160)) +---- +RT @codelancer: Do you remember my photo of Hacking Team booth ? so, they were so angry and Twitter banned me :) Private photo from public… + +(Originally on Twitter: [Fri Jul 28 16:01:43 +0000 2017](https://twitter.com/adulau/status/890965501576347649)) +---- +@cyb3rops Interesting. Do you know if there is an indepth security review of the protocol(s) and implementation? + +(Originally on Twitter: [Fri Jul 28 16:08:14 +0000 2017](https://twitter.com/adulau/status/890967141478006784)) +---- +RT @msuiche: I just published “Porosity” https://medium.com/p/porosity-18790ee42827 + +(Originally on Twitter: [Sat Jul 29 07:20:55 +0000 2017](https://twitter.com/adulau/status/891196826573000704)) +---- +@verovaleros I learned a lot from @EdwardTufte books and everytime I do infosec visualizations, I feel that I'm still far away to master his practices. + +(Originally on Twitter: [Sat Jul 29 07:45:46 +0000 2017](https://twitter.com/adulau/status/891203078262841344)) +---- +@angealbertini @verovaleros Simple things like ensuring the use of coherent colormaps, adequate & consistent typeface on axis and extracting outliers in 2-step visuals + +(Originally on Twitter: [Sat Jul 29 07:56:55 +0000 2017](https://twitter.com/adulau/status/891205883933462528)) +---- +@angealbertini @verovaleros When a graph is too large for visualising the outliers, to have two graphs explaining the change of scale but still showing the proportions. + +(Originally on Twitter: [Sat Jul 29 08:06:09 +0000 2017](https://twitter.com/adulau/status/891208209914048512)) +---- +late in the night https://www.flickr.com/photos/adulau/36122653361/ #photography + +(Originally on Twitter: [Sun Jul 30 06:29:28 +0000 2017](https://twitter.com/adulau/status/891546265737211904)) +---- +@erwanlenoan @UpLib @TechnologistEU Any reference to the proposed EU text? + +(Originally on Twitter: [Sun Jul 30 12:34:56 +0000 2017](https://twitter.com/adulau/status/891638236786958336)) +---- +RT @CyberRecce: https://github.com/Professor-plum/metasploit-framework/tree/master/modules/exploits/windows/misc Metasploit Exploits for hijacking C2 of GhostRAT, PlugX, XtremeRAT #malware #defcon25 + +(Originally on Twitter: [Sun Jul 30 16:04:24 +0000 2017](https://twitter.com/adulau/status/891690951646879744)) +---- +@josephfcox So the risk of having a compromise like "RSA SecurID" who took place in 2011 is also possible with YubiKeys as the provisioning is similar? + +(Originally on Twitter: [Sun Jul 30 17:05:11 +0000 2017](https://twitter.com/adulau/status/891706250223906816)) +---- +@christiaanbrand @josephfcox So the risk is mainly when the factory is compromised and the adversary modified the authentication process? Indeed the risk seems lower. + +(Originally on Twitter: [Sun Jul 30 19:38:33 +0000 2017](https://twitter.com/adulau/status/891744846167363584)) +---- +@robtexdotcom This is really cool. Will you support the common passive dns output? https://tools.ietf.org/html/draft-dulaunoy-dnsop-passive-dns-cof-03 + +(Originally on Twitter: [Mon Jul 31 13:06:10 +0000 2017](https://twitter.com/adulau/status/892008485906505728)) +---- +RT @matthew_d_green: When asked to criticize a system, infosec experts have unlimited time. When you ask them for a constructive alternativ… + +(Originally on Twitter: [Mon Jul 31 13:07:04 +0000 2017](https://twitter.com/adulau/status/892008713611096064)) +---- +@robtexdotcom Great let me know if you see any issues with implementing the draft as we will be soon in the last-call process. + +(Originally on Twitter: [Mon Jul 31 14:47:52 +0000 2017](https://twitter.com/adulau/status/892034079788597248)) +---- +RT @MISPProject: We accept contributions from everyone, even from those who don't have #CISSP. + +(Originally on Twitter: [Mon Jul 31 20:16:20 +0000 2017](https://twitter.com/adulau/status/892116740326531073)) +---- +@quinnnorton I only saw an unconfigured TLS website of a writer who likes to hang out in the dead end alleys and rough neighborhood of the Internet. + +(Originally on Twitter: [Mon Jul 31 20:54:47 +0000 2017](https://twitter.com/adulau/status/892126417219145729)) +---- +RT @circl_lu: Following multiple requests, a first AIL training is planned the 28th November in Luxembourg - registration is open https://t… + +(Originally on Twitter: [Tue Aug 01 11:36:25 +0000 2017](https://twitter.com/adulau/status/892348289269583872)) +---- +@rob_pike We do for the last open source security software hackathon some contributions included docs and classifications. https://hackathon.hack.lu/ + +(Originally on Twitter: [Tue Aug 01 13:46:21 +0000 2017](https://twitter.com/adulau/status/892380986100633602)) +---- +I really enjoyed @rencontresarles especially the library spot after each exhibition. Nicely done. https://www.flickr.com/photos/adulau/36183871571/ #photography + +(Originally on Twitter: [Tue Aug 01 20:57:15 +0000 2017](https://twitter.com/adulau/status/892489424142991365)) +---- +@lojikil I thought everyone used SCCS nowadays. + +(Originally on Twitter: [Tue Aug 01 21:37:29 +0000 2017](https://twitter.com/adulau/status/892499551348817921)) +---- +RT @JohnLaTwC: That time you analyze a macro and obfuscated #PowerShell for 30 mins only to realize it's probably someone's CTF. https://t.… + +(Originally on Twitter: [Wed Aug 02 06:49:46 +0000 2017](https://twitter.com/adulau/status/892638538407268352)) +---- +Truecrypt volume parsing library in Python https://github.com/4144414D/pytruecrypt quite nifty for #dfir and relying on python-cryptoplus from @doegox + +(Originally on Twitter: [Wed Aug 02 07:13:02 +0000 2017](https://twitter.com/adulau/status/892644394339356672)) +---- +How much of this will be used to contribute and support back open source projects and software used everyday? +https://twitter.com/NATO/status/892387584646709248 + +(Originally on Twitter: [Wed Aug 02 08:18:40 +0000 2017](https://twitter.com/adulau/status/892660910216663040)) +---- +RT @MISPProject: Don't forget that MISP is not only an open source software, it's also a versatile set of native MISP standards to exchange… + +(Originally on Twitter: [Wed Aug 02 10:10:44 +0000 2017](https://twitter.com/adulau/status/892689112687403008)) +---- +@H_Miser Et pour Java? tu as trouvé un autre gif? Car cela me semble trop soft dans ce cas ;-) + +(Originally on Twitter: [Wed Aug 02 11:50:10 +0000 2017](https://twitter.com/adulau/status/892714135468814336)) +---- +@Cyr_ Nope. Don't you prefer to run your own cve-search? But I can also add a daily dump in JSON if you prefer. Let me know. + +(Originally on Twitter: [Wed Aug 02 16:12:44 +0000 2017](https://twitter.com/adulau/status/892780214857719811)) +---- +@Cyr_ cve-search was designed to be run locally to avoid using a public API on the long-term. Especially it's faster to run a local instance. + +(Originally on Twitter: [Wed Aug 02 20:30:34 +0000 2017](https://twitter.com/adulau/status/892845097825456128)) +---- +@craiu Maybe there is a parameter that CSE/SIGINT forgot. The people having the test VSATs might not be the ones doing the SIGINT on DVB-S/MPE. + +(Originally on Twitter: [Thu Aug 03 08:40:20 +0000 2017](https://twitter.com/adulau/status/893028748957814785)) +---- +RT @Timo_Steffens: New spearphishing technique: Targeted mail contains no links or exploits, but mentions report title. Googling title lead… + +(Originally on Twitter: [Thu Aug 03 08:57:20 +0000 2017](https://twitter.com/adulau/status/893033028108333056)) +---- +@aris_ada Not really. the original Internet-Draft from MITRE was much broader. Responsible is on the side of the vendor too (e.g. recognition/credits) + +(Originally on Twitter: [Thu Aug 03 09:01:32 +0000 2017](https://twitter.com/adulau/status/893034087862206464)) +---- +@aris_ada The section 1 includes the interpretation of "responsible" https://tools.ietf.org/html/draft-christey-wysopal-vuln-disclosure-00#section-1 maybe nowadays some vendors abused the term. + +(Originally on Twitter: [Thu Aug 03 09:02:56 +0000 2017](https://twitter.com/adulau/status/893034436949889024)) +---- +@aris_ada I'm not a big fan of "coordinated disclosure" because it's assuming the vendor always replied or answered which is often not the case. + +(Originally on Twitter: [Thu Aug 03 09:11:47 +0000 2017](https://twitter.com/adulau/status/893036663357755393)) +---- +@aris_ada Indeed. If you have some feedback on https://www.circl.lu/pub/responsible-vulnerability-disclosure/ we used it for the past years and tried to keep it as simple as possible. + +(Originally on Twitter: [Thu Aug 03 09:29:57 +0000 2017](https://twitter.com/adulau/status/893041237661450241)) +---- +RT @blackswanburst: #SHA2017 @privacyint has sent two gentleman hackers and possibly a secret cameo to @SHA2017Camp https://t.co/6iZCIqHXb… + +(Originally on Twitter: [Thu Aug 03 09:30:23 +0000 2017](https://twitter.com/adulau/status/893041345790709760)) +---- +@blackswanburst @privacyint @SHA2017Camp @CJFWeatherhead Join us @MISPProject and AIL talks https://program.sha2017.org/events/23.html and https://program.sha2017.org/events/86.html we could do random graffiti for your CISSP credits. + +(Originally on Twitter: [Thu Aug 03 09:36:27 +0000 2017](https://twitter.com/adulau/status/893042870969565185)) +---- +@enisa_eu Nice. How it will compare to UL 2900-1? https://standardscatalog.ul.com/standards/en/outline_2900-1_2 + +(Originally on Twitter: [Thu Aug 03 09:39:43 +0000 2017](https://twitter.com/adulau/status/893043696052162560)) +---- +Preparing some stickers for #sha2017 camp if you want some just ping me there. #Stickers ![](media/893061839625605120-DGTKSMDUwAEdfy5.jpg) + +(Originally on Twitter: [Thu Aug 03 10:51:49 +0000 2017](https://twitter.com/adulau/status/893061839625605120)) +---- +@Sha2017Infodesk @hack_lu @MISPProject @circl_lu @pidgeyL I will. Thanks for the info. + +(Originally on Twitter: [Thu Aug 03 11:02:17 +0000 2017](https://twitter.com/adulau/status/893064474776698880)) +---- +@zoni171 @MISPProject @hack_lu @circl_lu drop an email with your postal address to info(AT)misp-project(DOT)org and we will send you some. + +(Originally on Twitter: [Thu Aug 03 11:03:00 +0000 2017](https://twitter.com/adulau/status/893064652845928449)) +---- +@craiu IMHO the model is bit different especially when dealing with crappy VSAT systems. The 'morons' is more the group doing the VSAT acquisition. + +(Originally on Twitter: [Thu Aug 03 12:13:45 +0000 2017](https://twitter.com/adulau/status/893082459222548481)) +---- +@craiu I think they spot the people doing acquisitions and testing of VSAT exfil which is usually just buyers and testers nothing more. + +(Originally on Twitter: [Thu Aug 03 12:15:01 +0000 2017](https://twitter.com/adulau/status/893082776718782465)) +---- +@1sand0s @SHA2017Camp What's in the box? + +(Originally on Twitter: [Thu Aug 03 14:09:54 +0000 2017](https://twitter.com/adulau/status/893111690597937153)) +---- +@1sand0s @SHA2017Camp See you tomorrow then. Enjoy! + +(Originally on Twitter: [Thu Aug 03 14:21:43 +0000 2017](https://twitter.com/adulau/status/893114663633866753)) +---- +RT @martijn_grooten: FWIW, I can vouch for @MalwareTechBlog being a really nice guy and also for having strong ethics. And for him often wo… + +(Originally on Twitter: [Thu Aug 03 16:54:18 +0000 2017](https://twitter.com/adulau/status/893153059974590464)) +---- +@InfoSecAnon @hack_lu @MISPProject @circl_lu @pidgeyL Send us your postal address to info(AT)misp-project(DOT)org + +(Originally on Twitter: [Thu Aug 03 21:02:26 +0000 2017](https://twitter.com/adulau/status/893215506093801472)) +---- +@justsml @hackerfantastic @MalwareTechBlog There is a copy of the alleged video https://www.youtube.com/watch?v=OQ731DFwHbw (but difficult to say if that the video referenced in the indictment). + +(Originally on Twitter: [Fri Aug 04 05:18:31 +0000 2017](https://twitter.com/adulau/status/893340351066501120)) +---- +RT @UlfFrisk: Next Level DMA attacks! Physically connect to RAM while computer in sleep by @ATrikalinou and Dan Lake at BH17 https://t.co/a… + +(Originally on Twitter: [Fri Aug 04 05:32:36 +0000 2017](https://twitter.com/adulau/status/893343895752503296)) +---- +RT @a_z_e_t: internet-wide scanning @SHA2017Camp status; setting up infrastructure. ![](media/893485534877806592-DGY22TbXUAAiqz8.jpg) + +(Originally on Twitter: [Fri Aug 04 14:55:26 +0000 2017](https://twitter.com/adulau/status/893485534877806592)) +---- +Analysis of Information Leak framework workshop starting in 10 minutes at #sha2017 in tent explody. ![](media/893512248752320513-DGZkoO9WAAA3g8y.jpg) + +(Originally on Twitter: [Fri Aug 04 16:41:35 +0000 2017](https://twitter.com/adulau/status/893512248752320513)) +---- +RT @yararules: First hour and first though decision🤔: @circl_lu on AIL Framework or William Binney on how @NSAGov tracks you #sha2017 @SHA2… + +(Originally on Twitter: [Fri Aug 04 16:45:47 +0000 2017](https://twitter.com/adulau/status/893513307918938112)) +---- +@yararules @circl_lu @NSAGov @SHA2017Camp Maybe AIL used some similar tricks as the @NSAGov ;-) not sure if this helps to make your decision. + +(Originally on Twitter: [Fri Aug 04 16:47:06 +0000 2017](https://twitter.com/adulau/status/893513638455242753)) +---- +RT @hanno: I'll talk about Sanitizers, Fuzzing and how to make your software more secure at 20:50 #sha2017 https://program.sha2017.org/events/148.html + +(Originally on Twitter: [Sat Aug 05 18:11:34 +0000 2017](https://twitter.com/adulau/status/893897284014026752)) +---- +RT @mattblaze: Google recruits a lot of our students, and I've seen their process filter out a LOT of talented people who don't fit a narro… + +(Originally on Twitter: [Sun Aug 06 07:06:29 +0000 2017](https://twitter.com/adulau/status/894092294244237312)) +---- +@jwildeboer I agree. The code has a small value but often it is an attractor for some contributors. "I came for the code and stayed for the community". + +(Originally on Twitter: [Sun Aug 06 11:17:06 +0000 2017](https://twitter.com/adulau/status/894155367432822785)) +---- +RT @wdormann: CVE-2017-8464 is one more reason to block outbound SMB traffic. But if you haven't by now, I question what it'd take https://… + +(Originally on Twitter: [Sun Aug 06 11:39:06 +0000 2017](https://twitter.com/adulau/status/894160903150632961)) +---- +RT @MISPProject: MISP 2.4.78 released with an important security fix for sharing groups, multiple bugs fixed and new API features https://t… + +(Originally on Twitter: [Sun Aug 06 16:12:03 +0000 2017](https://twitter.com/adulau/status/894229594139750406)) +---- +RT @kafeine: Illustration: observed Kronos distribution via Exploit Kit ![](media/894229796544294912-DGirbSWXUAAgSYC.jpg) + +(Originally on Twitter: [Sun Aug 06 16:12:52 +0000 2017](https://twitter.com/adulau/status/894229796544294912)) +---- +RT @MISPProject: If you are at #SHA2017 tomorrow, don't hesitate to come to the lecture about MISP https://program.sha2017.org/events/23.html at 14:25 and cha… + +(Originally on Twitter: [Mon Aug 07 08:48:20 +0000 2017](https://twitter.com/adulau/status/894480315254800384)) +---- +Applying the panopticon concept and premise for a 24h/24 hackerspace. Not kidding, this is an ongoing talk at #sha2017 + +(Originally on Twitter: [Mon Aug 07 09:19:54 +0000 2017](https://twitter.com/adulau/status/894488259815976960)) +---- +@yoseihana You're welcome. Glad to finally meet the famous Annabelle at #sha2017 + +(Originally on Twitter: [Mon Aug 07 11:33:19 +0000 2017](https://twitter.com/adulau/status/894521835450191875)) +---- +@Fr333k @MISPProject Drop us an email with your pgp keys at info(AT)circl(DOT).lu + +(Originally on Twitter: [Mon Aug 07 15:53:26 +0000 2017](https://twitter.com/adulau/status/894587296732909568)) +---- +RT @nielstenoever: 'Technology is political, and programming is political too!' - @Ms_Multicolor **applause** #SHA2017 https://t.co/1XYbPoq… + +(Originally on Twitter: [Mon Aug 07 16:48:52 +0000 2017](https://twitter.com/adulau/status/894601246933479427)) +---- +RT @aionescu: What if I told you... everything they told you about X64 was a lie? Getting ready for a new post. LDTs and Segmentation are a… + +(Originally on Twitter: [Mon Aug 07 17:18:21 +0000 2017](https://twitter.com/adulau/status/894608665986183168)) +---- +@PaulWebSec @thegrugq It's often within the legal framework of their country or they slightly bend the law or procedure to match their needs. Not very optimistic. + +(Originally on Twitter: [Tue Aug 08 07:16:44 +0000 2017](https://twitter.com/adulau/status/894819653159182336)) +---- +@PaulWebSec @thegrugq Maybe the easier step would be that the "small" software vendor encrypts at rest and transport-level the crash reports... + +(Originally on Twitter: [Tue Aug 08 07:31:45 +0000 2017](https://twitter.com/adulau/status/894823430209646592)) +---- +RT @justinembone: Siemens "preparing updates" for affected systems but urge customers to run systems on isolated network segments https://t… + +(Originally on Twitter: [Tue Aug 08 12:58:37 +0000 2017](https://twitter.com/adulau/status/894905687259611139)) +---- +RT @Iglocska: I don't understand the spam I just got, is this the strongest burning dumpster fire ever or is it just their open source road… + +(Originally on Twitter: [Tue Aug 08 13:39:58 +0000 2017](https://twitter.com/adulau/status/894916095068557312)) +---- +Thanks to #SHA2017. So it was my fifth iteration of the camps in NL. The great openness spirit is still there! Well done. + +(Originally on Twitter: [Tue Aug 08 14:55:01 +0000 2017](https://twitter.com/adulau/status/894934982669553666)) +---- +RT @IACR_News: #ePrint Necessary conditions for designing secure stream ciphers with the minimal internal states: VA Ghafari, H Hu, https:/… + +(Originally on Twitter: [Tue Aug 08 18:47:44 +0000 2017](https://twitter.com/adulau/status/894993546218008577)) +---- +In "Visualization and Data Provenance Trends in Decision Support for Cybersecurity", Is there a misunderstanding of information sharing? ![](media/895027299254513664-DGvEh-qWAAM_BIQ.jpg) + +(Originally on Twitter: [Tue Aug 08 21:01:51 +0000 2017](https://twitter.com/adulau/status/895027299254513664)) +---- +Could you really share information about cybercrime cases without sharing "raw data" or explain your respective "raw data capabilities"? + +(Originally on Twitter: [Tue Aug 08 21:03:23 +0000 2017](https://twitter.com/adulau/status/895027686371971072)) +---- +Can other LE agencies reviewed other LE requests without knowing the "raw data"? Can you do due diligence of a criminal cases without data? + +(Originally on Twitter: [Tue Aug 08 21:05:31 +0000 2017](https://twitter.com/adulau/status/895028222857007106)) +---- +@6vis_pacem "Jeffery Garae and Ryan K.L. Ko" I have the impression there is a confusion of what information sharing is or how it is used. + +(Originally on Twitter: [Wed Aug 09 07:20:20 +0000 2017](https://twitter.com/adulau/status/895182946705043456)) +---- +@6vis_pacem The confusing part that the paper was about security visualisation using 'data samples' to support investigation... + +(Originally on Twitter: [Wed Aug 09 07:46:31 +0000 2017](https://twitter.com/adulau/status/895189533578473472)) +---- +@6vis_pacem By the way, I have always high hopes to find academic papers on the topic with real analysis but they often lack the dataset(s). + +(Originally on Twitter: [Wed Aug 09 07:48:03 +0000 2017](https://twitter.com/adulau/status/895189919316004866)) +---- +@cnoanalysis Like old good fortune cookies, the opposite can be true too ;-) + +(Originally on Twitter: [Wed Aug 09 14:09:33 +0000 2017](https://twitter.com/adulau/status/895285928603865093)) +---- +RT @lehtior2: Don't worry, your security solution is only publicly sharing your financial models & customer data to keep you safe. https://… + +(Originally on Twitter: [Wed Aug 09 15:00:44 +0000 2017](https://twitter.com/adulau/status/895298808397123585)) +---- +I'm wondering what will be the impact of reducing the number of cyber-exercises for security teams. Positive or negative? + +(Originally on Twitter: [Wed Aug 09 20:47:19 +0000 2017](https://twitter.com/adulau/status/895386028604891140)) +---- +"State of Fuzzing 2017" https://www.synopsys.com/content/dam/synopsys/sig-assets/reports/state-of-fuzzing-2017.pdf A bit marketing but maybe some ideas for your next fuzzing scoping... + +(Originally on Twitter: [Thu Aug 10 12:19:37 +0000 2017](https://twitter.com/adulau/status/895620651683168258)) +---- +Reading "Peter Fischli David Weiss How to Work Better" is an incredible experience in dualistic thinking. ![](media/895680821667012608-DG4Y7ErXoAAti7D.jpg) + +(Originally on Twitter: [Thu Aug 10 16:18:43 +0000 2017](https://twitter.com/adulau/status/895680821667012608)) +---- +RT @hack_lu: Don't forget the whole week is interesting during @hack_lu including @MISPProject summit, @BSidesLux and @hack_lu OS3 hackatho… + +(Originally on Twitter: [Fri Aug 11 09:51:52 +0000 2017](https://twitter.com/adulau/status/895945854888148992)) +---- +RT @ant0inet: Swiss Security Tools Hackathon was fun and valuable @mhausding #SSTH ![](media/895981926925914112-DG8GeAJXoAAc3cE.jpg) + +(Originally on Twitter: [Fri Aug 11 12:15:12 +0000 2017](https://twitter.com/adulau/status/895981926925914112)) +---- +@metaconflict @ClausHoumann @hack_lu @MISPProject @BSidesLux I'm just a poor human trying to make the world a better place for all of us. + +(Originally on Twitter: [Sat Aug 12 09:50:02 +0000 2017](https://twitter.com/adulau/status/896307781074124800)) +---- +RT @seanmw: Learn how to triage #malscripts & #maldocs. Our workshop slides from #defcon are up! /cc @herrcore http://www.openanalysis.net/training/Malware_Triage_Workshop-Malscripts_Are_The_New_EK.pdf + +#d… + +(Originally on Twitter: [Sat Aug 12 09:58:40 +0000 2017](https://twitter.com/adulau/status/896309954705063937)) +---- +RT @Fox0x01: There are exceptions, obviously. But I prefer to focus on my work and the people who treat their peers with respect, no matter… + +(Originally on Twitter: [Sat Aug 12 12:10:56 +0000 2017](https://twitter.com/adulau/status/896343239929851904)) +---- +@jaysonstreet Stay with us. We need you! + +(Originally on Twitter: [Mon Aug 14 16:36:32 +0000 2017](https://twitter.com/adulau/status/897134858316595200)) +---- +@Aristot73 @attritionorg @k8em0 @caseyjohnellis @4Dgifts "In-house" bug reporting is usually not part of vulnerability disclosure process and even outside software release. No metrics available... + +(Originally on Twitter: [Mon Aug 14 16:43:33 +0000 2017](https://twitter.com/adulau/status/897136623288283136)) +---- +RT @jedisct1: Will they ever learn? Why completely insecure options? "none for no seeding (don’t use this)" https://www.openssl.org/blog/blog/2017/08/12/random/ + +(Originally on Twitter: [Mon Aug 14 19:08:24 +0000 2017](https://twitter.com/adulau/status/897173076948987904)) +---- +Listening to sets of @CharlottedWitte & she has a nice way to revive old good tracks from the nineties and the old Belgian vibe. Well done. + +(Originally on Twitter: [Mon Aug 14 20:41:30 +0000 2017](https://twitter.com/adulau/status/897196506289197056)) +---- +RT @fr0gger_: @adulau great preso! :) https://twitter.com/ChristiaanBeek/status/897355769385017344 + +(Originally on Twitter: [Tue Aug 15 08:37:15 +0000 2017](https://twitter.com/adulau/status/897376631219769344)) +---- +@fr0gger_ Thank you! + +(Originally on Twitter: [Tue Aug 15 08:39:09 +0000 2017](https://twitter.com/adulau/status/897377106342141955)) +---- +RT @Aristot73: “As in other areas, reliability can be purchased only at the price of simplicity.” An Axiomatic Basis for Computer Programmi… + +(Originally on Twitter: [Tue Aug 15 13:30:52 +0000 2017](https://twitter.com/adulau/status/897450520096366592)) +---- +When some organisations still think giving a phone call is still PSTN... +https://mobile.twitter.com/DefenseIntel/status/897484420097216512 + +(Originally on Twitter: [Tue Aug 15 15:53:42 +0000 2017](https://twitter.com/adulau/status/897486463637614593)) +---- +@jf_flamey @CCMarchin Je viens de voir votre série à Marchin ainsi que votre livre "Non Dits". Une belle aventure artistique personelle. Bravo! + +(Originally on Twitter: [Tue Aug 15 17:22:49 +0000 2017](https://twitter.com/adulau/status/897508890870517760)) +---- +RT @robtexdotcom: New API release. +Forward and reverse reports in Passive DNS - Common Output Format ( https://tools.ietf.org/html/draft-dulaunoy-dnsop-passive-dns-cof-03 ) +https://… + +(Originally on Twitter: [Wed Aug 16 17:01:30 +0000 2017](https://twitter.com/adulau/status/897865916251344897)) +---- +Glad to see @robtexdotcom supporting the passive dns common output format. https://mobile.twitter.com/robtexdotcom/status/896323894914818048 easier for merging passive dns outputs. + +(Originally on Twitter: [Wed Aug 16 17:04:44 +0000 2017](https://twitter.com/adulau/status/897866729593991169)) +---- +@trufae For a double exfiltration tool? + +(Originally on Twitter: [Wed Aug 16 17:07:32 +0000 2017](https://twitter.com/adulau/status/897867432337035265)) +---- +One-way satellite broadcast of bitcoin tx: they will reinvent the FLUTE protocol, test it and then discard it due to the cost of bandwidth. + +(Originally on Twitter: [Wed Aug 16 19:14:54 +0000 2017](https://twitter.com/adulau/status/897899487456251904)) +---- +RT @electrospaces: Film: US Navy sold its Sugar Grove base, right next to NSA's satellite listening station codenamed TIMBERLINE: https://t… + +(Originally on Twitter: [Wed Aug 16 19:18:31 +0000 2017](https://twitter.com/adulau/status/897900396496158722)) +---- +RT @MITREattack: ATT&CK is now in MISP! https://twitter.com/MISPProject/status/898220294262992897 + +(Originally on Twitter: [Thu Aug 17 16:55:34 +0000 2017](https://twitter.com/adulau/status/898226810852442113)) +---- +@jwunder @MISPProject Thank you. This is a first step but we hope to see more usage and improvement based on the users contributing and using ATT&CK. + +(Originally on Twitter: [Thu Aug 17 19:57:53 +0000 2017](https://twitter.com/adulau/status/898272690213191680)) +---- +RT @Dinosn: Reverse Engineering x86 Processor Microcode +https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/koppe + +(Originally on Twitter: [Thu Aug 17 20:52:49 +0000 2017](https://twitter.com/adulau/status/898286517810061312)) +---- +"Early Stage Malware Prediction Using Recurrent +Neural Networks" https://arxiv.org/pdf/1708.03513.pdf + +(Originally on Twitter: [Fri Aug 18 08:09:44 +0000 2017](https://twitter.com/adulau/status/898456868082810880)) +---- +@S_Team_Approved @metaconflict @BSidesLux Une donation pour @BSidesLux c'est une bonne idée! + +(Originally on Twitter: [Fri Aug 18 13:27:15 +0000 2017](https://twitter.com/adulau/status/898536771662884877)) +---- +@Secnewsbytes What does this mean in practice for NSA/TAO ops? + +(Originally on Twitter: [Fri Aug 18 15:15:24 +0000 2017](https://twitter.com/adulau/status/898563989579472896)) +---- +"Perspectives on Cybersecurity Information Sharing" but the only ISAC model represented is with a "central organisation". Are we in 2017? ![](media/898649013527887872-DHijdsFXsAAFHPA.jpg) + +(Originally on Twitter: [Fri Aug 18 20:53:15 +0000 2017](https://twitter.com/adulau/status/898649013527887872)) +---- +@CharlottedWitte Continue the hard work! The art of electronic music was always criticised. We need your relentless determination cuz your art is about you. + +(Originally on Twitter: [Fri Aug 18 21:36:49 +0000 2017](https://twitter.com/adulau/status/898659977069330432)) +---- +Sometime the best option to overcome a crappy contributor license agreement in open source software. It's to fork and make it better. + +(Originally on Twitter: [Fri Aug 18 21:48:24 +0000 2017](https://twitter.com/adulau/status/898662892735778816)) +---- +RT @jamespugjones: CRLs are still used by the Web PKI. It appears some CAs don't think they need to keep them online... https://t.co/YB2LzP… + +(Originally on Twitter: [Sat Aug 19 05:40:07 +0000 2017](https://twitter.com/adulau/status/898781605384380416)) +---- +"Designed by committee versus feedback loop" we cannot beat nature. #ThreatIntelFormat + +(Originally on Twitter: [Tue Aug 22 21:20:05 +0000 2017](https://twitter.com/adulau/status/900105319107448834)) +---- +@KimZetter @lennarthaagsma And 1 critical exploitation of their infrastructure in a year which remains undetected... + +(Originally on Twitter: [Thu Aug 24 05:48:59 +0000 2017](https://twitter.com/adulau/status/900595772181426176)) +---- +@6vis_pacem La citation latine du hoodie @MISPProject est dans la même veine... + +(Originally on Twitter: [Thu Aug 24 05:57:49 +0000 2017](https://twitter.com/adulau/status/900597999088304128)) +---- +@MirekMaj Often a huge advantage for the adversaries and attackers. Applying additional boundaries create additional viscosity in incident response. + +(Originally on Twitter: [Thu Aug 24 06:02:59 +0000 2017](https://twitter.com/adulau/status/900599298051756032)) +---- +@6vis_pacem @MISPProject Enjoy! ![](media/900622795754921985-DH-nlowW0AQtp01.jpg) + +(Originally on Twitter: [Thu Aug 24 07:36:21 +0000 2017](https://twitter.com/adulau/status/900622795754921985)) +---- +@rayjwatson @cokebottle Many credential dumps on pasties website. That's why we developed AIL https://github.com/CIRCL/AIL-framework for analysing these. + +(Originally on Twitter: [Fri Aug 25 05:34:17 +0000 2017](https://twitter.com/adulau/status/900954462541406208)) +---- +@shellguardians @pidgeyL @bluejay00 https://github.com/cve-search/cve-search installing cve-search is quite smooth. Feedback is welcome if you run into any issues. + +(Originally on Twitter: [Fri Aug 25 12:01:36 +0000 2017](https://twitter.com/adulau/status/901051934282584065)) +---- +@shellguardians @pidgeyL @bluejay00 Yep. If vendors were proactively sharing a CPE for their products/software, it would be easier for everyone of us. #DreamingIsFree + +(Originally on Twitter: [Fri Aug 25 13:34:07 +0000 2017](https://twitter.com/adulau/status/901075214871789570)) +---- +RT @MISPProject: MISP 2.4.79 released including many improvements, bug fixes and a security fix for CVE-2017-13671. + https://www.misp-project.org/2017/08/25/MISP.2.4.79.released.html + +(Originally on Twitter: [Fri Aug 25 14:23:20 +0000 2017](https://twitter.com/adulau/status/901087602383753217)) +---- +Instead of jumping in the patent bandwagon @Microsoft should make it royalty-free for any open source projects https://twitter.com/Microsoft/status/900762734790180864 + +(Originally on Twitter: [Sat Aug 26 12:42:41 +0000 2017](https://twitter.com/adulau/status/901424662105792514)) +---- +@Reversity Exchanging HTML emails with advertising cookies can create links with known emails. In this case, his father exchanged emails before. + +(Originally on Twitter: [Sat Aug 26 14:50:32 +0000 2017](https://twitter.com/adulau/status/901456836133605376)) +---- +We just did a workshop to represent the various threat intelligence sharing formats. I'll let everyone decide which is which. @MISPProject ![](media/901779883487092736-DIPEAriXUAA8l_r.jpg) + +(Originally on Twitter: [Sun Aug 27 12:14:13 +0000 2017](https://twitter.com/adulau/status/901779883487092736)) +---- +@MaliciaRogue @bortzmeyer Bruce Sterling est dans ma top liste mais tout cela est bien subjectif. + +(Originally on Twitter: [Sun Aug 27 15:13:54 +0000 2017](https://twitter.com/adulau/status/901825104732192768)) +---- +We can safely assume that the technologies mentioned don't require any CPU or IC from abroad... *cough cough* +https://mobile.twitter.com/tassagency_en/status/901843971655290884 + +(Originally on Twitter: [Sun Aug 27 16:43:01 +0000 2017](https://twitter.com/adulau/status/901847528722837505)) +---- +RT @jedisct1: libgcrypt CVE-2017-0379 - +side-channel attack on Curve25519 https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=da780c8183cccc8f533c8ace8211ac2cb2bdee7b + +(Originally on Twitter: [Sun Aug 27 16:46:47 +0000 2017](https://twitter.com/adulau/status/901848478229389312)) +---- +@RafalBabinicz At least, they have more capabilities than France regarding semiconductors factories. I won't bet that all RU military devices use these. + +(Originally on Twitter: [Sun Aug 27 17:48:59 +0000 2017](https://twitter.com/adulau/status/901864131313184768)) +---- +@Aristot73 Curious about the capabilities of US and RU in the field, it's again very difficult to evaluate without having some "devices" in hands. + +(Originally on Twitter: [Sun Aug 27 18:01:53 +0000 2017](https://twitter.com/adulau/status/901867378790854656)) +---- +RT @security_craig: Talos forced to drop 0-day - National Instruments does not consider this a vulnerability in their product https://t.… + +(Originally on Twitter: [Tue Aug 29 16:34:49 +0000 2017](https://twitter.com/adulau/status/902570242525810688)) +---- +RT @PaulWebSec: Woot! I got accepted and will speak at @hack_lu about how to apply bug bounty methodologies in big organisations! + +(Originally on Twitter: [Tue Aug 29 17:31:12 +0000 2017](https://twitter.com/adulau/status/902584433341059072)) +---- +"The risks heavily outweigh the benefits." https://opensource.google.com/docs/using/agpl-policy/ There is a small typo, you should read "...the benefits for Google". + +(Originally on Twitter: [Wed Aug 30 13:34:53 +0000 2017](https://twitter.com/adulau/status/902887349155221505)) +---- +@6vis_pacem There is an additional joke. Section 11 of the AGPL is not the best friend of huge patent holders like Google... + +(Originally on Twitter: [Wed Aug 30 14:15:27 +0000 2017](https://twitter.com/adulau/status/902897556014993409)) +---- +@ronindey @ClausHoumann @rafi0t There is a very good and cheap youth hotel in the city center. Dommeldange is accessible via train/bus from centre. + +(Originally on Twitter: [Thu Aug 31 09:58:52 +0000 2017](https://twitter.com/adulau/status/903195374105579524)) +---- +@ronindey @ClausHoumann @rafi0t If you have any issues or req. info(at)hack(dot)lu we can support you. + +(Originally on Twitter: [Thu Aug 31 10:02:34 +0000 2017](https://twitter.com/adulau/status/903196305517895680)) +---- +RT @k8em0: You can't bug hunt your way to security. It's what you do to prevent & respond to bugs, not how you found them, that matters. @L… + +(Originally on Twitter: [Thu Aug 31 18:30:40 +0000 2017](https://twitter.com/adulau/status/903324174080516096)) +---- +It can be sometime difficult to find the colours of the trees... +https://www.flickr.com/photos/adulau/36810590706/ #photography #flickr #wallifornie + +(Originally on Twitter: [Sun Sep 03 12:33:37 +0000 2017](https://twitter.com/adulau/status/904321481240391683)) +---- +BootStomp: a bootloader vulnerability finder. Code: https://github.com/ucsb-seclab/BootStomp paper: https://seclab.cs.ucsb.edu/media/uploads/papers/bootstomp.pdf + +(Originally on Twitter: [Sun Sep 03 12:42:38 +0000 2017](https://twitter.com/adulau/status/904323749654265856)) +---- +Just discover a Belgian bank inserting "Adobe Audience Manager" + http://www.adobe.com/data-analytics-cloud/audience-manager.html JavaScript in the webbanking application... + +(Originally on Twitter: [Sun Sep 03 17:16:51 +0000 2017](https://twitter.com/adulau/status/904392760672866305)) +---- +@SFrank77 The final text freely is available at the following location http://www.foo.be/lesbulles/v1/LesBulles-final.pdf the typeset and printed version is out-of-print. + +(Originally on Twitter: [Tue Sep 05 19:07:22 +0000 2017](https://twitter.com/adulau/status/905145349030936578)) +---- +@chrisdoman @bsidesbelfast Very promising. We mapped it to a new MISP object (to be released in 2.4.80) and used yabin to show how easy it is https://github.com/MISP/misp-objects/blob/master/objects/yabin/definition.json + +(Originally on Twitter: [Wed Sep 06 14:22:31 +0000 2017](https://twitter.com/adulau/status/905436052827119616)) +---- +@Iglocska @chrisdoman @bsidesbelfast For the ones wondering about the PMF model at @MISPProject -> http://programming-motherfucker.com/ @zedshaw + +(Originally on Twitter: [Wed Sep 06 14:33:35 +0000 2017](https://twitter.com/adulau/status/905438835806535680)) +---- +RT @meileaben: Networks going down in StMartin (MF,SX), Saint Barthelemy (BL), Barbuda (AG). #Irma effects on Internet connectivity. https:… + +(Originally on Twitter: [Wed Sep 06 17:45:26 +0000 2017](https://twitter.com/adulau/status/905487116100141068)) +---- +RT @MISPProject: You will most likely never find us mentioned in paid market research and we like it that way (open source says hello to @G… + +(Originally on Twitter: [Wed Sep 06 20:30:49 +0000 2017](https://twitter.com/adulau/status/905528735176286209)) +---- +Don't forget the publicly disclosed breaches and leaks are just a small part of what really happened. + +(Originally on Twitter: [Thu Sep 07 21:08:41 +0000 2017](https://twitter.com/adulau/status/905900654819979265)) +---- +In "National cyber crisis management: Different European approaches" a valid point about information sharing. Our job is to improve this. ![](media/906444385155461120-DJRVT1bXUAAUCLH.png) + +(Originally on Twitter: [Sat Sep 09 09:09:17 +0000 2017](https://twitter.com/adulau/status/906444385155461120)) +---- +"be my guest" or how we should see the clouds nowadays https://www.flickr.com/photos/adulau/36986003821/ #photography #blackandwhitephotography + +(Originally on Twitter: [Sat Sep 09 19:42:17 +0000 2017](https://twitter.com/adulau/status/906603685039484928)) +---- +Critical masses are required everywhere especially in programming communities. An article about the lack of coders in Belgium by @Medor_mag ![](media/906794456380309504-DJWUt1qXgAA8mWj.jpg) + +(Originally on Twitter: [Sun Sep 10 08:20:20 +0000 2017](https://twitter.com/adulau/status/906794456380309504)) +---- +@eromang @Medor_mag Sure just like 4GL replaced procedural languages and assembly ;-) + +(Originally on Twitter: [Sun Sep 10 08:39:46 +0000 2017](https://twitter.com/adulau/status/906799348964524032)) +---- +When joining standardisation bodies, you should never forget to stock up on pop-corn. ![](media/907170365885075457-DJbqgmKX0AEm0l3.jpg) + +(Originally on Twitter: [Mon Sep 11 09:14:04 +0000 2017](https://twitter.com/adulau/status/907170365885075457)) +---- +RT @TheHive_Project: We will present how TheHive, Cortex and @MISPProject work together to support #DFIR and CTI during MISP Summit 03 http… + +(Originally on Twitter: [Mon Sep 11 11:15:35 +0000 2017](https://twitter.com/adulau/status/907200946438012929)) +---- +@langnergroup Increase the thresholds for the overfilling and overheating in the control system. But overheating can be the opposite for others... + +(Originally on Twitter: [Mon Sep 11 19:11:00 +0000 2017](https://twitter.com/adulau/status/907320591723704320)) +---- +RT @MISPProject: Our policy regarding "reporting security vulnerabilities" in MISP + https://github.com/MISP/MISP/blob/2.4/CONTRIBUTING.md#reporting-security-vulnerabilities and the importance of CVE assig… + +(Originally on Twitter: [Mon Sep 11 19:27:29 +0000 2017](https://twitter.com/adulau/status/907324739114487810)) +---- +@0xDUDE @GDI_FDN Many CSIRTs use RTIR. Not perfect but it does the job especially pgp supports and email tracking. + +(Originally on Twitter: [Mon Sep 11 19:47:27 +0000 2017](https://twitter.com/adulau/status/907329762540101635)) +---- +@mathias_fuchs There were already some forensic cases in factories about incident between workers and stationary robots. http://www.wired.co.uk/article/robot-kills-man-at-volkswagen-factory + +(Originally on Twitter: [Tue Sep 12 14:33:25 +0000 2017](https://twitter.com/adulau/status/907613121354887169)) +---- +@mathias_fuchs The number of cases were quite significant and maybe some are related to malicious remote control in addition to human errors or bugs. + +(Originally on Twitter: [Tue Sep 12 15:10:34 +0000 2017](https://twitter.com/adulau/status/907622471452516353)) +---- +@mathias_fuchs Sourcing the results of those forensic investigation might be difficult. + +(Originally on Twitter: [Tue Sep 12 15:12:10 +0000 2017](https://twitter.com/adulau/status/907622875175288839)) +---- +@mathias_fuchs If I find some shareable technical reports (not a big fan of media coverage ;-), I'll share it. + +(Originally on Twitter: [Tue Sep 12 15:21:51 +0000 2017](https://twitter.com/adulau/status/907625311726129152)) +---- +RT @piotrkijewski: Interesting malware collection from popular honeypots cc @ProjectHoneynet https://twitter.com/eldracote/status/907509194986749952 + +(Originally on Twitter: [Tue Sep 12 15:22:34 +0000 2017](https://twitter.com/adulau/status/907625489644314624)) +---- +RT @TheHive_Project: Stronger together: @MISPProject, TheHive & Cortex workshop by @adulau, @Iglocska & @_saadk at @hack_lu. Date & time to… + +(Originally on Twitter: [Wed Sep 13 16:12:25 +0000 2017](https://twitter.com/adulau/status/908000425697267712)) +---- +Glad to see the proposal reinforcement of EU Cybersecurity Agency (ENISA) http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1505290611859&uri=COM:2017:477:FIN But budget is small knowing the challenges + +(Originally on Twitter: [Wed Sep 13 20:22:45 +0000 2017](https://twitter.com/adulau/status/908063421433876480)) +---- +@electrospaces https://theintercept.com/document/2017/09/12/digby-geolocation/ Any idea if this improves the understanding of DISTILLERY? and especially the role of IBM? + +(Originally on Twitter: [Wed Sep 13 20:36:15 +0000 2017](https://twitter.com/adulau/status/908066821223452672)) +---- +About the budget, the agency or about "information security" in general? + +(Originally on Twitter: [Thu Sep 14 08:21:24 +0000 2017](https://twitter.com/adulau/status/908244274369712128)) +---- +@quinnnorton @circl_lu @rafi0t The initial name was Kimchi Groomer? 😉 + +(Originally on Twitter: [Thu Sep 14 17:49:02 +0000 2017](https://twitter.com/adulau/status/908387127246954496)) +---- +RT @archillect: ![](media/908396568625270784-DJtEYglX0AEWSk-.jpg) + +(Originally on Twitter: [Thu Sep 14 18:26:33 +0000 2017](https://twitter.com/adulau/status/908396568625270784)) +---- +@cocaman @rattis The most important. Did your MISP.baseurl config match your virtual host? + +(Originally on Twitter: [Fri Sep 15 06:20:37 +0000 2017](https://twitter.com/adulau/status/908576268584669184)) +---- +@rattis @cocaman Good to hear. We have also a Gitter https://gitter.im/MISP/MISP if you have any question, feedback or ideas. + +(Originally on Twitter: [Fri Sep 15 06:27:24 +0000 2017](https://twitter.com/adulau/status/908577975435714560)) +---- +The new object and relationship model in MISP allows to easily express many things including DGA regexp along with indicators. #ThreatIntel ![](media/908958333046022144-DJ1Dwt4WkAA5uIZ.jpg) + +(Originally on Twitter: [Sat Sep 16 07:38:48 +0000 2017](https://twitter.com/adulau/status/908958333046022144)) +---- +@MISPProject @Iglocska @deltalimasierra @rommelfs We are testing for the release of next week (2.4.80) as this is a major improvement. MISP objects allow to build complete new representation + +(Originally on Twitter: [Sat Sep 16 07:44:09 +0000 2017](https://twitter.com/adulau/status/908959677970632705)) +---- +@MISPProject @Iglocska @deltalimasierra @rommelfs Here is the JSON in MISP standard format https://gist.github.com/adulau/309c593c09c41b02812b688225ea0742 of the above regexp example. MISP objects are simple & part of the format. + +(Originally on Twitter: [Sat Sep 16 07:55:24 +0000 2017](https://twitter.com/adulau/status/908962507376795648)) +---- +@MISPProject @Iglocska @deltalimasierra @rommelfs and @rafi0t did an incredible job in PyMISP to use objects including binary import relying @quarkslab LIEF project https://github.com/CIRCL/PyMISP/blob/objects/examples/generate_file_objects.py + +(Originally on Twitter: [Sat Sep 16 08:23:32 +0000 2017](https://twitter.com/adulau/status/908969587869454336)) +---- +@MISPProject @Iglocska @deltalimasierra @rommelfs @rafi0t @quarkslab All MISP objects are created as JSON template https://www.misp-project.org/objects.html propose yours and it will be available in MISP infosharing communities + +(Originally on Twitter: [Sat Sep 16 08:27:44 +0000 2017](https://twitter.com/adulau/status/908970645089869824)) +---- +@quinnnorton This is one of your best writing in my short-sighted eyes. The text might be the start of an essay about pain. + +(Originally on Twitter: [Sat Sep 16 08:47:37 +0000 2017](https://twitter.com/adulau/status/908975651553558528)) +---- +@Delbs27 @MISPProject @Iglocska @deltalimasierra @rommelfs It will be part of .80 release. Very good point, JA3 format could be a MISP object. Ready to do a pull-request? https://github.com/MISP/misp-objects/ + +(Originally on Twitter: [Sat Sep 16 08:51:04 +0000 2017](https://twitter.com/adulau/status/908976518189191168)) +---- +@hanno Get rid of it. It's obviously worse than stickers on a laptop ;-) + +(Originally on Twitter: [Sat Sep 16 09:27:16 +0000 2017](https://twitter.com/adulau/status/908985626560692224)) +---- +@Delbs27 @MISPProject @Iglocska @deltalimasierra @rommelfs Make a pull request and we will review it. Thank you! + +(Originally on Twitter: [Sat Sep 16 10:39:39 +0000 2017](https://twitter.com/adulau/status/909003842574045184)) +---- +@MonsantoEurope The glyphosate ban will be good for everyone including health, organic farming and biodiversity. + +(Originally on Twitter: [Sat Sep 16 12:04:09 +0000 2017](https://twitter.com/adulau/status/909025108731334657)) +---- +@quazums @MISPProject @Iglocska @deltalimasierra @rommelfs There is a passive dns object which can be linked to any attribute you want like IP address or event TXT records or even whois objects. + +(Originally on Twitter: [Sat Sep 16 16:03:40 +0000 2017](https://twitter.com/adulau/status/909085387057967104)) +---- +"urban exploration #25" https://www.flickr.com/photos/adulau/37266097445/ The impact of #graffiti in urban spaces is so underestimated #photography #StreetArt + +(Originally on Twitter: [Sat Sep 16 20:38:37 +0000 2017](https://twitter.com/adulau/status/909154579606011905)) +---- +RT @thegrugq: It was people without college degrees in infosec that invented the shit they teach in college infosec courses. + +(Originally on Twitter: [Sun Sep 17 12:46:06 +0000 2017](https://twitter.com/adulau/status/909398052322070528)) +---- +@Bartr00s Welcome! + +(Originally on Twitter: [Sun Sep 17 18:28:41 +0000 2017](https://twitter.com/adulau/status/909484266735759360)) +---- +@langnergroup Different regions? + +(Originally on Twitter: [Mon Sep 18 16:46:26 +0000 2017](https://twitter.com/adulau/status/909820921753595904)) +---- +RT @MISPProject: MISP 2.4.80 released with the new feature MISP objects https://www.misp-project.org/2017/09/18/MISP.2.4.80.released.html introducing new creative models for threat… + +(Originally on Twitter: [Mon Sep 18 20:55:43 +0000 2017](https://twitter.com/adulau/status/909883657363640320)) +---- +@cocaman We need to fix this. Our plan is to have a additional column containing of the UUID per flatten object. I'll let you know when it's fixed. + +(Originally on Twitter: [Tue Sep 19 14:27:54 +0000 2017](https://twitter.com/adulau/status/910148447658967040)) +---- +@cocaman Done https://github.com/MISP/MISP/commit/b5c4d0749b3b72781d4c6bd75610d9b213df46f9 git pull and let us know if this is fine for you. + +(Originally on Twitter: [Tue Sep 19 15:01:33 +0000 2017](https://twitter.com/adulau/status/910156917951123457)) +---- +We just received the @hack_lu t-shirts see you there + @BSidesLux @MISPProject summit and https:/hackathon.hack.lu 16-20 October 2017 ![](media/911132757539123201-DKT-Rh6W4AA-UEW.jpg) + +(Originally on Twitter: [Fri Sep 22 07:39:12 +0000 2017](https://twitter.com/adulau/status/911132757539123201)) +---- +@Vilrax @hack_lu @BSidesLux @MISPProject Indeed we might have some left after the event. You can ping me after the event ;-) + +(Originally on Twitter: [Fri Sep 22 12:16:55 +0000 2017](https://twitter.com/adulau/status/911202648044507141)) +---- +RT @kafeine: Whaaat ?! GrandSoft Exploit Kit used to spread zloader in ESP/ITA with CVE-2016-0189. +cc/tx @malc0de @EKwatcher @jspchc https… + +(Originally on Twitter: [Fri Sep 22 13:02:29 +0000 2017](https://twitter.com/adulau/status/911214114613157891)) +---- +RT @MISPProject: New & updated Internet-Drafts published for the MISP standards https://github.com/MISP/misp-rfc #ThreatIntel #informationsharing h… + +(Originally on Twitter: [Fri Sep 22 15:25:08 +0000 2017](https://twitter.com/adulau/status/911250013757558784)) +---- +RT @alexcpsec: This is a pretty good take https://twitter.com/kwm/status/911260070700187649 + +(Originally on Twitter: [Fri Sep 22 16:40:06 +0000 2017](https://twitter.com/adulau/status/911268882714898432)) +---- +@sergedroz @halvarflake @BSidesZurich And limit the never ending price increase in the zero-day business? Somehow driven by the increase of paid bug bounty program? + +(Originally on Twitter: [Sat Sep 23 08:43:10 +0000 2017](https://twitter.com/adulau/status/911511246482100224)) +---- +"Patching security governance: an empirical view of emergent governance mechanisms for cybersecurity" http://www.emeraldinsight.com/doi/full/10.1108/DPRG-05-2017-0029 + +(Originally on Twitter: [Sun Sep 24 15:28:19 +0000 2017](https://twitter.com/adulau/status/911975591146147840)) +---- +@Delbs27 Thank you for the proposal. I reviewed and added @MISPProject ja3 object https://github.com/MISP/misp-objects/commit/3ecace4d12763b49fef231306a7fe747bc54c3e7 let me know if this is fine for you. + +(Originally on Twitter: [Sun Sep 24 18:16:19 +0000 2017](https://twitter.com/adulau/status/912017870472785920)) +---- +@Delbs27 @MISPProject Thank you too. The ja3 object was a great idea! + +(Originally on Twitter: [Sun Sep 24 22:03:10 +0000 2017](https://twitter.com/adulau/status/912074959417114626)) +---- +@Delbs27 @MISPProject Sure, don't forget to do the pull-request. It will automatically validate the JSON via @travisci + +(Originally on Twitter: [Mon Sep 25 04:42:56 +0000 2017](https://twitter.com/adulau/status/912175562973696006)) +---- +RT @UlfFrisk: Fast super stable 64-bit PCIe DMA attacks soon possible with PCILeech! ![](media/912393663233306624-DKlaY0jWkAofNWe.jpg) + +(Originally on Twitter: [Mon Sep 25 19:09:35 +0000 2017](https://twitter.com/adulau/status/912393663233306624)) +---- +"Machine Learning Models that Remember Too Much" +https://arxiv.org/pdf/1709.07886.pdf + +(Originally on Twitter: [Tue Sep 26 09:27:52 +0000 2017](https://twitter.com/adulau/status/912609659156156416)) +---- +Humanity is not so bad after all when you see someone reading "The WindWalkers" next to you in the train. #reading + +(Originally on Twitter: [Tue Sep 26 16:21:10 +0000 2017](https://twitter.com/adulau/status/912713667577294848)) +---- +"Fail frequently to avoid disaster, or how to organically build a threat intelsharing standard" https://eu17.first-oasis-conference.org/en/program-schedule/program/17/fail-frequently-to-avoid-disaster-or-how-to-organically-build-a-threat-intel-sharing-standard @ +#borderlesscyber + +(Originally on Twitter: [Tue Sep 26 17:53:02 +0000 2017](https://twitter.com/adulau/status/912736787331723271)) +---- +@zedshaw We did a version of the PMF manifesto to make it reference-able for "official documents". https://github.com/adulau/pmf/blob/master/raw.md.txt + +(Originally on Twitter: [Wed Sep 27 14:12:52 +0000 2017](https://twitter.com/adulau/status/913043766793129985)) +---- +"Botnet in the Browser: Understanding Threats +Caused by Malicious Browser Extensions" https://arxiv.org/pdf/1709.09577.pdf + +(Originally on Twitter: [Thu Sep 28 06:55:43 +0000 2017](https://twitter.com/adulau/status/913296145371353088)) +---- +Adding complex object in @MISPProject can now be done in 5 minutes like this object for microblog post https://github.com/MISP/misp-objects/commit/5a80d5c4d2212e7b3c64c04f6994988af1bac876 #ThreatIntel + +(Originally on Twitter: [Thu Sep 28 17:41:31 +0000 2017](https://twitter.com/adulau/status/913458662429151238)) +---- +@mboelen The release model with GitHub is a pain. We use standard git tagging for release. I'll script the @github release to sync with git tags ;-) + +(Originally on Twitter: [Thu Sep 28 18:01:26 +0000 2017](https://twitter.com/adulau/status/913463677524856832)) +---- +@alexanderjaeger @MISPProject 'uuidgen -r' will do the job in the command line. + +(Originally on Twitter: [Thu Sep 28 20:31:17 +0000 2017](https://twitter.com/adulau/status/913501386603712513)) +---- +@__Thanat0s__ MISP format is a complete standard https://datatracker.ietf.org/doc/search/?name=misp&activedrafts=on&rfcs=on for information sharing. + +(Originally on Twitter: [Thu Sep 28 20:44:05 +0000 2017](https://twitter.com/adulau/status/913504608298917890)) +---- +@__Thanat0s__ For the methodologies, they forgot the PMF model https://github.com/adulau/pmf which is critical methodology for all us ;-) + +(Originally on Twitter: [Thu Sep 28 20:44:50 +0000 2017](https://twitter.com/adulau/status/913504796321165312)) +---- +@DSMeu @Aristot73 Maybe lowering down the VAT on the reviewed and certified products? + +(Originally on Twitter: [Fri Sep 29 05:59:21 +0000 2017](https://twitter.com/adulau/status/913644345252892672)) +---- +@mboelen It's updated on the GitHub issue. Could you check if this works for your portal? + +(Originally on Twitter: [Fri Sep 29 08:38:51 +0000 2017](https://twitter.com/adulau/status/913684487585910784)) +---- +RT @MISPProject: MISP galaxy has been updated with a lot of RAT (Remote Access Tool) https://www.misp-project.org/galaxy.html#_rat thanks to @deltalimasierra fro… + +(Originally on Twitter: [Fri Sep 29 15:55:02 +0000 2017](https://twitter.com/adulau/status/913794255541370882)) +---- +RT @MISPProject: Want to meet the team behind @MISPProject don't forget to register for the Open Source Software Security Hackathon Friday… + +(Originally on Twitter: [Sat Sep 30 15:23:00 +0000 2017](https://twitter.com/adulau/status/914148579824033792)) +---- +Killing us slowly #10 https://www.flickr.com/photos/adulau/37399792122/ #blackandwhitephotography #photography ![](media/914531385251172352-DLERRoyWkAEppCB.jpg) + +(Originally on Twitter: [Sun Oct 01 16:44:08 +0000 2017](https://twitter.com/adulau/status/914531385251172352)) +---- +@RobertMLee Indeed. One of the issues comes from the "unidirectional" model of such program where more could be shared but blocked in one-way static TTP + +(Originally on Twitter: [Mon Oct 02 05:02:26 +0000 2017](https://twitter.com/adulau/status/914717186270351360)) +---- +RT @MISPProject: Collaborative intelligence support language added to @MISPProject to assist analysts to perform their analysis to get cro… + +(Originally on Twitter: [Mon Oct 02 10:31:55 +0000 2017](https://twitter.com/adulau/status/914800105353555968)) +---- +@LeFloatingGhost @Iglocska Are you using MISP to store all your "kind" images? 😉 + +(Originally on Twitter: [Tue Oct 03 17:06:27 +0000 2017](https://twitter.com/adulau/status/915261777323151360)) +---- +RT @hack_lu: hack.lu 2017 agenda is now online https://2017.hack.lu/agenda/ hurry up to take your tickets as we will be out of regular tickets… + +(Originally on Twitter: [Wed Oct 04 15:04:56 +0000 2017](https://twitter.com/adulau/status/915593584165998592)) +---- +@jwunder We are in sync even if it's 20:06 over here maybe this is the secondary effect of too much participation into technical committee. + +(Originally on Twitter: [Wed Oct 04 18:12:09 +0000 2017](https://twitter.com/adulau/status/915640701223886858)) +---- +RT @bkaskina: #kibersahs #kibersahs2017 Lively discussion after the IoT presentation by @blackswanburst ![](media/915896652199813120-DLXjxgQW0AAdRbi.jpg) + +(Originally on Twitter: [Thu Oct 05 11:09:13 +0000 2017](https://twitter.com/adulau/status/915896652199813120)) +---- +Just saw @bladerunner 2049. There is something great with life, it's when you don't know if this is life. #BladeRunner2049 + +(Originally on Twitter: [Thu Oct 05 19:43:06 +0000 2017](https://twitter.com/adulau/status/916025978308218886)) +---- +@ronindey @bladerunner She didn't last very long in this sequel... + +(Originally on Twitter: [Thu Oct 05 19:47:52 +0000 2017](https://twitter.com/adulau/status/916027178306949128)) +---- +RT @halvarflake: The unintended side effect of classification markings is that they make it easy to find classified docs in vast piles of d… + +(Originally on Twitter: [Fri Oct 06 04:47:56 +0000 2017](https://twitter.com/adulau/status/916163088503771136)) +---- +RT @_saadk: Looking forward to work with @Iglocska & @adulau https://twitter.com/MISPProject/status/916280139427860480 + +(Originally on Twitter: [Fri Oct 06 14:45:31 +0000 2017](https://twitter.com/adulau/status/916313473444966402)) +---- +RT @MISPProject: The team of @MISPProject is working hard on the next .81 release with as usual with insane objectives, new features, impro… + +(Originally on Twitter: [Fri Oct 06 18:49:52 +0000 2017](https://twitter.com/adulau/status/916374968044261378)) +---- +@MalwareJake @kaspersky @KimZetter "credit when credit is due" It's a team work even NSA is relying on others to advance CNE ;-) ![](media/916380883334164480-DLeigzOXkAAqT9p.jpg) + +(Originally on Twitter: [Fri Oct 06 19:13:22 +0000 2017](https://twitter.com/adulau/status/916380883334164480)) +---- +@KimZetter @MalwareJake @kaspersky SIMATIC PCS 7 security testing done in 2008 at INL Control System. + +(Originally on Twitter: [Fri Oct 06 19:37:21 +0000 2017](https://twitter.com/adulau/status/916386916098068480)) +---- +@KimZetter @MalwareJake @kaspersky 2005 was an assumption based on the compile time? or something else? + +(Originally on Twitter: [Fri Oct 06 19:41:57 +0000 2017](https://twitter.com/adulau/status/916388075021971457)) +---- +@xme @S_Team_Approved The funky part is the right to be forgotten when you don't have any index mapping persons and start to build one to comply with GDPR... + +(Originally on Twitter: [Sat Oct 07 07:40:47 +0000 2017](https://twitter.com/adulau/status/916568975286394881)) +---- +RT @aeris22: At left, Debian CA. At right, node hardcoded one… People using NodeJS, take caution !!! WoSign and StartTLS are *still* embedd… + +(Originally on Twitter: [Sat Oct 07 17:59:03 +0000 2017](https://twitter.com/adulau/status/916724566826913792)) +---- +I hope that the future of guns in Europe will remain as stencils on the walls. https://www.flickr.com/photos/adulau/37298364970/ #Brussels #StreetArt #photography + +(Originally on Twitter: [Sat Oct 07 21:19:36 +0000 2017](https://twitter.com/adulau/status/916775036517744640)) +---- +@ronindey Tell me. I love people ranting about photographic gears ;-) + +(Originally on Twitter: [Sat Oct 07 21:34:23 +0000 2017](https://twitter.com/adulau/status/916778756475322369)) +---- +"Automation and Estimative Language in Information Exchange" +https://www.foo.be/2017/03/Automation_and_Estimative_Language integration of analytic standards in TIP. ![](media/916960294743703552-DLmyJ2sWkAAGv90.jpg) + +(Originally on Twitter: [Sun Oct 08 09:35:45 +0000 2017](https://twitter.com/adulau/status/916960294743703552)) +---- +RT @j3ssgarcia: @sansforensics @SANSEMEA @_saadk #SANS #DFIRSummit #DFIRPrague TheHive: Use Case @SANSEMEA @sansforensics https://t.co/SSxM… + +(Originally on Twitter: [Sun Oct 08 11:33:26 +0000 2017](https://twitter.com/adulau/status/916989910363623425)) +---- +"Exploit the credentials present in files and memory" https://github.com/giMini/PowerMemory + +(Originally on Twitter: [Sun Oct 08 11:49:08 +0000 2017](https://twitter.com/adulau/status/916993864984035328)) +---- +@rafi0t and fuzzing the cookies they read too ;-) + +(Originally on Twitter: [Sun Oct 08 20:27:02 +0000 2017](https://twitter.com/adulau/status/917124196869791745)) +---- +@rafi0t @vincib I would do a very simple one. First you get a cookie, replace it with a small js beaconing and go to another page with same ads-network. + +(Originally on Twitter: [Mon Oct 09 05:38:30 +0000 2017](https://twitter.com/adulau/status/917262976087986177)) +---- +@Delbs27 git submodule update and then object update + +(Originally on Twitter: [Mon Oct 09 07:22:11 +0000 2017](https://twitter.com/adulau/status/917289071952715776)) +---- +The more I'm losing photography contests, the more I want to do photography. + +(Originally on Twitter: [Mon Oct 09 18:50:27 +0000 2017](https://twitter.com/adulau/status/917462279465111553)) +---- +We did many improvements in this MISP release. Visualisation works much better and added a basic STIX 2.0 export. +https://twitter.com/MISPProject/status/917490492899774465 + +(Originally on Twitter: [Mon Oct 09 20:50:56 +0000 2017](https://twitter.com/adulau/status/917492599644188672)) +---- +RT @piotrkijewski: "Automation and Estimative Language in Information Exchange" by @adulau https://www.foo.be/2017/03/Automation_and_Estimative_Language + +(Originally on Twitter: [Tue Oct 10 14:31:42 +0000 2017](https://twitter.com/adulau/status/917759550408790016)) +---- +RT @OASISopen: Registration opens for workshops on 8 Dec: @MISPProject & #STIX 2.0. Space limited. #BorderlessCyber #cybersecurity https://… + +(Originally on Twitter: [Wed Oct 11 05:04:51 +0000 2017](https://twitter.com/adulau/status/917979287080357889)) +---- +@Ministraitor @Iglocska I'm back from the swamp. The MISP summit agenda has been updated https://2017.hack.lu/misp-summit/ with names ;-) + +(Originally on Twitter: [Wed Oct 11 11:26:54 +0000 2017](https://twitter.com/adulau/status/918075431622004736)) +---- +@SarahSingla What's the exact relationship between Monsanto and @NuffieldFarming ? + +(Originally on Twitter: [Wed Oct 11 18:52:49 +0000 2017](https://twitter.com/adulau/status/918187649520857088)) +---- +@OASISopen I will do the talk with @Iglocska too. + +(Originally on Twitter: [Thu Oct 12 13:25:02 +0000 2017](https://twitter.com/adulau/status/918467547325923329)) +---- +RT @OASISopen: The journey, challenges & pitfalls to designing a standard for #threatintel sharing. @adulau at #BorderlessCyber, https://t.… + +(Originally on Twitter: [Thu Oct 12 13:25:13 +0000 2017](https://twitter.com/adulau/status/918467593417224192)) +---- +@thegrugq @msuiche @ComaeIo Congrats and good luck to @msuiche ;-) + +(Originally on Twitter: [Sat Oct 14 08:28:54 +0000 2017](https://twitter.com/adulau/status/919117799691358208)) +---- +On Friday 20/10, just after @hack_lu , I will be at the 2nd Open Source Security Software #hackathon https://hackathon.hack.lu/team/ @MISPProject + +(Originally on Twitter: [Sat Oct 14 13:03:01 +0000 2017](https://twitter.com/adulau/status/919186785116319745)) +---- +"Statistical Analysis of DNS Abuse in gTLDs Final Report" https://www.sidnlabs.nl/downloads/papers-reports/sadag-final-09aug17-en.pdf + +(Originally on Twitter: [Sat Oct 14 13:10:10 +0000 2017](https://twitter.com/adulau/status/919188584225300481)) +---- +@Xylit0l Could this be a memory structure/dump with the patterns from an A/V? + +(Originally on Twitter: [Sun Oct 15 08:05:29 +0000 2017](https://twitter.com/adulau/status/919474295881035776)) +---- +@Xylit0l You don't have any entry like "CORE/NT_FILE" in the elf file? Just wondering if this is not a core file. + +(Originally on Twitter: [Sun Oct 15 08:51:06 +0000 2017](https://twitter.com/adulau/status/919485776110473221)) +---- +@Xylit0l Ah those bloody CTF polluting malware repositories just like the leak of sensitive documents ;-) + +(Originally on Twitter: [Sun Oct 15 08:52:13 +0000 2017](https://twitter.com/adulau/status/919486053534355456)) +---- +We would like to thank @zedshaw for his continuous commitment to remove bullshit in programming processes https://www.foo.be/pmf/raw.md.txt @Iglocska + +(Originally on Twitter: [Sun Oct 15 09:51:42 +0000 2017](https://twitter.com/adulau/status/919501024523669504)) +---- +The positive point of @EmmanuelMacron interview was the ability to see Pierre Alechinsky work at @TF1 during prime time. #CoBrA + +(Originally on Twitter: [Sun Oct 15 19:50:46 +0000 2017](https://twitter.com/adulau/status/919651784108527616)) +---- +RT @InfoSecMatters: Today @MISPProject summit 0x3, great prez from @adulau and @rafi0t, some primer newz on #X-ISAC #infosec #sharing boots… + +(Originally on Twitter: [Mon Oct 16 13:33:40 +0000 2017](https://twitter.com/adulau/status/919919273321074689)) +---- +@Delbs27 @MISPProject @0xtf @Ministraitor @Iglocska Both. DM me your physical address. + +(Originally on Twitter: [Tue Oct 17 11:30:12 +0000 2017](https://twitter.com/adulau/status/920250587479932928)) +---- +RT @Ministraitor: Intel AMT: Using & Abusing the Ghost in the Machine #hacklu +https://youtu.be/aiMNbjzYMXo + +(Originally on Twitter: [Tue Oct 17 18:15:37 +0000 2017](https://twitter.com/adulau/status/920352613832552448)) +---- +RT @zmanion: Writing good #CVE descriptions is hard, eh @SushiDude? But submitting them is easier now: https://github.com/CVEProject/cvelist/pull/2/files + +(Originally on Twitter: [Tue Oct 17 21:33:32 +0000 2017](https://twitter.com/adulau/status/920402422056587264)) +---- +@S_Team_Approved It's maybe the time for ISO to really open their documents like IETF does and make the world a safer place. + +(Originally on Twitter: [Wed Oct 18 05:21:22 +0000 2017](https://twitter.com/adulau/status/920520158233415681)) +---- +RT @hack_lu: Agenda update: Social event will be today at 19:15 with the well known 5-minutes PowerPoint Karaoke. https://2017.hack.lu/agenda/ #… + +(Originally on Twitter: [Wed Oct 18 05:56:00 +0000 2017](https://twitter.com/adulau/status/920528870859771905)) +---- +RT @TheHive_Project: Workshop instructions https://docs.google.com/document/d/1eOVP4apmf_D27VKkrI1PNN3-MF3bN6UhdrvZ9GJjc7c/edit?usp=sharing if u’d like to prep ur env, read the DYI section /cc @MISPProject @hack_… + +(Originally on Twitter: [Wed Oct 18 16:08:42 +0000 2017](https://twitter.com/adulau/status/920683063289491456)) +---- +RT @meyny: Don't miss the Open Source Software Hackathon starting tomorrow evening, just after @hack_lu More info: https://hackathon.hack.lu… + +(Originally on Twitter: [Wed Oct 18 21:14:21 +0000 2017](https://twitter.com/adulau/status/920759982383157248)) +---- +RT @TheHive_Project: New day, New workshop at @hack_lu. If u r DYI instead of using the env we prep’ed with @MISPProject follow DYI in http… + +(Originally on Twitter: [Thu Oct 19 06:30:41 +0000 2017](https://twitter.com/adulau/status/920899988548476928)) +---- +RT @Iglocska: Coming up: joint workshop between @TheHive_Project and @MISPProject at @hack_lu with @_saadk and @adulau! https://t.co/0YxhHl… + +(Originally on Twitter: [Thu Oct 19 12:59:37 +0000 2017](https://twitter.com/adulau/status/920997868990877697)) +---- +RT @Regiteric: Common point of @MISPProject and @TheHive_Project they both have been developed by users for users. #hacklu #nomarketingbull… + +(Originally on Twitter: [Thu Oct 19 14:28:06 +0000 2017](https://twitter.com/adulau/status/921020132918427648)) +---- +RT @1sand0s: At @hack_lu I talked about developments in vulnerability disclosure and how to help governments with it. https://t.co/TKnagreV… + +(Originally on Twitter: [Thu Oct 19 15:50:39 +0000 2017](https://twitter.com/adulau/status/921040909097107457)) +---- +@shrekts @Iglocska Andras is the only trolling standard committees. Saad and myself are very nice people. + +(Originally on Twitter: [Thu Oct 19 17:32:33 +0000 2017](https://twitter.com/adulau/status/921066551599656961)) +---- +RT @shrekts: Two great projects and two amazing persons! https://twitter.com/iglocska/status/920975045966618624 + +(Originally on Twitter: [Thu Oct 19 17:33:00 +0000 2017](https://twitter.com/adulau/status/921066666506715136)) +---- +@treyka @Iglocska @shrekts 😘 + +(Originally on Twitter: [Thu Oct 19 17:43:12 +0000 2017](https://twitter.com/adulau/status/921069233173422080)) +---- +RT @_saadk: Thx @adulau & @Iglocska I really enjoyed our joint @MISPProject + @TheHive_Project workshop at @hack_lu 👍🏼 looking fwd for many… + +(Originally on Twitter: [Thu Oct 19 17:50:14 +0000 2017](https://twitter.com/adulau/status/921071003723321346)) +---- +@_saadk @Iglocska @MISPProject @TheHive_Project @hack_lu I really hope this 1st experimental workshop will lead to a full training session together for the next years. + +(Originally on Twitter: [Thu Oct 19 17:54:18 +0000 2017](https://twitter.com/adulau/status/921072026395332608)) +---- +RT @Sebdraven: #hacklu was awesome this year ! Thanks to organization, my friends and all people who I meet this year ! See you next year ! + +(Originally on Twitter: [Thu Oct 19 17:57:05 +0000 2017](https://twitter.com/adulau/status/921072727959666689)) +---- +RT @x0rz: Canadian SIGINT agency @cse_cst is releasing its Automated Malware Analysis Framework https://bitbucket.org/cse-assemblyline/assemblyline + +(Originally on Twitter: [Thu Oct 19 18:46:56 +0000 2017](https://twitter.com/adulau/status/921085270249934848)) +---- +RT @ryanhuber: Before spending $$ on next-gen-cyber-threat-super-defense-machine-deep-learning, how about you run `apt-get update/upgrade`… + +(Originally on Twitter: [Thu Oct 19 22:58:07 +0000 2017](https://twitter.com/adulau/status/921148482563518465)) +---- +RT @S_Team_Approved: Time for award of #CtF to be given by @adulau @LuxSecurityWeek #luxsecurityweek 🔜 @fluxfingers who design #CtF @hack_l… + +(Originally on Twitter: [Fri Oct 20 17:56:50 +0000 2017](https://twitter.com/adulau/status/921435052625494017)) +---- +RT @hack_lu: A huge thank you to the speakers and attendees for making the conference such a great time! +We hope to see you all next year,… + +(Originally on Twitter: [Fri Oct 20 19:15:00 +0000 2017](https://twitter.com/adulau/status/921454721801641985)) +---- +RT @blubbfiction: @hack_lu thanks for the great conference! It was very pleasant being here. + +(Originally on Twitter: [Fri Oct 20 19:15:12 +0000 2017](https://twitter.com/adulau/status/921454772951109632)) +---- +RT @doegox: "Not My Digest" write-up #hacklu #hacklu2017 now available, including source code of the attack by @realhashbreaker https://t.c… + +(Originally on Twitter: [Fri Oct 20 20:46:41 +0000 2017](https://twitter.com/adulau/status/921477795028627456)) +---- +RT @Regiteric: #hacklu hackaton is over. Great discussion with @rafi0t and @Iglocska about @MISPProject and @Suricata_IDS interactions. + +(Originally on Twitter: [Sat Oct 21 07:00:56 +0000 2017](https://twitter.com/adulau/status/921632376672964609)) +---- +Thanks to @doegox and @angealbertini for the gift and autograph in this lovely edition... #waitingforpoulpi #hacklu ![](media/921646945390727168-DMpY-1wWsAAruO-.jpg) + +(Originally on Twitter: [Sat Oct 21 07:58:49 +0000 2017](https://twitter.com/adulau/status/921646945390727168)) +---- +RT @SleuthKid: Thanks to the people who seem to not need any sleep from @circl_lu and helpers for a great #hacklu conference. + +(Originally on Twitter: [Sat Oct 21 10:04:16 +0000 2017](https://twitter.com/adulau/status/921678515124219904)) +---- +RT @angealbertini: Bye #hacklu! +It was awesome - a milestone in my life! +Proud to have presented there! +Humbled by the people I met, and th… + +(Originally on Twitter: [Sat Oct 21 10:05:32 +0000 2017](https://twitter.com/adulau/status/921678834180780033)) +---- +@p_vanostaeyen @gcaw I assume he means a dystopian dream... + +(Originally on Twitter: [Sat Oct 21 12:10:45 +0000 2017](https://twitter.com/adulau/status/921710344749436933)) +---- +I love the smell of removed files tagged as TLP:WHITE in the morning. + +(Originally on Twitter: [Sat Oct 21 15:47:38 +0000 2017](https://twitter.com/adulau/status/921764927332929536)) +---- +RT @jedisct1: #hacklu is such a wonderful conference. Super interesting talks, great crowd, great atmosphere. + +(Originally on Twitter: [Sat Oct 21 18:23:26 +0000 2017](https://twitter.com/adulau/status/921804134973624321)) +---- +Did @JCDecauxGlobal ask for the an authorisation to @CBPL_CPVP for the "facial recognition" advertising equipment in Bruxelles central? + +(Originally on Twitter: [Sat Oct 21 19:18:55 +0000 2017](https://twitter.com/adulau/status/921818095899086848)) +---- +@y0m i knew that my Russian origins will be discovered one day... + +(Originally on Twitter: [Sun Oct 22 13:05:24 +0000 2017](https://twitter.com/adulau/status/922086486505377792)) +---- +Thanks to @cyb3rops and @USCERT_gov for sharing the samples list of TA17-293A. Some interesting correlations found with past events in MISP. ![](media/922087113948090368-DMvo7PHW4AA8xYI.jpg) + +(Originally on Twitter: [Sun Oct 22 13:07:54 +0000 2017](https://twitter.com/adulau/status/922087113948090368)) +---- +@cyb3rops @USCERT_gov @MISPProject For completion about the above correlation graph, it's only based on hash correlation to see common tools (like PsExec) used among events. + +(Originally on Twitter: [Sun Oct 22 13:13:24 +0000 2017](https://twitter.com/adulau/status/922088498731081728)) +---- +RT @MISPProject: @chrisdoman @cyb3rops @craiu @USCERT_gov @0xdabbad00 @alienvault I would suggest to just remove the "automation/ids" flags… + +(Originally on Twitter: [Sun Oct 22 13:13:34 +0000 2017](https://twitter.com/adulau/status/922088542158901248)) +---- +@chrisdoman @cyb3rops @craiu @USCERT_gov @0xdabbad00 @MISPProject @alienvault Indeed that's why we will expand the MISP format to include the expiration sighting for the compromised hosts fixed. http://www.misp.software/2017/02/16/Sighting-The-Next-Level.html + +(Originally on Twitter: [Sun Oct 22 13:16:07 +0000 2017](https://twitter.com/adulau/status/922089184558448645)) +---- +When people take credits for things they didn't do, it only means that what you did is now widely socially accepted and recognized. + +(Originally on Twitter: [Sun Oct 22 15:07:35 +0000 2017](https://twitter.com/adulau/status/922117233115058177)) +---- +@pmelson @cyb3rops @USCERT_gov @MISPProject aeee996fd3484f28e5cd85fe26b6bdcd is a standard build of PsExec which was used by various actors. + +(Originally on Twitter: [Sun Oct 22 15:52:43 +0000 2017](https://twitter.com/adulau/status/922128591751704576)) +---- +@msuiche @pinkflawd She uses a different set of awkward typefaces. But it's often very aesthetic. Her slides will be at the Tate Modern gallery in 20 years. + +(Originally on Twitter: [Sun Oct 22 18:54:42 +0000 2017](https://twitter.com/adulau/status/922174389638090757)) +---- +@thegrugq - when you do an unrealistic cyber exercise. + +(Originally on Twitter: [Mon Oct 23 06:02:03 +0000 2017](https://twitter.com/adulau/status/922342333412270080)) +---- +@JCDecaux_be @JCDecauxGlobal @CBPL_CPVP Then you can fill the holes for video camera in the advertising equipment in Brussels central station? as the camera is still active... + +(Originally on Twitter: [Mon Oct 23 12:52:24 +0000 2017](https://twitter.com/adulau/status/922445602457378818)) +---- +@aris_ada @xme Especially when you have a vulnerable infineon library in your yubikey ;-) + +(Originally on Twitter: [Mon Oct 23 18:07:28 +0000 2017](https://twitter.com/adulau/status/922524893291442177)) +---- +RT @Iglocska: Pro tip:If someone claims that their magic black box automatically shares intel back from your network w/o analyst input - RU… + +(Originally on Twitter: [Mon Oct 23 18:30:37 +0000 2017](https://twitter.com/adulau/status/922530716717666314)) +---- +The GDPR question of the day: How does a controller verify the data subject/person requesting a right of access? + +(Originally on Twitter: [Tue Oct 24 15:21:43 +0000 2017](https://twitter.com/adulau/status/922845568979828738)) +---- +@Janet_LegReg You have a link to the dissertation? ;-) + +(Originally on Twitter: [Tue Oct 24 16:00:31 +0000 2017](https://twitter.com/adulau/status/922855330727505920)) +---- +@maartenvhb Maybe the AV business will start to release open source engines in the next 5 years... + +(Originally on Twitter: [Tue Oct 24 17:03:09 +0000 2017](https://twitter.com/adulau/status/922871095526592512)) +---- +RT @erkunev: 1. Any sufficiently advanced antivirus software is functionally undistinguishable from malware. + +(Originally on Twitter: [Tue Oct 24 18:14:18 +0000 2017](https://twitter.com/adulau/status/922888999257198593)) +---- +Hunting season is back in my area: idiots with guns who has no fucking clue about wild life, people and safety. + +(Originally on Twitter: [Tue Oct 24 18:35:25 +0000 2017](https://twitter.com/adulau/status/922894311636783104)) +---- +@evematringe How do they verify the identification document? E.g. Using the identification document to check or remove records from a porn website? + +(Originally on Twitter: [Wed Oct 25 06:33:27 +0000 2017](https://twitter.com/adulau/status/923075010276790272)) +---- +@Janet_LegReg Sure. We are. + +(Originally on Twitter: [Wed Oct 25 10:24:26 +0000 2017](https://twitter.com/adulau/status/923133139249238017)) +---- +RT @circl_lu: CIRCLean - USB key sanitizer version 2.3.1 released https://www.circl.lu/projects/CIRCLean/ - Bugfixes for Raspberry Pi 3 that was causing rc… + +(Originally on Twitter: [Thu Oct 26 15:52:48 +0000 2017](https://twitter.com/adulau/status/923578164600811520)) +---- +Do you want to work in a funky csirt/cert team for your scholarship/internship? https://www.circl.lu/projects/internships/ many open projects at @circl_lu + +(Originally on Twitter: [Fri Oct 27 16:50:47 +0000 2017](https://twitter.com/adulau/status/923955146995924996)) +---- +RT @maartenvhb: There's few better places to learn how a great incident response team operates on the inside. https://twitter.com/adulau/status/923955146995924996 + +(Originally on Twitter: [Fri Oct 27 16:54:42 +0000 2017](https://twitter.com/adulau/status/923956130744762369)) +---- +RT @MISPProject: MISP galaxies updated with many new libraries like Banker malware or Android related malware https://www.misp-project.org/galaxy.pdf - htt… + +(Originally on Twitter: [Fri Oct 27 19:43:40 +0000 2017](https://twitter.com/adulau/status/923998653622161408)) +---- +@inbarraz Before USB, I saw OpenSSH ;-) + +(Originally on Twitter: [Sat Oct 28 09:36:40 +0000 2017](https://twitter.com/adulau/status/924208282838892544)) +---- +RT @MISPProject: First version of the @MISPProject dashboard released including a real-time view of MISP events video: https://t.co/NeG7gHx… + +(Originally on Twitter: [Sat Oct 28 13:20:03 +0000 2017](https://twitter.com/adulau/status/924264501033172993)) +---- +RT @Ministraitor: Web Assistance for the Threat Analyst, supported by Domain Similarity #hacklu +https://youtu.be/c9yfaXxYnoo +Youtube saw the err… + +(Originally on Twitter: [Mon Oct 30 18:21:36 +0000 2017](https://twitter.com/adulau/status/925065163962757120)) +---- +RT @cudeso: MISP-Dashboard, real-time visualization of @MISPProject events +https://www.vanimpe.eu/2017/10/31/misp-dashboard-real-time-visualization-misp-events/ @circl_lu + +(Originally on Twitter: [Tue Oct 31 09:42:43 +0000 2017](https://twitter.com/adulau/status/925296968947175424)) +---- +@VessOnSecurity We do it with many honeypot/spam-trap. Let me know what's missing from your side to make it happen? + +(Originally on Twitter: [Tue Oct 31 09:45:29 +0000 2017](https://twitter.com/adulau/status/925297664945807360)) +---- +@VessOnSecurity Maybe a good start is to have a look at all the examples in PyMISP to interact with the api https://github.com/CIRCL/PyMISP/tree/master/examples + +(Originally on Twitter: [Tue Oct 31 09:51:49 +0000 2017](https://twitter.com/adulau/status/925299261570502656)) +---- +@VessOnSecurity Another good example is mail_to_misp https://github.com/MISP/mail_to_misp where you can directly run the spamtrap to get data in misp. + +(Originally on Twitter: [Tue Oct 31 09:53:37 +0000 2017](https://twitter.com/adulau/status/925299712613322752)) +---- +@VessOnSecurity I will check Cowrie and look at the format. Maybe we need to create some misp objects template for it. Thx + +(Originally on Twitter: [Tue Oct 31 09:54:56 +0000 2017](https://twitter.com/adulau/status/925300042398949376)) +---- +@VessOnSecurity It's fine we can create a new misp object https://github.com/MISP/misp-objects I'll have a look. + +(Originally on Twitter: [Tue Oct 31 10:01:49 +0000 2017](https://twitter.com/adulau/status/925301777683091456)) +---- +@VessOnSecurity That would be cool. I'll ping you. + +(Originally on Twitter: [Tue Oct 31 10:02:37 +0000 2017](https://twitter.com/adulau/status/925301975952052224)) +---- +Sometime a direct feedback via Twitter is more productive than a 4 hours meeting. + +(Originally on Twitter: [Tue Oct 31 18:17:50 +0000 2017](https://twitter.com/adulau/status/925426604289003520)) +---- +@rafi0t You want to add some more pain to the meeting. You are a real masochist... + +(Originally on Twitter: [Tue Oct 31 18:20:24 +0000 2017](https://twitter.com/adulau/status/925427249028976641)) +---- +@xme Did you ask for the source code? As they convey/distribute the software, they should provide you a way to get the source code. + +(Originally on Twitter: [Thu Nov 02 18:49:09 +0000 2017](https://twitter.com/adulau/status/926159259955617793)) +---- +RT @halvarflake: I have always been a Robert Morris Sr fanboy, but I am always amazed at what funny corners in CS history he made contribut… + +(Originally on Twitter: [Thu Nov 02 20:15:06 +0000 2017](https://twitter.com/adulau/status/926180888165183488)) +---- +I remember my first feeling while listening to @kennylark or @klausschulze but I just had this same perception with @roneofficial #music + +(Originally on Twitter: [Thu Nov 02 20:33:22 +0000 2017](https://twitter.com/adulau/status/926185487303311361)) +---- +RT @UdacityDave: All CCS 2017 papers are now available here: https://acmccs.github.io/papers/ (due to ACM's failure to provide promised "OpenTOC" ac… + +(Originally on Twitter: [Fri Nov 03 06:46:33 +0000 2017](https://twitter.com/adulau/status/926339801594388480)) +---- +@x0rz @fo0_ Le trolling sur le format OpenPGP est assez amusant mais l'objectif du format n'est pas la messagerie instantanée... + +(Originally on Twitter: [Fri Nov 03 17:33:03 +0000 2017](https://twitter.com/adulau/status/926502495756701697)) +---- +RT @koenrh: Cisco: TLS 1.3 too secure for our middle boxes https://tools.ietf.org/html/draft-camwinget-tls-use-cases-00 + +(Originally on Twitter: [Sat Nov 04 08:25:25 +0000 2017](https://twitter.com/adulau/status/926727067445743622)) +---- +Persistence is key. Not only in post-exploitation but also for open source development. + +(Originally on Twitter: [Sat Nov 04 08:27:37 +0000 2017](https://twitter.com/adulau/status/926727621949513728)) +---- +RT @alexanderjaeger: @adulau persistence is key for the whole life, no matter how it is being spent + +(Originally on Twitter: [Sat Nov 04 09:59:34 +0000 2017](https://twitter.com/adulau/status/926750763828645889)) +---- +@evilsocket Vienna, Brussels, Berlin, Paris (or Rennes or Nantes) but any EU cities will be fine as long it's a 35mm ;-) + +(Originally on Twitter: [Sat Nov 04 17:50:38 +0000 2017](https://twitter.com/adulau/status/926869309351256065)) +---- +@evilsocket I'm often 28mm, 35mm, 90mm and 135mm with a strong preference for 35mm. 35vs50 is just like vi versus Emacs ;-) + +(Originally on Twitter: [Sat Nov 04 18:05:13 +0000 2017](https://twitter.com/adulau/status/926872980310851585)) +---- +@ronindey @evilsocket It seems like a good photographic challenge then ;-) + +(Originally on Twitter: [Sat Nov 04 18:05:58 +0000 2017](https://twitter.com/adulau/status/926873167469137921)) +---- +"seeing you in colors" https://www.flickr.com/photos/adulau/24315758048/ #photography #traces + +(Originally on Twitter: [Sat Nov 04 18:38:19 +0000 2017](https://twitter.com/adulau/status/926881310802620417)) +---- +"Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI" http://www.umiacs.umd.edu/~tdumitra/papers/CCS-2017.pdf + +(Originally on Twitter: [Sun Nov 05 10:59:28 +0000 2017](https://twitter.com/adulau/status/927128222520827905)) +---- +@wimremes @BrianHonan Any technology can be GDPR compliant as long as you generate enough detailed justification to make it compliant. + +(Originally on Twitter: [Sun Nov 05 11:06:25 +0000 2017](https://twitter.com/adulau/status/927129974594789376)) +---- +@wimremes @BrianHonan In addition, the paradox of the GDPR compliance is basically the dual-use of any technology or software tight to one or more process(es). + +(Originally on Twitter: [Sun Nov 05 11:08:01 +0000 2017](https://twitter.com/adulau/status/927130375985303553)) +---- +@wimremes @BrianHonan and technical measure(s) for audit logging? Will you remove audit logs from a random request because of "right to be forgotten"? + +(Originally on Twitter: [Sun Nov 05 11:08:53 +0000 2017](https://twitter.com/adulau/status/927130595662204928)) +---- +@wimremes @BrianHonan I'm operating PGP key servers (running SKS) and I got request for removing transaction from a distributed database. Can the GDPR enforce it? + +(Originally on Twitter: [Sun Nov 05 11:10:04 +0000 2017](https://twitter.com/adulau/status/927130892199481344)) +---- +@wimremes @BrianHonan We are digging a lot on the GDPR questions on concrete operating incident response & security research aspects. This is a "complex" matter. + +(Originally on Twitter: [Sun Nov 05 11:15:16 +0000 2017](https://twitter.com/adulau/status/927132201967411200)) +---- +@wimremes @BrianHonan There is no such thing as "no" or "yes" IMHO. It's really depending of the justification of the processing, proportionality and reality. + +(Originally on Twitter: [Sun Nov 05 11:16:40 +0000 2017](https://twitter.com/adulau/status/927132551294210049)) +---- +@Ministraitor I saw this pattern with advanced/non-common photographic equipments. + +(Originally on Twitter: [Sun Nov 05 13:30:12 +0000 2017](https://twitter.com/adulau/status/927166156938645505)) +---- +@MalwareJake Do we have any indicators and timestamps? We could check if the data was already shared within an ISAC or alike in the same time-frame. + +(Originally on Twitter: [Sun Nov 05 14:41:11 +0000 2017](https://twitter.com/adulau/status/927184020055707648)) +---- +@MalwareJake I think it's really matter to confirm and validate if the information and indicators were shared at some point. Sharing is a part of DFIR. + +(Originally on Twitter: [Sun Nov 05 15:19:35 +0000 2017](https://twitter.com/adulau/status/927193682645848064)) +---- +Maybe @ICIJorg should avoid to use tons of untrusted JavaScript from various advertising networks on their website? @csgallego #privacy + +(Originally on Twitter: [Sun Nov 05 18:39:35 +0000 2017](https://twitter.com/adulau/status/927244015342440448)) +---- +@pirhoo @quinnnorton @ICIJorg You already removed some of the JavaScript. It remains googletagmanager/afr.com & twitter. Importing JS is enough it doesn't need to be ads. + +(Originally on Twitter: [Sun Nov 05 19:18:39 +0000 2017](https://twitter.com/adulau/status/927253849412337664)) +---- +@Vecchi_Paolo @rafi0t @MISPProject There many MISP users in UK ;-) let me know if you have any issues or need to join a specific community. + +(Originally on Twitter: [Mon Nov 06 18:02:20 +0000 2017](https://twitter.com/adulau/status/927597030855380993)) +---- +@Vecchi_Paolo @rafi0t @MISPProject And @Iglocska will be there too for the MISP workshop at LID on the 15th. + +(Originally on Twitter: [Mon Nov 06 18:12:34 +0000 2017](https://twitter.com/adulau/status/927599604044042241)) +---- +RT @UlfFrisk: PCILeech PCIe DMA attack toolkit updated with new FPGA bitstream design. Public inxepensive PCIe TLP and DMA access! https://… + +(Originally on Twitter: [Mon Nov 06 20:40:29 +0000 2017](https://twitter.com/adulau/status/927636827938451457)) +---- +@nora_js Maybe the PMF model in software "engineering" is not far away from chaos engineering. https://github.com/adulau/pmf + +(Originally on Twitter: [Tue Nov 07 06:21:02 +0000 2017](https://twitter.com/adulau/status/927782930897829888)) +---- +@PaulWebSec It's great. Meaning more organisations and projects are actively publishing CVE about vulnerabilities. FYI check: https://github.com/MISP/MISP/blob/2.4/CONTRIBUTING.md#reporting-security-vulnerabilities + +(Originally on Twitter: [Tue Nov 07 16:35:32 +0000 2017](https://twitter.com/adulau/status/927937572021653505)) +---- +@jc_vazquez @NSSLabs What about the open source NIDS like @Suricata_IDS or @Bro_IDS ? + +(Originally on Twitter: [Tue Nov 07 20:03:57 +0000 2017](https://twitter.com/adulau/status/927990023898705920)) +---- +@jc_vazquez @NSSLabs @Suricata_IDS @Bro_IDS The main issue with @NSSLabs or even @Gartner_inc is they avoid any open source solutions because those projects cannot paid for the tests. + +(Originally on Twitter: [Tue Nov 07 20:10:05 +0000 2017](https://twitter.com/adulau/status/927991568186744832)) +---- +@jc_vazquez @NSSLabs @Suricata_IDS @Bro_IDS @Gartner_inc So they could freely use open source projects for base-lining... + +(Originally on Twitter: [Tue Nov 07 20:17:03 +0000 2017](https://twitter.com/adulau/status/927993322249052161)) +---- +RT @Regiteric: @adulau @jc_vazquez @NSSLabs @Suricata_IDS @Bro_IDS @Gartner_inc I'm sure they could even find specialists of @Bro_IDS or @S… + +(Originally on Twitter: [Tue Nov 07 20:20:11 +0000 2017](https://twitter.com/adulau/status/927994109658267648)) +---- +@Regiteric Funny, we saw it recently with @rommelfs and wonder if HTTPie was the foreseen replacement. ![](media/927995410924343296-DODmfiXW4AMgBGN.jpg) + +(Originally on Twitter: [Tue Nov 07 20:25:21 +0000 2017](https://twitter.com/adulau/status/927995410924343296)) +---- +@vikphatak @jc_vazquez @NSSLabs @Suricata_IDS @Bro_IDS @Gartner_inc @gautamaggarwal I'm sure @Regiteric or one of his colleagues would love to support the install of Suricata in the testbed... + +(Originally on Twitter: [Wed Nov 08 06:48:13 +0000 2017](https://twitter.com/adulau/status/928152157534212096)) +---- +RT @MISPProject: There might be two gifts tomorrow: a new release of @MISPProject with many improvements and a little surprise. #ThreatIntel + +(Originally on Twitter: [Wed Nov 08 21:30:23 +0000 2017](https://twitter.com/adulau/status/928374161571024896)) +---- +The impact of @RedHatNews and @CentOSProject to not include Python 3 by default is hurting the overall open source community by slowing down the other open source projects to drop Python 2 and focus on improvements. + +(Originally on Twitter: [Thu Nov 09 06:32:15 +0000 2017](https://twitter.com/adulau/status/928510529710297089)) +---- +@ArturoBorrero @RedHatNews @CentOSProject @debian We do. But the problem is our users (eg. for @MISPProject ) from financial or governmental sectors relying on the RedHat product line and they will not change because our their support contract. + +(Originally on Twitter: [Thu Nov 09 09:35:51 +0000 2017](https://twitter.com/adulau/status/928556732175003648)) +---- +@MathiasBrossard @RedHatNews @CentOSProject Nothing block RedHat to install Python 2 and 3 together by default. + +(Originally on Twitter: [Thu Nov 09 17:10:34 +0000 2017](https://twitter.com/adulau/status/928671164754427904)) +---- +@MathiasBrossard @RedHatNews @CentOSProject Indeed and keeping customer in their lock-in support model... + +(Originally on Twitter: [Thu Nov 09 17:13:57 +0000 2017](https://twitter.com/adulau/status/928672019398488064)) +---- +Don't mixup @TheHive_Project with the #HIVE C2 framework from CIA. Not the same objectives. + +(Originally on Twitter: [Thu Nov 09 17:32:52 +0000 2017](https://twitter.com/adulau/status/928676778679394305)) +---- +RT @webmink: If Apple didn't force the CUPS community to grant ownership via a CLA, I wonder how many would have agreed to switch from GPL… + +(Originally on Twitter: [Thu Nov 09 17:36:58 +0000 2017](https://twitter.com/adulau/status/928677809240895488)) +---- +RT @nadouani: I agree. Every time one says HIVE instead of TheHive, God kills a Kitten. How many more have to die? cc @TheHive_Project 🤣 ht… + +(Originally on Twitter: [Thu Nov 09 17:47:22 +0000 2017](https://twitter.com/adulau/status/928680427023486978)) +---- +"C=HU, ST=Budapest, O=ComodoSign Inc-test, OU=ComodoSign IdenSign-test, CN=ComodoSign Identity Signer-test" -> "FA:E9:DD:DA:68:08:52:AC:B9:74:12:A2:95:24:D4:B0:AB:B5:18:2F" #vault8 + +(Originally on Twitter: [Thu Nov 09 19:41:47 +0000 2017](https://twitter.com/adulau/status/928709220207353856)) +---- +@ncoghlan_dev @SteveClement @BitIntegrity @RedHatNews @CentOSProject If those Python 3 packages are so good, why are those not system-wide installed (without funky paths ;-) and installed by default? Other gnu/linux distributions are doing it well. + +(Originally on Twitter: [Fri Nov 10 06:38:28 +0000 2017](https://twitter.com/adulau/status/928874480302264320)) +---- +@ncoghlan_dev @SteveClement @BitIntegrity @RedHatNews @CentOSProject Ok it's a valid business/economical model to support old legacy Python but It could become a signifiant disadvantage for RedHat when customers search for recent software (proprietary or open source) using Python 3 and are willing to pay for support. + +(Originally on Twitter: [Fri Nov 10 06:52:05 +0000 2017](https://twitter.com/adulau/status/928877906297786368)) +---- +"Exfiltration of Data from Air-gapped Networks via Unmodulated LED Status Indicators" https://arxiv.org/abs/1711.03235 + +(Originally on Twitter: [Fri Nov 10 10:47:21 +0000 2017](https://twitter.com/adulau/status/928937112308678657)) +---- +RT @MISPProject: MISP 2.4.82 released (aka improved pub-sub ZMQ) along with improved CSV export, STIX (1.x and 2) export, feed improvement… + +(Originally on Twitter: [Fri Nov 10 10:47:33 +0000 2017](https://twitter.com/adulau/status/928937165479972864)) +---- +RT @MISPProject: A first experimental version of the @MISPProject dashboard including an overview of the contribution with a "gaming-like"… + +(Originally on Twitter: [Fri Nov 10 16:12:08 +0000 2017](https://twitter.com/adulau/status/929018846836609025)) +---- +@tomchop_ @pstirparo @jfslowik @ComradeCookie @MISPProject This is a great idea! I see a hackathon soon ;-) + +(Originally on Twitter: [Fri Nov 10 16:35:19 +0000 2017](https://twitter.com/adulau/status/929024681172258816)) +---- +If you are looking for a song to boost yourself to work on some difficult projects and especially to release these projects. @RoneOfficial and Alain Damasio together https://www.youtube.com/watch?v=Dzrw52pTpso might help you to *do*. #music + +(Originally on Twitter: [Sat Nov 11 11:19:30 +0000 2017](https://twitter.com/adulau/status/929307594946174976)) +---- +"Timing Performance Profiling of Substation Control Code for IED Malware Detection" +https://c2d5630a-a-62cb3a1a-s-sites.googlegroups.com/site/rrushijulian/publications/Substation%20code%20profiling.pdf?attachauth=ANoY7coCMEUOgE2ubK73ML6OmoX4o9lsqPwoYjyhkqAWT-rm_3yh7hK5uqYh2chCnT0GUEfV8ZVAgqTyK-HIBh7xygJAC5PNegT1actiJmBQti1-KyMnQfqFd-l6_LBUDW0anpTZBZpQjuomyZMyu3_bqNsHxUHe1vD7hAzBAJerOFKFik4LtJrcVCxvKgs_LTb3Xld10IUzvzkFb3bZZhM6fjQYuRnJPvzVh0K5YdrLfAX0OAGvo9dDy8FLsXxAmAQqAKJb9t8o&attredirects=0 presents a binary static analysis approach to detect intelligentelectronic device (IED) malware based on the time requirements of +electrical substations. + +(Originally on Twitter: [Sat Nov 11 11:51:29 +0000 2017](https://twitter.com/adulau/status/929315641710010369)) +---- +"New surveillance legislation & intelligence oversight challenges: the Dutch experience” https://www.ctivd.nl/publicaties/documenten/toespraken/2016/10/11/index The section 3 is interesting. ![](media/929677866740183040-DObebRTXkAEgUgA.jpg) + +(Originally on Twitter: [Sun Nov 12 11:50:50 +0000 2017](https://twitter.com/adulau/status/929677866740183040)) +---- +@cudeso @MISPProject @chrisred_68 @Iglocska @enisa_eu @SedonaCyberLink As you are a regular contributor, you'll get one ;-) + +(Originally on Twitter: [Mon Nov 13 05:30:38 +0000 2017](https://twitter.com/adulau/status/929944572364509184)) +---- +When I see '4th generation cyber machine learning' on glossy marketing papers, I always read it as "4chan machine learning". + +(Originally on Twitter: [Mon Nov 13 16:31:50 +0000 2017](https://twitter.com/adulau/status/930110968918659072)) +---- +If you are in #luxembourg tomorrow, I'll give a short talk tomorrow at @LU_CIX #LID2017 about the analysis of backscatter traffic and the DDoS against North Korea in 2017. We will also do in-depth workshop about DDoS and an @MISPProject information sharing workshop. ![](media/930527782156857345-DOnlq8nX4AAS8_N.jpg) + +(Originally on Twitter: [Tue Nov 14 20:08:06 +0000 2017](https://twitter.com/adulau/status/930527782156857345)) +---- +RT @SEInews: #CERT is hiring an Analysis Team Lead with a love of learning,a deep interest in #cybersecurity, and a desire to innovate. #te… + +(Originally on Twitter: [Wed Nov 15 19:41:43 +0000 2017](https://twitter.com/adulau/status/930883532565643265)) +---- +@da_667 I'm pretty sure that the @MISPProject would be glad to have a small documentation describing the integration. And maybe they would be willing to send some goodies to the ones contributing ;-) + +(Originally on Twitter: [Fri Nov 17 18:49:43 +0000 2017](https://twitter.com/adulau/status/931595220935946240)) +---- +If you regularly do IR and got access to an encrypted stream of an adversary, save it as soon as possible. The future can be bright sometime... + +(Originally on Twitter: [Sat Nov 18 06:44:02 +0000 2017](https://twitter.com/adulau/status/931774983122161664)) +---- +@SNCB @PhilippeMeert The best would be to tell your controllers to lift the overcharge of 7EUR until your IT is fixed and not force your customers to face SNCB bureaucracy. + +(Originally on Twitter: [Sat Nov 18 10:44:25 +0000 2017](https://twitter.com/adulau/status/931835479103889408)) +---- +@a_z_e_t @BSidesVienna Indeed there is only one silver box in life. The TB-303 but you need all the genius of @Hardfloor303 to make it alive. + +(Originally on Twitter: [Sat Nov 18 13:16:41 +0000 2017](https://twitter.com/adulau/status/931873798520963073)) +---- +@CYINT_dude @BrianPKime The admiralty scale taxonomy is in @MISPProject taxonomies and available as machine parsable format too along with many others. https://www.misp-project.org/taxonomies.html#_admiralty_scale + +(Originally on Twitter: [Sat Nov 18 17:08:06 +0000 2017](https://twitter.com/adulau/status/931932036482437120)) +---- +RT @BrianPKime: @adulau @CYINT_dude @MISPProject I'm aware. My team uses @MISPProject ! + +(Originally on Twitter: [Sat Nov 18 17:15:41 +0000 2017](https://twitter.com/adulau/status/931933943095549952)) +---- +@BrianPKime @CYINT_dude @MISPProject Cool! If you need additional taxonomies or have ideas for improvement, let us know. + +(Originally on Twitter: [Sat Nov 18 17:16:25 +0000 2017](https://twitter.com/adulau/status/931934127414235136)) +---- +art is (just) interpretation with the fine people from @EclecticIQ including @Raymonsan and many others https://www.flickr.com/photos/adulau/38506371501/ #photography + +(Originally on Twitter: [Sat Nov 18 21:00:54 +0000 2017](https://twitter.com/adulau/status/931990621912469506)) +---- +@cropprotection I still don't get why @TwitterSupport still accept such advertising and promoted tweets which is basically lying to the public, denying scientific publications and the worst part promoting dangerous practices which impact health at large and biodiversity. + +(Originally on Twitter: [Sun Nov 19 10:54:11 +0000 2017](https://twitter.com/adulau/status/932200323858526208)) +---- +Maybe the artist(s) in #Brussels who did the variation of "De lijken van de gebroeders De Witt" understand(s) much more about the state of our societies nowadays than any politicians. https://www.flickr.com/photos/adulau/38465361896/ #photography #StreetArt + +(Originally on Twitter: [Sun Nov 19 15:35:03 +0000 2017](https://twitter.com/adulau/status/932271008190533632)) +---- +@Network232 Not sure if the price list is public... + +(Originally on Twitter: [Sun Nov 19 19:25:19 +0000 2017](https://twitter.com/adulau/status/932328957382483968)) +---- +Instead of fighting with legal paperworks to be able to setup a simple replies-only passive dns collector for a single ISP, security people should operate an open recursive like IBM 9.9.9.9 or Google 8.8.8.8. The paradox is funky especially when security people also notify these. + +(Originally on Twitter: [Mon Nov 20 07:13:54 +0000 2017](https://twitter.com/adulau/status/932507277701058565)) +---- +@DrScriptt A public anycast instance streaming all the DNS responses in a public pub-sub channel. + +(Originally on Twitter: [Tue Nov 21 06:37:32 +0000 2017](https://twitter.com/adulau/status/932860512429322240)) +---- +@Regiteric @doegox @cbrocas @follc J'ai une mémoire de chat et donc je ne me souviens jamais de rien surtout si c'est photographique 😉 + +(Originally on Twitter: [Tue Nov 21 18:53:27 +0000 2017](https://twitter.com/adulau/status/933045712304181249)) +---- +RT @pombr: Introducing "purl" aka. package URLs to id and locate a software package in a mostly universal way https://github.com/package-url/purl-spec/pull/1 + +(Originally on Twitter: [Wed Nov 22 11:05:45 +0000 2017](https://twitter.com/adulau/status/933290400256811009)) +---- +RT @Fox0x01: On my way to our private RE Bootcamp #Blackhoodie17, initiated by @pinkflawd. <3 +Super excited to be giving a workshop on wri… + +(Originally on Twitter: [Thu Nov 23 17:42:23 +0000 2017](https://twitter.com/adulau/status/933752604215177217)) +---- +RT @joernchen: @4Dgifts @sergeybratus Other observation: + +The infosec industry failed since forever to stop the trend of piling more and mo… + +(Originally on Twitter: [Thu Nov 23 18:49:21 +0000 2017](https://twitter.com/adulau/status/933769455724912640)) +---- +@michelhenrion @solidaris Il ne faut pas chercher de la rationalité dans une discussion purement religieuse ;-) + +(Originally on Twitter: [Thu Nov 23 18:53:54 +0000 2017](https://twitter.com/adulau/status/933770600803393536)) +---- +@andreasdotorg DM @pinkflawd if needed + +(Originally on Twitter: [Thu Nov 23 19:37:07 +0000 2017](https://twitter.com/adulau/status/933781476256243712)) +---- +RT @barbieauglend: Great evening yesterday with @rafi0t and @talynrae ❤️ just to remember that we also have men in #infosec who are support… + +(Originally on Twitter: [Fri Nov 24 07:54:23 +0000 2017](https://twitter.com/adulau/status/933967014930022400)) +---- +RT @circl_lu: AIL (Analysis Information Leak framework) improved and now includes an automatic alerting feature to share leaks via @MISPPro… + +(Originally on Twitter: [Fri Nov 24 20:29:33 +0000 2017](https://twitter.com/adulau/status/934157059624505345)) +---- +You know that you are part of a great team when you discuss an idea to implement and all members are caring to make it better. + +(Originally on Twitter: [Sat Nov 25 07:09:54 +0000 2017](https://twitter.com/adulau/status/934318209280413696)) +---- +RT @MuckRock: 50 years and a lawsuit later, the #CIA's classified cat photos can finally be shared with the internet https://t.co/Tqp8nCWwc… + +(Originally on Twitter: [Sun Nov 26 18:39:33 +0000 2017](https://twitter.com/adulau/status/934854151703531520)) +---- +RT @rafi0t: I totally forgot to mention it, but @circl_lu has a bunch of open positions for internships: https://www.circl.lu/projects/internships/ +And we're… + +(Originally on Twitter: [Mon Nov 27 19:00:36 +0000 2017](https://twitter.com/adulau/status/935221840154423297)) +---- +RT @SleuthKid: @circl_lu is a role model for how our industry should be. free, open and inclusive. Apply if you want to see yourself. https… + +(Originally on Twitter: [Mon Nov 27 19:42:08 +0000 2017](https://twitter.com/adulau/status/935232291235880960)) +---- +RT @Ministraitor: This was the last event to record on my schedule for this year, bringing the total up to 29. +A huge thank you in particul… + +(Originally on Twitter: [Tue Nov 28 05:50:23 +0000 2017](https://twitter.com/adulau/status/935385362486177792)) +---- +The importance of keeping an history in information security is critical. We need dedicated people and @Ministraitor is obviously the lead historian and great archivist for all of us. 👍🏻https://mobile.twitter.com/Ministraitor/status/935286906430115841 + +(Originally on Twitter: [Tue Nov 28 05:54:40 +0000 2017](https://twitter.com/adulau/status/935386440594321408)) +---- +Very nifty library from @ANSSI_FR "A Python library to ease the development of encoders and decoders for various protocols and file formats; contains ASN.1 and CSN.1 compilers. " https://github.com/ANSSI-FR/pycrate and there is no dependencies beside Python. + +(Originally on Twitter: [Tue Nov 28 11:08:27 +0000 2017](https://twitter.com/adulau/status/935465406965387264)) +---- +RT @oe1cxw: WD ships >1B processors per year, and just announced they will move them all to @risc_v. ![](media/935589124538499072-DPvgd9ZUIAArQsR.jpg) + +(Originally on Twitter: [Tue Nov 28 19:20:04 +0000 2017](https://twitter.com/adulau/status/935589124538499072)) +---- +@Aristot73 @ANSSI_FR That's a damn good question. "Une librairie astucieuse, géniale et pratique" I feel like Salvatore of Montferra sometime where we speak "all languages and none" at the same time. + +(Originally on Twitter: [Tue Nov 28 21:06:23 +0000 2017](https://twitter.com/adulau/status/935615879743713281)) +---- +Maybe it's the time for @NSAGov to open source Red Disk (even if it failed). It will help everyone building "threat intelligence" tools to make these better by learning from mistakes and maybe get additional ideas from the project. #ThreatIntel + +(Originally on Twitter: [Wed Nov 29 07:57:24 +0000 2017](https://twitter.com/adulau/status/935779714542731264)) +---- +@SleuthKid @NSAGov Indeed but it covers the flow aspect where we could get some ideas for AIL (https://github.com/CIRCL/AIL-framework/). I'm wondering about their use-cases and what failed when Red Disk was used on the field (for @MISPProject improvements ;-). + +(Originally on Twitter: [Wed Nov 29 08:23:34 +0000 2017](https://twitter.com/adulau/status/935786298631221249)) +---- +@SleuthKid @NSAGov @MISPProject The funny part it seems they implemented TLSH in May this year ;-) https://git-wip-us.apache.org/repos/asf?p=nifi.git;a=history;f=nifi-nar-bundles/nifi-cybersecurity-bundle/nifi-cybersecurity-processors/src/main/java/org/apache/nifi/processors/cybersecurity/matchers/TLSHHashMatcher.java;hb=73fa0429f0dada32a1935a307dbb39308bd21f54 + +(Originally on Twitter: [Wed Nov 29 08:32:48 +0000 2017](https://twitter.com/adulau/status/935788623957516289)) +---- +RT @MISPProject: New release (with major improvements) of the @MISPProject dashboard including API usage, trending dashboard, users, improv… + +(Originally on Twitter: [Thu Nov 30 16:13:04 +0000 2017](https://twitter.com/adulau/status/936266842020163584)) +---- +Just a quick question for the DFIR people around: are you actively using DFXML? If yes, is this integrated in your forensic tool chain? And what's your feedback on the format itself? + +(Originally on Twitter: [Fri Dec 01 06:21:01 +0000 2017](https://twitter.com/adulau/status/936480232730775552)) +---- +RT @hack_lu: Don't forget to save the dates in your agenda for the 16-18 October 2018 @hack_lu 2018 #conference #luxembourg #infosec + +(Originally on Twitter: [Fri Dec 01 19:59:37 +0000 2017](https://twitter.com/adulau/status/936686240040144896)) +---- +RT @TheHive_Project: Dec 5, 2017: two things will happen. Our joint workshop with @MISPProject during @Botconf (where food meets content) &… + +(Originally on Twitter: [Sat Dec 02 08:12:34 +0000 2017](https://twitter.com/adulau/status/936870696344371200)) +---- +Always expect your internal DNS resolvers to leak toward the Internet. So don't put sensitive internal configuration in local DNS records. Just saying. + +(Originally on Twitter: [Sat Dec 02 08:28:25 +0000 2017](https://twitter.com/adulau/status/936874681642057729)) +---- +@GunstickULM Misconfigured recursive dns, moving dns resolver clients and so on + +(Originally on Twitter: [Sat Dec 02 11:01:31 +0000 2017](https://twitter.com/adulau/status/936913214029275141)) +---- +@rafi0t @WEareTROOPERS @hack_lu I'm curious if we can easily extend it to automatically generate the markdown from pretalx. + +(Originally on Twitter: [Sat Dec 02 21:58:32 +0000 2017](https://twitter.com/adulau/status/937078556353613825)) +---- +What's the new name of an automatic reverse shell/back-door? remote support of course! +https://twitter.com/circl_lu/status/937087140583890946 + +(Originally on Twitter: [Sat Dec 02 22:37:38 +0000 2017](https://twitter.com/adulau/status/937088394299170816)) +---- +@cygnetix Indeed, X.509 certificate (via CT) is another leaking data point. + +(Originally on Twitter: [Sun Dec 03 06:22:53 +0000 2017](https://twitter.com/adulau/status/937205479427727360)) +---- +RT @MISPProject: We (@adulau @Iglocska) will be at the @OASISopen and @FIRSTdotOrg Borderless Cyber Conference and Technical Symposium whi… + +(Originally on Twitter: [Sun Dec 03 09:00:04 +0000 2017](https://twitter.com/adulau/status/937245034717630465)) +---- +@kerouanton @angealbertini @Monodraw How complex would be to write an inkscape ASCII art exporter? + +(Originally on Twitter: [Sun Dec 03 09:27:51 +0000 2017](https://twitter.com/adulau/status/937252027859685376)) +---- +"Flowsynth is a tool for rapidly modelling network traffic. Flowsynth can generate text-based hexdumps of packets and libpcap format packet captures." by @WillUrbanski https://twitter.com/WillUrbanski/status/937326079231930369 A neat tool. Could be used to generate pcap from @MISPProject event for NIDS validation + +(Originally on Twitter: [Sun Dec 03 15:04:21 +0000 2017](https://twitter.com/adulau/status/937336709838266370)) +---- +During a training, we had a simple question "What's your process to encode existing OSINT information into MISP?" #ThreatIntel I started to document the process in @xmind https://github.com/adulau/misp-osint-collection it's still very experimental and missing many steps. It will evolve. ![](media/937346419807186944-DQIeUVjWkAE_S09.jpg) + +(Originally on Twitter: [Sun Dec 03 15:42:56 +0000 2017](https://twitter.com/adulau/status/937346419807186944)) +---- +@pstirparo @jfslowik @ThreemaApp mattermost is a potential solution https://github.com/mattermost/mattermost-server which can be deployed on your own infrastructure. + +(Originally on Twitter: [Sun Dec 03 16:07:35 +0000 2017](https://twitter.com/adulau/status/937352624629743617)) +---- +RT @fschifilliti: A great step into one of the main operative question when an org really have to leverage CTI https://twitter.com/adulau/status/937346419807186944 + +(Originally on Twitter: [Sun Dec 03 18:28:23 +0000 2017](https://twitter.com/adulau/status/937388059552878599)) +---- +Doing DFIR/OSINT and technical investigations which rely on WHOIS records. We might end up with privacy-by-default for all the WHOIS records. For who will be the gain? The users or the criminals? +"Domain privacy conflict fuels GDPR WHOIS incompatibility" +https://www.eurodns.com/blog/domain-privacy-eu-gdpr + +(Originally on Twitter: [Mon Dec 04 09:08:45 +0000 2017](https://twitter.com/adulau/status/937609607496847360)) +---- +@S_Team_Approved https://www.youtube.com/watch?v=whEWE6WC1Ew + +(Originally on Twitter: [Mon Dec 04 14:57:01 +0000 2017](https://twitter.com/adulau/status/937697255687061504)) +---- +RT @tricaud: Solid information there! Thanks @adulau https://twitter.com/adulau/status/937346419807186944 + +(Originally on Twitter: [Mon Dec 04 18:23:45 +0000 2017](https://twitter.com/adulau/status/937749280835633152)) +---- +RT @arianevans: In 2+ years at RiskIQ I found not one company with an accurate or complete inventory. A few claimed they did but they were… + +(Originally on Twitter: [Tue Dec 05 06:35:32 +0000 2017](https://twitter.com/adulau/status/937933437075378176)) +---- +@Regiteric Names names names! + +(Originally on Twitter: [Tue Dec 05 12:44:21 +0000 2017](https://twitter.com/adulau/status/938026254569263104)) +---- +@Regiteric @SavviusInc I suppose they don’t use any open source libraries, wrote an operating system from scratch and discover that network forensic software is always safe. + +(Originally on Twitter: [Tue Dec 05 13:00:13 +0000 2017](https://twitter.com/adulau/status/938030249832538114)) +---- +@langnergroup An open source SIEM would ease auditing, ensuring preservation of the logs on long term and avoid queries going to some random vendor clouds... + +(Originally on Twitter: [Tue Dec 05 16:18:35 +0000 2017](https://twitter.com/adulau/status/938080170015064064)) +---- +RT @0xtf: Very cool workshop from @TheHive_Project and @MISPProject! A lot of ideas flowing, and a big increase in the todo list! https://t… + +(Originally on Twitter: [Tue Dec 05 19:33:52 +0000 2017](https://twitter.com/adulau/status/938129313576226817)) +---- +Just arrived in Prague for the @FIRSTdotOrg and @OASISopen CTI conference. If you want to poke me for @MISPProject stickers, discussions or research/internship projects with @circl_lu feel free. + +(Originally on Twitter: [Tue Dec 05 19:36:57 +0000 2017](https://twitter.com/adulau/status/938130090348744704)) +---- +RT @MISPProject: MISP 2.4.83 released (aka attributes-level tag filtering and more) +https://www.misp-project.org/2017/12/06/MISP.2.4.83.released.html #ThreatIntelligence Many new f… + +(Originally on Twitter: [Wed Dec 06 05:43:17 +0000 2017](https://twitter.com/adulau/status/938282676309647360)) +---- +RT @jberggren: Thinking in Graphs: Exploring with Timesketch: https://medium.com/timesketch/thinking-in-graphs-exploring-with-timesketch-84b79aecd8a6 #DFIR #infosec + +(Originally on Twitter: [Wed Dec 06 13:09:02 +0000 2017](https://twitter.com/adulau/status/938394855021203457)) +---- +@rafi0t @tomchop_ I’m sure we could organise a hackathon in Luxembourg by the way there will be the hackathon in Zurich too in January. + +(Originally on Twitter: [Wed Dec 06 14:17:01 +0000 2017](https://twitter.com/adulau/status/938411961435422720)) +---- +RT @brucedang: Deobfuscating Warbird by Alexander Gazet, @metasm & windbg code and brief summary from an unpublished chapter of our book h… + +(Originally on Twitter: [Thu Dec 07 06:12:21 +0000 2017](https://twitter.com/adulau/status/938652378772987905)) +---- +A very good point from Ryusuke Masuoka at @FIRSTdotOrg @OASISopen conference. The supposed importance of the representation is maybe hiding the inner meaning of the information shared and how contextual information is more critical at the end. #ThreatIntelligence ![](media/938686132702908416-DQbiCkAVwAAPs-V.jpg) + +(Originally on Twitter: [Thu Dec 07 08:26:28 +0000 2017](https://twitter.com/adulau/status/938686132702908416)) +---- +RT @circl_lu: "Fail frequently to avoid disaster or how to organically build a threat intelligence sharing standard" presentation available… + +(Originally on Twitter: [Thu Dec 07 12:00:41 +0000 2017](https://twitter.com/adulau/status/938740041995771916)) +---- +"Mutiny Fuzzing Framework is a network fuzzer that operates by replaying PCAPs through a mutational fuzzer." https://github.com/Cisco-Talos/mutiny-fuzzer + +(Originally on Twitter: [Thu Dec 07 19:56:45 +0000 2017](https://twitter.com/adulau/status/938859849139605504)) +---- +RT @Andrew___Morris: HUGE SHOUTS OUT to @tenacioustek for coding up this seriously badass Python3 API + command line tool for the alpha @Gr… + +(Originally on Twitter: [Fri Dec 08 05:34:52 +0000 2017](https://twitter.com/adulau/status/939005333883592704)) +---- +RT @Iglocska: #borderlesscyber it's over, it was a fun event for both @adulau and me. Lots of food for thought and interesting discussion i… + +(Originally on Twitter: [Fri Dec 08 17:41:28 +0000 2017](https://twitter.com/adulau/status/939188191386591234)) +---- +RT @Piuliss: Working-friendly meeting . A lot of new ideas for #manati and #misp . Very Productive cc: @adulau @Iglocska BTW take care when… + +(Originally on Twitter: [Fri Dec 08 21:47:47 +0000 2017](https://twitter.com/adulau/status/939250179110330370)) +---- +@Piuliss @Iglocska Thank you too. It's always refreshing to have discussions and constructive ideas with other open source developers working on great infosec tools to support security analysts. Many ideas/todos for @MISPProject @TheHive_Project and Manati https://github.com/stratosphereips/Manati + +(Originally on Twitter: [Fri Dec 08 21:53:56 +0000 2017](https://twitter.com/adulau/status/939251727613784065)) +---- +RT @maartenvhb: Congratulations @chiyin_sim ! https://twitter.com/magnumfnd/status/939164627220525056 + +(Originally on Twitter: [Sat Dec 09 06:34:59 +0000 2017](https://twitter.com/adulau/status/939382852130615297)) +---- +Do you known someone using their cat(s) to hide and cary information using under skin rfid? Beside the normal tagging for animal registration. #exfiltration + +(Originally on Twitter: [Sat Dec 09 06:54:01 +0000 2017](https://twitter.com/adulau/status/939387642910822400)) +---- +@Iglocska You might need to have a written approval to take a picture of people back. + +(Originally on Twitter: [Sat Dec 09 10:04:52 +0000 2017](https://twitter.com/adulau/status/939435671026110464)) +---- +RT @achillean: Wrote some code to analyze they keys of public Redis instances. The most common name is "crackit": https://github.com/achillean/redis-keys + +(Originally on Twitter: [Sun Dec 10 08:37:51 +0000 2017](https://twitter.com/adulau/status/939776158740238337)) +---- +RT @LaF0rge: The reality of ePassports: https://www.icao.int/Meetings/TRIP-HongKong-2017/Documents/TRIP2017.HongKong.Rajesh(edited).pdf wrong ASN.1 length, never-changing certificates, wrong encoding -> 34% of p… + +(Originally on Twitter: [Sun Dec 10 13:39:01 +0000 2017](https://twitter.com/adulau/status/939851953051496448)) +---- +@matthieugarin C'est pour cela que les activités récurrentes/continues de pentesting devrait faire parties du développement logiciel et non comme une activité sporadique et détachée de la réalité de la programmation. + +(Originally on Twitter: [Sun Dec 10 13:50:06 +0000 2017](https://twitter.com/adulau/status/939854740334276608)) +---- +There is a significant related general issue. How can we verify the authenticity of a leak? There are many standard intelligence analytical techniques but does it work? Can the source validate a leak properly in case of a compromised infrastructure? https://twitter.com/ldelavaissiere/status/939805617656619008 + +(Originally on Twitter: [Sun Dec 10 14:12:22 +0000 2017](https://twitter.com/adulau/status/939860343811117057)) +---- +@alexcryptan Even the "Chapelle" from Wim Delvoye? Indeed, the building is incredible. + +(Originally on Twitter: [Sun Dec 10 14:30:19 +0000 2017](https://twitter.com/adulau/status/939864861428928512)) +---- +@pombr My source reliability of "Canard enchaîné" OSINT source (if @ldelavaissiere made an original copy) is admiralty-scale:source-reliability=" Usually reliable" https://www.misp-project.org/taxonomies.html#_admiralty_scale + +(Originally on Twitter: [Sun Dec 10 15:22:03 +0000 2017](https://twitter.com/adulau/status/939877881987190784)) +---- +I did a first version of a taxonomy to support the workflow of the analysts in @MISPProject https://www.misp-project.org/taxonomies.html#_workflow thanks to @mount_knowledge for the feedback #threatintelligence Additional ideas or improvements are welcome. ![](media/939885970417168384-DQsj3_kW0AEm-D8.jpg) + +(Originally on Twitter: [Sun Dec 10 15:54:12 +0000 2017](https://twitter.com/adulau/status/939885970417168384)) +---- +RT @_MG_: Decided to get one of those USB spy cables with hidden microphone & GPS cell tracker. Noticed a few things... (1/n) https://t.co/… + +(Originally on Twitter: [Sun Dec 10 16:21:02 +0000 2017](https://twitter.com/adulau/status/939892724957876224)) +---- +"running up that hill" in Prague https://www.flickr.com/photos/adulau/25094880248/in/dateposted-public/ #photography #blackandwhitephotography + +(Originally on Twitter: [Sun Dec 10 19:24:56 +0000 2017](https://twitter.com/adulau/status/939939005289902080)) +---- +RT @pinkflawd: #blackhoodie17 materials released here https://www.blackhoodie.re/archive/ million thanks to the respective authors \m/ + +(Originally on Twitter: [Mon Dec 11 19:32:23 +0000 2017](https://twitter.com/adulau/status/940303265488662528)) +---- +@alexanderjaeger Maybe https://github.com/mediadrop/mediadrop ? + +(Originally on Twitter: [Mon Dec 11 20:59:33 +0000 2017](https://twitter.com/adulau/status/940325202956898304)) +---- +RT @marasawr: @hacks4pancakes Afaict, lack of harmonisation in naming conventions is much more of a policy problem than an analyst problem.… + +(Originally on Twitter: [Tue Dec 12 07:56:13 +0000 2017](https://twitter.com/adulau/status/940490456764477440)) +---- +@marasawr @hacks4pancakes @MISPProject Indeed we try to classify the mess. Pull-requests more than welcome. http://www.misp-project.org/galaxy.html + +(Originally on Twitter: [Tue Dec 12 07:58:42 +0000 2017](https://twitter.com/adulau/status/940491085683490816)) +---- +@Sebdraven The distribution point of Loki using compromised multihomed servers is very common. Not sure if we can conclude this with a single correlation. + +(Originally on Twitter: [Tue Dec 12 13:22:40 +0000 2017](https://twitter.com/adulau/status/940572613692227584)) +---- +@Sebdraven Could be or the payload delivery of the first stage is close to the one from the old Dridex. Not sure about those samples, I didn’t check. + +(Originally on Twitter: [Tue Dec 12 13:30:11 +0000 2017](https://twitter.com/adulau/status/940574502253146112)) +---- +@Sebdraven Interesting. Could you make proposals to the @MISPProject event with your findings? And maybe add some collaborative analysis tag to review the analysis. Thanks! + +(Originally on Twitter: [Tue Dec 12 13:45:33 +0000 2017](https://twitter.com/adulau/status/940578371817365505)) +---- +" Improving Malware Detection Accuracy by Extracting Icon Information" +https://arxiv.org/abs/1712.03483 "our experiments show an average accuracy increase of 10% when icon clusters are used in the prediction model." Really? I need to test this. + +(Originally on Twitter: [Tue Dec 12 14:41:24 +0000 2017](https://twitter.com/adulau/status/940592426326032384)) +---- +RT @adulau: @marasawr @hacks4pancakes @MISPProject Indeed we try to classify the mess. Pull-requests more than welcome. https://t.co/qIkLvq… + +(Originally on Twitter: [Tue Dec 12 19:13:04 +0000 2017](https://twitter.com/adulau/status/940660794114572289)) +---- +@jwunder Do we need to reboot, reset, or even do a cold boot? Asking for a friend. + +(Originally on Twitter: [Tue Dec 12 19:28:29 +0000 2017](https://twitter.com/adulau/status/940664673032171523)) +---- +RT @halvarflake: I am happy about the many RE tools that are available as open source now. It may also be an indicator of RE tools being a… + +(Originally on Twitter: [Wed Dec 13 05:13:22 +0000 2017](https://twitter.com/adulau/status/940811862605795328)) +---- +RT @blackswanburst: @adulau Checked some results from my MPhil and invited me to a conference to speak, @SecureSun hired me after uni, @Ris… + +(Originally on Twitter: [Wed Dec 13 16:09:10 +0000 2017](https://twitter.com/adulau/status/940976903602630656)) +---- +RT @bitsgalore: Bitrot-porn of the day: 4.5 GB DVD contains a 15 MB block of unreadable sectors, which is located right in the middle of th… + +(Originally on Twitter: [Wed Dec 13 16:39:05 +0000 2017](https://twitter.com/adulau/status/940984431921201152)) +---- +RT @MISPProject: We have a significant ongoing project regarding regulation and compliance https://github.com/MISP/misp-compliance/blob/master/GDPR/information_sharing_and_cooperation_gdpr.md "Information sharing and… + +(Originally on Twitter: [Thu Dec 14 11:13:02 +0000 2017](https://twitter.com/adulau/status/941264765078458368)) +---- +RT @MISPProject: Thanks to SHSauler (and the team at SAP) for sending us a bunch of "diet" sweets to power our brains to keep us warm durin… + +(Originally on Twitter: [Thu Dec 14 14:23:03 +0000 2017](https://twitter.com/adulau/status/941312584451575809)) +---- +@josephfcox @RobertMLee @DragosInc Are TRITON and TRISIS the same malware? or is it describing something else. I want to be sure before updating it in the @MISPProject galaxy https://www.misp-project.org/galaxy.html#_triton add TRISIS as synonym of TRITON. + +(Originally on Twitter: [Thu Dec 14 17:11:58 +0000 2017](https://twitter.com/adulau/status/941355092648910848)) +---- +@DragosInc @josephfcox @RobertMLee @MISPProject Thank you for the feedback. I’ll make TRISIS the primary one and TRITON for the synonym. + +(Originally on Twitter: [Thu Dec 14 17:33:48 +0000 2017](https://twitter.com/adulau/status/941360589904867328)) +---- +RT @1sand0s: Wassenaar last week published the new list and has defined "vulnerability disclosure" and "cyber incident response" as excepti… + +(Originally on Twitter: [Fri Dec 15 13:50:52 +0000 2017](https://twitter.com/adulau/status/941666875032907777)) +---- +RT @reconbrx: Recon Brussels 2018’s final talk selection has been announced! Stay tuned for the conference schedule release! https://t.co/J… + +(Originally on Twitter: [Sun Dec 17 07:20:10 +0000 2017](https://twitter.com/adulau/status/942293326350503936)) +---- +Dear @Nominet https://datatracker.ietf.org/ipr/2909/ could you let us know if we can use C-DNS for open source software? Do you grant a royalty free license compatible with open source licenses? or Passive DNS developers can forget about C-DNS. @Kaplan_CERTat @raybellis + +(Originally on Twitter: [Sun Dec 17 17:21:56 +0000 2017](https://twitter.com/adulau/status/942444766779838464)) +---- +@_MG_ @dakami @emtunc And if the vulnerability is a critical one in sector such as health or air traffic control, you post anyway? Even if you get an email bounce from a supplier like Siemens or ABB? or do you chase them a bit more? + +(Originally on Twitter: [Sun Dec 17 18:13:37 +0000 2017](https://twitter.com/adulau/status/942457773996105729)) +---- +"complexity of history" https://www.flickr.com/photos/adulau/25250298608/ #photography #blackandwhitephotography + +(Originally on Twitter: [Sun Dec 17 22:23:47 +0000 2017](https://twitter.com/adulau/status/942520729496670210)) +---- +"A Game-Theoretic Taxonomy and Survey of Defensive Deception for +Cybersecurity and Privacy" https://arxiv.org/pdf/1712.05441.pdf + +(Originally on Twitter: [Mon Dec 18 08:00:01 +0000 2017](https://twitter.com/adulau/status/942665740246765568)) +---- +@mrkoot Do you know if the EU project will release the code as open source? + +(Originally on Twitter: [Mon Dec 18 17:17:39 +0000 2017](https://twitter.com/adulau/status/942806076256333824)) +---- +@Janet_LegReg @DFNCERT @MISPProject No worries. If you don’t mind, I’ll add your comments in issues to keep track of your feedback. Thank you. + +(Originally on Twitter: [Mon Dec 18 17:19:02 +0000 2017](https://twitter.com/adulau/status/942806422399717376)) +---- +@mrkoot Arf ;-) Then we know the answer, it won’t be. + +(Originally on Twitter: [Mon Dec 18 18:09:06 +0000 2017](https://twitter.com/adulau/status/942819022122438658)) +---- +RT @MISPProject: Don't forget that we have @MISPProject trainings foreseen in Luxembourg (January 17-18, 2018) and Zurich (January 11-12, 2… + +(Originally on Twitter: [Mon Dec 18 18:33:17 +0000 2017](https://twitter.com/adulau/status/942825107159908352)) +---- +RT @MISPProject: A huge thank to all the contributors to the @MISPProject https://www.misp-project.org/contributors/#contributors We hope to double the number of contribut… + +(Originally on Twitter: [Mon Dec 18 21:44:25 +0000 2017](https://twitter.com/adulau/status/942873210374311941)) +---- +RT @Aristot73: today: 2017 Export Control Forum - Trade http://europa.eu/!KD88rF via @Trade_EU +web stream: https://webcast.ec.europa.eu/export-control-forum-2017 https://t… + +(Originally on Twitter: [Tue Dec 19 06:10:01 +0000 2017](https://twitter.com/adulau/status/943000448822333441)) +---- +I'll random play with my dices to find the correct attribution of the day. I might find what we are looking for at some point. #WannaCry #WannaPlayWithDices Without joking, the overlap with Lazarus group is large but it's not the only case where the overlap is large. ![](media/943171079345987584-DRbPRCEX4AINJ86.jpg) + +(Originally on Twitter: [Tue Dec 19 17:28:03 +0000 2017](https://twitter.com/adulau/status/943171079345987584)) +---- +@Lucian_Kim 67 million in Sanem WSA which is a relatively small storage site in Luxembourg. Any idea about what they plan to do there with such investments? ![](media/943233910833582081-DRcKOaDW4AIgz2z.jpg) + +(Originally on Twitter: [Tue Dec 19 21:37:43 +0000 2017](https://twitter.com/adulau/status/943233910833582081)) +---- +RT @fcouchet: Les Rencontres Mondiales du Logiciel Libre (RMLL) 2018 auront lieu à Strasbourg du 7 au 12 juillet http://comite.rmll.info/Les-RMLL-2018-auront-lieu-a-Strasbourg-du-7-au-12-juillet.html + +(Originally on Twitter: [Tue Dec 19 21:43:05 +0000 2017](https://twitter.com/adulau/status/943235262276161536)) +---- +All I want for #Xmas is a train and correct information. This should be the next moto for @SNCB and they should again fix their IT (app saying is just delayed while the screen said it’s cancelled) systems. ![](media/943377941181943808-DReNOafX4AAZ58c.jpg) + +(Originally on Twitter: [Wed Dec 20 07:10:02 +0000 2017](https://twitter.com/adulau/status/943377941181943808)) +---- +RT @treyka: 1x10^9 congratulations to Doctor @shrekts on having successfully defended his PhD in Software Engineering. cc @FIRSTdotOrg + +(Originally on Twitter: [Wed Dec 20 21:04:58 +0000 2017](https://twitter.com/adulau/status/943588056774381568)) +---- +For vulnerability reporting, PGP is still the most common way to send encrypted and signed reports. Using an e2e encrypted chat for security reporting doesn’t work for the most “common” organisations and it’s not designed for sharing the report encrypted afterward. + +(Originally on Twitter: [Thu Dec 21 07:10:13 +0000 2017](https://twitter.com/adulau/status/943740374429962240)) +---- +RT @inbarraz: An important thing to consider when disclosing vulnerabilities to vendors. +@adulau - I'm adding this to my preso, thanks! htt… + +(Originally on Twitter: [Thu Dec 21 07:23:38 +0000 2017](https://twitter.com/adulau/status/943743750366429184)) +---- +RT @LucDockendorf: So this happened: ![](media/943896512391712768-DRlhUsdW0AAGRvJ.jpg) + +(Originally on Twitter: [Thu Dec 21 17:30:39 +0000 2017](https://twitter.com/adulau/status/943896512391712768)) +---- +RT @cherepanov74: McAfee says there is possible link between DragonFly, BlackEnergy and TeamSpy because malware has similar code pattern: h… + +(Originally on Twitter: [Thu Dec 21 20:24:27 +0000 2017](https://twitter.com/adulau/status/943940248953851906)) +---- +@virusbay_io do you have a public API to lookup hashes of sample? This would be really cool to add a nice lookup modules in @MISPProject + +(Originally on Twitter: [Fri Dec 22 06:38:51 +0000 2017](https://twitter.com/adulau/status/944094868598554624)) +---- +@virusbay_io @MISPProject Thank you. Let me know when a beta API is available, I’ll make the MISP module. + +(Originally on Twitter: [Fri Dec 22 06:56:20 +0000 2017](https://twitter.com/adulau/status/944099266863292416)) +---- +"Acoustic Denial of Service Attacks on HDDs" +https://arxiv.org/pdf/1712.07816.pdf and tested against CCTVs system using HDD for storing video footages. #DoS + +(Originally on Twitter: [Fri Dec 22 09:22:03 +0000 2017](https://twitter.com/adulau/status/944135938573242368)) +---- +RT @TheHive_Project: Uh oh! A privilege escalation vulnerability affects all versions of TheHive including 3.0.2. Please update to 3.0.3 an… + +(Originally on Twitter: [Fri Dec 22 16:31:58 +0000 2017](https://twitter.com/adulau/status/944244129231507456)) +---- +RT @MISPProject: MISP 2.4.85 released https://www.misp-project.org/2017/12/22/MISP.2.4.85.released.html improvements in the handling of warning-lists (limiting false-positives at im… + +(Originally on Twitter: [Fri Dec 22 20:27:53 +0000 2017](https://twitter.com/adulau/status/944303500493774849)) +---- +VIA4CVE (the companion to cve-search) improved and expanded with many new sources https://github.com/cve-search/VIA4CVE thanks to @pidgeyL for the recent updates. Daily dump available at https://www.cve-search.org/feeds/ + +(Originally on Twitter: [Fri Dec 22 21:18:13 +0000 2017](https://twitter.com/adulau/status/944316168327892993)) +---- +RT @pombr: Excellent!. VIA4CVE is the one and rare serious #opendata aggregated source for #cybersecurity #softwarepackage #Vulnerability… + +(Originally on Twitter: [Sat Dec 23 09:35:15 +0000 2017](https://twitter.com/adulau/status/944501647027458049)) +---- +@Fox0x01 Rewriting a crappy proprietary security tool into an open source security tool. + +(Originally on Twitter: [Sat Dec 23 17:22:36 +0000 2017](https://twitter.com/adulau/status/944619262139920384)) +---- +@TaranisNews Existe-il un document officiel pour les codes de "conduite à tenir" ? J'essaye de la construire sur base des infos externes mais le document devrait être disponible ? https://gist.github.com/adulau/40e69f6dbf269e77078e78359938f93a + +(Originally on Twitter: [Sun Dec 24 14:41:12 +0000 2017](https://twitter.com/adulau/status/944941029538582529)) +---- +RT @JacobTorrey: It's almost like bug bounties allow for a company to unilaterally decide how much to pay, and the researchers have no reco… + +(Originally on Twitter: [Mon Dec 25 18:06:40 +0000 2017](https://twitter.com/adulau/status/945355127535357953)) +---- +@lcamtuf An updated version of "Silence on the Wire" with new contents, I reserve already 25 books before publication ;-) @billpollock + +(Originally on Twitter: [Mon Dec 25 19:10:19 +0000 2017](https://twitter.com/adulau/status/945371145397784576)) +---- +As the number of devices, equipments or sensors increased in the 433.9 MHz band, I'm wondering if this could be used to fingerprint an area/location by just by listening on this frequency band long enough. #SDR ![](media/945373774521753600-DR6iuHfWkAA1yLR.jpg) + +(Originally on Twitter: [Mon Dec 25 19:20:46 +0000 2017](https://twitter.com/adulau/status/945373774521753600)) +---- +@PaulWebSec My country-side home base with a simple R820T tuner ;-) ![](media/945375711161929728-DR6lxk0WkAIStGy.jpg) + +(Originally on Twitter: [Mon Dec 25 19:28:28 +0000 2017](https://twitter.com/adulau/status/945375711161929728)) +---- +@theodric https://github.com/merbanan/rtl_433 is a very good start for generic decoding on that band. @PaulWebSec + +(Originally on Twitter: [Mon Dec 25 19:30:30 +0000 2017](https://twitter.com/adulau/status/945376222409830400)) +---- +@quinnnorton For the ones I have seen in Belgium, it seems quite minimal compared to other animal farming activities. Maybe the mix of non-indigenous species is the most significant impact? + +(Originally on Twitter: [Mon Dec 25 19:33:51 +0000 2017](https://twitter.com/adulau/status/945377066442264576)) +---- +@himeiji3 Nice! Where is this one located? https://www.flickr.com/photos/adulau/albums/72157647990347697 + +(Originally on Twitter: [Mon Dec 25 21:25:10 +0000 2017](https://twitter.com/adulau/status/945405078206320642)) +---- +@lalibrebe C’est plutôt l’inverse. Il est criminel de donner des cours de contes de fées dans un enseignement pour préparer l’avenir sauf si l’obscurantisme et la non-rationalité devient la norme. + +(Originally on Twitter: [Tue Dec 26 17:03:01 +0000 2017](https://twitter.com/adulau/status/945701495080734720)) +---- +My default answer when asking about “cryptowhatever” at a family diner: Don’t ask me any advice regarding financial investment from gold to whatever magical currency out there. The only currency is a good fixed lens for a Leica. The price is known and you can enjoy it creatively! + +(Originally on Twitter: [Tue Dec 26 19:41:04 +0000 2017](https://twitter.com/adulau/status/945741271599140864)) +---- +When we designed the warning-lists, it was to solve a very local issue with false-positive detection but we decided to make it generic, reusable and open. Even if such decision makes the job harder at the beginning, the pay-off is huge for the community. +https://twitter.com/MISPProject/status/945938132154888192 + +(Originally on Twitter: [Wed Dec 27 09:01:01 +0000 2017](https://twitter.com/adulau/status/945942586254032896)) +---- +RT @_Sn0rkY: Best gift for Christmas from my wife :) mix of 10 years of sec conf T-shirts in a plaid ![](media/945999618386677760-DR8PaxwVAAA3b6-.jpg) + +(Originally on Twitter: [Wed Dec 27 12:47:39 +0000 2017](https://twitter.com/adulau/status/945999618386677760)) +---- +@_Sn0rkY Very nice. I see many friendly infosec conferences there ;-) cc @hack_lu @WEareTROOPERS @sstic @brucon and projects + +(Originally on Twitter: [Wed Dec 27 12:50:27 +0000 2017](https://twitter.com/adulau/status/946000322064941056)) +---- +@rafi0t It's also called the death of street and public photography. + +(Originally on Twitter: [Thu Dec 28 14:14:11 +0000 2017](https://twitter.com/adulau/status/946383784345325568)) +---- +@cbrocas @rafi0t Yes indeed. Not sure if my tentative to explain the issue http://www.foo.be/photoblog/posts/surveillance-camera-versus-photography.html is still valid nowadays. + +(Originally on Twitter: [Thu Dec 28 14:32:16 +0000 2017](https://twitter.com/adulau/status/946388332963123200)) +---- +RT @cbrocas: @adulau @rafi0t You are just right. The point is that ppl can speak (IRL or digitally) to the street photographer. On the othe… + +(Originally on Twitter: [Thu Dec 28 15:01:38 +0000 2017](https://twitter.com/adulau/status/946395725990105088)) +---- +@LeFloatingGhost I smell “sass” being in the pipe to hopefully generate a CSS whenever sass likes the direction of the wind blowing. + +(Originally on Twitter: [Thu Dec 28 16:45:03 +0000 2017](https://twitter.com/adulau/status/946421749670957056)) +---- +RT @MISPProject: @botNET___ As promised, we did a runtime-packer taxonomy https://www.misp-project.org/taxonomies.html#_runtime_packer - Updates and improvement welcome https:/… + +(Originally on Twitter: [Thu Dec 28 18:57:50 +0000 2017](https://twitter.com/adulau/status/946455166269755394)) +---- +@pidgeyL @mcflyhh @milliways2342 @Stekkz @RealAnonpanda @rafi0t Enjoy! + +(Originally on Twitter: [Fri Dec 29 21:24:32 +0000 2017](https://twitter.com/adulau/status/946854472441090048)) +---- +Another photography to defeat our condition "under the sun" +https://www.flickr.com/photos/adulau/24511119717/ #photography #blackandwhitephotography + +(Originally on Twitter: [Fri Dec 29 21:38:41 +0000 2017](https://twitter.com/adulau/status/946858033094721536)) +---- +RT @MISPProject: New warning-lists added (such as CIDR blocks from Microsoft Azure or domains used in dynamic malware analysis tools) in MI… + +(Originally on Twitter: [Sat Dec 30 14:17:47 +0000 2017](https://twitter.com/adulau/status/947109464829759488)) +---- +For the ones using nfcapd/nfdump (like me) Peter Haag just committed a JSON export functionality https://github.com/phaag/nfdump/commit/13131ffb41446310f0f68b3230e367ec9e22b439 to get your NetFlow and sFlow records. #DFIR #networkforensic + +(Originally on Twitter: [Sat Dec 30 17:02:46 +0000 2017](https://twitter.com/adulau/status/947150985167802368)) +---- +@Vecchi_Paolo @MISPProject @MastodonProject Good question. We had a discussion if we should setup a set of OSINT chat channels where people can easily join and have a look of what's going on. We were thinking of running mattermost https://github.com/mattermost/mattermost-server for the MISP project. + +(Originally on Twitter: [Sat Dec 30 17:27:27 +0000 2017](https://twitter.com/adulau/status/947157194562293760)) +---- +@Vecchi_Paolo @MISPProject @MastodonProject @mattermosthq Yep it's a different use case. We are evaluating various options especially to push all the OSINT available within the different MISP communities. + +(Originally on Twitter: [Sat Dec 30 17:38:51 +0000 2017](https://twitter.com/adulau/status/947160066607722496)) +---- +Dear @TwitterSupport could you tell us how much @cropprotection is spending on paid advertising on your platform to propagate false and incorrect information to the public? + +(Originally on Twitter: [Sat Dec 30 17:46:18 +0000 2017](https://twitter.com/adulau/status/947161938819153921)) +---- +@srianjalidevi75 Could it be a Lear Siegler terminal? The ADM series had a very similar design. + +(Originally on Twitter: [Sat Dec 30 22:01:37 +0000 2017](https://twitter.com/adulau/status/947226192347914241)) +---- +"Platform Criminalism The ‘Last-Mile’ Geography of the Darknet Market Supply Chain" https://arxiv.org/pdf/1712.10068.pdf The scraping aspect would have deserve a complete paper too... ![](media/947772254942826496-DScpxtpX0AA1c9a.jpg) + +(Originally on Twitter: [Mon Jan 01 10:11:28 +0000 2018](https://twitter.com/adulau/status/947772254942826496)) +---- +@LuxTimes To not buy one in the first place. + +(Originally on Twitter: [Mon Jan 01 10:27:56 +0000 2018](https://twitter.com/adulau/status/947776396239298561)) +---- +RT @MISPProject: Happy new year! A year full of crazy and challenging projects to improve security at large with a strong touch of open sou… + +(Originally on Twitter: [Mon Jan 01 12:05:45 +0000 2018](https://twitter.com/adulau/status/947801012290703360)) +---- +RT @meileaben: #Iran routing instability as seen by @ripe_atlas probe disconnects for around 30 mins ~13:30 UTC today. colors=ASNs, white=d… + +(Originally on Twitter: [Mon Jan 01 16:02:13 +0000 2018](https://twitter.com/adulau/status/947860523617607680)) +---- +@xme Could it be an artefact of geolocation like maxmind geoip and similar where it's usually localised where the internet connectivity point are ending? + +(Originally on Twitter: [Tue Jan 02 10:55:15 +0000 2018](https://twitter.com/adulau/status/948145658095169536)) +---- +@wendynather @RSWestmoreland @http_error_418 @katzmandu That’s why we have warning-lists in @MISPProject https://github.com/MISP/misp-warninglists when the automation flag is set it can be filtered-out from API. I have seen analysis cases shared when communications are between internal malware components/modules but it’s more contextual than actionable + +(Originally on Twitter: [Wed Jan 03 18:57:37 +0000 2018](https://twitter.com/adulau/status/948629438647894016)) +---- +RT @cbrocas: ''Trouver sa distance en photo, c'est un peu trouver son inclination ? C'est vrai.'' Interview de Raymond Depardon en introduc… + +(Originally on Twitter: [Wed Jan 03 19:24:11 +0000 2018](https://twitter.com/adulau/status/948636125962428416)) +---- +@cbrocas @Regiteric @doegox Excellente lecture mais je dois avouer que tes goûts photographiques sont d’excellente facture https://www.librarything.com/work/20757776/book/148988029 ou nous avons mauvais goûts tous les deux. + +(Originally on Twitter: [Wed Jan 03 19:29:56 +0000 2018](https://twitter.com/adulau/status/948637569360826368)) +---- +RT @Regiteric: Want to go hipster style for 2018: go try XDP and eBPF support for @Suricata_IDS https://github.com/OISF/suricata/pull/3124 Feedback wanted! + +(Originally on Twitter: [Wed Jan 03 19:47:54 +0000 2018](https://twitter.com/adulau/status/948642091046981633)) +---- +RT @thegrugq: The French propaganda against the Germans pre / early WW2 was obsessed with fact checking as well, and consequently was compl… + +(Originally on Twitter: [Wed Jan 03 20:22:03 +0000 2018](https://twitter.com/adulau/status/948650688359337987)) +---- +I recently acquired this dictionnary covering “the commons”. It’s pretty good and it provides exhaustive coverage beside again the “copyleft” bashing in the definition about the “limits” of copyleft 🤔 ![](media/948656271707836417-DSpN0bmWkAAdAWU.jpg) + +(Originally on Twitter: [Wed Jan 03 20:44:15 +0000 2018](https://twitter.com/adulau/status/948656271707836417)) +---- +What are the impact of TMPS "Tire-pressure monitoring system" on #privacy? Curious we did a quick 433.92 MHz wardriving in the traffic jam. This was with a bad antenna (low sensitivity), simple receiving software and 12,- EUR SDR receiver. Many cars (weather stations & BBQ ;-) ![](media/948664388008988672-DSpTRPwW4AEDbLA.jpg) + +(Originally on Twitter: [Wed Jan 03 21:16:30 +0000 2018](https://twitter.com/adulau/status/948664388008988672)) +---- +Raw data about the frequency of TPMS beacons and the car/sensor manufacturers seen from a normal car driving on the highway. Now imagine a better design system? collecting TPMS beacons at various locations? ![](media/948665338337681410-DSpVswyX0AIItPC.jpg) + +(Originally on Twitter: [Wed Jan 03 21:20:16 +0000 2018](https://twitter.com/adulau/status/948665338337681410)) +---- +@d3d0c3d What's the exact impact (security and safety wise) to send back TPMS with wrong pressure? Does this impact the car? or is it "just" a notification/warning? ![](media/948671732185030657-DSpbdTWWsAcl65i.jpg) + +(Originally on Twitter: [Wed Jan 03 21:45:41 +0000 2018](https://twitter.com/adulau/status/948671732185030657)) +---- +@DidierStevens Indeed. It works but it's not perfect. Recording the whole band is also interesting, I found many other interesting bursts. + +(Originally on Twitter: [Thu Jan 04 07:17:45 +0000 2018](https://twitter.com/adulau/status/948815698373029888)) +---- +RT @circl_lu: Before having a "bug bounty program", please consider to have at least a security point-of-contact with a real human behind r… + +(Originally on Twitter: [Thu Jan 04 14:49:17 +0000 2018](https://twitter.com/adulau/status/948929331669041154)) +---- +RT @switchcert: Some free places left for the introduction to the Threat Intelligence Platform (MISP) in Zürich on January 11 2018. More in… + +(Originally on Twitter: [Thu Jan 04 16:18:03 +0000 2018](https://twitter.com/adulau/status/948951671559901185)) +---- +@switchcert @adalau @rafi0t @circl_lu FYI, it's @adulau ;-) + +(Originally on Twitter: [Thu Jan 04 16:18:16 +0000 2018](https://twitter.com/adulau/status/948951722755592192)) +---- +I remember discussions about isolations on specific HSM products using Intel CPUs. As those HSM vendors are known to be very proactive, they should have already issued the patches and notified their customers. *cough cough* + +(Originally on Twitter: [Thu Jan 04 17:20:26 +0000 2018](https://twitter.com/adulau/status/948967369560477696)) +---- +@Vecchi_Paolo The HSM business is not really the most open security business especially when talking about vulnerabilities, design and implementation. Involving NDAs when talking about security vulnerabilities is usually a bad sign. + +(Originally on Twitter: [Thu Jan 04 18:59:16 +0000 2018](https://twitter.com/adulau/status/948992243049869318)) +---- +@raulfuentes77 Sure, here is a quick explanation in the following twitter thread: https://twitter.com/adulau/status/945373774521753600 + +(Originally on Twitter: [Thu Jan 04 21:18:23 +0000 2018](https://twitter.com/adulau/status/949027251898736640)) +---- +@eromang Indeed. My point was more about the HSMs embedded/available in SaaS and alike ;-) + +(Originally on Twitter: [Fri Jan 05 07:24:11 +0000 2018](https://twitter.com/adulau/status/949179707584663553)) +---- +@raulfuentes77 Looks good. + +(Originally on Twitter: [Fri Jan 05 15:49:09 +0000 2018](https://twitter.com/adulau/status/949306784577130496)) +---- +RT @MISPProject: Thanks to @yodresh and @adulau for the recent contribution and addition in the MISP objects template for SS7, Diameter and… + +(Originally on Twitter: [Fri Jan 05 16:22:55 +0000 2018](https://twitter.com/adulau/status/949315283872894976)) +---- +@alexcpsec @hrbrmstr Congratulations! 👍🏻 + +(Originally on Twitter: [Sat Jan 06 09:11:47 +0000 2018](https://twitter.com/adulau/status/949569171016253441)) +---- +RT @MISPProject: Wondering about GDPR while using @MISPProject? We published "Information sharing and cooperation enabled by GDPR" version… + +(Originally on Twitter: [Sun Jan 07 11:46:37 +0000 2018](https://twitter.com/adulau/status/949970526721716224)) +---- +What happened to "Vulnerability and Exploit DEF (VEDEF)" (2004)? I'm curious about the actual history behind. Does anyone know? https://www.ietf.org/proceedings/60/slides/inch-5.pdf + +(Originally on Twitter: [Sun Jan 07 21:23:03 +0000 2018](https://twitter.com/adulau/status/950115588281692160)) +---- +RT @philvenables: Dan Geer take re Spectre/Meltdown : +‘The payback on optimality & efficiency is quantitative, calculable, and central to s… + +(Originally on Twitter: [Mon Jan 08 05:48:14 +0000 2018](https://twitter.com/adulau/status/950242721524080640)) +---- +If you have a crappy, unpatched and unconfigured CMS on your production server, #meltdownspectre patching is maybe not your first priority. + +(Originally on Twitter: [Mon Jan 08 06:19:49 +0000 2018](https://twitter.com/adulau/status/950250671672094720)) +---- +@6vis_pacem + + +media/950266507799531520-DTAGVmsWsAETyoV.mp4 + +(Originally on Twitter: [Mon Jan 08 07:22:45 +0000 2018](https://twitter.com/adulau/status/950266507799531520)) +---- +@_lennart Seems interesting. What's the book title? + +(Originally on Twitter: [Mon Jan 08 18:58:21 +0000 2018](https://twitter.com/adulau/status/950441563162927105)) +---- +RT @MISPProject: @milkmix_ There are still some seats left for the training: https://www.eventbrite.com/e/misp-training-introduction-to-the-threat-intelligence-platform-misp-for-analysts-security-tickets-41313905002?aff=es2 and the hackathon: https://t.co/i08Hqd… + +(Originally on Twitter: [Tue Jan 09 08:15:35 +0000 2018](https://twitter.com/adulau/status/950642192544038912)) +---- +RT @maartenvhb: Really impressed by @MISPProject publishing GDPR guidance on the use of their open source project. https://twitter.com/MISPProject/status/949969098552815617 + +(Originally on Twitter: [Tue Jan 09 08:55:41 +0000 2018](https://twitter.com/adulau/status/950652285381742592)) +---- +RT @passthesaltcon: [ANNOUNCEMENT] After years of curation of the RMLL Security track, @doegox @moutane @cbrocas joined by @follc launch a… + +(Originally on Twitter: [Tue Jan 09 08:56:02 +0000 2018](https://twitter.com/adulau/status/950652373340434432)) +---- +"grap takes patterns and binary files, uses a Casptone-based disassembler to obtain the control flow graphs from the binaries, then matches the patterns against them." +https://github.com/AirbusCyber/grap Some good ideas there... + +(Originally on Twitter: [Tue Jan 09 10:51:26 +0000 2018](https://twitter.com/adulau/status/950681412688138240)) +---- +@alexanderjaeger The best is run locally https://github.com/CaliDog/certstream-server ;-) but I know some orgs who might expose their search API publicly. + +(Originally on Twitter: [Tue Jan 09 11:16:25 +0000 2018](https://twitter.com/adulau/status/950687701157675008)) +---- +@y0m @rafi0t @Regiteric On dirait du Bruno Coppens ;-) + +(Originally on Twitter: [Tue Jan 09 14:42:58 +0000 2018](https://twitter.com/adulau/status/950739682786271232)) +---- +RT @agl__: Assuming that future chips fix speculative execution and revert cache effects on rollback, is there a similar problem because of… + +(Originally on Twitter: [Tue Jan 09 15:14:20 +0000 2018](https://twitter.com/adulau/status/950747573354225665)) +---- +@thealuc Or use latexbeamer ;-) + +(Originally on Twitter: [Tue Jan 09 15:52:06 +0000 2018](https://twitter.com/adulau/status/950757077277954049)) +---- +@concinnityrisks @Kaplan_CERTat Maybe I would check the SEC statement from Intel about their quartly production rate and then do extrapolation from that. + +(Originally on Twitter: [Tue Jan 09 16:36:59 +0000 2018](https://twitter.com/adulau/status/950768372312133633)) +---- +RT @alexcryptan: Symmetric Crypto Seminar program #dagstuhl https://www.dagstuhl.de/schedules/18021.pdf + +(Originally on Twitter: [Wed Jan 10 13:42:06 +0000 2018](https://twitter.com/adulau/status/951086752567054336)) +---- +@alexcryptan Looks very interesting. Are the slides available somewhere? + +(Originally on Twitter: [Wed Jan 10 13:43:17 +0000 2018](https://twitter.com/adulau/status/951087049246986240)) +---- +@__Thanat0s__ Je te savais très fun mais framboise c’est osé ! + +(Originally on Twitter: [Wed Jan 10 22:10:00 +0000 2018](https://twitter.com/adulau/status/951214568407265280)) +---- +RT @MISPProject: Using MISP to share software and hardware vulnerability information efficiently https://www.misp-project.org/2018/01/09/Using-MISP-to-share-vulnerability-information-efficiently.html MISP allows to sha… + +(Originally on Twitter: [Thu Jan 11 16:45:38 +0000 2018](https://twitter.com/adulau/status/951495326669697026)) +---- +@tqbf Maybe it's time to write a book about "assessing crypto in messenger software"? @nostarch + +(Originally on Twitter: [Thu Jan 11 20:07:06 +0000 2018](https://twitter.com/adulau/status/951546028481753089)) +---- +A great idea and work-in-progress from @alexanderjaeger https://github.com/deralexxx/security-apis/blob/master/README.md "A collective list of public JSON APIs for use in security" + +(Originally on Twitter: [Thu Jan 11 20:10:50 +0000 2018](https://twitter.com/adulau/status/951546966512734210)) +---- +@rsnake Just curious, do you have still have the hits against "http://ha.ckers.org"? I'm interested into any hits related to the following PGP keys 0xB4872BD2A53FF019 or 0xD64139D3B342F094 parsing + +(Originally on Twitter: [Fri Jan 12 14:41:44 +0000 2018](https://twitter.com/adulau/status/951826535530590209)) +---- +@RSnake Thank you for the feedback. Do you still have an historical dataset of the web hits? I'm curious how many PGP parsers were still vulnerable in the past. + +(Originally on Twitter: [Fri Jan 12 15:36:44 +0000 2018](https://twitter.com/adulau/status/951840376578600960)) +---- +Positively impressed by the capabilities of spectrum analysers in full software (Python 3) and how reactive these are nowadays. Like QSpectrumAnalyzer https://github.com/xmikos/qspectrumanalyzer again closely evaluating the various antenna sensitivities. ![](media/951923197246672903-DTXnxRyXcAUu92u.jpg) + +(Originally on Twitter: [Fri Jan 12 21:05:50 +0000 2018](https://twitter.com/adulau/status/951923197246672903)) +---- +RT @aionescu: I can finally efficiently (fast) and reliably (no errors) read paged pool/non-L1 data. Time for MeltiKatz/MimiDown. I’ll sit… + +(Originally on Twitter: [Sat Jan 13 05:51:58 +0000 2018](https://twitter.com/adulau/status/952055600904630277)) +---- +RT @zmanion: "M" is also for "vulnerability" cc @MISPProject @adulau https://www.misp-project.org/2018/01/09/Using-MISP-to-share-vulnerability-information-efficiently.html + +(Originally on Twitter: [Sat Jan 13 16:39:10 +0000 2018](https://twitter.com/adulau/status/952218475514286080)) +---- +When I saw this old abandoned place and took the photo, it reminded me the sensation while I find an old abandoned and unmaintained @GitHub repository https://www.flickr.com/photos/adulau/24801207097/ #photography + +(Originally on Twitter: [Sat Jan 13 19:32:14 +0000 2018](https://twitter.com/adulau/status/952262027032096771)) +---- +@PaulWebSec Ploticus with a prefab + +(Originally on Twitter: [Sun Jan 14 13:47:52 +0000 2018](https://twitter.com/adulau/status/952537754554060800)) +---- +@aeris22 Apache Solr est pas mal pour eviter l’usine ES. Pour du pure Python, il y a whoosh. Et si c’est uniquement de la recherche full-text sur du texte naturel mnogosearch est sympa. + +(Originally on Twitter: [Sun Jan 14 14:09:20 +0000 2018](https://twitter.com/adulau/status/952543156293328898)) +---- +@S_Team_Approved @6vis_pacem @MaliciaRogue @cecyf_coriin @FIC_fr Le hoodie ;-) + +(Originally on Twitter: [Sun Jan 14 21:22:51 +0000 2018](https://twitter.com/adulau/status/952652253193801729)) +---- +@electrospaces The theory is not unrealistic. If we go a bit further in the analysis, the A/V software provides a huge entry point for many adversaries and looking only at what is already leaked via crowdsourced site such as VirusTotal (tip of the iceberg). ICs are probably tapping there. + +(Originally on Twitter: [Mon Jan 15 06:47:28 +0000 2018](https://twitter.com/adulau/status/952794346281152512)) +---- +@outsh1ned @electrospaces Many A/V vendors are acquiring potentially malicious files when heuristics are triggered. If the files are moving across like from office to personal PCS, the probability to get the files on personal PC running A/V is high. + +(Originally on Twitter: [Mon Jan 15 08:47:37 +0000 2018](https://twitter.com/adulau/status/952824579612905472)) +---- +RT @circl_lu: Due to the number of demands, we expanded a bit the training room for @MISPProject training in Luxembourg on Wed, January 17,… + +(Originally on Twitter: [Mon Jan 15 12:59:07 +0000 2018](https://twitter.com/adulau/status/952887873413566464)) +---- +RT @ttaubert: .@cryptojedi on "Long-term Security for the IoT" and the value of certifications https://cryptojedi.org/peter/data/bochumiot-20171106.pdf https://t.co/BcbGpkV… + +(Originally on Twitter: [Mon Jan 15 16:45:16 +0000 2018](https://twitter.com/adulau/status/952944785840660480)) +---- +"SPECULOSE: Analyzing the Security Implications of Speculative Execution in CPUs" https://arxiv.org/pdf/1801.04084.pdf cc/ @Aristot73 + +(Originally on Twitter: [Mon Jan 15 18:46:05 +0000 2018](https://twitter.com/adulau/status/952975189998006273)) +---- +@DidierStevens @Aristot73 I think it's a wordplay but maybe our background culture influenced my interpretation ;-) + +(Originally on Twitter: [Mon Jan 15 20:07:23 +0000 2018](https://twitter.com/adulau/status/952995648567209984)) +---- +@DidierStevens @Sebdraven @Aristot73 it's a sacrilege ;-) It's just like chocolate, it's only dark chocolate. Or "croquettes de crevettes", it's only with "des crevettes grises". Or the meat balls, it's only the "boulet à la liégeoise". #belgitude + +(Originally on Twitter: [Mon Jan 15 20:10:52 +0000 2018](https://twitter.com/adulau/status/952996528750321664)) +---- +RT @Aristot73: @adulau @DidierStevens @Sebdraven RFC4324: The use of Protected Designation of Origin in naming Vulnerabilities + +(Originally on Twitter: [Mon Jan 15 20:15:42 +0000 2018](https://twitter.com/adulau/status/952997743907299328)) +---- +RT @MISPProject: A major update in the @MISPProject dashboard released including improvement in the trending showing a timeline per tags, c… + +(Originally on Twitter: [Tue Jan 16 06:40:08 +0000 2018](https://twitter.com/adulau/status/953154885545054208)) +---- +RT @CERT_Polska_en: You can find on GitHub our #malware #repository component for automated malware collection/analysis systems. It has a R… + +(Originally on Twitter: [Tue Jan 16 17:24:15 +0000 2018](https://twitter.com/adulau/status/953316984103501824)) +---- +@fthenet @RSnake Oh great. Thanks. + +(Originally on Twitter: [Tue Jan 16 18:55:47 +0000 2018](https://twitter.com/adulau/status/953340019233771525)) +---- +RT @M__Verbruggen: "Export controls, human security and cyber-surveillance technology: Examining the proposed changes to the EU Dual-use Re… + +(Originally on Twitter: [Tue Jan 16 19:23:19 +0000 2018](https://twitter.com/adulau/status/953346946504290308)) +---- +@Hunter_Morrell @da_667 Let us know what can be updated in the documentation to make it less confusing or more useful for new users. If you see something lacking for your work, tell us we have a priority list to fill ;-) + +(Originally on Twitter: [Wed Jan 17 05:42:18 +0000 2018](https://twitter.com/adulau/status/953502721855905792)) +---- +RT @SteveClement: The time has come, #MISP #workshop in the shiny new @C3_Luxembourg facilities. +@adulau & @Iglocska kicking off the sessio… + +(Originally on Twitter: [Wed Jan 17 11:10:32 +0000 2018](https://twitter.com/adulau/status/953585324013301760)) +---- +@rafi0t We should prepare a stock of popcorns for the next months. The investment should not be in any cryptocurrencies nowadays but in the businesses involved in the production of popcorns within the EU. #brexitpopcorns + +(Originally on Twitter: [Wed Jan 17 20:19:08 +0000 2018](https://twitter.com/adulau/status/953723382570340352)) +---- +By the way, stop blaming malware repositories. Removing samples from these repositories won’t solve the root causes. Knowledge can create issues but you won’t solve these by ignorance. (Isaac Asimov was right) + +(Originally on Twitter: [Wed Jan 17 21:32:43 +0000 2018](https://twitter.com/adulau/status/953741901525549059)) +---- +@falkowich @MISPProject DK is the 14th of March. We have some plans for Norway and Finland but it’s under discussion. + +(Originally on Twitter: [Thu Jan 18 17:53:33 +0000 2018](https://twitter.com/adulau/status/954049132104167424)) +---- +@Secnewsbytes I’m curious here. IT Security policies are often not applied, complex, a maze of papers or flying so high no one can implement anything practical out of it. Maybe getting rid of unreadable security policies and focusing on practical ones like RFC2196 would be a good step... + +(Originally on Twitter: [Fri Jan 19 06:32:27 +0000 2018](https://twitter.com/adulau/status/954240115718713344)) +---- +RT @musalbas: Wow, this is the worst ICO "audit" I've seen. They basically just put the .pdf of the ICO's whitepaper through a virus scanne… + +(Originally on Twitter: [Fri Jan 19 06:46:38 +0000 2018](https://twitter.com/adulau/status/954243686648475648)) +---- +@SNCB @vaneri2007 On a eu l’info dans les premiers wagons mais il semble que le système audio ne fonctionne pas dans les derniers wagons. L'accompagnatrice est super sympa et fait un excellent boulot. On ne peut rien faire contre 5 sangliers 🤗 + +(Originally on Twitter: [Fri Jan 19 18:54:11 +0000 2018](https://twitter.com/adulau/status/954426778453446656)) +---- +RT @MISPProject: If you are in Lille next week for the @FIC_en 2018 forum and want to discuss about the MISP project, open source, security… + +(Originally on Twitter: [Fri Jan 19 21:29:33 +0000 2018](https://twitter.com/adulau/status/954465880548823040)) +---- +Interesting session with the students today at the University. A malware found (Rebhip) in pastebin decoded, analyzed quickly and shared back to @MISPProject all in one hour. ![](media/954682500940488704-DT-2pdkX0AA1UJS.jpg) + +(Originally on Twitter: [Sat Jan 20 11:50:20 +0000 2018](https://twitter.com/adulau/status/954682500940488704)) +---- +RT @thegrugq: Finally, a way to speculate on banana futures! + +(Friend sent me this from a crypto currency conference.) https://t.co/vlCYKtu… + +(Originally on Twitter: [Sun Jan 21 09:01:54 +0000 2018](https://twitter.com/adulau/status/955002505120841729)) +---- +Testing the recent open source tool from @Cisco called joy https://github.com/cisco/joy/ & it gives a nifty tool-set to analyse encrypted network traffic smoothly. In the case below, I was looking for TLS flows with SNI value set and in a specific entropy range (reading with jq) #DFIR ![](media/955020156752842752-DUDoWNeX4AAnOn5.jpg) + +(Originally on Twitter: [Sun Jan 21 10:12:03 +0000 2018](https://twitter.com/adulau/status/955020156752842752)) +---- +@PaulWebSec @Cisco Indeed especially joy has a cool byte distribution per flow which could give interesting view like we did previously with Mirai and alike. The only missing part of joy is the X509 certificate extraction and the ssh decoders need some love IMHO. ![](media/955022662434205696-DUDrN8NWsAA-7Y1.jpg) + +(Originally on Twitter: [Sun Jan 21 10:22:00 +0000 2018](https://twitter.com/adulau/status/955022662434205696)) +---- +@elhoim You should read this http://www.zones-sensibles.org/livres/6-5/ I’m sure you’ll love it. High-speed trading can be fun sometimes. + +(Originally on Twitter: [Mon Jan 22 06:27:40 +0000 2018](https://twitter.com/adulau/status/955326078406586368)) +---- +RT @quarkslab: [JOB] We have a new open position as compiler engineer: https://www.quarkslab.com/#epona-engineer Want to work on LLVM bytecode obfuscator, (a… + +(Originally on Twitter: [Mon Jan 22 07:10:10 +0000 2018](https://twitter.com/adulau/status/955336771247792128)) +---- +" No Silk Road for Online Gamers!: Using Social Network Analysis to Unveil Black Markets in Online Games" https://arxiv.org/abs/1801.06368 + +(Originally on Twitter: [Mon Jan 22 08:17:00 +0000 2018](https://twitter.com/adulau/status/955353592440946690)) +---- +@streetartmagic Is to make street art. + +(Originally on Twitter: [Mon Jan 22 12:15:10 +0000 2018](https://twitter.com/adulau/status/955413526964731904)) +---- +@virusbay_io A small question, will the code base be open-sourced? + +(Originally on Twitter: [Mon Jan 22 13:41:08 +0000 2018](https://twitter.com/adulau/status/955435162657087488)) +---- +It seems I have to follow the best practices at @fic2018_en I have stickers for @MISPProject so feel free to catch me for discussions about security projects, open source security tools or “threat intelligence”. Disclaimer I have no tie, just a hoodie & don’t sell anything. + +(Originally on Twitter: [Mon Jan 22 16:09:40 +0000 2018](https://twitter.com/adulau/status/955472543657406464)) +---- +RT @InternetIntel: Submarine cable cut between Cyprus and Marseille at 6:56 UTC yesterday (18-Jan-2018) has degraded Internet service in Ea… + +(Originally on Twitter: [Mon Jan 22 23:12:27 +0000 2018](https://twitter.com/adulau/status/955578939874988035)) +---- +RT @MISPProject: We will be the @FIRSTdotOrg Technical Colloquium in Osaka (Japan) https://www.first.org/events/colloquia/osaka2018/ to give a @MISPProject training… + +(Originally on Twitter: [Tue Jan 23 07:38:36 +0000 2018](https://twitter.com/adulau/status/955706317712318464)) +---- +RT @PhSaade: Ne passez pas à côté des démos et des explications d’@adulau au #FIC2018 concernant #MISP ![](media/955837222552522752-DUO5ezXX4AIVOMa.jpg) + +(Originally on Twitter: [Tue Jan 23 16:18:47 +0000 2018](https://twitter.com/adulau/status/955837222552522752)) +---- +"Discover SPOF in DNS dependency graphs" https://github.com/ANSSI-FR/transdep by @X_Cli seems very interesting. Ref: https://www.cs.cornell.edu/people/egs/papers/dnssurvey.pdf #DNS + +(Originally on Twitter: [Wed Jan 24 12:33:47 +0000 2018](https://twitter.com/adulau/status/956142988857667584)) +---- +@X_Cli Ton outil me semble vraiment bien foutu! Je vais faire quelques tests. + +(Originally on Twitter: [Wed Jan 24 13:00:38 +0000 2018](https://twitter.com/adulau/status/956149744199458817)) +---- +RT @sjodogne: Publishing research software as #OpenSource code, should be one of the criteria to weight in the evaluation process of a rese… + +(Originally on Twitter: [Wed Jan 24 19:23:18 +0000 2018](https://twitter.com/adulau/status/956246047617179648)) +---- +@julienrossi Why is this troubling? It’s very common to have internships testing new tracks of developments to gather ideas and having a fresh view on common problems which are solved or unsolved internally. + +(Originally on Twitter: [Thu Jan 25 07:54:58 +0000 2018](https://twitter.com/adulau/status/956435210891153409)) +---- +The message from #SNCF is funky “les pompes funèbres sont sur place” assuming now everything is fine. Remind me of the cult scene “bring out your dead” from @montypython + +(Originally on Twitter: [Thu Jan 25 08:18:26 +0000 2018](https://twitter.com/adulau/status/956441116483751942)) +---- +@shazjameson Replace privacy with security, it’s the same. We still have a long way to go in security “engineering” and it will be even more difficult for privacy. + +(Originally on Twitter: [Thu Jan 25 09:27:06 +0000 2018](https://twitter.com/adulau/status/956458394537381889)) +---- +@julienrossi They segment every things. Regarding labor obligations, they should apply for the internships too. My experience of internships and employees in this domain, it’s usually complementary. One is not excluding the others. It’s usually a way to evaluate potential future employees. + +(Originally on Twitter: [Thu Jan 25 10:41:59 +0000 2018](https://twitter.com/adulau/status/956477243311738880)) +---- +RT @cyb3rops: People report that my YARA signatures for #Mimikatz match on legitimate and signed software by a well-known vendor (no finger… + +(Originally on Twitter: [Thu Jan 25 10:42:57 +0000 2018](https://twitter.com/adulau/status/956477484291313664)) +---- +@Krands_ Aucun doute le taxi. Le métro c’est cool, plein de découvertes #streetart, des surprises anthropologiques hors normes et des flux d’airs en veux-tu en voilà. + +(Originally on Twitter: [Thu Jan 25 12:12:38 +0000 2018](https://twitter.com/adulau/status/956500053199413248)) +---- +@pondswimmer Indeed. IMHO, this dynamic view will become mainstream when we will understand that we are in an ecological system with all our software and hardware and not into a static digital environment. + +(Originally on Twitter: [Thu Jan 25 12:56:55 +0000 2018](https://twitter.com/adulau/status/956511198274641920)) +---- +@InternetIntel Interesting one. http://bgpranking.circl.lu/asn_details?asn=AS197637&source=&date= The provider is quite clean so this seems to be an admin error. + +(Originally on Twitter: [Thu Jan 25 16:22:00 +0000 2018](https://twitter.com/adulau/status/956562808497373184)) +---- +@Janet_LegReg @IGPAlert @ICANN This statement is incorrect. "This is an important, necessary function, but in this case, too, it is impossible to justify indiscriminate global access to Whois data based on this purpose." An abuse or security vulnerability can reported by anyone. How do you find contact? + +(Originally on Twitter: [Thu Jan 25 17:28:14 +0000 2018](https://twitter.com/adulau/status/956579477382991872)) +---- +@martijn_grooten My question is about sharing with allies. Was the information shared with EU members or not? Or just US-NL? FVEY? 9EYES? + +(Originally on Twitter: [Fri Jan 26 06:24:10 +0000 2018](https://twitter.com/adulau/status/956774748867964930)) +---- +RT @sissden: Botnet fingerprinting through anomaly detection in SMTP conversations - a study conducted as part of our project: https://t.co… + +(Originally on Twitter: [Fri Jan 26 18:45:41 +0000 2018](https://twitter.com/adulau/status/956961357383065603)) +---- +@Riveck @Viss @thegrugq @hackerfantastic @hacks4pancakes @_sn0ww @GossiTheDog @x0rz @psiinon You should have a look at @hack_lu 16-18 october 2018 in Luxembourg + +(Originally on Twitter: [Sat Jan 27 05:45:30 +0000 2018](https://twitter.com/adulau/status/957127406430629888)) +---- +RT @tobiaschneider: Fitness and social media company Strava releases activity heat map. Excellent for locating military bases (h/t to @Nrg8… + +(Originally on Twitter: [Sun Jan 28 12:18:31 +0000 2018](https://twitter.com/adulau/status/957588697079263232)) +---- +RT @MISPProject: Thanks to @enisa_eu for the ongoing work "Reference Incident +Classification Taxonomy Task Force Status and Way Forward" ht… + +(Originally on Twitter: [Sun Jan 28 16:25:25 +0000 2018](https://twitter.com/adulau/status/957650831603617793)) +---- +RT @kevinkiklee: Here is an overlay of the Strava Heatmap on Google Maps of the forward operating base I was at in Afghanistan. The heatma… + +(Originally on Twitter: [Sun Jan 28 17:11:00 +0000 2018](https://twitter.com/adulau/status/957662303067037696)) +---- +I love those trolls who think that everyone is a spy, work for military super secret projects, get millions from revolving doors and build conspiracy against the world. If trolls knew the reality, they would be utterly disappointed. + +(Originally on Twitter: [Sun Jan 28 21:05:50 +0000 2018](https://twitter.com/adulau/status/957721401162682368)) +---- +@npua Does 5-letter count? 2-letter is too difficult to get a domain ;-) + +(Originally on Twitter: [Sun Jan 28 21:16:09 +0000 2018](https://twitter.com/adulau/status/957723997361369091)) +---- +@snazmeister @npua In France, they love to exchange the letters. I suppose this is their passion for scrabble. You know the French expression "ne pas jouer au scrabble" ;-) + +(Originally on Twitter: [Sun Jan 28 21:30:51 +0000 2018](https://twitter.com/adulau/status/957727697672785920)) +---- +RT @npua: @adulau The really dark ones don’t need domain names. Conspiracies have no websites. + +(Originally on Twitter: [Sun Jan 28 21:41:00 +0000 2018](https://twitter.com/adulau/status/957730251014066176)) +---- +"Learning to Evade Static PE Machine Learning Malware Models +via Reinforcement Learning" https://github.com/endgameinc/gym-malware - https://arxiv.org/pdf/1801.08917.pdf + +(Originally on Twitter: [Mon Jan 29 09:03:06 +0000 2018](https://twitter.com/adulau/status/957901908886335488)) +---- +RT @doegox: There are still available seats for our NFC/RFID security training at @WEareTROOPERS with @cintainfinita , come and share the f… + +(Originally on Twitter: [Mon Jan 29 18:10:25 +0000 2018](https://twitter.com/adulau/status/958039646419718144)) +---- +@xme Time to put a security.txt in the directory. But who can verify the trustworthiness of the contact details if the HTTP server or the content management system is already compromised? + +(Originally on Twitter: [Tue Jan 30 06:43:11 +0000 2018](https://twitter.com/adulau/status/958229084835852288)) +---- +RT @arxiv_org: CommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition. http://arxiv.org/abs/1801.08535 https://t.co/j3BSt… + +(Originally on Twitter: [Tue Jan 30 20:15:35 +0000 2018](https://twitter.com/adulau/status/958433533747453953)) +---- +"Early Warnings of Cyber Threats in Online Discussions" https://arxiv.org/pdf/1801.09781.pdf Some clever ideas but also showing we need a public corpus/dictionary for all known name of technical terms in information security. Maybe the authors will release their datasets? ![](media/958660046157746176-DU3YISVXcAIP7nq.jpg) + +(Originally on Twitter: [Wed Jan 31 11:15:40 +0000 2018](https://twitter.com/adulau/status/958660046157746176)) +---- +RT @cudeso: Phishing website using imgur images as background +https://www.vanimpe.eu/2018/01/31/phishing-website-using-imgur-images-as-background/ + +(Originally on Twitter: [Thu Feb 01 07:14:13 +0000 2018](https://twitter.com/adulau/status/958961672038895616)) +---- +RT @MISPProject: Our European (and outside) tour for the @MISPProject training sessions is growing and we have trainings foreseen in Austri… + +(Originally on Twitter: [Thu Feb 01 15:51:39 +0000 2018](https://twitter.com/adulau/status/959091887314558976)) +---- +RT @_saadk: After http://hack.lu & Botconf last year, I am thrilled to give yet another workshop with the fine people behind @MISP… + +(Originally on Twitter: [Thu Feb 01 16:46:08 +0000 2018](https://twitter.com/adulau/status/959105596673978368)) +---- +@da_667 We did 10 years ago a honeypot to insult them or randomly drop some commands to force them to reveal more tools and urls. http://www.foo.be/papers/sss09_wagener_state_dulaunoy_engel.pdf Maybe we should revive it ;-) + +(Originally on Twitter: [Thu Feb 01 18:20:36 +0000 2018](https://twitter.com/adulau/status/959129371285041162)) +---- +A small advice when operating FTP honeypots, don’t expect a fake IMAP honeytoken list of passwords to last more than 10 minutes. Automation and scrapping improved from the adversary side... + +(Originally on Twitter: [Thu Feb 01 19:21:24 +0000 2018](https://twitter.com/adulau/status/959144672546435075)) +---- +@ageis You should have a look of what @RIPE_NCC does with their RIPE atlas. You can run measurements from various places easily. + +(Originally on Twitter: [Fri Feb 02 16:18:55 +0000 2018](https://twitter.com/adulau/status/959461136260304896)) +---- +@da_667 Whoaaa they will do finally automation and incident response. Imagine 10% of the contract to support the improvement of existing open source security tools. + +(Originally on Twitter: [Fri Feb 02 17:53:55 +0000 2018](https://twitter.com/adulau/status/959485043717627905)) +---- +I used and "badly" wrote many pcap tools but I always come back to Ipsumdump http://read.seas.harvard.edu/~kohler/ipsumdump/ a clean, nifity and simple pcap tool to sample traffic, calculate payloads or even anonymize pcap. Example: a set of pcap from malware execution in sandboxes sorted by payload. ![](media/959527722568634374-DVDsaQ7W0AAP2cn.jpg) + +(Originally on Twitter: [Fri Feb 02 20:43:30 +0000 2018](https://twitter.com/adulau/status/959527722568634374)) +---- +@PaulWebSec @redteamwrangler Great idea! By the way, you should book your Monday 26 March. The 3rd edition of the hackathon for Open Source Security Tools will take place in our new offices with the fine people of @MISPProject @TheHive_Project and others ;-) + +(Originally on Twitter: [Sat Feb 03 22:00:35 +0000 2018](https://twitter.com/adulau/status/959909508821737474)) +---- +@zoobab @whvholst @fosdem History told us that this is not the first time. But the problem is we “as the floss community” underestimate the impact of the legal framework against our freedom to build software and hardware. + +(Originally on Twitter: [Sun Feb 04 20:20:48 +0000 2018](https://twitter.com/adulau/status/960246782784622592)) +---- +"Attacking the Nintendo 3DS Boot ROMs" https://arxiv.org/pdf/1802.00359.pdf + +(Originally on Twitter: [Mon Feb 05 08:09:00 +0000 2018](https://twitter.com/adulau/status/960425007686930432)) +---- +RT @MISPProject: @CYINT_dude Indeed. That's why strongly believe that estimative languages must be machine parseable and being part of stan… + +(Originally on Twitter: [Mon Feb 05 09:25:41 +0000 2018](https://twitter.com/adulau/status/960444307193913345)) +---- +RT @TheHive_Project: Count on us @adulau we’ll be there for the March 26 Hackathon in Luxembourg. A very fine experience everyone who’d lik… + +(Originally on Twitter: [Mon Feb 05 16:01:02 +0000 2018](https://twitter.com/adulau/status/960543800971100163)) +---- +@TheHive_Project @MISPProject Registration is now open at https://hackathon.hack.lu/ See you there! And tell your friends doing open source development of security tools to join us. + +(Originally on Twitter: [Mon Feb 05 16:14:28 +0000 2018](https://twitter.com/adulau/status/960547179298525184)) +---- +RT @cyb3rops: @EnCase Are you nuts? You build an Incident Response package, integrate one of my open source tools, with a direct link to ou… + +(Originally on Twitter: [Mon Feb 05 20:45:17 +0000 2018](https://twitter.com/adulau/status/960615334767218691)) +---- +@evilrez @MichalPurzynski That’s why the category is required in MISP for attributes and objects (and there are default categories per type). But it’s hard for many to have the exact context until the complete puzzle is known. Sharing early is also important. Threat intel dilemma 😉 + +(Originally on Twitter: [Tue Feb 06 06:23:23 +0000 2018](https://twitter.com/adulau/status/960760816269176832)) +---- +Maybe @exploitdb should fix the "em dash" or "en dash" issue in CVE id as in CVE number it's just a dash U+002D https://www.exploit-db.com/exploits/43414/ and don't look too much into the dash issue. Timezone can be more easy. + +(Originally on Twitter: [Tue Feb 06 08:37:03 +0000 2018](https://twitter.com/adulau/status/960794455749136386)) +---- +@g0tmi1k @Iglocska @ExploitDB Great! Thank you for the quick fix. + +(Originally on Twitter: [Tue Feb 06 12:25:33 +0000 2018](https://twitter.com/adulau/status/960851961187913728)) +---- +RT @circl_lu: "TR-52 - Forensic Analysis of an HID Attack" published https://www.circl.lu/pub/tr-52/ From a forensic investigator’s point of view t… + +(Originally on Twitter: [Tue Feb 06 16:56:41 +0000 2018](https://twitter.com/adulau/status/960920190430138368)) +---- +@npettiaux @MM_Schyns @BOZARbrussels @esihe2b @hamzafassi @sjodogne Les outils sont toujours des outils propriétaires qui ne permettent pas aux étudiants ou enseignants d’en comprendre les fonctionnements. Le futur passe par la capacité de construire et démonter les outils. Le logiciel libre comme recommendation dans le pacte d'excellence? + +(Originally on Twitter: [Tue Feb 06 19:41:32 +0000 2018](https://twitter.com/adulau/status/960961676127465473)) +---- +RT @MISPProject: We will be at the Open Source Security Software Hackathon - 3rd Edition +(Mon, March 26, 2018) in Luxembourg with our frie… + +(Originally on Twitter: [Tue Feb 06 20:15:55 +0000 2018](https://twitter.com/adulau/status/960970329702182914)) +---- +@MGuthmuller @sjodogne Maybe there are some similarities with the PMF model https://github.com/adulau/pmf ;-) + +(Originally on Twitter: [Tue Feb 06 20:29:19 +0000 2018](https://twitter.com/adulau/status/960973701159247872)) +---- +@Vecchi_Paolo @ncsc @MISPProject I see many reasons from legal, responsibility to PPP agreements but ultimetaly as the @MISPProject model is no-one is a central authority information exchanged should flow to others communities and improve security. + +(Originally on Twitter: [Wed Feb 07 06:32:31 +0000 2018](https://twitter.com/adulau/status/961125502588260354)) +---- +RT @0xrawsec: New blog post about Gene and how to use it: https://rawsec.lu/blog/posts/2018/Feb/04/go-evtx-signature-engine/ + +(Originally on Twitter: [Wed Feb 07 06:45:04 +0000 2018](https://twitter.com/adulau/status/961128660790104064)) +---- +RT @MISPProject: We recently added a new attribute type in MISP called 'gene' http://www.rawsec.lu/blog/posts/2018/Feb/04/go-evtx-signature-engine/ which is a nice complement to Sigma a… + +(Originally on Twitter: [Wed Feb 07 09:31:59 +0000 2018](https://twitter.com/adulau/status/961170666572648453)) +---- +RT @billpollock: Sad news today. "John Perry Barlow has died" https://www.eff.org/deeplinks/2018/02/john-perry-barlow-internet-pioneer-1947-2018 + +(Originally on Twitter: [Thu Feb 08 05:40:19 +0000 2018](https://twitter.com/adulau/status/961474756410298368)) +---- +@ater49 LOL but sometime seeing some use-cases of MISP users, the reality is not far away ;-) + +(Originally on Twitter: [Thu Feb 08 07:18:07 +0000 2018](https://twitter.com/adulau/status/961499364932845569)) +---- +@ater49 Some use-cases I have seen "tracking sellers of credit cards dump by tracking their ICQ and account", "tracking fraudster by their car plate", "collaborative annotation of evidence seized (including physical goods seized at customs). Indeed just infosec ;-) + +(Originally on Twitter: [Thu Feb 08 07:29:37 +0000 2018](https://twitter.com/adulau/status/961502260718129153)) +---- +Don't go to http://goatse.cx before it was just disturbing. Now it's an ICO Ponzi scheme... ![](media/961559063430615040-DVgkf1CXkAAHlp3.jpg) + +(Originally on Twitter: [Thu Feb 08 11:15:20 +0000 2018](https://twitter.com/adulau/status/961559063430615040)) +---- +RT @aris_ada: @adulau If my memory serves well, that website used to host a totally different kind of content + +(Originally on Twitter: [Thu Feb 08 11:29:09 +0000 2018](https://twitter.com/adulau/status/961562539975901185)) +---- +RT @sissden: Check out our fingerprinting of the ADB.Miner worm traffic based on darknet (network telescope) observations https://t.co/WPqu… + +(Originally on Twitter: [Fri Feb 09 06:40:38 +0000 2018](https://twitter.com/adulau/status/961852321339555841)) +---- +"ODINI : Escaping Sensitive Data from Faraday-Caged, Air-Gapped Computers via Magnetic Fields" https://arxiv.org/abs/1802.02700 #tempest + +(Originally on Twitter: [Fri Feb 09 08:23:47 +0000 2018](https://twitter.com/adulau/status/961878278691696640)) +---- +RT @MISPProject: We just published a new version of the Internet-Draft "MISP core format" including the sighting as part of the core format… + +(Originally on Twitter: [Sat Feb 10 05:48:45 +0000 2018](https://twitter.com/adulau/status/962201652764774400)) +---- +"Quiet for Android - TCP over sound" https://github.com/quiet/org.quietmodem.Quiet "org.quietmodem.Quiet allows you to pass data through the speakers on your Android device. This library can operate either as a raw frame layer or as a UDP/TCP stack." + +(Originally on Twitter: [Sat Feb 10 07:06:50 +0000 2018](https://twitter.com/adulau/status/962221301099388930)) +---- +RT @droethlisberger: Released #SSLsplit 0.5.2: improved compatibility (SSLv2 ClientHello support, better suppression of WebSockets and HTTP… + +(Originally on Twitter: [Sat Feb 10 14:47:11 +0000 2018](https://twitter.com/adulau/status/962337155854094338)) +---- +As we couldn't find a public website of open #threatintelligence standards and references, we started one https://www.threat-intelligence.eu/ and everyone is welcome to contribute via https://github.com/adulau/threat-intelligence.eu ![](media/962350552213540864-DVr0j8-XUAAcWIM.jpg) + +(Originally on Twitter: [Sat Feb 10 15:40:25 +0000 2018](https://twitter.com/adulau/status/962350552213540864)) +---- +RT @circl_lu: You are a student in Europe? Willing to work on security projects with the @circl_lu team? https://www.circl.lu/projects/internships/ many inte… + +(Originally on Twitter: [Sat Feb 10 19:32:07 +0000 2018](https://twitter.com/adulau/status/962408860265959424)) +---- +Reading "Structured Analytic Techniques for Intelligence Techniques" from Heuer, Richards J and this table (2011) affecting the future use of structure analysis is still very inline with the challenges in 2018 of information sharing and structured analytics. #threatintelligence ![](media/962634222581272576-DVv0XWsW0AEkOCX.jpg) + +(Originally on Twitter: [Sun Feb 11 10:27:38 +0000 2018](https://twitter.com/adulau/status/962634222581272576)) +---- +@cybrody @pstirparo Reference to open formats and open methodologies which can help analysts and infosec people to improve their capabilities in analysis, sharing and/or automation. + +(Originally on Twitter: [Sun Feb 11 10:46:14 +0000 2018](https://twitter.com/adulau/status/962638905844621312)) +---- +RT @jessebowling: Thanks for this link (via https://www.threat-intelligence.eu) @adulau ! I’m always looking for a better evtx parser...and this looks… + +(Originally on Twitter: [Sun Feb 11 12:37:54 +0000 2018](https://twitter.com/adulau/status/962667006888697857)) +---- +RT @antirez: The RSS feed was a so big step towards a decentralized web that the big players had to kill it. But still there is a non trivi… + +(Originally on Twitter: [Sun Feb 11 12:41:07 +0000 2018](https://twitter.com/adulau/status/962667816074792960)) +---- +RT @circl_lu: Next week Monday PM until Wednesday PM @adulau and @Iglocska from @circl_lu will give a @MISPProject training in Vienna if yo… + +(Originally on Twitter: [Sun Feb 11 13:04:05 +0000 2018](https://twitter.com/adulau/status/962673595712450561)) +---- +@Maijin212 @hobbygrafix Thank you for sharing. Really good and cool idea. I added the lists in the default feeds of @MISPProject Many interesting correlation with existing events in MISP. #threatintelligence ![](media/962688940514926595-DVwoNBiXUAAy6fz.jpg) + +(Originally on Twitter: [Sun Feb 11 14:05:03 +0000 2018](https://twitter.com/adulau/status/962688940514926595)) +---- +@MaliciaRogue Surtout quand les vendeurs n'aiment pas les standards ouverts et ne publient pas des API ouvertes pour les intégrer avec d'autres produits concurrents ou même ces "horribles" logiciels libres ;-) + +(Originally on Twitter: [Sun Feb 11 14:10:51 +0000 2018](https://twitter.com/adulau/status/962690396567597057)) +---- +"XMSS: Extended Hash-Based Signatures" +https://datatracker.ietf.org/doc/draft-irtf-cfrg-xmss-hash-based-signatures/ will be soon an RFC - the reference implementation is on GitHub https://github.com/joostrijneveld/xmss-reference + +(Originally on Twitter: [Sun Feb 11 16:40:33 +0000 2018](https://twitter.com/adulau/status/962728072578551810)) +---- +Just submitted a talk proposal to @passthesaltcon https://2018.pass-the-salt.org/cfp/ if you did free and open source software in the security field, this is the conference where to submit. + +(Originally on Twitter: [Sun Feb 11 18:16:09 +0000 2018](https://twitter.com/adulau/status/962752128098947072)) +---- +@0xtf @metaconflict @Delbs27 @nadouani @TheHive_Project @MISPProject Many contributions are possible MISP taxonomies, misp-book, galaxy and many more ;-) + +(Originally on Twitter: [Sun Feb 11 19:10:58 +0000 2018](https://twitter.com/adulau/status/962765925320667137)) +---- +@Iglocska My main question is the following what's the advantage of using a bloated protocol when you can use HTTP over TLS to get a JSON file or a CSV? + +(Originally on Twitter: [Sun Feb 11 19:12:46 +0000 2018](https://twitter.com/adulau/status/962766378360098821)) +---- +@0x3c7 @Iglocska @0xtf @metaconflict @Delbs27 @nadouani @TheHive_Project @MISPProject Any contribution. If you already did one and didn't get the hoodie, drop us your address with the commit id ;-) + +(Originally on Twitter: [Sun Feb 11 19:13:52 +0000 2018](https://twitter.com/adulau/status/962766654592741377)) +---- +@Maijin212 @bambenek @Iglocska @IBM And to get the XML schema to validate the JSONx schema, you need to buy an appliance? WTF https://www.ibm.com/support/knowledgecenter/SS9H2Y_6.0.0/com.ibm.dp.xg.doc/json_jsonxschemavalidation.html + +(Originally on Twitter: [Sun Feb 11 20:53:59 +0000 2018](https://twitter.com/adulau/status/962791848061390848)) +---- +@Iglocska @Maijin212 @bambenek @IBM I got a picture of you trying your latest TAXII client +https://twitter.com/srianjalidevi75/status/962792207689441283 + +(Originally on Twitter: [Sun Feb 11 21:01:36 +0000 2018](https://twitter.com/adulau/status/962793765202259968)) +---- +@mikko @H_Miser That’s one of the reason why CIRCLean was created https://www.circl.lu/projects/CIRCLean/ + +(Originally on Twitter: [Mon Feb 12 07:55:28 +0000 2018](https://twitter.com/adulau/status/962958318573678592)) +---- +@verbumrosini @hexwaxwing @MITREcorp @OASISopen Thank you. Those are already on https://www.threat-intelligence.eu/standards/ + +(Originally on Twitter: [Mon Feb 12 08:17:01 +0000 2018](https://twitter.com/adulau/status/962963741397700608)) +---- +@ater49 Sure make a pull-request! + +(Originally on Twitter: [Mon Feb 12 17:29:33 +0000 2018](https://twitter.com/adulau/status/963102791127400448)) +---- +RT @rh0main: LIEF 0.9.0 will come with new formats OAT, VDEX and ART (From Android 6.01 to Android 8.1.0) ![](media/963503000009441281-DV7FHz4X0AAvAEg.png) + +(Originally on Twitter: [Tue Feb 13 19:59:50 +0000 2018](https://twitter.com/adulau/status/963503000009441281)) +---- +RT @MarieGMoe: The Norwegian Information Security Conference #NISK2018 #CFP is open! The conference venue is Svalbard, half way between con… + +(Originally on Twitter: [Tue Feb 13 21:00:40 +0000 2018](https://twitter.com/adulau/status/963518307101020161)) +---- +@Ministraitor @MISPProject @rafi0t @Iglocska I'm sure @zedshaw will love it too ;-) + +(Originally on Twitter: [Tue Feb 13 21:38:37 +0000 2018](https://twitter.com/adulau/status/963527859523465219)) +---- +RT @RonWyden: I’ve been pushing the FBI Director to back up his claim that tech companies can weaken their encryption without harming cyber… + +(Originally on Twitter: [Wed Feb 14 06:11:13 +0000 2018](https://twitter.com/adulau/status/963656856819421184)) +---- +@zedshaw @Ministraitor @MISPProject @rafi0t @Iglocska It's an open source project to share threat information https://www.misp-project.org/ and we strongly follow your programming methodology ;-) + +(Originally on Twitter: [Wed Feb 14 08:23:06 +0000 2018](https://twitter.com/adulau/status/963690046837706752)) +---- +@BurntToast_DFIR @Ministraitor @MISPProject @rafi0t @Iglocska If you do a contribution to @MISPProject via a pull-request in any of the repositories including objects, taxonomies or even documentation. Then you’ll be elligible to get one ;-) + +(Originally on Twitter: [Wed Feb 14 09:56:08 +0000 2018](https://twitter.com/adulau/status/963713461946593280)) +---- +@jnabryant It’s a good point. Our definition is more open formats which are commonly used in the field. YARA format, for example, is a de-facto standard for binary /string pattern matching. Maybe we should add a definition on the page. + +(Originally on Twitter: [Wed Feb 14 18:14:49 +0000 2018](https://twitter.com/adulau/status/963838956684144641)) +---- +Providing a patch to the ssdeep extension in PHP PECL is like using a time-machine and going back to the middle-age. ![](media/963881305200087041-DWBk5JRW4AAul0g.jpg) + +(Originally on Twitter: [Wed Feb 14 21:03:05 +0000 2018](https://twitter.com/adulau/status/963881305200087041)) +---- +RT @cyb3rops: Introducing the @bishopfox Cybersecurity Style Guide +https://www.bishopfox.com/blog/2018/02/hello-world-introducing-the-bishop-fox-cybersecurity-style-guide/ +> what a great idea ![](media/964419988269424641-DWJMYLnVQAYdsbb.jpg) + +(Originally on Twitter: [Fri Feb 16 08:43:37 +0000 2018](https://twitter.com/adulau/status/964419988269424641)) +---- +"Facebook Use of Sensitive Data for Advertising in Europe" +https://arxiv.org/pdf/1802.05030.pdf #privacy + +(Originally on Twitter: [Fri Feb 16 10:32:04 +0000 2018](https://twitter.com/adulau/status/964447278021869568)) +---- +"The Bright and Dark Sides of Computer Vision: Challenges and Opportunities for Privacy and Security (CV-COPS 2018)" +http://vision.soic.indiana.edu/bright-and-dark-workshop-2018/ + +(Originally on Twitter: [Fri Feb 16 12:34:33 +0000 2018](https://twitter.com/adulau/status/964478104810020864)) +---- +@LSELabs (unofficial repository) of ssldump - + a myriad of patches (from Debian and other distributions + contribution (via PR)) +https://github.com/adulau/ssldump + +(Originally on Twitter: [Fri Feb 16 12:36:20 +0000 2018](https://twitter.com/adulau/status/964478551314653185)) +---- +Reading https://medium.com/chronicle-blog/give-good-the-advantage-75ab2c242e45 that @virustotal is moving into Chronicle, a new business unit of Alphabet/@Google - What does this really mean? + +(Originally on Twitter: [Fri Feb 16 20:49:53 +0000 2018](https://twitter.com/adulau/status/964602757566083072)) +---- +@DamskyIrena @markarenaau Great idea! Thank you. + +(Originally on Twitter: [Sat Feb 17 05:40:11 +0000 2018](https://twitter.com/adulau/status/964736210001387520)) +---- +RT @pombr: that's great. I wished CPE would do it, but there is somewhat of a gap between CPEs and the actual reality of packages as used t… + +(Originally on Twitter: [Sat Feb 17 10:37:10 +0000 2018](https://twitter.com/adulau/status/964810948967129088)) +---- +RT @MISPProject: If you want to work with us and other open source security software projects don't forget to join us at "Open Source Secur… + +(Originally on Twitter: [Sun Feb 18 08:53:40 +0000 2018](https://twitter.com/adulau/status/965147291488268288)) +---- +@DamskyIrena @markarenaau Thank you for the idea. I just added it http://www.threat-intelligence.eu/methodologies/#intelligence-driven-computer-network-defense-informed-by-analysis-of-adversary-campaigns-and-intrusion-kill-chains-by-eric-m-hutchins-michael-j-cloppert-rohan-m-amin If you see any other ones to add or contribute, let us know. + +(Originally on Twitter: [Sun Feb 18 10:21:40 +0000 2018](https://twitter.com/adulau/status/965169436482260992)) +---- +RT @MISPProject: The Cyber Threat Framework developed by @ODNIgov which allows consistent characterization and categorization of cyber thr… + +(Originally on Twitter: [Sun Feb 18 11:52:41 +0000 2018](https://twitter.com/adulau/status/965192340863365120)) +---- +@SabinePauquay @McDonalds La prochaine fois que tu passes dans le Sud-Luxembourg, vient manger à la maison. Cela sera une cuisine locale et biologique mais surtout plus cool ;-) + +(Originally on Twitter: [Sun Feb 18 14:10:32 +0000 2018](https://twitter.com/adulau/status/965227034652893190)) +---- +Reading an academic paper about information sharing and game theory. Again they want to punish free riders in an information sharing community which is a complete non-sense. Free-riders are great especially if they use shared information for detection then everyone win. ![](media/965338030994321409-DWWQvx3W0AMhBVj.jpg) + +(Originally on Twitter: [Sun Feb 18 21:31:36 +0000 2018](https://twitter.com/adulau/status/965338030994321409)) +---- +@cmatthewbrooks https://scholarworks.unr.edu/bitstream/handle/11714/2249/Tosh_unr_0139D_12125.pdf?sequence=1&isAllowed=y +There are some interesting points and ideas. I think the model could be refined with organisations or ISACs which are used to run information sharing communities like the ones running @MISPProject ;-) + +(Originally on Twitter: [Mon Feb 19 13:02:28 +0000 2018](https://twitter.com/adulau/status/965572290783084546)) +---- +RT @jfslowik: I heartily endorse this opinion and reflect it in my personal workflow. And as a bonus, if you tweet @MISPProject they usuall… + +(Originally on Twitter: [Mon Feb 19 17:39:34 +0000 2018](https://twitter.com/adulau/status/965642025872838658)) +---- +@martijn_grooten How many did really get a CVE? and how many vendors always try to avoid the assignment of CVE? As an example, we always try to assign CVE for any bug reported which might impact security any level. https://github.com/MISP/MISP/blob/2.4/CONTRIBUTING.md#reporting-security-vulnerabilities ![](media/965677890590445568-DWbGnrPXkAMPZ4F.jpg) + +(Originally on Twitter: [Mon Feb 19 20:02:05 +0000 2018](https://twitter.com/adulau/status/965677890590445568)) +---- +@jnabryant By the way, we have a quite active community at @circl_lu and some others are also very active. http://www.misp-project.org/communities/ If you want, you can get access DM me. + +(Originally on Twitter: [Tue Feb 20 18:10:25 +0000 2018](https://twitter.com/adulau/status/966012179488104460)) +---- +@Ms_Multicolor @RIPE_Atlas @RIPE_NCC By the way, we do an Open Source Security Software Hackathon on the 26th March 2018 in Luxembourg https://hackathon.hack.lu/ it could be a great opportunity for RIPE Atlas contributors too. + +(Originally on Twitter: [Wed Feb 21 06:37:45 +0000 2018](https://twitter.com/adulau/status/966200250275909635)) +---- +RT @MISPProject: MISP 2.4.88 released including Fuzzy hashing (ssdeep) correlation, STIX 1.1 import, many API improvements and bug fixes.… + +(Originally on Twitter: [Wed Feb 21 21:14:49 +0000 2018](https://twitter.com/adulau/status/966420971753234433)) +---- +30 years ago, a piece of software done by a human showed the weaknesses of the software made by other humans. I hope the name on the meeting room will remind us that we always design broken stuff. ![](media/966558527518138368-DWnn1s7X0AASTXU.jpg) + +(Originally on Twitter: [Thu Feb 22 06:21:25 +0000 2018](https://twitter.com/adulau/status/966558527518138368)) +---- +@ddurvaux Nope but we have a room called WARRIORPRIDE too... + +(Originally on Twitter: [Thu Feb 22 07:40:09 +0000 2018](https://twitter.com/adulau/status/966578339808006145)) +---- +The past days of debugging old STIX and TAXII drove us in a unconscious space where hallucinogen products were involved at high doses. Give us simple JSON and simple HTTP over TLS to cure us from the madness. + + +media/966704136958988289-DWpsSKXWkAAjlW8.mp4 + +(Originally on Twitter: [Thu Feb 22 16:00:01 +0000 2018](https://twitter.com/adulau/status/966704136958988289)) +---- +@__weirdnik__ Robert H. Morris Sr. was his father and worked indeed on Unix crypt(). + +(Originally on Twitter: [Fri Feb 23 05:47:16 +0000 2018](https://twitter.com/adulau/status/966912320914964481)) +---- +RT @PaulWebSec: Finally releasing metasearch https://github.com/PaulSec/metasearch-public +Hopefully, with this kind of project you will stop searching for samp… + +(Originally on Twitter: [Sat Feb 24 09:08:23 +0000 2018](https://twitter.com/adulau/status/967325323745550339)) +---- +I love listening to critics in a train. Especially when it’s about someone you know personally. Average network degree in public transport is low and maybe lower than expected by the travellers. #graphtheory + +(Originally on Twitter: [Sat Feb 24 12:37:36 +0000 2018](https://twitter.com/adulau/status/967377972440248321)) +---- +For my french-speaking followers, the text from Simone Weil about the removal of political parties is a master piece of clarity. Published by @EditionsAllia ![](media/967486556884873219-DW0z3bkW0AERuMR.jpg) + +(Originally on Twitter: [Sat Feb 24 19:49:04 +0000 2018](https://twitter.com/adulau/status/967486556884873219)) +---- +@hackermill @EditionsAllia I found one https://libcom.org/library/abolition-all-political-parties-simone-weil but I didn’t review the security of the epub... + +(Originally on Twitter: [Sun Feb 25 09:07:30 +0000 2018](https://twitter.com/adulau/status/967687488700547073)) +---- +I love clever uses of @MISPProject and @Twitter together. A cool script done by @ntddk to track malware IOCs with OSINT on Twitter from known security researchers to feed a MISP instance. +https://github.com/ntddk/virustream + +(Originally on Twitter: [Sun Feb 25 11:43:16 +0000 2018](https://twitter.com/adulau/status/967726689047457792)) +---- +RT @msuiche: Smart. Like they say the real winners during the gold rush are those who sold tools and jeans. https://twitter.com/bascule/status/967214239755657216 + +(Originally on Twitter: [Sun Feb 25 14:13:20 +0000 2018](https://twitter.com/adulau/status/967764453424009216)) +---- +RT @Sebdraven: Soon we open a instance of @MISPProject with IOCs posted with pastebin by ressearcher on Twitter ! You can follow how a twee… + +(Originally on Twitter: [Tue Feb 27 08:43:57 +0000 2018](https://twitter.com/adulau/status/968406336282259456)) +---- +@Aristot73 Another option (proven to work for ages) for preservation is to (re)produce your seeds, distribute and exchange these to ensure diversity. + +(Originally on Twitter: [Tue Feb 27 22:07:13 +0000 2018](https://twitter.com/adulau/status/968608485347921921)) +---- +@VessOnSecurity @MISPProject We did a first version of the MISP object for Cowrie https://github.com/MISP/misp-objects/blob/master/objects/cowrie/definition.json https://www.misp-project.org/objects.html#_cowrie and we are working on an output module. We should do a PR on Cowrie repository tomorrow ;-) @mokaddem_sami + +(Originally on Twitter: [Wed Feb 28 17:48:11 +0000 2018](https://twitter.com/adulau/status/968905684644397056)) +---- +@VessOnSecurity @MISPProject @mokaddem_sami Sure, we will add more fields. This first version template was based on some collections of telnet sessions. I'm sure we will add some more fields with SSH later. The idea is to create daily MISP event with all the sessions. Then it can be used for correlations, feeds or export + +(Originally on Twitter: [Wed Feb 28 18:08:08 +0000 2018](https://twitter.com/adulau/status/968910705209593856)) +---- +@VessOnSecurity @MISPProject @mokaddem_sami I created an issue where we can give feedback or ideas: + +https://github.com/MISP/misp-objects/issues/84 + +We will update following the changes. Thank you. + +(Originally on Twitter: [Wed Feb 28 18:14:49 +0000 2018](https://twitter.com/adulau/status/968912387544944640)) +---- +"The machoc hash is a fuzzy hash mechanism based on the Call Flow Graph (CFG) of a function." https://github.com/ANSSI-FR/polichombr/blob/dev/docs/MACHOC_HASH.md by @ANSSI_FR looks very promising. + +(Originally on Twitter: [Wed Feb 28 18:42:07 +0000 2018](https://twitter.com/adulau/status/968919259584913408)) +---- +RT @rbnctl: https://github.com/conix-security/machoke https://twitter.com/adulau/status/968919259584913408 + +(Originally on Twitter: [Wed Feb 28 18:46:21 +0000 2018](https://twitter.com/adulau/status/968920325386891264)) +---- +RT @taviso: Wait...what?! 🤪 https://twitter.com/digicert/status/968925980533207040 + +(Originally on Twitter: [Wed Feb 28 20:43:30 +0000 2018](https://twitter.com/adulau/status/968949805375459328)) +---- +@rbnctl Do you know how the distance is calculated between two hashes? and which format is used to do the calculation? The reference mentions the Jaccard distance but on which output format? Thank you. + +(Originally on Twitter: [Thu Mar 01 07:53:01 +0000 2018](https://twitter.com/adulau/status/969118296015540224)) +---- +RT @Timo_Steffens: Ein neues Buch über Attribution, die Suche nach den Tätern hinter der Cyber-Spionage, behandelt: +- Spuren in Schadsoftwa… + +(Originally on Twitter: [Thu Mar 01 20:05:54 +0000 2018](https://twitter.com/adulau/status/969302731746889731)) +---- +RT @ErrataRob: This week I learned an unintended consequence of all those bug bounties: instead of getting friendly notices of website vuln… + +(Originally on Twitter: [Fri Mar 02 06:38:33 +0000 2018](https://twitter.com/adulau/status/969461941142982657)) +---- +A small note for future if you run a standard body defining technical standards, voting is not ideal and should be avoided at all cost. Instead of voting, ask for test implementations and keep the most simple and interoperable solution. + +(Originally on Twitter: [Fri Mar 02 15:58:25 +0000 2018](https://twitter.com/adulau/status/969602835854888960)) +---- +@rafi0t It’s a broad statement ;-) but there are some good references from other organisations like IETF which give some guidances or ideas to improve the “process”... https://tools.ietf.org/html/rfc7282 + +(Originally on Twitter: [Fri Mar 02 17:30:06 +0000 2018](https://twitter.com/adulau/status/969625911648768000)) +---- +@binarypool Maybe we should think of a @MISPProject module to bridge it with SpiderFoot @cudeso https://github.com/MISP/misp-modules + +(Originally on Twitter: [Fri Mar 02 17:54:08 +0000 2018](https://twitter.com/adulau/status/969631960728526854)) +---- +@snazmeister Voting in standardization is often the root cause behind crappy formats or broken standards. Running code first is where the future standard should be not in committees-based design. + +(Originally on Twitter: [Sat Mar 03 12:29:30 +0000 2018](https://twitter.com/adulau/status/969912648644079616)) +---- +@aeris22 Pinger le CCB https://www.ccb.belgium.be/fr/contact ? + +(Originally on Twitter: [Sat Mar 03 15:15:52 +0000 2018](https://twitter.com/adulau/status/969954515720941568)) +---- +@blackswanburst Pivoting is all we need when reading large and abstruse documents ;-) + +(Originally on Twitter: [Sat Mar 03 18:31:03 +0000 2018](https://twitter.com/adulau/status/970003635722706945)) +---- +@rafi0t @seamustuohy Still very impressive to have code written for a master thesis running for more than 5 years 😉 + +(Originally on Twitter: [Sat Mar 03 21:06:52 +0000 2018](https://twitter.com/adulau/status/970042848400826369)) +---- +The historical information about open source projects in @GitHub issues is a great source of anthropological and economical knowledge behind open source communities. https://github.com/ariya/phantomjs/issues/14541 The recent archiving of @PhantomJS project showed some interesting insights. Notes follow ![](media/970338889931067392-DXdV9iGX4AEbTO3.jpg) + +(Originally on Twitter: [Sun Mar 04 16:43:14 +0000 2018](https://twitter.com/adulau/status/970338889931067392)) +---- +Community is key. Money and cash matter but it's really not the core of the issue to maintain an open source project on the long-run. @hintjens gave significant points like "intelligence is a social effect". https://hintjens.gitbooks.io/social-architecture/content/chapter5.html from "Social Architecture" ![](media/970340998529323008-DXdXZ_ZWsAEt-I_.jpg) + +(Originally on Twitter: [Sun Mar 04 16:51:36 +0000 2018](https://twitter.com/adulau/status/970340998529323008)) +---- +How to be open to contributions? @hintjens made an additional point on how to attract/retain contributors? "The community is more important than the product." Accepting contributors even if the contributions are weak or incorrect, it's better at the end. ![](media/970342033008287744-DXdYXCWWkAAXovE.jpg) + +(Originally on Twitter: [Sun Mar 04 16:55:43 +0000 2018](https://twitter.com/adulau/status/970342033008287744)) +---- +Being positive is often a winning strategy because you attract positive people and contributors. Attracting people because you attack competitors (open source or proprietary) will turn inwards at the end and against the project. @hintjens clearly describes this. ![](media/970343529062043648-DXdZxr_XcAAs1Q5.jpg) + +(Originally on Twitter: [Sun Mar 04 17:01:40 +0000 2018](https://twitter.com/adulau/status/970343529062043648)) +---- +Another interesting approach is to release early code or work-in-progress, it's a way to attract contributors before the users. ![](media/970349668147388417-DXdfqb7WAAElB7O.jpg) + +(Originally on Twitter: [Sun Mar 04 17:26:03 +0000 2018](https://twitter.com/adulau/status/970349668147388417)) +---- +"Data mining for detecting Bitcoin Ponzi schemes" +https://arxiv.org/pdf/1803.00646.pdf + +(Originally on Twitter: [Mon Mar 05 09:28:15 +0000 2018](https://twitter.com/adulau/status/970591814272147456)) +---- +@meileaben Indeed, when I saw the title it was my first perception. The article is not too bad at the end ;-) + +(Originally on Twitter: [Mon Mar 05 10:43:21 +0000 2018](https://twitter.com/adulau/status/970610712702832641)) +---- +@VessOnSecurity @MISPProject First version is available. The redis output is now merged in Cowrie https://github.com/micheloosterhof/cowrie/commit/4a89b7d504ccdd98df274cf278f42b96862c08a4 and https://github.com/mokaddem/PyMISP-wrapper to generate a daily event with the data pushed from Cowrie/Redis then @MISPProject . More will come soon related to Cowrie and MISP integration. + +(Originally on Twitter: [Mon Mar 05 18:42:15 +0000 2018](https://twitter.com/adulau/status/970731232123334656)) +---- +@VessOnSecurity @MISPProject It's just a daily event in MISP updated live. So the event can be published and shared multiple times as you wish or generate a feed live when it's updated. + +(Originally on Twitter: [Mon Mar 05 19:46:18 +0000 2018](https://twitter.com/adulau/status/970747349868974085)) +---- +@VessOnSecurity @MISPProject We know but just talk about the segmentation of event in MISP. Nothing else. + +(Originally on Twitter: [Mon Mar 05 19:54:16 +0000 2018](https://twitter.com/adulau/status/970749354981101569)) +---- +@VessOnSecurity @MISPProject We can generate a raw feed (like we did for all the OSINT feed) directly this would work too and you get the correlation matching in MISP without even importing the data in MySQL. We do it for Tor exit nodes or alike. + +(Originally on Twitter: [Mon Mar 05 19:55:59 +0000 2018](https://twitter.com/adulau/status/970749788739309569)) +---- +@VessOnSecurity @MISPProject Maybe you want to join us for the hackathon the 26th March https://hackathon.hack.lu/ and show us all your use-cases ;-) + +(Originally on Twitter: [Mon Mar 05 19:57:49 +0000 2018](https://twitter.com/adulau/status/970750248971849730)) +---- +I will be tomorrow (7th March) at @sctx18 to talk about the @MISPProject if you want to discuss about open source, threat intelligence, #misp or incident response. See you there. + +(Originally on Twitter: [Tue Mar 06 06:12:44 +0000 2018](https://twitter.com/adulau/status/970904997553737730)) +---- +@cocaman @MISPProject You can disable correlation on specific values. You have a small checkbox to disable the correlation. + +(Originally on Twitter: [Tue Mar 06 06:28:52 +0000 2018](https://twitter.com/adulau/status/970909056494899200)) +---- +@GossiTheDog Lupper Worm was abusing PHP vul to propagate? But this is indeed a very old one... + +(Originally on Twitter: [Tue Mar 06 17:37:52 +0000 2018](https://twitter.com/adulau/status/971077416541130753)) +---- +@Krands_ Pourquoi? C’est plutôt une bonne nouvelle. + +(Originally on Twitter: [Wed Mar 07 19:00:05 +0000 2018](https://twitter.com/adulau/status/971460496691023873)) +---- +@Krands_ Je trouve que la solution train gratuit serait la plus belle approche. Mais les syndicats parlent d’une impossibilité à cause des assurances... + +(Originally on Twitter: [Wed Mar 07 19:06:24 +0000 2018](https://twitter.com/adulau/status/971462083563966471)) +---- +@Krands_ Oui c’est pas simple. Mais entre acheter des F-35 ou investir dans les trains... la deuxième option me semble la plus saine pour tous. + +(Originally on Twitter: [Wed Mar 07 19:13:43 +0000 2018](https://twitter.com/adulau/status/971463925232537601)) +---- +"A first look at browser-based cryptojacking" https://arxiv.org/pdf/1803.02887.pdf a good summary/state-of-the-art paper of the past months activities of #cryptojacking ![](media/972051513899143168-DX1ndG1W0AEo89s.jpg) + +(Originally on Twitter: [Fri Mar 09 10:08:35 +0000 2018](https://twitter.com/adulau/status/972051513899143168)) +---- +@Sebdraven Not this one ;-) + +(Originally on Twitter: [Fri Mar 09 16:02:01 +0000 2018](https://twitter.com/adulau/status/972140459257745408)) +---- +RT @__Thanat0s__: Nice, We saw a Mercedes Cars come with a promotional "rubber ducky" key to "drive" your computer directly to the website.… + +(Originally on Twitter: [Fri Mar 09 16:27:09 +0000 2018](https://twitter.com/adulau/status/972146785211822081)) +---- +@y0m @CrySySLab If they want to join the expanding @MISPProject communities, we will welcome them and show them how to use MISP galaxies to solve their synonyms issues with threat-actor tools. Cc @NSAGov + +(Originally on Twitter: [Fri Mar 09 17:13:30 +0000 2018](https://twitter.com/adulau/status/972158445989359617)) +---- +What's the most common difficult aspect for an adversary but also for defence in computer security? Maybe the "difficulty of persistence" is a common one. + +(Originally on Twitter: [Sat Mar 10 21:20:17 +0000 2018](https://twitter.com/adulau/status/972582940449361920)) +---- +@Carilall @PwC_Luxembourg Which Garamond is used? I feel a strange aspect of the ligature on the text. + +(Originally on Twitter: [Sat Mar 10 21:25:08 +0000 2018](https://twitter.com/adulau/status/972584163382562816)) +---- +@chiston Indeed. How difficult is for an adversary to avoid false-positive when doing ex-filtration? It's an under estimated field ;-) + +(Originally on Twitter: [Sun Mar 11 09:29:11 +0000 2018](https://twitter.com/adulau/status/972766373595287552)) +---- +@chiston That's why sometime separating both aspects (defence and attack) in "trainings or exercise" makes me uncomfortable. We are losing a lot of potential learnings and improvements from both sides. + +(Originally on Twitter: [Sun Mar 11 09:38:09 +0000 2018](https://twitter.com/adulau/status/972768631426822144)) +---- +RT @halvarflake: @adulau Legacy systems. Upgrading infrastructure. + +(Originally on Twitter: [Sun Mar 11 17:33:39 +0000 2018](https://twitter.com/adulau/status/972888295804952582)) +---- +RT @rh0main: Awesome use case of LIEF and LibFuzzer: https://blahcat.github.io/2018/03/11/fuzzing-arbitrary-functions-in-elf-binaries/ by @_hugsy_ +cc @quarkslab + +(Originally on Twitter: [Sun Mar 11 19:33:58 +0000 2018](https://twitter.com/adulau/status/972918574758137858)) +---- +"MOSQUITO: Covert Ultrasonic Transmissions between Two Air-Gapped Computers using Speaker-to-Speaker Communication" +https://arxiv.org/pdf/1803.03422.pdf + +(Originally on Twitter: [Mon Mar 12 07:56:09 +0000 2018](https://twitter.com/adulau/status/973105348537212928)) +---- +"The 1998 Lincoln Laboratory IDS Evaluation A Critique" +http://www.cs.cmu.edu/~maxion/courses/mchugh00.pdf We are in 2018 and we still doesn't have adequate datasets of pcap captures to test exhaustively the NIDS or the next fancy AI classification algorithm. + +(Originally on Twitter: [Mon Mar 12 18:40:37 +0000 2018](https://twitter.com/adulau/status/973267533829689344)) +---- +RT @rehakmar: @adulau Agree - but the problem only got worse. Almost any public testing dataset can be (over)optimised to 100% TPs and no F… + +(Originally on Twitter: [Mon Mar 12 20:08:04 +0000 2018](https://twitter.com/adulau/status/973289542953422851)) +---- +@infoconorg Yep. @MISPProject summit always takes place the day before @hack_lu as the organisers are @circl_lu + +(Originally on Twitter: [Tue Mar 13 04:50:48 +0000 2018](https://twitter.com/adulau/status/973421092164554752)) +---- +RT @GavinSReid: "I regard the brain as a computer which will stop working when its components fail. There is no heaven or afterlife for bro… + +(Originally on Twitter: [Thu Mar 15 06:23:32 +0000 2018](https://twitter.com/adulau/status/974169207637147648)) +---- +Is it just me or simple heuristic on filenames should be done by the A/V engines? Wondering what is the ratio of legitimate use-case of "PDF filename" encrypted/compacted as PE in an auto-extractable way compared to the current abuse? False-positive versus attackers. Who win... ![](media/974242127474511872-DYUyRLkWAAAA9E0.jpg) + +(Originally on Twitter: [Thu Mar 15 11:13:18 +0000 2018](https://twitter.com/adulau/status/974242127474511872)) +---- +@grumpy4n6 @MISPProject Thank you for joining us. It was a pleasure to discuss with you and get your feedback on what we try to achieve in information sharing. Cc @mokaddem_sami + +(Originally on Twitter: [Thu Mar 15 15:37:25 +0000 2018](https://twitter.com/adulau/status/974308594513600514)) +---- +"Vulnerability Description Ontology (VDO): a Framework for Characterizing Vulnerabilities" Many good ideas to improve the context and scenario around a CVE. +https://csrc.nist.gov/publications/detail/nistir/8138/draft Did anyone already work on a Python library for VDO? @pidgeyL @usnistgov ![](media/974626093008384002-DYaQ9K5XcAA45eu.jpg) + +(Originally on Twitter: [Fri Mar 16 12:39:02 +0000 2018](https://twitter.com/adulau/status/974626093008384002)) +---- +@florence_parly @Defense_gouv @MarineNationale @EtatMajorFR @Armee_de_lair @armeedeterre @gouvernementFR N’oubliez pas d’inclure des recommendations pour assurer une distribution de ces outils en logiciel libre pour le bien commun mais aussi dynamiser l'économie. + +(Originally on Twitter: [Sat Mar 17 08:25:51 +0000 2018](https://twitter.com/adulau/status/974924762978963459)) +---- +@Iglocska CDG <-> LUX the black-hole or the Bermuda triangle where the luggages get lost. I suppose this would have been a place for Stephen Hawking to search for time. + +(Originally on Twitter: [Sat Mar 17 20:16:57 +0000 2018](https://twitter.com/adulau/status/975103717241442311)) +---- +@MISPProject @cmp_rax_1337 @hasherezade @kickstarter I think there is a major difference. MISP is open source and can be run everywhere you want as a stand-alone instance or even as a SaaS for a community. Not sure about VirusBay 2.0, it's only a SaaS? + +(Originally on Twitter: [Sat Mar 17 20:56:04 +0000 2018](https://twitter.com/adulau/status/975113560325087232)) +---- +"the danger of the backdoor - le péril de la porte dérobée" taken in Namur +https://www.flickr.com/photos/adulau/26003405317/ #blackandwhitephotography + +(Originally on Twitter: [Sun Mar 18 11:16:56 +0000 2018](https://twitter.com/adulau/status/975330205161218050)) +---- +@LSELabs I try to maintain an up-to-date version of ssldump https://github.com/adulau/ssldump with all the recent patches. + +(Originally on Twitter: [Sun Mar 18 11:27:21 +0000 2018](https://twitter.com/adulau/status/975332825598603266)) +---- +RT @rafi0t: Read @k8em0 and @aloria tweets on bug bounties, please. + +As a relatively decent developer, seeing the prices skyrocketing is su… + +(Originally on Twitter: [Sun Mar 18 15:12:54 +0000 2018](https://twitter.com/adulau/status/975389588855377920)) +---- +@Hexacorn Indeed but this is not a valid excuse for A/V vendors to not baseline filename based on filename already seen in the past. They claim "machine learning technologies" but they don't do basic statistics on the probability of a filename with known extensions. 🤨 + +(Originally on Twitter: [Sun Mar 18 15:21:54 +0000 2018](https://twitter.com/adulau/status/975391853611757569)) +---- +@AdliceSoftware @MISPProject @cmp_rax_1337 @hasherezade @kickstarter Is MRF open source? + +(Originally on Twitter: [Sun Mar 18 18:00:00 +0000 2018](https://twitter.com/adulau/status/975431641094029312)) +---- +@Iglocska @nadouani Maybe the format already used by @TheHive_Project should be reviewed during the hackathon and we could write an Internet-Draft like we did for the MISP core standard. + +(Originally on Twitter: [Mon Mar 19 06:04:15 +0000 2018](https://twitter.com/adulau/status/975613902506602496)) +---- +RT @SteveClement: Forget #infoSec and get a stock of #cyberClean ![](media/975625124387934208-DYocUaDVoAAreFl.jpg) + +(Originally on Twitter: [Mon Mar 19 06:48:50 +0000 2018](https://twitter.com/adulau/status/975625124387934208)) +---- +@Iglocska @nadouani @TheHive_Project Maybe we should also review other formats like @cuckoosandbox and other security open source tools during https://hackathon.hack.lu/ and see which can be described and how compatible we are between each others. + +(Originally on Twitter: [Mon Mar 19 07:17:45 +0000 2018](https://twitter.com/adulau/status/975632400968568833)) +---- +I think I did my biggest mistake for this year. I forgot to order Club-Mate for next week #hackathon ... + + +media/975788363675467776-DYqyVdUX4AIg4u-.mp4 + +(Originally on Twitter: [Mon Mar 19 17:37:29 +0000 2018](https://twitter.com/adulau/status/975788363675467776)) +---- +@Ministraitor @revspacenl Thank you. We already found a solution ;-) But I will continue to drink black tea instead of Club-Mate during the #hackathon . @markarenaau + +(Originally on Twitter: [Mon Mar 19 18:28:41 +0000 2018](https://twitter.com/adulau/status/975801245280677891)) +---- +RT @MISPProject: Don't forget next week we are at "Open Source Security Software Hackathon" 26/03 in Luxembourg (and also in Japan) with ot… + +(Originally on Twitter: [Mon Mar 19 20:01:18 +0000 2018](https://twitter.com/adulau/status/975824554047279105)) +---- +"Cambridge Analytica demonstrably non-compliant with data protection law" https://medium.com/personaldata-io/cambridge-analytica-demonstrably-non-compliant-with-data-protection-law-95ec5712b61 Maybe nowadays this article from 2017 was basically just right. #privacy + +(Originally on Twitter: [Mon Mar 19 21:28:56 +0000 2018](https://twitter.com/adulau/status/975846607676682241)) +---- +@GossiTheDog If you have any ideas or feedback on @MISPProject let us know. + +(Originally on Twitter: [Tue Mar 20 05:41:33 +0000 2018](https://twitter.com/adulau/status/975970578296385537)) +---- +RT @MISPProject: MISP as supporting platform for sharing information, following ISO/IEC 27010:2015 has been published https://t.co/fu1HPVe… + +(Originally on Twitter: [Tue Mar 20 16:03:24 +0000 2018](https://twitter.com/adulau/status/976127074627981312)) +---- +@gizolka The robot is indeed holding it. All will be fine. + +(Originally on Twitter: [Tue Mar 20 18:39:51 +0000 2018](https://twitter.com/adulau/status/976166445225857024)) +---- +@VessOnSecurity First use GNU Screen or tmux. Then your script can pull the data from your MySQL table, update your geolocation in Redis sets and then you have fast cache for find each geolocation. + +(Originally on Twitter: [Tue Mar 20 21:41:31 +0000 2018](https://twitter.com/adulau/status/976212161092562946)) +---- +@gizolka Maybe the sociologists should read first “The Hacker Ethic and the Spirit of the Information Age” to better understand te roots behind the hackers movement... https://en.m.wikipedia.org/wiki/The_Hacker_Ethic_and_the_Spirit_of_the_Information_Age + +(Originally on Twitter: [Wed Mar 21 06:46:59 +0000 2018](https://twitter.com/adulau/status/976349432957546498)) +---- +@pidgeyL @usnistgov No worries. We are working on @MISPProject object to represent VDO . Then we can have a look at cve-search on the long-run. + +(Originally on Twitter: [Wed Mar 21 14:36:00 +0000 2018](https://twitter.com/adulau/status/976467464379949063)) +---- +Yeah! This is solved. Thanks to @Rita_Bre for the last minute order. + +(Originally on Twitter: [Thu Mar 22 19:59:35 +0000 2018](https://twitter.com/adulau/status/976911288533245952)) +---- +RT @MISPProject: MISP 2.4.89 released including a new MISP event graph viewer/editor, STIX 2.0 import and many bug/security fixes. https://… + +(Originally on Twitter: [Fri Mar 23 15:11:41 +0000 2018](https://twitter.com/adulau/status/977201223807000576)) +---- +@Senficon @github They forget that open source is a driving force for the EU economy and it’s inherently part of the innovation models. They also forget to read the open source and free software definitions when there must not be restrictions on the field of endeavor. + +(Originally on Twitter: [Fri Mar 23 19:19:40 +0000 2018](https://twitter.com/adulau/status/977263629849583616)) +---- +@davidonzo @MISPProject We accept all challenges! Even this one... + +(Originally on Twitter: [Fri Mar 23 21:26:16 +0000 2018](https://twitter.com/adulau/status/977295488516018177)) +---- +@asfakian @MISPProject Indeed good point we have some crazy ideas with configurable automatic expiration to release info from tlp:green to tlp:white at some point. Maybe something we could discuss on Monday at the hackathon. + +(Originally on Twitter: [Sat Mar 24 13:19:33 +0000 2018](https://twitter.com/adulau/status/977535392051277824)) +---- +If you wonder what's the feeling of finding an abandoned repository in @GitHub here is the #urbex feeling of it. #photography https://www.flickr.com/photos/adulau/40096390015/ #blackandwhite + +(Originally on Twitter: [Sat Mar 24 16:44:50 +0000 2018](https://twitter.com/adulau/status/977587052605857792)) +---- +RT @circl_lu: Thanks to @paulvixie for an updated version of dnsdbq which includes the support to @circl_lu passive dns in addition to @Far… + +(Originally on Twitter: [Sun Mar 25 10:00:16 +0000 2018](https://twitter.com/adulau/status/977847628317839360)) +---- +While preparing the introduction notes with @SteveClement for the Open Source Security Software hackathon of tomorrow while adding references, I dig into @hintjens book toolchain to generate his book in PDF and epub. His legacy is huge. http://www.foo.be/docs-free/social-architecture/main.pdf #opensource ![](media/977879290741215232-DZIfEdxWkAEBfsS.jpg) + +(Originally on Twitter: [Sun Mar 25 12:06:05 +0000 2018](https://twitter.com/adulau/status/977879290741215232)) +---- +RT @nolimitsecu: #Podcast #Cybersécurité + +Épisode #172 consacré à @MISPProject avec @adulau + +https://www.nolimitsecu.fr/misp/ + +(Originally on Twitter: [Mon Mar 26 11:26:45 +0000 2018](https://twitter.com/adulau/status/978231779424423936)) +---- +RT @matthieugarin: Très bon podcast @nolimitsecu #MISP avec @adulau https://buff.ly/2DW0uz0 -> interfaces, communautés, taxonomie, automati… + +(Originally on Twitter: [Mon Mar 26 11:39:20 +0000 2018](https://twitter.com/adulau/status/978234943968043008)) +---- +@FrancoMisp @tuxpanik @Sebdraven Pourquoi ne pas faire un plugin dans AIL pour pomper et detecter les pastes avec des IOCs? https://github.com/CIRCL/AIL-framework le risque de FP est grand mais on peut toujours essayer. + +(Originally on Twitter: [Mon Mar 26 20:49:39 +0000 2018](https://twitter.com/adulau/status/978373436987846656)) +---- +RT @asfakian: During the past year, @razvan_gavrila and I worked on a document related to opportunities and limitations of current Threat… + +(Originally on Twitter: [Tue Mar 27 05:03:15 +0000 2018](https://twitter.com/adulau/status/978497657894293505)) +---- +RT @MISPProject: A new PyMISP tutorial as @ProjectJupyter notebook to quickly learn about the basic of interacting with a MISP instance usi… + +(Originally on Twitter: [Wed Mar 28 10:24:02 +0000 2018](https://twitter.com/adulau/status/978940773759582208)) +---- +Thanks to all the contributors of @MISPProject who contributed the past 3 days during the hackathon and the trainings. We are so glad to have such an active and commited community to information sharing, information security and threat analysis. 👍🏻#cti #ThreatIntelligence + +(Originally on Twitter: [Wed Mar 28 17:47:13 +0000 2018](https://twitter.com/adulau/status/979052303910146048)) +---- +RT @thorstenholz: To quote from http://syssec.ruhr-uni-bochum.de/media/emma/veroeffentlichungen/2011/06/07/deanonymizeSN-Oakland10.pdf: "In total, we successfully crawled more than 43.2 million group members from 31,85… + +(Originally on Twitter: [Thu Mar 29 05:53:13 +0000 2018](https://twitter.com/adulau/status/979235004730544128)) +---- +@y0m and the other side. We are waiting 21 days for the pull-request to be reviewed ;-) + +(Originally on Twitter: [Thu Mar 29 08:11:51 +0000 2018](https://twitter.com/adulau/status/979269896415653888)) +---- +RT @droethlisberger: Excited to be giving a talk about monitoring #macOS fleets for intrusions and malware at @a41con in June — now all tha… + +(Originally on Twitter: [Thu Mar 29 09:24:13 +0000 2018](https://twitter.com/adulau/status/979288105667710976)) +---- +@_saadk @TheHive_Project @jazzmanrecords @SteveClement Thank you for sharing the good vibes of open source along with alternative sound vibes. And my favourite is included: https://www.youtube.com/watch?v=1EfsEMg8swI ![](media/979413010451189760-DZeS4s5WkAAD1UX.jpg) + +(Originally on Twitter: [Thu Mar 29 17:40:32 +0000 2018](https://twitter.com/adulau/status/979413010451189760)) +---- +RT @_saadk: Now that @TheHive_Project Cortex 2 is out, it is time to relax & listen to @jazzmanrecords excellent Spiritual Jazz 8: Japan ~… + +(Originally on Twitter: [Thu Mar 29 17:40:41 +0000 2018](https://twitter.com/adulau/status/979413044747997184)) +---- +Decaying of Indicators of Compromise https://arxiv.org/abs/1803.11052 it’s still a work in progress, the paper is a draft where we welcome feedback or ideas. The goal is to include it as a configurable option in @MISPProject instance soon. # threatintelligence + +(Originally on Twitter: [Fri Mar 30 06:43:57 +0000 2018](https://twitter.com/adulau/status/979610161240330240)) +---- +@tomchop_ Indeed, we did the expiration sighting in MISP too but expiration is really context-dependant and unique per devices processing the indicators. and it's where the complexity is. Let us know if you have more feedback. + +(Originally on Twitter: [Fri Mar 30 09:21:21 +0000 2018](https://twitter.com/adulau/status/979649772029186048)) +---- +Withdrawal of the United Kingdom and EU rules on .eu domain names +https://ec.europa.eu/info/sites/info/files/notice_to_stakeholders_brexit_eu_domain_names.pdf #everythingisconnected #Brexit + +(Originally on Twitter: [Fri Mar 30 11:36:51 +0000 2018](https://twitter.com/adulau/status/979683870403649539)) +---- +@0xAmit @inbarraz I know who started the fight... it can only be one. + +(Originally on Twitter: [Fri Mar 30 12:09:21 +0000 2018](https://twitter.com/adulau/status/979692052140130310)) +---- +RT @circl_lu: Updated @MISPProject training materials released including new slide decks about feeds and MISP objects - complete PDF with a… + +(Originally on Twitter: [Fri Mar 30 14:35:06 +0000 2018](https://twitter.com/adulau/status/979728731676860416)) +---- +RT @MISPProject: We actively use @LIEF_project in @MISPProject for the automatic extraction/analysis of binary samples (PE, MachO and ELF)… + +(Originally on Twitter: [Fri Mar 30 16:03:55 +0000 2018](https://twitter.com/adulau/status/979751083277987848)) +---- +RT @lorenzoFB: Dear internet, + +No, I'm not going to RSA. Enjoy the snake oil though! + +Best, + +Lorenzo + +(Originally on Twitter: [Fri Mar 30 16:04:46 +0000 2018](https://twitter.com/adulau/status/979751297862729729)) +---- +Waiting for @CoppensBruno or #godot ![](media/979786794412728325-DZjm4VbW0AAL48J.jpg) + +(Originally on Twitter: [Fri Mar 30 18:25:50 +0000 2018](https://twitter.com/adulau/status/979786794412728325)) +---- +RT @jovimon: Just read "Decaying Indicators of Compromise" from @adulau et al. +Really interesting work! Hope it gets into @MISPProject soo… + +(Originally on Twitter: [Sat Mar 31 08:13:33 +0000 2018](https://twitter.com/adulau/status/979995097835196417)) +---- +To summarize my experience about peer-reviewed academic conference and paper submission: - Submit a paper - Wait 4-5 months to get a review +- Then the review is 1 line to tell you that your paper is rejected. +You upload a preprint on @arxiv & you receive exhaustive reviews in 24h + +(Originally on Twitter: [Sat Mar 31 10:14:59 +0000 2018](https://twitter.com/adulau/status/980025657580228609)) +---- +@alexcryptan @arxiv The reviews came by email ;-) + +(Originally on Twitter: [Sat Mar 31 13:09:27 +0000 2018](https://twitter.com/adulau/status/980069565622374400)) +---- +. @Cloudflare Will you provide Passive DNS services out of 1.1.1.1 resolver caches? + +(Originally on Twitter: [Sun Apr 01 17:36:06 +0000 2018](https://twitter.com/adulau/status/980499057792684032)) +---- +@SteveClement @7eleven A lot of cleaning chemical on your back. Did you find the all cleaning chemical called “white vinegar”? + +(Originally on Twitter: [Mon Apr 02 10:48:52 +0000 2018](https://twitter.com/adulau/status/980758961761767424)) +---- +@nikitab Good questions. I like those too “Is the dataset available? Can we reproduce the expirements? Is there an open source implementation? If yes, was it used to refine the security or usability of the technology proposed?” + +(Originally on Twitter: [Mon Apr 02 14:44:15 +0000 2018](https://twitter.com/adulau/status/980818195329310720)) +---- +En lisant le roman “un éclat de givre” d’Estelle Faye (qui est une belle réussite), je me demandais si quelqu’un avait fait une cartographie de la ville de Paris avec cet univers post-apocalyptique. #scifigeography #sciencefiction + +(Originally on Twitter: [Tue Apr 03 19:14:33 +0000 2018](https://twitter.com/adulau/status/981248607725805568)) +---- +@asfakian @MISPProject There are some really good points in this approach. Maybe it’s something we should consider when exporting (or importing) feeds from (to) MISP and to attach a machine-parseable datasheet for each feed as we have already a standard to describe the technical aspect of importing. + +(Originally on Twitter: [Wed Apr 04 05:52:26 +0000 2018](https://twitter.com/adulau/status/981409136687636480)) +---- +RT @asfakian: Interesting paper "Datasheets for Datasets"! The paper is focused on providing a standard way identify how a threat dataset w… + +(Originally on Twitter: [Wed Apr 04 05:52:39 +0000 2018](https://twitter.com/adulau/status/981409191498866688)) +---- +I have the impression that some people are now rereading carefully the excellent post (2010) from @mir_ripe_labs RIPE labs about 1.1.1.0/24 and traffic pollution https://labs.ripe.net/Members/franz/content-pollution-18 Nowadays, Operating 1.1.1.0/24 comes with some side-effects. + +(Originally on Twitter: [Wed Apr 04 06:42:37 +0000 2018](https://twitter.com/adulau/status/981421766097670144)) +---- +@dcuthbert And the funny part: the Wireless LAN controller from Cisco did that for years.... https://supportforums.cisco.com/t5/wireless-mobility-documents/web-authentication-1-1-1-1-login-redirect-issue-wireless-lan/ta-p/3161248 + +(Originally on Twitter: [Wed Apr 04 07:37:30 +0000 2018](https://twitter.com/adulau/status/981435576527269890)) +---- +@ronindey @dcuthbert Indeed they declare unanimously the use of that network. My bet is that they acquired a company doing it in the first place (in some 802.11 equipements) and continue to do so. Maybe @Cisco will soon explain the whole history behind this. + +(Originally on Twitter: [Wed Apr 04 08:06:39 +0000 2018](https://twitter.com/adulau/status/981442912792784902)) +---- +@dcuthbert @ronindey @Cisco Maybe some orgs will start to be more careful https://www.circl.lu/assets/files/circl-blackhole-honeynetworkshop2014.pdf and understand our network telescope analysis ;-) + +(Originally on Twitter: [Wed Apr 04 08:14:43 +0000 2018](https://twitter.com/adulau/status/981444942961762304)) +---- +@jedisct1 Maybe the tricky part in Bloomfilters is the management of the false-positive ratio. Also the canonization of the domains can be a source of issues. Not sure what the best data-structure is... + +(Originally on Twitter: [Wed Apr 04 10:56:49 +0000 2018](https://twitter.com/adulau/status/981485737668472833)) +---- +RT @inbarraz: My @hack_lu talk is now online. https://twitter.com/ministraitor/status/981484488223010816 + +(Originally on Twitter: [Wed Apr 04 10:58:03 +0000 2018](https://twitter.com/adulau/status/981486049250725888)) +---- +@jedisct1 @martijn_grooten We did a similar experiment for @MISPProject but it’s still in an early stage https://dial.uclouvain.be/memoire/ucl/en/object/thesis%3A10600/datastream/PDF_01/view the code is on https://github.com/MISP/misp-privacy-aware-exchange + +(Originally on Twitter: [Wed Apr 04 11:38:03 +0000 2018](https://twitter.com/adulau/status/981496113290235904)) +---- +RT @jedisct1: @adulau @martijn_grooten @MISPProject Something like that may work without explicitly using bloom filters https://t.co/lS1sKM… + +(Originally on Twitter: [Wed Apr 04 14:39:37 +0000 2018](https://twitter.com/adulau/status/981541806356738049)) +---- +@jedisct1 @martijn_grooten @MISPProject Nice! I’ll give a try. + +(Originally on Twitter: [Wed Apr 04 14:40:05 +0000 2018](https://twitter.com/adulau/status/981541924283781120)) +---- +@turtlemonvh @MISPProject There is a simple answer. If you cannot express it in a taxonomy, go for a galaxy. I’ll make a more complete answer on stackexchange later. Hope this helps. + +(Originally on Twitter: [Wed Apr 04 16:02:59 +0000 2018](https://twitter.com/adulau/status/981562788232474625)) +---- +@tom__dell @MISPProject Good point. By default, the vagrant/packer script use 17.10 to generate the VMs automatically. https://github.com/MISP/misp-packer but the script could be changed to support another version. Let me know if you have any issues. We could add an additional version https://www.circl.lu/misp-images/latest/ + +(Originally on Twitter: [Wed Apr 04 16:13:09 +0000 2018](https://twitter.com/adulau/status/981565346544005125)) +---- +RT @jedisct1: First stab https://github.com/jedisct1/go-progressive-hash /cc @averagesecguy @adulau @martijn_grooten + +(Originally on Twitter: [Thu Apr 05 06:12:25 +0000 2018](https://twitter.com/adulau/status/981776554895265793)) +---- +RT @0xrawsec: Wondering how to use Gene engine and how to write your own detection rules ? We have just built a fresh documentation for tha… + +(Originally on Twitter: [Thu Apr 05 06:13:28 +0000 2018](https://twitter.com/adulau/status/981776816837922817)) +---- +RT @pello: MITRE CWE is now version 3.1; have a look to the changes to update your product security campaign #psirt #prodsec +https://t.co/… + +(Originally on Twitter: [Thu Apr 05 06:49:22 +0000 2018](https://twitter.com/adulau/status/981785852266401792)) +---- +@nadouani On devrait faire un site avec les meilleurs textes des “head-hunters”. + +(Originally on Twitter: [Thu Apr 05 07:38:03 +0000 2018](https://twitter.com/adulau/status/981798105434808320)) +---- +RT @gdbassett: @daniel_bilar @adulau I think there's a whole arena of research for training GANs to develop steganography. Imagine if each… + +(Originally on Twitter: [Thu Apr 05 15:18:13 +0000 2018](https://twitter.com/adulau/status/981913908737990657)) +---- +RT @marc_etienne_: We pushed to @github the plain text and JSON @MISPProject of the IoCs and scripts we made to unpack samples and and prot… + +(Originally on Twitter: [Fri Apr 06 07:04:00 +0000 2018](https://twitter.com/adulau/status/982151924324548610)) +---- +@wimremes @stevelord Cobol. I knew that you had a hidden mainframe perversion. + +(Originally on Twitter: [Fri Apr 06 20:12:25 +0000 2018](https://twitter.com/adulau/status/982350332641492993)) +---- +@martijn_grooten Indeed. On the other hands, social media is sometimes a “trigger”/social precessure after unsuccessful attempts to reach out the abuse team, LIRT or CSIRT for a specific issue. Don’t know if the initial tweet came from such frustrations. + +(Originally on Twitter: [Sat Apr 07 09:38:00 +0000 2018](https://twitter.com/adulau/status/982553067169120256)) +---- +RT @OPCDE: [Thread] We are currently uploading the slides for #OPCDE2018. https://github.com/comaeio/OPCDE/tree/master/2018 + +(Originally on Twitter: [Sat Apr 07 13:44:05 +0000 2018](https://twitter.com/adulau/status/982614995090460672)) +---- +RT @andersoerts: FY3C AHRPT at 2018-04-06 ~11:58 UTC +My first useable recording from this Chinese weather satellite 🛰️ +Seems more difficult… + +(Originally on Twitter: [Sat Apr 07 19:30:27 +0000 2018](https://twitter.com/adulau/status/982702161455910912)) +---- +@briankrebs For this specific case, ICANN lawyers took an incorrect approach. When someone purchase a domain, they give their consent especially to show an abuse point-of-contact and the objective is correctly inline with recital 49. So having whois record public would be more compliant... + +(Originally on Twitter: [Sun Apr 08 05:37:41 +0000 2018](https://twitter.com/adulau/status/982854977210191873)) +---- +I know this can be hard sometimes but open source and free software licenses are not restricting the fields of endeavor. Your free software will be used everywhere. Even if you don’t like it. Embrace it and maybe you’ll discover a world full of nuances and paradoxes. + +(Originally on Twitter: [Sun Apr 08 07:04:13 +0000 2018](https://twitter.com/adulau/status/982876751855570944)) +---- +@y0m Interesting which could be a good complement to ICD 203. I’ll add it as a new @MISPProject taxonomy. + +(Originally on Twitter: [Sun Apr 08 10:30:24 +0000 2018](https://twitter.com/adulau/status/982928638499794945)) +---- +@briankrebs @tynanwrites @davedittrich @DAlperovitch @cyberwar @brendachrist @CYBERLAWRADIO @Optimal_IdM @silverfort @KeenanSkelly @TecFlack Sorry this is clearly wrong. If the objective to ensure security, sharing abused IP addresses is a preventive measure. Maybe you should have a look at our GDPR analysis for MISP an open source sharing platform + +https://www.misp.software/compliance/gdpr/information_sharing_and_cooperation_gdpr.html + +(Originally on Twitter: [Sun Apr 08 12:44:04 +0000 2018](https://twitter.com/adulau/status/982962280236224512)) +---- +RT @MISPProject: Multiple updates in MISP galaxy including new ransomware definitions, threat actors and multiple improvements https://t.c… + +(Originally on Twitter: [Sun Apr 08 14:21:55 +0000 2018](https://twitter.com/adulau/status/982986903535407104)) +---- +@cyberwar @briankrebs @tynanwrites @davedittrich @DAlperovitch @brendachrist @CYBERLAWRADIO @Optimal_IdM @silverfort @KeenanSkelly @TecFlack I didn't talk about "black-list" which is a small subset of what you can do when sharing information (IPv4/IPv6 is a narrow scope). You can still use the information shared for "intelligence", evaluating take-down/abuse handling speed from ISPs, detection, sighting or measurement + +(Originally on Twitter: [Sun Apr 08 14:28:32 +0000 2018](https://twitter.com/adulau/status/982988569433210881)) +---- +Following a quick discussion with @y0m I added in the @MISPProject estimative language taxonomy the +confidence in analytic judgments from "JP 2-0, Joint Intelligence" + https://www.misp-project.org/taxonomies.html#_estimative_language https://github.com/MISP/misp-taxonomies/commit/968745d7e422ac79b2b734a3f195ed6490aa3a23 Feedback and updates welcome. #ThreatIntel ![](media/983056914262253568-DaSEcjoXkAALGJA.jpg) + +(Originally on Twitter: [Sun Apr 08 19:00:07 +0000 2018](https://twitter.com/adulau/status/983056914262253568)) +---- +RT @struppigel: New Video in collaboration with OALabs (@herrcore): 😍 +Unpacking Princess Locker and Fixing Corrupted PE Header + +#OpenAnalys… + +(Originally on Twitter: [Sun Apr 08 19:41:13 +0000 2018](https://twitter.com/adulau/status/983067258531479552)) +---- +RT @Iglocska: @cyberwar @brendachrist @CYBERLAWRADIO @tynanwrites @briankrebs @DAlperovitch @Optimal_IdM @silverfort @KeenanSkelly @TecFlac… + +(Originally on Twitter: [Mon Apr 09 12:13:31 +0000 2018](https://twitter.com/adulau/status/983316978269114368)) +---- +RT @alexander_band: . @NLnetLabs is hiring a skilled Software #Developer. We proudly maintain the #DNS projects #Unbound, #NSD and #OpenDNS… + +(Originally on Twitter: [Mon Apr 09 16:01:14 +0000 2018](https://twitter.com/adulau/status/983374284734246912)) +---- +@LimorElbaz @Peerlyst What kind of substances? Chocolate, sugar or worst smoked black tea like “Lapsang Souchong”... + +(Originally on Twitter: [Mon Apr 09 21:10:51 +0000 2018](https://twitter.com/adulau/status/983452204672651264)) +---- +A small question to @TwitterSupport I don't see any mention that you are selling the data via Twitter Ads Platform in your privacy policy https://twitter.com/en/privacy maybe you need to clarify that sharing include commercial agreements. cc @Gnip Thank you + +(Originally on Twitter: [Tue Apr 10 13:22:27 +0000 2018](https://twitter.com/adulau/status/983696712953974785)) +---- +RT @womenintechfund: We are thrilled to announce that thanks to the conference organizers, we have 2 tickets to attend the next .@hack_lu i… + +(Originally on Twitter: [Tue Apr 10 14:22:29 +0000 2018](https://twitter.com/adulau/status/983711822212685824)) +---- +RT @circl_lu: Incident Response, Information Sharing and GDPR: a practical perspective for CSIRTs - we organise a half-day workshop to exp… + +(Originally on Twitter: [Tue Apr 10 16:57:13 +0000 2018](https://twitter.com/adulau/status/983750762051395585)) +---- +@SNCB Le courant semble se retour. Le retour à la normal est prévu dans combien de temps? Merci. + +(Originally on Twitter: [Wed Apr 11 05:03:36 +0000 2018](https://twitter.com/adulau/status/983933563727949824)) +---- +"A Comparison of Fuzzy Hashes: Evaluation, Guidelines, and +Future Suggestions" by Amanda Lee and Travis Atkison - interesting paper with a good summary table of fuzzy hash algorithms ![](media/983998226582900737-DafXkDgWsAEkc17.jpg) + +(Originally on Twitter: [Wed Apr 11 09:20:33 +0000 2018](https://twitter.com/adulau/status/983998226582900737)) +---- +RT @pagabuc: @adulau If are interested in a more binary analysis perspective on fuzzy hashes uses and implications: http://www.s3.eurecom.fr/docs/codaspy18_pagani.pdf… + +(Originally on Twitter: [Wed Apr 11 13:56:11 +0000 2018](https://twitter.com/adulau/status/984067592393551872)) +---- +@pagabuc Nice one! Thank you. We'll have a look. + +(Originally on Twitter: [Wed Apr 11 14:14:54 +0000 2018](https://twitter.com/adulau/status/984072302605275136)) +---- +@0xrawsec Good point. We should do an open dataset... + +(Originally on Twitter: [Wed Apr 11 15:47:39 +0000 2018](https://twitter.com/adulau/status/984095644641095680)) +---- +RT @meileaben: Now on RIPE Labs: A short analysis of what @RIPE_Atlas saw of the recent @DECIX outage. "Does the Internet route around dama… + +(Originally on Twitter: [Wed Apr 11 21:36:18 +0000 2018](https://twitter.com/adulau/status/984183383239602177)) +---- +The media advertising paradox: when your media has an article about Facebook selling data to third-parties and your news website downloads random JavaScript from various third-parties to track the readers and sell advertising space and data about your audience. + +(Originally on Twitter: [Thu Apr 12 05:52:02 +0000 2018](https://twitter.com/adulau/status/984308138957590529)) +---- +RT @circl_lu: CIRCL published "TR-53 - Statement about WHOIS and GDPR" https://www.circl.lu/pub/tr-53/ cc @FIRSTdotOrg + +(Originally on Twitter: [Thu Apr 12 15:36:50 +0000 2018](https://twitter.com/adulau/status/984455306460712961)) +---- +http://www.robotics-openletter.eu/ is it me or do you perceive that some organisations want to transfer their legal responsibilities to a machine by creating a new legal entity definition for robots and machines? + +(Originally on Twitter: [Fri Apr 13 05:16:15 +0000 2018](https://twitter.com/adulau/status/984661520444526592)) +---- +"PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Lines" https://arxiv.org/pdf/1804.04014.pdf " from air-gapped computers through the power lines at bit rates of 1000 bit/sec" + +(Originally on Twitter: [Fri Apr 13 07:34:23 +0000 2018](https://twitter.com/adulau/status/984696284610260993)) +---- +RT @Iglocska: Cool, @OASISopen started a new platform for for non-copy-left open source projects. http://oasis-open-projects.org/get-involved/ @zedshaw https://… + +(Originally on Twitter: [Fri Apr 13 11:12:35 +0000 2018](https://twitter.com/adulau/status/984751193644785664)) +---- +RT @piotrkijewski: Study on handling the decay of Indicators of Compromise (IoCs) in @MISPProject (by @circl_lu) https://arxiv.org/pdf/1803.11052.pdf + +(Originally on Twitter: [Sat Apr 14 08:50:03 +0000 2018](https://twitter.com/adulau/status/985077714628509702)) +---- +I’m really impressed by the number of people involved in the adult entertainment business being interested in academic papers about computer security. The advertisers must be very confused nowadays. + +(Originally on Twitter: [Mon Apr 16 05:43:37 +0000 2018](https://twitter.com/adulau/status/985755573978324993)) +---- +RT @StevenSalzberg1: Nature and other Springer journals make all of their money from free labor provided by scientists, who write all the p… + +(Originally on Twitter: [Mon Apr 16 13:17:36 +0000 2018](https://twitter.com/adulau/status/985869822050226178)) +---- +@NCSC Do you have any factual information that you can share? I’m sure other countries and non-UK operators would be interested to know as well. + +(Originally on Twitter: [Mon Apr 16 15:01:20 +0000 2018](https://twitter.com/adulau/status/985895925519454210)) +---- +@barbieauglend I see a @MISPProject sticker among others ;-) + +(Originally on Twitter: [Mon Apr 16 17:59:30 +0000 2018](https://twitter.com/adulau/status/985940764512407552)) +---- +RT @plusvic: @quazums @MISPProject @asfakian @virustotal @yararules @adulau @Iglocska We are working on a new @virustotal API that will all… + +(Originally on Twitter: [Mon Apr 16 18:34:20 +0000 2018](https://twitter.com/adulau/status/985949527269093377)) +---- +@H_Miser Voici le malware analysé qui est dans la photo ;-) +https://www.virustotal.com/#/file/8a083adf0f6553edf33c2770df2f1acc2f234658a07d8f0301bae10814205b41 enfin cela match une règle Yara dans VT. Sorry, je sors. + +(Originally on Twitter: [Mon Apr 16 18:48:55 +0000 2018](https://twitter.com/adulau/status/985953199533297666)) +---- +Our talk about open standards, open source, threat intelligence formats and our experience with the @MISPProject has been accepted to @passthesaltcon #ThreatIntel See you there! + +(Originally on Twitter: [Mon Apr 16 20:18:40 +0000 2018](https://twitter.com/adulau/status/985975784509722627)) +---- +As it seems to be the GRE tunnel day, we regularly found misconfigured IPsec tunnels using a GRE tunnel but where the GRE tunnel routing is misconfigured and sending all unencrypted payload to a random address on Internet. + +(Originally on Twitter: [Tue Apr 17 06:03:50 +0000 2018](https://twitter.com/adulau/status/986123047005540352)) +---- +@VessOnSecurity @trevortimm Before "loi du 21 juin 2004"? Do you have a reference? I remember the required official declaration before 2004 but the "backdoored part" I don't. + +(Originally on Twitter: [Tue Apr 17 06:19:32 +0000 2018](https://twitter.com/adulau/status/986127000237682689)) +---- +@blackswanburst (D)DoS it's very common. But we had cases where it was legitimate traffic in the GRE tunnel. + +(Originally on Twitter: [Tue Apr 17 11:07:04 +0000 2018](https://twitter.com/adulau/status/986199360177410048)) +---- +@blackswanburst Random sources compared to misconfigured one where the source is usually fixed and with more random/legitimate payloads. + +(Originally on Twitter: [Tue Apr 17 12:13:17 +0000 2018](https://twitter.com/adulau/status/986216022242885632)) +---- +RT @OURSAConference: 🌟The #OURSA agenda is now available! 🌟 + +https://www.oursa.org/agenda/ + +Whether you’re joining us in person or via livestream… + +(Originally on Twitter: [Tue Apr 17 15:26:09 +0000 2018](https://twitter.com/adulau/status/986264560624721920)) +---- +RT @MISPProject: We published "How MISP enables stakeholders identified by the NIS Directive to perform key activities" to support the impl… + +(Originally on Twitter: [Wed Apr 18 19:07:02 +0000 2018](https://twitter.com/adulau/status/986682536045793280)) +---- +Finally a real use of the #blockchain, an art work! "An interactive art installation that excavates messages embedded in the Bitcoin blockchain" +https://github.com/brangerbriz/messages-from-the-mines ![](media/986683471341998080-DbFmz-jWkAA-Zab.jpg) + +(Originally on Twitter: [Wed Apr 18 19:10:45 +0000 2018](https://twitter.com/adulau/status/986683471341998080)) +---- +@DonAndrewBailey @thegrugq Maybe Postfix can be also mentioned where Wietse Venema did some great work in design and secure coding practices. + +(Originally on Twitter: [Thu Apr 19 05:27:51 +0000 2018](https://twitter.com/adulau/status/986838766743629830)) +---- +RT @marasawr: MSFT have been trying to get +1 status at the UN so hard for so long I made a moment thingy https://twitter.com/i/moments/986677235305402368 + +(Originally on Twitter: [Thu Apr 19 05:30:01 +0000 2018](https://twitter.com/adulau/status/986839312342966272)) +---- +RT @maartenvhb: Interesting academic read by several researchers at @circl_lu on systems to decide on decay of indicators of compromise. ht… + +(Originally on Twitter: [Fri Apr 20 04:40:24 +0000 2018](https://twitter.com/adulau/status/987189213824155648)) +---- +RT @MISPProject: "Introducing The New Extended Events Feature in MISP" +https://www.misp-project.org/2018/04/19/Extended-Events-Feature.html Allowing flexible extension of MISP events… + +(Originally on Twitter: [Fri Apr 20 13:00:19 +0000 2018](https://twitter.com/adulau/status/987315023428182018)) +---- +RT @thegrugq: The thing about WHOIS data: +• people are lazy +• people make mistakes +• threat actors are people +WHOIS is an info channel thre… + +(Originally on Twitter: [Sat Apr 21 06:52:05 +0000 2018](https://twitter.com/adulau/status/987584743322652672)) +---- +RT @mjos_crypto: One create a 2-3 times faster constant time implementation of SM4 (Chinese Encryption Standard) using AES-NI and cleverish… + +(Originally on Twitter: [Sat Apr 21 11:48:27 +0000 2018](https://twitter.com/adulau/status/987659325136138241)) +---- +I assume academia is ready to publish papers such as “Deriving WHOIS personal identifiable records from web content” or “Using DNS records to guess original WHOIS abuse contact” I’m sure John Gilmore quote will apply for WHOIS legal madness in the following months. + +(Originally on Twitter: [Sat Apr 21 12:58:32 +0000 2018](https://twitter.com/adulau/status/987676963857891328)) +---- +@Snort Will you provide a documentation of the differences between the two different version of the ruleset grammar? and is there a way in the ruleset to say which version it is (for exporter and parser). + +(Originally on Twitter: [Mon Apr 23 05:09:49 +0000 2018](https://twitter.com/adulau/status/988283779746795520)) +---- +RT @MISPProject: Great article from @cudeso about "How to Choose the Right Malware Classification Scheme to Improve Incident Response" + ht… + +(Originally on Twitter: [Tue Apr 24 05:52:46 +0000 2018](https://twitter.com/adulau/status/988656979664044033)) +---- +RT @alexcryptan: We have an opening for one Ph.D. student in a FinCrypt project. Candidates interested in applied crypto, cryptocurrencies,… + +(Originally on Twitter: [Tue Apr 24 10:10:40 +0000 2018](https://twitter.com/adulau/status/988721882441580545)) +---- +RT @xme: #GDPR is good but should not make you make mistakes… How to handle security incidents in this case? (in < 3 days!) Notify your use… + +(Originally on Twitter: [Tue Apr 24 11:59:11 +0000 2018](https://twitter.com/adulau/status/988749188296036352)) +---- +@eromang @xme Indeed, it’s a legitimate interest. The problem is what will be the future interpretation of case-laws of the recital 49. + +(Originally on Twitter: [Tue Apr 24 14:47:08 +0000 2018](https://twitter.com/adulau/status/988791457023741954)) +---- +@Janet_LegReg @AEPD_es I really hope that the practice of scanning your boarding pass at shop in the airport will stop. They don’t need it but they continue to do it. + +(Originally on Twitter: [Wed Apr 25 07:50:43 +0000 2018](https://twitter.com/adulau/status/989049047674650624)) +---- +The MISP project has grown in the past years and the standard can be used for various use-cases of information exchange and sharing. The format is based on practical feedback from users and organisation in a need of practical solutions. +https://twitter.com/MISPProject/status/989057080093966337 + +(Originally on Twitter: [Wed Apr 25 08:33:17 +0000 2018](https://twitter.com/adulau/status/989059760875024384)) +---- +@SteveClement Enjoy! + +(Originally on Twitter: [Wed Apr 25 12:48:13 +0000 2018](https://twitter.com/adulau/status/989123917070684160)) +---- +RT @tricaud: A lesson for those wondering how to get things done https://twitter.com/adulau/status/989059760875024384 + +(Originally on Twitter: [Wed Apr 25 15:00:44 +0000 2018](https://twitter.com/adulau/status/989157265784623104)) +---- +For the ones who are currently evaluating way to "obfuscate"/anonymize IPv4/v6 addresses from logs due to a regulation, don't reinvent a new broken algorithm. CryptoPAn algorithm (or alike) can help (even if you can still deanonymize in some cases). https://github.com/keiichishima/yacryptopan ![](media/989387481547268096-DbsBQeOWsAAreyk.jpg) + +(Originally on Twitter: [Thu Apr 26 06:15:32 +0000 2018](https://twitter.com/adulau/status/989387481547268096)) +---- +@Kaplan_CERTat Does the Perl module from John supports IPv6 addresses too? The python module works with both. + +(Originally on Twitter: [Thu Apr 26 07:39:48 +0000 2018](https://twitter.com/adulau/status/989408689927938048)) +---- +@Kaplan_CERTat Cool let us known when you release it! + +(Originally on Twitter: [Thu Apr 26 09:15:37 +0000 2018](https://twitter.com/adulau/status/989432802675494913)) +---- +Thanks to @barbieauglend for the support to organise the 2 days MISP training in Finland, taking care of us in the cold spring night and the insightful and warm discussions. + +(Originally on Twitter: [Thu Apr 26 19:09:58 +0000 2018](https://twitter.com/adulau/status/989582373384851456)) +---- +RT @ECRYPT_EU: The 2018 Algorithms, Key Size and Protocols Report is out, focusing on +crypto mechanisms that are of interest to decision m… + +(Originally on Twitter: [Thu Apr 26 19:17:06 +0000 2018](https://twitter.com/adulau/status/989584171906584577)) +---- +@joepgommers We had some discussions but there is an option. If you don’t know the original PSK / AES key, the data can be considered deleted. A lot of media sanitisation processes even rely on encryption algorithms. So it can be considered deleted? + +(Originally on Twitter: [Fri Apr 27 07:26:23 +0000 2018](https://twitter.com/adulau/status/989767698711101440)) +---- +RT @Aristot73: @adulau @joepgommers tired: delete +wired: encrypt and destroy key + +(Originally on Twitter: [Fri Apr 27 07:50:49 +0000 2018](https://twitter.com/adulau/status/989773849834151937)) +---- +@joepgommers @Aristot73 The interesting part of CryptoPAn is you still keep the correlations between your data points without revealing the original IP address. + +(Originally on Twitter: [Fri Apr 27 10:32:43 +0000 2018](https://twitter.com/adulau/status/989814594947469314)) +---- +RT @MISPProject: MISP project will be at the @passthesaltcon to talk about our experience in open standard and threat intelligence (4th of… + +(Originally on Twitter: [Fri Apr 27 13:19:44 +0000 2018](https://twitter.com/adulau/status/989856623651950597)) +---- +RT @hack_lu: The CfP for @hacklu18 is now officially open until the 10th of June 2018: https://t.co/zAgvr6ejEm + +We're looking forward to le… + +(Originally on Twitter: [Fri Apr 27 13:44:17 +0000 2018](https://twitter.com/adulau/status/989862802578989057)) +---- +@cnoanalysis @naserdossary +10. Sharing early is key. For competitive analysis, usually the best analysis come from organisations/people sharing very early in the process and they finally get the most of the analyst communities. It's what we have seen within various sharing communities using @MISPProject + +(Originally on Twitter: [Sun Apr 29 06:50:28 +0000 2018](https://twitter.com/adulau/status/990483439538311168)) +---- +@mattnoffs @infosecxual Are the detailed results available somewhere? Usually, lactose/sweetener is regularly used as excipient in addition to the active components. Having M(D)MA/MDE/MDOH are combined with an excipient of some sort as dose is 50-150mg for MDMA. + +(Originally on Twitter: [Mon Apr 30 05:29:06 +0000 2018](https://twitter.com/adulau/status/990825347489951744)) +---- +RT @MISPProject: On Monday 15th October 2018 (the day before @hack_lu ), MISP Threat Intelligence Summit 0x4 will take place. Call for pres… + +(Originally on Twitter: [Mon Apr 30 13:03:34 +0000 2018](https://twitter.com/adulau/status/990939718652227585)) +---- +RT @SecurityBeard: @r00tbsd and I created a new update for the #GravityRAT post from last week. We have clarified the WMI temperature check… + +(Originally on Twitter: [Mon Apr 30 15:22:07 +0000 2018](https://twitter.com/adulau/status/990974588485079041)) +---- +Street Art and Photography https://www.foo.be/photoblog/posts/street-art-and-photography.html - why I do street art photography. #photography #blackandwhitephotography ![](media/991037637829054464-DcDe3d8W4AMtJcf.jpg) + +(Originally on Twitter: [Mon Apr 30 19:32:40 +0000 2018](https://twitter.com/adulau/status/991037637829054464)) +---- +If you are lost in the overall security defence mechanisms in Linux kernel (like everyone ;-), "Linux Kernel Defence Map" can help you to better navigate in the maze: +https://github.com/a13xp0p0v/linux-kernel-defence-map ![](media/991207216786104320-DcF5Q3LW0AAFkM_.png) + +(Originally on Twitter: [Tue May 01 06:46:30 +0000 2018](https://twitter.com/adulau/status/991207216786104320)) +---- +@J0ech1p "These connections represent some kind of relation." The definition of the relationship is indeed very vague. I think he accepts pull-request ;-) + +(Originally on Twitter: [Tue May 01 08:24:09 +0000 2018](https://twitter.com/adulau/status/991231788352704517)) +---- +@taosecurity Reading quickly the paper, I have the impression that is more balanced and depending of the task to be performed. The complete paper (the article is more an interpretation of the paper) is available here https://filebin.net/4wkxan40jwhzjpch/buchler2018.pdf + +(Originally on Twitter: [Tue May 01 08:40:05 +0000 2018](https://twitter.com/adulau/status/991235798866583553)) +---- +With the excellent open source project from Cedric Bonhomme https://github.com/cedricbonhomme/Freshermeat we are bringing back an open source directory of security related tools https://open-source-security-software.net/ - feedback and ideas more than welcome. + +(Originally on Twitter: [Tue May 01 12:30:22 +0000 2018](https://twitter.com/adulau/status/991293750289862657)) +---- +If an organisation (even the FSF which goals are clear) tells you that copyright assignment is better for your FLOSS contribution/project and ask you to sign a Contributor License Agreement, it's a lie. Avoid CLA like the plague. #contextfree + +(Originally on Twitter: [Tue May 01 18:31:44 +0000 2018](https://twitter.com/adulau/status/991384691004641282)) +---- +RT @MISPProject: New privacy-related taxonomies has been added to @MISPProject including the ones from @futureofprivacy and one related to… + +(Originally on Twitter: [Wed May 02 15:57:20 +0000 2018](https://twitter.com/adulau/status/991708226310889473)) +---- +While reading "Honeypots and honeynets: issues of privacy" https://jis-eurasipjournals.springeropen.com/track/pdf/10.1186/s13635-017-0057-4 I'm always wondering why they don't mention the exemption in GDPR when consent is lacking and there is a scientific research purpose (article 14.5(b)). ![](media/991968503505747968-DcQlHzfWAAAGEfk.jpg) + +(Originally on Twitter: [Thu May 03 09:11:35 +0000 2018](https://twitter.com/adulau/status/991968503505747968)) +---- +Embargo effect in vulnerabilities seems often more dangerous than just publishing a CVE with a low CVSS and then updates it later on. #spectre-randomvalue + +(Originally on Twitter: [Thu May 03 11:25:55 +0000 2018](https://twitter.com/adulau/status/992002310506270720)) +---- +RT @NLnetLabs: Unbound 1.7.1 is released. This release has root key sentinel support (default on), crypto support for ED448, and there is h… + +(Originally on Twitter: [Thu May 03 11:30:16 +0000 2018](https://twitter.com/adulau/status/992003404745662465)) +---- +@eromang @circl_lu Indeed, I was just wondering why academic paper always forgot about the scientific purpose ;-) + +(Originally on Twitter: [Thu May 03 14:01:02 +0000 2018](https://twitter.com/adulau/status/992041346243416066)) +---- +RT @c_APT_ure: "MISP Summit 2017 TheHive and MISP" by @_saadk +https://www.youtube.com/watch?v=gndwirw9mFw +cc: @TheHive_Project @MISPProject + +(Originally on Twitter: [Thu May 03 14:13:37 +0000 2018](https://twitter.com/adulau/status/992044509591736321)) +---- +@jfslowik @DragosInc Very interesting. Should we add these in the @MISPProject Threat Actor galaxy? + +(Originally on Twitter: [Thu May 03 15:14:25 +0000 2018](https://twitter.com/adulau/status/992059810903404544)) +---- +@rafi0t "“If our nation is under attack by another nation, we need to be able to share information in time to be able to prevent it,” he said. Maybe we should told him that some open source tools exist to share information? and he can use the $78 million to support developments ;-) + +(Originally on Twitter: [Thu May 03 17:35:06 +0000 2018](https://twitter.com/adulau/status/992095216571056129)) +---- +@rommelfs @lorenzoFB @MISPProject He should first get a team to find a proper name. https://en.wikipedia.org/wiki/Iron_Dome "Iron Dome (Hebrew: כִּפַּת בַּרְזֶל, kippat barzel) is a mobile all-weather air defense system" + +(Originally on Twitter: [Thu May 03 17:52:21 +0000 2018](https://twitter.com/adulau/status/992099557529014272)) +---- +RT @rommelfs: @lorenzoFB Throwing money into new commercial threat sharing platforms isn’t necessarily known to be an outstanding success s… + +(Originally on Twitter: [Thu May 03 17:53:18 +0000 2018](https://twitter.com/adulau/status/992099797208371202)) +---- +RT @MISPProject: @RobertMLee @adulau @jfslowik @DragosInc Thank you for sharing. It's now in the MISP galaxy in the threat actor cluster ht… + +(Originally on Twitter: [Thu May 03 19:32:01 +0000 2018](https://twitter.com/adulau/status/992124638309289984)) +---- +I can't wait to listen @Rebotini at @LESARALUNAIRES and especially with his magic touch on SH-101, TR-808, TB-303 and SCI Pro One... + + +media/992129178739855360-DcS_5iFXcAUhpSl.mp4 + +(Originally on Twitter: [Thu May 03 19:50:03 +0000 2018](https://twitter.com/adulau/status/992129178739855360)) +---- +RT @_saadk: @c_APT_ure @TheHive_Project @MISPProject MISP Summit 2018 in oct 😋 /cc @adulau + +(Originally on Twitter: [Thu May 03 19:54:40 +0000 2018](https://twitter.com/adulau/status/992130338909454336)) +---- +I'm really impressed with the improvements in @LIEF_project (thx @rh0main) https://github.com/lief-project/LIEF/commit/4ef1bb845f81cb467cb21b04b34e11f14b0a76de to support OAT, DEX, VDEX, ART. Especially because this will percolate into @MISPProject (new objects) and also @TheHive_Project . It's where dynamic communities sharing always win. + +(Originally on Twitter: [Sun May 06 12:17:39 +0000 2018](https://twitter.com/adulau/status/993102493193265157)) +---- +"Insight into Insiders: A Survey of Insider Threat Taxonomies, +Analysis, Modeling, and Countermeasures" https://arxiv.org/pdf/1805.01612.pdf + +(Originally on Twitter: [Mon May 07 08:06:31 +0000 2018](https://twitter.com/adulau/status/993401679428104193)) +---- +RT @passthesaltcon: If you looked for only one reason we have wanted to set up @passthesaltcon , this tweet of @adulau perfectly explains i… + +(Originally on Twitter: [Mon May 07 13:00:31 +0000 2018](https://twitter.com/adulau/status/993475667953057792)) +---- +@eromang Thank you. Let us know when you get more details. + +(Originally on Twitter: [Mon May 07 15:38:12 +0000 2018](https://twitter.com/adulau/status/993515349034356736)) +---- +RT @LIEF_project: New post about the introduction of OAT, VDEX, DEX and ART in LIEF: +https://lief.quarkslab.com/doc/latest/tutorials/10_android_formats.html +by @rh0main +#MobileSecurity #A… + +(Originally on Twitter: [Tue May 08 17:53:54 +0000 2018](https://twitter.com/adulau/status/993911884934938626)) +---- +Not sure if this is due to the recent political statement but I'm reading again "Incorporating Fairness Into Game Theory and Economics" http://www.anderson.ucla.edu/faculty/keith.chen/negot.%20papers/Rabin_FairnessInGames93.pdf + +(Originally on Twitter: [Tue May 08 19:04:00 +0000 2018](https://twitter.com/adulau/status/993929527612059649)) +---- +RT @concinnityrisks: https://thehackernews.com/2018/03/biggest-ddos-attack-github.html +Largest DDoS to date is 1.35, but we might see 100 of those simultaneously if @Kaplan_CERTat a… + +(Originally on Twitter: [Wed May 09 05:46:10 +0000 2018](https://twitter.com/adulau/status/994091133306368000)) +---- +RT @sirdarckcat: We just opensourced the Google CTF challenges from last year! https://github.com/google/google-ctf + +(Originally on Twitter: [Wed May 09 10:51:16 +0000 2018](https://twitter.com/adulau/status/994167914566701056)) +---- +RT @MISPProject: MISP Galaxy format Internet-Draft published (02) https://tools.ietf.org/html/draft-dulaunoy-misp-galaxy-format-02 as part of the MISP standard and exchange format… + +(Originally on Twitter: [Wed May 09 14:20:15 +0000 2018](https://twitter.com/adulau/status/994220510010658816)) +---- +@eromang Tu étais dans les bouchons ? Ou il n’y avait pas de voitures dans les alentours ? Je me demande si c’est une voiture avec un encodeur TMC et un émetteur FM ou une autre config. + +(Originally on Twitter: [Fri May 11 05:25:10 +0000 2018](https://twitter.com/adulau/status/994810626781433856)) +---- +@xme @eromang C’est pas impossible que le CRC-16 soit correct avec des valeurs incorrects. Il faudrait vérifier le nb de collisions possible par message TMC. Et uniquement certaines alertes sont remontées sur le display ? + +(Originally on Twitter: [Fri May 11 05:41:06 +0000 2018](https://twitter.com/adulau/status/994814637190385664)) +---- +" Adding Salt to Pepper - A Structured Security Assessment over a Humanoid Robot" https://arxiv.org/pdf/1805.04101.pdf + +(Originally on Twitter: [Fri May 11 08:26:25 +0000 2018](https://twitter.com/adulau/status/994856238734282752)) +---- +RT @alexcryptan: Our take on Zcash blockchain privacy. Feedback is welcome. +https://cryptolux.org/images/d/d9/Zcash.pdf + +(Originally on Twitter: [Fri May 11 15:12:54 +0000 2018](https://twitter.com/adulau/status/994958535107727360)) +---- +RT @circl_lu: AIL framework - Analysis Information Leak framework version 1.0 released https://github.com/CIRCL/AIL-framework/releases/tag/v1.0 with improved detection and… + +(Originally on Twitter: [Fri May 11 19:31:04 +0000 2018](https://twitter.com/adulau/status/995023504797061120)) +---- +The fallacious argument when discussing about information sharing "I don't want information about compromised hosts, I just want important targeted information" and again looking at a compromised WordPress server and found a set of unique malware targeting the chemical sector. + +(Originally on Twitter: [Fri May 11 21:17:45 +0000 2018](https://twitter.com/adulau/status/995050350779518976)) +---- +@schestowitz Yep and 5) still propagates FUD against copyleft-type free software license such as AGPL or GPL + +(Originally on Twitter: [Sat May 12 07:44:52 +0000 2018](https://twitter.com/adulau/status/995208169856077826)) +---- +RT @cyb3rops: I've updated the list of Sigmac's (Sigma converter) supported targets 🏹 + +We're working on #WDATP +https://github.com/Neo23x0/sigma/issues/79 +#Sp… + +(Originally on Twitter: [Sat May 12 09:51:40 +0000 2018](https://twitter.com/adulau/status/995240081026928640)) +---- +"A static binary rewriter that does not use heuristics" +https://github.com/utds3lab/multiverse relying on "modified" @capstone_engine linear disassembler and some ELF library for the manipulation. It's from a paper presented at @NDSSSymposium + +(Originally on Twitter: [Sat May 12 10:02:29 +0000 2018](https://twitter.com/adulau/status/995242803579015170)) +---- +@erkan_erol_ Yep. Dead people, legal person and unborn are not considered as being a data subject in GDPR. https://github.com/CIRCL/compliance/blob/master/gdpr/workshop-materials/02_CIRCL_2016-LU-IA-0098_slide_workshop_2018.05_v0.98.pdf + +(Originally on Twitter: [Sat May 12 12:35:51 +0000 2018](https://twitter.com/adulau/status/995281396653592576)) +---- +@0xacdc Indeed. Some orgs don’t see the interest of sharing early artefacts that they have to analyse or better understand. Even if there is a huge potential of “crowdsourced” security researchers or analysts anxiously waiting for new things to analyse. Sharing has a good pay-off. + +(Originally on Twitter: [Sat May 12 14:05:18 +0000 2018](https://twitter.com/adulau/status/995303910125506560)) +---- +CVE-2009-5151 was finally published this 11th May 2018. +https://cve.circl.lu/cve/CVE-2009-5151 I'm "wondering" what exactly triggered the publication of a report done in 2009... #WeAllLoveComputrace + + +media/995690929884401667-DdFnBhRX4AIo3PP.mp4 + +(Originally on Twitter: [Sun May 13 15:43:11 +0000 2018](https://twitter.com/adulau/status/995690929884401667)) +---- +RT @TheHive_Project: Dear @NorthSec_io attendees, if you will participate in the joint #CTI & #DFIR workshop we’ll be giving with @MISPProj… + +(Originally on Twitter: [Sun May 13 16:06:27 +0000 2018](https://twitter.com/adulau/status/995696784621096960)) +---- +@cyb3rops Yep and the @EFF recommendation is just so out of the reality. + +(Originally on Twitter: [Mon May 14 07:58:31 +0000 2018](https://twitter.com/adulau/status/995936380609015808)) +---- +RT @cyb3rops: #GPG failed, let's use #Signal-Desktop ... oh, wait ... https://twitter.com/ortegaalfredo/status/995912662130229248 + +(Originally on Twitter: [Mon May 14 07:58:40 +0000 2018](https://twitter.com/adulau/status/995936418626142209)) +---- +RT @gnupg: Because there much fuss about efail I posted a quick summary. Note that the GnuPG team was not contacted by them in advance; I… + +(Originally on Twitter: [Mon May 14 08:17:36 +0000 2018](https://twitter.com/adulau/status/995941182307028992)) +---- +@S_Team_Approved https://mobile.twitter.com/gnupg/status/995936684213723136 + +(Originally on Twitter: [Mon May 14 08:18:24 +0000 2018](https://twitter.com/adulau/status/995941382824058880)) +---- +How many adversaries have you seen recently sending back the target's encrypted payload to their targets for decryption that they silently intercept in the first place? It's a huge risk for the adversary to inform a target about the ongoing interception. + +(Originally on Twitter: [Mon May 14 15:40:53 +0000 2018](https://twitter.com/adulau/status/996052739795931136)) +---- +@X_Cli @matthew_d_green It’s a valid adversary approach but seeing the standard practices of some actors. This is pretty noisy and risky compared to other techniques when the adversary is already sitting within an infrastructure. S/MIME and PKI “practises” are often a better spot for them 😉 + +(Originally on Twitter: [Mon May 14 15:55:27 +0000 2018](https://twitter.com/adulau/status/996056403482763266)) +---- +RT @InternetIntel: Last week, GBI submarine cable suffered a cut. Incident increased traffic bound for Iran via France Telecom (@Orange, AS… + +(Originally on Twitter: [Mon May 14 16:14:41 +0000 2018](https://twitter.com/adulau/status/996061244883918848)) +---- +RT @robertjhansen: GnuPG has an official statement out. (ObDisclosure: I was the principal author.) 1/ + +(Originally on Twitter: [Mon May 14 16:20:06 +0000 2018](https://twitter.com/adulau/status/996062606879313921)) +---- +What's going on with @GitBookIO they decided to kill their existing community (and potential customers)? Where is the proper open source fork and we can forget about this bad move? + +(Originally on Twitter: [Mon May 14 18:42:33 +0000 2018](https://twitter.com/adulau/status/996098457378217987)) +---- +RT @circl_lu: In addition to the recent GDPR workshop materials for the CSIRT, we added a FAQ following the discussions raised during the s… + +(Originally on Twitter: [Tue May 15 07:43:01 +0000 2018](https://twitter.com/adulau/status/996294869369937921)) +---- +Trying to list "Alternative to GnuPG/OpenPGP - including encryption at rest, file and backup" https://gist.github.com/adulau/87adbc78beec636fe5097902074c2d1a if you know any open source projects providing secure and state-of-the-art encryption and signature at rest. Feel free to pull-request/comment. + +(Originally on Twitter: [Tue May 15 18:00:19 +0000 2018](https://twitter.com/adulau/status/996450216512499713)) +---- +@X_Cli Merci ! Je viens de l'ajouter. + +(Originally on Twitter: [Tue May 15 18:15:15 +0000 2018](https://twitter.com/adulau/status/996453977016422402)) +---- +RT @MISPProject: Don't forget to submit your talk proposal for the @MISPProject Threat Intelligence Submit 0x4 https://cfp.hack.lu/misp0x4/ #CTI… + +(Originally on Twitter: [Tue May 15 18:39:34 +0000 2018](https://twitter.com/adulau/status/996460094803062784)) +---- +A small advice to people willing to understand how General Data Protection Regulation works. Read it from @EURLex https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN and avoid random website from vendors trying to scare you. + +(Originally on Twitter: [Tue May 15 20:20:18 +0000 2018](https://twitter.com/adulau/status/996485444224344065)) +---- +@genuix https://www.foo.be/2016/12/OpenPGP-really-works + +(Originally on Twitter: [Wed May 16 05:44:01 +0000 2018](https://twitter.com/adulau/status/996627310680866816)) +---- +@cleptho Thanks. Added to the list. + +(Originally on Twitter: [Wed May 16 06:38:43 +0000 2018](https://twitter.com/adulau/status/996641072452440064)) +---- +@S_Team_Approved @EURLex http://data.consilium.europa.eu/doc/document/ST-8088-2018-INIT/en/pdf + +(Originally on Twitter: [Wed May 16 12:35:32 +0000 2018](https://twitter.com/adulau/status/996730871335084032)) +---- +@S_Team_Approved @EURLex And the question about the "auditor list validated by the DPA" we had during the workshop, it's solved. It moved from one article to another. So all fine ;-) Thanks to CNPD for the feedback. + +(Originally on Twitter: [Wed May 16 12:51:34 +0000 2018](https://twitter.com/adulau/status/996734905362145280)) +---- +RT @MITREattack: If you're working to capture ATT&CK technique information in @MISPProject, their new release might help you out. #threatin… + +(Originally on Twitter: [Wed May 16 16:20:52 +0000 2018](https://twitter.com/adulau/status/996787577863659520)) +---- +RT @Iglocska: @MITREattack @MISPProject Expect even tighter integration in the next release of @MISPProject, we're big fans of @MITREattack… + +(Originally on Twitter: [Wed May 16 16:20:55 +0000 2018](https://twitter.com/adulau/status/996787589519740928)) +---- +@Europol @BTGroup @EC3Europol Glad to see more users and organisations setting up sharing communities using the open source @MISPProject . We hope to see more contributors to the project. + +(Originally on Twitter: [Thu May 17 04:48:40 +0000 2018](https://twitter.com/adulau/status/996975768155586561)) +---- +@0x3c7 @GitBookIO They have a new version of the software which cannot do the basis from the original version (static output, pdf...) and the software is no more open source (reading the issues). So I suppose we should start relying on forks... + +(Originally on Twitter: [Thu May 17 05:32:32 +0000 2018](https://twitter.com/adulau/status/996986807479914496)) +---- +In the daily WTF around #GDPR, a provider selling an USB key which is "EU GDPR COMPLIANT". Maybe @SafeToGo wants to review their marketing materials? ![](media/997083447712722945-DdZZF20W0AEbQcv.jpg) + +(Originally on Twitter: [Thu May 17 11:56:33 +0000 2018](https://twitter.com/adulau/status/997083447712722945)) +---- +@Iglocska @SafeToGo Do you have any leaflet or screenshots? It might be interesting to have a a new list at @attritionorg list http://attrition.org/errata/charlatan/ about charlatans around GDPR? + +(Originally on Twitter: [Thu May 17 12:04:03 +0000 2018](https://twitter.com/adulau/status/997085335912759297)) +---- +@alexanderjaeger @MISPProject Someday ;-) We are already working on this. You might see some next MISP releases to better support forensic tools integration like timesketch, ManaTI or TCT/Sleuthkit... + +(Originally on Twitter: [Thu May 17 15:17:21 +0000 2018](https://twitter.com/adulau/status/997133979106070528)) +---- +RT @MISPProject: We would like to thank all our contributors to the @MISPProject https://www.misp-project.org/contributors/ 204 direct contributors who commi… + +(Originally on Twitter: [Thu May 17 18:45:56 +0000 2018](https://twitter.com/adulau/status/997186473597259776)) +---- +@MITREattack @jwunder Providing the full static JSON dumps via HTTP would be the way to go especially to avoid the need to use complex protocols such as TAXII and ease the use. We are currently using the @jwunder CTI dump which is already great. + +(Originally on Twitter: [Fri May 18 15:17:09 +0000 2018](https://twitter.com/adulau/status/997496317193674752)) +---- +@rafi0t + + +media/997536851656429568-Ddf2dmaV4AADud1.mp4 + +(Originally on Twitter: [Fri May 18 17:58:13 +0000 2018](https://twitter.com/adulau/status/997536851656429568)) +---- +@alexanderjaeger @circl_lu @paulvixie Well done! Storing historical information from activities on Internet (from X.509/TLS records, DNS cache records or even payload hitting your honeypots) is a great source of learning. Observation is key. + +(Originally on Twitter: [Sat May 19 06:55:16 +0000 2018](https://twitter.com/adulau/status/997732403039948800)) +---- +@FredPLogue @chris_byrne @Ryanair Why do you suppose they need a DPO? Article 37 section 1 is pretty clear. The appointment of a DPO is for specific cases. + +(Originally on Twitter: [Sat May 19 18:46:29 +0000 2018](https://twitter.com/adulau/status/997911387761532928)) +---- +RT @ABazhaniuk: We published research on #Spectre attack against x86 System Management Mode (run-time part of the System Firmware): https:/… + +(Originally on Twitter: [Sat May 19 19:33:02 +0000 2018](https://twitter.com/adulau/status/997923102632890370)) +---- +RT @JonathanHCare: @MISPProject is an impressive piece of work. Well done #EU for funding. https://www.misp-project.org/features.html + +(Originally on Twitter: [Sun May 20 08:03:39 +0000 2018](https://twitter.com/adulau/status/998112001858658304)) +---- +The blog from post from Google AI "Automatic Photography with Google Clips" https://ai.googleblog.com/2018/05/automatic-photography-with-google-clips.html shows how AI can sometime miss the point and especially in photography. Do you learn from the past when to trigger the shutter? https://www.flickr.com/photos/adulau/42183096922/ + +(Originally on Twitter: [Sun May 20 15:25:00 +0000 2018](https://twitter.com/adulau/status/998223070216245248)) +---- +"Interface to manage and centralize Google Alert information" +https://github.com/9b/chirp by @9bplus very nice for #OSINT gathering and management + +(Originally on Twitter: [Sun May 20 18:39:26 +0000 2018](https://twitter.com/adulau/status/998271998374678530)) +---- +RT @MISPProject: A new timecode object template has been added in MISP to allow the exchange of video evidence (e.g. CCTV video sequence) i… + +(Originally on Twitter: [Mon May 21 08:33:49 +0000 2018](https://twitter.com/adulau/status/998481978147115009)) +---- +@SteveClement or "Not enough water for a week". + +(Originally on Twitter: [Mon May 21 09:17:10 +0000 2018](https://twitter.com/adulau/status/998492890677604352)) +---- +I'm still completely amazed of how complexity is still praised in information security compared to simple and working solutions especially in the field of standardisation in information security. + +(Originally on Twitter: [Mon May 21 15:11:19 +0000 2018](https://twitter.com/adulau/status/998582015422287872)) +---- +"The Sounds of Cyber Threats" https://arxiv.org/pdf/1805.08272.pdf ![](media/999189517801320448-Dd3UgpHVAAIoPNS.jpg) + +(Originally on Twitter: [Wed May 23 07:25:19 +0000 2018](https://twitter.com/adulau/status/999189517801320448)) +---- +RT @RobertMLee: If you don’t have more than one source you’re definitely not at a high confidence rating. Folks don’t like using Low and Mo… + +(Originally on Twitter: [Wed May 23 19:34:51 +0000 2018](https://twitter.com/adulau/status/999373111022800897)) +---- +@jhelebrant @safecast 1.7 microSv/h do you have the gps coordinates? + +(Originally on Twitter: [Wed May 23 19:51:48 +0000 2018](https://twitter.com/adulau/status/999377376382504961)) +---- +@Fox0x01 For @hack_lu we always covered travel costs and hotel for speakers even if we don’t make any profit for running the conf. + +(Originally on Twitter: [Thu May 24 05:41:29 +0000 2018](https://twitter.com/adulau/status/999525773949263872)) +---- +RT @MITREattack: It's great to be here in Luxembourg to engage with the international community about how they're using ATT&CK and how we c… + +(Originally on Twitter: [Thu May 24 08:30:37 +0000 2018](https://twitter.com/adulau/status/999568336559247360)) +---- +@TwitterSupport Could you have a look at this? https://twitter.com/_saadk/status/999924411833581569 could you unblock @TheHive_Project asap? + +(Originally on Twitter: [Fri May 25 08:08:58 +0000 2018](https://twitter.com/adulau/status/999925275335913476)) +---- +RT @MISPProject: 4 new taxonomies in @MISPProject to describe MAEC version 5 delivery vectors, malware behaviour, malware capabilities and… + +(Originally on Twitter: [Fri May 25 10:04:30 +0000 2018](https://twitter.com/adulau/status/999954350750527488)) +---- +RT @MITREcorp: How can @MITREattack help you perform #cyber threat intelligence? Read Katie Nickels' (@likethecoins) latest blog article an… + +(Originally on Twitter: [Fri May 25 16:45:48 +0000 2018](https://twitter.com/adulau/status/1000055341718163457)) +---- +RT @fr3ino: Because of #GDPR, USA Today decided to run a separate version of their website for EU users, which has all the tracking scripts… + +(Originally on Twitter: [Sat May 26 09:59:38 +0000 2018](https://twitter.com/adulau/status/1000315514290429952)) +---- +RT @cyb3rops: Evt2Sigma v0.0.1 +Generate #Sigma Rules from Log Entries +> create detection rules for your SIEM from eventlog entries +> proof… + +(Originally on Twitter: [Sat May 26 13:49:47 +0000 2018](https://twitter.com/adulau/status/1000373436215160832)) +---- +Reading https://www.politico.eu/wp-content/uploads/2018/05/Copyright-compromise-amendments-V6.pdf "Proposal For A Directive On Copyright In The Digital Single Market" and IMHO the proposed text will hinder new model for sharing open source projects especially even new economical model. The text still confuses open source and not-for-profit. + +(Originally on Twitter: [Sun May 27 08:12:23 +0000 2018](https://twitter.com/adulau/status/1000650914020159488)) +---- +RT @hack_lu: http://Hack.lu 2018 Call for Papers, Presentations and Workshops https://2018.hack.lu/blog/hack.lu-2018-call-for-papers/ is open. We are waiting for… + +(Originally on Twitter: [Sun May 27 10:43:09 +0000 2018](https://twitter.com/adulau/status/1000688854066696197)) +---- +Looking at the recent post from @DidierStevens at @sans_isc https://twitter.com/sans_isc/status/1000726470438936578 about a malware using a NSIS installer while adding the @MITREattack techniques in @MISPProject really gives a quick glance of the techniques used and especially what mitigation/detection to use. ![](media/1000754250148995072-DeNj2QwWAAEI41t.jpg) + +(Originally on Twitter: [Sun May 27 15:03:01 +0000 2018](https://twitter.com/adulau/status/1000754250148995072)) +---- +RT @MISPProject: MISP Threat Intelligence Summit 0x04 at @hack_lu 2018 (15 October 2018). Practical threat intelligence and information sha… + +(Originally on Twitter: [Sun May 27 17:17:11 +0000 2018](https://twitter.com/adulau/status/1000788017890676736)) +---- +@H_Miser Cela me rappelle le dump d'une DB MySQL avec toutes les authentifications d'un "provider" VPN avec les durées de connexions et les détails des cartes de crédit par utilisateur. + +(Originally on Twitter: [Mon May 28 06:31:48 +0000 2018](https://twitter.com/adulau/status/1000987989789507584)) +---- +RT @circl_lu: "QRadar Remote Command Execution" https://blogs.securiteam.com/index.php/archives/3689 http://www-01.ibm.com/support/docview.wss?uid=swg22015797 https://cve.circl.lu/cve/CVE-2018-1418 + +(Originally on Twitter: [Mon May 28 11:50:47 +0000 2018](https://twitter.com/adulau/status/1001068263877632002)) +---- +RT @davidonzo: @MISPProject training at @CertPa +Thanks to @circl_lu +@adulau and @Iglocska for the availability! +#MISP #Infosec https://t.… + +(Originally on Twitter: [Tue May 29 09:16:02 +0000 2018](https://twitter.com/adulau/status/1001391706405818368)) +---- +RT @_saadk: Since we can no longer use @TheHive_Project account to announce Cerana 0.10 (TheHive 3.0.10), spread the word if you can https:… + +(Originally on Twitter: [Tue May 29 16:57:24 +0000 2018](https://twitter.com/adulau/status/1001507814718824448)) +---- +Following a discussion with @garanews during the @MISPProject training of Today about the NSRL hash database. I wrote a quick MISP expansion module for @hashdd_ public service. https://github.com/MISP/misp-modules/commit/9664127b85b14dc49b4ba0e9fe7ee7e5b2bf9945 + +(Originally on Twitter: [Tue May 29 20:11:19 +0000 2018](https://twitter.com/adulau/status/1001556614288199682)) +---- +RT @halvarflake: Strange times when "lulz" is a normal word to appear on slide decks at a NATO conference. + +(Originally on Twitter: [Wed May 30 10:22:43 +0000 2018](https://twitter.com/adulau/status/1001770876138901505)) +---- +@brucon It looks very promising. By the way, we still have a call-for-papers running for @hack_lu 2018 if you want to submit your proposal https://2018.hack.lu/blog/hack.lu-2018-call-for-papers/ + +(Originally on Twitter: [Wed May 30 13:59:15 +0000 2018](https://twitter.com/adulau/status/1001825369182363654)) +---- +RT @cbrocas: I can't agree more with @adulau : @hack_lu is a really great place to share security knowledge and research! Just submit to th… + +(Originally on Twitter: [Wed May 30 14:08:12 +0000 2018](https://twitter.com/adulau/status/1001827618809925633)) +---- +RT @TheHive_Project: We had a fantastic time thx to @bancaditalia. The joint #CTI & #DFIR training in Rome with @MISPProject, TheHive and C… + +(Originally on Twitter: [Fri Jun 01 16:43:21 +0000 2018](https://twitter.com/adulau/status/1002591440969654273)) +---- +An interesting CSV injection vulnerability in the Niko web server scanner if a malicious server is scanned and add a funky Server HTTP header response. https://cve.circl.lu/cve/CVE-2018-11652 + +(Originally on Twitter: [Fri Jun 01 20:15:55 +0000 2018](https://twitter.com/adulau/status/1002644936854994944)) +---- +@RikeFranke @jana_puglierin @BaKu_Ifri @AnnwieAnna @SirAdamELN @AliceBillon Planning is still a lot of talkings. Doing might be more appropriate, start small only with EU members willing to contribute in EU defense, solve specific issues within 6 months target (such as cybersecurity collaboration center, common procurement processes or create RRTs) + +(Originally on Twitter: [Sat Jun 02 05:40:56 +0000 2018](https://twitter.com/adulau/status/1002787126281457664)) +---- +@Niki7a When I saw it for the first time, it was in wargames. Nowadays the meaning for me is more “one of those random military scales”. + +(Originally on Twitter: [Sat Jun 02 08:25:35 +0000 2018](https://twitter.com/adulau/status/1002828560304918529)) +---- +RT @cbrocas: AIL workshop will be given at @passthesaltcon by Sami Mokaddem (from @circl_lu ) on Tuesday July, 3rd. Join us! #pts18 https:/… + +(Originally on Twitter: [Sat Jun 02 13:41:13 +0000 2018](https://twitter.com/adulau/status/1002907992843530240)) +---- +RT @IgorSkochinsky: exploiting buffer overflow on a PIC. mad props! https://courk.cc/index.php/2018/06/01/a-remote-vulnerability/ + +(Originally on Twitter: [Sat Jun 02 16:43:56 +0000 2018](https://twitter.com/adulau/status/1002953975438761984)) +---- +@metaconflict @LuxSecurityWeek @BSidesLux @hack_lu @MISPProject I’m tempted to propose a hack on their neon sign outside... like the MIT hacks http://hacks.mit.edu/ + +(Originally on Twitter: [Sun Jun 03 07:26:02 +0000 2018](https://twitter.com/adulau/status/1003175964459888640)) +---- +RT @circl_lu: "Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials" https://acmccs.github.io/papers/p1421-thomasAembCC.pdf and it's why we… + +(Originally on Twitter: [Sun Jun 03 09:00:12 +0000 2018](https://twitter.com/adulau/status/1003199660981456896)) +---- +@ClounerPhedra This sounds very interesting and promising. Will you do a blog post about your discoveries and share your experience on this program? + +(Originally on Twitter: [Sun Jun 03 16:31:53 +0000 2018](https://twitter.com/adulau/status/1003313330931593220)) +---- +RT @jwunder: A great illustration of why diversity is important in all things. https://twitter.com/marrowing/status/1003072911110893569 + +(Originally on Twitter: [Sun Jun 03 16:49:44 +0000 2018](https://twitter.com/adulau/status/1003317823609999360)) +---- +"Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND +OF THE COUNCIL on ENISA, EU Cybersecurity Agency " including the certification of software and hardware http://data.consilium.europa.eu/doc/document/ST-9350-2018-INIT/en/pdf + +(Originally on Twitter: [Sun Jun 03 18:04:18 +0000 2018](https://twitter.com/adulau/status/1003336587302916097)) +---- +@pro_integritate My only hope is maybe a shift of some "certification" investments into "actually doing things". + +(Originally on Twitter: [Sun Jun 03 21:28:34 +0000 2018](https://twitter.com/adulau/status/1003387993753825289)) +---- +The day when @Microsoft removes the projects licensed under copyleft-type licenses (such as GPL or AGPL) on @github we will know that we have lost. + +(Originally on Twitter: [Mon Jun 04 20:59:19 +0000 2018](https://twitter.com/adulau/status/1003743022247489541)) +---- +RT @likethecoins: The second part of my blog post is up! I've been applying threat reporting to ATT&CK for a few years, so I wanted to shar… + +(Originally on Twitter: [Tue Jun 05 04:27:13 +0000 2018](https://twitter.com/adulau/status/1003855739528663041)) +---- +@S_Team_Approved @isostandards But again, the standard won't be publicly and freely available like the @ietf does. + +(Originally on Twitter: [Tue Jun 05 06:25:31 +0000 2018](https://twitter.com/adulau/status/1003885511272992769)) +---- +@dez_ What’s the exact differences between Sigma and STIX 2 patterning versus EQL? Is there an existing open source library for parsing EQL? + +(Originally on Twitter: [Wed Jun 06 05:23:49 +0000 2018](https://twitter.com/adulau/status/1004232371007361024)) +---- +@aris_ada @Microsoft @github I was just wondering based on my experience with them being against reciprocal licensing such as AGPL or GPL. Maybe loosing the community of users as moving is painful and you need time to rebuild your contributing users. Just remembering my past experience with GNU Savannah. + +(Originally on Twitter: [Wed Jun 06 05:39:30 +0000 2018](https://twitter.com/adulau/status/1004236317935505408)) +---- +@SevaUT @JohnHultquist @ColdWarPod Whooaaaa @depechemode classified as “punk/violence”. 😂 + +(Originally on Twitter: [Wed Jun 06 16:24:59 +0000 2018](https://twitter.com/adulau/status/1004398758187192329)) +---- +RT @LucDockendorf: @enisa_eu Prominent @MISPProject & @hack_lu stickers – well done @circl_lu + +(Originally on Twitter: [Wed Jun 06 17:13:59 +0000 2018](https://twitter.com/adulau/status/1004411090875355136)) +---- +RT @pinkflawd: #BlackHoodie spin off #2 is on, October 15 in Luxembourg! Thanks to @barbieauglend @rafi0t and @hack_lu for setting this up,… + +(Originally on Twitter: [Wed Jun 06 20:48:36 +0000 2018](https://twitter.com/adulau/status/1004465097706573824)) +---- +Someone “reading” a book in the train about “how to be more efficient” while playing a game on his phone. should I tell him the secret? + +(Originally on Twitter: [Thu Jun 07 16:50:34 +0000 2018](https://twitter.com/adulau/status/1004767583906787328)) +---- +@Iglocska @Aristot73 @MISPProject @concinnityrisks I’m fine being Murdock. + +(Originally on Twitter: [Thu Jun 07 16:55:38 +0000 2018](https://twitter.com/adulau/status/1004768857645600769)) +---- +@davidonzo The book was open at that chapter... I tried to take a picture. + +(Originally on Twitter: [Thu Jun 07 16:56:36 +0000 2018](https://twitter.com/adulau/status/1004769104652365824)) +---- +@Iglocska @Aristot73 @MISPProject @concinnityrisks I hate smoke and cigars. and you know well my mental health ;-) + +(Originally on Twitter: [Thu Jun 07 16:57:59 +0000 2018](https://twitter.com/adulau/status/1004769452192346112)) +---- +RT @MISPProject: MISP 2.4.92 released (aka performance improvement) including massive boost in performance for the warning-lists along with… + +(Originally on Twitter: [Thu Jun 07 21:15:17 +0000 2018](https://twitter.com/adulau/status/1004834201961746432)) +---- +We are changing the license of cve-search and we are missing the feedback/approval from just 2 contributors. https://github.com/cve-search/cve-search/issues/281#issuecomment-395742232 + +(Originally on Twitter: [Fri Jun 08 19:37:26 +0000 2018](https://twitter.com/adulau/status/1005171963814383617)) +---- +RT @hack_lu: It's almost the weekend, and you're all wondering what to do, right? We have an answer for you: submit your proposal for @hack… + +(Originally on Twitter: [Sat Jun 09 07:57:31 +0000 2018](https://twitter.com/adulau/status/1005358214706352128)) +---- +Amazon Technologies Inc got a patent granted on "Honeypot computing services that include simulated computing resources" with a "mutated response" there are tons of prior-arts... +https://patents.google.com/patent/US9985987B1/en + +(Originally on Twitter: [Sat Jun 09 08:57:40 +0000 2018](https://twitter.com/adulau/status/1005373350800224256)) +---- +@Vecchi_Paolo Classical patent system style. They just look in their own bubble and wait for people or organisation doing paid-opposition which nobody does. + +(Originally on Twitter: [Sat Jun 09 13:56:29 +0000 2018](https://twitter.com/adulau/status/1005448551684542465)) +---- +RT @FordFoundation: #PublicInterestTech: @FordFoundation & @SloanFoundation are supporting a new research exploring the economics, sustaina… + +(Originally on Twitter: [Sun Jun 10 14:24:11 +0000 2018](https://twitter.com/adulau/status/1005817910185652224)) +---- +RT @circl_lu: AIL framework version 1.1 released https://github.com/CIRCL/AIL-framework/releases/tag/v1.1 including the ability to use @MISPProject taxonomies, galaxies dir… + +(Originally on Twitter: [Sun Jun 10 17:03:43 +0000 2018](https://twitter.com/adulau/status/1005858058608750592)) +---- +RT @it4sec: "Extracting the Private Key from a TREZOR with a 70 $ Oscilloscope" +https://jochen-hoenicke.de/trezor-power-analysis/ + +(Originally on Twitter: [Sun Jun 10 18:39:32 +0000 2018](https://twitter.com/adulau/status/1005882169733021696)) +---- +RT @hack_lu: Upon request, we decided to extend the CFP of *3* days (2018-06-13 at 23:59 CET), not one more. Everyone who sent a proposal,… + +(Originally on Twitter: [Mon Jun 11 04:31:25 +0000 2018](https://twitter.com/adulau/status/1006031124475400193)) +---- +RT @LIEF_project: Thanks to @quarkslab, LIEF 0.9.0 is out! See https://lief.quarkslab.com/doc/stable/changelog.html#june-11-2018 + +Blog post will follow. ![](media/1006031214057320448-DfYQnk9X4AAUO4n.png) + +(Originally on Twitter: [Mon Jun 11 04:31:47 +0000 2018](https://twitter.com/adulau/status/1006031214057320448)) +---- +"Trigram database written in C++, suited for malware indexing" released by @CERT_Polska https://github.com/CERT-Polska/ursadb + +(Originally on Twitter: [Mon Jun 11 11:49:25 +0000 2018](https://twitter.com/adulau/status/1006141348892893184)) +---- +RT @circl_lu: Don't forget we have foreseen a workshop and a training for AIL Analysis Information Leak framework. One at @passthesaltcon (… + +(Originally on Twitter: [Wed Jun 13 09:14:56 +0000 2018](https://twitter.com/adulau/status/1006827249671311362)) +---- +@DidierStevens Whoaaa. Thanks a lot for all the contributions! + +(Originally on Twitter: [Wed Jun 13 12:20:42 +0000 2018](https://twitter.com/adulau/status/1006873995558510593)) +---- +RT @MISPProject: Thanks to @deltalimasierra who does a tremendous job of updating, validating and reviewing @MISPProject galaxy including t… + +(Originally on Twitter: [Wed Jun 13 14:21:39 +0000 2018](https://twitter.com/adulau/status/1006904437401477120)) +---- +@FusterGloria But how can you be sure that the privacy policy is compliant? the text can be compliant to the interpretation but their data processing activities are a different story and difficult to evaluate technically (using honeytoken or fake data to check if they share data?). + +(Originally on Twitter: [Wed Jun 13 17:15:18 +0000 2018](https://twitter.com/adulau/status/1006948135611052032)) +---- +@FusterGloria Indeed it’s a good start. My point was more the difficulty to measure the “real technical privacy” versus the legal gibberish to make it nice from a surfaced legal analysis. + +(Originally on Twitter: [Wed Jun 13 17:53:50 +0000 2018](https://twitter.com/adulau/status/1006957834678960128)) +---- +RT @lehtior2: Proposed EU parliament resolution refers to Kaspersky’s products matter-of-factly as ”confirmed as malicious”. This is not th… + +(Originally on Twitter: [Wed Jun 13 20:12:47 +0000 2018](https://twitter.com/adulau/status/1006992802784391168)) +---- +RT @circl_lu: "CVE-2018-8225 | Windows DNSAPI Remote Code Execution Vulnerability" https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8225 A remote code execution vulnerab… + +(Originally on Twitter: [Wed Jun 13 20:22:54 +0000 2018](https://twitter.com/adulau/status/1006995348307501058)) +---- +RT @edarchis: "Smart" padlock with "military grade AES128 encryption" is actually using the MAC as key and pure HTTP. https://t.co/pTf2l6mR… + +(Originally on Twitter: [Thu Jun 14 05:08:18 +0000 2018](https://twitter.com/adulau/status/1007127567684587521)) +---- +RT @cperciva: My understanding is that the original disclosure date for this was some time in late July or early August. After I wrote an… + +(Originally on Twitter: [Thu Jun 14 05:17:17 +0000 2018](https://twitter.com/adulau/status/1007129830838685697)) +---- +A neat and clean open software to use the CT logs to find specific threats or abuses https://github.com/AssuranceMaladieSec/CertStreamMonitor thanks to @cbrocas and ThDamon + +(Originally on Twitter: [Thu Jun 14 08:57:47 +0000 2018](https://twitter.com/adulau/status/1007185320587218944)) +---- +RT @droethlisberger: Released #xnumon 0.1.0, sysmon workalike for #macOS security monitoring; pkg at http://roe.ch/xnumon code at https:… + +(Originally on Twitter: [Fri Jun 15 10:12:57 +0000 2018](https://twitter.com/adulau/status/1007566623434313728)) +---- +RT @MSF_Sea: Search and rescue is simple in principle, and its procedures are established in international law. If people are in distress a… + +(Originally on Twitter: [Fri Jun 15 11:07:58 +0000 2018](https://twitter.com/adulau/status/1007580468945063936)) +---- +RT @christianrossow: We love large-scale memory #forensics: #MemScrimper, a tool written by my PhD student @mbbrengel, compresses 2GiB-larg… + +(Originally on Twitter: [Fri Jun 15 11:51:16 +0000 2018](https://twitter.com/adulau/status/1007591367240044544)) +---- +RT @anttitikkanen: My team in Zurich is hiring a software engineer to work on systems supporting our threat intel analysts. Like frontend d… + +(Originally on Twitter: [Fri Jun 15 15:18:52 +0000 2018](https://twitter.com/adulau/status/1007643612472061954)) +---- +Many organisations are afraid of the diversity of taxonomies in threat intelligence and always want to have a single common one. Maybe it would be better to embrace this diversity and relies on it. IMHO the issue relies on the tools not capable of handling this diversity. + +(Originally on Twitter: [Fri Jun 15 16:43:53 +0000 2018](https://twitter.com/adulau/status/1007665007159627776)) +---- +RT @enisa_eu: 5th #CSIRTs Network meeting is over. Great +discussions and info exchange, another step to promote swift and effective +operati… + +(Originally on Twitter: [Fri Jun 15 16:45:42 +0000 2018](https://twitter.com/adulau/status/1007665464208773121)) +---- +@davidonzo Love it. Well said. I think we can relate this to the “elton's diversity stability hypothesis” where diversity leads to more stability (and maybe more security as Dan Geer loves to say). + +(Originally on Twitter: [Fri Jun 15 17:50:02 +0000 2018](https://twitter.com/adulau/status/1007681654129819653)) +---- +@treyka Usually I don’t like to paste quotes “The reasonable man adapts himself to the world: the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man.” But I see a link between your statement and the quote of Shaw. + +(Originally on Twitter: [Fri Jun 15 18:14:26 +0000 2018](https://twitter.com/adulau/status/1007687794146324480)) +---- +@treyka Are we going into a Louis-Ferdinant Celine-like discussion about the authors versus their personal’s life? which is an interesting discusion nevertheless we are on Internet and the mention of a specific kind of totalitarian regime might break the thread ;-) + +(Originally on Twitter: [Fri Jun 15 18:34:42 +0000 2018](https://twitter.com/adulau/status/1007692893501390856)) +---- +@SteveClement Exactly that’s where we (as software crafters) we need to improve and build better tool to ease which one to use based on existing usages and practices. + +(Originally on Twitter: [Sat Jun 16 09:14:59 +0000 2018](https://twitter.com/adulau/status/1007914423640625152)) +---- +@cropprotection @RichardMurphyUK Pesticides are killing biodiversity. There is no other factors, as is. http://www.pnas.org/content/110/27/11039 Promulging paid incorrect information on @Twitter can be considered as abusing their service. + +(Originally on Twitter: [Sun Jun 17 11:21:47 +0000 2018](https://twitter.com/adulau/status/1008308723977281537)) +---- +RT @flee74: @hack_lu #thanks 👍👏👍👏 to #international #shipping from #lu to #us ![](media/1008316123182501888-Dfxu0FkVAAAz_HR.jpg) + +(Originally on Twitter: [Sun Jun 17 11:51:12 +0000 2018](https://twitter.com/adulau/status/1008316123182501888)) +---- +RT @MISPProject: A smooth import of @USCERT_gov STIX 1.1 https://www.us-cert.gov/ncas/analysis-reports/AR18-165A - North Korean Trojan called TYPEFRAME in @MISPProject (2.… + +(Originally on Twitter: [Sun Jun 17 13:03:13 +0000 2018](https://twitter.com/adulau/status/1008334249060073472)) +---- +@eromang @SteveClement We did some experiments with supervised learning and it might be integrated soon in some tools which you already know ;-) + +(Originally on Twitter: [Sun Jun 17 13:47:12 +0000 2018](https://twitter.com/adulau/status/1008345317274800128)) +---- +@RobertMLee @ChristyQuinn @cyb3rops @jfslowik @sk1773lz @jckichen Maybe we should agree on the common definition of the activity group, campaign, operation and threat actor. I would be very happy to make it inline for the MISP galaxy (https://www.misp.software/galaxy.html) while keeping a link with ATT&CK @likethecoins + +(Originally on Twitter: [Sun Jun 17 15:19:26 +0000 2018](https://twitter.com/adulau/status/1008368530704797697)) +---- +RT @likethecoins: @RobertMLee @jfslowik @ChristyQuinn @sk1773lz @cyb3rops @sansforensics I've never seen solid definitions of "campaign" or… + +(Originally on Twitter: [Sun Jun 17 16:11:37 +0000 2018](https://twitter.com/adulau/status/1008381660671430657)) +---- +@likethecoins @RobertMLee @ChristyQuinn @cyb3rops @jfslowik @sk1773lz @jckichen @cnoanalysis IMHO, I think a relationship between the different names (as used in activity groups, threat-actors, group of techniques used, operations or campaigns) could help. We maintain a set of relationship types maybe new types could be used to describe ~ links? https://github.com/MISP/misp-objects/blob/master/relationships/definition.json + +(Originally on Twitter: [Sun Jun 17 16:20:33 +0000 2018](https://twitter.com/adulau/status/1008383911301472257)) +---- +Following a question in the train, what are you listening at? @vendredisurmer @TheBlaze_Prod @kidfrancescoli @AcidArab @austratalks @chromatics in no particular order and obviously missing all the bands which are not referenced on Twitter. ![](media/1008772760708046849-Df_hOaZW0AAPcfc.jpg) + +(Originally on Twitter: [Mon Jun 18 18:05:42 +0000 2018](https://twitter.com/adulau/status/1008772760708046849)) +---- +RT @Aristot73: "The concept of legality and the concept of justice are not identical; they’re not entirely distinct either." +https://t.co/Y… + +(Originally on Twitter: [Tue Jun 19 05:42:28 +0000 2018](https://twitter.com/adulau/status/1008948106908626944)) +---- +@SWHeritage do you have an open API to push new open source git repository for archiving? + +(Originally on Twitter: [Tue Jun 19 07:27:30 +0000 2018](https://twitter.com/adulau/status/1008974539311714310)) +---- +"Since many modern machines no longer provide the ability to disable Hyper-threading in the BIOS setup, provide a way to disable the use of additional processor threads in our scheduler." +https://www.mail-archive.com/source-changes@openbsd.org/msg99141.html + +(Originally on Twitter: [Tue Jun 19 21:03:49 +0000 2018](https://twitter.com/adulau/status/1009179970172870657)) +---- +Thanks to @CrowdStrike but this is again showing that “the cloud is better at security” is a fallacy. DFIR is usually blind, centralized risks and lack of ability to do external monitoring by default. +https://mobile.twitter.com/DAlperovitch/status/1009162605678727170 + +(Originally on Twitter: [Wed Jun 20 05:30:38 +0000 2018](https://twitter.com/adulau/status/1009307515706920966)) +---- +RT @passthesaltcon: A rump session will be organized on Tuesday July, 3rd between 11:40 and 12:15 AM. Have a nice idea or a fun story to sh… + +(Originally on Twitter: [Wed Jun 20 15:40:49 +0000 2018](https://twitter.com/adulau/status/1009461074117177345)) +---- +@SNCB FYI, the inside door cannot close properly due to some hydraulic issues in the train IC2141 towards Bruxelles from Luxembourg. ![](media/1009475037265649664-DgJgFXmWsAESDwH.jpg) + +(Originally on Twitter: [Wed Jun 20 16:36:18 +0000 2018](https://twitter.com/adulau/status/1009475037265649664)) +---- +@jwunder I recently used that one at the office while I opened a chat room... + + +media/1009540451689553921-DgKbZIJX4AIeUlR.mp4 + +(Originally on Twitter: [Wed Jun 20 20:56:14 +0000 2018](https://twitter.com/adulau/status/1009540451689553921)) +---- +@wimremes I see a belgian story emerging... + +(Originally on Twitter: [Thu Jun 21 16:28:05 +0000 2018](https://twitter.com/adulau/status/1009835355472789507)) +---- +@Iglocska @MISPProject @0xtf @xme @Kyle_Parrish_ You should have received an invite for your new repository ;-) Glad to have you on-board! + +(Originally on Twitter: [Thu Jun 21 18:33:33 +0000 2018](https://twitter.com/adulau/status/1009866931632001025)) +---- +RT @MISPProject: During the participation of @circl_lu at #CyberEurope18 exercise, we received great and constructive feedback from the par… + +(Originally on Twitter: [Fri Jun 22 15:28:21 +0000 2018](https://twitter.com/adulau/status/1010182711946997760)) +---- +RT @0x3c7: Weekend project: #APT map based on the threat actor @MISPProject galaxy. Next step will be integrating all those attack campaign… + +(Originally on Twitter: [Sat Jun 23 06:48:10 +0000 2018](https://twitter.com/adulau/status/1010414191914733568)) +---- +Great news! The open source ecosystem of information security tools by/for CSIRTs is expanding with n6 (Network Security Incident eXchange) from @CERT_Polska https://github.com/CERT-Polska/n6 a new companion to @intelmq @TheHive_Project @MISPProject + +(Originally on Twitter: [Sat Jun 23 08:42:01 +0000 2018](https://twitter.com/adulau/status/1010442840961437697)) +---- +Some years ago, we tried to solve all the issues with regular expressions. Nowadays, I have the unpleasant impression, that Elasticsearch is the new regular expression. + +(Originally on Twitter: [Sat Jun 23 16:41:44 +0000 2018](https://twitter.com/adulau/status/1010563565751848960)) +---- +@chrisdoman @MISPProject @0x3c7 If we can have the JSON, we can manually import your updates into the cluster files. This would be very cool. + +(Originally on Twitter: [Sat Jun 23 22:14:36 +0000 2018](https://twitter.com/adulau/status/1010647337889419267)) +---- +Impressed to see people using their banking mobile application in the train, writing wire transferts, typing validation PIN and browsing their bank statement. Or wait, I should just stop shoulder surfing and stop worrying. Maybe attackers cannot scale-up shoulder surfing attacks. + +(Originally on Twitter: [Mon Jun 25 13:22:29 +0000 2018](https://twitter.com/adulau/status/1011238201409798144)) +---- +@electrospaces https://theintercept.com/document/2018/06/25/sso-dictionary-relevant-entries/ Maybe you want to add KOZYKOVE, MERLIN, PLANK, POORWILL, RODEO STAR, SEALION, THEORYMASTER. Maybe also update STONEGATE description too. + +(Originally on Twitter: [Mon Jun 25 16:03:05 +0000 2018](https://twitter.com/adulau/status/1011278614883643392)) +---- +@RaNma__ connected to my hotspot with a transparent mitmproxy enabled... + +(Originally on Twitter: [Mon Jun 25 16:03:55 +0000 2018](https://twitter.com/adulau/status/1011278826943451141)) +---- +@Sebdraven @MITREattack @MISPProject Oui cela demande un certain niveau de “commitment”. Dans la nouvelle version de MISP, on a fait une matrice pour éditer (c’est plus facile) et il y a des statistiques sur l’utilisation des techniques @MITREattack Tu peux tester avant la release 2.4.93 le feedback est le bienvenu. + +(Originally on Twitter: [Mon Jun 25 18:23:12 +0000 2018](https://twitter.com/adulau/status/1011313879924789248)) +---- +@martijn_grooten If you send spear phishing emails which target industrial sectors (which was the case for Comment Crew for years), the terminology is often used for design requirements or alike. It kind of make sense to me. You have something else in mind? + +(Originally on Twitter: [Mon Jun 25 18:30:32 +0000 2018](https://twitter.com/adulau/status/1011315724705501185)) +---- +@martijn_grooten I suppose the subject is so common (to trap users expecting similar emails) that is also used for other opportunistic spam too. Looking at our various spam-traps or more targeted cases, there are obviously some overlap of subjects... + +(Originally on Twitter: [Mon Jun 25 18:37:45 +0000 2018](https://twitter.com/adulau/status/1011317540323282944)) +---- +RT @electrospaces: @adulau It's ridiculous that that list wasn't published much earlier, would have helped many of us to better understand… + +(Originally on Twitter: [Tue Jun 26 04:37:02 +0000 2018](https://twitter.com/adulau/status/1011468356015349760)) +---- +@electrospaces Exactly. I still don’t get why @theintercept is still sitting on such technical information for years without releasing it and/or clarifying the code names. + +(Originally on Twitter: [Tue Jun 26 04:40:43 +0000 2018](https://twitter.com/adulau/status/1011469280364331009)) +---- +@kchr @jpcert_en VDO looks really cool and clarifies a lot of points when describing a vulnerability. But why it’s full of nesting? I think a flatten JSON (with relationships) would help people implementing and using it more. + +(Originally on Twitter: [Tue Jun 26 05:06:36 +0000 2018](https://twitter.com/adulau/status/1011475793569083392)) +---- +RT @kchr: Masaki from NICT introduces Vuln Description Ontology (NISTIR8138). +Masanobu @jpcert_en shows way to handle VDO with JSON format… + +(Originally on Twitter: [Tue Jun 26 05:06:44 +0000 2018](https://twitter.com/adulau/status/1011475826825719808)) +---- +RT @passthesaltcon: Coming to #pts18 ? Not already convinced that AIL workshop would be a rich and useful experience? Read this! cc @circl… + +(Originally on Twitter: [Wed Jun 27 13:19:49 +0000 2018](https://twitter.com/adulau/status/1011962304085282818)) +---- +RT @MISPProject: MISP 2.4.93 released including a matrix UI for @MITREattack framework to add or browse statistics of techniques used, a ne… + +(Originally on Twitter: [Wed Jun 27 15:53:20 +0000 2018](https://twitter.com/adulau/status/1012000936812843010)) +---- +RT @circl_lu: "An Indicator Scoring Method For @MISPProject Platforms" a joint research paper between @circl_lu @evilolive28 (Restena) pres… + +(Originally on Twitter: [Wed Jun 27 16:52:01 +0000 2018](https://twitter.com/adulau/status/1012015705666080770)) +---- +I love those proprietary software vendors using as keywords for their promoted tweet an open source project name. It’s an easy way to discredit your product in a single shot... + +(Originally on Twitter: [Wed Jun 27 17:52:29 +0000 2018](https://twitter.com/adulau/status/1012030923737624576)) +---- +@ater49 Not sure I don’t click on suspicious links from GCHQ^H^H^HUK. + +(Originally on Twitter: [Wed Jun 27 18:02:46 +0000 2018](https://twitter.com/adulau/status/1012033513632288772)) +---- +@bugoid @MISPProject @MITREattack Thank you for the feedback. It was a first iteration and it will be updated ;-) + +(Originally on Twitter: [Thu Jun 28 05:14:08 +0000 2018](https://twitter.com/adulau/status/1012202467004739584)) +---- +RT @MISPProject: A new misp module to do Sigma syntax validation within @MISPProject which allows quick validation of your Sigma rules. Tha… + +(Originally on Twitter: [Thu Jun 28 13:23:03 +0000 2018](https://twitter.com/adulau/status/1012325507671748608)) +---- +@matthieugarin @kalyparker Pourquoi vouloir imposer un schema organisationel pour les activités sécurités? Il peut varier suivant les structure, le “threat model” ou les capacités des équipes. + +(Originally on Twitter: [Fri Jun 29 05:19:04 +0000 2018](https://twitter.com/adulau/status/1012566096300429312)) +---- +RT @ohohlfeld: Exciting measurement study of Google's Public DNS service spanning 2.5 years presented by @woutifier at #tma2018 (w/ @reseau… + +(Originally on Twitter: [Fri Jun 29 05:24:31 +0000 2018](https://twitter.com/adulau/status/1012567468127158273)) +---- +@Iglocska @jwunder “White House” is a kind of recursive threat actor name... + +(Originally on Twitter: [Fri Jun 29 19:39:52 +0000 2018](https://twitter.com/adulau/status/1012782724166373378)) +---- +RT @ItsReallyNick: @a_tweeter_user I wonder if you'll see targeted attackers use it soo - wait, what's that? +Potentially #APT28 in some sam… + +(Originally on Twitter: [Fri Jun 29 21:51:39 +0000 2018](https://twitter.com/adulau/status/1012815887240515584)) +---- +@Vecchi_Paolo I would like to quote @originaIbanksy in such situation: “People who enjoy waving flags don't deserve to have one” + +(Originally on Twitter: [Sat Jun 30 16:34:07 +0000 2018](https://twitter.com/adulau/status/1013098366379675648)) +---- +@evematringe https://lookyloo.circl.lu/ (demo test) and https://github.com/CIRCL/lookyloo (source code) Enjoy! + +(Originally on Twitter: [Sat Jun 30 17:08:20 +0000 2018](https://twitter.com/adulau/status/1013106977705283584)) +---- +@eromang @MarieGMoe @circl_lu @lukOlejnik I remember some hospitals who refused to patch RMIs because of some “medical” certification being lost if you update the software without running for another certification round before. + +(Originally on Twitter: [Sat Jun 30 18:24:14 +0000 2018](https://twitter.com/adulau/status/1013126078137815045)) +---- +@evematringe Tu as un lien de la presentation? Je suis curieux. + +(Originally on Twitter: [Sat Jun 30 18:26:11 +0000 2018](https://twitter.com/adulau/status/1013126567059435520)) +---- +RT @likethecoins: My advice for our high schoolers today: 1. If you don't know how to do anything else in Wireshark, just Follow TCP Stream… + +(Originally on Twitter: [Sat Jun 30 19:49:01 +0000 2018](https://twitter.com/adulau/status/1013147411919843331)) +---- +I love when a company asks me how to do a bug bounty program and my question is always "what's your existing security point of contact when someone want to report a security vulnerability" and they don't know. + + +media/1013416516212183040-DhBg2hKW0AAk_Gn.mp4 + +(Originally on Twitter: [Sun Jul 01 13:38:20 +0000 2018](https://twitter.com/adulau/status/1013416516212183040)) +---- +RT @ClearskySec: #CharmingKitten built a phishing website impersonating our company. The fake website is clearskysecurity\.net (the real we… + +(Originally on Twitter: [Sun Jul 01 18:53:20 +0000 2018](https://twitter.com/adulau/status/1013495786527772674)) +---- +RT @MISPProject: If you are at @passthesaltcon conference, don't hesitate to discuss w/ @adulau to talk about @MISPProject and especially i… + +(Originally on Twitter: [Sun Jul 01 19:44:52 +0000 2018](https://twitter.com/adulau/status/1013508759233224704)) +---- +Trying to build an adequate digital forensic process model in a @MISPProject taxonomy when reading https://arxiv.org/abs/1708.01730 the number of DFIR process models is impressively large and confusing. What's the DFIR process model you really use? #lazydfirtweet ![](media/1013513154427420672-DhC36s3XkAAum5L.jpg) + +(Originally on Twitter: [Sun Jul 01 20:02:20 +0000 2018](https://twitter.com/adulau/status/1013513154427420672)) +---- +@LauriPalkmets @MISPProject Good idea, I'll have look (when I'll get a version of the document). When I will have a first version the taxonomy, feel free to review or update it. Thank you. + +(Originally on Twitter: [Mon Jul 02 04:48:37 +0000 2018](https://twitter.com/adulau/status/1013645595494572032)) +---- +RT @newsoft: People tried to reproduce published work related to defence against adversarial machine learning. They are all fakes (claim: 9… + +(Originally on Twitter: [Mon Jul 02 06:15:52 +0000 2018](https://twitter.com/adulau/status/1013667554089406464)) +---- +@truekonrads @alexhutton @MISPProject Good point. Taxonomy would be in any case as this is just tags assigned in attributes, events in MISP but indeed a lot of models are just "linear" and don't really map the reality of digital forensic. + +(Originally on Twitter: [Mon Jul 02 06:37:20 +0000 2018](https://twitter.com/adulau/status/1013672956822736896)) +---- +Interesting and clear point of view regarding the "limited value to embargo vulnerabilities" and the main drawbacks as mentioned by the Debian security team at @passthesaltcon ![](media/1013762685798936576-DhGbScdW0AAxWFJ.jpg) + +(Originally on Twitter: [Mon Jul 02 12:33:53 +0000 2018](https://twitter.com/adulau/status/1013762685798936576)) +---- +RT @MISPProject: The @MISPProject core team will be at the summer hackathon (August 7-9 2018) organised by @circl_lu https://t.co/p7T96zi8l… + +(Originally on Twitter: [Mon Jul 02 14:38:09 +0000 2018](https://twitter.com/adulau/status/1013793956587548672)) +---- +@F_kZ_ @evematringe Sure send an email to info(at)circl(dot)lu to get access. + +(Originally on Twitter: [Mon Jul 02 15:17:04 +0000 2018](https://twitter.com/adulau/status/1013803749276573701)) +---- +Just saw the recent @r2gui improvements at the @passthesaltcon and it seems pretty impressive. I really need to test it more. https://github.com/radareorg/cutter + +(Originally on Twitter: [Mon Jul 02 15:58:55 +0000 2018](https://twitter.com/adulau/status/1013814284743335936)) +---- +Nice nifty plug-in for Wireshark to display @Suricata_IDS analysis info +next to pcap analysis https://github.com/regit/suriwire discovered during @passthesaltcon rump session. + +(Originally on Twitter: [Tue Jul 03 10:08:57 +0000 2018](https://twitter.com/adulau/status/1014088599254523904)) +---- +@cyb3rops @cocaman Maybe you want to have a look at the @MISPProject warning-lists https://github.com/MISP/misp-warninglists and we could extend a specific list or create a new one with your nice contribs. + +(Originally on Twitter: [Wed Jul 04 05:37:42 +0000 2018](https://twitter.com/adulau/status/1014382722918252545)) +---- +A nice open source DFIR workflow described by @tomchop_ at @passthesaltcon 2018 conference including their new tools to automate and scale analysis in Google Cloud https://github.com/log2timeline/dftimewolf and https://github.com/google/turbinia #pts18 + +(Originally on Twitter: [Wed Jul 04 08:00:22 +0000 2018](https://twitter.com/adulau/status/1014418625669861376)) +---- +@DamskyIrena @tomchop_ @passthesaltcon Slides will appear on the website in the next hours https://www.pass-the-salt.org/schedule/ #pts18 + +(Originally on Twitter: [Wed Jul 04 08:13:21 +0000 2018](https://twitter.com/adulau/status/1014421896698449923)) +---- +RT @aifsair: That’s quite a conclusion! @adulau at #PTS18 ![](media/1014423124245467136-DhPqR12XkAAfXH3.jpg) + +(Originally on Twitter: [Wed Jul 04 08:18:14 +0000 2018](https://twitter.com/adulau/status/1014423124245467136)) +---- +RT @tricaud: I love this methodology so much :) @adulau #pts18 ![](media/1014425643784855552-DhPmZRMWsAAi55F.jpg) + +(Originally on Twitter: [Wed Jul 04 08:28:15 +0000 2018](https://twitter.com/adulau/status/1014425643784855552)) +---- +"Usability and Security Effects of Code Examples on Crypto APIs" +https://arxiv.org/pdf/1807.01095.pdf - https://github.com/cryptoexamples ![](media/1014428361328865285-DhP5MVIWAAAGAOd.jpg) + +(Originally on Twitter: [Wed Jul 04 08:39:03 +0000 2018](https://twitter.com/adulau/status/1014428361328865285)) +---- +If you are looking in a quick way to create (and update) security sandboxes on Linux, Landlock is an interesting LSM module by @l0kod https://landlock.io/ seen at #pts18 + +(Originally on Twitter: [Wed Jul 04 09:00:52 +0000 2018](https://twitter.com/adulau/status/1014433852369129472)) +---- +RT @rob_pike: Not sure I said that, but when I worry about machine learning being fuzzy, unpredictable, and undebuggable, I'm told not to w… + +(Originally on Twitter: [Wed Jul 04 09:25:25 +0000 2018](https://twitter.com/adulau/status/1014440032353095686)) +---- +If you are exploiting stuff (obviously for red teaming engagement only ;-), FFM is a hacking harness tool to avoid some classical opsec failures https://github.com/JusticeRage/FFM very promising soft by @JusticeRage with some old ideas from @thegrugq #pts18 + +(Originally on Twitter: [Wed Jul 04 14:55:04 +0000 2018](https://twitter.com/adulau/status/1014522991462494210)) +---- +@avuko @xme Good point. That’s why we have an ssdeep correlation engine in @MISPProject where you can set the threshold value of the fuzzy hash on the instance to find similar/related samples. + +(Originally on Twitter: [Thu Jul 05 04:41:40 +0000 2018](https://twitter.com/adulau/status/1014731012847427584)) +---- +RT @SteveClement: Great @MISPProject debug session with @Iglocska @rafi0t @adulau @mokaddem_sami to fix some ZMQ and encoding issues :) +Wel… + +(Originally on Twitter: [Thu Jul 05 16:19:10 +0000 2018](https://twitter.com/adulau/status/1014906544117428224)) +---- +@xme Dolichovespula saxonica? It's a great and cool wasp which is eating a lot of insects and larva. + +(Originally on Twitter: [Thu Jul 05 20:44:13 +0000 2018](https://twitter.com/adulau/status/1014973246549217283)) +---- +@xme I regularly have those (a nest will last 2-3 months max) in my shed and showing how this wasp is peaceful to all the visitors visiting my garden ;-) + +(Originally on Twitter: [Thu Jul 05 20:52:46 +0000 2018](https://twitter.com/adulau/status/1014975397799366656)) +---- +Managing analytical flaws versus managing uncertainties. Some good points from Karl Spielmann we should obviously improve threat analysis or review. #threatintel ![](media/1015103252185190401-DhZfA9ZW4AIYi0F.jpg) + +(Originally on Twitter: [Fri Jul 06 05:20:49 +0000 2018](https://twitter.com/adulau/status/1015103252185190401)) +---- +@npettiaux Mais les auteur(e)s de logiciels libres ou d’oeuvres libres ne demandent pas une modification de la legislation du droit d’auteur pour s'octroyer une rémunération. + +(Originally on Twitter: [Fri Jul 06 05:25:06 +0000 2018](https://twitter.com/adulau/status/1015104329659895808)) +---- +@DFNCERT @cyb3rops @cocaman @MISPProject You do the pull-request for the new warning list or I do it? 😉 + +(Originally on Twitter: [Fri Jul 06 10:25:20 +0000 2018](https://twitter.com/adulau/status/1015179886879739904)) +---- +@DFNCERT @cyb3rops @cocaman @MISPProject Ok all cool. I know what I’ll do when commuting today by train... + +(Originally on Twitter: [Fri Jul 06 11:08:15 +0000 2018](https://twitter.com/adulau/status/1015190685287419904)) +---- +@DFNCERT @cyb3rops @cocaman @MISPProject Updated https://github.com/MISP/misp-warninglists/commit/017d9b220f399eccd622f2f379fbd177f687d263 we might expand with auto-generated one from file magic. + +(Originally on Twitter: [Fri Jul 06 15:48:16 +0000 2018](https://twitter.com/adulau/status/1015261153751175174)) +---- +@Aristot73 @halvarflake I'm always amazed how a simple Twitter discussion can become a profound discussion. Maybe nowadays, we are at the paroxysm of "code is law". Remembering the @lessig book published 20 years ago... ![](media/1015526624329072640-DhffcsEXcAAkTNe.jpg) + +(Originally on Twitter: [Sat Jul 07 09:23:09 +0000 2018](https://twitter.com/adulau/status/1015526624329072640)) +---- +@Aristot73 @halvarflake "finally one indulges in a sentimental hope of endless journeyings from star to star." and my bookshelf recently collapsed. + +(Originally on Twitter: [Sat Jul 07 09:35:37 +0000 2018](https://twitter.com/adulau/status/1015529762784194560)) +---- +Looking at @fermatslibrary and their recent interview about the project on @ycombinator https://blog.ycombinator.com/fermats-library-annotating-academic-papers-every-week/ this remembers me the incredibly good discussions with @miguno and how far we are from usable shared annotation on Internet. + +(Originally on Twitter: [Sat Jul 07 14:10:21 +0000 2018](https://twitter.com/adulau/status/1015598900533530626)) +---- +@eqe @Foone @Neko_Ed V’ger naming was not from Star Trek http://memory-alpha.wikia.com/wiki/V%27ger ? + +(Originally on Twitter: [Mon Jul 09 04:44:05 +0000 2018](https://twitter.com/adulau/status/1016181172144046085)) +---- +@Wyv3rnSec @MISPProject @The_Pi_Hole pi hole seems very interesting. How is the gathering, addition and removal of advertising hosts (IP and domains) done? Could we imagine to create a public feed to allow analyst on MISP to do correlation? + +(Originally on Twitter: [Mon Jul 09 05:05:35 +0000 2018](https://twitter.com/adulau/status/1016186581806350338)) +---- +RT @halvarflake: Looks like great bedtime reading.... https://fas.org/irp/nsa/automate.pdf + +(Originally on Twitter: [Mon Jul 09 05:08:16 +0000 2018](https://twitter.com/adulau/status/1016187254648332288)) +---- +I’m curious about the procurement process and how is this “tool” composed of “software and hardware modules” is really working? +https://mobile.twitter.com/lalibrebe/status/1016192994389549056 + +(Originally on Twitter: [Mon Jul 09 05:35:56 +0000 2018](https://twitter.com/adulau/status/1016194220107948032)) +---- +"A Practical Approach to the Automatic Classification of Security-Relevant Commits" https://arxiv.org/pdf/1807.02458.pdf maybe we need more work on this to make it completely integrated in some tools to add information about potential security-related commit. ![](media/1016244965243084801-DhptGBuWkAAsupW.jpg) + +(Originally on Twitter: [Mon Jul 09 08:57:35 +0000 2018](https://twitter.com/adulau/status/1016244965243084801)) +---- +@bortzmeyer @pbeyssac @AnnalesdesMines Interdire des algorithmes... alors que Jean-Baptiste Soufron était un défenseur du libre? Je vois déjà le cadre juridique tarabiscoté pour essayer de savoir l’algorithm utilisé.... + +(Originally on Twitter: [Mon Jul 09 15:46:13 +0000 2018](https://twitter.com/adulau/status/1016347801624694784)) +---- +@crypt0ad @ronindey I suppose they kindly accept pull-request 😉 + +(Originally on Twitter: [Mon Jul 09 16:13:55 +0000 2018](https://twitter.com/adulau/status/1016354774701264896)) +---- +@KimZetter @xa329 @SteveD3 We did a similar one sometime ago https://gist.github.com/adulau/6209099 + +(Originally on Twitter: [Mon Jul 09 18:11:28 +0000 2018](https://twitter.com/adulau/status/1016384356481486848)) +---- +RT @MISPProject: We extended the support with new MISP objects to easily share software or hardware vulnerabilities along with their associ… + +(Originally on Twitter: [Tue Jul 10 10:22:29 +0000 2018](https://twitter.com/adulau/status/1016628717928550400)) +---- +@kevinallix @MISPProject @FxStellamans @NCIAgency @circl_lu @NISTcyber @zmanion Good idea. It’s something we could do and publish as a feed. + +(Originally on Twitter: [Tue Jul 10 10:26:50 +0000 2018](https://twitter.com/adulau/status/1016629816341204993)) +---- +Where is the European DARPA? + +(Originally on Twitter: [Tue Jul 10 15:37:16 +0000 2018](https://twitter.com/adulau/status/1016707937635618816)) +---- +Just added a new @MISPProject warning-list about the domains and IP used by @Microsoft365 in their "Attack Simulator" - phishing awareness campaign. https://github.com/MISP/misp-warninglists/commit/d378c4e9efdab60298b7ad657515516183ea3de4 - those awareness campaigns can be very confusing while doing DFIR. ![](media/1016935410260463617-DhzgsKcW4AEVmlu.jpg) + +(Originally on Twitter: [Wed Jul 11 06:41:10 +0000 2018](https://twitter.com/adulau/status/1016935410260463617)) +---- +@Qwant_FR Do you have a public and open API to query your search engine? + +(Originally on Twitter: [Wed Jul 11 15:44:45 +0000 2018](https://twitter.com/adulau/status/1017072210392027136)) +---- +@HybridAnalysis @0x3c7 Really cool. Do you include the ATT&CK @MISPProject galaxy in the MISP JSON export? That would be a perfect companion. + +(Originally on Twitter: [Thu Jul 12 04:35:46 +0000 2018](https://twitter.com/adulau/status/1017266239343857665)) +---- +@ktneely @alexhutton @MISPProject @Microsoft365 Thank you, this would help a lot. + +(Originally on Twitter: [Thu Jul 12 05:20:15 +0000 2018](https://twitter.com/adulau/status/1017277435761569792)) +---- +RT @circl_lu: We just released an IMAP proxy in Python which can be used to sanitize malicious (based on PyCIRCLean library) attachment or… + +(Originally on Twitter: [Thu Jul 12 12:00:43 +0000 2018](https://twitter.com/adulau/status/1017378214791073794)) +---- +I have the strong feeling that someone is trolling me at the office... ![](media/1017414251848220672-Dh6U2JeUEAEiLTw.jpg) + +(Originally on Twitter: [Thu Jul 12 14:23:54 +0000 2018](https://twitter.com/adulau/status/1017414251848220672)) +---- +Seeing people who were involved in the m4 syntax abomination complaining about syntax in other programming language. It’s like listening to a dictator complaining about the wording of the declaration of human rights. + +(Originally on Twitter: [Thu Jul 12 21:06:08 +0000 2018](https://twitter.com/adulau/status/1017515475713122304)) +---- +RT @cyb3rops: Still waiting for the first #SIEM with native support for Sigma rules +> you wouldn’t need the Sigmac converter anymore and c… + +(Originally on Twitter: [Fri Jul 13 04:30:20 +0000 2018](https://twitter.com/adulau/status/1017627261397360640)) +---- +RT @MISPProject: Want to join the dream team of @MISPProject at the summer hackathon (7-9 August) hosted by @circl_lu and @C3_Luxembourg to… + +(Originally on Twitter: [Fri Jul 13 04:31:57 +0000 2018](https://twitter.com/adulau/status/1017627668710293505)) +---- +@foobar27 It was more my painful experience with sendmail m4 configuration before Postfix came to the rescue ;-) + +(Originally on Twitter: [Fri Jul 13 05:03:31 +0000 2018](https://twitter.com/adulau/status/1017635613338669056)) +---- +@jpmens Especially when talking about poor users of proprietary software which cannot even work together to improve a software... + +(Originally on Twitter: [Fri Jul 13 05:20:38 +0000 2018](https://twitter.com/adulau/status/1017639920809250816)) +---- +RT @StackSmashing: My experience in 2018 with responsible disclosure has been terrible. Right now feel like it would be better to just full… + +(Originally on Twitter: [Fri Jul 13 06:30:04 +0000 2018](https://twitter.com/adulau/status/1017657394145488896)) +---- +RT @Timo_Steffens: According to indictment, the development of APT28 's trademark backdoor X-Agent seems to be developed in-house at GRU (n… + +(Originally on Twitter: [Fri Jul 13 16:47:50 +0000 2018](https://twitter.com/adulau/status/1017812861396111360)) +---- +RT @Timo_Steffens: Remember the developer handle "kazak" mentioned in several reports on X-Agent (e.g. https://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xagent-macos-tool/) ? According… + +(Originally on Twitter: [Fri Jul 13 16:48:42 +0000 2018](https://twitter.com/adulau/status/1017813079713828866)) +---- +RT @circl_lu: "Summer hackathon - Open Source Security Hackathon - Improving and integrating CERT/CSIRT tools" August 7-9 2018 +https://t.… + +(Originally on Twitter: [Fri Jul 13 17:28:54 +0000 2018](https://twitter.com/adulau/status/1017823194663747584)) +---- +RT @likethecoins: I'll pore over this indictment in days to come, but this is one section that jumped out at me today. If you move to the c… + +(Originally on Twitter: [Sat Jul 14 07:01:04 +0000 2018](https://twitter.com/adulau/status/1018027581025800193)) +---- +@sergedroz Not sure. From the reading of the indictment, it seems a copy flowing (ssh?) on the internal network of the cloud provider. Some cloud providers offer unaccounted bandwitdth between their customers on the same switched network. + +(Originally on Twitter: [Sat Jul 14 07:50:41 +0000 2018](https://twitter.com/adulau/status/1018040068185968640)) +---- +RT @angealbertini: My HackPra keynote +is in the same series as the one I did for @hack_lu last year, but for student/younger professional.… + +(Originally on Twitter: [Sat Jul 14 08:59:07 +0000 2018](https://twitter.com/adulau/status/1018057289796857858)) +---- +@angealbertini @hack_lu Very insightful presentation (and the design is just great!). In my IMHO, curiosity, tenacity, persistence, "put your fingers in the grease" and sharing are often the important aspect of a peaceful, knowledgeable, mindful and enjoyable life. + +(Originally on Twitter: [Sat Jul 14 09:09:35 +0000 2018](https://twitter.com/adulau/status/1018059925854064640)) +---- +Seeing the current rate of new devices popping up in 868MHz (even in the country-side) especially the new smart-metering stuff (using Wavenis), I'm wondering how long it will take before being abused... any good Wavenis decoder in open source? ![](media/1018120119837429760-DiD6q1hXcAEHZcK.jpg) + +(Originally on Twitter: [Sat Jul 14 13:08:46 +0000 2018](https://twitter.com/adulau/status/1018120119837429760)) +---- +sometime it can be difficult to find the differences between the reality and a game. @deresz666 @Iglocska #contextfree ![](media/1018160984370896896-DiE7_r-XcAE1dEP.jpg) + +(Originally on Twitter: [Sat Jul 14 15:51:09 +0000 2018](https://twitter.com/adulau/status/1018160984370896896)) +---- +@Shiftreduce @deresz666 @Iglocska The cards where from @BAESystemsplc (a gift from Mr. @deresz666) and the dices are from the cyber attribution dice (acquired those during a @hack_lu charity session ;-) + +(Originally on Twitter: [Sat Jul 14 16:02:13 +0000 2018](https://twitter.com/adulau/status/1018163769053188096)) +---- +@LeFloatingGhost @deresz666 @Iglocska No doubt: custom malware beats 0day ;-) + +(Originally on Twitter: [Sat Jul 14 16:17:02 +0000 2018](https://twitter.com/adulau/status/1018167495021260800)) +---- +@Shiftreduce @deresz666 @Iglocska @BAESystemsplc @hack_lu I'll try to get some for you ;-) + +(Originally on Twitter: [Sat Jul 14 16:17:43 +0000 2018](https://twitter.com/adulau/status/1018167667709145092)) +---- +@S_Team_Approved @6vis_pacem https://www.youtube.com/watch?v=-zVgWpVXb64 + +(Originally on Twitter: [Sat Jul 14 19:31:43 +0000 2018](https://twitter.com/adulau/status/1018216488786911233)) +---- +@6vis_pacem @C3_Luxembourg @secin_lu @eromang @MONARCproject The MISP taxonomies are fully independent from @MISPProject project. There are in other software such as AIL, TheHive so @MONARCproject would make sense too. We are looking into it. + +(Originally on Twitter: [Tue Jul 17 08:30:03 +0000 2018](https://twitter.com/adulau/status/1019137140591153153)) +---- +RT @citizenlab: An integral part of the Citizen Lab's mandate is seeking applicants who enrich our discourse by ensuring it is the product… + +(Originally on Twitter: [Tue Jul 17 16:49:23 +0000 2018](https://twitter.com/adulau/status/1019262800550612992)) +---- +RT @xg5_datafiend: Sometimes I'm productive. Tag @MISPProject events and upload indicators to @CrowdStrike https://github.com/xg5-simon/MISP-Integrations/blob/master/misp2cs.py + +(Originally on Twitter: [Wed Jul 18 07:20:29 +0000 2018](https://twitter.com/adulau/status/1019482019355652096)) +---- +RT @MISPProject: A new object template has been added in @MISPProject to exchange SMS as-is within MISP. Especially to ease reporting of ph… + +(Originally on Twitter: [Wed Jul 18 13:39:26 +0000 2018](https://twitter.com/adulau/status/1019577385480486918)) +---- +@InfoSecMatters It’s just the beginning with all the financial services which will appear with PSD2 and all the funky APIs. + +(Originally on Twitter: [Wed Jul 18 17:59:49 +0000 2018](https://twitter.com/adulau/status/1019642913528086528)) +---- +@TheHive_Project @MISPProject @twsecblog We are used to talk about “l’excellence francaise” at the office but it’s about the incredible @SNCF services ;-) I didn’t want to make the parallel for real cool open source software such as TheHive. + +(Originally on Twitter: [Wed Jul 18 18:11:35 +0000 2018](https://twitter.com/adulau/status/1019645876157984768)) +---- +RT @TheHive_Project: Thanks @twsecblog for showing some good use cases of the powerful @MISPProject, TheHive & Cortex trio during #SANSFIRE… + +(Originally on Twitter: [Thu Jul 19 05:58:11 +0000 2018](https://twitter.com/adulau/status/1019823698734350336)) +---- +@martijn_grooten We are wholeheartedly with you. + +(Originally on Twitter: [Thu Jul 19 06:10:54 +0000 2018](https://twitter.com/adulau/status/1019826895943340033)) +---- +I wanted to use the following classification estimative-language:confidence-in-analytic-judgment="low” when seeing this interview or we should add the scale to “zero” https://mobile.twitter.com/NBCNews/status/1019657105995960322 + +(Originally on Twitter: [Thu Jul 19 07:30:48 +0000 2018](https://twitter.com/adulau/status/1019847005122760704)) +---- +RT @kevinallix: @adulau might also need to alow negative values, for statements that actually reduce understanding 🙂 + +(Originally on Twitter: [Thu Jul 19 08:20:36 +0000 2018](https://twitter.com/adulau/status/1019859538839826433)) +---- +@kevinallix maybe this whole administration has a benefit. Reviewing all estimative language taxonomies and update the scales... + +(Originally on Twitter: [Thu Jul 19 08:58:17 +0000 2018](https://twitter.com/adulau/status/1019869022077308928)) +---- +RT @gallypette: @kevinallix @adulau Well you need another scale for deceptive statement because these statements do have a value : (12) Ge… + +(Originally on Twitter: [Thu Jul 19 08:58:58 +0000 2018](https://twitter.com/adulau/status/1019869193095843840)) +---- +@gallypette @kevinallix Nice one. We might need a complete taxonomy based on the current live examples... + +(Originally on Twitter: [Thu Jul 19 08:59:51 +0000 2018](https://twitter.com/adulau/status/1019869415469445120)) +---- +We will do a summer hackathon at @circl_lu and @switchcert to fill some gaps in the #DFIR open source tool chains. We have already some cool ideas to extend existing open source software or bootstrap new projects. Join us! https://www.circl.lu/pub/summer-hackathon/ + +(Originally on Twitter: [Thu Jul 19 16:47:23 +0000 2018](https://twitter.com/adulau/status/1019987074462732293)) +---- +@gallypette Interesting dataset, do you think that we could improve classification for disinformation to automate the sharing of evidences? + +(Originally on Twitter: [Fri Jul 20 08:00:45 +0000 2018](https://twitter.com/adulau/status/1020216929263538176)) +---- +RT @cudeso: Just figured out that there’s a Gitter community for @MISPProject ; thank you @adulau for the pointer! #cti #dfir + +(Originally on Twitter: [Fri Jul 20 20:01:08 +0000 2018](https://twitter.com/adulau/status/1020398219736637440)) +---- +@cudeso @MISPProject Yep the chat inflation is killing us. What is the best open source tool to bridge IRC, Slack and Gitter together? + +(Originally on Twitter: [Fri Jul 20 20:03:48 +0000 2018](https://twitter.com/adulau/status/1020398892096122880)) +---- +@idafanatic @xme Good point. That’s why @MISPProject has a huge set of object template covering many artefact cases for DFIR https://www.misp-project.org/objects.html and it’s super easy to create your own. + +(Originally on Twitter: [Sun Jul 22 05:39:28 +0000 2018](https://twitter.com/adulau/status/1020906152496943104)) +---- +@idafanatic @xme @MISPProject This is indeed a great idea. Do they have some public examples? We could extend the template format of the objects describing how/where to collect the artifact and its validation. + +(Originally on Twitter: [Sun Jul 22 07:14:28 +0000 2018](https://twitter.com/adulau/status/1020930057295065089)) +---- +@blackswanburst A small question to extend the discussion. You don’t trust them based on the usage of the “threat intel” you share with them or you don’t trust them on other topics than the information shared. + +(Originally on Twitter: [Sun Jul 22 07:18:37 +0000 2018](https://twitter.com/adulau/status/1020931103618740224)) +---- +@idafanatic @xme @MISPProject I just saw an academic paper. If you or someone else find practical information, I would be glad to work on this. Having the info directly in the format could help to tell the analysts the different options of collection while creating a MISP event. + +(Originally on Twitter: [Sun Jul 22 07:25:32 +0000 2018](https://twitter.com/adulau/status/1020932842556149760)) +---- +@blackswanburst I have seen some organisations “discarding” information instead of “distrusting” information in a sharing community because of the country of origin for a specific organisation. Maybe we have to improve as distrusting is a great opportunity to scale and score information. + +(Originally on Twitter: [Sun Jul 22 07:34:13 +0000 2018](https://twitter.com/adulau/status/1020935026635091968)) +---- +@blackswanburst I strongly believe that the second option is where we should go. The recent extended event functionality in MISP came from that specific need. Having a report from a company A and then an organisation make a competitive analysis based on the initial event without touching it. + +(Originally on Twitter: [Sun Jul 22 07:46:53 +0000 2018](https://twitter.com/adulau/status/1020938216654950400)) +---- +@0xrawsec @TheHive_Project and a @MISPProject integration to share evidences. Maybe we should have the misp objects within the @TheHive_Project to ease the sharing of the evidences. + +(Originally on Twitter: [Mon Jul 23 15:27:33 +0000 2018](https://twitter.com/adulau/status/1021416536274276353)) +---- +RT @inbarraz: As @radareorg is a free alternative to IDA-Pro, I believe we should do everything we can to help make it better, for all the… + +(Originally on Twitter: [Mon Jul 23 19:38:12 +0000 2018](https://twitter.com/adulau/status/1021479611509694464)) +---- +RT @circl_lu: New version 2.4.1 of CIRCLean (USB key sanitizer) has been released fixing the USB detection issue https://www.circl.lu/projects/CIRCLean/ -… + +(Originally on Twitter: [Tue Jul 24 05:35:52 +0000 2018](https://twitter.com/adulau/status/1021630018638766080)) +---- +RT @newsoft: Un rapport sur le #Linky anglais : http://www.britishinfrastructuregroup.uk/wp-content/uploads/2018/07/BIG-Not-So-Smart-Full-Report.pdf + +"In fact security concerns reached such a degree in 2016, that GCH… + +(Originally on Twitter: [Tue Jul 24 06:13:05 +0000 2018](https://twitter.com/adulau/status/1021639385207500802)) +---- +I really enjoyed the @rencontresarles 2018 including the official exhibitions and the off. Some discoveries such as the work from @margaretlansink and her Borders of Nothingness. So many incredible projects and photographers. This makes me more optimistic for the future. ![](media/1021839671549145088-Di5NwZWXsAAkQpr.jpg) + +(Originally on Twitter: [Tue Jul 24 19:28:57 +0000 2018](https://twitter.com/adulau/status/1021839671549145088)) +---- +RT @MITREattack: We've released a whitepaper detailing ATT&CK's background, the various components of the framework, and our philosophy for… + +(Originally on Twitter: [Wed Jul 25 07:00:32 +0000 2018](https://twitter.com/adulau/status/1022013714030100480)) +---- +@cynicalsecurity @concinnityrisks Maybe like this https://github.com/MISP/misp-galaxy/blob/master/clusters/branded_vulnerability.json ? + +(Originally on Twitter: [Wed Jul 25 09:38:02 +0000 2018](https://twitter.com/adulau/status/1022053352891396099)) +---- +RT @concinnityrisks: @adulau @cynicalsecurity Very well done! Also, what about GLOBAL naming conventions between national vulnerability dat… + +(Originally on Twitter: [Wed Jul 25 11:07:05 +0000 2018](https://twitter.com/adulau/status/1022075760385961984)) +---- +@cynicalsecurity @concinnityrisks @Aristot73 @zmanion @halvarflake @pinkflawd So it's more a functional classification between @MITREattack and CWE https://cve.circl.lu/cwe to describe how the vulnerability is working. CWE is more focusing on describing the errors which lead to the exploitation. + +(Originally on Twitter: [Wed Jul 25 14:48:03 +0000 2018](https://twitter.com/adulau/status/1022131367965016064)) +---- +@cynicalsecurity @concinnityrisks @Aristot73 @zmanion @halvarflake @pinkflawd @MITREattack Then it's closer to @MITREattack ? + +(Originally on Twitter: [Wed Jul 25 15:07:32 +0000 2018](https://twitter.com/adulau/status/1022136274570887168)) +---- +"Emulating malware authors for proactive protection using GANs over a distributed image visualization of the dynamic file behavior" +https://arxiv.org/pdf/1807.07525.pdf and datasets are available -> https://github.com/bsvineethiitg/malwaregan the idea seems neat not sure about practical implementations. ![](media/1022146598120378368-Di9j48nX0AAACtr.jpg) + +(Originally on Twitter: [Wed Jul 25 15:48:34 +0000 2018](https://twitter.com/adulau/status/1022146598120378368)) +---- +RT @fdfalcon: I wrote about 3 Bluetooth vulnerabilities in Android which were fixed in the June and July 2018 security bulletins. Technical… + +(Originally on Twitter: [Wed Jul 25 16:02:42 +0000 2018](https://twitter.com/adulau/status/1022150154718248965)) +---- +RT @switchcert: Join us and @circl_lu for the open source security summer hackathon in Zurich https://swit.ch/hackathon2018 +or Luxembourg https:/… + +(Originally on Twitter: [Wed Jul 25 16:08:30 +0000 2018](https://twitter.com/adulau/status/1022151615367847936)) +---- +I would not be surprised if some intelligence agencies are using (or planning) to combine usage of IMSI catchers and TPMS collection to bound mobile phone and vehicle together. On a 800 kilometres trip, I found some basic correlations. (yep the Cell ID is next to my place ;-) ![](media/1022217946410745860-Di-jo_XW4AA1FF7.jpg) + +(Originally on Twitter: [Wed Jul 25 20:32:04 +0000 2018](https://twitter.com/adulau/status/1022217946410745860)) +---- +RT @DrunkBinary: ![](media/1022221107217281024-Di-LeXsVAAAArWZ.jpg) + +(Originally on Twitter: [Wed Jul 25 20:44:38 +0000 2018](https://twitter.com/adulau/status/1022221107217281024)) +---- +@lorenzo2472 For the TMPS, I'm using rtl_433 (https://github.com/merbanan/rtl_433) and gr-gsm https://github.com/ptrkrysik/gr-gsm/wiki/Usage for the GSM decoding with 3 RTL2832-like receivers (one for 433Mhz, another GSM900 tuning and one for scanning GSM bands). + +(Originally on Twitter: [Thu Jul 26 06:03:25 +0000 2018](https://twitter.com/adulau/status/1022361729420980224)) +---- +@eromang This would be in addition then. Now, the interesting part, I suppose car manufacturers are bound to specific mobile operators for eCall? Then it would be indeed even easier to correlate. The question, is it always on the network? not sure from the text https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32015R0758&from=EN + +(Originally on Twitter: [Thu Jul 26 06:09:07 +0000 2018](https://twitter.com/adulau/status/1022363163466129408)) +---- +@zoobab That's why if you travel Ryanair (or other very-low cost companies), you are supporting the practices. And by the way, you'll also pay the consequences (and take the associated risks including the financial risk of backup travel plans). + +(Originally on Twitter: [Thu Jul 26 07:29:32 +0000 2018](https://twitter.com/adulau/status/1022383403218423808)) +---- +"Specification-based Protocol Obfuscation" https://arxiv.org/pdf/1807.09464.pdf Is it something we will see more and more on the adversary side? Protocol obfuscation happens in some cases but it's rarely specification-based until now... ![](media/1022390809897984001-DjBC9mTW0AATalT.jpg) + +(Originally on Twitter: [Thu Jul 26 07:58:58 +0000 2018](https://twitter.com/adulau/status/1022390809897984001)) +---- +@eromang There are two eCall profiles for eCall-only profile which is only on request and eCall/VAS which is always on. It seems the IMSI allocation depends on the goodwill of the manufacturer. + +(Originally on Twitter: [Thu Jul 26 08:22:06 +0000 2018](https://twitter.com/adulau/status/1022396629670940672)) +---- +RT @hack_lu: And while we're at it: we're still looking at funding for ~10 diversity sponsorships in order to make it possible for all the… + +(Originally on Twitter: [Fri Jul 27 08:57:34 +0000 2018](https://twitter.com/adulau/status/1022767943539675136)) +---- +@KennethGeers Interesting. How do you do the classification of the malicious content with the correlation for each specific topic? I’m curious about the false-positive rate. + +(Originally on Twitter: [Fri Jul 27 12:46:00 +0000 2018](https://twitter.com/adulau/status/1022825430909419521)) +---- +Who can guess the "set of circumstances"? +"Authentication Bypass vulnerability in TPM autoboot in McAfee Drive Encryption (MDE) 7.1.0 and above allows physically proximate attackers to bypass local security protection via specific set of circumstances." +https://cve.circl.lu/cve/CVE-2018-6686 + +(Originally on Twitter: [Fri Jul 27 20:00:07 +0000 2018](https://twitter.com/adulau/status/1022934679773691904)) +---- +We have fundamentals issues in DFIR custody of evidence (reproducible builds of forensic tools, long-term storage,sharing evidences) but blockchain is more trendy... "B-CoC: A Blockchain-based Chain of Custody for Evidences Management in Digital Forensics" https://arxiv.org/pdf/1807.10359.pdf + +(Originally on Twitter: [Mon Jul 30 07:44:24 +0000 2018](https://twitter.com/adulau/status/1023836694108401664)) +---- +@gallypette But the paper mentioned is not funded by an H2020 project? + +(Originally on Twitter: [Mon Jul 30 09:41:41 +0000 2018](https://twitter.com/adulau/status/1023866210629427200)) +---- +@rafi0t On dirait une présentation commerciale du produit https://www.idealo.de/preisvergleich/OffersOfProduct/4564366_-professional-400-ml-tw-1000.html + +(Originally on Twitter: [Mon Jul 30 10:15:06 +0000 2018](https://twitter.com/adulau/status/1023874620619976705)) +---- +@rafi0t Plus tu essayes de l'enlever, plus il pénètre... c'est un gel oleoresin capsicum. https://prod.sandia.gov/techlib-noauth/access-control.cgi/1995/952129.pdf + +(Originally on Twitter: [Mon Jul 30 10:31:46 +0000 2018](https://twitter.com/adulau/status/1023878812944277504)) +---- +RT @abuse_ch: Does anyone know what malware this is? + +Malware distribution site: +https://urlhaus.abuse.ch/url/36725/ + +Malware sample: +https://t.co/CX6l… + +(Originally on Twitter: [Mon Jul 30 11:15:25 +0000 2018](https://twitter.com/adulau/status/1023889796664569856)) +---- +RT @MISPProject: Next week (August 7-9 2018), we participate to the summer hackathon organised by @circl_lu and @switchcert https://t.co/p7… + +(Originally on Twitter: [Mon Jul 30 11:20:12 +0000 2018](https://twitter.com/adulau/status/1023891001256103942)) +---- +RT @brucedang: After years of living under a rock, I decided to start blogging. My first article is about system call dispatching for Wind… + +(Originally on Twitter: [Tue Jul 31 09:18:40 +0000 2018](https://twitter.com/adulau/status/1024222806211534848)) +---- +Before reading this, sit in a quite place, breath slowly and start reading. +"The Second Amendment and Cyber Weapons - The Constitutional Relevance of Digital Gun Rights " https://arxiv.org/pdf/1807.11041.pdf ![](media/1024244650570383361-DjbWredX4AAid4Q.jpg) + +(Originally on Twitter: [Tue Jul 31 10:45:28 +0000 2018](https://twitter.com/adulau/status/1024244650570383361)) +---- +RT @_saadk: I am very honored & proud to work with such great professionals: @nadouani @_JLeonard @ninSmith_ @0x3c7 & toom. Also big props… + +(Originally on Twitter: [Tue Jul 31 15:02:49 +0000 2018](https://twitter.com/adulau/status/1024309413161656320)) +---- +RT @Sebdraven: my lastest article about the campaign of the Chinese hacking group 1937CN targeted Vietnameses officials. + + https://t.co/… + +(Originally on Twitter: [Tue Jul 31 19:13:51 +0000 2018](https://twitter.com/adulau/status/1024372586132774912)) +---- +I remember 20 years ago where we were told that you cannot achieve high quality and long-term development with FLOSS especially in security. Today many security software are FLOSS (from NIDS to packet filtering or DFIR). Future seems much brighter. + +https://twitter.com/_saadk/status/1024308241528958978 + +(Originally on Twitter: [Tue Jul 31 19:21:15 +0000 2018](https://twitter.com/adulau/status/1024374451167748096)) +---- +RT @josh_zelonis: Another day, another @MISPProject sighting. + +If I was interested in a career in, or building a #threatintel capability,… + +(Originally on Twitter: [Wed Aug 01 06:49:11 +0000 2018](https://twitter.com/adulau/status/1024547572277563392)) +---- +That’s pretty a small SHA1 ;-) ![](media/1024612144971698176-DjgnTguXsAE640Z.jpg) + +(Originally on Twitter: [Wed Aug 01 11:05:46 +0000 2018](https://twitter.com/adulau/status/1024612144971698176)) +---- +RT @JusticeRage: I'll attend @circl_lu's hackathon next week in Luxemburg to work on Manalyze. Whether you're there or not, let me know if… + +(Originally on Twitter: [Thu Aug 02 07:57:35 +0000 2018](https://twitter.com/adulau/status/1024927173931622400)) +---- +@Sebdraven Thank you. MISP event 5b60b046-c0c8-49ce-aa97-437a02de0b81 (feel free to update) - Looking at it (and some older events), maybe adding the threat actor galaxy "Goblin PANDA"/Hellsing would make sense ;-) https://www.misp-project.org/galaxy.html#_hellsing + +(Originally on Twitter: [Thu Aug 02 12:44:13 +0000 2018](https://twitter.com/adulau/status/1024999308918185984)) +---- +@Jipe_ You are missing the third picture which the first one with the text "30 days after the breach when everyone forgot". + +(Originally on Twitter: [Thu Aug 02 14:01:20 +0000 2018](https://twitter.com/adulau/status/1025018714582908928)) +---- +@ldelavaissiere @rafi0t @canardenchaine En fait, la situation est géniale. Tu n'as pas de réseaux de caméras à gérer, la responsabilité finale est sur l’opérateur de la caméra dans d'autres entreprises/personnes privées. #sarcasm Une petite lecture pour les étés caniculaires: http://www.interieur.gouv.fr/content/download/29083/213069/file/20090122040147.pdf + +(Originally on Twitter: [Fri Aug 03 07:24:01 +0000 2018](https://twitter.com/adulau/status/1025281114812899328)) +---- +RT @MISPProject: More you start to use @MITREattack techniques in your @MISPProject events, attributes and objects. You can start emerging… + +(Originally on Twitter: [Fri Aug 03 09:06:31 +0000 2018](https://twitter.com/adulau/status/1025306911380578305)) +---- +RT @MISPProject: MISP galaxy format extended to include the @CFR_org metadata from their great Cyber Operations Tracker to extend existing… + +(Originally on Twitter: [Fri Aug 03 12:02:58 +0000 2018](https://twitter.com/adulau/status/1025351316644798464)) +---- +Fun fact of the day in the world of CVE and software vulnerability, "Difficult to exploit" is a very common string used by @Oracle in their CVE descriptions for various of their products. Maybe some interesting facts could emerge out of this frequent usage? #vulnerability #CVE ![](media/1025707511146532865-DjwKlWTXgAAkWKf.jpg) + +(Originally on Twitter: [Sat Aug 04 11:38:22 +0000 2018](https://twitter.com/adulau/status/1025707511146532865)) +---- +RT @jwunder: This is great, building up real data sets around ATT&CK will help us figure out where to spend our time based on more than jus… + +(Originally on Twitter: [Sat Aug 04 20:33:39 +0000 2018](https://twitter.com/adulau/status/1025842221839462400)) +---- +Trying to estimate how large an IMSI database would be at large-scale, I gathered some statistics for single BTS (in the country side next to a national road) on a 5-day period. I started to work on a standard JSON format (the code will follow). https://github.com/adulau/FASCIA/blob/master/doc/format.md ![](media/1025861181255417857-DjyWzhvX4AAgnuG.jpg) + +(Originally on Twitter: [Sat Aug 04 21:48:59 +0000 2018](https://twitter.com/adulau/status/1025861181255417857)) +---- +@kevinallix Those numbers are the fixed IMSI. + +(Originally on Twitter: [Sun Aug 05 06:48:25 +0000 2018](https://twitter.com/adulau/status/1025996932559392769)) +---- +@ydklijnsma Why high? At the BTS is covering a pretty large portion of the area and looking at the number of cars per day, it seems pretty reasonable. It's a passive capture on a specific MNC/MCC/LAC/CID. + +(Originally on Twitter: [Sun Aug 05 06:51:36 +0000 2018](https://twitter.com/adulau/status/1025997734669635585)) +---- +@_Sn0rkY It's a passive capture. This works quite well. + +(Originally on Twitter: [Sun Aug 05 06:53:04 +0000 2018](https://twitter.com/adulau/status/1025998102010970114)) +---- +@eromang It would be a disproportionate effort to go from passive collection to active collection just to get the consent ;-) #sarcasm + +(Originally on Twitter: [Sun Aug 05 07:04:30 +0000 2018](https://twitter.com/adulau/status/1026000981203578880)) +---- +RT @0x3c7: #APT map is now updated to display @CFR_org information which is included in the newest version of @MISPProject galaxy. +https://… + +(Originally on Twitter: [Sun Aug 05 13:19:06 +0000 2018](https://twitter.com/adulau/status/1026095251679834118)) +---- +@d_olex @UlfFrisk Maybe @hack_lu this year? Luxembourg is a friendly place and the conference is considered to be technical ;-) + +(Originally on Twitter: [Sun Aug 05 14:34:31 +0000 2018](https://twitter.com/adulau/status/1026114232235028482)) +---- +The past 3 weeks, I was endlessly searching for the wabi-sabi of street-art. Some more years will be needed to find the rest... #photography https://www.flickr.com/photos/adulau/ ![](media/1026171760859906048-Dj2vqwTXcAAkVwQ.jpg) + +(Originally on Twitter: [Sun Aug 05 18:23:07 +0000 2018](https://twitter.com/adulau/status/1026171760859906048)) +---- +@jepoirrier @MSDBelgium Indeed then you have crappy lobbyist groups such as @cropprotection reusing the anti-vaccine groups against scientifics (who made academic publications demonstrating the risks of pesticides) to promote their dangerous goods. + +(Originally on Twitter: [Mon Aug 06 15:27:34 +0000 2018](https://twitter.com/adulau/status/1026489970926800897)) +---- +RT @plusvic: #YARA 3.8.0 has been released! https://github.com/VirusTotal/yara/releases/tag/v3.8.0 + +(Originally on Twitter: [Mon Aug 06 16:10:51 +0000 2018](https://twitter.com/adulau/status/1026500862343094272)) +---- +To summarize, it was a continuous battle with some banks to get/share details about mule bank accounts to stop and gather threat intelligence about these criminal networks. While at the same time... https://mobile.twitter.com/WSJ/status/1026470443727970305 + +(Originally on Twitter: [Mon Aug 06 16:19:11 +0000 2018](https://twitter.com/adulau/status/1026502960572977153)) +---- +@evematringe @circl_lu @switchcert Yes including light lunches and soft drinks for the 3 days. + +(Originally on Twitter: [Mon Aug 06 17:27:01 +0000 2018](https://twitter.com/adulau/status/1026520028148101126)) +---- +RT @circl_lu: Don't hesitate to join us for tomorrow for the hackathon at @circl_lu (Luxembourg) and @switchcert (Zurich) https://t.co/cr0… + +(Originally on Twitter: [Mon Aug 06 17:27:10 +0000 2018](https://twitter.com/adulau/status/1026520066811146240)) +---- +RT @MISPProject: MISP 2.4.94 released (aka summer improvements) with improved event graph interface, a new ElasticSearch plugin, various ex… + +(Originally on Twitter: [Mon Aug 06 21:39:48 +0000 2018](https://twitter.com/adulau/status/1026583644998180864)) +---- +@S_Team_Approved @hack_lu Whooaa, thank you for doing the archivist! + +(Originally on Twitter: [Tue Aug 07 20:00:21 +0000 2018](https://twitter.com/adulau/status/1026921003887337473)) +---- +@crandycodes Maybe it would be great if CLAs were abandonned in favor of each authors contributing to the open source projects and keeping their author-rights. + +(Originally on Twitter: [Wed Aug 08 05:07:24 +0000 2018](https://twitter.com/adulau/status/1027058676136325120)) +---- +@crandycodes CLA is basically telling the contributors that his contributions are becoming the one from the organisation and telling him/her that the organisation can relicense. Having multiple copyright owners to ensure the social contract while keeping the original licensing is better IMHO. + +(Originally on Twitter: [Wed Aug 08 05:22:21 +0000 2018](https://twitter.com/adulau/status/1027062436959072256)) +---- +@crandycodes Sure. I’m just saying that because we tend to avoid CLA in our team and pick an open source project where there is a way to ensure the continuity of the license. + +(Originally on Twitter: [Wed Aug 08 05:50:08 +0000 2018](https://twitter.com/adulau/status/1027069429170012160)) +---- +@rgardler @crandycodes The copyright will only be Microsoft for the contribution so it’s still allowing Microsoft to relicense the work/contribution under different terms. Does the copyright assignment includes all original contributors? I don’t think so... + +(Originally on Twitter: [Wed Aug 08 13:11:26 +0000 2018](https://twitter.com/adulau/status/1027180487490658305)) +---- +@migueldeicaza @crandycodes I know this is the classical argumentation. But the liability is still for the employee at the end which needs to ensure his/her working contract is fine with open source contributions. + +(Originally on Twitter: [Wed Aug 08 13:20:30 +0000 2018](https://twitter.com/adulau/status/1027182767451320327)) +---- +@migueldeicaza @crandycodes Indeed if you distribute the code merged/pulled but the original contribution in the fork is also the root distribution (and the liability is also for the employee too IMHO). + +(Originally on Twitter: [Wed Aug 08 14:43:12 +0000 2018](https://twitter.com/adulau/status/1027203580841926657)) +---- +@Nico_VanderB “Correlation entre réseaux de désinformation et intérêt prononcé pour RT/Sputnik“ je connais plusieurs analystes qui s'abonnent à RT/Sputnik ... et cela ne dérive cette corrélation vers une causalité sur le type d'utilisateurs. + +(Originally on Twitter: [Wed Aug 08 17:28:40 +0000 2018](https://twitter.com/adulau/status/1027245222324051968)) +---- +@sudousrcode @crandycodes Indeed DCO seems to me much more appropriate and balanced towards the contributors. https://developercertificate.org/ + +(Originally on Twitter: [Thu Aug 09 05:05:40 +0000 2018](https://twitter.com/adulau/status/1027420627005833216)) +---- +An interesting early work to convert observables/indicators from @TheHive_Project into Sigma rules https://github.com/jordisk/TheHive2Sigma by @Jordisk done during the hackathon at @circl_lu and @switchcert - @chrisred_68 is working on a similar @MISPProject module #ThreatIntelligence + +(Originally on Twitter: [Thu Aug 09 15:38:45 +0000 2018](https://twitter.com/adulau/status/1027579947697799168)) +---- +RT @xoreaxeaxeax: GOD MODE UNLOCKED: hardware backdoors in some x86 CPUs +https://github.com/xoreaxeaxeax/rosenbridge +White paper coming tomorrow. @BlackHatEven… + +(Originally on Twitter: [Thu Aug 09 20:34:50 +0000 2018](https://twitter.com/adulau/status/1027654456752660480)) +---- +I should not have looked at the "Threat Intelligence Platform" Wikipedia page where each vendor add their own platform to the list. Maybe assisting Wikipedia in building knowledge is better than self-adversiting... ![](media/1027887414008840192-DkPJCHCXcAAA97r.jpg) + +(Originally on Twitter: [Fri Aug 10 12:00:31 +0000 2018](https://twitter.com/adulau/status/1027887414008840192)) +---- +RT @CERTEU: Looking for a job? CERT-EU is HIRING! https://www.linkedin.com/pulse/looking-job-cert-eu-hiring-cert-eu/?published=t + +(Originally on Twitter: [Fri Aug 10 16:02:46 +0000 2018](https://twitter.com/adulau/status/1027948378511077379)) +---- +@cudeso @MISPProject @circl_lu It will be published soon ;-) That’s great for the chocolate! + +(Originally on Twitter: [Fri Aug 10 23:07:13 +0000 2018](https://twitter.com/adulau/status/1028055196339978241)) +---- +@aboutsecurity @SpielOfDavis @TTP_0 @USCERT_gov Maybe you would like to add it in the @MISPProject taxonomies https://github.com/MISP/misp-taxonomies + +(Originally on Twitter: [Sat Aug 11 07:24:38 +0000 2018](https://twitter.com/adulau/status/1028180372650110976)) +---- +What's the outcome of this regarding security updates? +https://www.java.com/en/download/release_notice.jsp but also long-term maintenance of open source projects relying on Java? OpenJDK is still maintain by Oracle mainly? Especially when the Apache foundation is composed of 58.6% projects using Java. ![](media/1028566477065138181-DkYxx2VWwAAYUSK.jpg) + +(Originally on Twitter: [Sun Aug 12 08:58:52 +0000 2018](https://twitter.com/adulau/status/1028566477065138181)) +---- +@xme I remember a discussion during a foreseen interoperability test between medical devices (a plug fest) and we proposed to pcap the protocols interactions to review it for security. We got a “strong no go” by the organisers... + +(Originally on Twitter: [Sun Aug 12 12:23:10 +0000 2018](https://twitter.com/adulau/status/1028617889409105920)) +---- +My favourite part of gardening: Collecting the seeds for the following years. The ones in the picture are snow pea harvested from the dried plants just today. #biology #gardening ![](media/1028661415228436480-DkaKGEYW4AE5QgJ.jpg) + +(Originally on Twitter: [Sun Aug 12 15:16:07 +0000 2018](https://twitter.com/adulau/status/1028661415228436480)) +---- +I will be at #UYBHYS in November (Brest, France) to talk about "How an open source project like @MISPProject can compete with complex intelligence programs" it could be fun... https://www.unlockyourbrain.bzh/ @AnDaolVras + +(Originally on Twitter: [Sun Aug 12 19:49:16 +0000 2018](https://twitter.com/adulau/status/1028730153722097664)) +---- +@martijn_grooten @gcluley I suppose you mean Europe at large... + +(Originally on Twitter: [Mon Aug 13 18:37:01 +0000 2018](https://twitter.com/adulau/status/1029074362677321729)) +---- +RT @martinboller: Going to @hack_lu 2018 + #MISP #ThreatIntel summit + @BSidesLux anybody want to meet up with an introvert geezer from .DK… + +(Originally on Twitter: [Tue Aug 14 16:18:03 +0000 2018](https://twitter.com/adulau/status/1029401775005224960)) +---- +RT @apnic: Passive observations of a large DNS Service: 2.5 years in the life of Google 8.8.8.8 https://blog.apnic.net/2018/08/14/passive-observations-of-a-large-dns-service/ https://t.co/x3yNlD… + +(Originally on Twitter: [Wed Aug 15 06:59:54 +0000 2018](https://twitter.com/adulau/status/1029623699203338240)) +---- +There is always a good running gag in various security mailing-lists: "Do you know a security contact at GoDaddy?" + +(Originally on Twitter: [Wed Aug 15 13:51:33 +0000 2018](https://twitter.com/adulau/status/1029727297803350016)) +---- +@jfslowik retrohunt, the 15th August... usually the majority of my retrohunts are performed at the end of the month ;-) + +(Originally on Twitter: [Wed Aug 15 15:40:57 +0000 2018](https://twitter.com/adulau/status/1029754828229099520)) +---- +@I_am_ryan_S @Techhelplistcom Having a custom, non-standard and scoped API doesn’t hinder an organisation to have an abuse/security contact point which works... and by the way, we used the api. + +(Originally on Twitter: [Thu Aug 16 06:18:25 +0000 2018](https://twitter.com/adulau/status/1029975651124764672)) +---- +@droethlisberger @xme I remember another debug session with more people for a similar issue (ok we added ZMQ in the loop) https://twitter.com/SteveClement/status/1014906054541561856 + +(Originally on Twitter: [Thu Aug 16 15:12:09 +0000 2018](https://twitter.com/adulau/status/1030109968857538563)) +---- +RT @circl_lu: "A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected… + +(Originally on Twitter: [Fri Aug 17 05:21:24 +0000 2018](https://twitter.com/adulau/status/1030323687956930560)) +---- +I thank someone who influenced me a lot @thisisaaronland especially the day (January 2007) he implemented machines tags in flickr. This is now part of the @MISPProject taxonomies and percolate into many threat intelligence projects. Thank you for designing real & concrete stuff. ![](media/1030731581500076032-Dk3jy6HXcAUVcnK.jpg) + +(Originally on Twitter: [Sat Aug 18 08:22:13 +0000 2018](https://twitter.com/adulau/status/1030731581500076032)) +---- +RT @PetrBenes: Dumped struct definitions from PDBs of ntoskrnl 17134 and 18204 - for anyone interested, here's the diff: https://t.co/0VeBS… + +(Originally on Twitter: [Sat Aug 18 08:40:36 +0000 2018](https://twitter.com/adulau/status/1030736206118699010)) +---- +"The structure of a system reflects the structure of the organization that built it." Richard E. Fairley (Wang Institute) + +(Originally on Twitter: [Sun Aug 19 21:16:27 +0000 2018](https://twitter.com/adulau/status/1031288809533648896)) +---- +RT @matthew_d_green: Thales and Gemalto are merging, and Gemalto apparently already bought Safenet. At least one HSM product line will prob… + +(Originally on Twitter: [Mon Aug 20 06:21:37 +0000 2018](https://twitter.com/adulau/status/1031426006173798400)) +---- +There is also something interesting with CVE. Look at CVE where publication date of the CVE is very recent compared to the original public disclosure date. https://cve.circl.lu/cve/CVE-2018-15553 Did Telus start to assign CVE and acquire a disclosure process? + +(Originally on Twitter: [Mon Aug 20 15:39:36 +0000 2018](https://twitter.com/adulau/status/1031566426795134976)) +---- +It seems @Iglocska and myself will be in Prague for another @MISPProject training. https://twitter.com/dcg420/status/1031530555391782912 We hope to see the #ThreatIntelligence CZ community at large. + +(Originally on Twitter: [Mon Aug 20 19:26:18 +0000 2018](https://twitter.com/adulau/status/1031623477353213953)) +---- +@wimremes @da_667 @stevelord @brucon @OPCDE We do it for @hack_lu too flight+hotel but the administration can be a real pain when you are a small team. (such as visa req, banks stealing random fees on wire transfer...) + +(Originally on Twitter: [Tue Aug 21 05:30:59 +0000 2018](https://twitter.com/adulau/status/1031775653417373696)) +---- +@ralphholz Where is this coming from? + +(Originally on Twitter: [Tue Aug 21 06:36:40 +0000 2018](https://twitter.com/adulau/status/1031792179642023937)) +---- +RT @thorstenholz: Liked our paper on reversing x86 processor microcode (https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/koppe)? Then you might find our upcoming @acm_ccs… + +(Originally on Twitter: [Tue Aug 21 11:07:25 +0000 2018](https://twitter.com/adulau/status/1031860318660714496)) +---- +RT @treyka: Registration is now open for the 18-20 March 2019 @FIRSTdotOrg Symposium on Cyber Threat Intelligence in London. This year's th… + +(Originally on Twitter: [Wed Aug 22 10:08:54 +0000 2018](https://twitter.com/adulau/status/1032207979154685954)) +---- +RT @frohoff: More Apache Struts RCE https://semmle.com/news/apache-struts-CVE-2018-11776 + +(Originally on Twitter: [Wed Aug 22 15:46:04 +0000 2018](https://twitter.com/adulau/status/1032292831979876353)) +---- +@eromang @mikko @_pst abuse contact for organisations is also fine... + +(Originally on Twitter: [Wed Aug 22 16:18:01 +0000 2018](https://twitter.com/adulau/status/1032300869134573569)) +---- +Reading the FUDs propaged by lawyers about AGPLv3 is funky especially that it’s a GPLv3 with an additional clause. I feel back the FUDs about the world collapsing in the nineties when an organisation was using the GPLv2... + +(Originally on Twitter: [Wed Aug 22 16:44:29 +0000 2018](https://twitter.com/adulau/status/1032307530624581632)) +---- +@zoobab And the argumentation is incorrect. The AGPLv3 disclosing of code source only applies when you distribute, publish or serve modified version. + +(Originally on Twitter: [Wed Aug 22 18:24:42 +0000 2018](https://twitter.com/adulau/status/1032332752773935104)) +---- +RT @MISPProject: Thanks to all the contributors (and the coordinator @SteveClement) who helped for the Japanese translation. MISP core soft… + +(Originally on Twitter: [Wed Aug 22 19:39:06 +0000 2018](https://twitter.com/adulau/status/1032351473819181056)) +---- +@markus_neis If I recall correctly, it was already used by old Agent.BTZ samples in 2010 (and even previously). + +(Originally on Twitter: [Wed Aug 22 20:50:23 +0000 2018](https://twitter.com/adulau/status/1032369413050130432)) +---- +Testing the new functionalities of @circl_lu AIL introduced by @Terrtia (for next version 1.3), we can easily find unstructured information containing encoded Base64, hex and binary. Automatically decoded & you can see the relationships between payloads used in this PowerShell. ![](media/1032634823142203393-DlSmKJHWsAEaRzt.jpg) + +(Originally on Twitter: [Thu Aug 23 14:25:01 +0000 2018](https://twitter.com/adulau/status/1032634823142203393)) +---- +RT @remco_verhoef: VNCScan (https://github.com/dutchcoders/vncscan) will download (unauthenticated) VNC server frames and output the OCR'ed text to the co… + +(Originally on Twitter: [Thu Aug 23 21:40:11 +0000 2018](https://twitter.com/adulau/status/1032744336289656833)) +---- +RT @circl_lu: New version of AIL (AIL framework - Analysis Information Leak framework +) released 1.3 including many new improvements (decod… + +(Originally on Twitter: [Fri Aug 24 13:57:35 +0000 2018](https://twitter.com/adulau/status/1032990305535123458)) +---- +RT @IntelNatSecJnl: We are very sad to hear of the recent death of Richards J. 'Dick' Heuer, a former senior CIA officer and scholar, whose… + +(Originally on Twitter: [Fri Aug 24 15:21:12 +0000 2018](https://twitter.com/adulau/status/1033011349591400448)) +---- +RT @likethecoins: ATT&CK + MISP = ♥️🎉🏆🍸! I truly hope this trend will continue. If anyone needs pointers on doing this, I am *more than hap… + +(Originally on Twitter: [Sat Aug 25 06:26:40 +0000 2018](https://twitter.com/adulau/status/1033239215147032576)) +---- +@SawabCenterFR Si je comprends bien votre tweet “promoted”, l’ignorance est une source d'humanité ? Pourtant les extrémistes abusent cette ignorance pour leurs objectifs. Il me semblait que l’initiative Sawab Center était pour contrer les extrémistes ? + +(Originally on Twitter: [Sat Aug 25 07:27:45 +0000 2018](https://twitter.com/adulau/status/1033254589854826497)) +---- +@MalwareJake The interesting part is how many people in the infosec field are still relying on Java for security ops (such as the ELK stack, Lucene, Apache Metron or Apache NiFi). + +(Originally on Twitter: [Sun Aug 26 06:24:58 +0000 2018](https://twitter.com/adulau/status/1033601176489611265)) +---- +@fouroctets and then you discover they have a port mapper service and the range is from 1024-65535... + +(Originally on Twitter: [Mon Aug 27 05:13:06 +0000 2018](https://twitter.com/adulau/status/1033945480215052288)) +---- +Trying to figure out about a JSON-LD schema file & why it's expressed in a specific unreadable way for a machine & a human at the same time. I discovered the reason behind. Another format built from consensus. ref: http://manu.sporny.org/2014/json-ld-origins-2/ Consensus and data format don't blend. ![](media/1034173544740151296-DloeP8AW0AENCQ2.jpg) + +(Originally on Twitter: [Mon Aug 27 20:19:21 +0000 2018](https://twitter.com/adulau/status/1034173544740151296)) +---- +@Andrew___Morris @GossiTheDog @GreyNoiseIO Is there a way to have feed-like dataset in GreyNoise? We could integrate those by default in @MISPProject feeds (as long users have an API key to GreyNoise) that would be cool. + +(Originally on Twitter: [Tue Aug 28 05:23:12 +0000 2018](https://twitter.com/adulau/status/1034310409975746560)) +---- +@Andrew___Morris @GossiTheDog @GreyNoiseIO @MISPProject I’ll do. Thanks a lot. + +(Originally on Twitter: [Tue Aug 28 05:33:44 +0000 2018](https://twitter.com/adulau/status/1034313060587122688)) +---- +“House panel rips CVE contracting and oversight policies” Why a group of countries is not financially supporting CVE assignment within an international public organisation? This is critical and at the moment a single organisation has to fight for budgets +https://www.cyberscoop.com/cve-mitre-house-energy-and-commerce-committee/ + +(Originally on Twitter: [Tue Aug 28 05:42:38 +0000 2018](https://twitter.com/adulau/status/1034315298520944640)) +---- +@1sand0s Indeed the risk is everywhere. Not sure what’s the best path but directly helping/supporting @MITREcorp would be another option too. I haven’t found the figures of the budget. Maybe it’s somewhere. + +(Originally on Twitter: [Tue Aug 28 06:03:06 +0000 2018](https://twitter.com/adulau/status/1034320449486897152)) +---- +RT @tylabs: new open source tool released: Dovehawk Bro Module https://github.com/tylabs/dovehawk MISP+Bro for threat hunting + +(Originally on Twitter: [Tue Aug 28 15:11:46 +0000 2018](https://twitter.com/adulau/status/1034458527417462785)) +---- +@1sand0s @MITREcorp It’s a significant large span... but vulnerability evaluation is indeed a resource intensive task. + +(Originally on Twitter: [Tue Aug 28 15:14:58 +0000 2018](https://twitter.com/adulau/status/1034459330106597378)) +---- +RT @z_edian: We just published our paper regarding how governments should assess and manage 0-day #vulnerabilities - with support of the Tr… + +(Originally on Twitter: [Tue Aug 28 16:27:37 +0000 2018](https://twitter.com/adulau/status/1034477613845282821)) +---- +RT @MISPProject: @TenSts @x0rz The majority of the OSINT feeds mentioned there are by default in @MISPProject and you can even easily add a… + +(Originally on Twitter: [Tue Aug 28 20:50:58 +0000 2018](https://twitter.com/adulau/status/1034543889506594816)) +---- +RT @tylabs: Thanks to @MISPProject and @adulau for adding the new bro signature datamodel today, support for using that plus indicators now… + +(Originally on Twitter: [Wed Aug 29 04:18:38 +0000 2018](https://twitter.com/adulau/status/1034656545886351360)) +---- +RT @BadAstronomer: The Opportunity Mars rover original mission was for 90 days. It's been on Mars since *2004*. That's like getting a car w… + +(Originally on Twitter: [Wed Aug 29 04:29:34 +0000 2018](https://twitter.com/adulau/status/1034659298192904192)) +---- +The funny scam & spam of the day. It seems that @JunckerEU was downgraded by some spammers as a "European Debt Recovery Agent". And "French" cooking recipes are regularly used to trick Bayesian filtering. Finding the jumble using @MISPProject mail-to-misp can become artistic. ![](media/1034775844059799552-Dlw3X7LXsAApA0c.jpg) + +(Originally on Twitter: [Wed Aug 29 12:12:41 +0000 2018](https://twitter.com/adulau/status/1034775844059799552)) +---- +@dakami and the license of Lerna changed back to an MIT license https://github.com/lerna/lerna/commit/37642a066ed0243d6312240c49c635c3431a989b + +(Originally on Twitter: [Thu Aug 30 05:09:32 +0000 2018](https://twitter.com/adulau/status/1035031743517138944)) +---- +@webhat @dakami But you still need the approvals of the past contributors (with significant original contributions) to change the license terms from an open source license (MIT) to a proprietary license. + +(Originally on Twitter: [Thu Aug 30 06:10:05 +0000 2018](https://twitter.com/adulau/status/1035046982551838720)) +---- +I was wondering why @CBC_BE stopped their agreement with @Visa and moved customers to @Mastercard #privacy now we might know why... https://mobile.twitter.com/WolfieChristl/status/1035489561818869760 + +(Originally on Twitter: [Fri Aug 31 20:24:03 +0000 2018](https://twitter.com/adulau/status/1035624280032202752)) +---- +@WolfieChristl @CBC_BE @Visa @Mastercard They recently moved all customers (with short notification) and my bet was the margin was higher for the bank with mastercard for a specific reason. Maybe the data sharing lowered the cost for the bank due to the increase of value for mastercard? + +(Originally on Twitter: [Fri Aug 31 20:33:00 +0000 2018](https://twitter.com/adulau/status/1035626529794011136)) +---- +@foobar27 @CBC_BE @Visa @Mastercard fintech or being compliant to PSD2 😉 + +(Originally on Twitter: [Fri Aug 31 20:34:39 +0000 2018](https://twitter.com/adulau/status/1035626943813693441)) +---- +@chrissanders88 @hexwaxwing @DAkacki Maybe it’s the only network packet capture and analysis library properly documenting their software vulnerabilities and fixes. Think about all the others proprietary network capture librariries who never requested a single CVE... + +(Originally on Twitter: [Fri Aug 31 20:54:55 +0000 2018](https://twitter.com/adulau/status/1035632044515250178)) +---- +RT @therealwlambert: Import @snort /@Suricata_IDS NIDS rules and @Bro_IDS Intel data from @MISPProject into @securityonion : + +https://t.co/… + +(Originally on Twitter: [Sat Sep 01 06:11:21 +0000 2018](https://twitter.com/adulau/status/1035772076081250304)) +---- +Information visualisation is hard. We are doing experiments with @mokaddem_sami to represent the persistence of injected shell commands in UDP packets & represent a pretty large dataset. This is still a work in progress. @EdwardTufte was right, we are still at infancy in #infovis ![](media/1035789207162298369-Dl_bHaeXsAAKb2S.jpg) + +(Originally on Twitter: [Sat Sep 01 07:19:25 +0000 2018](https://twitter.com/adulau/status/1035789207162298369)) +---- +@pro_integritate @mokaddem_sami @EdwardTufte Thank you for the feedback. We will update it step by step and show all the iterations in this tweet stream until the final version is reached. + +(Originally on Twitter: [Sat Sep 01 09:36:30 +0000 2018](https://twitter.com/adulau/status/1035823706424135680)) +---- +RT @MISPProject: Major updates in the @MISPProject galaxy including relationships and similarities between threat-actors (thx to @cvandepla… + +(Originally on Twitter: [Sat Sep 01 10:16:34 +0000 2018](https://twitter.com/adulau/status/1035833787245125632)) +---- +Saw some network equipments vendor advertisings mentioning "Autonomous Network", in my eyes, the definition can be a set of unpatched and unmaintained network equipments infected with some random malware living a life on their own. + +(Originally on Twitter: [Sat Sep 01 13:18:09 +0000 2018](https://twitter.com/adulau/status/1035879483553849346)) +---- +Internet is just incredible. Just got a message from @magneticnorth (dev of Graphviz) about LiveRAC https://www.cs.ubc.ca/nest/imager/tr/2008/liverac/liverac.pdf which gives a lot of design ideas for navigating over large time-series. We will have a look and see how can integrate this in a complete static export... + +(Originally on Twitter: [Sat Sep 01 15:00:33 +0000 2018](https://twitter.com/adulau/status/1035905253852545024)) +---- +RT @k8em0: Closed their #bugbounty too, effective immediately. +This is what happens when orgs: +1. Use marketing catchphrases instead of eng… + +(Originally on Twitter: [Sat Sep 01 16:19:50 +0000 2018](https://twitter.com/adulau/status/1035925204877365248)) +---- +@herrcore @seanmw We are glad to have you at @hack_lu ! + +(Originally on Twitter: [Sun Sep 02 06:02:48 +0000 2018](https://twitter.com/adulau/status/1036132313271345152)) +---- +RT @circl_lu: We are glad to be at the @CERTEU conference if you want to talk about ongoing projects from @circl_lu @MISPProject and the fu… + +(Originally on Twitter: [Mon Sep 03 15:27:05 +0000 2018](https://twitter.com/adulau/status/1036636705992962049)) +---- +RT @hack_lu: Agenda and talks for @hack_lu 2018 are now online https://2018.hack.lu/agenda/ https://2018.hack.lu/talks/ (16-18 October) - see you th… + +(Originally on Twitter: [Tue Sep 04 06:12:27 +0000 2018](https://twitter.com/adulau/status/1036859516820901888)) +---- +@DanCimpean @DariaC @FireEye @CERTEU The competitive advantage is often composed of different factors and information sharing can be also a competitive advantage as organisations tend to share more with organisations sharing more than less... + +(Originally on Twitter: [Tue Sep 04 14:15:54 +0000 2018](https://twitter.com/adulau/status/1036981180934103040)) +---- +@y0m @Jipe_ That's why we have in galaxies and taxonomies all the different model that people are using from Diamond model to ATT&CK. We have even a relationship mapping in the taxonomy https://github.com/MISP/misp-taxonomies/blob/master/mapping/mapping.json we could extend it for the galaxy but we need a volunteer to map NSA and ATT&CK + +(Originally on Twitter: [Tue Sep 04 15:33:42 +0000 2018](https://twitter.com/adulau/status/1037000759924142080)) +---- +@DanCimpean @MISPProject @CERTEU @MITREattack @Iglocska @DannyAzrak @yoshiparlevliet @MassimoFelici Indeed. We integrated @MITREattack from the early beginnings in MISP because we believe the model is really sane and can bring more to the users. http://www.misp-project.org/2018/06/27/MISP.2.4.93.released.html We have some crazy ideas for extension in a near future ;-) + +(Originally on Twitter: [Wed Sep 05 17:43:10 +0000 2018](https://twitter.com/adulau/status/1037395730254753793)) +---- +RT @DanCimpean: @adulau @MISPProject @CERTEU @MITREattack @Iglocska @DannyAzrak @yoshiparlevliet @MassimoFelici Keep doing it ... @MISPProj… + +(Originally on Twitter: [Wed Sep 05 19:14:35 +0000 2018](https://twitter.com/adulau/status/1037418735311761408)) +---- +RT @MISPProject: MISP 2.4.95 has been released https://www.misp-project.org/2018/09/06/MISP.2.4.95.released.html with a complete refactoring of the search API (allowing for more fle… + +(Originally on Twitter: [Thu Sep 06 17:28:20 +0000 2018](https://twitter.com/adulau/status/1037754382706794496)) +---- +RT @FrancoMisp: Plus que quelques % et un travail de revue/harmonisation des termes et @MISPProject sera pleinement accessible en français… + +(Originally on Twitter: [Thu Sep 06 18:01:21 +0000 2018](https://twitter.com/adulau/status/1037762695460794368)) +---- +@GlaCiuS_ I will ;-) + +(Originally on Twitter: [Thu Sep 06 20:47:29 +0000 2018](https://twitter.com/adulau/status/1037804502211026945)) +---- +@Aristot73 @NCSC Maybe it’s a good opportunity for @NCSC to work with EU partners on the topic. We would be glad to discuss about our efforts on the taxonomy topic for the past years. cc/ @MISPProject @circl_lu + +(Originally on Twitter: [Fri Sep 07 17:35:46 +0000 2018](https://twitter.com/adulau/status/1038118641970098176)) +---- +RT @Aristot73: @NCSC seeking input on "vocabularies", taxonomies +https://twitter.com/NCSC/status/1038034657852436480?s=19 ![](media/1038127643156250624-DmgiUDxX0AA_KdX.jpg) + +(Originally on Twitter: [Fri Sep 07 18:11:32 +0000 2018](https://twitter.com/adulau/status/1038127643156250624)) +---- +@blackswanburst Done. Expect some "Kopi luwak" soon. + +(Originally on Twitter: [Fri Sep 07 18:28:25 +0000 2018](https://twitter.com/adulau/status/1038131894129442817)) +---- +An improved version of the timeline visualisation of shell encoded injections in UDP packets captured by our honeypots. There are some interesting patterns in the persistence of some shells/filename. #infovis #honeypot +https://twitter.com/adulau/status/1035789207162298369 ![](media/1038163939216056320-DmhLyfoW4AEJm9H.jpg) + +(Originally on Twitter: [Fri Sep 07 20:35:45 +0000 2018](https://twitter.com/adulau/status/1038163939216056320)) +---- +RT @MISPProject: We will have two @MISPProject trainings 19-20 September (one for user and administration and one more targeting API/integr… + +(Originally on Twitter: [Sat Sep 08 06:26:52 +0000 2018](https://twitter.com/adulau/status/1038312695848730624)) +---- +"Confidence Building Measures for the Cyber Domain" +https://www.airuniversity.af.mil/Portals/10/SSQ/documents/Volume-12_Issue-3/Borghard-Lonergan.pdf A good point on the importance of information sharing (TTPs, signature, LE actions, vulnerabilities and remediation) from the governments to ensure stability at large. ![](media/1038407924303970305-Dmkppr3WsAAPb6v.jpg) + +(Originally on Twitter: [Sat Sep 08 12:45:16 +0000 2018](https://twitter.com/adulau/status/1038407924303970305)) +---- +RT @likethecoins: Right on, @JohnLaTwC! I was chatting with folks last night about how much respect and appreciation I have for those in ou… + +(Originally on Twitter: [Sat Sep 08 19:39:36 +0000 2018](https://twitter.com/adulau/status/1038512196035244039)) +---- +RT @OrangeCertCC: Thanks to @adulau, @Iglocska and the @MISPProject team for this excellent training. https://twitter.com/circl_lu/status/1038152013169799173 + +(Originally on Twitter: [Sat Sep 08 19:57:09 +0000 2018](https://twitter.com/adulau/status/1038516609806200838)) +---- +While digging in some malicious websites, the analytic tracking ID such as Google analytics can give some useful correlations and insight. I quickly made a simple MISP object template to share it within MISP events. #OSINT #ThreatIntel #ThreatHunting ![](media/1038746786544934913-DmpdChdX4AIIj8c.jpg) + +(Originally on Twitter: [Sun Sep 09 11:11:47 +0000 2018](https://twitter.com/adulau/status/1038746786544934913)) +---- +The template is now part of the default object templates in @MISPProject https://github.com/MISP/misp-objects/blob/master/objects/tracking-id/definition.json it's really easy to add your own. PR for updates or new templates are more than welcome! + +(Originally on Twitter: [Sun Sep 09 11:13:41 +0000 2018](https://twitter.com/adulau/status/1038747266176229376)) +---- +RT @likethecoins: This is a great example of why @MISPProject is so awesome...they find a cool thing that might be useful to analysts, so t… + +(Originally on Twitter: [Sun Sep 09 16:46:21 +0000 2018](https://twitter.com/adulau/status/1038830983238172673)) +---- +@NCert_Lu @_pst @circl I suppose you should read @circl_lu 😉 + +(Originally on Twitter: [Sun Sep 09 18:57:19 +0000 2018](https://twitter.com/adulau/status/1038863941487812609)) +---- +RT @cyb3rops: MISP v2.4.95 that has been released a few days ago comes with a #Sigma search query converter +https://www.misp-project.org/2018/09/06/MISP.2.4.95.released.html +@MISP… + +(Originally on Twitter: [Mon Sep 10 05:54:42 +0000 2018](https://twitter.com/adulau/status/1039029375604281344)) +---- +RT @likethecoins: Want to join the @MITREattack team? We have a position open! I'm happy to answer questions and refer you, so please send… + +(Originally on Twitter: [Mon Sep 10 15:30:47 +0000 2018](https://twitter.com/adulau/status/1039174355018805248)) +---- +RT @ScottiAlbertoG: @MISPProject @circl_lu @ABI_Lab @adulau thanks guys for the great training session on Misp! Shame it's already finishe… + +(Originally on Twitter: [Mon Sep 10 15:43:56 +0000 2018](https://twitter.com/adulau/status/1039177662898601985)) +---- +@gizolka @Iglocska @MISPProject Very. The complete process is there https://github.com/MISP/misp-rfc/commit/cfa09fe7f00aafde463eaf70c8e788e21ac9e264 + +(Originally on Twitter: [Mon Sep 10 18:24:11 +0000 2018](https://twitter.com/adulau/status/1039217989793579008)) +---- +RT @TomerAshur: Just one more thing. Everybody is making fun of Tesla for using a 40-bit key (and rightly so). But Tesla at least had a mec… + +(Originally on Twitter: [Tue Sep 11 02:52:38 +0000 2018](https://twitter.com/adulau/status/1039345946981793797)) +---- +@seamustuohy @Iglocska @MISPProject No worries. A field which was used one time, removed from the galaxy and just still in the specification. The new ‘related’ field is much better ;-) + +(Originally on Twitter: [Tue Sep 11 06:02:38 +0000 2018](https://twitter.com/adulau/status/1039393760935727104)) +---- +RT @circl_lu: We published TR-55 - SquashFu - an alternate Open Source Backup solution, resilient to Crypto Ransomware attacks - we welcome… + +(Originally on Twitter: [Wed Sep 12 06:20:17 +0000 2018](https://twitter.com/adulau/status/1039760592049975296)) +---- +RT @antirez: New blog post: LOLWUT, a piece of art inside a database command. http://antirez.com/news/123 + +(Originally on Twitter: [Wed Sep 12 15:37:47 +0000 2018](https://twitter.com/adulau/status/1039900889144877058)) +---- +@EPPGroup @lukasmandl Glass bottle and deposits is the only way to ensure a real circular economy. + +(Originally on Twitter: [Wed Sep 12 16:33:11 +0000 2018](https://twitter.com/adulau/status/1039914833821528064)) +---- +RT @MISPProject: We are building new bridges between Threat Intelligence Platform (@MISPProject ) and risk assessment platform (@MONARCproj… + +(Originally on Twitter: [Wed Sep 12 16:52:21 +0000 2018](https://twitter.com/adulau/status/1039919654645510144)) +---- +@Stekkz @SleepyEntropy http://github.com/MISP + +(Originally on Twitter: [Wed Sep 12 16:58:13 +0000 2018](https://twitter.com/adulau/status/1039921131535458305)) +---- +@altquinn This one could have been a stereoscopic one... + + +media/1040100259907678211-Dm8s9nDX4AAhAFm.mp4 + +(Originally on Twitter: [Thu Sep 13 04:50:00 +0000 2018](https://twitter.com/adulau/status/1040100259907678211)) +---- +@treyka Do you think open source developments are influenced by supra natural believes? I thought it was more the lack of sleep which was influencing the open source developments which can lead to some hallucinatory images... + +(Originally on Twitter: [Thu Sep 13 14:08:25 +0000 2018](https://twitter.com/adulau/status/1040240789161431042)) +---- +Bitlocker countermeasures. There are some interesting points for defense but also for exploitation... +https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-countermeasures + +(Originally on Twitter: [Thu Sep 13 17:01:56 +0000 2018](https://twitter.com/adulau/status/1040284454667870213)) +---- +RT @circl_lu: In order to protect infrastructure, applying preventive measures, taking security decisions, security measurements are critic… + +(Originally on Twitter: [Thu Sep 13 19:43:58 +0000 2018](https://twitter.com/adulau/status/1040325234266701825)) +---- +RT @y0m: Vba2Graph - A tool for security researchers, who waste their time analyzing malicious Office macros. https://github.com/MalwareCantFly/Vba2Graph + +(Originally on Twitter: [Fri Sep 14 05:40:00 +0000 2018](https://twitter.com/adulau/status/1040475228768530433)) +---- +RT @cynicalsecurity: I am sort of half-expecting that USB-C will take boot attacks to a new level thanks to all the “smart power” and stuff… + +(Originally on Twitter: [Fri Sep 14 06:48:21 +0000 2018](https://twitter.com/adulau/status/1040492431534432256)) +---- +RT @TheHive_Project: We & @MISPProject are glad to announce that we’ll give a refreshed joint workshop during @Botconf in Toulouse, FR. If… + +(Originally on Twitter: [Fri Sep 14 16:49:56 +0000 2018](https://twitter.com/adulau/status/1040643821917360130)) +---- +RT @EyalItkin: If you want to hear the full details about how we broke FAX, come see our talk in @hack_lu. #WhatTheFax #infosec https://t.c… + +(Originally on Twitter: [Sat Sep 15 12:57:00 +0000 2018](https://twitter.com/adulau/status/1040947591331151877)) +---- +RT @MISPProject: MISP Threat Intelligence Summit 0x04 - Monday 15 October https://www.hack.lu/misp-summit/ (the day before @hack_lu) agenda publish… + +(Originally on Twitter: [Sat Sep 15 13:08:26 +0000 2018](https://twitter.com/adulau/status/1040950470146183169)) +---- +RT @hack_lu: Don't forget before @hack_lu on Monday there is the @MISPProject summit https://2018.hack.lu/misp-summit/ (agenda published) and after (… + +(Originally on Twitter: [Sat Sep 15 13:31:51 +0000 2018](https://twitter.com/adulau/status/1040956364095410176)) +---- +@benkow_ Nice one and they give up dark backgrounds. They got an UI designer this time 😉 + +(Originally on Twitter: [Sun Sep 16 12:53:54 +0000 2018](https://twitter.com/adulau/status/1041309201459539968)) +---- +RT @FDezeure: First @MITREattack User Group in Europe taking place in Luxembourg on October 19th. Save the date! https://twitter.com/hack_lu/status/1040948412462649344 + +(Originally on Twitter: [Sun Sep 16 13:09:19 +0000 2018](https://twitter.com/adulau/status/1041313081349922817)) +---- +@benkow_ There is space for improvements ;-) + +(Originally on Twitter: [Sun Sep 16 13:09:51 +0000 2018](https://twitter.com/adulau/status/1041313211780395008)) +---- +RT @treyka: Get your talk submission in for the upcoming @FIRSTdotOrg Symposium on Cyber Threat Intelligence (18-20 March 2019 in London) b… + +(Originally on Twitter: [Mon Sep 17 16:40:10 +0000 2018](https://twitter.com/adulau/status/1041728528801308677)) +---- +RT @nunohaien: Strangely enough, this was actually one of the most inspiring and influential blog posts I've read in my career. It helped u… + +(Originally on Twitter: [Tue Sep 18 06:33:01 +0000 2018](https://twitter.com/adulau/status/1041938121108201472)) +---- +RT @Cyr_: @adulau So, you remember my idea to create a simple cronjob to monitor a CVE-Search instance? I eventually made it and it looks l… + +(Originally on Twitter: [Tue Sep 18 09:21:49 +0000 2018](https://twitter.com/adulau/status/1041980601266593792)) +---- +@Cyr_ @xme The CPE table in redis or MongoDB could be used for mapping the reverse. But maybe we need a kind of “fuzzy” matching to generate the complete cpe. Need to dig in some old code... + +(Originally on Twitter: [Tue Sep 18 13:29:41 +0000 2018](https://twitter.com/adulau/status/1042042981451264001)) +---- +RT @UYBHYS: Program and ticketing is out! #Brest #cybersec #ctf #Enjoy https://www.unlockyourbrain.bzh ![](media/1042043556519731200-DnXSfYAWwAAIJFL.jpg) + +(Originally on Twitter: [Tue Sep 18 13:31:58 +0000 2018](https://twitter.com/adulau/status/1042043556519731200)) +---- +@Cyr_ @xme Yep some work is required but it's feasible (just the matching will be fuzzy). + +(Originally on Twitter: [Tue Sep 18 13:39:25 +0000 2018](https://twitter.com/adulau/status/1042045431574945795)) +---- +Another good opsec advice for adversaries don't use Microsoft TechNet without using a good proxy. Microsoft is actively sharing with law enforcement who accessed TechNet. #WannaCry ![](media/1042046454452367363-DnYW1gKXoAQ0nfT.jpg) + +(Originally on Twitter: [Tue Sep 18 13:43:29 +0000 2018](https://twitter.com/adulau/status/1042046454452367363)) +---- +or even a @rapid7 account to setup your metasploit... ![](media/1042048138473889793-DnYYocyX0AAf9AO.jpg) + +(Originally on Twitter: [Tue Sep 18 13:50:11 +0000 2018](https://twitter.com/adulau/status/1042048138473889793)) +---- +@martijn_grooten Nope, I think it was delivered under a proper warrant. Just a good reminder for adversaries using TechNet to take adequate measures ;-) + +(Originally on Twitter: [Tue Sep 18 13:51:18 +0000 2018](https://twitter.com/adulau/status/1042048418984730627)) +---- +@pzb Microsoft can share the details when they receive a proper warrant from FBI/LE. + +(Originally on Twitter: [Tue Sep 18 13:52:08 +0000 2018](https://twitter.com/adulau/status/1042048628532109313)) +---- +@Cyr_ @xme The tricky part is that you need some logic to exclude some matches. + +(Originally on Twitter: [Tue Sep 18 15:02:08 +0000 2018](https://twitter.com/adulau/status/1042066246416707584)) +---- +RT @verovaleros: Did I mentioned I will be doing a workshop at .@hack_lu? We will have a lot of fun dissecting pcaps and staring at network… + +(Originally on Twitter: [Tue Sep 18 20:57:07 +0000 2018](https://twitter.com/adulau/status/1042155581811900416)) +---- +@DanielGallagher Did you play with AIL? https://github.com/CIRCL/AIL-framework + +(Originally on Twitter: [Tue Sep 18 21:03:36 +0000 2018](https://twitter.com/adulau/status/1042157214117621760)) +---- +RT @NTIAgov: NTIA's Evelyn Remaley discussed our work on cyber vulnerabilities at an @AtlanticCouncil event today. http://www.atlanticcouncil.org/events/webcasts/hacker-powered-security-voices-on-coordinated-vulnerability-disclosure… + +(Originally on Twitter: [Tue Sep 18 21:05:33 +0000 2018](https://twitter.com/adulau/status/1042157704771448832)) +---- +@DanielGallagher FYI, we did some significant work in the recent version of AIL and we will add the Tor crawler/analyser in the next release which will be very soon. We were thinking of plugin NiFi back to AIL at some point but it was just an idea until now. + +(Originally on Twitter: [Tue Sep 18 21:12:17 +0000 2018](https://twitter.com/adulau/status/1042159396682428416)) +---- +@KhatibSajjad @MISPProject @FIRSTdotOrg DM me an email with your email associated with your account. I’ll have a look. + +(Originally on Twitter: [Wed Sep 19 06:29:51 +0000 2018](https://twitter.com/adulau/status/1042299713968648192)) +---- +RT @circl_lu: We updated the @MISPProject training materials with the latest slides including "Building Information Sharing Communities usi… + +(Originally on Twitter: [Wed Sep 19 11:54:41 +0000 2018](https://twitter.com/adulau/status/1042381460144119808)) +---- +Discussing about benefit of CEH or certification, I don’t know. I just know that contributing or building open source software in security is a great way to build experience, practice and show what you can do. At the end, your open source project could end up in a CEH question... + +(Originally on Twitter: [Thu Sep 20 05:21:11 +0000 2018](https://twitter.com/adulau/status/1042644822652342273)) +---- +"Security and Protocol Exploit Analysis of the 5G Specifications" +https://arxiv.org/abs/1809.06925 ![](media/1042718579794292736-Dnh65ltXcAEYdnf.jpg) + +(Originally on Twitter: [Thu Sep 20 10:14:16 +0000 2018](https://twitter.com/adulau/status/1042718579794292736)) +---- +RT @likethecoins: Great advice! I've told mentees this: certs/boot camps may help a bit, but the key is experience. If you don't have that… + +(Originally on Twitter: [Fri Sep 21 04:06:41 +0000 2018](https://twitter.com/adulau/status/1042988460955426817)) +---- +Just added a first version of a malware-config object in @MISPProject based on a discussion with Stefan Kelm and an older one with @bambenek during his @hack_lu talk https://www.misp-project.org/objects.html#_malware_config feedback and pull-request welcome. ![](media/1043006322654949376-DnmALlbU8AAtlRG.jpg) + +(Originally on Twitter: [Fri Sep 21 05:17:40 +0000 2018](https://twitter.com/adulau/status/1043006322654949376)) +---- +Hey @SNCB do you plan to keep this operating model for the next months between Belgium and Luxembourg with old and broken equipments, cancellations and delays. ![](media/1043010686396157953-DnmEqtyVAAAc0hE.jpg) + +(Originally on Twitter: [Fri Sep 21 05:35:00 +0000 2018](https://twitter.com/adulau/status/1043010686396157953)) +---- +@SNCB To continue on the new capacity planning of @SNCB the IC2213 is composed with a non-functional section where you have access and then the supervisor asks to move to the over crowded part “because we shouldn’t be there”. + +(Originally on Twitter: [Fri Sep 21 15:22:29 +0000 2018](https://twitter.com/adulau/status/1043158532202344449)) +---- +@SNCB Talking about safety @sncb . Is it safe to have passengers standing in area like this? and have an empty wagon for safety reason? IC2213 ![](media/1043159723653124096-DnoMNzOWsAIIjQg.jpg) + +(Originally on Twitter: [Fri Sep 21 15:27:13 +0000 2018](https://twitter.com/adulau/status/1043159723653124096)) +---- +RT @TheHive_Project: We’d like to thank @Bsideslisbon for giving us the opportunity to present TheHive, Cortex & @MISPProject & demonstrate… + +(Originally on Twitter: [Sat Sep 22 07:23:21 +0000 2018](https://twitter.com/adulau/status/1043400341067313152)) +---- +@msuiche @halvarflake @dinodaizovi @thegrugq @_snagg if I misquote Robert Morris, "Never underestimate the attention, risk, money and time that an opponent will put into knowing your birthday." Enjoy! + +(Originally on Twitter: [Sat Sep 22 08:15:29 +0000 2018](https://twitter.com/adulau/status/1043413462137942017)) +---- +RT @MISPProject: Standard vocabularies & taxonomies are dynamic, standards need fast integration of new aspects. A good example, the MISP t… + +(Originally on Twitter: [Sat Sep 22 18:43:47 +0000 2018](https://twitter.com/adulau/status/1043571576573177857)) +---- +@Timo_Steffens Trying to map PoisonVine in existing MISP threat-actor cluster. To me it seems to looks like the old Winnti Group / APT17. What do you think? + +(Originally on Twitter: [Sun Sep 23 09:44:10 +0000 2018](https://twitter.com/adulau/status/1043798167769231360)) +---- +@Timo_Steffens I was searching my old crap of RDP scanning from the servers operated in TW by APT17 in 2014 and 2015 and found back similar compiled binaries (ZxShell, many others including some similar modified CVE PoC). Maybe a part of the staff exchange some shared drives. + +(Originally on Twitter: [Sun Sep 23 10:29:35 +0000 2018](https://twitter.com/adulau/status/1043809598032019457)) +---- +@Timo_Steffens You are maybe right. So a new threat-actor in @MISPProject galaxy would be better for the time-being until we figure out the relationship. + +(Originally on Twitter: [Sun Sep 23 10:30:49 +0000 2018](https://twitter.com/adulau/status/1043809908771164160)) +---- +@likethecoins Indeed. The report is interesting in the tools compilation and review aspect. The confidence in the analytic judgement is between low and moderate to us. We might need to review a bit more with the existing correlations and also add the various @MITREattack techniques & clusters ![](media/1043931151918870528-DnzJE_nW0AUb0-v.jpg) + +(Originally on Twitter: [Sun Sep 23 18:32:36 +0000 2018](https://twitter.com/adulau/status/1043931151918870528)) +---- +RT @FDezeure: EU ATT&CK Community workshop planned on October 19th in Luxembourg. With practitioners for practitioners. Registration on h… + +(Originally on Twitter: [Mon Sep 24 14:26:23 +0000 2018](https://twitter.com/adulau/status/1044231576266133504)) +---- +@cocaman @rattis @teamcymru @circl_lu We did indeed but we moved to a new version of ip asn history (bgp ranking ng). We need to import back the history. @rafi0t + +(Originally on Twitter: [Mon Sep 24 15:39:07 +0000 2018](https://twitter.com/adulau/status/1044249878942154753)) +---- +RT @jfslowik: The threat intel version of the carpenter's mantra ("Measure twice, cut once") is reflected in my manually updating and taggi… + +(Originally on Twitter: [Tue Sep 25 04:08:04 +0000 2018](https://twitter.com/adulau/status/1044438361191174145)) +---- +RT @deresz666: cef772b9b6df151903f8def7c83c1b80 +410f46e24357cb2f5e062baa11854db7 https://twitter.com/RolfRolles/status/1042361088052944896 + +(Originally on Twitter: [Tue Sep 25 17:02:30 +0000 2018](https://twitter.com/adulau/status/1044633251577548801)) +---- +"The Sorry State of TLS Security in Enterprise Interception Appliances" +https://arxiv.org/pdf/1809.08729.pdf Still want to install to TLS interception appliance in your network? A good overview of common issues and increased attack surface. ![](media/1044682062429650944-Dn90iApXoAAit_2.jpg) + +(Originally on Twitter: [Tue Sep 25 20:16:27 +0000 2018](https://twitter.com/adulau/status/1044682062429650944)) +---- +RT @zmanion: @adulau Cc @wdormann who is also not a fan https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html + +(Originally on Twitter: [Wed Sep 26 05:07:16 +0000 2018](https://twitter.com/adulau/status/1044815644997419009)) +---- +RT @cund99: Very alarming! TLS interception appliances should not be trusted. Even worse, some are deployed just to be "compliant" to whats… + +(Originally on Twitter: [Wed Sep 26 19:13:29 +0000 2018](https://twitter.com/adulau/status/1045028603753361408)) +---- +RT @MISPProject: The release 3.1.0 of the @TheHive_Project which includes the support for extended MISP events https://twitter.com/TheHive_Project/status/1045177175459205120 is a… + +(Originally on Twitter: [Thu Sep 27 05:18:58 +0000 2018](https://twitter.com/adulau/status/1045180977520291845)) +---- +RT @TheHive_Project: TheHive 3.1.0: Fresh out of the Oven. Active Response. @MISPProject import/export & extended events. Task grouping. An… + +(Originally on Twitter: [Thu Sep 27 05:19:09 +0000 2018](https://twitter.com/adulau/status/1045181025104646149)) +---- +RT @Sebdraven: At #bsidesbelfast2018 @SecurityBeard and @r00tbsd to speak about group123 ! ![](media/1045357825629851648-DoHbH46W0AAJ8Dr.jpg) + +(Originally on Twitter: [Thu Sep 27 17:01:42 +0000 2018](https://twitter.com/adulau/status/1045357825629851648)) +---- +RT @EdwardTufte: "If someone shows you simulations that only show the superiority of their method, you should be suspicious. A good set of… + +(Originally on Twitter: [Fri Sep 28 19:22:09 +0000 2018](https://twitter.com/adulau/status/1045755559910223872)) +---- +RT @MISPProject: We updated the standard format of the MISP galaxy template format and published an updated Internet-Draft https://t.co/N34… + +(Originally on Twitter: [Fri Sep 28 21:37:02 +0000 2018](https://twitter.com/adulau/status/1045789506182557696)) +---- +@ARTEfr Il y avait une émission à @franceinter qui visitait la bibliothèque d'une personne connue ou moins connue. On parlait de ses lectures favorites, du rangement de ses livres ou de plein de sujets autour d'une bibliothèque. Une émission sur ARTE avec le même concept serait génial. + +(Originally on Twitter: [Sat Sep 29 07:35:17 +0000 2018](https://twitter.com/adulau/status/1045940057662791680)) +---- +RT @reseauxsansfil: Just updated the OpenINTEL website (https://openintel.nl/) and added the data dictionary used for our measurement dat… + +(Originally on Twitter: [Sat Sep 29 08:57:46 +0000 2018](https://twitter.com/adulau/status/1045960817399791616)) +---- +@reseauxsansfil Thank you, sounds very interesting. A small question, what's the benefit of releasing the opendata in avro hadoop format instead of a standard JSON? + +(Originally on Twitter: [Sat Sep 29 09:23:07 +0000 2018](https://twitter.com/adulau/status/1045967197741490177)) +---- +@cbrocas @olberger Christophe, cela pourrait être un projet artistique pour les rencontres photographiques à Arles en parallèle avec la thèse en anthropologie. + +(Originally on Twitter: [Sat Sep 29 14:35:53 +0000 2018](https://twitter.com/adulau/status/1046045905030451200)) +---- +@bsb_ebooks You know where you learn it but your algorithm seems to like partial citations. Should I blame your creator? + +(Originally on Twitter: [Sat Sep 29 18:50:50 +0000 2018](https://twitter.com/adulau/status/1046110067370721280)) +---- +RT @MISPProject: MISP dashboard version 1.1 released including improvements (trending algorithm, trophy ranking and historical data) and ma… + +(Originally on Twitter: [Mon Oct 01 18:13:23 +0000 2018](https://twitter.com/adulau/status/1046825418467282944)) +---- +Sometime the anti-forensic tactic behind Turla seems to make no sense at all. A rule to match strings like "OPER|Sniffer '%s' running... ooopppsss..." is still triggering years after years new samples. It's not laziness of an operator, it's becoming a tactical design... + +(Originally on Twitter: [Mon Oct 01 21:09:03 +0000 2018](https://twitter.com/adulau/status/1046869624938221569)) +---- +RT @circl_lu: New AIL Framework released version 1.4 including a new Tor hidden service crawler and analyser. https://github.com/CIRCL/AIL-Framework Thank… + +(Originally on Twitter: [Tue Oct 02 15:40:40 +0000 2018](https://twitter.com/adulau/status/1047149375850536965)) +---- +Seeing all the vendors selling their own separated analysis of threat intelligence, I have the strong feeling that will be a temporary business when community and shared analysis will become a commodity at a later stage. ![](media/1047203089055469568-DohpbDyXUAEGjig.jpg) + +(Originally on Twitter: [Tue Oct 02 19:14:07 +0000 2018](https://twitter.com/adulau/status/1047203089055469568)) +---- +@mhbitman This is indeed the key question or element. Sharing with your enemies can be also positive on the long-term to even prevent conflict to happen. ![](media/1047212849674817536-DohycBeXUAIzPsh.jpg) + +(Originally on Twitter: [Tue Oct 02 19:52:54 +0000 2018](https://twitter.com/adulau/status/1047212849674817536)) +---- +RT @sergedroz: Ron Dibert, director of the @citizenlab will be at the Zurich Film Festival this Saturday 11:00 - 12:00 https://t.co/aVlSST… + +(Originally on Twitter: [Tue Oct 02 20:10:38 +0000 2018](https://twitter.com/adulau/status/1047217312129077249)) +---- +RT @MISPProject: New @osquery module for MISP added https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/export_mod/osqueryexport.py - if you have additional ideas for integration with osquery, l… + +(Originally on Twitter: [Wed Oct 03 18:15:10 +0000 2018](https://twitter.com/adulau/status/1047550644507299852)) +---- +@MzVasiq Just to be sure, can you pull the latest HEAD from git? + +(Originally on Twitter: [Thu Oct 04 05:25:47 +0000 2018](https://twitter.com/adulau/status/1047719410289582080)) +---- +@MzVasiq git pull origin 2.4 in the directory where MISP is installed (with the correct user and so on) and login again. + +(Originally on Twitter: [Thu Oct 04 05:42:34 +0000 2018](https://twitter.com/adulau/status/1047723631990722563)) +---- +@NCSC Are you sure (probability >0.85) about the "CyberCalliphate" ? https://www.ncsc.gov.uk/news/reckless-campaign-cyber-attacks-russian-military-intelligence-service-exposed cc/ @Timo_Steffens @cyb3rops ![](media/1047764090410737664-DopnDLLXkAAho8b.jpg) + +(Originally on Twitter: [Thu Oct 04 08:23:20 +0000 2018](https://twitter.com/adulau/status/1047764090410737664)) +---- +@dfirlu @NCSC @Timo_Steffens @cyb3rops Of course, it will help us ( @MISPProject ) to update the galaxy and add the opinion from NCSC in the list of threat actor for the attribution. https://github.com/MISP/misp-galaxy/blob/master/clusters/threat-actor.json#L4614 versus https://github.com/MISP/misp-galaxy/blob/master/clusters/threat-actor.json#L2068 + +(Originally on Twitter: [Thu Oct 04 08:57:58 +0000 2018](https://twitter.com/adulau/status/1047772808951025665)) +---- +@dfirlu @NCSC @Timo_Steffens @cyb3rops @MISPProject Misleading information and attribution are often synonyms. We are just poor archivists storing the claims from different countries... + +(Originally on Twitter: [Thu Oct 04 09:18:58 +0000 2018](https://twitter.com/adulau/status/1047778092264169472)) +---- +@dfirlu @NCSC @Timo_Steffens @cyb3rops @MISPProject Sure. We designed a functionality in MISP called extended event for the purpose of counter analysis. http://www.misp-project.org/2018/04/19/Extended-Events-Feature.html + +(Originally on Twitter: [Thu Oct 04 09:58:40 +0000 2018](https://twitter.com/adulau/status/1047788083352145920)) +---- +RT @frankgr: Een combinatie van fysiek en digitaal die intensief samenwerken aan een operatie. Dat laat het belang maar weer eens zien en h… + +(Originally on Twitter: [Thu Oct 04 10:50:52 +0000 2018](https://twitter.com/adulau/status/1047801218385567749)) +---- +@Timo_Steffens @dfirlu @NCSC @cyb3rops @MISPProject Indeed but I just hope that @NCSC could clarify it in the document ;-) + +(Originally on Twitter: [Thu Oct 04 12:31:51 +0000 2018](https://twitter.com/adulau/status/1047826633544163328)) +---- +@ju916 @Timo_Steffens You are reading our mind ;-) We are working on something... indeed. + +(Originally on Twitter: [Thu Oct 04 14:31:44 +0000 2018](https://twitter.com/adulau/status/1047856802543652865)) +---- +RT @r00tbsd: As I'm French I decided to show one of the @benkow_ slides from his #VB2018 talk. #NEXA ![](media/1047887821032361987-Doq1sm8XsAE6JIH.jpg) + +(Originally on Twitter: [Thu Oct 04 16:35:00 +0000 2018](https://twitter.com/adulau/status/1047887821032361987)) +---- +Looking at the AST2050 datasheet (I assume close to the AST2400), you can have one SPI flash and one FMC ( http://ftp.loongnix.org/doc/02data%20sheet/loongson3a/ast2050reg.pdf ) and it seems that the AST2500 one SPI for the BMC firmware and 2x host firmwares http://lists.infradead.org/pipermail/linux-mtd/2016-October/069818.html can this be the SPI flash for the BMC? ![](media/1047939217257648133-DosE6R1WwAEAF1r.jpg) + +(Originally on Twitter: [Thu Oct 04 19:59:13 +0000 2018](https://twitter.com/adulau/status/1047939217257648133)) +---- +@Aristot73 You are maybe right. After my reading of 4 data-sheets, using the magnification glass in gimp on this single "low quality" picture and trying to figure out the layout and IC references. At least my late train from @SNCB was useful at the end. + +(Originally on Twitter: [Thu Oct 04 20:30:13 +0000 2018](https://twitter.com/adulau/status/1047947015408275457)) +---- +@malpedia @ju916 @Timo_Steffens Looks great. Can we reimport the malware families back a new MISP galaxy called malpedia? Is this fine for you? + +(Originally on Twitter: [Fri Oct 05 09:25:30 +0000 2018](https://twitter.com/adulau/status/1048142123726454784)) +---- +Glad to be part of FLOSS projects which are not using CLA and keeping the same rights for the overall community of contributors. +https://drewdevault.com/2018/10/05/Dont-sign-a-CLA.html + +(Originally on Twitter: [Fri Oct 05 17:13:47 +0000 2018](https://twitter.com/adulau/status/1048259972700753922)) +---- +@cryptax it’s indeed hard. https://www.circl.lu/statjungle/iot-shellescaped/url-lifetime-20170101.pdf payload names (and lifetime) of the ones injected to vulnerable IoT devices. + +(Originally on Twitter: [Fri Oct 05 17:50:57 +0000 2018](https://twitter.com/adulau/status/1048269324211896320)) +---- +RT @TheHive_Project: Stickers? Check. +@MISPProject summit 04 talk? Check. +@hack_lu workshop materials? Check. +Good humor? Check. + +10 days t… + +(Originally on Twitter: [Sat Oct 06 07:10:22 +0000 2018](https://twitter.com/adulau/status/1048470503915225089)) +---- +In the past months, we worked hard on the new generic and standard API query interface in @MISPProject It was a difficult journey but it was worth it. Searching for indicators in a specific category and output in the format you want and apply filters, it's now super flexible. ![](media/1048882101733527557-Do5erRwW0AEuvE4.jpg) + +(Originally on Twitter: [Sun Oct 07 10:25:54 +0000 2018](https://twitter.com/adulau/status/1048882101733527557)) +---- +@aeris22 Maybe the design was for camping cars, trucks and tractors? + +(Originally on Twitter: [Sun Oct 07 10:27:00 +0000 2018](https://twitter.com/adulau/status/1048882375994871808)) +---- +@tibor_jager I would notify the registrar @Namecheap and their abuse contact about this. We can also see a nice example of the extreme interpretation of whois privacy which is supporting the scammers. Maybe calling the hoster "+49 221 82 82 93 35" Hosttech GmbH would be another option. ![](media/1048884187615387650-Do5h6qUXUAUYYfZ.jpg) + +(Originally on Twitter: [Sun Oct 07 10:34:12 +0000 2018](https://twitter.com/adulau/status/1048884187615387650)) +---- +@mhbitman @MISPProject The correlation engine is quite extensive (but indeed not well documented until now). The engine does "one-to-one" correlation for same matching values, "CIDR" block matching for IP addresses and fuzzy hashing matching distance based on a threshold value (e.g. ssdeep). + +(Originally on Twitter: [Sun Oct 07 12:49:45 +0000 2018](https://twitter.com/adulau/status/1048918300158296064)) +---- +@mhbitman @MISPProject I think it's pretty different. IMHO, Apache Spot is more a kind of SIEM normaliser and anomaly detection engine. MISP is more like a threat intelligence platform to share, gather and work threat-related information. + +(Originally on Twitter: [Sun Oct 07 13:24:05 +0000 2018](https://twitter.com/adulau/status/1048926941095645184)) +---- +Did some tests with binGraph from @mrmolley with an Emotet malware sample, putty and trilog (Trisis/Triton) (knowing the samples were built from 3 very different techniques). This indeed gives some good insights and the tool is pretty neat and extensible. https://github.com/geekscrapy/binGraph ![](media/1048932714622148609-Do6Na26X0AI-Ez5.jpg) + +(Originally on Twitter: [Sun Oct 07 13:47:02 +0000 2018](https://twitter.com/adulau/status/1048932714622148609)) +---- +Seeing the HN post about Fravia, I remember when we invited him at @hack_lu 2006. Meeting him was an incredible experience and a source of inspiration for all of us. http://search.lores.eu/Luxembourg_2006.htm + +(Originally on Twitter: [Mon Oct 08 05:19:09 +0000 2018](https://twitter.com/adulau/status/1049167292452495360)) +---- +RT @rbidule: Fully agree with you Alex. I remember him as if it were yesterday. Rarely had the occasion to meet a person like him. https://… + +(Originally on Twitter: [Mon Oct 08 11:45:11 +0000 2018](https://twitter.com/adulau/status/1049264440103915520)) +---- +RT @alexanderjaeger: Btw have you seen? @Iglocska will host a AMA at @hack_lu https://2018.hack.lu/talks/#Ask+Me+Anything+-+MISP +I am really looking forward to that… + +(Originally on Twitter: [Mon Oct 08 11:54:40 +0000 2018](https://twitter.com/adulau/status/1049266824506953728)) +---- +@ClausHoumann @rbidule https://news.ycombinator.com/item?id=18162062 + +(Originally on Twitter: [Mon Oct 08 14:50:21 +0000 2018](https://twitter.com/adulau/status/1049311037789556736)) +---- +RT @asfakian: My previous article on the "Latest advances in MITRE's ATT&CK framework" https://threatintel.eu/2018/10/06/latest-advances-in-mitres-attck-framework/ via @asfakian #threatintel #… + +(Originally on Twitter: [Mon Oct 08 20:08:14 +0000 2018](https://twitter.com/adulau/status/1049391036836003840)) +---- +RT @MISPProject: MISP 2.4.96 released including the refactoring of the restSearch API which allows common search queries across all export… + +(Originally on Twitter: [Tue Oct 09 19:28:46 +0000 2018](https://twitter.com/adulau/status/1049743492593934336)) +---- +RT @Dave_Maynor: Infosec relevant: I once attached a battery to a jailbroken iPhone and mailed it to a pentests victim. This sat in their m… + +(Originally on Twitter: [Tue Oct 09 20:50:09 +0000 2018](https://twitter.com/adulau/status/1049763973200007174)) +---- +@y0m I think this is not a new dilemma. Now the question is more: Should the IC drops a part of the secrecy when doing analysis and start collaborative analysis? https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/csi-studies/studies/vol51no3/building-a-global-intelligence-paradigm.html + +(Originally on Twitter: [Wed Oct 10 07:23:18 +0000 2018](https://twitter.com/adulau/status/1049923310736289792)) +---- +RT @fluxfingers: Registration is now open for the @hack_lu CTF 2018. Time to register your team! #CTF #Hack_lu +https://arcade.fluxfingers.net/register + +(Originally on Twitter: [Wed Oct 10 13:54:33 +0000 2018](https://twitter.com/adulau/status/1050021772031131648)) +---- +@jwildeboer @zoobab From the whois: "Registrant Organization: +Registrant State/Province: +Registrant Country: FR" +With the lovely and broken interpretation of the GDPR against whois service, we cannot even find out. + +(Originally on Twitter: [Wed Oct 10 13:59:58 +0000 2018](https://twitter.com/adulau/status/1050023136505356288)) +---- +@jwildeboer @zoobab Sure. I was looking for an email too. + +(Originally on Twitter: [Wed Oct 10 14:09:16 +0000 2018](https://twitter.com/adulau/status/1050025474074791936)) +---- +RT @Cyr_: CVESearchMonitor can cut your manual daily CVE filtering work by a factor of 100 and more: https://cyr-thoughts.frama.site/blog/practical-monitoring-of-vulnerabilities-with-cve-search +cc: @circl_lu… + +(Originally on Twitter: [Wed Oct 10 14:10:53 +0000 2018](https://twitter.com/adulau/status/1050025881396269056)) +---- +RT @malpedia: Malpedia's data is now available as a @MISPProject galaxy cluster! The most current version is available through our REST API… + +(Originally on Twitter: [Wed Oct 10 15:43:44 +0000 2018](https://twitter.com/adulau/status/1050049250158088193)) +---- +@VessOnSecurity @Random_Robbie https://bgpranking-ng.circl.lu/asn?asn=60144&prefix=185.244.25.0%2F24 - one of the subnet is indeed quite funky + +(Originally on Twitter: [Wed Oct 10 20:35:13 +0000 2018](https://twitter.com/adulau/status/1050122603489320961)) +---- +RT @MISPProject: . @MISPProject is strongly committed in the support of @MITREattack in the software and standards developed within MISP pr… + +(Originally on Twitter: [Thu Oct 11 15:13:32 +0000 2018](https://twitter.com/adulau/status/1050404035302498306)) +---- +RT @MITREattack: We wish @FDezeure and @adulau well as they convene a group in Luxembourg to discuss how the community is using ATT&CK. It'… + +(Originally on Twitter: [Thu Oct 11 19:42:31 +0000 2018](https://twitter.com/adulau/status/1050471726457470978)) +---- +Before talking about hardware implants, review the firmware and check with your vendors if you can check the integrity of the installed firmwares. You might be surprised... + +(Originally on Twitter: [Fri Oct 12 05:56:26 +0000 2018](https://twitter.com/adulau/status/1050626224538537985)) +---- +RT @_saadk: Eager to be at @hack_lu & work w/ @adulau @Iglocska @_JLeonard @0x3c7 & al. to help our fellow #CTI & #DFIR analysts level the… + +(Originally on Twitter: [Fri Oct 12 08:09:35 +0000 2018](https://twitter.com/adulau/status/1050659732145356801)) +---- +Recently (re)reading the re-edition of "Uncommon Places" from Stephen Shore published by @thamesandhudson but it seems the shadow took over my reading... #photography https://www.flickr.com/photos/adulau/44569607334/ ![](media/1051134104039841793-DpZfExKXoAQUWDF.jpg) + +(Originally on Twitter: [Sat Oct 13 15:34:34 +0000 2018](https://twitter.com/adulau/status/1051134104039841793)) +---- +The proposal for regulation of cross-border access to e-evidence includes the proposed form for production of the evidences. Looking at it, it seems we are still faraway for automated exchange of evidences... and it's still very manual. #DFIR https://ec.europa.eu/info/sites/info/files/annex_to_the_proposal_for_regulation_on_cross-border_access_to_e-evidence.pdf ![](media/1051170419359838208-DpaA8mfWsAAospl.jpg) + +(Originally on Twitter: [Sat Oct 13 17:58:52 +0000 2018](https://twitter.com/adulau/status/1051170419359838208)) +---- +RT @MISPProject: Agenda for @MISPProject summit 0x4 slightly updated for this afternoon. https://2018.hack.lu/misp-summit/ See you there! + +(Originally on Twitter: [Mon Oct 15 05:16:49 +0000 2018](https://twitter.com/adulau/status/1051703420418179072)) +---- +@FrancoMisp @MISPProject don't forget to make the pull-request. @SteveClement This is great we can announce during the summit in 2 hours ;-) + +(Originally on Twitter: [Mon Oct 15 10:35:43 +0000 2018](https://twitter.com/adulau/status/1051783673471741952)) +---- +@xme Indeed but now you can compare the two vendors capabilities... + +(Originally on Twitter: [Mon Oct 15 14:49:25 +0000 2018](https://twitter.com/adulau/status/1051847517330186240)) +---- +@xme To complement this, @cvandeplas said « @kaspersky is not among those 2 vendors » #findavendor + +(Originally on Twitter: [Mon Oct 15 14:51:08 +0000 2018](https://twitter.com/adulau/status/1051847952526991360)) +---- +An interesting work by @concinnityrisks which uses @MISPProject dataset to rank and derive APT capabilities and operational capacity. And it's open source https://github.com/Concinnity-Risks/LogisticalBudget #ThreatIntel ![](media/1051870966970798080-Dpj9mwuXUAgOnMX.jpg) + +(Originally on Twitter: [Mon Oct 15 16:22:36 +0000 2018](https://twitter.com/adulau/status/1051870966970798080)) +---- +RT @hack_lu: Don't forget that we have lightning talks (5 min talk) on Wednesday between 18:30 and 19:30 - register your talk in the lobby… + +(Originally on Twitter: [Tue Oct 16 07:18:07 +0000 2018](https://twitter.com/adulau/status/1052096331609763842)) +---- +RT @__luisalima__: Building a fake base station with @priyachalakkal at @Blackhoodie_RE @hack_lu ... this is sooo cool 😎 https://t.co/sMyNd… + +(Originally on Twitter: [Tue Oct 16 07:49:01 +0000 2018](https://twitter.com/adulau/status/1052104108788903936)) +---- +Interesting insights about the economics behind ransomware. Glad to see datasets shared via @MISPProject used for research. by @blackswanburst and Ankit Gangwal at @hack_lu ![](media/1052122649248305152-Dpnj9j3W4AA7C7v.jpg) + +(Originally on Twitter: [Tue Oct 16 09:02:41 +0000 2018](https://twitter.com/adulau/status/1052122649248305152)) +---- +RT @x0rz: #CryptoWall and #CryptoLocker alone made more than $87M USD (yes that’s millions) #hacklu #malware #threatintel https://t.co/6grN… + +(Originally on Twitter: [Tue Oct 16 09:31:19 +0000 2018](https://twitter.com/adulau/status/1052129852663435265)) +---- +RT @TheHive_Project: Dear @hack_lu participants, if you are attending the joint @MISPProject, TheHive & Cortex workshop on Wed, Oct 17 you… + +(Originally on Twitter: [Tue Oct 16 10:05:52 +0000 2018](https://twitter.com/adulau/status/1052138550328811521)) +---- +@eugeneteo @TheHive_Project @hack_lu @MISPProject Sure, we will. + +(Originally on Twitter: [Tue Oct 16 10:17:59 +0000 2018](https://twitter.com/adulau/status/1052141599902392321)) +---- +Digging into the "unindexed web" with the @blackswanburst historian, recommendations from customers are just as good as the @amazon reviews. This was crawled with a nifty open source we maintain ;-) https://github.com/CIRCL/AIL-framework ![](media/1052309121104408577-DpqNAqhWkAA2ooc.jpg) + +(Originally on Twitter: [Tue Oct 16 21:23:40 +0000 2018](https://twitter.com/adulau/status/1052309121104408577)) +---- +We found the new typeface from @Ministraitor at @hack_lu ![](media/1052333227422171136-Dpqjex0X4AAX_u-.jpg) + +(Originally on Twitter: [Tue Oct 16 22:59:27 +0000 2018](https://twitter.com/adulau/status/1052333227422171136)) +---- +RT @Ministraitor: Hack_lu 2018: What The Fax?! - Eyal Itkin and Yaniv Balmas +https://youtu.be/aahHbliwfm0 + +(Originally on Twitter: [Tue Oct 16 23:12:07 +0000 2018](https://twitter.com/adulau/status/1052336414568910849)) +---- +@6vis_pacem @AidsIsFake @MISPProject @blackswanburst @hack_lu Not really sure if they pivot from the original MISP dataset to get more data especially BTC adresses from other known variants. @blackswanburst should know better. + +(Originally on Twitter: [Wed Oct 17 05:45:31 +0000 2018](https://twitter.com/adulau/status/1052435417952387072)) +---- +RT @Dymaxion: The big takeaways from this talk so far is that you should really patch your yachts if you'd like to keep them. #hacklu + +(Originally on Twitter: [Wed Oct 17 15:52:13 +0000 2018](https://twitter.com/adulau/status/1052588097685385217)) +---- +RT @IPv4v6: Thanks to @_saadk and @adulau for the interesting workshop about #MISP and @TheHive_Project at #hacklu. ![](media/1052607421120729089-DpuST5gX4AADrPP.jpg) + +(Originally on Twitter: [Wed Oct 17 17:09:00 +0000 2018](https://twitter.com/adulau/status/1052607421120729089)) +---- +The only way to do passive dns collection is to ensure privacy by default. Not sure if @DamskyIrena agreed but she has labels. ![](media/1052678332469469184-DpvdV8xW4AEJSkF.jpg) + +(Originally on Twitter: [Wed Oct 17 21:50:46 +0000 2018](https://twitter.com/adulau/status/1052678332469469184)) +---- +RT @cryptax: I will soon be leaving #hacklu (flight back home). Great conference! Thanks very much @adulau @rafi0t . And very nice to meet… + +(Originally on Twitter: [Thu Oct 18 09:42:03 +0000 2018](https://twitter.com/adulau/status/1052857332793659392)) +---- +RT @barbieauglend: Thank you @rafi0t and @adulau for a great @hack_lu again! You are doing a good job on keeping #hacklu my favorite confer… + +(Originally on Twitter: [Thu Oct 18 15:19:32 +0000 2018](https://twitter.com/adulau/status/1052942263318441985)) +---- +RT @xme: How to extract #AES keys from devices by analyzing their electro-magnetic radiation… Impressing! #Hacklu + +(Originally on Twitter: [Thu Oct 18 15:50:20 +0000 2018](https://twitter.com/adulau/status/1052950013192654848)) +---- +RT @_xan4x: Thanks for the great conference @hack_lu to @adulau and @rafi0t ! +special thanks and nice to see you to @Blackhoodie_RE @barbi… + +(Originally on Twitter: [Thu Oct 18 17:13:08 +0000 2018](https://twitter.com/adulau/status/1052970849039466496)) +---- +RT @MarinaStephanov: Best inclusion initiative award goes to #blackhoodie at #cybersecutityweeklu #CyberSecMonth with @priyachalakkal @seci… + +(Originally on Twitter: [Thu Oct 18 17:13:44 +0000 2018](https://twitter.com/adulau/status/1052970998834827265)) +---- +@Ministraitor @c1t Sure. We might need it for the @MITREattack workshop of tomorrow. 😉 + +(Originally on Twitter: [Thu Oct 18 17:14:47 +0000 2018](https://twitter.com/adulau/status/1052971267056431104)) +---- +RT @c1t: Wow, my talk from #hacklu is already online. https://twitter.com/Ministraitor/status/1052945184546332673 + +(Originally on Twitter: [Thu Oct 18 17:15:15 +0000 2018](https://twitter.com/adulau/status/1052971382848540672)) +---- +@Ministraitor @c1t @MITREattack I have it. You can ping me. + +(Originally on Twitter: [Thu Oct 18 18:35:44 +0000 2018](https://twitter.com/adulau/status/1052991634735058944)) +---- +RT @hack_lu: http://hack.lu 2019 will take place from 22-24 October 2019. Take note in your agenda and we hope to see you there! T… + +(Originally on Twitter: [Fri Oct 19 09:17:14 +0000 2018](https://twitter.com/adulau/status/1053213472262160384)) +---- +RT @ynvb: Goodbye @hack_lu ! It’s been super-fun as always. Hope to see everyone again next year! + +(Originally on Twitter: [Fri Oct 19 12:14:11 +0000 2018](https://twitter.com/adulau/status/1053258006366969856)) +---- +RT @Iglocska: Sometimes you get totally blind sided by the awesome work a small team of 2-3 people can create as opposed to some behemoths.… + +(Originally on Twitter: [Fri Oct 19 12:16:40 +0000 2018](https://twitter.com/adulau/status/1053258628856209408)) +---- +@Ministraitor @BSidesWarsaw @MISPProject @hack_lu @BSidesLux @vickyjo Thank you for this incredible job and dedication to archive the infosec history. + +(Originally on Twitter: [Fri Oct 19 19:27:12 +0000 2018](https://twitter.com/adulau/status/1053366975089569793)) +---- +@cryptax @zh4ck middle one. + +(Originally on Twitter: [Fri Oct 19 20:09:29 +0000 2018](https://twitter.com/adulau/status/1053377616856707072)) +---- +RT @0x3c7: This was my first time @hack_lu, but definitely not my last time. Thanks to everyone involved, it was awesome. + +(Originally on Twitter: [Sat Oct 20 09:55:17 +0000 2018](https://twitter.com/adulau/status/1053585437254651904)) +---- +@Malwar3Ninja @MISPProject @elastic There is a default ES plugin in MISP. Check the settings ;-) + +(Originally on Twitter: [Sat Oct 20 13:24:01 +0000 2018](https://twitter.com/adulau/status/1053637968487944192)) +---- +RT @angealbertini: My keynote trilogy about +your future (as student/young graduate) +https://speakerdeck.com/ange/beyond-your-studies +yourself +https://t.co/oto6nWWkt… + +(Originally on Twitter: [Sun Oct 21 11:52:13 +0000 2018](https://twitter.com/adulau/status/1053977251237236736)) +---- +@_saadk So true. I'm also very addict to the "The Art Of Getting Lost" which also increases the photographic opportunities and artistic meditation. In the field, Rebecca Solnit is an interesting and prolific author. + +(Originally on Twitter: [Sun Oct 21 14:26:44 +0000 2018](https://twitter.com/adulau/status/1054016136419987457)) +---- +@MaliciaRogue To punish the persons or the governments, the difference is significant. The poor employee from the NSA (replace it with any public/private organisations) performing exploitation will be punished but not the State who employed him/her and ordered the exploitation. + +(Originally on Twitter: [Sun Oct 21 14:32:11 +0000 2018](https://twitter.com/adulau/status/1054017509052030976)) +---- +RT @shrekts: You should consider to submit something to the DFRWS EU 2019 conference in Oslo! http://dfrws.org/node/687#proposals + +(Originally on Twitter: [Mon Oct 22 20:11:12 +0000 2018](https://twitter.com/adulau/status/1054465215063097345)) +---- +It’s refreshing to see how #OSINT moved, over the years, from a neglected source to a significant source. + +(Originally on Twitter: [Tue Oct 23 05:38:52 +0000 2018](https://twitter.com/adulau/status/1054608072512024576)) +---- +RT @MISPProject: Sigma becomes the de facto standard for expressing SIEM queries. The tools to import Sigma into MISP events is improving h… + +(Originally on Twitter: [Tue Oct 23 11:39:05 +0000 2018](https://twitter.com/adulau/status/1054698722251210752)) +---- +RT @tomchop_: Tired of getting broken disks shipped through the mail? Introducing the GIFT-stick, an easy-to-use bootable image to carry ou… + +(Originally on Twitter: [Tue Oct 23 15:39:55 +0000 2018](https://twitter.com/adulau/status/1054759328786382848)) +---- +RT @blubbfiction: New tool in Sigma toolchain: Sigma2MISP + +Import Sigma rules from files into a @MISPProject event. + +https://t.co/5LarJMTNF… + +(Originally on Twitter: [Tue Oct 23 17:25:59 +0000 2018](https://twitter.com/adulau/status/1054786024486920194)) +---- +RT @taosecurity: Watching presentations at @MITREattack #ATTACKcon reminds me that the spread between high and low efficacy security teams… + +(Originally on Twitter: [Tue Oct 23 19:04:41 +0000 2018](https://twitter.com/adulau/status/1054810860785410049)) +---- +RT @circl_lu: We are glad to be at #GeekWeek (by @centrecyber_ca - @cybercentre_ca ) to work on various projects including @MISPProject int… + +(Originally on Twitter: [Tue Oct 23 20:03:36 +0000 2018](https://twitter.com/adulau/status/1054825688358895616)) +---- +RT @_saadk: As an odd to ‘The Art of Getting Lost’ coined by @adulau a few days ago, here is a picture I shot today while wandering in the… + +(Originally on Twitter: [Wed Oct 24 17:23:19 +0000 2018](https://twitter.com/adulau/status/1055147739984609281)) +---- +@errno_fail @tomchop_ If you have any patches, pull-request or issue to report for dcfldd, let us know. https://github.com/adulau/dcfldd + +(Originally on Twitter: [Wed Oct 24 21:27:41 +0000 2018](https://twitter.com/adulau/status/1055209236337254403)) +---- +RT @MISPProject: Many new object templates added in MISP related to forensic analysis such as mactime, tsk @sleuthkit , regripper and pytho… + +(Originally on Twitter: [Thu Oct 25 16:08:23 +0000 2018](https://twitter.com/adulau/status/1055491270280404992)) +---- +RT @aksha6193: My contribution towards adopting digital forensic analysis into a Threat intelligence platform - MISP #CyberThreatSharing #D… + +(Originally on Twitter: [Thu Oct 25 17:16:41 +0000 2018](https://twitter.com/adulau/status/1055508456608804864)) +---- +"ISC DNS Packet Generator" by @ISCdotORG https://github.com/isc-projects/dnsgen if you have some passive dns collectors relying on packet capture, dnsgen might be useful to include in your test cases. + +(Originally on Twitter: [Fri Oct 26 06:24:56 +0000 2018](https://twitter.com/adulau/status/1055706828728946688)) +---- +RT @_saadk: By #CTI & #DFIR sharing, as championed by @MISPProject, @adulau & other great souls in our community, we can dent #cybercrime.… + +(Originally on Twitter: [Fri Oct 26 12:01:52 +0000 2018](https://twitter.com/adulau/status/1055791619134423040)) +---- +RT @_saadk: 101 ways to analyze those observables! When @_JLeonard, @nadouani, Toom & myself decided to extract @TheHive_Project analysis e… + +(Originally on Twitter: [Fri Oct 26 12:02:06 +0000 2018](https://twitter.com/adulau/status/1055791677724446720)) +---- +@GLOBSEC @EmmanuelMacron A good opportunity for France to give away some sovereignty and reinforce the role of @enisa_eu then... + +(Originally on Twitter: [Fri Oct 26 15:15:14 +0000 2018](https://twitter.com/adulau/status/1055840283928264705)) +---- +RT @obilodeau: Celebrating GeekWeek's first place (as team 1) and a challenge coin for collaboration (earned by this PR: https://t.co/287St… + +(Originally on Twitter: [Sat Oct 27 08:13:25 +0000 2018](https://twitter.com/adulau/status/1056096518082584576)) +---- +Practical And Affordable Side-Channel Attacks by Francois Durvaux at @hack_lu 2018 https://www.youtube.com/watch?v=r_Q-V4Kfdkg + +(Originally on Twitter: [Sun Oct 28 08:01:32 +0000 2018](https://twitter.com/adulau/status/1056455911991009280)) +---- +I remember when we started to represent threat-actor information in JSON to make it available and parseable for everyone (MISP and others). It was a daunting task but now seeing people & organisations using the data: it's becoming a happy task. thx @0x3c7 +https://twitter.com/0x3c7/status/1056543385153093632 + +(Originally on Twitter: [Sun Oct 28 14:27:27 +0000 2018](https://twitter.com/adulau/status/1056553033700646912)) +---- +@_nullcipher It's quite simple. You can create a complete set of MISP objects to represent Android app from static analysis. Some objects already exist like Android permission https://www.misp-project.org/objects.html#_android_permission maybe we should update our @LIEF_project objects to add DEX in @MISPProject + +(Originally on Twitter: [Sun Oct 28 15:07:46 +0000 2018](https://twitter.com/adulau/status/1056563177452900355)) +---- +@_nullcipher @LIEF_project @MISPProject @rafi0t I remember we talked about extending the objects to support DEX (using LIEF) in addition to ELF, MachO and PE. + +(Originally on Twitter: [Sun Oct 28 15:11:49 +0000 2018](https://twitter.com/adulau/status/1056564198371680256)) +---- +@_nullcipher @LIEF_project @MISPProject Indeed, it's something we will do. By the way, the JSON format of MISP is documented and you can also use PyMISP to generate JSON format in MISP format. https://tools.ietf.org/html/draft-dulaunoy-misp-core-format-05 and we have an open 2-day training session in December at Luxembourg http://www.misp-project.org/events/ + +(Originally on Twitter: [Sun Oct 28 15:17:10 +0000 2018](https://twitter.com/adulau/status/1056565543610785793)) +---- +@VessOnSecurity https://bgpranking-ng.circl.lu/asn?asn=50360 + +(Originally on Twitter: [Mon Oct 29 21:07:14 +0000 2018](https://twitter.com/adulau/status/1057016028155297793)) +---- +RT @MISPProject: MISP 2.4.97 has been released including many improvements such as the related tags functionality or a new sighting search… + +(Originally on Twitter: [Tue Oct 30 07:33:10 +0000 2018](https://twitter.com/adulau/status/1057173550640050176)) +---- +RT @DmitriyMelikov: #Ursnif uses an interesting technique to bypass the analysis. It expects a mouse click and decrypts the malicious code… + +(Originally on Twitter: [Tue Oct 30 08:26:33 +0000 2018](https://twitter.com/adulau/status/1057186984249180160)) +---- +RT @therealsaumil: Programmers, +why is 🎃 == 🎄? + +Because Oct(31) == Dec(25) + +(Originally on Twitter: [Wed Oct 31 10:29:54 +0000 2018](https://twitter.com/adulau/status/1057580415064686593)) +---- +The lovely vendor model. They contacted us to have a MISP connector in their proprietary product and asked us to pay a membership to access their SDK. We are kind but come on... + +(Originally on Twitter: [Wed Oct 31 11:09:31 +0000 2018](https://twitter.com/adulau/status/1057590386829524993)) +---- +RT @d4_project: Don't forget to join us at http://www.luxembourg-internet-days.com/session/workshop-how-to-benefit-from-ddos-ecosystem/ at @LU_CIX Luxembourg Internet Days 2018 event for the "Workshop: How to… + +(Originally on Twitter: [Thu Nov 01 10:06:43 +0000 2018](https://twitter.com/adulau/status/1057936968984784896)) +---- +"Black-boxing the Black Flag: Anonymous Sharing Platforms and ISIS Content Distribution" +https://ro.uow.edu.au/cgi/viewcontent.cgi?article=4675&context=lhapapers IMHO this is not a real issue as such, this behaviour allows a close monitoring too (or counter operations) by other organisations. ![](media/1058656061413048320-DrEZXZ0WwAAkFUE.jpg) + +(Originally on Twitter: [Sat Nov 03 09:44:08 +0000 2018](https://twitter.com/adulau/status/1058656061413048320)) +---- +@faq @infobeamer Indeed, it's very impressive. Do you know which part of infobeamer is open source? + +(Originally on Twitter: [Sat Nov 03 10:19:28 +0000 2018](https://twitter.com/adulau/status/1058664952548999168)) +---- +Usually I don’t talk about personal matters but Today I’ll make an exception. My 15-year old washing machine just died. When going to the shop, I got a demonstration of an Internet connected washing machine accessible on port 80 without authentication. + + +media/1058815293210923008-DrGq5GsX0AEJlKX.mp4 + +(Originally on Twitter: [Sat Nov 03 20:16:52 +0000 2018](https://twitter.com/adulau/status/1058815293210923008)) +---- +@cryptax I purchased one without connectivity but 1/3 of washing machines were with some level of connectivity. The attack surface of home devices is growing like hell. Maybe a live test lab of devices would help to discover the vulnerabilities... I won’t do it with my clothes ;-) + +(Originally on Twitter: [Sat Nov 03 20:32:37 +0000 2018](https://twitter.com/adulau/status/1058819255775494144)) +---- +@xme Super-excited is indeed a good description of the salesman. He was less excited when I started to ask how he got the url in the browser in plain HTTP from an app. Then I asked for conventional washing machines without connectivity, he left and asked a colleague to take care of me + +(Originally on Twitter: [Sat Nov 03 20:43:55 +0000 2018](https://twitter.com/adulau/status/1058822100973162496)) +---- +@xme Reading some docs, IFTTT and HomeConnect seems commonly used « protocols » not exactly sure what was the protocol used for discovery and alike. I smell some security fun but I suppose someone did already some explorations. + +(Originally on Twitter: [Sat Nov 03 21:00:13 +0000 2018](https://twitter.com/adulau/status/1058826203589722112)) +---- +@mustafaqasim + + +media/1059083239703355392-DrKekUCWoAAuQQZ.mp4 + +(Originally on Twitter: [Sun Nov 04 14:01:35 +0000 2018](https://twitter.com/adulau/status/1059083239703355392)) +---- +RT @matthew_d_green: Several SSDs with hardware encryption appear to be busted. But the really terrible thing is that Bitlocker apparently… + +(Originally on Twitter: [Mon Nov 05 14:04:34 +0000 2018](https://twitter.com/adulau/status/1059446377015599104)) +---- +RT @cudeso: How to Use Passive DNS to Inform Your Incident Response https://securityintelligence.com/how-to-use-passive-dns-to-inform-your-incident-response/ #dfir #pdns + +(Originally on Twitter: [Mon Nov 05 17:38:46 +0000 2018](https://twitter.com/adulau/status/1059500280532885509)) +---- +RT @MISPProject: A new expansion module has been contributed (thanks to @SteveClement ) to get the balance of a Bitcoin address directly in… + +(Originally on Twitter: [Tue Nov 06 06:54:17 +0000 2018](https://twitter.com/adulau/status/1059700479532392448)) +---- +An interesting security effect of US Sanctions against Iran +https://twitter.com/r00tbsd/status/1059737498367287296 + +(Originally on Twitter: [Tue Nov 06 09:52:17 +0000 2018](https://twitter.com/adulau/status/1059745273700929536)) +---- +@ncaproni @sekoia_fr I love the "intelligence is better when shared" + +(Originally on Twitter: [Tue Nov 06 12:59:40 +0000 2018](https://twitter.com/adulau/status/1059792432907333636)) +---- +RT @MISPProject: First video recording of the "MISP Training Module 1 - An Introduction to Cybersecurity Information Sharing" released. #T… + +(Originally on Twitter: [Tue Nov 06 22:23:33 +0000 2018](https://twitter.com/adulau/status/1059934338849083392)) +---- +@LcPdn @MISPProject Sure I need to not forget when packing my stuff. + +(Originally on Twitter: [Wed Nov 07 20:36:46 +0000 2018](https://twitter.com/adulau/status/1060269852391366656)) +---- +An interesting project by @CERT_EE "@Suricata_IDS for All (S4A) is a distributed intrusion detection system (IDS) using open source components." https://github.com/cert-ee/s4a + +(Originally on Twitter: [Thu Nov 08 10:33:57 +0000 2018](https://twitter.com/adulau/status/1060480538509762561)) +---- +RT @rafi0t: You want a way to find the closest prefix and the ASN of an IP? The new version of IP ASN history is here: https://t.co/6TbJFwA… + +(Originally on Twitter: [Thu Nov 08 17:15:20 +0000 2018](https://twitter.com/adulau/status/1060581548410523649)) +---- +Listening to « How the Hippies Destroyed the Internet » #hippies at @tuvienna ![](media/1060582826297516032-DrfycnNXQAAFO5I.jpg) + +(Originally on Twitter: [Thu Nov 08 17:20:25 +0000 2018](https://twitter.com/adulau/status/1060582826297516032)) +---- +@_vecna @tuvienna It’s a live conversation but there is an article in @TheOfficialACM magazine. + +(Originally on Twitter: [Thu Nov 08 17:24:33 +0000 2018](https://twitter.com/adulau/status/1060583869152460801)) +---- +@sergedroz Until now the argumention is very simplistic “anarchy” + “free information” and predators came to build the “surveillance society”. + +(Originally on Twitter: [Thu Nov 08 17:39:10 +0000 2018](https://twitter.com/adulau/status/1060587544587526144)) +---- +RT @PhysicalDrive0: Full Discloser of #Andariel, +A Subgroup of #Lazarus Threat Group +https://global.ahnlab.com/global/upload/download/techreport/[AhnLab]Andariel_a_Subgroup_of_Lazarus%20(3).pdf + +(Originally on Twitter: [Thu Nov 08 22:13:07 +0000 2018](https://twitter.com/adulau/status/1060656488954372096)) +---- +RT @bellingcat: Thanks to crowdsourcing and the dedication of Bellingcat followers, it was possible to locate the specific rooftop in Asia… + +(Originally on Twitter: [Thu Nov 08 22:22:27 +0000 2018](https://twitter.com/adulau/status/1060658838674771968)) +---- +"Statistical inference on Mobile Phone data" +https://circabc.europa.eu/sd/a/6317d43e-1293-401e-81f2-f50a59127300/Mobile_Phone2.pdf + +(Originally on Twitter: [Fri Nov 09 05:55:44 +0000 2018](https://twitter.com/adulau/status/1060772910581850112)) +---- +I have this strange feeling with the increase commercialization and privatization of malware repositories (VT and others) that a community funded repository will become a need on the long run. But can it scale financially? + +(Originally on Twitter: [Fri Nov 09 07:44:11 +0000 2018](https://twitter.com/adulau/status/1060800201139589120)) +---- +@ronindey @vxlab_info @VXShare There are some similarities indeed but more like a Wikipedia-like organization operating the service for the community. + +(Originally on Twitter: [Fri Nov 09 07:54:47 +0000 2018](https://twitter.com/adulau/status/1060802870067585024)) +---- +@barbieauglend @virusbay_io It’s a commercial company? not like a foundation runs by the users? + +(Originally on Twitter: [Fri Nov 09 08:23:20 +0000 2018](https://twitter.com/adulau/status/1060810053140254720)) +---- +@cudeso @inea_eu I won't go for a startup which is the actual issue: monetization of malware repository access . Maybe a foundation (such as Mozilla or alike) would be more appropriate to rebalance the current situation. + +(Originally on Twitter: [Fri Nov 09 10:03:56 +0000 2018](https://twitter.com/adulau/status/1060835371125276672)) +---- +@mal_share @stevengoossens Interesting, I didn't know. Is the source code of the platform available under an open source license? + +(Originally on Twitter: [Fri Nov 09 15:03:43 +0000 2018](https://twitter.com/adulau/status/1060910814692028417)) +---- +@virusbay_io @barbieauglend Thank you. Is the software backend open source? + +(Originally on Twitter: [Fri Nov 09 16:17:07 +0000 2018](https://twitter.com/adulau/status/1060929284376813600)) +---- +@virusbay_io @barbieauglend I haven’t seen many malware repositories being open and having their backend also open source. Maybe it’s a good oportunity for leading the path? + +(Originally on Twitter: [Fri Nov 09 18:24:16 +0000 2018](https://twitter.com/adulau/status/1060961283720314882)) +---- +RT @msuiche: To all the students I've met during my visit, stay strong and don't get discouraged. They are more scared of you than you are… + +(Originally on Twitter: [Sat Nov 10 07:58:52 +0000 2018](https://twitter.com/adulau/status/1061166283855556608)) +---- +I think this pull-request (and interactions) (in the rtl_433 project) is full of informal golden advices when you contribute to an open source project and how maintainers should behave too. Really insightful. https://github.com/merbanan/rtl_433/pull/849 + +(Originally on Twitter: [Sat Nov 10 08:15:14 +0000 2018](https://twitter.com/adulau/status/1061170402762936323)) +---- +@cropprotection @EFSA_EU But you are actively lobbying against transparency for EU risk assessment and try to postpone the release of the research studies which can be of interest to the public. ![](media/1061281122838081536-DrpswySW4AAL7x_.jpg) + +(Originally on Twitter: [Sat Nov 10 15:35:11 +0000 2018](https://twitter.com/adulau/status/1061281122838081536)) +---- +RT @MISPProject: MISP project will be @UYBHYS the 17th November in Brest (France) to talk about MISP and its use within the Intelligence Co… + +(Originally on Twitter: [Sun Nov 11 10:04:04 +0000 2018](https://twitter.com/adulau/status/1061560181677613057)) +---- +While crawling the hidden services in @torproject , you might find various things from compromised systems, criminal services, obscure forums, shops selling illegal products.... and sometime, surrealist objects. Here is one. (crawled with AIL https://github.com/CIRCL/AIL-framework) ![](media/1061644630746451971-Dru3EC2X0AEZCaL.jpg) + +(Originally on Twitter: [Sun Nov 11 15:39:39 +0000 2018](https://twitter.com/adulau/status/1061644630746451971)) +---- +@x0rz I remember such statement where it was used to ban unlicensed cryptographic software under ITAR and the forensic tools under dual-use export regulation. Software is not like nuclear warheads... + +(Originally on Twitter: [Mon Nov 12 09:56:26 +0000 2018](https://twitter.com/adulau/status/1061920647859896320)) +---- +@okhin @x0rz Sure, components used to build warheads and I’m sure that any software could be used as component. Software is always dual-use. Looking at reality of licensing, hackingteam got an export license to sell RCS in regulated countries. + +(Originally on Twitter: [Mon Nov 12 10:06:56 +0000 2018](https://twitter.com/adulau/status/1061923288195260416)) +---- +@okhin @x0rz I’m sure the vendor will find a clever approach to add a second use of their software. My point is more, going to the export regulation regarding software is a dangerous path. + +(Originally on Twitter: [Mon Nov 12 10:13:05 +0000 2018](https://twitter.com/adulau/status/1061924837990522880)) +---- +RT @MISPProject: Thanks to @cvandeplas who did an incredible job on misp-maltego (a Maltego MISP integration tool allowing you to view data… + +(Originally on Twitter: [Mon Nov 12 15:01:10 +0000 2018](https://twitter.com/adulau/status/1061997337835380737)) +---- +RT @bascule: It takes an awful lot of doublethink to take TLS 1.3, remove forward secrecy, introduce a deliberate self-MitM capability, and… + +(Originally on Twitter: [Mon Nov 12 17:05:07 +0000 2018](https://twitter.com/adulau/status/1062028530521915392)) +---- +"IP Geolocation through Reverse DNS" +https://arxiv.org/pdf/1811.04288.pdf It seems realistic to create an open source library from this research. It would help to have additional sources for geolocation of IP sources (especially for comparison). #ThreatIntelligence ![](media/1062293167121281024-Dr4EaNVWwAATEJ0.jpg) + +(Originally on Twitter: [Tue Nov 13 10:36:42 +0000 2018](https://twitter.com/adulau/status/1062293167121281024)) +---- +@Piuliss All the best for your next projects! + +(Originally on Twitter: [Wed Nov 14 06:51:34 +0000 2018](https://twitter.com/adulau/status/1062598900576600065)) +---- +@DanielGallagher @Iglocska @ater49 @MISPProject Feel free to do a PR on the object template. I suppose that you know about https://github.com/ntddk/virustream which might be interest too. + +(Originally on Twitter: [Wed Nov 14 17:55:30 +0000 2018](https://twitter.com/adulau/status/1062765982903603207)) +---- +@OBonaventure For sure, we would glad to have an internship with one of your student. You know how to contact us ;-) + +(Originally on Twitter: [Thu Nov 15 06:28:35 +0000 2018](https://twitter.com/adulau/status/1062955505533022209)) +---- +RT @alexanderjaeger: You are not able to develop software at your job? Go and look out for an open source project you like using. So many f… + +(Originally on Twitter: [Thu Nov 15 08:38:19 +0000 2018](https://twitter.com/adulau/status/1062988152867094528)) +---- +@Iglocska @rafi0t I’m sure he could maintain the full chain. Linux kernel 2.4, the cpu microcode for old pentium and maybe the old hardware mainboard too. + +(Originally on Twitter: [Thu Nov 15 09:11:15 +0000 2018](https://twitter.com/adulau/status/1062996442137219072)) +---- +RT @bascule: Return of the Hidden Number Problem: A Widespread and Novel Key Extraction Attack on ECDSA and DSA https://tches.iacr.org/index.php/TCHES/article/view/7337 htt… + +(Originally on Twitter: [Fri Nov 16 14:38:18 +0000 2018](https://twitter.com/adulau/status/1063441133450289164)) +---- +Glad to be at @UYBHYS for the tomorrow conference. I love this feeling of a new and dynamic security conference where you feel this energy of creativity. This remembers me when we started 14 years ago the @hack_lu conference. + + +media/1063541295443034113-DsJ1EZQWkAE2ItD.mp4 + +(Originally on Twitter: [Fri Nov 16 21:16:19 +0000 2018](https://twitter.com/adulau/status/1063541295443034113)) +---- +RT @MaliciaRogue: Question intéressante sur le modèle économique plus global que représente la disclo de vulnérabilités : comment les bug b… + +(Originally on Twitter: [Sat Nov 17 10:14:12 +0000 2018](https://twitter.com/adulau/status/1063737058886340608)) +---- +RT @UYBHYS: Questioning Secrecy ! @MISPProject @adulau #UYBHYS ![](media/1063789750543400961-DsNWLcnWoAEwewP.jpg) + +(Originally on Twitter: [Sat Nov 17 13:43:35 +0000 2018](https://twitter.com/adulau/status/1063789750543400961)) +---- +RT @MISPProject: Slides "Improving Intelligence Community - MISP as an enabler for intelligence analysis" given at @UYBHYS #UYBHYS by @adul… + +(Originally on Twitter: [Sat Nov 17 14:45:16 +0000 2018](https://twitter.com/adulau/status/1063805272630661120)) +---- +RT @regisleguennec: Grosse rigolade pour le rump de @adulau qui nous présente sa collection d’images du darkweb #UYBHYS 👍 https://t.co/WrDE… + +(Originally on Twitter: [Sat Nov 17 16:04:25 +0000 2018](https://twitter.com/adulau/status/1063825193464938497)) +---- +RT @veorq: good Dan Geer as usual, less shallow and more nuanced arguments than Twitter pundits' +http://www.bsidesdc.org/history/geer.html https://t.co/F9V… + +(Originally on Twitter: [Sun Nov 18 13:26:09 +0000 2018](https://twitter.com/adulau/status/1064147750864986112)) +---- +@Ph_Cornette @patrickcoomans One of those “standards” where distribution is restricted. We are in 2018 and we rely on openly distributed documents such as the ones from IETF. Maybe it’s time for ISACA to release openly the standard? to allow wide distribution, review and analysis. + +(Originally on Twitter: [Sun Nov 18 16:18:43 +0000 2018](https://twitter.com/adulau/status/1064191179770785793)) +---- +RT @_saadk: Hey @adulau, I think that #TheArtofGettingLost has many similarities with the Programming Motherfucker model. The P in PMF can… + +(Originally on Twitter: [Mon Nov 19 05:27:54 +0000 2018](https://twitter.com/adulau/status/1064389782992822273)) +---- +@_saadk You are indeed right, there are similarities. The major one is to face the unforseen and uncertainty in any act you do. We often learn to be scared by the unknown but the PMF model is there to jump into it and embrace the essential mysteries of life, photography and programming. + +(Originally on Twitter: [Mon Nov 19 05:43:07 +0000 2018](https://twitter.com/adulau/status/1064393611415040006)) +---- +RT @Blackhoodie_RE: Most of the #blackhoodie18 talks are now online! Check it out: https://www.blackhoodie.re/schedule/abstracts + +(Originally on Twitter: [Tue Nov 20 18:45:02 +0000 2018](https://twitter.com/adulau/status/1064952777443631107)) +---- +@ClausHoumann @Aristot73 + + +media/1065636883089317889-Dsnmm2qXQAEb8fv.mp4 + +(Originally on Twitter: [Thu Nov 22 16:03:26 +0000 2018](https://twitter.com/adulau/status/1065636883089317889)) +---- +@alexanderjaeger @rafi0t BASF chemical plant? + +(Originally on Twitter: [Thu Nov 22 17:17:46 +0000 2018](https://twitter.com/adulau/status/1065655591081783303)) +---- +RT @MISPProject: So if you are a security provider or vendor, share your security reports in @MISPProject open format, this can help everyo… + +(Originally on Twitter: [Thu Nov 22 21:57:15 +0000 2018](https://twitter.com/adulau/status/1065725926783311872)) +---- +@Iglocska @alexanderjaeger @rafi0t It’s not a him. A nice way to spot a GRU agent on the field by the way... + +(Originally on Twitter: [Fri Nov 23 08:49:33 +0000 2018](https://twitter.com/adulau/status/1065890082958336000)) +---- +RT @MISPProject: "Privacy-friendly threat detection using DNS" an interesting master research performed at @SURFnet where Bloom filters wer… + +(Originally on Twitter: [Sun Nov 25 11:35:52 +0000 2018](https://twitter.com/adulau/status/1066656711937806336)) +---- +@k8em0 At the office, we have CDG in the filter list. At the office, the statistics of luggages lost, stolen or delayed is so huge that we had an integer overflow. + +(Originally on Twitter: [Sun Nov 25 15:34:28 +0000 2018](https://twitter.com/adulau/status/1066716758814412802)) +---- +@0xtf I'm tempted to setup a honeypot with a funky .git/config which could abuse the git client using it ;-) + +(Originally on Twitter: [Sun Nov 25 22:45:29 +0000 2018](https://twitter.com/adulau/status/1066825226317635586)) +---- +deux blaireaux adultes morts sur la route entre Les Bulles et Rossignol/Tintigny car ils sont coincés par la clôture “protège ton industrie porcine intensive”... @natagora @ParlWallonie + +(Originally on Twitter: [Mon Nov 26 06:10:46 +0000 2018](https://twitter.com/adulau/status/1066937285705388032)) +---- +RT @MISPProject: MISP 2.4.98 has been released with new features such as improved UI consistency (attributes search output), improved valid… + +(Originally on Twitter: [Mon Nov 26 14:00:18 +0000 2018](https://twitter.com/adulau/status/1067055450334609409)) +---- +"Shedding Light on the Dark Corners of the Internet: A Survey of Tor Research" A good state-of-the-art about the various attacks (academic papers) targeting @torproject https://arxiv.org/pdf/1803.02816.pdf ![](media/1067178508395327488-Ds9g_gbX4AEmxDf.jpg) + +(Originally on Twitter: [Mon Nov 26 22:09:18 +0000 2018](https://twitter.com/adulau/status/1067178508395327488)) +---- +@cocaman @bad_packets I'm quite impressed by the volume of some ransom collection performed by those extortion groups compared to the initial investment required for sending the mails. @blackswanburst I have the perception the financial gain is higher than ransomware. Maybe something to investigate? ![](media/1067375877535776768-DtATsP1XoAUZVgk.jpg) + +(Originally on Twitter: [Tue Nov 27 11:13:34 +0000 2018](https://twitter.com/adulau/status/1067375877535776768)) +---- +@martijn_grooten Usually they take random phones from the audience or surrounding who attach to their base station. Not sure what's the worst demo. + +(Originally on Twitter: [Tue Nov 27 11:53:14 +0000 2018](https://twitter.com/adulau/status/1067385857257164800)) +---- +@cudeso Your cat wants to enter some events with suspicious cats in @MISPProject + +(Originally on Twitter: [Tue Nov 27 13:40:38 +0000 2018](https://twitter.com/adulau/status/1067412887428317184)) +---- +RT @r00tbsd: With Sir @SecurityBeard we published our work concerning #DNSpionage. Our paper contains 2 differents events: +--> a malware t… + +(Originally on Twitter: [Tue Nov 27 15:27:37 +0000 2018](https://twitter.com/adulau/status/1067439809935884289)) +---- +@r00tbsd @SecurityBeard "mea.aro" is the typo intended in the blog post about the MEA certificate? or is it the domain "http://mea.aero" ? which makes more sense because the NS records are pointing to "http://ans3.terra.net.lb" + +(Originally on Twitter: [Tue Nov 27 16:57:58 +0000 2018](https://twitter.com/adulau/status/1067462548868538368)) +---- +RT @MISPProject: If you can help and/or support @MISPProject @TheHive_Project do it. Just don't forget we are a community of kind people t… + +(Originally on Twitter: [Wed Nov 28 06:11:09 +0000 2018](https://twitter.com/adulau/status/1067662157473619974)) +---- +"OpenBGPD - Adding Diversity to the Route Server Landscape" +https://labs.ripe.net/Members/claudio_jeker/openbgpd-adding-diversity-to-route-server-landscape A great news to see improvement in OpenBGPD to support the network and security community and also a clever use of funding from @RIPE_NCC to improve free/open source software. + +(Originally on Twitter: [Wed Nov 28 11:29:24 +0000 2018](https://twitter.com/adulau/status/1067742250581536768)) +---- +@Medor_mag c’est normal la pub @NostalgieBE dans le medor numero 13... ce n’est pas vraiment une ong ou une société à finalité sociale ? en plus la typographie de cette pub tue le beau travail de l'équipe. + +(Originally on Twitter: [Wed Nov 28 21:11:07 +0000 2018](https://twitter.com/adulau/status/1067888642947977216)) +---- +RT @RidT: One more: @juanandres_gs says gimmicky frameworks like the kill chain or the pyramid of pain remove intelligence analysts from th… + +(Originally on Twitter: [Wed Nov 28 21:22:53 +0000 2018](https://twitter.com/adulau/status/1067891602956476416)) +---- +@honey4free If you have any ideas for improvement in misp, let us know. + +(Originally on Twitter: [Thu Nov 29 06:06:53 +0000 2018](https://twitter.com/adulau/status/1068023470771056641)) +---- +@honey4free It’s indeed something we are trying to solve but it’s a hard problem. We some theoretical ideas and are currently prototyping some implementations based on this https://arxiv.org/abs/1803.11052 but it’s still experimental. + +(Originally on Twitter: [Thu Nov 29 17:38:56 +0000 2018](https://twitter.com/adulau/status/1068197631686582273)) +---- +RT @1sand0s: Quite a detailed explanation with a clear tendency to disclosure. + +Only thing I miss in the explanation is what happens to vu… + +(Originally on Twitter: [Thu Nov 29 21:06:57 +0000 2018](https://twitter.com/adulau/status/1068249982673784832)) +---- +RT @MISPProject: We are building a list of all the software (open source and proprietary), products or devices using/reusing MISP taxonomie… + +(Originally on Twitter: [Sat Dec 01 11:02:14 +0000 2018](https://twitter.com/adulau/status/1068822577248903168)) +---- +@belathoud Ils ne comprennent même pas qu'ils détruisent leur investissement (via la taxation) dans la culture qui est une source financière significative pour l'économie française. Ils vont donc le payer trois fois plus... entre (), la rétrospective de Diane Arbus était superbe. + +(Originally on Twitter: [Sat Dec 01 18:51:30 +0000 2018](https://twitter.com/adulau/status/1068940671762006016)) +---- +Wondering why some organisations are disabling in hardware the embedded microphone in their laptops? Maybe this could be a good reason https://github.com/ggerganov/kbd-audio/blob/master/README.md + +(Originally on Twitter: [Mon Dec 03 07:06:36 +0000 2018](https://twitter.com/adulau/status/1069488051704004608)) +---- +@snazmeister I’m curious about very noisy environment such as conference or large open space. + +(Originally on Twitter: [Mon Dec 03 07:13:08 +0000 2018](https://twitter.com/adulau/status/1069489697578201088)) +---- +@snazmeister This is neat when someone enters a passphrase and a password. Even if this is containing errors, it will help a lot for an exhaustive search or brute force against a hash or an encrypted block. + +(Originally on Twitter: [Mon Dec 03 07:17:57 +0000 2018](https://twitter.com/adulau/status/1069490906884161537)) +---- +RT @circl_lu: "ChipsBank UMPTool saves the password to the NAND with a simple substitution cipher, which allows attackers to get full acces… + +(Originally on Twitter: [Mon Dec 03 14:07:45 +0000 2018](https://twitter.com/adulau/status/1069594037143912448)) +---- +RT @rw_access: @adulau @dez_ I don't know if you caught the update, but EQL is now available! +https://github.com/endgameinc/eql + +(Originally on Twitter: [Tue Dec 04 06:07:23 +0000 2018](https://twitter.com/adulau/status/1069835538474119170)) +---- +@Frikkylikeme @TheHive_Project @MISPProject @MITREattack In MISP, you can directly use the matrix to add ATT&CK techniques and/or the galaxy name. All the galaxies are exported and accessible via API. This is shared via standard MISP format between MISP instances. ![](media/1069973829391474688-DtlO4VCXgAAXJzh.jpg) + +(Originally on Twitter: [Tue Dec 04 15:16:54 +0000 2018](https://twitter.com/adulau/status/1069973829391474688)) +---- +@Frikkylikeme @TheHive_Project @MISPProject @MITREattack Sure, we have new features at each release (every 3-4 weeks). We are trying to keep up. Feel free to update regularly ;-) and new ideas are more than welcome. + +(Originally on Twitter: [Tue Dec 04 15:33:04 +0000 2018](https://twitter.com/adulau/status/1069977896574484480)) +---- +RT @MITREattack: You asked, we listened. Our sister project, Cyber Analytics Repository (CAR), was migrated to Github as we start to reinvi… + +(Originally on Twitter: [Tue Dec 04 21:28:58 +0000 2018](https://twitter.com/adulau/status/1070067463717576704)) +---- +@fanf42 The free-rider “problem” +is not a problem is where you’ll get your next contributors. Diversity is coming from +the free-riders and free software/open source is actively relying on these. Game theory is often not complete to describe a model which is more closer to biology. + +(Originally on Twitter: [Tue Dec 04 21:36:21 +0000 2018](https://twitter.com/adulau/status/1070069318908551169)) +---- +@LucDockendorf @S_Team_Approved @wide_lu @CoderDojo @CoderDojoLu @BEECreative_ @MICSELu Indeed this is a very good point. There is kind of summary on this page (per age - merits/scope is missing) https://en.m.wikipedia.org/wiki/List_of_educational_programming_languages and https://www.codecamp.com.au/blog/20-best-programming-languages-kids . I think we are missing some real surveys (from the children perspective) of the educational programming languages. + +(Originally on Twitter: [Wed Dec 05 07:25:43 +0000 2018](https://twitter.com/adulau/status/1070217639002337280)) +---- +@alexanderjaeger @Timo_Steffens We are also asking various vendors to have a @mispproject event attached to an OSINT report to add additional context, timestamps and relationships. @ESET does it for example. The others should ;-) + +(Originally on Twitter: [Wed Dec 05 15:44:54 +0000 2018](https://twitter.com/adulau/status/1070343262144204802)) +---- +RT @dnsoarc: The Call for Presentations #CfP for .@dnsoarc #OARC30 (12-13 May 2019, #Bangkok) is now open. If you would like to present som… + +(Originally on Twitter: [Wed Dec 05 15:59:13 +0000 2018](https://twitter.com/adulau/status/1070346865479163904)) +---- +RT @Edinburgh2600: .@blackswanburst kicking off the last meetup of the year with Risk & Ransomware. A talk based on research with the aweso… + +(Originally on Twitter: [Wed Dec 05 16:11:00 +0000 2018](https://twitter.com/adulau/status/1070349831959388160)) +---- +RT @MISPProject: MISP 2.4.99 has been released including a critical security vulnerability fix (thanks to @FxStellamans from NCI Agency Cyb… + +(Originally on Twitter: [Thu Dec 06 14:59:41 +0000 2018](https://twitter.com/adulau/status/1070694272125546497)) +---- +@SoleilGeorges C'est sûrement l'objectif 17 qui fait sautiller (le plus?) l’extrême droite en Belgique et en Europe. Le pacte est clairement en ligne avec les bonnes pratiques des pays démocratiques... ![](media/1070716878740434945-Dtvv5McWsAAKo34.jpg) + +(Originally on Twitter: [Thu Dec 06 16:29:31 +0000 2018](https://twitter.com/adulau/status/1070716878740434945)) +---- +RT @x0rz: Here is my small recap on the current #GiletsJaunes interference going on, there is far more to uncover but this is where to star… + +(Originally on Twitter: [Thu Dec 06 16:53:34 +0000 2018](https://twitter.com/adulau/status/1070722929468559361)) +---- +I have this strong feeling that the pseudo random generator software for the security checks at the airports will not pass the statistical test suite of NIST 800-22. #securitycircus + +(Originally on Twitter: [Fri Dec 07 07:53:24 +0000 2018](https://twitter.com/adulau/status/1070949381560565761)) +---- +@eurocontrol Just curious, what is a flight check procedure? and why this is causing delay for other flights? + +(Originally on Twitter: [Fri Dec 07 08:15:41 +0000 2018](https://twitter.com/adulau/status/1070954990506778625)) +---- +@Iglocska Maybe it’s related to my green jacket? Not sure about the color scale then ;-) + +(Originally on Twitter: [Fri Dec 07 08:17:24 +0000 2018](https://twitter.com/adulau/status/1070955419860959234)) +---- +@Requiem_fr Is there a reference to the law in Japan? @SteveClement do you know about it? + +(Originally on Twitter: [Fri Dec 07 19:41:50 +0000 2018](https://twitter.com/adulau/status/1071127665619410945)) +---- +"The Common Vulnerability Scoring System (CVSS) is widely misused for vulnerability prioritization and risk assessment, despite being designed to measure technical severity" Thanks to @zmanion and others to push for improvements in the standards. https://resources.sei.cmu.edu/asset_files/WhitePaper/2018_019_001_538372.pdf ![](media/1071138066146959360-Dt1uREDXcAImgEJ.jpg) + +(Originally on Twitter: [Fri Dec 07 20:23:10 +0000 2018](https://twitter.com/adulau/status/1071138066146959360)) +---- +@amuehlem Maybe we should keep the best "blackmailing vulnerabilities" in a public website? I kind of "hall-of-fame". I remember someone claiming to own a network and attached a Nessus scan of his own local system. + + +media/1071345258179506177-Dt4twPcWoAAycM5.mp4 + +(Originally on Twitter: [Sat Dec 08 10:06:28 +0000 2018](https://twitter.com/adulau/status/1071345258179506177)) +---- +@amuehlem Maybe we should add those in MISP with a special tag such as "vulnerability:disclosure-mode="silly"" and generate a static website with all the @MISPProject events matching the tag. We could dig into old tickets to find the good ones ;-) + +(Originally on Twitter: [Sat Dec 08 10:10:57 +0000 2018](https://twitter.com/adulau/status/1071346387118407680)) +---- +If you are interested into security data mining, finding leaks and information from unstructured dataset in Tor or alike, we are hosting a free/open workshop at @circl_lu about the AIL Framework https://github.com/CIRCL/AIL-framework#training (Thursday, 20 Dec) in Luxembourg + +(Originally on Twitter: [Sun Dec 09 11:29:41 +0000 2018](https://twitter.com/adulau/status/1071728586971856896)) +---- +@Dysnome_Be @circl_lu Yep via https://en.xing-events.com/ZEQWMLJ.html or via an email to info(at)circl(dot)lu - I hope this helps + +(Originally on Twitter: [Sun Dec 09 16:37:08 +0000 2018](https://twitter.com/adulau/status/1071805958173671426)) +---- +RT @TheHive_Project: Our last joint #DFIR & #CTI training with @MISPProject of this year will take place tomorrow Monday Dec, 10 in LU cour… + +(Originally on Twitter: [Sun Dec 09 17:15:24 +0000 2018](https://twitter.com/adulau/status/1071815590560579588)) +---- +@yodoesp @circl_lu Sure. We publish the slides in the AIL repository after the workshop. The previous ones are also available here: https://github.com/CIRCL/AIL-framework/tree/master/doc/presentation + +(Originally on Twitter: [Sun Dec 09 18:49:58 +0000 2018](https://twitter.com/adulau/status/1071839388294922241)) +---- +@mrmolley @MISPProject @alexanderjaeger @Timo_Steffens @ESET Interesting idea. You mean metadata in the PDF being an event in the MISP format which could be ingested by default. I like the idea. + +(Originally on Twitter: [Mon Dec 10 17:03:12 +0000 2018](https://twitter.com/adulau/status/1072174906920632320)) +---- +@Vecchi_Paolo Indeed, we are missing a lot of factual information about the specific vulnerabilities or design flaws which make this vendor worst than the other vendors. + +(Originally on Twitter: [Mon Dec 10 17:13:18 +0000 2018](https://twitter.com/adulau/status/1072177450023555078)) +---- +@r00tbsd I see some use-cases. + +(Originally on Twitter: [Mon Dec 10 18:29:59 +0000 2018](https://twitter.com/adulau/status/1072196745579388929)) +---- +This question exists for years. Where IT security should be located? I think it’s not a matter of putting a box somewhere in the hierarchy. It’s really having infosecurity in each dept and not in a single babel tower. +https://mobile.twitter.com/MalwareJake/status/1072476494243483648 + +(Originally on Twitter: [Wed Dec 12 06:40:22 +0000 2018](https://twitter.com/adulau/status/1072742942673174528)) +---- +RT @abuse_ch: Congratulation @online_fr: you just became the worlds top malware hosting network with an average takedown time of 12 days (!… + +(Originally on Twitter: [Wed Dec 12 07:12:32 +0000 2018](https://twitter.com/adulau/status/1072751037600157696)) +---- +RT @cbrocas: @hack_it_n @ENSEIRBMATMECA EN version of the CertStreamMonitor talk given during @hack_it_n conference. Goal: use of#certifica… + +(Originally on Twitter: [Thu Dec 13 06:50:11 +0000 2018](https://twitter.com/adulau/status/1073107801659113473)) +---- +While testing @MISPProject back-end correlation with mail_to_misp https://github.com/MISP/mail_to_misp, we collect a large set of spam from spammers, spear-phishers and funky adversaries . But it seems a French retailers is spamming actively during the past months... ![](media/1073324303607836677-DuUw1grWoAEeh7Q.jpg) + +(Originally on Twitter: [Thu Dec 13 21:10:30 +0000 2018](https://twitter.com/adulau/status/1073324303607836677)) +---- +@CryptoPartyRNS @MISPProject Sure. It's huge ;-) I can make some dump of the samples. + +(Originally on Twitter: [Thu Dec 13 21:38:08 +0000 2018](https://twitter.com/adulau/status/1073331261345853441)) +---- +RT @brehonisbest: PM of Luxembourg - No deal ? So what? Brexit is your choice not mine ... 👏👏😎 + + +media/1073582587178819585-CRzkthkIEkKr41Ko.mp4 + +(Originally on Twitter: [Fri Dec 14 14:16:49 +0000 2018](https://twitter.com/adulau/status/1073582587178819585)) +---- +RT @circl_lu: We still have some slots available for the AIL Framework - Analysis Information Leak framework open/free workshop - training… + +(Originally on Twitter: [Sat Dec 15 09:01:14 +0000 2018](https://twitter.com/adulau/status/1073865555940122624)) +---- +I do not subscribe to this point of view claiming that large European integration projects are stuck. A lot of citizen and organisations are supporting and creating European integration projects on a day-to-day. Maybe we forget to show what works. +https://twitter.com/lalibrebe/status/1073828530310414336 + +(Originally on Twitter: [Sat Dec 15 09:05:56 +0000 2018](https://twitter.com/adulau/status/1073866736095649792)) +---- +I have this bad feeling that a lot of academic papers and books behind paywalls hide to avoid critics and public evaluation. + + +media/1074062447198253056-DufWDvgX4AE3i-S.mp4 + +(Originally on Twitter: [Sat Dec 15 22:03:37 +0000 2018](https://twitter.com/adulau/status/1074062447198253056)) +---- +@metaconflict @malteand @sectest9 A spinach soup ;-) + +(Originally on Twitter: [Sun Dec 16 14:10:07 +0000 2018](https://twitter.com/adulau/status/1074305675667357697)) +---- +Remember the AOL search dataset story in 2006? I'm curious what will be the result after the "FFHQ dataset" release, especially the questions about the classifications and its potential misclassification? ![](media/1074314016384843777-Dui5kISWkAExDZe.jpg) + +(Originally on Twitter: [Sun Dec 16 14:43:15 +0000 2018](https://twitter.com/adulau/status/1074314016384843777)) +---- +@certbund @0x3c7 Interesting. Do you have a yearly graph? To check if we see a positive evolution on the long run. Thanks a lot for the work. + +(Originally on Twitter: [Tue Dec 18 14:31:05 +0000 2018](https://twitter.com/adulau/status/1075035726960582657)) +---- +@Aristot73 @_snagg and the obligatory “people taking pictures”. ![](media/1075083328112484353-Dut2lC4WkAE36lQ.jpg) + +(Originally on Twitter: [Tue Dec 18 17:40:14 +0000 2018](https://twitter.com/adulau/status/1075083328112484353)) +---- +@InfosecGoon MISP should work if you have enough memory on the board running the MIPS CPU. + +(Originally on Twitter: [Wed Dec 19 17:16:39 +0000 2018](https://twitter.com/adulau/status/1075439783592296449)) +---- +@ericgeller @GossiTheDog Are we talking about @Area1Security ? + +(Originally on Twitter: [Wed Dec 19 17:56:42 +0000 2018](https://twitter.com/adulau/status/1075449860449550336)) +---- +@m0nster847 Case management for us is still done with RTIR (pgp support and tracking large email exchanges) but the rest is done in MISP and TheHive can be easily combine for the threat hunting part. We developed misp-takedown to support takedown between MISP & RTIR +https://github.com/MISP/misp-takedown/blob/master/README.md + +(Originally on Twitter: [Thu Dec 20 06:28:53 +0000 2018](https://twitter.com/adulau/status/1075639155030405120)) +---- +RT @droethlisberger: #cdhash attribute support landed in @MISPProject development branch, a step towards enabling effective macOS indicator… + +(Originally on Twitter: [Thu Dec 20 06:31:29 +0000 2018](https://twitter.com/adulau/status/1075639809421574145)) +---- +@cudeso Indeed, dnstap should be default everywhere. + +(Originally on Twitter: [Thu Dec 20 08:30:10 +0000 2018](https://twitter.com/adulau/status/1075669676271788032)) +---- +RT @treyka: While there are still a few plenary talks still to be added, all of the trainings and workshops, and 95% of the plenary track t… + +(Originally on Twitter: [Thu Dec 20 20:18:37 +0000 2018](https://twitter.com/adulau/status/1075847964210413568)) +---- +RT @rh0main: Here is a small utility to read custom structures in Tencent "libshell" Packer: https://github.com/romainthomas/tencent_packer ![](media/1075852314454437888-DuMxj7EWoAQlML4.jpg) + +(Originally on Twitter: [Thu Dec 20 20:35:54 +0000 2018](https://twitter.com/adulau/status/1075852314454437888)) +---- +Limiting our culture biases in threat intelligence is difficult but we are trying. Can we get more contributions from country such as Russia, China or other under represented countries to extend the activity groups or threat actors knowledge? #ThreatIntel https://twitter.com/MISPProject/status/1075856161860149248 + +(Originally on Twitter: [Thu Dec 20 21:15:00 +0000 2018](https://twitter.com/adulau/status/1075862152550993921)) +---- +Seeing tourists in the train drinking cheap and crappy white wine in the bottle is still ok but then they started to drink Bofferding “beer” right after... + + +media/1076158512143745030-Du9IdIqWkAAuCNw.mp4 + +(Originally on Twitter: [Fri Dec 21 16:52:38 +0000 2018](https://twitter.com/adulau/status/1076158512143745030)) +---- +"The rating system in its earlier stages may tend to remove exactly those you want at a later stage. popularity of a form of measurement has little relationship to its accuracy or relevance to the organization. " +Random Notes from R. W. Hamming. + +(Originally on Twitter: [Fri Dec 21 20:50:25 +0000 2018](https://twitter.com/adulau/status/1076218354115989510)) +---- +RT @cyb3rops: I’m still collecting evidence for the #OilRig > #Chafer attribution error that started with C2 infrastructure overlaps (which… + +(Originally on Twitter: [Sat Dec 22 07:53:02 +0000 2018](https://twitter.com/adulau/status/1076385105264947200)) +---- +@pinkflawd Looks very good. By the way, the goat cheese and Belgian chocolate are missing... but this could be easily solved. + +(Originally on Twitter: [Sat Dec 22 09:06:41 +0000 2018](https://twitter.com/adulau/status/1076403642981339138)) +---- +RT @likethecoins: I want a list of all "cyber" indictments from the US DOJ and couldn't find one. Here are the 11 I have so far…which am I… + +(Originally on Twitter: [Sat Dec 22 13:35:56 +0000 2018](https://twitter.com/adulau/status/1076471402843262976)) +---- +@y0m @RidT Will you do a review? I'm curious how you'll introduce some jokes in the review ;-) + +(Originally on Twitter: [Sat Dec 22 18:47:24 +0000 2018](https://twitter.com/adulau/status/1076549785035984897)) +---- +I just read "Solving Cyber Risk" by @blackswanburst & others. The book is a great insight into risk and information security. During my compulsive reading, I found an interesting taxonomy for data classification & it's now a @MISPProject taxonomy https://www.misp-project.org/taxonomies.html#_data_classification ![](media/1076560934385139712-DvC0HClW0AUzGus.jpg) + +(Originally on Twitter: [Sat Dec 22 19:31:42 +0000 2018](https://twitter.com/adulau/status/1076560934385139712)) +---- +If you are curious about my reading techniques, I abuse small bookmarks like crazy, take notes on those and in the book (yep, I'm writing in my books). The bookmarks help me to keep track of the stuff to lookup or verify or do based on the book content. + +(Originally on Twitter: [Sat Dec 22 19:37:23 +0000 2018](https://twitter.com/adulau/status/1076562363057348608)) +---- +When I finished reading the book (or the part I'm interested in), I'll record it in @librarythingtim LibraryThing (for the curious https://www.librarything.com/catalog/adulau/allcollections) and then try to find a place in my overloaded library. + +(Originally on Twitter: [Sat Dec 22 19:43:41 +0000 2018](https://twitter.com/adulau/status/1076563949229875202)) +---- +@belathoud Of course, my readings are often paper-based. I use sometime my Kindle when travelling to read books only accessible via the Amazon DRM-based library. But writing with a pencil on a Kindle screen is not so efficient... + +(Originally on Twitter: [Sat Dec 22 19:52:51 +0000 2018](https://twitter.com/adulau/status/1076566255446966272)) +---- +So don’t request CVE numbers via NIST. Check your favorite CNA for the time being... +https://mobile.twitter.com/Meltem_STuran/status/1076470935883075585 + +(Originally on Twitter: [Sun Dec 23 12:03:02 +0000 2018](https://twitter.com/adulau/status/1076810410156797953)) +---- +@AbderEm @Iglocska It seems so. + +(Originally on Twitter: [Sun Dec 23 12:59:09 +0000 2018](https://twitter.com/adulau/status/1076824533678604289)) +---- +How private is a review from a conference submission? I would like to share one interesting negative review in a set of slides to bootstrap a discussion. I was wondering about the best practices in this case... + +(Originally on Twitter: [Mon Dec 24 21:24:33 +0000 2018](https://twitter.com/adulau/status/1077314107844579330)) +---- +@cryptax I mean as a submitter of a paper who got a review. I haven't seen many clear rules about the level of confidentiality of a review. For example, if we do a Q&A at the end of a paper based on the reviews, It will be public. + +(Originally on Twitter: [Mon Dec 24 21:40:18 +0000 2018](https://twitter.com/adulau/status/1077318072791453696)) +---- +@bondankit07 ;-) In my specific case, I would like to use the review as a way to start the overall presentation about the topic. But It's very difficult to find any reference about the licensing/rights regarding the reviews in many conferences. + +(Originally on Twitter: [Mon Dec 24 21:47:20 +0000 2018](https://twitter.com/adulau/status/1077319839851663360)) +---- +"Do You See What I See? Detecting Hidden Streaming Cameras Through Similarity of Simultaneous Observation" - http://faculty.washington.edu/lagesse/publications/SSO.pdf #privacy #CCTV #passiveanalysis ![](media/1077549083831816192-DvQ4VnvXcAEMhZ4.jpg) + +(Originally on Twitter: [Tue Dec 25 12:58:16 +0000 2018](https://twitter.com/adulau/status/1077549083831816192)) +---- +RT @MISPProject: After years of informal use of the "type:osint" tag, we decided to finally make a type taxonomy to include all types of in… + +(Originally on Twitter: [Tue Dec 25 15:12:32 +0000 2018](https://twitter.com/adulau/status/1077582872876404736)) +---- +@RealSardonicus I should not touch the reserve of knives. + +(Originally on Twitter: [Tue Dec 25 16:04:32 +0000 2018](https://twitter.com/adulau/status/1077595959318728706)) +---- +@AshokaMody Don't forget that using patent as a comparative metric can be a weak indicator due to the major differences between the national applications of the patent system. Cf. https://open.mitchellhamline.edu/facsch/138/ + +(Originally on Twitter: [Tue Dec 25 16:13:47 +0000 2018](https://twitter.com/adulau/status/1077598290366087168)) +---- +@rafi0t I would propose you to take a regular train ride in Belgium using @SNCB equipments and "broken" will take a complete different scale for you. + + +media/1077996636947824641-DvXQDsXWkAACsy_.mp4 + +(Originally on Twitter: [Wed Dec 26 18:36:41 +0000 2018](https://twitter.com/adulau/status/1077996636947824641)) +---- +RT @MISPProject: If you are at #35c3 and want to meet and discuss about the MISP project with one of our core members - @rafi0t is there an… + +(Originally on Twitter: [Thu Dec 27 08:46:14 +0000 2018](https://twitter.com/adulau/status/1078210435650867200)) +---- +"Quantifying the Security of Recognition Passwords: Gestures and Signatures" https://arxiv.org/pdf/1812.09410.pdf An interesting paper about distribution of recognition passwords and they found a way to express a partial guessing metric for such password scheme. #password #infosec ![](media/1078219465492480001-DvaaDlJW0AIC9l7.jpg) + +(Originally on Twitter: [Thu Dec 27 09:22:07 +0000 2018](https://twitter.com/adulau/status/1078219465492480001)) +---- +@lukOlejnik This case is indeed useful to show the risk of unmaintained code and why security review of old code is as important as new application/software to be released in production. ![](media/1078225605483737088-DvafwnXX4AU8WFV.jpg) + +(Originally on Twitter: [Thu Dec 27 09:46:31 +0000 2018](https://twitter.com/adulau/status/1078225605483737088)) +---- +RT @remco_verhoef: Hey @ccc, trying to exploit Cisco Smart Install (port 4786) switches, tftp upload running-config to remote? 😭😭 --copy sy… + +(Originally on Twitter: [Thu Dec 27 14:21:56 +0000 2018](https://twitter.com/adulau/status/1078294915413626880)) +---- +RT @DerWouter: @johnsifton @bellingcat @nytimes @Choire @SamSifton @EliotHiggins They're quite poor at OPSEC. Feb 2017. "SRO Book" on Fly… + +(Originally on Twitter: [Fri Dec 28 17:46:44 +0000 2018](https://twitter.com/adulau/status/1078708843603992577)) +---- +RT @msuiche: .@OPCDE 2019 CALL FOR PAPER: https://emirates.opcde.com/call-for-papers/ + +One week left! + +(Originally on Twitter: [Sat Dec 29 12:04:36 +0000 2018](https://twitter.com/adulau/status/1078985132873302016)) +---- +RT @MISPProject: We just released the complete source code of all the MISP training materials https://github.com/MISP/misp-training a collaborative effo… + +(Originally on Twitter: [Sun Dec 30 09:39:42 +0000 2018](https://twitter.com/adulau/status/1079311052142243845)) +---- +Funny CVE of the day when the summary fits the encoded PoC file of the vulnerability. CVE-2018-20584 +https://cve.circl.lu/cve/CVE-2018-20584 ![](media/1079325905804234752-DvqJAVeW0AAEH9X.jpg) + +(Originally on Twitter: [Sun Dec 30 10:38:43 +0000 2018](https://twitter.com/adulau/status/1079325905804234752)) +---- +@VessOnSecurity https://joinup.ec.europa.eu/sites/default/files/document/2018-10/SC254_FOSSA_WP4%20DLV6_Software%20Inventory.v1.0.pdf regarding the background and how the selection was done. + +(Originally on Twitter: [Sun Dec 30 10:57:32 +0000 2018](https://twitter.com/adulau/status/1079330639965491205)) +---- +RT @alexanderjaeger: 2015, @blackswanburst and @adulau spoke about passiveSSL at @FIRSTdotOrg. Today I combined passiveSSL (@circl_lu) with… + +(Originally on Twitter: [Sun Dec 30 22:16:54 +0000 2018](https://twitter.com/adulau/status/1079501611192340480)) +---- +@alexanderjaeger @blackswanburst @FIRSTdotOrg @circl_lu @virustotal This is really nice! This is maybe triggering @blackswanburst and myself to make a talk about our next passive collection method... + +(Originally on Twitter: [Sun Dec 30 22:23:35 +0000 2018](https://twitter.com/adulau/status/1079503290314964993)) +---- +RT @MISPProject: A query builder (and we are still in 2018) has been added in MISP to ease the creation of queries for the search API (part… + +(Originally on Twitter: [Mon Dec 31 14:41:32 +0000 2018](https://twitter.com/adulau/status/1079749399348166656)) +---- +I just made a donation to @arxiv http://arxiv.org in memory of @hintjens . https://arxiv.org/help/donate because knowledge should be freely accessible and without paywalls. ![](media/1079756346030022659-DvwO0ceWoAAhIt7.jpg) + +(Originally on Twitter: [Mon Dec 31 15:09:08 +0000 2018](https://twitter.com/adulau/status/1079756346030022659)) +---- +@hanno From the standard document, "Executable and Linking Format" but the title of the document is "Executable and Linkable Format". If term frequency wins, the German version is correct. http://refspecs.linuxbase.org/elf/TIS1.1.pdf ![](media/1079760557727801350-DvwUKb2W0AIW91_.jpg) + +(Originally on Twitter: [Mon Dec 31 15:25:52 +0000 2018](https://twitter.com/adulau/status/1079760557727801350)) +---- +RT @MISPProject: Happy new year! MISP 2.4.100 released with many improvements such as the nifty query builder, UI refinements, new data typ… + +(Originally on Twitter: [Tue Jan 01 11:02:12 +0000 2019](https://twitter.com/adulau/status/1080056589745311744)) +---- +@keydet89 It’s an interesting question. Can distributed link tracking help? Especially from source known or managed by a contractor? Time of creation could help too depending of contractor working times. + +(Originally on Twitter: [Tue Jan 01 15:08:33 +0000 2019](https://twitter.com/adulau/status/1080118586780340224)) +---- +@keydet89 Indeed that would be a strong factor. I remember a specific “contractor”/dept who used the same naming scheme for mutexes with a hmac value for each “customer” in a fixed format. + +(Originally on Twitter: [Tue Jan 01 15:20:59 +0000 2019](https://twitter.com/adulau/status/1080121717605978112)) +---- +@keydet89 Concerning distributed link tracking, this seems underused and maybe some default forensic tools skip this info. Do you know some tools actively using ole/distributed link tracking object? + +(Originally on Twitter: [Tue Jan 01 15:23:15 +0000 2019](https://twitter.com/adulau/status/1080122288266203138)) +---- +RT @keydet89: @adulau My thinking was along the lines of this: http://windowsir.blogspot.com/2019/01/lnk-toolmarks-revisted.html + +Two campaigns, 2 yrs apart, LNK files with very sim… + +(Originally on Twitter: [Tue Jan 01 15:23:55 +0000 2019](https://twitter.com/adulau/status/1080122456495587328)) +---- +@jfslowik @bartmallio @likethecoins Maybe one day I should write a book how you can kill or fuck up any data format by designing it in a committee and do vendor voting to add a bloody field. + +(Originally on Twitter: [Fri Jan 04 16:27:04 +0000 2019](https://twitter.com/adulau/status/1081225508350763008)) +---- +RT @ErikaMagonara: Thanks @MISPProject' team for all your work! 👏 + @Cybersec_EU https://twitter.com/MISPProject/status/1080747045496016896 + +(Originally on Twitter: [Sat Jan 05 09:16:06 +0000 2019](https://twitter.com/adulau/status/1081479441174482944)) +---- +"Strengthening the EU’s Cyber Defence Capabilities" by @CEPS_thinktank is a compelling read (some omissions on the practical aspects but it's to be expected from high-level publication). An opportunity for EU to build an EU defence posture on its own. https://www.ceps.eu/system/files/CEPS_TFR%20on%20Cyber%20Defence_1.pdf ![](media/1081591409189314561-DwKSNhAXQAAheC3.jpg) + +(Originally on Twitter: [Sat Jan 05 16:41:01 +0000 2019](https://twitter.com/adulau/status/1081591409189314561)) +---- +@belathoud @neu5ron @circl_lu The original implementation (7 years ago) done for the @CanSecWest talk is available https://github.com/adulau/pdns-toolkit/tree/master/pdns-server - if you want an internal ready-to-use software https://github.com/gamelinux/passivedns is a really good local passive dns. If you have further question, don't hesitate. + +(Originally on Twitter: [Sat Jan 05 20:57:09 +0000 2019](https://twitter.com/adulau/status/1081655865814470656)) +---- +RT @d4_project: When collecting IP packets from various origins, we require to do IP ASN history lookup. We release an open source project… + +(Originally on Twitter: [Sat Jan 05 21:14:46 +0000 2019](https://twitter.com/adulau/status/1081660301890764800)) +---- +@neu5ron @belathoud @circl_lu Indeed the packet capture is often the easier. https://github.com/dnstap dnstap is another option (but some effort is needed for the integration with the pdns server). I'm also using yaf (https://tools.netsa.cert.org/yaf/index.html) and dnscap. Looking it, I should write an article about this. + +(Originally on Twitter: [Sun Jan 06 10:18:32 +0000 2019](https://twitter.com/adulau/status/1081857542660206593)) +---- +RT @juanandres_gs: Red Dragon Hacking Team recycling last years technique against SK... +https://www.virustotal.com/gui/file/bfea2202b97d8e5fe4d18245ca86e4ce9a38d7cf3267173288646978d50f47df/ + +(Originally on Twitter: [Sun Jan 06 11:20:10 +0000 2019](https://twitter.com/adulau/status/1081873051032190976)) +---- +@Electroalex26 Un petit “./rtl_433 -a -A” ? pour voir les pulses et le decodage probable ? + +(Originally on Twitter: [Sun Jan 06 15:47:49 +0000 2019](https://twitter.com/adulau/status/1081940409356558339)) +---- +@Electroalex26 @ater49 Oui c’est de mieux en mieux. Le spectre est tellement chargé dans certaines régions que c’est plus fiable en geolocalisation qu’un signal gps... + +(Originally on Twitter: [Sun Jan 06 16:08:08 +0000 2019](https://twitter.com/adulau/status/1081945520686489600)) +---- +RT @VinceDanjean: @adulau @Electroalex26 @ater49 Si vous avez la mer ou même un fleuve a proximité vous avez les AIS dans les 162MHz (c’est… + +(Originally on Twitter: [Mon Jan 07 17:11:30 +0000 2019](https://twitter.com/adulau/status/1082323857900474368)) +---- +RT @cyb3rops: New suspicious Putty hunting rule +- How to detect a putty.exe that differs from the one published by Simon Tatham? +- Requires… + +(Originally on Twitter: [Tue Jan 08 07:03:29 +0000 2019](https://twitter.com/adulau/status/1082533230102892544)) +---- +Imagine a moral dilemma "You got a bug bounty via a platform/broker, some cash on your bank account and then no fixes appearing on the vendor side" Can the contract signed with the platform block you to report it back to the vendor or a CSIRT at the end? #dontaskmethebrokername + + +media/1082736940930220035-DwancETWsAA2w6z.mp4 + +(Originally on Twitter: [Tue Jan 08 20:32:57 +0000 2019](https://twitter.com/adulau/status/1082736940930220035)) +---- +RT @MISPProject: Based on the publication "An analysis and classification of public information security data sources used in research and… + +(Originally on Twitter: [Wed Jan 09 08:32:15 +0000 2019](https://twitter.com/adulau/status/1082917959687987201)) +---- +RT @edelahozuah: 'Free-text tagging was a nifty feature in early version of MISP but +we underestimated the creativity of the human mind' ht… + +(Originally on Twitter: [Wed Jan 09 19:05:27 +0000 2019](https://twitter.com/adulau/status/1083077309685473281)) +---- +RT @d4_project: IP ASN History released including a new Python library to query the IP ASN History public services or your own server. #Thr… + +(Originally on Twitter: [Thu Jan 10 08:44:57 +0000 2019](https://twitter.com/adulau/status/1083283541612482560)) +---- +RT @circl_lu: We did some quick statistics on the top 30 most queried CVE on http://cve.circl.lu (via the API) - it's giving an insight… + +(Originally on Twitter: [Thu Jan 10 16:44:11 +0000 2019](https://twitter.com/adulau/status/1083404146194239489)) +---- +RT @mattnotmitt: Coming soon to #CyberChef, @virustotal yara rule matching support! ![](media/1083410724649660416-DwaKb1sXQAE9yyn.jpg) + +(Originally on Twitter: [Thu Jan 10 17:10:20 +0000 2019](https://twitter.com/adulau/status/1083410724649660416)) +---- +@connorgarycarr @circl_lu One is not published in the official NVD database @usnistgov so we notified them maybe it was just a glitch in the publishing process as the CVE was published by the vendor. + +(Originally on Twitter: [Thu Jan 10 17:48:34 +0000 2019](https://twitter.com/adulau/status/1083420349310607360)) +---- +@connorgarycarr @circl_lu @usnistgov Indeed but it seems NIST NVD dept is listed as critical national security service so they might work on it. 🤞🏻We might do more stats in the future from the API usage of http://cve.circl.lu + +(Originally on Twitter: [Thu Jan 10 17:52:51 +0000 2019](https://twitter.com/adulau/status/1083421427246788608)) +---- +RT @GoogleOSS: Are you fuzzing? OSS-Fuzz, free continuous fuzzing infrastructure that we offer to open source projects, has discovered 9,00… + +(Originally on Twitter: [Fri Jan 11 06:12:21 +0000 2019](https://twitter.com/adulau/status/1083607528112644097)) +---- +RT @SmartCryptology: Great talk at #realworldcrypto of why ISO is an utterly dumb place for cryptography standardisation. + +(Originally on Twitter: [Fri Jan 11 06:53:48 +0000 2019](https://twitter.com/adulau/status/1083617956091830277)) +---- +RT @circl_lu: @Aristot73 Indeed, we did also the more complete "Information sharing and cooperation enabled by GDPR" https://t.co/upNtlaoNx… + +(Originally on Twitter: [Fri Jan 11 19:54:35 +0000 2019](https://twitter.com/adulau/status/1083814446865309696)) +---- +RT @jmichel_p: My team in Zürich is hiring experienced reverse engineers https://jmp.re/2C6WL2N +Feel free to RT or contact me if you need… + +(Originally on Twitter: [Sat Jan 12 21:28:36 +0000 2019](https://twitter.com/adulau/status/1084200496662016000)) +---- +Thanks to @zbetcheckin for the cool http://mirai.security.gives feed. It's now part of the default @MISPProject feeds. https://github.com/MISP/MISP/commit/f7fbea83533b1fc764993aba460acd93729810d2#diff-5808389bb0a23ad666896a0b14f710ebR1528 + +(Originally on Twitter: [Sun Jan 13 10:12:29 +0000 2019](https://twitter.com/adulau/status/1084392736134963205)) +---- +@matthew_d_green The mirror is available at https://csrc.nist.rip/ relying on http://archive.org ;-) + +(Originally on Twitter: [Sun Jan 13 11:13:21 +0000 2019](https://twitter.com/adulau/status/1084408050017058816)) +---- +@Aristot73 "name and shame"(tm) + +(Originally on Twitter: [Sun Jan 13 11:21:44 +0000 2019](https://twitter.com/adulau/status/1084410162486669313)) +---- +RT @MISPProject: the hassh and hasshserver fingerprint (to easily fingerprint SSH servers and clients) is now a default type (https://t.co/… + +(Originally on Twitter: [Sun Jan 13 11:43:43 +0000 2019](https://twitter.com/adulau/status/1084415692848488448)) +---- +RT @Aristot73: Thomas D. Hunt, “The Internet of Buildings”: Insurance of Cyber Risks for Commercial Real Estate, 71 Okla. L. Rev. 397 (2019… + +(Originally on Twitter: [Sun Jan 13 11:53:01 +0000 2019](https://twitter.com/adulau/status/1084418034545147904)) +---- +RT @d4_project: First alpha version of a D4 sensor (using the @golang D4 client) and especially the D4 encapsulation protocol streaming a n… + +(Originally on Twitter: [Mon Jan 14 16:11:23 +0000 2019](https://twitter.com/adulau/status/1084845442800734210)) +---- +@deresz666 Belgian surrealism rules forever. ![](media/1084851712299536384-Dw4q4ScXcAEPKwF.jpg) + +(Originally on Twitter: [Mon Jan 14 16:36:18 +0000 2019](https://twitter.com/adulau/status/1084851712299536384)) +---- +It's lovely when a proprietary vendor registers as keyword the "http://misp-project.org" domain for their search advertising. They must be desperate. + + +media/1085294078139514881-Dw-8mG9WwAI9KWh.mp4 + +(Originally on Twitter: [Tue Jan 15 21:54:06 +0000 2019](https://twitter.com/adulau/status/1085294078139514881)) +---- +@F_kZ_ It's so funny ;-) But the mature vendors understood, years ago, that security teams use various software (open source and proprietary) and standards together to match what they practically need to do their job. Diversity is great. + +(Originally on Twitter: [Tue Jan 15 22:01:15 +0000 2019](https://twitter.com/adulau/status/1085295877474918403)) +---- +RT @pidgeyL: So, the other day I received this mail from a Swiss masters student. He used #CVESearch to build an NMAP plugin to scan for vu… + +(Originally on Twitter: [Tue Jan 15 22:09:40 +0000 2019](https://twitter.com/adulau/status/1085297993992024066)) +---- +Unpopular view: I think someone abusing a machine unlocked is much more disturbing than a user keeping his computer unlocked in a workspace. https://mobile.twitter.com/caseyjohnellis/status/1085418467841531904 + +(Originally on Twitter: [Wed Jan 16 06:48:56 +0000 2019](https://twitter.com/adulau/status/1085428674508308480)) +---- +Another phishing website, no tech contact details due to some clueless interpretation of the GDPR and then http://gdpr-masked.com domain used as replacement is also redacted. I see a recursive pattern... http://www.phishtank.com/phish_detail.php?phish_id=5906377 ![](media/1085492327647494144-DxBr_-nWoAAhmTo.jpg) + +(Originally on Twitter: [Wed Jan 16 11:01:53 +0000 2019](https://twitter.com/adulau/status/1085492327647494144)) +---- +@DrScriptt Yep a generic point of contact is fine. Companies name which are not name of natural persons can remain in the whois records including contact details. I think many hosters were badly advised and is just supporting attackers practices... + +(Originally on Twitter: [Wed Jan 16 19:02:35 +0000 2019](https://twitter.com/adulau/status/1085613303001501698)) +---- +@BrianPKime @MISPProject @sansforensics We won’t be but we will be at @FIC_fr 2019 next week. Next events are published at https://www.misp-project.org/events/ we hope to meet you soon. + +(Originally on Twitter: [Wed Jan 16 20:16:06 +0000 2019](https://twitter.com/adulau/status/1085631802662928385)) +---- +John Sullivan from @fsf - "Who wants you to think nobody uses the AGPL and why" this will be an interesting talk at @fosdem https://www.fsf.org/events/john-sullivan-20190202-brussels-fosdem + +(Originally on Twitter: [Thu Jan 17 12:54:54 +0000 2019](https://twitter.com/adulau/status/1085883160695619584)) +---- +RT @VK_Intel: 2019-01-16: #Gozi #ISFB v2 Banker Group +{Version: '2.17', Build: '161', Group: '3171'} +New Release w/ New Build: "January 9,… + +(Originally on Twitter: [Fri Jan 18 06:26:50 +0000 2019](https://twitter.com/adulau/status/1086147888168779776)) +---- +@mrmolley @MISPProject @CERN Yep as usual. Everything will be online and freely accessible. + +(Originally on Twitter: [Fri Jan 18 08:00:41 +0000 2019](https://twitter.com/adulau/status/1086171505497640961)) +---- +@treyka ahhh those bloody open source tools 😉 + +(Originally on Twitter: [Fri Jan 18 12:19:24 +0000 2019](https://twitter.com/adulau/status/1086236614823723010)) +---- +@arclight @treyka I did it to not look too much bias towards FLOSS ;-) + +(Originally on Twitter: [Fri Jan 18 16:56:44 +0000 2019](https://twitter.com/adulau/status/1086306405123006464)) +---- +@InfoSystir Techniques such as Passive DNS / X.509 collection, aggregation and analysis is clearly much more than « just googling » and are considered as OSINT. Scraping info from public sources to find leaks is also OSINT -> https://github.com/CIRCL/AIL-framework it’s vast including datamining. + +(Originally on Twitter: [Sat Jan 19 07:34:29 +0000 2019](https://twitter.com/adulau/status/1086527297849561088)) +---- +@msuiche If you are a large intelligence organisation doing interception and exploitation (CNE) http://ftp.hp.com is clearly a good spot. I bet the binaries are not signed and verified by the devices... + +(Originally on Twitter: [Sat Jan 19 12:00:19 +0000 2019](https://twitter.com/adulau/status/1086594197652729857)) +---- +"The Tularosa Study: An Experimental Design and Implementation to Quantify the Effectiveness of Cyber Deception" - https://scholarspace.manoa.hawaii.edu/bitstream/10125/60164/0724.pdf An interesting experiment. A small note: Deception is not only for defence but also to gather further context from unknown adversaries. ![](media/1086639546979237888-DxSDKsYWoAEeYpw.jpg) + +(Originally on Twitter: [Sat Jan 19 15:00:31 +0000 2019](https://twitter.com/adulau/status/1086639546979237888)) +---- +RT @MISPProject: The next release of MISP will include critical new features such as the tag collection feature but also a complete revamp… + +(Originally on Twitter: [Sat Jan 19 16:50:33 +0000 2019](https://twitter.com/adulau/status/1086667239191990273)) +---- +RT @UYBHYS: Retour sur #UYBHYS 2018 en vidéo > https://youtu.be/JRCpTuOIPUE +w/ @PatriceAuffret @_JLeonard @adulau @MaliciaRogue @btreguier @Sebd… + +(Originally on Twitter: [Sat Jan 19 21:58:00 +0000 2019](https://twitter.com/adulau/status/1086744611756888064)) +---- +@Unit42_Intel Thank you for sharing. The XMR address mentioned in the report is not validating a Monero address. Is there a typo? + +(Originally on Twitter: [Sat Jan 19 22:15:14 +0000 2019](https://twitter.com/adulau/status/1086748948100980736)) +---- +RT @circl_lu: What's the economical gain for an attacker to send #sextorsion emails? We review all the balances of the notified BTC address… + +(Originally on Twitter: [Sun Jan 20 10:51:29 +0000 2019](https://twitter.com/adulau/status/1086939264422764549)) +---- +RT @cocaman: Thanks to @circl_lu, @rommelfs and @adulau. Great to see value in sharing with the @MISP community! #sextortion https://t.co/w… + +(Originally on Twitter: [Sun Jan 20 11:31:26 +0000 2019](https://twitter.com/adulau/status/1086949318077100032)) +---- +@rafi0t Maybe it's a way to get rid of potential candidates. + +(Originally on Twitter: [Sun Jan 20 15:57:47 +0000 2019](https://twitter.com/adulau/status/1087016344871231488)) +---- +@rafi0t Then we are into another dimension. Or the HR dept. is just like any large corporation.... + +(Originally on Twitter: [Sun Jan 20 15:59:22 +0000 2019](https://twitter.com/adulau/status/1087016744995209216)) +---- +@rafi0t Or the disconnect is so impressive because it's a fake? + +(Originally on Twitter: [Sun Jan 20 16:00:52 +0000 2019](https://twitter.com/adulau/status/1087017123669594112)) +---- +@rafi0t We should invite them to have a booth at @hack_lu and have a CTF challenge to reverse the functional part of the black-box behind. @NSAGov Do you join international security event with a recruitment booth? + +(Originally on Twitter: [Sun Jan 20 16:09:42 +0000 2019](https://twitter.com/adulau/status/1087019347174965253)) +---- +A first testing setup of a @d4_project sensor network. Very soon, it will be very easy for everyone to build a Passive DNS sensor network or packet capture analysis or anything you like for network security monitoring. ![](media/1087027302570045440-DxXjPZwXQAAJ9JF.jpg) + +(Originally on Twitter: [Sun Jan 20 16:41:19 +0000 2019](https://twitter.com/adulau/status/1087027302570045440)) +---- +@0xtf @d4_project @circl_lu @Terrtia @MISPProject @chrisred_68 We are faster to design and implement new open source tools than reading private @gitchat ;-) Sorry if I missed the message. + +(Originally on Twitter: [Sun Jan 20 16:58:56 +0000 2019](https://twitter.com/adulau/status/1087031736104636421)) +---- +@grumpy4n6 @d4_project @circl_lu @Terrtia @MISPProject @chrisred_68 Everything you like. We have simple sensor clients in C and @golang which can be compiled on multiple targets including Raspberry Pi, *BSD, GNU/Linux... still early alpha but it works. https://github.com/D4-project + +(Originally on Twitter: [Sun Jan 20 20:10:59 +0000 2019](https://twitter.com/adulau/status/1087080066859831297)) +---- +RT @MISPProject: MISP 2.4.101 has been released with three main new features such as tag collections, improved tag/galaxy selector and the… + +(Originally on Twitter: [Sun Jan 20 21:47:31 +0000 2019](https://twitter.com/adulau/status/1087104359077429251)) +---- +@jpierre03 @d4_project @circl_lu @Terrtia @MISPProject @chrisred_68 @RIPE_Atlas Very well. I did a PDNS collector for the DNS responses collected within RIPE Atlas https://github.com/adulau/passive-dns-atlas . RIPE Atlas is a measurement platform. D4 is a collection platform (not a measurement one) for raw data including network packet capture, logs extraction or what you like. + +(Originally on Twitter: [Mon Jan 21 06:01:32 +0000 2019](https://twitter.com/adulau/status/1087228683067248641)) +---- +RT @cudeso: DNS Firewalling with @MISPProject , via @xme https://isc.sans.edu/forums/diary/DNS+Firewalling+with+MISP/24556/ + +(Originally on Twitter: [Tue Jan 22 09:27:46 +0000 2019](https://twitter.com/adulau/status/1087642973058359297)) +---- +Just discovered that @gael_duval and his team work on a complete Android fork to remove all the tracking aspects from Google and others. #privacy https://gitlab.e.foundation/e + +(Originally on Twitter: [Thu Jan 24 06:47:06 +0000 2019](https://twitter.com/adulau/status/1088327315472437248)) +---- +RT @d4_project: First (alpha) v0.1 released of the D4 client and server to build your own sensor network. More features and functionalities… + +(Originally on Twitter: [Fri Jan 25 11:49:03 +0000 2019](https://twitter.com/adulau/status/1088765689815592960)) +---- +@it4sec Do you sign such NDA or just discard it or use a fake name when signing? + +(Originally on Twitter: [Sat Jan 26 12:55:05 +0000 2019](https://twitter.com/adulau/status/1089144694850887680)) +---- +I’m always impressed how easy you can fingerprint the navigation to a newspaper website by just looking at the numbers of DNS queries in a short time frame where answers include “ads” or “track” substrings. #privacyday + +(Originally on Twitter: [Mon Jan 28 21:41:27 +0000 2019](https://twitter.com/adulau/status/1090001935061655563)) +---- +@HeleneRyckmans @ParlWallonie @PYJeholet 20 millions dans 200 projets en financement direct en Wallonie pour l’innovation, cela me semblerait plus efficace que 20 millions à l’aveugle dans une holding russe sur un secteur industriel en souffrance. + +(Originally on Twitter: [Tue Jan 29 17:14:57 +0000 2019](https://twitter.com/adulau/status/1090297256304132097)) +---- +Let me be very clear. If you don’t have a security point of contact... do not think to jump into a bug bounty program. + +(Originally on Twitter: [Tue Jan 29 20:09:25 +0000 2019](https://twitter.com/adulau/status/1090341161292705793)) +---- +After some crazy discussions at @circl_lu, @rafi0t did it. An online service to do fast lookup and verify the hashes of the default JS libraries (thanks to @cdnjs for the dataset). And the back-end software is obviously open source https://github.com/CIRCL/sanejs #dfir ![](media/1090352770329255937-DyG1n1SWoAUKN9o.jpg) + +(Originally on Twitter: [Tue Jan 29 20:55:32 +0000 2019](https://twitter.com/adulau/status/1090352770329255937)) +---- +@rafi0t @circl_lu @cdnjs Depending if the user wants to give details about the version queried on the server side ;-) + +(Originally on Twitter: [Tue Jan 29 21:13:00 +0000 2019](https://twitter.com/adulau/status/1090357162956734464)) +---- +@mrmolley @circl_lu @rafi0t @cdnjs @Zeekurity Indeed it’s cool idea. We will do a @MISPProject module https://github.com/MISP/misp-modules as a first case. + +(Originally on Twitter: [Wed Jan 30 06:16:53 +0000 2019](https://twitter.com/adulau/status/1090494035003871233)) +---- +Lazy tweet, is there an exhaustive list of known anonymisation or pseudo-anonymisation techniques? The one of @caidaorg is pretty good https://www.caida.org/tools/taxonomy/anonymization.xml but if you know a good overview of all techniques, let me know. + +(Originally on Twitter: [Thu Jan 31 18:40:58 +0000 2019](https://twitter.com/adulau/status/1091043678305611777)) +---- +@caidaorg So here is the reason why I asked: https://mobile.twitter.com/MISPProject/status/1091271774279475200 feedback and updates to the MISP object is more than welcome. + +(Originally on Twitter: [Fri Feb 01 11:42:02 +0000 2019](https://twitter.com/adulau/status/1091300639211208704)) +---- +@MISPProject @Vecchi_Paolo @rafi0t Indeed. We could do even a #FOSDEM booth with all the open source security projects from @circl_lu with @MISPProject and @d4_project and all the open source projects, we are working on. + +(Originally on Twitter: [Sat Feb 02 10:36:58 +0000 2019](https://twitter.com/adulau/status/1091646652627238912)) +---- +@Vecchi_Paolo @MISPProject @rafi0t @circl_lu @d4_project Nice to see so many agencies (the ones which can be named and the ones which cannot be named) using and contributing more to open source security projects. + + +media/1091651843426578432-DyZTfoNWsAAZuBG.mp4 + +(Originally on Twitter: [Sat Feb 02 10:57:36 +0000 2019](https://twitter.com/adulau/status/1091651843426578432)) +---- +RT @MISPProject: MISP 2.4.102 released (aka bug fixes and #FOSDEM release) with multiple improvements in sighting support, new types added,… + +(Originally on Twitter: [Sun Feb 03 10:48:10 +0000 2019](https://twitter.com/adulau/status/1092011859866238977)) +---- +The MISP standard core format for information sharing of intelligence is a gradual work we did based on a practical implementation and the reality of information sharing communities. We just released the 7th revision of the Internet-Draft. +https://tools.ietf.org/html/draft-dulaunoy-misp-core-format-07 + +(Originally on Twitter: [Sun Feb 03 15:16:57 +0000 2019](https://twitter.com/adulau/status/1092079501733957632)) +---- +A series of complementary Internet-Draft for @MISPProject are also regularly published and updated such as the MISP galaxy format + https://datatracker.ietf.org/doc/draft-dulaunoy-misp-galaxy-format/ which are used to expand meta-data on MISP standard core format. A public library is included by https://www.misp-project.org/galaxy.html + +(Originally on Twitter: [Sun Feb 03 15:19:21 +0000 2019](https://twitter.com/adulau/status/1092080105315360770)) +---- +The MISP taxonomy format is also described in an Internet-Draft https://datatracker.ietf.org/doc/draft-dulaunoy-misp-taxonomy-format/ which allows everyone to create simple triple tags libraries or reuse/extend the existing ones. The default library include more than 90 taxonomies https://www.misp-project.org/taxonomies.html + +(Originally on Twitter: [Sun Feb 03 15:21:19 +0000 2019](https://twitter.com/adulau/status/1092080599983181824)) +---- +To easily extend the data structure in MISP, you can describe your own objects template and the format is also an Internet-Draft +https://datatracker.ietf.org/doc/draft-dulaunoy-misp-object-template-format/ and the libraries of object templates more than 110 default templates https://www.misp-project.org/objects.html and 127 relationships. + +(Originally on Twitter: [Sun Feb 03 15:25:23 +0000 2019](https://twitter.com/adulau/status/1092081623535898626)) +---- +The design philosophy behind is bound to practical implementations. Each Internet-Draft provides the basis to reuse part of the MISP formats in other software (proprietary or open source) with a minimal effort. No need to implement the full stack to cover your integrations. + +(Originally on Twitter: [Sun Feb 03 15:27:52 +0000 2019](https://twitter.com/adulau/status/1092082248780783616)) +---- +@netsensei https://github.com/wireapp is a good alternative. The main issue is bridging with non-wire users such as whatsapp. + +(Originally on Twitter: [Sun Feb 03 16:01:15 +0000 2019](https://twitter.com/adulau/status/1092090649443266562)) +---- +@wireghoul @isostandards @k8em0 IMHO Maybe the best would be to (re)publish the ISO 29147 as Internet-Draft (later as RFC). This will allow to make it freely accessible and updating the document without passing through the ISO bureaucratic process. + +(Originally on Twitter: [Sun Feb 03 16:45:39 +0000 2019](https://twitter.com/adulau/status/1092101821609492481)) +---- +@SushiDude @wireghoul @isostandards @k8em0 At least the Internet-Draft is still there and publicly accessible https://tools.ietf.org/html/draft-christey-wysopal-vuln-disclosure-00 - The ISO process is just siphoning the documents and putting it behind a paywall. By the way, the I-D was really good and bootstraped many initiatives. Thanks for the work. + +(Originally on Twitter: [Sun Feb 03 18:33:09 +0000 2019](https://twitter.com/adulau/status/1092128876099239936)) +---- +@k8em0 @SushiDude @wireghoul @isostandards The ISO documents cannot be redistributed. The documents are watermarked with your name and even within the same organisation you have to buy personal version of the document. At least it was the case with the 270xx series (except the 1). + +(Originally on Twitter: [Sun Feb 03 19:11:29 +0000 2019](https://twitter.com/adulau/status/1092138524458041345)) +---- +@PaulWebSec Maybe the written story is just a partial story of the perceived reality. The untold story is maybe a bit more sad. + +(Originally on Twitter: [Sun Feb 03 20:20:20 +0000 2019](https://twitter.com/adulau/status/1092155848468647937)) +---- +@MITREattack In my wish list, could you provide a simple ReST API? 😉 + +(Originally on Twitter: [Mon Feb 04 16:02:40 +0000 2019](https://twitter.com/adulau/status/1092453394319622144)) +---- +RT @angealbertini: "Draw me an exploit", by @ifsecure +https://googleprojectzero.blogspot.com/2019/02/the-curious-case-of-convexity-confusion.html ![](media/1092908682453626881-DyqjkuFXcAIC5AR.jpg) + +(Originally on Twitter: [Tue Feb 05 22:11:49 +0000 2019](https://twitter.com/adulau/status/1092908682453626881)) +---- +@Firion4ik An internet access is a requirement for the AIL setup. See you tomorrow + +(Originally on Twitter: [Wed Feb 06 12:45:57 +0000 2019](https://twitter.com/adulau/status/1093128664731078657)) +---- +@Jay3141592653 @MISPProject @Vecchi_Paolo @taosecurity @cnoanalysis @Mandiant @CrowdStrike This is indeed a risk but getting information with a public audit trail of who and when changes were proposed and merged might be more useful and less risky than the current random naming approach. + +(Originally on Twitter: [Wed Feb 06 23:11:21 +0000 2019](https://twitter.com/adulau/status/1093286049621651456)) +---- +During the AIL training, a good question from the crowd about tracking small images from collected information. So we tested live, we discovered a huge set of custom PHP WebShell all reusing the same icon image encoded in base64. Pivot can be anything & you never know in advance. ![](media/1093552960410390533-Dy0TItjX0AAqech.jpg) + +(Originally on Twitter: [Thu Feb 07 16:51:57 +0000 2019](https://twitter.com/adulau/status/1093552960410390533)) +---- +@neu5ron @circl_lu This is the graphing part of AIL https://github.com/CIRCL/AIL-framework + +(Originally on Twitter: [Thu Feb 07 18:14:25 +0000 2019](https://twitter.com/adulau/status/1093573713277132800)) +---- +@ClausHoumann @circl_lu So from a collection of pasties and crawled website, we can find out all the phpshells because these all reuse the same small icons embedded as base64 in the code. AIL has a functionality to brute force decode all hex, bin and base64 encountered in any analysed content. + +(Originally on Twitter: [Thu Feb 07 21:02:29 +0000 2019](https://twitter.com/adulau/status/1093616008621948940)) +---- +@0xtf @xj220 @circl_lu @MISPProject @d4_project Thank you but I'm also a simple human. + +(Originally on Twitter: [Thu Feb 07 21:59:12 +0000 2019](https://twitter.com/adulau/status/1093630280953409537)) +---- +RT @MITREattack: We're trying something new for our next adversary emulation plan on APT29. We invite the community to contribute #threatin… + +(Originally on Twitter: [Thu Feb 07 22:19:26 +0000 2019](https://twitter.com/adulau/status/1093635373043990528)) +---- +@ater49 @Iglocska @0xtf @xj220 @circl_lu @MISPProject @d4_project Not sure why but I feel some pressure. Nowadays people are pushing too much confidence in the Voight-Kampff test. + + +media/1093764276651782144-Dy3UzmTXQAAJzaI.mp4 + +(Originally on Twitter: [Fri Feb 08 06:51:39 +0000 2019](https://twitter.com/adulau/status/1093764276651782144)) +---- +"A Manually-Curated Dataset of Fixes to Vulnerabilities of Open-Source Software" https://arxiv.org/pdf/1902.02595.pdf "dataset has been successfully used to train classifiers that could automatically identify security-relevant commits in code repositories." ![](media/1093800883207487488-Dy313KlWkAAgBSN.jpg) + +(Originally on Twitter: [Fri Feb 08 09:17:07 +0000 2019](https://twitter.com/adulau/status/1093800883207487488)) +---- +RT @d4_project: Curious about the @d4_project ? Here is the first slide deck (given at SUNET in Stockholm) explaining what we want to achie… + +(Originally on Twitter: [Fri Feb 08 10:15:01 +0000 2019](https://twitter.com/adulau/status/1093815454416687106)) +---- +@JackRhysider Notify the CSIRTs via @FIRSTdotOrg or/and @tfcsirt + +(Originally on Twitter: [Fri Feb 08 19:09:57 +0000 2019](https://twitter.com/adulau/status/1093950076655988736)) +---- +@lukOlejnik Many European countries have significant DNA databases which are regularly linked to national IDs and accessible to law enforcement. + +(Originally on Twitter: [Sat Feb 09 09:42:15 +0000 2019](https://twitter.com/adulau/status/1094169597643812864)) +---- +@DbgShell @circl_lu @d4_project @MISPProject A first pre-pre-alpha version is available https://github.com/D4-project/analyzer-d4-passivedns more to come very soon. + +(Originally on Twitter: [Sun Feb 10 12:56:05 +0000 2019](https://twitter.com/adulau/status/1094580764887445505)) +---- +Just published an updated version of the I-D passive dns common output format https://datatracker.ietf.org/doc/draft-dulaunoy-dnsop-passive-dns-cof/ the format is stable for the past years and used at various places. Thanks to all who contributed a lot such as Aaron Kaplan and @paulvixie + +(Originally on Twitter: [Sun Feb 10 13:01:36 +0000 2019](https://twitter.com/adulau/status/1094582152988164096)) +---- +I’m often asked why I put stickers on my laptop. There are multiple reasons but the core ones are devaluating the economical value of the laptop (robbers are less attracted), making it more difficult to unscrew and starting discussions in public transportations. ![](media/1094609501939027969-DzDVh1IWwAApyXJ.jpg) + +(Originally on Twitter: [Sun Feb 10 14:50:16 +0000 2019](https://twitter.com/adulau/status/1094609501939027969)) +---- +@cocaman and hosted at Online SAS... some takedowns notification will be sent. + +(Originally on Twitter: [Sun Feb 10 17:24:09 +0000 2019](https://twitter.com/adulau/status/1094648228765671425)) +---- +@evematringe @eromang @circl_lu @GOVCERT_ETAT_LU It’s someone sending RDS TMC messages. As long you have a FM receiver able to decode RDS TMC, you can get such alert. Maybe someone as a transmitter in a car... + +(Originally on Twitter: [Mon Feb 11 07:11:42 +0000 2019](https://twitter.com/adulau/status/1094856487200014341)) +---- +RT @r00tbsd: Today, I released something a little bit different: an open source oil pumpjack https://blog.talosintelligence.com/2019/02/oil-pumpjack.html we provide the .stl (f… + +(Originally on Twitter: [Mon Feb 11 16:32:20 +0000 2019](https://twitter.com/adulau/status/1094997572576530444)) +---- +RT @lavados: Finally, our SGX Malware paper is on #arXiv (https://arxiv.org/abs/1902.03256) and the PoC on #Github (https://github.com/sgxrop/sgxrop) for eve… + +(Originally on Twitter: [Tue Feb 12 08:55:22 +0000 2019](https://twitter.com/adulau/status/1095244963540013056)) +---- +@metaconflict @Vecchi_Paolo @Forbes http://wikipedia.org ? + +(Originally on Twitter: [Tue Feb 12 16:26:16 +0000 2019](https://twitter.com/adulau/status/1095358435263168513)) +---- +RT @MISPProject: Thanks to all our contributors which make MISP project, a reality! https://www.misp-project.org/contributors/ if you want to see your avatar… + +(Originally on Twitter: [Tue Feb 12 21:37:01 +0000 2019](https://twitter.com/adulau/status/1095436636974956547)) +---- +@likethecoins @ianmcshane @jwunder I even remember when and where they understood the username. We had a good laugh with @Iglocska . + +(Originally on Twitter: [Wed Feb 13 19:18:04 +0000 2019](https://twitter.com/adulau/status/1095764057834094592)) +---- +RT @MITREattack: Sub-techniques, a new tactic, a new approach to mitigations, a hint about ATT&CKcon 2019, and more. Check out @jwunder's p… + +(Originally on Twitter: [Fri Feb 15 20:25:13 +0000 2019](https://twitter.com/adulau/status/1096505734605557762)) +---- +As we really like the matrix-like approach used in @MITREattack , we decided to generalise the model in @MISPProject to support custom models as matrix-like MISP galaxies. We did one "Security of Election Technology" based on the NIS cooperation group publication. #ThreatIntel ![](media/1096521547874004992-DzefG2ZWkAEiI3Y.png) + +(Originally on Twitter: [Fri Feb 15 21:28:04 +0000 2019](https://twitter.com/adulau/status/1096521547874004992)) +---- +This will be available in the next release of MISP (2.4.103). Such model are described just like any MISP galaxy https://www.misp-project.org/galaxy.html#_election_guidelines with some additional information in the JSON to describe the kill-chain-order to be used to sort the matrix. ![](media/1096522707326390272-DzehgRYWoAA5gWI.jpg) + +(Originally on Twitter: [Fri Feb 15 21:32:40 +0000 2019](https://twitter.com/adulau/status/1096522707326390272)) +---- +@vladimir_metnew If I can do it without attribution, I’ll backdoor my own repositories. + +(Originally on Twitter: [Sat Feb 16 08:29:29 +0000 2019](https://twitter.com/adulau/status/1096687999117651968)) +---- +Reading specs of Activity Streams 2.0 (& original 1.0 in JSON format), Using JSON-LD introduced a huge complexity? Reading chat-logs https://www.w3.org/2018/10/26-json-ld-minutes.html A format should be doing well what it's supposed to do "activity stream" not building graphs in a stateless stream IMHO. ![](media/1096711566764978177-DzhLyz2XQAAndrR.png) + +(Originally on Twitter: [Sat Feb 16 10:03:08 +0000 2019](https://twitter.com/adulau/status/1096711566764978177)) +---- +RT @Wikimedia_Fr: Que d'erreurs en un paragraphe... @Challenges @ladech @JeanMarieCAVADA https://www.challenges.fr/entreprise/comment-google-et-les-gafa-ont-tisse-leur-toile-a-bruxelles_641937 ![](media/1096765882506850304-Dzh80MyWkAA9HLL.png) + +(Originally on Twitter: [Sat Feb 16 13:38:57 +0000 2019](https://twitter.com/adulau/status/1096765882506850304)) +---- +RT @MISPProject: "Taxonomy driven indicator scoring in MISP threat intelligence platforms" +https://arxiv.org/abs/1902.03914 we did further research… + +(Originally on Twitter: [Sun Feb 17 10:13:17 +0000 2019](https://twitter.com/adulau/status/1097076512564613122)) +---- +I just released a new version of the DomainClassifier python library to extract location, IP and domains from potential hostnames discovered in unstructured text and improved the domain malicious ranking relying on the new @d4_project BGP Ranking https://github.com/adulau/DomainClassifier ![](media/1097084296270135296-DzmfJ-CWwAIhNOf.png) + +(Originally on Twitter: [Sun Feb 17 10:44:13 +0000 2019](https://twitter.com/adulau/status/1097084296270135296)) +---- +@rafi0t I don't know why but I recalled this image when seeing the heat-map of @Iglocska + + +media/1097166951107969024-DznrTFFX4AU-7tV.mp4 + +(Originally on Twitter: [Sun Feb 17 16:12:40 +0000 2019](https://twitter.com/adulau/status/1097166951107969024)) +---- +@Iglocska @rafi0t + + +media/1097167774982565889-DznsKpMWoAAN2nj.mp4 + +(Originally on Twitter: [Sun Feb 17 16:15:56 +0000 2019](https://twitter.com/adulau/status/1097167774982565889)) +---- +Don’t forget that bureaucratic processes are not there for progress but just to ensure established powers to remain. + +(Originally on Twitter: [Mon Feb 18 18:41:54 +0000 2019](https://twitter.com/adulau/status/1097566895820156928)) +---- +RT @alexanderjaeger: Finally, after waiting for a long time I get to talk about #api and it's role in #dfir and referencing some aspecrs o… + +(Originally on Twitter: [Tue Feb 19 11:52:37 +0000 2019](https://twitter.com/adulau/status/1097826282593767424)) +---- +RT @ifsecure: The default Flash whitelist in Edge (https://bugs.chromium.org/p/project-zero/issues/detail?id=1722) really surprised me. So many sites for which I'm completely baf… + +(Originally on Twitter: [Tue Feb 19 17:15:19 +0000 2019](https://twitter.com/adulau/status/1097907495505399808)) +---- +@bondankit07 @blackswanburst @skier_t @FIRSTdotOrg Yeah! we will see you there. We (@Iglocska and I) are giving a @MISPProject training at @FIRSTdotOrg conference. + +(Originally on Twitter: [Thu Feb 21 16:17:49 +0000 2019](https://twitter.com/adulau/status/1098617798681681920)) +---- +RT @oxinabox_frames: I am not impressed when a paper I am reviewing says "We plan to release the code". +Release it now, the chance of never… + +(Originally on Twitter: [Thu Feb 21 16:34:59 +0000 2019](https://twitter.com/adulau/status/1098622121960505346)) +---- +RT @MISPProject: MISP includes a very versatile event graph functionality. A quick video to show most of the capabilities to help and suppo… + +(Originally on Twitter: [Fri Feb 22 10:33:33 +0000 2019](https://twitter.com/adulau/status/1098893548420771840)) +---- +@cocaman @circl_lu @MISPProject It’s the default private community. It’s one of the ~10 communities that @circl_lu runs. Maybe we should do a longer paper with the analytics. + +(Originally on Twitter: [Fri Feb 22 16:16:30 +0000 2019](https://twitter.com/adulau/status/1098979854844858369)) +---- +RT @Cybersec_EU: Are you an open source software ethical #hacker? We invite you to find #security vulnerabilities in open source software w… + +(Originally on Twitter: [Fri Feb 22 16:22:44 +0000 2019](https://twitter.com/adulau/status/1098981425573969921)) +---- +Digging into various scanning attempts in the black-hole networks, I saw some scanning towards QUIC protocol (UDP/443). If you are interested about the research performed by RWTH Aachen https://datatracker.ietf.org/meeting/101/materials/slides-101-maprg-a-first-look-at-quic-in-the-wild-00 and https://quic.netray.io/stats.html ![](media/1099036533481504768-D0CPXfCWkAEUxI7.png) + +(Originally on Twitter: [Fri Feb 22 20:01:43 +0000 2019](https://twitter.com/adulau/status/1099036533481504768)) +---- +Some Chinese dudes scanning for Valve Source servers. Maybe looking for some old vulnerable servers? https://insomnihack.ch/wp-content/uploads/2017/04/AC_remote_exploitation_of_valve_source.pdf ![](media/1099040249798410240-D0CRYg_WkAMVjgr.jpg) + +(Originally on Twitter: [Fri Feb 22 20:16:29 +0000 2019](https://twitter.com/adulau/status/1099040249798410240)) +---- +Nowadays, many security researchers are scanning Internet for various measurements. Such as DNS request to find open resolvers from http://or.mkorczynski.com/ but it's also a great way to find papers on the topic https://scholar.google.com/scholar?hl=en&as_sdt=0%2C5&q=Maciej+Korczynski&btnG= + +(Originally on Twitter: [Fri Feb 22 20:27:21 +0000 2019](https://twitter.com/adulau/status/1099042982983028738)) +---- +Gaming and scanning are still the best friends. Many scans from Russian IP address spaces to scan for Avalon RP | CWRP | RU server. Building list of servers to connect to by scanning Internet? It sounds a bit overkill. ![](media/1099046560296521734-D0CYBUxXQAAJ9hF.png) + +(Originally on Twitter: [Fri Feb 22 20:41:33 +0000 2019](https://twitter.com/adulau/status/1099046560296521734)) +---- +RT @MISPProject: "Building a large scale Intrusion Detection System using Big Data technologies" https://pos.sissa.it/327/014/pdf integrating @MISP… + +(Originally on Twitter: [Fri Feb 22 22:59:47 +0000 2019](https://twitter.com/adulau/status/1099081347556171778)) +---- +RT @cyb3rops: I updated the #YARA performance guidelines by adding new advices and rephrasing some paragraphs +https://gist.github.com/Neo23x0/e3d4e316d7441d9143c7 https… + +(Originally on Twitter: [Sat Feb 23 13:55:50 +0000 2019](https://twitter.com/adulau/status/1099306846421176320)) +---- +You can even find new open source libraries while looking at black-hole monitoring network captures. Such as liboping which adds a reference to their website and repository http://octo.it/liboping/ in the ICMP payload. ![](media/1099702552629776385-D0LtF1IWsAA7h1l.png) + +(Originally on Twitter: [Sun Feb 24 16:08:14 +0000 2019](https://twitter.com/adulau/status/1099702552629776385)) +---- +DHT queries (UDP/6881) are still around. I see regular find_node in the black-hole captures. The BitTorrent DHT (Kademlia) protocol specification gives some ideas on how to build a honeypot? http://www.bittorrent.org/beps/bep_0005.html - done as security research done in 2010 https://www.cs.helsinki.fi/u/lxwang/publications/security.pdf ![](media/1099709748151312384-D0LzU8wWwAEU1ll.png) + +(Originally on Twitter: [Sun Feb 24 16:36:50 +0000 2019](https://twitter.com/adulau/status/1099709748151312384)) +---- +RT @plusvic: YARA 3.9.0 has been released. Multiple bug fixes, including a denial of service for those using the "dex" module. Tanks to @Ta… + +(Originally on Twitter: [Mon Feb 25 13:15:34 +0000 2019](https://twitter.com/adulau/status/1100021486880985088)) +---- +RT @ashitaka007: #responsible #disclosure, we analyzed the validation of #signatures in #pdf #viewer and #online #services, we found out th… + +(Originally on Twitter: [Mon Feb 25 16:33:37 +0000 2019](https://twitter.com/adulau/status/1100071326432313344)) +---- +RT @MISPProject: PyMISP and misp-modules now include a new versatile PDF export of MISP events. https://github.com/MISP/misp-modules/ Thanks to Vincent F… + +(Originally on Twitter: [Mon Feb 25 20:44:22 +0000 2019](https://twitter.com/adulau/status/1100134430054731780)) +---- +RT @MISPProject: Don't forget Thursday & Friday, @adulau & @Iglocska will give a 2-day session training/workshop about MISP, threat intelli… + +(Originally on Twitter: [Mon Feb 25 21:41:17 +0000 2019](https://twitter.com/adulau/status/1100148754420822017)) +---- +The crazy idea of @gallypette for solving the captcha on Tor onion services. Improving reading of child by doing captcha solving during after-school sessions. This would be indeed a good way to co-finance after-schooling staff. + +(Originally on Twitter: [Tue Feb 26 14:16:27 +0000 2019](https://twitter.com/adulau/status/1100399196396351489)) +---- +@S_Team_Approved @gallypette We know that but we propose to move the jobs to children in our countries to make it more efficient and used it as a local education program. + +(Originally on Twitter: [Tue Feb 26 14:25:17 +0000 2019](https://twitter.com/adulau/status/1100401417704005632)) +---- +RT @Shiftreduce: @DamskyIrena @malpedia @mal_share misp +https://www.circl.lu/services/misp-malware-information-sharing-platform/ +cc +@adulau @rafi0t + +(Originally on Twitter: [Wed Feb 27 14:38:29 +0000 2019](https://twitter.com/adulau/status/1100767130931343360)) +---- +@Viking_Sec Henry David Thoreau or André Gorz. + +(Originally on Twitter: [Wed Feb 27 17:46:51 +0000 2019](https://twitter.com/adulau/status/1100814535206862849)) +---- +@Serianox_ C’est vrai que continuer à utiliser du 2G pour les infrastructures critiques c’est plus sûr..... + +(Originally on Twitter: [Thu Feb 28 07:28:11 +0000 2019](https://twitter.com/adulau/status/1101021227999744000)) +---- +@0xtf @ateixei Send a DM with your address. I remember a pool was sent but not sure if all arrived at the right place... + +(Originally on Twitter: [Thu Feb 28 15:02:59 +0000 2019](https://twitter.com/adulau/status/1101135680820916226)) +---- +RT @ateixei: @adulau @0xtf Amazing what you guys (and the community) have built with MISP. Thanks for the workshop! 👍 + +(Originally on Twitter: [Thu Feb 28 17:18:37 +0000 2019](https://twitter.com/adulau/status/1101169815459450886)) +---- +@mrmolley @MISPProject @Iglocska @OttoGroup_Com One next week at GSMA and then another training during @FIRSTdotOrg CTI TC. https://www.misp-project.org/events/ + +(Originally on Twitter: [Thu Feb 28 18:44:39 +0000 2019](https://twitter.com/adulau/status/1101191466020421633)) +---- +A funky technique when you are stuck while doing intelligence analysis. Random input from a dictionary... ![](media/1101823659008839685-D0p2w98XgAAhtAz.jpg) + +(Originally on Twitter: [Sat Mar 02 12:36:45 +0000 2019](https://twitter.com/adulau/status/1101823659008839685)) +---- +RT @MISPProject: If you want to create your own matrix-like MISP galaxy such as @MITREattack or the election guidelines, training slides up… + +(Originally on Twitter: [Sun Mar 03 17:02:35 +0000 2019](https://twitter.com/adulau/status/1102252946027433989)) +---- +Encoded as a @MISPProject event, the recent & exhaustive analysis "The Supreme Backdoor Factory" by @dfir_it - PDF export of the MISP event (new module from @VincentFALCONI3) http://www.foo.be/misp/osint-the-backdoor-factory/osint-the-surpreme-backdoor-factory.pdf - MISP JSON http://www.foo.be/misp/osint-the-backdoor-factory/5c7c0198-81b0-41d8-9839-4c4d02de0b81.json why we love simple & compact open standards. ![](media/1102264102813081602-D0wGlyxXcAALX-b.jpg) + +(Originally on Twitter: [Sun Mar 03 17:46:55 +0000 2019](https://twitter.com/adulau/status/1102264102813081602)) +---- +RT @DFNCERT: Thank you so much @Iglocska and @adulau for giving yet another awesome @MISPProject training here in Hamburg last week. You gu… + +(Originally on Twitter: [Mon Mar 04 10:59:54 +0000 2019](https://twitter.com/adulau/status/1102524059538128897)) +---- +@DPRamone @wimremes @treyka @shrekts One of the objective was to ensure that members state got at least a risk assessment plan available in their national cybersecurity strategy and for the OES. There is no mandatory model. In Luxembourg, it’s often @MONARCproject model applied for the State and OES. + +(Originally on Twitter: [Mon Mar 04 15:10:04 +0000 2019](https://twitter.com/adulau/status/1102587015583928320)) +---- +@wimremes @DPRamone @treyka @shrekts @MONARCproject Yep especially that ISO 27k can be sometime inappropriate for some OES or overkill for some other sectors which already have specific risk models. You know the statement “all models are wrong but some can be useful”. + +(Originally on Twitter: [Mon Mar 04 15:16:53 +0000 2019](https://twitter.com/adulau/status/1102588732333539330)) +---- +Dans la lettre d’ @EmmanuelMacron il propose la creation d’une agence pour protéger les élections comme les “cyberattaques” mais pourquoi ne pas donner plus de pouvoir à @enisa_eu pour agir de façon opérationnelle dans le domaine de la sécurité. #moreEU ![](media/1102664966354669574-D01z73nXgAgKTfx.jpg) + +(Originally on Twitter: [Mon Mar 04 20:19:49 +0000 2019](https://twitter.com/adulau/status/1102664966354669574)) +---- +@ldelavaissiere @EmmanuelMacron @enisa_eu Si on veut faire une Europe performante en sécurité informatique, il va falloir donner des moyens et surtout faire abstraction des questions de souveraineté entres les pays membres. On est encore loin de l’Europe fédérale qui pourrait créer une cohésion sur ce genre de sujet. + +(Originally on Twitter: [Mon Mar 04 20:37:20 +0000 2019](https://twitter.com/adulau/status/1102669376262680577)) +---- +@ater49 @ldelavaissiere @EmmanuelMacron @enisa_eu Oui il y a plusieurs réseaux officiels (et officieux) pour le partage d'information incluant des IoC. Mais cela reste souvent assez asymétrique... Néanmoins je reste assez optimiste voyant l'évolution positive des dernières années. + +(Originally on Twitter: [Mon Mar 04 22:22:56 +0000 2019](https://twitter.com/adulau/status/1102695951217713152)) +---- +@FabianRODES @argevise @EmmanuelMacron @enisa_eu @matthieugarin En fait la proposition de E. Macron va aussi dans un sens stratégie et opérationnel dans une même agence. L’ANSSI au niveau national est aussi opérationnel et stratégique en même temps. + +(Originally on Twitter: [Tue Mar 05 17:29:23 +0000 2019](https://twitter.com/adulau/status/1102984464915984385)) +---- +I just scratched the surface of Ghidra and tested it with some Gafgyt variants. It works pretty well, the decompiler is very decent. The graph view is also usable compared to many others I used for the past years. https://github.com/NationalSecurityAgency/ghidra Thanks to @NSAGov for the release. ![](media/1103189728072028160-D09Ld5SWoAEpIQs.jpg) + +(Originally on Twitter: [Wed Mar 06 07:05:02 +0000 2019](https://twitter.com/adulau/status/1103189728072028160)) +---- +RT @tom_seddon: Managed to cobble together some slightly improved (I think??) 6502 support for Ghidra: https://github.com/tom-seddon/ghidra_6502 - hopefully… + +(Originally on Twitter: [Wed Mar 06 17:57:36 +0000 2019](https://twitter.com/adulau/status/1103353952580653056)) +---- +RT @MISPProject: MISP 2.4.103 has been released including major UI improvements, many new features and a security fix for CVE-2019-9482 (re… + +(Originally on Twitter: [Thu Mar 07 12:04:09 +0000 2019](https://twitter.com/adulau/status/1103627393061797889)) +---- +RT @d4_project: The new D4 sensor "Extract TLS certificates from pcap files or network interfaces, fingerprint TLS client/server interactio… + +(Originally on Twitter: [Thu Mar 07 15:09:45 +0000 2019](https://twitter.com/adulau/status/1103674101611286528)) +---- +I was wondering if the open source community will catch up with Ghidra but it seems many contributions appear already. Feel free to contribute more to the list: +https://gist.github.com/adulau/a3a0eefb7828d52747a9d247a82eeeef + +(Originally on Twitter: [Fri Mar 08 07:32:38 +0000 2019](https://twitter.com/adulau/status/1103921449968971776)) +---- +During the @MISPProject training in Hamburg, an insightful discussion with @mavam about Bloomfilter & similar data structures. We are still looking in a standard way to define those data structures at rest while importing these into NIDS, tools & others. @Suricata_IDS @Zeekurity + +(Originally on Twitter: [Sat Mar 09 07:50:19 +0000 2019](https://twitter.com/adulau/status/1104288288922370048)) +---- +@pbeyssac En effet, je cherche toujours les repo git de Thales avec les outils de ML en logiciel libre. https://facebook.ai/developers/tools https://opensource.google.com/projects/list/machine-learning https://www.tensorflow.org + +(Originally on Twitter: [Sat Mar 09 08:22:18 +0000 2019](https://twitter.com/adulau/status/1104296338685079553)) +---- +RT @mavam: @adulau @MISPProject @Suricata_IDS @Zeekurity Yeah, looking forward to putting together a framework for intel and sightings that… + +(Originally on Twitter: [Sat Mar 09 11:16:12 +0000 2019](https://twitter.com/adulau/status/1104340102334111744)) +---- +RT @kafeine: @MISPProject This new tagging UI is awesome (fast/smooth). Thanks !! (cc @Iglocska @adulau ) ![](media/1105051071846801408-D1XjI5uWoAAT7i6.png) + +(Originally on Twitter: [Mon Mar 11 10:21:21 +0000 2019](https://twitter.com/adulau/status/1105051071846801408)) +---- +@makflwana @kafeine @MISPProject @Iglocska If you have some good taxonomies, we welcome pull-requests like that everyone can benefit from these. + +(Originally on Twitter: [Mon Mar 11 11:42:55 +0000 2019](https://twitter.com/adulau/status/1105071601861693440)) +---- +@dcuthbert We did some technical work on the topic and release an open source toolset called AIL https://github.com/CIRCL/AIL-framework we have some ongoing work on image classification especially for the screenshots of the hidden services. @Terrtia @VincentFALCONI3 @circl_lu + +(Originally on Twitter: [Mon Mar 11 11:56:45 +0000 2019](https://twitter.com/adulau/status/1105075082290974720)) +---- +@dcuthbert @Terrtia @VincentFALCONI3 @circl_lu Can we do it remotely? + +(Originally on Twitter: [Mon Mar 11 16:27:12 +0000 2019](https://twitter.com/adulau/status/1105143144268660738)) +---- +RT @marc_etienne_: @r00tbsd 💯% agree. I looked at the CCleaner stuff and couldn't find anything that would indicate they share code. Both h… + +(Originally on Twitter: [Mon Mar 11 16:58:44 +0000 2019](https://twitter.com/adulau/status/1105151078755172360)) +---- +A new attribution-confidence meta field in the MISP threat-actor galaxy. Following challenging discussions surrounding attribution of threat actors, the scale is between 0-100. Default is 50 & values are re(evaluated) based on references. https://github.com/MISP/misp-galaxy/blob/master/clusters/threat-actor.json #ThreatIntel ![](media/1105193304298270720-D1Zti21WkAAkFBX.png) + +(Originally on Twitter: [Mon Mar 11 19:46:31 +0000 2019](https://twitter.com/adulau/status/1105193304298270720)) +---- +We know that is not perfect but it's better than nothing. If you have any ideas or feedback, feel free. The evaluation process of the references is still in infancy but it will be documented. + +(Originally on Twitter: [Mon Mar 11 19:55:53 +0000 2019](https://twitter.com/adulau/status/1105195661534945281)) +---- +RT @Aristot73: Position of the European Parliament adopted at first reading on 12 March 2019 with a view to the adoption of Regulation (EU)… + +(Originally on Twitter: [Tue Mar 12 19:29:29 +0000 2019](https://twitter.com/adulau/status/1105551402355642371)) +---- +AutoMacTC: Automated Mac Forensic Triage Collector - modular forensic triage collection framework designed to access various forensic artifacts on MacOS, parse them, and present them in formats viable for analysis. #DFIR https://github.com/CrowdStrike/automactc + +(Originally on Twitter: [Wed Mar 13 05:00:06 +0000 2019](https://twitter.com/adulau/status/1105695003190444032)) +---- +@k_sec @MISPProject Good question. From the @CFR_org meta fields (cfr-*), there is no differentiator between "suppliers" and "sponsors". On the other hand, if the information exists, we can add as an additional meta in the threat-actor MISP galaxy. + +(Originally on Twitter: [Thu Mar 14 04:45:36 +0000 2019](https://twitter.com/adulau/status/1106053742300938240)) +---- +RT @d4_project: "D4 Core Working Group meeting" Friday 24th March 2019 in Luxembourg +https://www.d4-project.org/open%20source/asn/history/2019/03/13/D4-Core-Working_Group.html + +(Originally on Twitter: [Thu Mar 14 05:10:02 +0000 2019](https://twitter.com/adulau/status/1106059891070984193)) +---- +RT @MISPProject: MISP (@Iglocska and @adulau from @circl_lu) will be at @FIRSTdotOrg Cyber Threat Intelligence Symposium https://t.co/XGqr… + +(Originally on Twitter: [Thu Mar 14 16:36:49 +0000 2019](https://twitter.com/adulau/status/1106232725869076481)) +---- +@bambenek Don’t forget to let us know when your book is out. + +(Originally on Twitter: [Thu Mar 14 19:51:35 +0000 2019](https://twitter.com/adulau/status/1106281741189373952)) +---- +RT @circl_lu: Due to popular request we created an additional @MISPProject training on 25 March. The training is focusing on Threat Intelli… + +(Originally on Twitter: [Fri Mar 15 08:29:32 +0000 2019](https://twitter.com/adulau/status/1106472485258694657)) +---- +RT @MarieGMoe: We are hiring! Do you want to join my team in Trondheim as a security researcher? RTs appreciated! #infosecjobs https://t.co… + +(Originally on Twitter: [Fri Mar 15 09:07:55 +0000 2019](https://twitter.com/adulau/status/1106482143813873664)) +---- +RT @0verfl0w_: I've finally got around to completing my first post on reversing #ISFB, specifically, unpacking and analyzing the first stag… + +(Originally on Twitter: [Fri Mar 15 10:26:02 +0000 2019](https://twitter.com/adulau/status/1106501804366446592)) +---- +@rtlinfo Pourriez-vous éviter de diffuser les images de propagande d’un terroriste ? ainsi que les écrits nazis et les références. Vous faites indirectement l’apologie de ces actes. Vous devriez parler des victimes uniquement et ne pas donner du support mediatique à ce criminel. + +(Originally on Twitter: [Fri Mar 15 18:13:06 +0000 2019](https://twitter.com/adulau/status/1106619343868252160)) +---- +I added a @MISPProject taxonomy called Flesch Reading Ease taxonomy to evaluate the reading difficulty of a document. https://www.misp-project.org/taxonomies.html#_flesch_reading_ease The objective is to use it more while sharing "intelligence" with multiple references to support receiving analysts in reference selection ![](media/1106853743340015617-D1xUPA7WoAAitgO.jpg) + +(Originally on Twitter: [Sat Mar 16 09:44:31 +0000 2019](https://twitter.com/adulau/status/1106853743340015617)) +---- +RT @remco_verhoef: @MISPProject @xme @radareorg @ProjectJupyter @sans_isc @rafi0t Updated the notebook with support for pipes. Each extract… + +(Originally on Twitter: [Sat Mar 16 13:16:59 +0000 2019](https://twitter.com/adulau/status/1106907213266866176)) +---- +RT @angealbertini: My experimental playground on file formats - merely a suggestion at this stage - it could change at any time. Don't expe… + +(Originally on Twitter: [Sun Mar 17 10:19:35 +0000 2019](https://twitter.com/adulau/status/1107224956914552832)) +---- +Glad to see practical outcomes after the bug bounty program funded by the @EU_Commission with the recent release of Putty https://www.chiark.greenend.org.uk/~sgtatham/putty/ which includes many security fixes. @Cybersec_EU + +(Originally on Twitter: [Sun Mar 17 17:14:50 +0000 2019](https://twitter.com/adulau/status/1107329457436704768)) +---- +"Shining a light on Spotlight: Leveraging Apple's desktop search utility to recover deleted file metadata on macOS" - https://arxiv.org/abs/1903.07053 #DFIR ![](media/1107949979686055937-D2A6kobXcAAPuB0.png) + +(Originally on Twitter: [Tue Mar 19 10:20:34 +0000 2019](https://twitter.com/adulau/status/1107949979686055937)) +---- +RT @MISPProject: Very interesting presentation and concept from Richard Struse which introduced sighting into @MITREattack to allow reporti… + +(Originally on Twitter: [Tue Mar 19 15:35:30 +0000 2019](https://twitter.com/adulau/status/1108029235380260864)) +---- +RT @likethecoins: It was a pleasure to present with @_whatshisface at the #FIRSTCTI Symposium! We discussed how you can use ATT&CK for #thr… + +(Originally on Twitter: [Wed Mar 20 09:54:46 +0000 2019](https://twitter.com/adulau/status/1108305875985465346)) +---- +We just found the superman of @MITREattack at the @FIRSTdotOrg #FIRSTCTI so you have no excuse to not use it. @pidgeyL ![](media/1108323500387942408-D2GOVF-XQAEpJYi.jpg) + +(Originally on Twitter: [Wed Mar 20 11:04:48 +0000 2019](https://twitter.com/adulau/status/1108323500387942408)) +---- +"The epidemiology of lateral movement: exposures and countermeasures with network contagion models" by Brian A. Powell - The balance between the practical and the academic perspective is refreshing. https://arxiv.org/pdf/1903.07741.pdf ![](media/1108329948941639681-D2GPx7jWoAAjpEg.png) + +(Originally on Twitter: [Wed Mar 20 11:30:26 +0000 2019](https://twitter.com/adulau/status/1108329948941639681)) +---- +Unpopular opinion in CTI "We created new incidents by detecting hashes in our infrastructure" A practical case where changing the hash of a signed Windows driver by collision can be costly for an attacker. Do you really want to drop hash detection? #firstcti + +(Originally on Twitter: [Wed Mar 20 12:14:29 +0000 2019](https://twitter.com/adulau/status/1108341036399714305)) +---- +RT @c_APT_ure: @likethecoins @adulau Interesting UC‘s + +Automation: detonation sandbox detects malicious email attach and distributes hashes… + +(Originally on Twitter: [Wed Mar 20 14:18:21 +0000 2019](https://twitter.com/adulau/status/1108372207439409162)) +---- +Some great points from @jessebowling especially why blocking scanners is useful. Reducing noise in traffic analysis, limiting benefit for adversaries to scan for open networks especially when sharing of these scanners are done efficiently by partners. #FIRSTCTI ![](media/1108425758341582849-D2HrV7cWkAUVjii.jpg) + +(Originally on Twitter: [Wed Mar 20 17:51:09 +0000 2019](https://twitter.com/adulau/status/1108425758341582849)) +---- +@mrmolley @Iglocska @MISPProject It’s mandatory taxonomy meaning at least one tag is required from that taxonomy. + +(Originally on Twitter: [Wed Mar 20 22:47:56 +0000 2019](https://twitter.com/adulau/status/1108500450481983488)) +---- +@mrmolley @Iglocska @MISPProject It was just an example. It works with any taxonomy. + +(Originally on Twitter: [Thu Mar 21 06:47:03 +0000 2019](https://twitter.com/adulau/status/1108621023367364608)) +---- +@Dave_Cochran The server is located in Europe (Luxembourg) and operated by @circl_lu CERT for the private sector in Luxembourg. The software behind is cve-search and it’s also fully open source. https://www.cve-search.org/ and I’m one of the author and admin of this service. I hope this helps. + +(Originally on Twitter: [Thu Mar 21 10:07:25 +0000 2019](https://twitter.com/adulau/status/1108671444567887873)) +---- +@cocaman @MISPProject We didn’t remove it but maybe the modules are not enabled on the instance. + +(Originally on Twitter: [Thu Mar 21 10:08:15 +0000 2019](https://twitter.com/adulau/status/1108671653981110272)) +---- +RT @circl_lu: We (@circl_lu @MISPProject and X-ISAC) published "Guidelines to setting up an information sharing community such as an ISAC… + +(Originally on Twitter: [Thu Mar 21 10:35:39 +0000 2019](https://twitter.com/adulau/status/1108678550025064448)) +---- +I think there are two major takeaways: The victim did a great job in incident respond. But on the other hand, the security vendors are just behind in automated and structured information sharing. The economical incentive for sharing is still too low. + +https://mobile.twitter.com/GossiTheDog/status/1108826736601587713 + +(Originally on Twitter: [Fri Mar 22 06:48:03 +0000 2019](https://twitter.com/adulau/status/1108983662517862401)) +---- +RT @circl_lu: Last call for signing up to next week's additional @MISPProject training in #Luxembourg: https://en.xing-events.com/QPILZTS. Hurry up, r… + +(Originally on Twitter: [Fri Mar 22 14:51:50 +0000 2019](https://twitter.com/adulau/status/1109105409397272576)) +---- +RT @jfslowik: Future trending filenames on VirusTotal: +Mueller report.docx +muellerReport.pdf.exe +MuellerReport.rar +MuellerReport.ace +Muelle… + +(Originally on Twitter: [Sat Mar 23 08:38:26 +0000 2019](https://twitter.com/adulau/status/1109373829082763264)) +---- +RT @d4_project: That's why the D4 Project releases open source tools. It's supporting the community which comes with other improvements suc… + +(Originally on Twitter: [Sun Mar 24 14:53:16 +0000 2019](https://twitter.com/adulau/status/1109830546660777985)) +---- +It’s always lovely to see people ranting about OpenPGP standards and proposing, at the end, an encrypted chat protocol. A kind reminder, RFC 4880 is not about a chat protocol. + +(Originally on Twitter: [Tue Mar 26 18:13:06 +0000 2019](https://twitter.com/adulau/status/1110605611564236801)) +---- +@quinnnorton Maybe pasta is just like tea. You have a huge spectrum of crappy industrial “tea” where at the end people drink hot water with sugar (and some even with millk). For pasta, it’s similar you need to eat the crappy pasta to really appreciate the 5% of very good ones. + +(Originally on Twitter: [Tue Mar 26 18:20:02 +0000 2019](https://twitter.com/adulau/status/1110607355106996224)) +---- +@X_Cli_Public This one is pretty good and a decent alternative. + +(Originally on Twitter: [Tue Mar 26 20:01:45 +0000 2019](https://twitter.com/adulau/status/1110632953200238592)) +---- +RT @alexanderjaeger: @adulau @quinnnorton I agree - but I have to admit that I am biased here... + +(Originally on Twitter: [Tue Mar 26 20:08:40 +0000 2019](https://twitter.com/adulau/status/1110634695535087618)) +---- +@malware_traffic This single piece of malware do 10 TCP handshakes to 10 different C&C servers located in 10 countries. + +(Originally on Twitter: [Wed Mar 27 06:28:01 +0000 2019](https://twitter.com/adulau/status/1110790558505713664)) +---- +RT @MISPProject: MISP 2.4.104 released with many new features and bugs fixed https://www.misp-project.org/2019/03/26/MISP.2.4.104.released.html including a new distribution graph, a… + +(Originally on Twitter: [Wed Mar 27 15:16:53 +0000 2019](https://twitter.com/adulau/status/1110923654278320129)) +---- +RT @certbund: Das #BSI-Projekt #EasyGPG unterstützt Mailprovider bei der automatisierten Erstellung, Anwendung und Verteilung des öffentlic… + +(Originally on Twitter: [Wed Mar 27 20:04:30 +0000 2019](https://twitter.com/adulau/status/1110996033646022656)) +---- +@Jipe_ I feel a huge “déjà vu” on the same repository and looking at the pull-request. I remember some dirty cherrypicking in the pull requests 😉 + +(Originally on Twitter: [Wed Mar 27 20:15:32 +0000 2019](https://twitter.com/adulau/status/1110998810988298241)) +---- +RT @_saadk: TheHive Project & @MISPProject have always been about helping each other out. We cannot fight back cybercrime and other more or… + +(Originally on Twitter: [Thu Mar 28 07:24:01 +0000 2019](https://twitter.com/adulau/status/1111167041518604290)) +---- +With all the EU member states freaking out about 5G network and the security of the associated equipments, maybe having an EU funded open source stack would be a good step for independence and an auditable supply-chain. + +(Originally on Twitter: [Thu Mar 28 12:20:32 +0000 2019](https://twitter.com/adulau/status/1111241660095217664)) +---- +RT @LaF0rge: @pfhllnts @adulau yes, that is RhE only rational conclusion if you want audit-ability and avoid any vendor lock-in. Unfortunat… + +(Originally on Twitter: [Thu Mar 28 21:28:14 +0000 2019](https://twitter.com/adulau/status/1111379495447986177)) +---- +@aurelsec @osalliance5g Indeed this one is interesting. Did the license change to an approved open source/free software licensed? I remember it was not the case at some point. + +(Originally on Twitter: [Fri Mar 29 05:45:32 +0000 2019](https://twitter.com/adulau/status/1111504641752223745)) +---- +@osalliance5g By the @fsf or the @OpenSourceOrg, I couldn’t find a reference on their website to the license included in your repository. + +(Originally on Twitter: [Fri Mar 29 06:26:38 +0000 2019](https://twitter.com/adulau/status/1111514987271544832)) +---- +@osalliance5g @fsf @OpenSourceOrg Is there any specific reason to not use a standard open source license? Just curious. + +(Originally on Twitter: [Fri Mar 29 07:08:55 +0000 2019](https://twitter.com/adulau/status/1111525627549626369)) +---- +"Touching the Untouchables - Dynamic Security Analysis of the LTE Control Plane" - LTEFuzz +https://sites.google.com/view/ltefuzz + +(Originally on Twitter: [Fri Mar 29 07:19:01 +0000 2019](https://twitter.com/adulau/status/1111528169587294209)) +---- +@GurbirSingh Sure. FLOSS has no boundaries. But the original idea was to make a practical proposal following the never-ending discussions at EU-level regarding mobile network infrastructure independence. + +(Originally on Twitter: [Sat Mar 30 07:57:22 +0000 2019](https://twitter.com/adulau/status/1111900208118534146)) +---- +Improving Passive DNS collection with @d4_project - It's still a work-in-progress, the alpha code works well but we have some crazy ideas to implement in a very near future. https://github.com/D4-project/architecture/blob/master/docs/workshop/4-passive-dns/d4-introduction.pdf ![](media/1112020788582985728-D26uCX1WkAMUCgt.jpg) + +(Originally on Twitter: [Sat Mar 30 15:56:31 +0000 2019](https://twitter.com/adulau/status/1112020788582985728)) +---- +@Iglocska @malwaremustd1e @circl_lu @SteveClement I cannot reproduce it.... I just added tlp:white on the event to have the event shared with everyone. Thanks for sharing. We will investigate and try to reproduce it. + +(Originally on Twitter: [Sun Mar 31 12:59:57 +0000 2019](https://twitter.com/adulau/status/1112338743887888385)) +---- +@zoobab It’s not even transposed by MS. So how is supposed to work? + +(Originally on Twitter: [Mon Apr 01 10:59:48 +0000 2019](https://twitter.com/adulau/status/1112670896030912512)) +---- +RT @MISPProject: MISP galaxy format updated to include new meta information for threat-actor (such as attribution-confidence) or ransomware… + +(Originally on Twitter: [Mon Apr 01 18:42:17 +0000 2019](https://twitter.com/adulau/status/1112787284779298817)) +---- +I’m really impressed by the commitment of contributors to the @MISPProject As an example, Olivier Bert is really pushing us to do better in Accessible Rich Internet Applications to have a platform accessible for everyone. https://github.com/MISP/MISP/commit/aef027c4b98ca4ded605b20c3d5ac6cc47eb3ce6 Thank you! + +(Originally on Twitter: [Wed Apr 03 05:19:43 +0000 2019](https://twitter.com/adulau/status/1113310084375957511)) +---- +@keydet89 @MISPProject @WyattRoersma @cyb3rops @MITREattack Indeed. I’m looking into the reference of the LNK binary format to create a MISP object template https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-SHLLINK/%5bMS-SHLLINK%5d.pdf what would be the most important fields to keep in a misp object? + +(Originally on Twitter: [Wed Apr 03 10:23:43 +0000 2019](https://twitter.com/adulau/status/1113386589328236544)) +---- +@keydet89 @MISPProject @WyattRoersma @cyb3rops @MITREattack There is a new MISP object template for LNK file https://www.misp-project.org/objects.html#_lnk - https://github.com/MISP/misp-objects/commit/aca06cec1ffbb3a092118e15a92152c51b14b408 - feedback or update are more than welcome. Thank you for the idea! ![](media/1113420989696811008-D3OpOHSWwAICtEz.jpg) + +(Originally on Twitter: [Wed Apr 03 12:40:24 +0000 2019](https://twitter.com/adulau/status/1113420989696811008)) +---- +RT @keydet89: @adulau @MISPProject @WyattRoersma @cyb3rops @MITREattack Very cool! Now, to ( a ) get teams to understand the value of LNK… + +(Originally on Twitter: [Wed Apr 03 12:45:09 +0000 2019](https://twitter.com/adulau/status/1113422181139210240)) +---- +@jedisct1 Take care! + +(Originally on Twitter: [Thu Apr 04 05:07:57 +0000 2019](https://twitter.com/adulau/status/1113669514040942592)) +---- +@evematringe @Korben Il me semble que @Developpez fait de l'interprétation sensationnelle. Le texte originale est plus nuancé: ![](media/1113674857642901504-D3SRYDwWkAEHoIV.jpg) + +(Originally on Twitter: [Thu Apr 04 05:29:11 +0000 2019](https://twitter.com/adulau/status/1113674857642901504)) +---- +Funky hypothetical question. A Tor client is using DoH DNS over HTTPs towards one of the centralised name server. So the DNS providers can aggregate all DNS queries (as the exit node IP addresses are known) from a single Tor user? @paulvixie @torproject + +(Originally on Twitter: [Thu Apr 04 14:35:17 +0000 2019](https://twitter.com/adulau/status/1113812285422804993)) +---- +@DgLeukocyte @MISPProject This recent example of a generic CSV to object might be useful https://github.com/MISP/PyMISP/commit/e5a42b812f2ce60dc00e124aebdc82b4ca9b8c66 especially the example script where it adds objects to an event. I hope this helps. + +(Originally on Twitter: [Fri Apr 05 04:44:37 +0000 2019](https://twitter.com/adulau/status/1114026027934679040)) +---- +@dietervds https://www.cve-search.org/api/ and it’s hosted by @circl_lu + +(Originally on Twitter: [Fri Apr 05 11:02:32 +0000 2019](https://twitter.com/adulau/status/1114121134256066560)) +---- +@dietervds @circl_lu No worries. We might include it in cve-search at some point. + +(Originally on Twitter: [Fri Apr 05 11:32:02 +0000 2019](https://twitter.com/adulau/status/1114128560363646976)) +---- +RT @d4_project: We released the Passive DNS analyzer (v0.1) for @d4_project sensor which includes a complete Passive DNS server. We also co… + +(Originally on Twitter: [Fri Apr 05 14:58:57 +0000 2019](https://twitter.com/adulau/status/1114180630114390017)) +---- +@jfslowik Does the fear of a VT becoming more and more limited for typical researchers will become a reality soon? + +(Originally on Twitter: [Tue Apr 09 15:16:45 +0000 2019](https://twitter.com/adulau/status/1115634659906469889)) +---- +RT @jfslowik: @adulau I think that's definitely the case even if moves so far have been to further monetize the dataset through tiered acce… + +(Originally on Twitter: [Tue Apr 09 15:42:18 +0000 2019](https://twitter.com/adulau/status/1115641091842297856)) +---- +@CYINT_dude @MISPProject We do at work and we are working on another export to ease the generation of YARA rulesets from any MISP attributes in addition to the standard YARA type. It might address some shortcomings very soon. + +(Originally on Twitter: [Wed Apr 10 13:13:31 +0000 2019](https://twitter.com/adulau/status/1115966034807332864)) +---- +@CYINT_dude @MISPProject Indeed the rule editing is a good point. We should look into it. I’ll open an issue. Thanks for the feedback. + +(Originally on Twitter: [Wed Apr 10 13:23:49 +0000 2019](https://twitter.com/adulau/status/1115968629173100545)) +---- +RT @chriseng: What the labor market actually looks like in bug bounties today. @k8em0 #TheSAS2019 ![](media/1115969066253025280-D3xeQ9IXoAI7TBF.jpg) + +(Originally on Twitter: [Wed Apr 10 13:25:33 +0000 2019](https://twitter.com/adulau/status/1115969066253025280)) +---- +RT @MISPProject: About @MISPProject knowledge base regarding #ransomware, a new ransomware taxonomy has been added and the ransomware galax… + +(Originally on Twitter: [Thu Apr 11 05:50:19 +0000 2019](https://twitter.com/adulau/status/1116216891427708928)) +---- +@akgraner @Zeekurity @CERN @corelight_inc Great to see open source and free software evangelism for @Zeekurity by the company behind it. + +(Originally on Twitter: [Thu Apr 11 07:41:06 +0000 2019](https://twitter.com/adulau/status/1116244770341490688)) +---- +RT @fsf: Nifty free software news: the imaging software used by the Event Horizon Telescope, which was able to record the first +picture of… + +(Originally on Twitter: [Thu Apr 11 20:14:32 +0000 2019](https://twitter.com/adulau/status/1116434375992803329)) +---- +"Privacy-Conscious Threat Intelligence Using DNSBLOOM" +paper: http://dl.ifip.org/db/conf/im/im2019/189282.pdf code: https://github.com/SURFnet/honas Clever use of bloom filter to store DNS queries (not the answer as passive dns does) and then do lookup using data from @MISPProject #ThreatIntel #Privacy ![](media/1116640708688007169-D38aPNbWwAALmOg.png) + +(Originally on Twitter: [Fri Apr 12 09:54:25 +0000 2019](https://twitter.com/adulau/status/1116640708688007169)) +---- +@msuiche Luxembourg is not too bad. Skills are available in all the surrounding (Belgium, France, Germany) & often willing to work in Luxembourg. The legal framework is nice for startup, many incubators (@host_lu - @Technoport_Lux @luxfuturelab ) and simplified SARL-S. + +(Originally on Twitter: [Sat Apr 13 13:12:07 +0000 2019](https://twitter.com/adulau/status/1117052846896238592)) +---- +@PaulWebSec @JamesCridland @JackRhysider Indeed this is a nifty tool. The only issue is with DoH / DoT enabled on the device then we will become blind. + +(Originally on Twitter: [Sun Apr 14 04:39:15 +0000 2019](https://twitter.com/adulau/status/1117286170910691328)) +---- +@Ministraitor @PaulWebSec @JamesCridland @JackRhysider 😋The ranting is growing. I should do a slide-deck on how to bypass DoH in order to maintain visibility for your internal passive dns. + +(Originally on Twitter: [Sun Apr 14 09:42:52 +0000 2019](https://twitter.com/adulau/status/1117362577472987136)) +---- +To summarize the position of a successful adversary in a outsourcing giant, they have a double access including to source code, build processes of major vendors and site-2-site VPN. Then from the defensive side, remediation is just a dream. + +(Originally on Twitter: [Tue Apr 16 06:06:54 +0000 2019](https://twitter.com/adulau/status/1118033002964094977)) +---- +RT @quarkslab: [BLOG] Reverse-engineering Broadcom wireless chipsets by @Phenol__ https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html The long and good trip of an int… + +(Originally on Twitter: [Wed Apr 17 08:05:40 +0000 2019](https://twitter.com/adulau/status/1118425277212835842)) +---- +RT @chaignc: yet another cool python script that I wrote in 5 minutes to help me in my daily work. #python is amazing. #RT if you think you… + +(Originally on Twitter: [Wed Apr 17 13:25:13 +0000 2019](https://twitter.com/adulau/status/1118505694678925313)) +---- +@wimremes Now the hard reality, we (@pidgeyL and myself) expected a lot of organisations to install their own cve-search but they love the easiness of a public API. Some stats of our public instance... peak of 20k ops/sec is common. We (infosec community) all need to improve on this topic. ![](media/1118588215437484034-D4YGDJDXkAE4fBt.png) + +(Originally on Twitter: [Wed Apr 17 18:53:07 +0000 2019](https://twitter.com/adulau/status/1118588215437484034)) +---- +@treyka For my cat, it’s more a good title for a horror movie. I have nearly lost a finger while doing it. + +(Originally on Twitter: [Thu Apr 18 06:01:56 +0000 2019](https://twitter.com/adulau/status/1118756528905961472)) +---- +@cudeso @treyka Not sure after regularly handling the 22 cats at my mother place... but some cats really hate to be given pills. + +(Originally on Twitter: [Thu Apr 18 09:51:56 +0000 2019](https://twitter.com/adulau/status/1118814408728285184)) +---- +@jeremiahg @LocoMocoSec IMHO, counting CVEs is a bad habit especially to evaluate how large an attack surface is. Especially it’s driving some software vendors to limit the numbers of CVE published to look good. Often the vendors or OSS authors publishing a lot are the ones taking security seriously. + +(Originally on Twitter: [Thu Apr 18 19:16:46 +0000 2019](https://twitter.com/adulau/status/1118956555968368641)) +---- +@jeremiahg @LocoMocoSec Sorry, I just saw the graph which was not giving this perspective. Indeed the “underside” of the iceberg is quite huge and most probably bigger than the classical iceberg proportion. + +(Originally on Twitter: [Thu Apr 18 19:22:29 +0000 2019](https://twitter.com/adulau/status/1118957992903356417)) +---- +@mikearpaia @osquery @trailofbits This is a great news. What about the CLA process at Facebook when doing pull-request? Did you get rid of it for osql contributors? + +(Originally on Twitter: [Sat Apr 20 06:14:08 +0000 2019](https://twitter.com/adulau/status/1119484375106772992)) +---- +@quinnnorton Can you spot the word “software” in the plea agreement? + +(Originally on Twitter: [Sat Apr 20 19:48:48 +0000 2019](https://twitter.com/adulau/status/1119689393047003137)) +---- +@quinnnorton https://www.courtlistener.com/recap/gov.uscourts.wied.77855/gov.uscourts.wied.77855.124.0.pdf IMHO The scope and elements are pretty clear. This is not about a dual-use sofware freely distributed but a software designed and sold to gain personal profit within a specific criminal objective. + +(Originally on Twitter: [Sat Apr 20 20:03:10 +0000 2019](https://twitter.com/adulau/status/1119693007417225216)) +---- +@quinnnorton Not really sure what make you scared here. If this is the US legal system at large, that’s indeed another story. For this specific case, I think it’s clear and the legal representation was also pretty good for their “client” and the bargain was in his interest. + +(Originally on Twitter: [Sat Apr 20 20:16:31 +0000 2019](https://twitter.com/adulau/status/1119696367419568128)) +---- +@MisterCh0c @JayTHL @GossiTheDog @H0tdish This is indeed true and it’s even worst when some vendors are actively fighting against specific open and free information sharing communities instead of supporting these communities in the benefit of everyone. + +(Originally on Twitter: [Sun Apr 21 08:07:54 +0000 2019](https://twitter.com/adulau/status/1119875393522229248)) +---- +RT @MISPProject: Many new objects for MISP added such as device and phishing-kit objects contributed by MISP users & many updates to the ot… + +(Originally on Twitter: [Sun Apr 21 14:17:18 +0000 2019](https://twitter.com/adulau/status/1119968356495499264)) +---- +Nowadays a lot of things are overrated, sharpness is maybe the most commonly overrated topic in photography. Take your soul and a camera, that's all your need. #photography https://www.flickr.com/photos/adulau/ ![](media/1120232477010857986-D4vbZX_WsAAsFlz.jpg) + +(Originally on Twitter: [Mon Apr 22 07:46:50 +0000 2019](https://twitter.com/adulau/status/1120232477010857986)) +---- +RT @belathoud: When hit by a « troll » or any similar toxic character, the best defense is in focusing on inspiring work. +Thanks @adulau fo… + +(Originally on Twitter: [Mon Apr 22 11:19:32 +0000 2019](https://twitter.com/adulau/status/1120286006119473152)) +---- +@Andrew___Morris Interesting. What’s the ISN value? Did you plot all the ISN in the scatter plot? + +(Originally on Twitter: [Mon Apr 22 12:06:08 +0000 2019](https://twitter.com/adulau/status/1120297733389205504)) +---- +@rfc1149 Je pensais que c'était Pierre Mauroy dans années 90 mais en cherchant un peu, j'ai trouvé une référence de 1981 qui mentionne Alain Minc https://www.erudit.org/fr/revues/po/1983-n4-po2530/041002ar.pdf (p13/pdf p66/réel) mais il existe des références similaires dans plusieurs livres début 80 mais venant du Québec. + +(Originally on Twitter: [Mon Apr 22 14:01:36 +0000 2019](https://twitter.com/adulau/status/1120326793091788801)) +---- +RT @ItsReallyNick: We found the full CARBANAK source code & previously unseen plugins. + +Our #FLARE team spent 500 hours analyzing the 100,0… + +(Originally on Twitter: [Mon Apr 22 19:37:16 +0000 2019](https://twitter.com/adulau/status/1120411263610368006)) +---- +@ItsReallyNick @mykill @jtbennettjr @FireEye Have you seen any specific part of the code for capturing PIN code from smart-card readers/drivers? + +(Originally on Twitter: [Mon Apr 22 19:38:30 +0000 2019](https://twitter.com/adulau/status/1120411573619707905)) +---- +@mykill @ItsReallyNick @jtbennettjr @FireEye Thanks a lot for the feedback and the work! I'll have a look. + +(Originally on Twitter: [Mon Apr 22 20:35:37 +0000 2019](https://twitter.com/adulau/status/1120425949353467909)) +---- +“Comments on the Temporary Specification for gTLD Registration Data Policy Recommendations” +https://mm.icann.org/pipermail/comments-epdp-recs-04mar19/attachments/20190417/6f0a65b2/CommentsontheTemporarySpecificationforgTLDRegistrationDataPolicyRecommendations-0001.pdf whois and GDPR... + +(Originally on Twitter: [Tue Apr 23 15:46:28 +0000 2019](https://twitter.com/adulau/status/1120715568775159813)) +---- +@Douglas23114784 @circl_lu @MISPProject Before doing the git submodule update, did you do a “git pull origin 2.4” in your MISP directory? (for the blackhole you just need to reload the page, the token was expired) + +(Originally on Twitter: [Wed Apr 24 04:40:25 +0000 2019](https://twitter.com/adulau/status/1120910341444132864)) +---- +"PowerDrive: Accurate De-Obfuscation and Analysis of PowerShell Malware" - paper: https://arxiv.org/pdf/1904.10270.pdf - src: https://github.com/denisugarte/PowerDrive + +(Originally on Twitter: [Wed Apr 24 08:28:00 +0000 2019](https://twitter.com/adulau/status/1120967615948759040)) +---- +@Douglas23114784 @circl_lu @MISPProject This is in the code and not (currently) exposed in the configuration (for some good security reasons). We could expose it in MISP maybe in the next version ;-) + +(Originally on Twitter: [Wed Apr 24 11:46:04 +0000 2019](https://twitter.com/adulau/status/1121017458041683970)) +---- +@Douglas23114784 @circl_lu @MISPProject You can do a pull-request to https://github.com/MISP/misp-galaxy and it will be in the default galaxy. + +(Originally on Twitter: [Wed Apr 24 12:57:27 +0000 2019](https://twitter.com/adulau/status/1121035424087138304)) +---- +@Douglas23114784 @circl_lu @MISPProject You can but you have to change the JSON manually of the galaxies ;-) It works. But we have some plan to make it more convenient in a near future. + +(Originally on Twitter: [Wed Apr 24 13:10:10 +0000 2019](https://twitter.com/adulau/status/1121038625293074432)) +---- +@wimremes @msuiche @OPCDE I really need to attend the next edition of the OPCDE conference. This sounds really cool. + +(Originally on Twitter: [Wed Apr 24 18:29:31 +0000 2019](https://twitter.com/adulau/status/1121118991689428993)) +---- +@wimremes @msuiche @OPCDE I’m a bloody human (a bit of everything) and indeed with a Belgian passport. + +(Originally on Twitter: [Wed Apr 24 18:36:04 +0000 2019](https://twitter.com/adulau/status/1121120637555290112)) +---- +RT @craiu: Reminder, test #Yara rules before publishing. Other people may rely on them. Broken Yara rules break things. https://t.co/tSRzWm… + +(Originally on Twitter: [Wed Apr 24 18:45:31 +0000 2019](https://twitter.com/adulau/status/1121123015700439040)) +---- +RT @MISPProject: A new version of MISP (2.4.106) has been released with a host of improvements, including new features such as a feed cache… + +(Originally on Twitter: [Thu Apr 25 15:35:41 +0000 2019](https://twitter.com/adulau/status/1121437633832468488)) +---- +@DamskyIrena You’re in Belgium and you don’t visit us 😢 + +(Originally on Twitter: [Thu Apr 25 16:30:06 +0000 2019](https://twitter.com/adulau/status/1121451325240299521)) +---- +I hate when I analyse a compromised host with various web shells and discover I already saw these in 2013 (with the same password). Found back the same payloads shared at various places in 2018-2019 and still with 0 or at best with a 1/55 detection ratio. http://www.foo.be/docs-free/osint/Companion%20to%20HPSR%20Threat%20Intelligence%20Briefing%20Episode%208%20final.pdf ![](media/1121484409943875585-D5BOIUsWsAA_g_T.jpg) + +(Originally on Twitter: [Thu Apr 25 18:41:34 +0000 2019](https://twitter.com/adulau/status/1121484409943875585)) +---- +And now the best part, the attackers are so lazy that they reuse the same icons (for at least 10 months) in the various web and reverse shells which allow analysts to pivot from one to another sample. ![](media/1121485809306296322-D5BQRP4WkAEJaNU.jpg) + +(Originally on Twitter: [Thu Apr 25 18:47:07 +0000 2019](https://twitter.com/adulau/status/1121485809306296322)) +---- +The "cleverness" of the attackers is recursive, he wrote in one of the upload PHP script "Korang Dah Berjaya Upload Shell Korang!!" which is found from the previous pivot. Then show another load of web shells with other base64 and password strings to pivot from. ![](media/1121489866536177664-D5BUOBQWkAAV179.jpg) + +(Originally on Twitter: [Thu Apr 25 19:03:15 +0000 2019](https://twitter.com/adulau/status/1121489866536177664)) +---- +More your dig in the set of scripts bundled, it's a recursive mess of various scripts but some are really simple (but seems to be efficient). Like this one for searching all passwords in clear_text in local files. This script seems to be reused by many other groups. KISS! ![](media/1121492956727382017-D5BXWx5WAAAP1dR.jpg) + +(Originally on Twitter: [Thu Apr 25 19:15:31 +0000 2019](https://twitter.com/adulau/status/1121492956727382017)) +---- +Pivoting can be from scripts, images but another pivot which works quite well, is a partial configuration of an HTTP server such as forcing the parsing of PHP scripts (which is often required after uploading a malicious payload with the hope that the HTTP server will execute it). ![](media/1121494120533581825-D5BYaR5WsAEky1q.png) + +(Originally on Twitter: [Thu Apr 25 19:20:09 +0000 2019](https://twitter.com/adulau/status/1121494120533581825)) +---- +@DamskyIrena It's indeed miserable. Those machines (especially web services) are regularly compromised and actively used by threat actors which rely on those to proxy their C2 traffic. This is usually the "No man's land" and less interesting to talk about and especially to secure it. + +(Originally on Twitter: [Thu Apr 25 19:38:12 +0000 2019](https://twitter.com/adulau/status/1121498661782020097)) +---- +RT @circl_lu: AIL Framework version 1.5 released including major improvements in crawler, server management, bootstrap 4 support and many m… + +(Originally on Twitter: [Fri Apr 26 14:42:41 +0000 2019](https://twitter.com/adulau/status/1121786681139453952)) +---- +@MaryJo_E @emd3l @StratosphereIPS @avast_antivirus @verovaleros Thanks a lot for sharing. I'm creating a @MISPProject event based on your report but it seems there is a typo in the IP address 85.244.25[.]235 should be 185.244.25[.]235? Is this correct? + +(Originally on Twitter: [Sat Apr 27 08:23:41 +0000 2019](https://twitter.com/adulau/status/1122053690238676992)) +---- +@MaryJo_E @emd3l @StratosphereIPS @avast_antivirus @verovaleros @MISPProject By the way, your analysis gave me the idea to make a MISP object template for IRC server to easily describes the relationships. Thank you! https://www.misp-project.org/objects.html#_irc ![](media/1122063260214341633-D5JeJpkXsAArON0.jpg) + +(Originally on Twitter: [Sat Apr 27 09:01:42 +0000 2019](https://twitter.com/adulau/status/1122063260214341633)) +---- +"Measuring Irregular Geographic Exposure on the Internet" A practical analysis of the routing paths and what are the geographical path for IP packets. Some interesting results (e.g. Great Britain position) and techniques used. #interception #bgp #privacy +https://arxiv.org/pdf/1904.09375.pdf ![](media/1122417327549579264-D5Ofw60XkAAvxDP.png) + +(Originally on Twitter: [Sun Apr 28 08:28:39 +0000 2019](https://twitter.com/adulau/status/1122417327549579264)) +---- +@wimremes Indeed, I remember something about a private PGP key stored on a Unix server but not sure about the complete story at the end. + +(Originally on Twitter: [Sun Apr 28 08:57:30 +0000 2019](https://twitter.com/adulau/status/1122424588418322432)) +---- +RT @felixw3000: 🔥 New blog: Hancitor's packer demystified 🔥: https://uperesia.com/hancitor-packer-demystified | 📖 + step-by-step unpacking guide | 🧐 insight into a p… + +(Originally on Twitter: [Mon Apr 29 05:10:50 +0000 2019](https://twitter.com/adulau/status/1122729937130131457)) +---- +RT @MIT_CSAIL: BREAKING: a self-taught programmer from Belgium just cracked MIT's 20-year-old cryptographic puzzle. http://bit.ly/LCS35… + +(Originally on Twitter: [Mon Apr 29 19:14:17 +0000 2019](https://twitter.com/adulau/status/1122942194577440769)) +---- +“But fear of making mistakes can itself become a huge mistake, one that prevents you from living, for life is risky and anything less is already a loss.” Rebecca Solnit - https://www.flickr.com/photos/adulau/ ![](media/1122948072860979203-D5WAMchWAAUVPaU.jpg) + +(Originally on Twitter: [Mon Apr 29 19:37:38 +0000 2019](https://twitter.com/adulau/status/1122948072860979203)) +---- +@Iglocska @malwaremustd1e @circl_lu @SteveClement Do you use a normal user account? or a specific one? I tried as a user but cannot reproduce it. + +(Originally on Twitter: [Tue Apr 30 09:04:57 +0000 2019](https://twitter.com/adulau/status/1123151240240693249)) +---- +@malwaremustd1e @Iglocska @circl_lu @SteveClement @adamziaja I can reproduce it. It's when you first create the event. Just reload the page and you'll be able to add. We will fix it. + +(Originally on Twitter: [Tue Apr 30 09:17:27 +0000 2019](https://twitter.com/adulau/status/1123154387461910529)) +---- +RT @MISPProject: New features in MISP (to be released in 2.4.107) is the ability to find objects with similar attributes before adding new… + +(Originally on Twitter: [Tue Apr 30 14:49:00 +0000 2019](https://twitter.com/adulau/status/1123237822058594304)) +---- +RT @MISPProject: New features in MISP (to be released in 2.4.107) is the native yara and yara-json export for non-yara attributes in MISP.… + +(Originally on Twitter: [Tue Apr 30 14:49:05 +0000 2019](https://twitter.com/adulau/status/1123237842895998977)) +---- +RT @SteveSyfuhs: Fun fact: we open sourced the Windows Crypto primitives library. + +https://github.com/Microsoft/SymCrypt + +(Originally on Twitter: [Tue Apr 30 15:52:37 +0000 2019](https://twitter.com/adulau/status/1123253833847541765)) +---- +RT @MISPProject: Great work! @MITREattack MISP galaxy has been updated to the latest version and already available in MISP. Thanks to all t… + +(Originally on Twitter: [Tue Apr 30 18:29:55 +0000 2019](https://twitter.com/adulau/status/1123293419084963840)) +---- +Big up to the crazy electro/techno line-up composed by @LESARALUNAIRES having @kevinsaunderson - InnerCity but also LAAKE (Will he play 'Melancholia' in the Church of Arlon?) @french79music OTON and other promising artists. ![](media/1123480777256316928-D5dnSCCW0AAwliX.jpg) + +(Originally on Twitter: [Wed May 01 06:54:25 +0000 2019](https://twitter.com/adulau/status/1123480777256316928)) +---- +"The Risks of WebGL: Analysis, Evaluation and Detection" +https://arxiv.org/abs/1904.13071 #browseristhenewoperatingsystem #infosec ![](media/1123527471939358721-D5eSAouWsAErM3Z.png) + +(Originally on Twitter: [Wed May 01 09:59:58 +0000 2019](https://twitter.com/adulau/status/1123527471939358721)) +---- +RT @stvemillertime: PDB paths are an important pivot for any analyst studying malware, mal developers, or mal operators. I started with one… + +(Originally on Twitter: [Wed May 01 11:38:32 +0000 2019](https://twitter.com/adulau/status/1123552279716597761)) +---- +"An Argumentation-Based Approach to Assist in the Investigation and Attribution of Cyber-Attacks" by Erisa Karafili and others. It sounds pretty sane compared to many other academic works on the topic. Should we include ABR models tools in @MISPProject? https://arxiv.org/pdf/1904.13173.pdf ![](media/1123554131078209536-D5epO0eWAAImARo.png) + +(Originally on Twitter: [Wed May 01 11:45:54 +0000 2019](https://twitter.com/adulau/status/1123554131078209536)) +---- +@RealKevinNoble Indeed. We did some investigations in the past years on how to implement in @MISPProject such model like competitive analysis, differential diagnosis or some models such as ACH. But a lot of those are complex & can be cumbersome in a UI, if you know good strategies. let us know. + +(Originally on Twitter: [Wed May 01 12:42:46 +0000 2019](https://twitter.com/adulau/status/1123568442035011584)) +---- +RT @passthesaltcon: After hard work during months from all the authors and org members ;), the #pts19 schedule is finally out: https://t.co… + +(Originally on Twitter: [Thu May 02 10:04:48 +0000 2019](https://twitter.com/adulau/status/1123891078791335937)) +---- +@CYBR_Official Not sure I'm following what you are doing. The interface doesn't look like a @MISPProject instance. Could you explain? + +(Originally on Twitter: [Thu May 02 13:37:06 +0000 2019](https://twitter.com/adulau/status/1123944502861938689)) +---- +@Viss @swagitda_ I suppose they account the outrageous licensing pricing of endpoints protection or unused security appliances supposed to save the world. + +(Originally on Twitter: [Thu May 02 17:01:24 +0000 2019](https://twitter.com/adulau/status/1123995920704655360)) +---- +@MichlSchmid @circl_lu @MITREattack @FDezeure I think this is not foreseen but we will have a look at what’s possible. + +(Originally on Twitter: [Thu May 02 20:31:36 +0000 2019](https://twitter.com/adulau/status/1124048816154587147)) +---- +"Snoopdroid is a simple utility to automate the process of extracting installed apps from an Android phone using the Android Debug Bridge. Optionally, Snoopdroid is able to lookup the extracted packages on various online services" by @botherder https://github.com/botherder/snoopdroid + +(Originally on Twitter: [Fri May 03 12:23:55 +0000 2019](https://twitter.com/adulau/status/1124288476575358977)) +---- +RT @MISPProject: "MISP Threat Intelligence Summit 0x05 at @hack_lu 2019. Practical threat intelligence and information sharing for everyone… + +(Originally on Twitter: [Fri May 03 14:53:59 +0000 2019](https://twitter.com/adulau/status/1124326241530728448)) +---- +@rafi0t @xbouwman @MISPProject @hack_lu He is also a photographer. So we were caught by his sharp vision.... + +(Originally on Twitter: [Fri May 03 15:40:36 +0000 2019](https://twitter.com/adulau/status/1124337974118891520)) +---- +@cmatthewbrooks @Apple Congrats! Apple just got someone really talented. + +(Originally on Twitter: [Sat May 04 11:35:50 +0000 2019](https://twitter.com/adulau/status/1124638763274129413)) +---- +Kaonashi project "several billions of real passwords in order to make a large-scale analysis of these common behaviors, drawing conclusions that allow us to create specific procedures and tools to improve current Password Cracking techniques." +https://github.com/kaonashi-passwords/Kaonashi + +(Originally on Twitter: [Sat May 04 14:43:03 +0000 2019](https://twitter.com/adulau/status/1124685878947921921)) +---- +The market for vanity @torproject onion address seems to grow (at least more & more services appear). Maybe the ones purchasing such domain don't know the risks as the original owner of the domain has the private key. Did the original designer of the protocol thought about it? ![](media/1125051421274050560-D5z39uDXkAEBDur.jpg) + +(Originally on Twitter: [Sun May 05 14:55:35 +0000 2019](https://twitter.com/adulau/status/1125051421274050560)) +---- +@Natanael_L @torproject I haven't seen a SaaS on the Tor vanity market which proposes such scheme. + +(Originally on Twitter: [Sun May 05 15:29:04 +0000 2019](https://twitter.com/adulau/status/1125059845009412099)) +---- +@quinnnorton /œ̃/ - https://upload.wikimedia.org/wikipedia/commons/3/3a/Fr-un-fr_BE.ogg + +(Originally on Twitter: [Mon May 06 05:09:13 +0000 2019](https://twitter.com/adulau/status/1125266241667706880)) +---- +Last year, I hosted more than 4 nests of wasp, 1 hornet nest, tons of mason bees (in 5 insect hotels), many amphibians, +10 birds nests & did gardening with #biodiversity in mind. There is no excuse, welcome (don’t be afraid) nature & diversity will come. Ask me any questions. + +(Originally on Twitter: [Mon May 06 21:02:40 +0000 2019](https://twitter.com/adulau/status/1125506187443822593)) +---- +@ClausHoumann Sure. Optimizing for biodiversity sounds like a great plan! + +(Originally on Twitter: [Mon May 06 21:06:13 +0000 2019](https://twitter.com/adulau/status/1125507080948002816)) +---- +@altquinn Hahah! There are some community gardening in the area which can be a good option. On the other, a window sill can be a small place for an insect hotel. Seed bomb can also be a helper especially in abandonned area. + +(Originally on Twitter: [Tue May 07 03:45:45 +0000 2019](https://twitter.com/adulau/status/1125607625192890368)) +---- +@Starow_ I have various types but the more successful ones are the homemade built. The major rules: - always towards the south - drill longest cavity and mix the diameters (with more of 6mm). Sure they will come (a favorable environment is always better). A single one is already a win. + +(Originally on Twitter: [Tue May 07 04:22:07 +0000 2019](https://twitter.com/adulau/status/1125616777126453248)) +---- +@cryptax Les frelons mangent quelques abeilles sauvages (et aussi les domestiques) mais adorent aussi les mouches ou les syrphes. Les « guêpes » (la famille est vaste) sont plutôt des grosses mangeuses de larves. Pour l’instant j’ai des osmies à côté de polistes gauloises ;-) + +(Originally on Twitter: [Tue May 07 06:00:59 +0000 2019](https://twitter.com/adulau/status/1125641658387828736)) +---- +RT @cudeso: Automate malware analysis with @vmray and integrate results in @MISPProject via misp-modules and pymisp https://www.vanimpe.eu/2019/05/07/submit-malware-samples-to-vmray-via-misp-automation/ + +(Originally on Twitter: [Tue May 07 07:45:34 +0000 2019](https://twitter.com/adulau/status/1125667979486797826)) +---- +"Cognitive Triaging of Phishing Attacks" to prioritize the take-down of phishing having a higher chance to succeed based on the response rate of the targets. A practical use of cognitive vulnerability measurement, well done. +https://arxiv.org/pdf/1905.02162.pdf ![](media/1125798711953711104-D5-jGQRWwAAFBxV.jpg) + +(Originally on Twitter: [Tue May 07 16:25:03 +0000 2019](https://twitter.com/adulau/status/1125798711953711104)) +---- +RT @5aelo: http://phrack.org/papers/jit_exploitation.html #phrack :) + +(Originally on Twitter: [Wed May 08 04:32:47 +0000 2019](https://twitter.com/adulau/status/1125981852039307264)) +---- +RT @hack_lu: http://hack.lu 2019 call for papers, presentations and workshops +is now open - https://2019.hack.lu/blog/hack.lu-2019-call-for-papers/ - https://t.c… + +(Originally on Twitter: [Wed May 08 19:46:50 +0000 2019](https://twitter.com/adulau/status/1126211877426610176)) +---- +RT @MISPProject: During the EU @MITREattack user group, we presented the evolution of the ATT&CK framework in MISP. It's just the beginning… + +(Originally on Twitter: [Thu May 09 13:58:22 +0000 2019](https://twitter.com/adulau/status/1126486570956148739)) +---- +@gertjanbruggink @MarSChauvin @t_gidwani This is interesting, thanks for sharing. Would it make sense to make a formalised JSON with parameters of the metrics? Especially to calculate w/ existing information which we already have in @MISPProject to show the ranking of an organisation or the event itself. + +(Originally on Twitter: [Thu May 09 14:20:23 +0000 2019](https://twitter.com/adulau/status/1126492110788730880)) +---- +RT @atc_project: Just presented our project on EU @MITREattack workshop in Brussels. +Kudos to @FDezeure @Cyb3rWard0g @adulau @blubbfiction… + +(Originally on Twitter: [Thu May 09 14:31:43 +0000 2019](https://twitter.com/adulau/status/1126494964018364418)) +---- +@ErisaKarafili @MISPProject This is promising. Thanks a lot. + +(Originally on Twitter: [Fri May 10 04:09:01 +0000 2019](https://twitter.com/adulau/status/1126700644423725057)) +---- +RT @angealbertini: I made a script for instant MD5 collisions of GIF images. +https://github.com/corkami/collisions#gif + +It's the only file-format based explo… + +(Originally on Twitter: [Fri May 10 17:09:45 +0000 2019](https://twitter.com/adulau/status/1126897124870971394)) +---- +The most disappointing aspect of paywalls is to see a promising paper with a catchy title, then spending 20 minutes to bypass those paywalls, read the paper and then discover it’s not even close to a good state-of-the-art. + +(Originally on Twitter: [Fri May 10 20:25:52 +0000 2019](https://twitter.com/adulau/status/1126946479304773632)) +---- +RT @_saadk: Kudos to @FDezeure & @adulau for organising yet another great @MITREattack EU User Workshop & to @eurocontrol for hosting it 🙏🏼… + +(Originally on Twitter: [Sat May 11 06:00:17 +0000 2019](https://twitter.com/adulau/status/1127091035342082048)) +---- +@aris_ada I did it one or two times some years ago. This was a good lesson for me... there are some great papers but it’s difficult to find those. and the paywalls (and the no redistribution) are killing the ability to share public and competitive reviews. + +(Originally on Twitter: [Sat May 11 06:09:25 +0000 2019](https://twitter.com/adulau/status/1127093332419780608)) +---- +@VessOnSecurity @krypt0byt3 @hacks4pancakes They still use a modem? If you say that it’s not connected via LAN/Ethernet.... + +(Originally on Twitter: [Sat May 11 10:58:57 +0000 2019](https://twitter.com/adulau/status/1127166196997152768)) +---- +RT @gal_diskin: 1/4 I recently had the need to extract WhatsApp messages from an old iPhone. Sadly, I couldn't find a reasonable way to do… + +(Originally on Twitter: [Sun May 12 11:35:33 +0000 2019](https://twitter.com/adulau/status/1127537794971205632)) +---- +@edarchis There are 7 hits on personal and a definition on the EULA. + +(Originally on Twitter: [Sun May 12 12:08:20 +0000 2019](https://twitter.com/adulau/status/1127546045750235136)) +---- +After reading the cool tweet from @JohnLaTwC with the Office 365 adversary techniques in a @MITREattack matrix-like, I did the JSON to add it in the @MISPProject default galaxies. Now you can easily map any @Office365 incident/intel in events/attributes. https://twitter.com/JohnLaTwC/status/1126148047518363649 ![](media/1127623797350313985-D6YZSw-XkAI34v1.png) + +(Originally on Twitter: [Sun May 12 17:17:18 +0000 2019](https://twitter.com/adulau/status/1127623797350313985)) +---- +RT @halvarflake: The academic review process seems to force the writing style that I despise (incorrectly claiming "first", overstating res… + +(Originally on Twitter: [Mon May 13 15:45:27 +0000 2019](https://twitter.com/adulau/status/1127963072092626945)) +---- +@marialuisaredve @JohnLaTwC @MITREattack @MISPProject @Office365 It’s super easy. If you install a standard @MISPProject https://www.misp-project.org/download/ and then you can create JSON with att&ck like matrix. https://github.com/MISP/misp-galaxy/blob/master/clusters/o365-exchange-techniques.json I might do a blog post how to do it and propose the matrix to MISP project directly. + +(Originally on Twitter: [Mon May 13 20:27:26 +0000 2019](https://twitter.com/adulau/status/1128034033613582336)) +---- +RT @MISPProject: MISP 2.4.107 released with a new similar objects review system, new native YARA export, many improvements, bug fixes and s… + +(Originally on Twitter: [Mon May 13 21:29:40 +0000 2019](https://twitter.com/adulau/status/1128049697141272577)) +---- +Do you remember all those security products which came and then disappear in the darkness? I remember two out of my mind and wondering if they still exist somewhere. One was @Symantec decoy server and the other one was inline security patching called BlueLane. And you? + + +media/1128197346297298944-D6gpdgaW0AAjuXx.mp4 + +(Originally on Twitter: [Tue May 14 07:16:22 +0000 2019](https://twitter.com/adulau/status/1128197346297298944)) +---- +@adliwahid @symantec Indeed it was at some point. I think in late nineties? + +(Originally on Twitter: [Tue May 14 09:19:55 +0000 2019](https://twitter.com/adulau/status/1128228435044851715)) +---- +@thierryzoller Looks impressive. If this is towards south, it should be good ;-) + +(Originally on Twitter: [Tue May 14 09:20:46 +0000 2019](https://twitter.com/adulau/status/1128228651798020096)) +---- +To summarize Today craziness it’s a mix between the best cypherphunk of @GreatDismal, the reborn of EBM at Eurovision with #hatari (Front 242 had some influence) and the technological apocalypse of Ted Kaczynski. + + +media/1128400083106586624-D6jh4lmW4AA35h1.mp4 + +(Originally on Twitter: [Tue May 14 20:41:59 +0000 2019](https://twitter.com/adulau/status/1128400083106586624)) +---- +If you want to work with people with a good sense of humour such as @seamustuohy working on their @MISPProject implementation and human rights are important to you. Maybe you want to have a look at the open position @hrw https://twitter.com/seamustuohy/status/1128458977614999553 + +(Originally on Twitter: [Wed May 15 04:37:44 +0000 2019](https://twitter.com/adulau/status/1128519809380044800)) +---- +"Smartwatch Games: Encouraging Privacy-Protective Behaviour in a Longitudinal Study" #privacy +https://arxiv.org/pdf/1905.05222.pdf + +(Originally on Twitter: [Wed May 15 10:09:10 +0000 2019](https://twitter.com/adulau/status/1128603220249600000)) +---- +RT @circl_lu: We (@mikel_hamm @adulau) really enjoyed the collaborative session with law enforcement in the scope of #ENFORCE project, for… + +(Originally on Twitter: [Fri May 17 10:11:53 +0000 2019](https://twitter.com/adulau/status/1129328677433544705)) +---- +With the recent improvements of AIL to crawl @torproject hidden services, we are building new classifications to classify the content crawled. We started with that one https://www.misp-project.org/taxonomies.html#_dark_web but are looking for feedback to improve the classification before implementation. + + +media/1129426455904051200-D6yHXVrXsAAQeYz.mp4 + +(Originally on Twitter: [Fri May 17 16:40:25 +0000 2019](https://twitter.com/adulau/status/1129426455904051200)) +---- +@arnaudsoullie @H_Miser @gduchaussois En effet dans le papier, le graph avec les infections par employé montre la partialité de la recherche. Le secteur telecom est un bon point de référence pour voir que la catégorisation est probalement tronquée ou erronée. Cela renforce la probabilité du BS ;-) + +(Originally on Twitter: [Sat May 18 07:17:19 +0000 2019](https://twitter.com/adulau/status/1129647135992029184)) +---- +@Timo_Steffens Looking at the potential ban such as ‘asset freeze’, it is still bound to the member states willingness to apply it. In US, the BIS/DoC applies it and that’s it. I’m curious how this will be in practice in our current non-federal EU model. + +(Originally on Twitter: [Sat May 18 07:23:42 +0000 2019](https://twitter.com/adulau/status/1129648739545747457)) +---- +RT @Timo_Steffens: This has been drowned in yesterday's news: +The EU can now impose sanctions against persons and organizations that were i… + +(Originally on Twitter: [Sat May 18 07:23:48 +0000 2019](https://twitter.com/adulau/status/1129648767202922497)) +---- +"Fix buffer overflow in dotnet module." in libyara +https://github.com/VirusTotal/yara/commit/e83662f85c6f9534dc19e1a0cede55bebc64f21f + +(Originally on Twitter: [Sun May 19 10:47:42 +0000 2019](https://twitter.com/adulau/status/1130062467906834432)) +---- +Recently the @CIA website is accessible via @torproject but don't be confused with the other vanity onion addresses which are very close. At least some have a good sense of humour. ![](media/1130179659876978688-D68xehVWkAA9VK8.jpg) + +(Originally on Twitter: [Sun May 19 18:33:23 +0000 2019](https://twitter.com/adulau/status/1130179659876978688)) +---- +RT @d4_project: "D4 software stack - new version released" for core software including Passive SSL and Passive Identification of DDoS BackS… + +(Originally on Twitter: [Mon May 20 07:59:05 +0000 2019](https://twitter.com/adulau/status/1130382423496286208)) +---- +RT @Gillis57: Soooooo our entire team got laid off with no notice, on a monday- and they didn't even reach out to let us know it was coming… + +(Originally on Twitter: [Tue May 21 17:31:08 +0000 2019](https://twitter.com/adulau/status/1130888768695787522)) +---- +Looking at how « international » standardisation bodies and organisations are blindy following ITAR and the US DoC, I suppose they are just forgetting their original goal to work for everyone. https://pastebin.com/w6EGya45 + +(Originally on Twitter: [Wed May 22 05:49:00 +0000 2019](https://twitter.com/adulau/status/1131074462512762880)) +---- +@alexanderjaeger @blackswanburst @pinkflawd @verovaleros @halvarflake @cynicalsecurity @sergeybratus @MISPProject Best academic papers not sure. But there are many taxonomies such as the SANS malware classification: https://www.misp-project.org/taxonomies.html#_malware_classification and MAEC with delivery vectors, behaviour, capabilities and obfuscation methods. https://www.misp-project.org/taxonomies.html#_maec_delivery_vectors + +(Originally on Twitter: [Wed May 22 09:19:19 +0000 2019](https://twitter.com/adulau/status/1131127389273116672)) +---- +@alexanderjaeger @blackswanburst @pinkflawd @verovaleros @halvarflake @cynicalsecurity @sergeybratus @MISPProject If you find others let me know and especially how to assign ranking or scoring on such taxonomy. + +(Originally on Twitter: [Wed May 22 09:25:09 +0000 2019](https://twitter.com/adulau/status/1131128857719922690)) +---- +@evilolive28 @tfcsirt You and the team did very well! + +(Originally on Twitter: [Thu May 23 15:45:13 +0000 2019](https://twitter.com/adulau/status/1131586893626388480)) +---- +Cyber Intelligence Tradecraft Report: The State of Cyber Intelligence Practices in the United States (Study Report and Implementation Guides) from SEI CMU has some good insights. +https://resources.sei.cmu.edu/library/asset-view.cfm?assetID=546578 #ThreatIntel + +(Originally on Twitter: [Thu May 23 16:18:16 +0000 2019](https://twitter.com/adulau/status/1131595208704122880)) +---- +RT @andrewtghill: A beekeeper has responded to the disparaging comment in my latest column that most #AI systems are "barely as bright as a… + +(Originally on Twitter: [Thu May 23 16:35:59 +0000 2019](https://twitter.com/adulau/status/1131599668717195264)) +---- +One recurring demand from various organisations is to retain the raw data in their « intelligence » feed. The report pinpoints this. Recommendation for providers, don’t forget to include the raw data/sources next to the contextualised information. ![](media/1131790417123532805-D7TtYYJXsAA_vBL.jpg) + +(Originally on Twitter: [Fri May 24 05:13:57 +0000 2019](https://twitter.com/adulau/status/1131790417123532805)) +---- +Another key factor for success is to contextualize information, I’m glad to see that our work during the past years on standardisation of taxonomies in @MISPProject helps many organisations and sharing communities. https://www.misp-project.org/taxonomies.html ![](media/1131794177119985664-D7TwzQ6XoAInaQf.jpg) + +(Originally on Twitter: [Fri May 24 05:28:54 +0000 2019](https://twitter.com/adulau/status/1131794177119985664)) +---- +@MISPProject The use of public threat frameworks such as @MITREattack is critical because you can reuse the hardwork of modelisation from others but also you share that information as common vocabularies and compare your security posture/attack surface versus others. ![](media/1131796184392175616-D7TyoBlWsAED21b.jpg) + +(Originally on Twitter: [Fri May 24 05:36:52 +0000 2019](https://twitter.com/adulau/status/1131796184392175616)) +---- +@MISPProject @MITREattack My favorite part of the document. Don’t wait to publish information, a draft report or even notes. The « release early, release often » is not only a mantra for open source but also threat analysis & sharing. See how a simple a tweet with a simple hash value can lead to. ![](media/1131798388561862656-D7T0ojpWsAA1gN7.jpg) + +(Originally on Twitter: [Fri May 24 05:45:38 +0000 2019](https://twitter.com/adulau/status/1131798388561862656)) +---- +RT @gallypette: @adulau @MISPProject @MITREattack Track where data comes ! Maybe something to consider for @d4_project - it could have anal… + +(Originally on Twitter: [Fri May 24 06:58:46 +0000 2019](https://twitter.com/adulau/status/1131816793692151808)) +---- +RT @circl_lu: AIL framework - Analysis Information Leak framework version 1.7 released including a new module for correlating PGP keys and… + +(Originally on Twitter: [Fri May 24 16:03:05 +0000 2019](https://twitter.com/adulau/status/1131953775730724866)) +---- +If you crawl suspicious websites/hidden services, finding similarities can be a challenge. In AIL, we have different strategies such as using TLSH (Trend Micro Locality Sensitive Hash) & recently BTC addresses pivoting. When combined, patterns appear. https://github.com/CIRCL/AIL-framework ![](media/1132195884568109057-D7ZckLZX4AApkEW.jpg) + +(Originally on Twitter: [Sat May 25 08:05:08 +0000 2019](https://twitter.com/adulau/status/1132195884568109057)) +---- +RT @MISPProject: A clever use of MISP from the @sissden project which extracts malware configuration into specific MISP objects to browse a… + +(Originally on Twitter: [Sat May 25 16:35:25 +0000 2019](https://twitter.com/adulau/status/1132324300894167042)) +---- +RT @veorq: the "crypto coding rules" are back at https://github.com/veorq/cryptocoding/ + +originally started this in 2013, haven't touched it in years, jus… + +(Originally on Twitter: [Sun May 26 05:42:10 +0000 2019](https://twitter.com/adulau/status/1132522292347584512)) +---- +It might hurt the sensibility of purists but for the unofficial ssldump repo, I merge if it "works for me". https://github.com/adulau/ssldump/ and after years of frustration of ssldump being below 1.0 version for decades. I did a release https://github.com/adulau/ssldump/releases/tag/v1.0 Thanks to all contributors! + +(Originally on Twitter: [Sun May 26 06:34:11 +0000 2019](https://twitter.com/adulau/status/1132535382405459968)) +---- +RT @MISPProject: So what's cooking for next MISP 2.4.108? A new functionality to select a set of attributes and transform those quickly int… + +(Originally on Twitter: [Sun May 26 08:45:31 +0000 2019](https://twitter.com/adulau/status/1132568432585662466)) +---- +3389 is part of the Reduced Exit Policy but it's not the most common policy applied for Tor exit nodes. Often the "success" of a Tor Exit depends of its exit policy. So maybe some operators have an interest to keep the TCP port 3389 opens. +https://twitter.com/GossiTheDog/status/1132369810099249153 + +(Originally on Twitter: [Sun May 26 11:17:15 +0000 2019](https://twitter.com/adulau/status/1132606620796694528)) +---- +For the curious, the Reduced Exit Policy is available there https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy + +(Originally on Twitter: [Sun May 26 11:18:27 +0000 2019](https://twitter.com/adulau/status/1132606922870464512)) +---- +@piotrcki @X_Cli C'est assez utile surtout quand c'est obligatoire ;-) En Belgique, si tu oublies... tu t'exposes à des poursuites judiciaires. + +(Originally on Twitter: [Sun May 26 14:39:57 +0000 2019](https://twitter.com/adulau/status/1132657629023617024)) +---- +@H_Miser Le petit rond sur la droite est très intriguant... https://www.defcon.org/images/defcon-25/DEF%20CON%2025%20voting%20village%20report.pdf (page 10-11) + +(Originally on Twitter: [Sun May 26 17:57:55 +0000 2019](https://twitter.com/adulau/status/1132707451046903813)) +---- +@ValeryMarchive @MaliciaRogue I think this is just the tip of iceberg. Just look at all the CCTV around in a city running on outdated and unsecured IT infrastructure. Take your favorite shop, restaurant or library. All have CCTV, majority got recording and unsecured storage. Future is promising. + +(Originally on Twitter: [Tue May 28 05:32:14 +0000 2019](https://twitter.com/adulau/status/1133244568231718917)) +---- +@ValeryMarchive @MaliciaRogue Indeed ;-) There is a kind of paradox in our societies regarding the video surveillance and the fear of the street photographer. I just remember that I did a blog post some years ago https://www.foo.be/photoblog/posts/surveillance-camera-versus-photography/ I think it’s now part of our socities that there is no turn back possible + +(Originally on Twitter: [Tue May 28 05:42:54 +0000 2019](https://twitter.com/adulau/status/1133247253605486592)) +---- +"Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width" Maybe sometime just getting the locale of a user gives a lot of insight... https://cve.circl.lu/cve/CVE-2019-12383 + +(Originally on Twitter: [Tue May 28 20:50:05 +0000 2019](https://twitter.com/adulau/status/1133475554966016001)) +---- +RT @cudeso: Sync sightings between @MISPProject instances https://www.vanimpe.eu/2019/05/29/sync-sightings-between-misp-instances/ https://github.com/cudeso/PyMISP/blob/master/examples/sync_sighting.py + +(Originally on Twitter: [Wed May 29 18:43:36 +0000 2019](https://twitter.com/adulau/status/1133806112443183105)) +---- +RT @bettersafetynet: Logging folks, next time a Windows admin tells you they cannot enable any DNS logging due to 'performance reasons'. + +"… + +(Originally on Twitter: [Fri May 31 04:44:19 +0000 2019](https://twitter.com/adulau/status/1134319671803432961)) +---- +RT @_Mike_Holm_: @SteveClement and @chrisred_68 of @circl_lu talking #MISP at #AusCERT2019. MISP allows easy, visual correlations between I… + +(Originally on Twitter: [Fri May 31 05:09:52 +0000 2019](https://twitter.com/adulau/status/1134326102988603392)) +---- +RT @MISPProject: Sharing is caring - under this motto the @OSCE co-ordinated a 2-day MISP training for organizations in the UN System give… + +(Originally on Twitter: [Fri May 31 05:22:44 +0000 2019](https://twitter.com/adulau/status/1134329341742133250)) +---- +RT @d4_project: Passive DNS - a tutorial to setup your own Passive DNS using D4 Project +https://www.d4-project.org/2019/05/28/passive-dns-tutorial.html #NSM #DFIR #PassiveDNS + +(Originally on Twitter: [Fri May 31 08:09:45 +0000 2019](https://twitter.com/adulau/status/1134371371486781440)) +---- +I’m involved in the free software (open source for the kids ;-) community for more than 25 years and I’m still amazed by how people still avoid to read and understand free software licenses. + + +media/1134480147455893504-D757rPUWkAAHSNf.mp4 + +(Originally on Twitter: [Fri May 31 15:21:59 +0000 2019](https://twitter.com/adulau/status/1134480147455893504)) +---- +Some countries have a « cyberwarfare strategy » but what does this mean in practise for an offensive team? We all know that strategies are often quite different than security practices... IMHO, the main issue with « cyberwarfare », it is always sexier than defense at large. + +(Originally on Twitter: [Sat Jun 01 07:17:38 +0000 2019](https://twitter.com/adulau/status/1134720644845842433)) +---- +@LucDockendorf Indeed and the dumbest part are the « strategical documents » which basically describe « we will create new funky dangerous tech which can fuckup everything around us ». While another part of the same country cannot get a decent budget to improve basic security requirements. + +(Originally on Twitter: [Sat Jun 01 07:37:27 +0000 2019](https://twitter.com/adulau/status/1134725630862536704)) +---- +@liuya0904 Thanks for sharing. By pivoting from the IP listed in the iptables script I gathered some additional samples and scripts into a @MISPProject event. All files including the MISP JSON export available there https://www.foo.be/osint/coinminer/ ![](media/1134757542280802305-D793MWQW4AE9R8L.jpg) + +(Originally on Twitter: [Sat Jun 01 09:44:15 +0000 2019](https://twitter.com/adulau/status/1134757542280802305)) +---- +@0xLaurent @LucDockendorf We could also argue that the strategy of defence (telling (and practically showing)) to adversaries that a country is capable of advanced defence and detection mechanisms could also act a deterrence move. I have rarely seen a strong stance on such approach until now. + +(Originally on Twitter: [Sat Jun 01 09:55:19 +0000 2019](https://twitter.com/adulau/status/1134760328196173824)) +---- +@0xLaurent @LucDockendorf I tend to agree that is indeed a "free move" from some countries. I just sincerely hope that the balance is right in those countries. + +(Originally on Twitter: [Sat Jun 01 09:58:00 +0000 2019](https://twitter.com/adulau/status/1134761000941555712)) +---- +RT @notdan: Here’s the full text since Twitter narfed the original on some clients: ![](media/1134832066414227456-D79RyRuUcAAKNDl.jpg) + +(Originally on Twitter: [Sat Jun 01 14:40:23 +0000 2019](https://twitter.com/adulau/status/1134832066414227456)) +---- +"Personal Information Leakage by Abusing the GDPR “Right of Access”" or how a regulation can introduce additional risks which were supposed to be reduced by this additional legal framework. Nice work/research by @dimartinomar and others https://marianodimartino.com/dimartino2019.pdf #privacy ![](media/1134851935935311873-D7_NwayXsAQ3ayX.png) + +(Originally on Twitter: [Sat Jun 01 15:59:20 +0000 2019](https://twitter.com/adulau/status/1134851935935311873)) +---- +@Starow_ 9cm is just fine. You don’t need it to drill until the end ;-) + +(Originally on Twitter: [Sun Jun 02 15:50:59 +0000 2019](https://twitter.com/adulau/status/1135212222186250240)) +---- +@cbrocas @newsoft @o0tAd0o @H_Miser Donc on fait une fête durant @passthesaltcon pour fêter nos 20+ ? + + +media/1135779127104102400-D8MZFgfWwAAPnzP.mp4 + +(Originally on Twitter: [Tue Jun 04 05:23:40 +0000 2019](https://twitter.com/adulau/status/1135779127104102400)) +---- +@r00tbsd @benkow_ and when we are using @github as a social network is None the appropriate answer... + +(Originally on Twitter: [Tue Jun 04 11:46:29 +0000 2019](https://twitter.com/adulau/status/1135875465942568960)) +---- +@r00tbsd @jedisct1 @benkow_ @belathoud @github I had but it was optional and a free text form if I recalled correctly. + +(Originally on Twitter: [Tue Jun 04 14:11:14 +0000 2019](https://twitter.com/adulau/status/1135911893523083264)) +---- +RT @MISPProject: MISP 2.4.108 has been released with new features, API and UI improvements. A new sync tool is now included in MISP, by def… + +(Originally on Twitter: [Wed Jun 05 15:23:35 +0000 2019](https://twitter.com/adulau/status/1136292488258498561)) +---- +"David and Goliath:Privacy Lobbying in the European Union" by Jukka Ruohonen https://arxiv.org/pdf/1906.01883.pdf The results are not surprising but the interesting part is the use of the lobbying/transparency register operated by the @EU_Commission for conducting such analysis. ![](media/1136559559567392768-D8XaOeeXkAA9K61.png) + +(Originally on Twitter: [Thu Jun 06 09:04:49 +0000 2019](https://twitter.com/adulau/status/1136559559567392768)) +---- +@DIGITALEUROPE What's your relationship with the Digital Europe program from @EU_Commission ? https://ec.europa.eu/digital-single-market/en/news/commission-welcomes-agreement-digital-europe-programme-2021-2027 Thank you + +(Originally on Twitter: [Thu Jun 06 13:42:42 +0000 2019](https://twitter.com/adulau/status/1136629489113411584)) +---- +@Cyr_ Hmmmm cela sent le bug. Je vais regarder cela entre deux vols. Merci pour l’info. + +(Originally on Twitter: [Fri Jun 07 08:05:41 +0000 2019](https://twitter.com/adulau/status/1136907065786585091)) +---- +RT @MISPProject: MISP Summit 0x05 (21th October 2019) call for papers https://cfp.hack.lu/tsc19/cfp - https://2019.hack.lu/misp-summit/ Using MISP & you di… + +(Originally on Twitter: [Fri Jun 07 08:09:53 +0000 2019](https://twitter.com/adulau/status/1136908121778114560)) +---- +The never ending cycle of online OSINT tools which disappear due to market or legal reason. I’m wondering what we (as OSINT community) should do to improve our resilience on such online service. + +https://mobile.twitter.com/1ntelligence/status/1136921660173553664 + +(Originally on Twitter: [Fri Jun 07 10:09:09 +0000 2019](https://twitter.com/adulau/status/1136938135852584960)) +---- +@Regiteric WIFIST? This one is « golden ». + +(Originally on Twitter: [Fri Jun 07 10:47:31 +0000 2019](https://twitter.com/adulau/status/1136947792704917504)) +---- +My @lufthansa experience can be summarized in this way + + +media/1137121651810852864-D8feHAyWsAA6XvB.mp4 + +(Originally on Twitter: [Fri Jun 07 22:18:23 +0000 2019](https://twitter.com/adulau/status/1137121651810852864)) +---- +@pro_integritate Good point indeed! We tried to have more and more in @MISPProject format to have more context just like we do with OSINT feed https://www.circl.lu/doc/misp/feed-osint/ but the feed producer need to keep (and gather) the context. Maybe we need to do more documentation about https://www.misp-project.org/misp-training/a.3-misp-feed.pdf + +(Originally on Twitter: [Sat Jun 08 11:17:06 +0000 2019](https://twitter.com/adulau/status/1137317622918385666)) +---- +@pro_integritate @MISPProject No worries. Your comment is on spot as this is something we are facing with single entry CSV feed accessible on Internet. Passing the message to the feed provider would help everyone ;-) Thanks a lot + +(Originally on Twitter: [Sat Jun 08 13:45:05 +0000 2019](https://twitter.com/adulau/status/1137354863845810177)) +---- +RT @_saadk: While practicing #TheArtofGettingLost dear to my heart in downtown Paris (France, not Texas), I walked by a skatepark where I s… + +(Originally on Twitter: [Sun Jun 09 06:59:02 +0000 2019](https://twitter.com/adulau/status/1137615065983737856)) +---- +If you use (or your adversary) the ExternalC2 for Cobalt Strike External C2 server, DoHC2 (by @dtmsecurity) adds DNS over HTTP (DoH) for the C2 traffic. In other words, time to look more closely at DoH traffic in defence... + +https://github.com/SpiderLabs/DoHC2 ![](media/1137995642335350786-D8r3cZkWwAAb3EZ.jpg) + +(Originally on Twitter: [Mon Jun 10 08:11:18 +0000 2019](https://twitter.com/adulau/status/1137995642335350786)) +---- +@metaconflict @thierryzoller The repository is there: https://gitlab.com/crankylinuxuser/siginttablet It seems to be a WiP. + +(Originally on Twitter: [Mon Jun 10 10:00:58 +0000 2019](https://twitter.com/adulau/status/1138023238670389248)) +---- +RT @MISPProject: Joining us at the @FIRSTdotOrg #firstcon19 next Monday and Tuesday for the @MISPProject training session - don't hesitate… + +(Originally on Twitter: [Tue Jun 11 18:26:23 +0000 2019](https://twitter.com/adulau/status/1138512818951639042)) +---- +RT @circl_lu: AIL (Analysis Information Leak framework) Framework version 1.8 released including many bug fixes, improved PGP handling, abi… + +(Originally on Twitter: [Wed Jun 12 14:01:07 +0000 2019](https://twitter.com/adulau/status/1138808450404769794)) +---- +We are astonished by the impressive 1st class seats from @SNCB we were kicked out as our 2nd class ticket cannot cover the cost of such incredible service. Without kidding, this is state of customer appreciation at SNCB. ![](media/1138828782779981824-D83ui-PWwAAjHrn.jpg) + +(Originally on Twitter: [Wed Jun 12 15:21:54 +0000 2019](https://twitter.com/adulau/status/1138828782779981824)) +---- +@Aristot73 I’ll take modernizing export controls for €300. + +(Originally on Twitter: [Thu Jun 13 05:08:27 +0000 2019](https://twitter.com/adulau/status/1139036787203072000)) +---- +RT @cecyf_coriin: Nous avons le plaisir de confirmer que #CoRIIN 2020 se déroulera le mardi 28 janvier 2020 à Lille, en marge du @FIC_eu #F… + +(Originally on Twitter: [Thu Jun 13 10:28:57 +0000 2019](https://twitter.com/adulau/status/1139117445493473280)) +---- +RT @MISPProject: MISP 2.4.109 has been released with a host of new features, improvements, bug fixes and a minor security fix (CVE-2019-127… + +(Originally on Twitter: [Thu Jun 13 20:37:41 +0000 2019](https://twitter.com/adulau/status/1139270638919700480)) +---- +RT @MISPProject: Modules have been expanded with a new format to support objects and standard MISP event format. It's now in the misp-modul… + +(Originally on Twitter: [Fri Jun 14 10:57:09 +0000 2019](https://twitter.com/adulau/status/1139486929509068800)) +---- +@FIRSTdotOrg Nice one! How is the KYC process going on? + +(Originally on Twitter: [Sat Jun 15 12:30:57 +0000 2019](https://twitter.com/adulau/status/1139872925065125888)) +---- +RT @0xrawsec: Have you ever wanted to have ancestors processes in your Sysmon logs? Kind of useful for #ThreatHunting! This has just been… + +(Originally on Twitter: [Sat Jun 15 19:49:44 +0000 2019](https://twitter.com/adulau/status/1139983345415282700)) +---- +RT @cryptodavidw: Spoiler alert: I'm writing a book https://www.cryptologie.net/article/479/a-book-in-preparation/ + +(Originally on Twitter: [Sat Jun 15 20:28:58 +0000 2019](https://twitter.com/adulau/status/1139993220904038400)) +---- +RT @hack_lu: You missed the deadline? Good news: the CFP is open for an extra week! + +And if you hate us right now because you rushed throug… + +(Originally on Twitter: [Sun Jun 16 04:51:29 +0000 2019](https://twitter.com/adulau/status/1140119681002614784)) +---- +RT @_xpn_: A quick blog post looking at how Sysmon DNS monitoring works, and how this can potentially be evaded during an engagement. https… + +(Originally on Twitter: [Sun Jun 16 04:57:01 +0000 2019](https://twitter.com/adulau/status/1140121075340271616)) +---- +RT @TheHive_Project: We will be at #FIRSTCON19 with @MISPProject throughout the week. Don't hesitate to say hi to @_saadk, @adulau, @Iglocs… + +(Originally on Twitter: [Sun Jun 16 08:11:04 +0000 2019](https://twitter.com/adulau/status/1140169908820631552)) +---- +@adliwahid @TheHive_Project @MISPProject @_saadk @Iglocska Indeed we are ready ;-) ![](media/1140171202088054786-D9KzpljXYAAsp5S.jpg) + +(Originally on Twitter: [Sun Jun 16 08:16:12 +0000 2019](https://twitter.com/adulau/status/1140171202088054786)) +---- +RT @MISPProject: We will be at #FIRSTCON19 with @TheHive_Project throughout the week. Don't hesitate to discuss with @_saadk @Iglocska @raf… + +(Originally on Twitter: [Sun Jun 16 08:28:17 +0000 2019](https://twitter.com/adulau/status/1140174241989611520)) +---- +@douglasmun @F_kZ_ Finally we met in real life! We all love @FIRSTdotOrg for bridging all the communities and people together. #firstcon19 + +(Originally on Twitter: [Sun Jun 16 16:11:37 +0000 2019](https://twitter.com/adulau/status/1140290843108106244)) +---- +RT @fwedurduzux: I eventually took the time to document my SCA-Pitaya repo ^^ https://github.com/fdurvaux/sca-redpitaya +Demo to come at #FIRSTCON19 + +(Originally on Twitter: [Sun Jun 16 16:12:23 +0000 2019](https://twitter.com/adulau/status/1140291037384118272)) +---- +@jedisct1 @codepo8 The major issue is to keep the geo data source open and up-to-date without relying on the MaxMind dataset. Maybe it's time to have a crowdsourced and open geolocation database for all CIDR blocks? + +(Originally on Twitter: [Mon Jun 17 05:26:55 +0000 2019](https://twitter.com/adulau/status/1140490987573325834)) +---- +Great presentation at #firstcon19 of @TheKenMunroShow about the #bitfi « bug bounty » disaster. Five years ago Tesco did a much better in vulnerability management when a vulnerability is reported. So maybe the best advice is to « be humble and fix reported vulnerabilities » + +(Originally on Twitter: [Mon Jun 17 09:29:20 +0000 2019](https://twitter.com/adulau/status/1140551994115076096)) +---- +RT @MISPProject: Today, it's the second day (starting at 11:00) of the @MISPProject training at #FIRSTCON19 - We will start the session wit… + +(Originally on Twitter: [Tue Jun 18 06:54:49 +0000 2019](https://twitter.com/adulau/status/1140875497578094592)) +---- +RT @EliotHiggins: It feels like all the social media companies are having a go at open source investigators this week, first Facebook with… + +(Originally on Twitter: [Tue Jun 18 08:46:41 +0000 2019](https://twitter.com/adulau/status/1140903649092259840)) +---- +@__Thanat0s__ @Spy_Stations The radio spectrum is full of gem. The Buzzer is one of my favorite. But I’m sure we could write a complete encyclopedia of odd signals ;-) + +(Originally on Twitter: [Tue Jun 18 09:05:02 +0000 2019](https://twitter.com/adulau/status/1140908268748988416)) +---- +IMHO It’s not a matter of « software liability » but more about « product liability » as software per se is more about the algorithms, mathematics and logic. I feel a similar debate as « software patents » discussion #FIRSTCON19 thx to @leotanczt for the exhaustive and clear talk + +(Originally on Twitter: [Tue Jun 18 09:12:04 +0000 2019](https://twitter.com/adulau/status/1140910036622987265)) +---- +RT @d4_project: Sharing between D4 sensor networks - a simple example to share DDoS backscatter traffic/network captures while preserving p… + +(Originally on Twitter: [Tue Jun 18 15:05:22 +0000 2019](https://twitter.com/adulau/status/1140998948343242752)) +---- +@huntingneo @Iglocska Glad that you liked it. We are still at #FIRSTCON19 don't hesitate to stop by and discuss some crazy ideas with us. + +(Originally on Twitter: [Tue Jun 18 22:50:55 +0000 2019](https://twitter.com/adulau/status/1141116105072816128)) +---- +@1sand0s <any topic designed by a human> is a design problem. + +(Originally on Twitter: [Wed Jun 19 11:58:42 +0000 2019](https://twitter.com/adulau/status/1141314357416079361)) +---- +Why waste time on prototypes when you can go live with your IoT product, gain money by selling it and continue like that forever? #FIRSTCON19 + +(Originally on Twitter: [Wed Jun 19 12:01:46 +0000 2019](https://twitter.com/adulau/status/1141315132410040320)) +---- +@1sand0s I suppose we will continue to ignore such message until there is a real economical incentive to focus on security. + +(Originally on Twitter: [Wed Jun 19 12:07:16 +0000 2019](https://twitter.com/adulau/status/1141316515096080384)) +---- +RT @SecCatHerder: How do we encourage diversity @FIRSTdotOrg? Please come join the Women of FIRST Birds of a Feather (WoF BoF) Thursday fr… + +(Originally on Twitter: [Wed Jun 19 18:14:02 +0000 2019](https://twitter.com/adulau/status/1141408814878605312)) +---- +After a full day of meetings and fruitful discussions at #FIRSTCon19, nothing is better than a good and cool @TheJazzBar with a David Lynch-like atmosphere. @_saadk ![](media/1141449127940829185-D9c9rIKWsAYgDip.jpg) + +(Originally on Twitter: [Wed Jun 19 20:54:13 +0000 2019](https://twitter.com/adulau/status/1141449127940829185)) +---- +RT @brett_sheffield: IP Multicast will play a prominent role on the Internet in the coming years. It is a requirement, not an option, if th… + +(Originally on Twitter: [Wed Jun 19 21:56:06 +0000 2019](https://twitter.com/adulau/status/1141464700896665601)) +---- +@ddouhine @TheJazzBar @_saadk The leds on the bar were red indeed ;-) + +(Originally on Twitter: [Thu Jun 20 10:52:21 +0000 2019](https://twitter.com/adulau/status/1141660047732350977)) +---- +@LcPdn X.509 is hard for everyone ;-) It should be fixed. Thanks for the notification. + +(Originally on Twitter: [Thu Jun 20 12:45:14 +0000 2019](https://twitter.com/adulau/status/1141688457967931392)) +---- +@alexanderjaeger @MITREattack Good idea. I just a did a @MISPProject taxonomy out of that paper https://www.misp-project.org/taxonomies.html#_threats_to_dns - We could also make a matrix-like galaxy out of it. We just need to agree in which kill chain each technique goes to. @likethecoins + +(Originally on Twitter: [Fri Jun 21 07:09:26 +0000 2019](https://twitter.com/adulau/status/1141966337633390592)) +---- +@lukOlejnik Unsubstantiated maybe but I think the highlighted part is not wrong per se. The GDPR introduced additional risks when trying to validate identities as the work of @dimartinomar showed. https://twitter.com/adulau/status/1134851935935311873 + +(Originally on Twitter: [Fri Jun 21 07:20:14 +0000 2019](https://twitter.com/adulau/status/1141969054896447488)) +---- +RT @ILDannyMoore: I made a single slide version of my #RESET2019 talk on "operational whiplash", coping with the possibly far reaching effe… + +(Originally on Twitter: [Fri Jun 21 07:59:47 +0000 2019](https://twitter.com/adulau/status/1141979010051858432)) +---- +RT @liuya0904: 3 stages of XOR encryptions are found in the tiny ELF of md5=5379eb87eea8509e5e9c7ce2391787ce, which is 319 byte in size.… + +(Originally on Twitter: [Fri Jun 21 10:44:30 +0000 2019](https://twitter.com/adulau/status/1142020461439717376)) +---- +Let’s face it. We won’t solve the IoT security issue until we bring peace to the world. #FIRSTCon19 + +(Originally on Twitter: [Fri Jun 21 11:26:15 +0000 2019](https://twitter.com/adulau/status/1142030967533649925)) +---- +RT @whitequark: you've heard of "he uses 2048-bit RSA, so hit him with this $5 wrench until he tells us the key" but did you know it works… + +(Originally on Twitter: [Sat Jun 22 02:45:55 +0000 2019](https://twitter.com/adulau/status/1142262409412915200)) +---- +@X_Cli_Public @circl_lu + + +media/1142337048835174400-D9plfFHXUAEbZuy.mp4 + +(Originally on Twitter: [Sat Jun 22 07:42:30 +0000 2019](https://twitter.com/adulau/status/1142337048835174400)) +---- +@X_Cli_Public @alexcpsec @circl_lu They even sometime ask us to change the license of our open source projects. + +(Originally on Twitter: [Sat Jun 22 08:33:58 +0000 2019](https://twitter.com/adulau/status/1142349997972869120)) +---- +@Cloudflare Glad that you release a new open source cryptographic library. But I suppose you didn’t search the name before picking the name... https://github.com/circl and @circl_lu + +(Originally on Twitter: [Sat Jun 22 08:38:13 +0000 2019](https://twitter.com/adulau/status/1142351069827260417)) +---- +@Ministraitor Your resistance is impressive ;-) + +(Originally on Twitter: [Sat Jun 22 09:11:28 +0000 2019](https://twitter.com/adulau/status/1142359435169411073)) +---- +When you are evaluating the options where to locate the foundation of an open source project, the @bunniestudios comment is worth to consider. Maybe Europe might become a safe haven for free/open source projects. + +https://mobile.twitter.com/bunniestudios/status/1142035861317402626 + +(Originally on Twitter: [Sat Jun 22 19:23:35 +0000 2019](https://twitter.com/adulau/status/1142513482526535681)) +---- +@ESA_euroseeds @GarlichEssen @eaAgriFood Goodbye! It’s a good news for EU. If we want to bring back diversity in seeds and ecological systems, it won’t come from companies like your sponsors. Innovation is coming from farmers who experiment directly and have full control on their seeds. + +(Originally on Twitter: [Sat Jun 22 20:14:44 +0000 2019](https://twitter.com/adulau/status/1142526352840626177)) +---- +@Aristot73 @NewAmerica @gwbstr Delighted to see many countries to take seriously the sharing & disclosing of vulnerabilities to the affected parties. We have seen many organisation and countries in the past months relying on @MISPProject to share vulnerability objects on a daily basis. https://www.misp-project.org/objects.html#_vulnerability + +(Originally on Twitter: [Sun Jun 23 08:54:27 +0000 2019](https://twitter.com/adulau/status/1142717542529667072)) +---- +@cybergibbons The main issue is people using the same plate/ustencil for raw meats and cooked meats. This is the most common mistake which leads to infect the cooked meats with the germs slowly growing under a warm atmosphere. (& wearing gloves introduced bad practices) https://jfoodprotection.org/doi/pdfplus/10.4315/0362-028X-69.10.2417 ![](media/1142722322408845312-D9vDeQ1WwAEKCHm.png) + +(Originally on Twitter: [Sun Jun 23 09:13:27 +0000 2019](https://twitter.com/adulau/status/1142722322408845312)) +---- +@lazyanalyst @cybergibbons People using gloves ;-) + +(Originally on Twitter: [Sun Jun 23 10:18:18 +0000 2019](https://twitter.com/adulau/status/1142738646161928192)) +---- +@ninoseki @MISPProject @TheHive_Project @Iglocska @_saadk Thanks a lot too. It’s great to see contributors like you in real life and see how good the community can be! + +(Originally on Twitter: [Mon Jun 24 04:55:54 +0000 2019](https://twitter.com/adulau/status/1143019899499012097)) +---- +RT @pinkflawd: Call for participation for #BlackHoodie Luxembourg attached to @hack_lu is still going 🤘🏾 ladies, show us what you been hack… + +(Originally on Twitter: [Mon Jun 24 06:08:44 +0000 2019](https://twitter.com/adulau/status/1143038226665476097)) +---- +The BGP Optimizer failure of Today reminded me about a horrible debugging session of 4 days due to "clever" WAN accelerator which decided to randomly change window size on some randomly chosen TCP sessions. Debugging is hard, especially "intelligent" magic products. + +(Originally on Twitter: [Mon Jun 24 20:50:28 +0000 2019](https://twitter.com/adulau/status/1143260121369329665)) +---- +@Vecchi_Paolo @bunniestudios It could but some updates is indeed on the foundation to reach the level of the "Stichting" in Netherlands. Maybe a simplified one would be interesting for Luxembourg? + +(Originally on Twitter: [Tue Jun 25 05:06:05 +0000 2019](https://twitter.com/adulau/status/1143384848981200897)) +---- +RT @trufae: r2-3.6 is out! https://github.com/radare/radare2/releases/tag/3.6.0 + +* Improved arm64 and mips emu +* Huge RBin refactoring and cleanup +* Support more decomp… + +(Originally on Twitter: [Tue Jun 25 05:30:00 +0000 2019](https://twitter.com/adulau/status/1143390865513222144)) +---- +I just saw this funky article in French about COBOL, future and security https://www.supinfo.com/articles/single/9398-cobol-langage-avenir I suppose @newsoft missed this wonderful piece of art work. + +(Originally on Twitter: [Tue Jun 25 11:08:42 +0000 2019](https://twitter.com/adulau/status/1143476105397116928)) +---- +@verac_m @newsoft Maybe we should ask @supinfocom if their website defaced by some COBOL activist group? + +(Originally on Twitter: [Tue Jun 25 11:50:38 +0000 2019](https://twitter.com/adulau/status/1143486655103459329)) +---- +@verac_m @newsoft @supinfocom A French or Iranian student? I feel the OSINT thread for the next days. + +(Originally on Twitter: [Tue Jun 25 11:57:08 +0000 2019](https://twitter.com/adulau/status/1143488290668064770)) +---- +@newsoft I knew that you were flying towards the future. + +(Originally on Twitter: [Tue Jun 25 14:01:54 +0000 2019](https://twitter.com/adulau/status/1143519690393837576)) +---- +"Encrypted DNS=⇒Privacy? A Traffic Analysis Perspective" +https://arxiv.org/pdf/1906.09682.pdf ![](media/1143521345059393538-D96ajdfXsAAdDOh.png) + +(Originally on Twitter: [Tue Jun 25 14:08:28 +0000 2019](https://twitter.com/adulau/status/1143521345059393538)) +---- +@SNCB what’s up with ic2140 ? we stopped just after Arlon without power... + +(Originally on Twitter: [Tue Jun 25 15:50:24 +0000 2019](https://twitter.com/adulau/status/1143546995052830722)) +---- +@SNCB It seems that our train is dead and sncb is evaluating some options... we are without HVAC until now. I would suggest to take a decision and act as soon as possible. + +(Originally on Twitter: [Tue Jun 25 16:07:28 +0000 2019](https://twitter.com/adulau/status/1143551288539586565)) +---- +@preisen @SNCB On est dans le train Arlon-Bruxelles en panne et on est sur le point de tirer sur... on est à deux minutes de la gare. ![](media/1143558722893111297-D968luOWkAA2MSc.jpg) + +(Originally on Twitter: [Tue Jun 25 16:37:00 +0000 2019](https://twitter.com/adulau/status/1143558722893111297)) +---- +There is no more rewarding thing than having a bunch of incredible colleagues to work with. + +(Originally on Twitter: [Tue Jun 25 20:42:17 +0000 2019](https://twitter.com/adulau/status/1143620449395445767)) +---- +RT @UlfFrisk: Working on new PCILeech/MemProcFS functionality. +phys2virt module scan page tables of 200+ processes from live system for vir… + +(Originally on Twitter: [Wed Jun 26 04:39:02 +0000 2019](https://twitter.com/adulau/status/1143740427322974209)) +---- +RT @circl_lu: We are looking for a Full Stack Open Source Developer to support the development of tools at @cases_lu including the open sou… + +(Originally on Twitter: [Wed Jun 26 08:08:55 +0000 2019](https://twitter.com/adulau/status/1143793249167036416)) +---- +RT @FDezeure: We are organising the next MITRE ATT&CK EU Community Workshop on 25 October. Learn about the latest developments from MITRE… + +(Originally on Twitter: [Wed Jun 26 08:56:15 +0000 2019](https://twitter.com/adulau/status/1143805160440913920)) +---- +Playing with a lost-cost EMF meter, the device is decent and the measurements are not too bad. ![](media/1143944883486580736-D-AbzUmXkAATvNE.jpg) + +(Originally on Twitter: [Wed Jun 26 18:11:28 +0000 2019](https://twitter.com/adulau/status/1143944883486580736)) +---- +RT @NicholasStrayer: How to (& how not to) parse 25TB of data using awk and #rstats. New long blog post on my recent journey setting up a q… + +(Originally on Twitter: [Wed Jun 26 18:29:55 +0000 2019](https://twitter.com/adulau/status/1143949527285731336)) +---- +RT @circl_lu: We (@Terrtia @adulau ) will be at @passthesaltcon 2019 to present the current state of the @d4_project - "Design and Implemen… + +(Originally on Twitter: [Wed Jun 26 20:50:52 +0000 2019](https://twitter.com/adulau/status/1143984997491253249)) +---- +RT @veorq: "Grover breaks AES-128 in 2^64 operations" has always been an oversimplification. Menezes described more realistic cost estimate… + +(Originally on Twitter: [Thu Jun 27 07:15:23 +0000 2019](https://twitter.com/adulau/status/1144142163447570433)) +---- +@onyphe Just curious ;-) How do you do the detection? Based on existing databases? or searching specific patterns? + +(Originally on Twitter: [Thu Jun 27 07:42:36 +0000 2019](https://twitter.com/adulau/status/1144149013844975618)) +---- +@GossiTheDog https://microsafex.com/press-kits/#1550672243045-ef9dc61b-0d65 ![](media/1144162664677027840-D-Dh3TfXkAY1t8w.jpg) + +(Originally on Twitter: [Thu Jun 27 08:36:51 +0000 2019](https://twitter.com/adulau/status/1144162664677027840)) +---- +Maybe it’s time to read again the short story « The right to Read » from Richard Stallman + +https://www.gnu.org/philosophy/right-to-read.en.html + +https://mobile.twitter.com/rdonoghue/status/1144011630197522432 + +(Originally on Twitter: [Thu Jun 27 11:11:49 +0000 2019](https://twitter.com/adulau/status/1144201664980750336)) +---- +RT @circl_lu: Thanks for the invitation at #ConnectUniversity by @EU_Commission where @circl_lu presented "leak detection using AIL". Slide… + +(Originally on Twitter: [Thu Jun 27 14:22:13 +0000 2019](https://twitter.com/adulau/status/1144249578826477569)) +---- +So what will be the best impact in term of improving IoT security at large: (1) The Silex malware bricking the IoT devices which are wide open? (2) or a bunch of emails from a CERT sending vulnerability notifications? I think (1) will be a direct net-gain for security. + +(Originally on Twitter: [Thu Jun 27 16:59:53 +0000 2019](https://twitter.com/adulau/status/1144289256917143552)) +---- +@wdormann I would request a CVE for such vulnerability “potential user abuse by never ending recursive use of resource”. + +(Originally on Twitter: [Thu Jun 27 17:54:00 +0000 2019](https://twitter.com/adulau/status/1144302877944553472)) +---- +@juliocesarfort @nitr0usmx @erikaheidi wait wait... It was you? the tarball replaced on the ftp server? + +(Originally on Twitter: [Thu Jun 27 18:05:44 +0000 2019](https://twitter.com/adulau/status/1144305828175994880)) +---- +@juliocesarfort @nitr0usmx @erikaheidi There is a funny story behind. As we were operating high-interaction honeypots with @rbidule during that time, the attacker got trapped by installing your backdoored version. I initially thought it was a clever trick from the 1st one. But it wasn’t, he just installed it 🤣 + +(Originally on Twitter: [Thu Jun 27 18:41:41 +0000 2019](https://twitter.com/adulau/status/1144314876438994945)) +---- +"The Problem of Reading" is an interesting piece from Moyra Davey for people who are avid readers and wonder every second "What to read?" http://74.220.219.113/~murraygu/wp-content/uploads/2012/02/Problem-of-Reading03.pdf and @SteidlVerlag published a superb book on her work. ![](media/1144358624694820864-D-GQ33AXUAA3y1s.jpg) + +(Originally on Twitter: [Thu Jun 27 21:35:31 +0000 2019](https://twitter.com/adulau/status/1144358624694820864)) +---- +@felixaime @evematringe @ANSSI_FR @circl_lu C’est complémentaire pour modéliser du threat intel. On a pas mal d'idées d’extension avec MISP comme le support natif des galaxies. + +(Originally on Twitter: [Fri Jun 28 16:10:36 +0000 2019](https://twitter.com/adulau/status/1144639241206603777)) +---- +@CedricBldmr @ncaproni @ANSSI_FR @CERTEU @LuatixHQ C’est complémentaire pour modéliser du threat intel. Il y a pas mal d'opportunités d’integrations et d’extension entre les deux. + +(Originally on Twitter: [Fri Jun 28 16:12:21 +0000 2019](https://twitter.com/adulau/status/1144639682552193024)) +---- +RT @CERTEU: We are very proud to announce the release of OpenCTI, a #FOSS platform we co-developed with our partner @ANSSI_FR, the French n… + +(Originally on Twitter: [Fri Jun 28 16:27:56 +0000 2019](https://twitter.com/adulau/status/1144643605145034753)) +---- +RT @matthieu_faou: Want to track cool APTs? Come work with us at @ESET Montreal :) https://twitter.com/adorais/status/1144630680900575232 + +(Originally on Twitter: [Fri Jun 28 17:30:13 +0000 2019](https://twitter.com/adulau/status/1144659278759899137)) +---- +@textfiles Another good reason to love social security like we have in Europe... I hope that you are doing better. + +(Originally on Twitter: [Fri Jun 28 19:21:01 +0000 2019](https://twitter.com/adulau/status/1144687161276555266)) +---- +RT @MISPProject: If you are at @passthesaltcon 2019 in Lille, we (@adulau and @rafi0t) will be there. Don't hesitate to reach out if you wa… + +(Originally on Twitter: [Fri Jun 28 20:03:57 +0000 2019](https://twitter.com/adulau/status/1144697968135745537)) +---- +RT @MISPProject: Can you spot yourself in the list of @MISPProject contributors? https://www.misp-project.org/contributors/ Thanks a lot to all the past contr… + +(Originally on Twitter: [Sat Jun 29 10:18:19 +0000 2019](https://twitter.com/adulau/status/1144912974810890241)) +---- +Don't forget, more you classify the information, the more you render the work of defenders more difficult. If you classify only for the adversary who already targeted you, this is too late to classify. Classification will just hurt you, the defenders & other threat hunters. + +(Originally on Twitter: [Sat Jun 29 15:11:34 +0000 2019](https://twitter.com/adulau/status/1144986775301120000)) +---- +My level frustration becomes so high that I'm close to write a simple read-only PGP key server (HKP compatible) importing the current dump of the SKS sets (with the crappy keys removed) for the time being. + +(Originally on Twitter: [Sat Jun 29 19:06:38 +0000 2019](https://twitter.com/adulau/status/1145045932385456131)) +---- +So currently, SKS operators are basically stuck between the old unmaintained code of SKS (1.1.6+pathces) in OCaml which is vulnerable or the new server in Rust which cannot build relying on a nightly build of the Rust compiler. + +(Originally on Twitter: [Sat Jun 29 19:06:38 +0000 2019](https://twitter.com/adulau/status/1145045931118780419)) +---- +This is starting well, trying to migrate a SKS server towards the new OpenPGP key server called hagrid https://gitlab.com/hagrid-keyserver/hagrid but to build it: You need the nightly build of the Rust compiler (not the stable one.). There is huge list of dependencies and compilation fails. + +(Originally on Twitter: [Sat Jun 29 19:06:38 +0000 2019](https://twitter.com/adulau/status/1145045929428443137)) +---- +To have something usable with the existing keyrings and then propose a sync protocol later. + +(Originally on Twitter: [Sat Jun 29 19:06:39 +0000 2019](https://twitter.com/adulau/status/1145045933668876289)) +---- +@matthieugarin MISP utilise une structure de données flexible (via les misp objects/relations) qui peut aussi contenir les TTPs/renseignements mais le focus est vraiment sur le partage de cette information entre équipes ou/et partenaires externes. + +(Originally on Twitter: [Sun Jun 30 13:33:24 +0000 2019](https://twitter.com/adulau/status/1145324459039084547)) +---- +RT @NSArchiveCyber: Thanks to a generous donation by @Jason_Healey and @karlgrindal, today the National Security Archive Cyber Vault is mak… + +(Originally on Twitter: [Sun Jun 30 19:42:42 +0000 2019](https://twitter.com/adulau/status/1145417396116688896)) +---- +@jeangafr Indeed but in the past years, I have seen a small positive evolution ;-) + +(Originally on Twitter: [Mon Jul 01 05:47:44 +0000 2019](https://twitter.com/adulau/status/1145569656452919296)) +---- +RT @angealbertini: Clarification for #pts19 +Today at 14:15, I am giving a high level talk to understand the risks of hash collisions. +Tomor… + +(Originally on Twitter: [Mon Jul 01 07:25:44 +0000 2019](https://twitter.com/adulau/status/1145594319899889664)) +---- +@hanno I fully agree. Just one little thing, the PGP community is not a single group but a set of diverse communities with different approaches/views. I’m pretty sure many try to fix the issues without blaming security researchers. + +(Originally on Twitter: [Mon Jul 01 07:43:50 +0000 2019](https://twitter.com/adulau/status/1145598872800157696)) +---- +The potential reallocation of 144-146 MHz shows again the privatization of the radio spectrum by some organisations. It seems the requests came from France. Maybe @anfr knows more about it? +http://www.arrl.org/news/no-strong-opposition-to-144-146-mhz-reallocation-proposal-at-cept-meeting + +(Originally on Twitter: [Mon Jul 01 08:03:56 +0000 2019](https://twitter.com/adulau/status/1145603931944423424)) +---- +@pstirparo @Sebdraven @verovaleros @passthesaltcon @tomchop_ It was a huge dilemma for me and also @tricaud too... enjoy the conf! I’m sure we will have fun in Lille too. + +(Originally on Twitter: [Mon Jul 01 09:51:48 +0000 2019](https://twitter.com/adulau/status/1145631078096486400)) +---- +“Firmware Analysis and Comparison Tool“ @FAandCTool seems to be one of these great open source tools which you discover at a conference @passthesaltcon it’s written in Python and easy to extend. So it helps on the repetitive tasks of extraction & analysis. +https://github.com/fkie-cad/FACT_core + +(Originally on Twitter: [Mon Jul 01 14:24:51 +0000 2019](https://twitter.com/adulau/status/1145699792150044672)) +---- +@FAandCTool @passthesaltcon Looking into FACT, there are some opportunities to create specific @MISPProject objects to share analysis or even provide of feed of analysed firmware. That could help to share the analysis next to the attached CVEs or even malicious files abusing specific vulnerabilities. + +(Originally on Twitter: [Mon Jul 01 15:01:10 +0000 2019](https://twitter.com/adulau/status/1145708932792537088)) +---- +RT @FAandCTool: @adulau @passthesaltcon @MISPProject We have an open Pull Request for a plugin that matches CVEs to software we found. This… + +(Originally on Twitter: [Mon Jul 01 15:04:35 +0000 2019](https://twitter.com/adulau/status/1145709793266610177)) +---- +@luxembourgize @SonOfTheWinds @christiankemp @covoitlu @ChambreLux @Guichet_Lu @felix_braz @RTLlu @PoliceLux Having a #dashcam in Lux for a legitimate use-case should be fine under GDPR (as long it’s proportionate, you document the processing activities) http://www.europarl.europa.eu/doceo/document/P-8-2018-000591-ASW_EN.html is there a specific local law overwriting this? + +(Originally on Twitter: [Mon Jul 01 15:15:55 +0000 2019](https://twitter.com/adulau/status/1145712644638355456)) +---- +@luxembourgize @SonOfTheWinds @christiankemp @covoitlu @ChambreLux @Guichet_Lu @felix_braz @RTLlu @PoliceLux There are many case-law to allow photography in public spaces. A “preuve” in Luxembourg legal framework is quite simple (compared to other countries) it’s up to the OPJ to decide if the evidences were acquired using best practices or not. + +(Originally on Twitter: [Mon Jul 01 15:51:33 +0000 2019](https://twitter.com/adulau/status/1145721613951913988)) +---- +@Timo_Steffens The visibility in that space is much more difficult than monitoring email/proxy gateways for spear-phishing, watering hole attack or suspicious attachment. In other words, network monitoring of routers, switches is way behind the rest. IMHO + +(Originally on Twitter: [Mon Jul 01 16:51:05 +0000 2019](https://twitter.com/adulau/status/1145736594244231168)) +---- +@arnaudsoullie @FAandCTool @passthesaltcon There are some similarities on the plug-ins. But FACT is open source. Is it the case for http://firmware.re? + +(Originally on Twitter: [Mon Jul 01 16:52:53 +0000 2019](https://twitter.com/adulau/status/1145737047551987712)) +---- +A good overview of some cyber-ranges at @passthesaltcon but @FLesueur decided to do something about it and started a practical open source framework to simulate Internet including BGP https://github.com/flesueur/mi-lxc ![](media/1145962134121144321-D-dGe9eXsAUL0vC.jpg) + +(Originally on Twitter: [Tue Jul 02 07:47:18 +0000 2019](https://twitter.com/adulau/status/1145962134121144321)) +---- +Interesting to see how an economical incentive like bug-bounties can create a negative impact to open source maintainers with some reporters harassing the maintainers to get a bounty at any cost. In the presentation from @videolan at #pts19 @passthesaltcon ![](media/1146051772416479235-D-eYAcbXUAALBRx.jpg) + +(Originally on Twitter: [Tue Jul 02 13:43:29 +0000 2019](https://twitter.com/adulau/status/1146051772416479235)) +---- +@patrikryann Merci. Le code open source pour la librairie https://github.com/CIRCL/douglas-quaid ainsi que le dataset https://circl.lu/opendata/circl-phishing-dataset-01/ + +(Originally on Twitter: [Tue Jul 02 16:22:26 +0000 2019](https://twitter.com/adulau/status/1146091770578649093)) +---- +RT @marcolanie: @o0tAd0o @adulau @anfr That's not really important, Tad ;-) . What's important, as wrote Jenny List @Jenny_Alto in Hackaday… + +(Originally on Twitter: [Tue Jul 02 17:33:20 +0000 2019](https://twitter.com/adulau/status/1146109615698055168)) +---- +RT @Regiteric: So @circl_lu crawls onion hidden services with AIL (#garlic in French). #pts19 #jesors https://github.com/CIRCL/AIL-framework + +(Originally on Twitter: [Wed Jul 03 07:46:17 +0000 2019](https://twitter.com/adulau/status/1146324267484815360)) +---- +RT @xeraa: #pts19 slides and demo code for "Scale Your Auditing Events": https://conferences.xeraa.net/OM8dHE/scale-your-auditing-events +From Auditd to Auditbeat and @elastic SIEM… + +(Originally on Twitter: [Wed Jul 03 10:01:57 +0000 2019](https://twitter.com/adulau/status/1146358406716055552)) +---- +RT @d4_project: Thanks for having us at @passthesaltcon 2019 - Slides available at https://github.com/D4-project/architecture/blob/master/docs/preso/03-PassTheSalt/pass-the-salt-2019-d4.pdf It's great to see a conference e… + +(Originally on Twitter: [Wed Jul 03 12:50:07 +0000 2019](https://twitter.com/adulau/status/1146400727750905856)) +---- +@cypou @PCzanik @Arm The wording is just misleading, sorry for that. It means by collecting backscatter traffic from DDoS and malicious activities hitting the darkspace network where the @d4_project sensors are located. + +(Originally on Twitter: [Wed Jul 03 12:55:38 +0000 2019](https://twitter.com/adulau/status/1146402118800224256)) +---- +RT @PCzanik: Fall in love with the D4 project ( https://www.d4-project.org/ ) in a single second: even with version 0.1 they are supporting mul… + +(Originally on Twitter: [Wed Jul 03 13:01:25 +0000 2019](https://twitter.com/adulau/status/1146403571929423872)) +---- +RT @verovaleros: If you are in UK next week, you may consider attending the "Fourth Annual Cybercrime Conference" organized by Cambridge Cy… + +(Originally on Twitter: [Wed Jul 03 18:28:19 +0000 2019](https://twitter.com/adulau/status/1146485839754670083)) +---- +@passthesaltcon It’s always a pleasure to participate to *the* conference bridging security and free software/open source. The orga team did a topnotch job to make a super atmosphere. Thank you! + + +media/1146488033069416450-D-kkyNOXsAEbGPa.mp4 + +(Originally on Twitter: [Wed Jul 03 18:37:02 +0000 2019](https://twitter.com/adulau/status/1146488033069416450)) +---- +RT @_saadk: When I spotted these chairs in a #jazz bar, they remind me of Roy DeCarava’s The Sound that I Saw, a wonderful collection of am… + +(Originally on Twitter: [Wed Jul 03 20:55:01 +0000 2019](https://twitter.com/adulau/status/1146522755862601730)) +---- +RT @hack_lu: Within @hack_lu we will have a second conference "Call for Failure (CfF 0x0) - Over Fail the untold truth behind the magic of… + +(Originally on Twitter: [Thu Jul 04 15:14:35 +0000 2019](https://twitter.com/adulau/status/1146799470924972032)) +---- +RT @_saadk: In 20y+ working in #infosec, attending many conferences, workshops & similar events, failure-centric presentations were very, v… + +(Originally on Twitter: [Thu Jul 04 16:52:18 +0000 2019](https://twitter.com/adulau/status/1146824062154563584)) +---- +RT @doegox: Opening new possibilities... ![](media/1146849487752708097-D-psWxbW4AAdMrt.jpg) + +(Originally on Twitter: [Thu Jul 04 18:33:19 +0000 2019](https://twitter.com/adulau/status/1146849487752708097)) +---- +@rafi0t So your trip with @SNCB was not too bad then. + +(Originally on Twitter: [Fri Jul 05 11:03:39 +0000 2019](https://twitter.com/adulau/status/1147098712268824578)) +---- +RT @circl_lu: AIL Framework version 2.0 released including an user management functionality, many bugs fixed and improvements. #privacy #Le… + +(Originally on Twitter: [Fri Jul 05 14:14:36 +0000 2019](https://twitter.com/adulau/status/1147146765654773761)) +---- +@btreguier Vespa Cabro. Don’t destroy such nest even from any vespidea including dolichovespula. All insects are useful for biodiversity. + +(Originally on Twitter: [Mon Jul 08 12:19:55 +0000 2019](https://twitter.com/adulau/status/1148205067763367936)) +---- +@btreguier Vu la taille du nid mais bon il faudrait voir un de nos amis. Une petite photo? + +(Originally on Twitter: [Mon Jul 08 13:27:57 +0000 2019](https://twitter.com/adulau/status/1148222190208344064)) +---- +@btreguier N'oublie pas ces nids sont temporaire durant la vie de la colonie (max 2 ou 3 mois) et souvent ils commencent et l'abandonnent directement. Tu devrais voir des aller-retour durant la journée. + +(Originally on Twitter: [Mon Jul 08 14:29:07 +0000 2019](https://twitter.com/adulau/status/1148237582666477568)) +---- +RT @0verfl0w_: Just uploaded 2 of my old blog posts on a keylogger used by the #APT Turla to my new blog! Some of you may have seen it howe… + +(Originally on Twitter: [Mon Jul 08 17:13:46 +0000 2019](https://twitter.com/adulau/status/1148279015788240900)) +---- +RT @MISPProject: MISP 2.4.110 released with support for local tags, new expansion/import/export modules supporting full MISP standard forma… + +(Originally on Twitter: [Mon Jul 08 21:14:16 +0000 2019](https://twitter.com/adulau/status/1148339542199549953)) +---- +Sometime I really understand why open source/free software maintainers are just giving up after years of commitment. I'm wondering if there are any research or studies regarding the negative feedback received for benevolent work and if this is different for open source. + + +media/1148344515650031616-D--9NRrXYAI9hbB.mp4 + +(Originally on Twitter: [Mon Jul 08 21:34:02 +0000 2019](https://twitter.com/adulau/status/1148344515650031616)) +---- +RT @likethecoins: @adulau If they don't like it, they can write their own software. Oh wait, that's too hard? 🙂 The people that matter appr… + +(Originally on Twitter: [Tue Jul 09 04:38:28 +0000 2019](https://twitter.com/adulau/status/1148451329267916800)) +---- +RT @paulvixie: @adulau I've created many billions of dollars of revenue for companies and people who ended up competing with my open source… + +(Originally on Twitter: [Tue Jul 09 04:38:30 +0000 2019](https://twitter.com/adulau/status/1148451335559364608)) +---- +@BrianPKime @MISPProject Thanks Brian for the support. I was curious if any research has been done in the field. Especially to see how feedback impacts the continuity and longevity of open source projects. + +(Originally on Twitter: [Tue Jul 09 05:14:46 +0000 2019](https://twitter.com/adulau/status/1148460461811208192)) +---- +@likethecoins Thank you too! Seeing what you and team do for @MITREattack is refreshing and supportive for all the team doing benevolent work for the security community. + +(Originally on Twitter: [Tue Jul 09 05:16:56 +0000 2019](https://twitter.com/adulau/status/1148461009348243457)) +---- +@paulvixie I feel the pain. But I think your work is still there, influenced many of us and drives us for doing good. And you are still there contributing! + +(Originally on Twitter: [Tue Jul 09 05:20:42 +0000 2019](https://twitter.com/adulau/status/1148461958292824064)) +---- +@subm3rge Indeed there are some similar repetitive social patterns in defensive jobs and maintaining open source projects. Maybe a good sense of humor, perseverance and being positive are useful in both fields. + +(Originally on Twitter: [Tue Jul 09 05:24:58 +0000 2019](https://twitter.com/adulau/status/1148463029195091969)) +---- +RT @gallypette: https://tlsfingerprint.io/ this is serioulsy cool: To help mimic rapidly-changing popular TLS implementations, we have develop… + +(Originally on Twitter: [Tue Jul 09 06:31:21 +0000 2019](https://twitter.com/adulau/status/1148479736303235072)) +---- +@asfakian @MISPProject Thank you too! Your contributions are also amazing for the community. + +(Originally on Twitter: [Tue Jul 09 10:38:11 +0000 2019](https://twitter.com/adulau/status/1148541853777764360)) +---- +RT @abuse_ch: URLhaus + MISP = ❤️ + +MISP 2.4.110 now fully supports MISP objects and relationships which allows to use the new URLhaus modul… + +(Originally on Twitter: [Tue Jul 09 12:55:48 +0000 2019](https://twitter.com/adulau/status/1148576485323825152)) +---- +@martijn_grooten @GossiTheDog Oh yeah, I want NNTP back. + +(Originally on Twitter: [Tue Jul 09 20:46:36 +0000 2019](https://twitter.com/adulau/status/1148694965641519106)) +---- +@quinnnorton @rafi0t @mlowdi @seamustuohy @circl_lu shilling is illegal in many countries 🤣 + +(Originally on Twitter: [Wed Jul 10 04:24:59 +0000 2019](https://twitter.com/adulau/status/1148810321903194112)) +---- +The best projects and outcomes are often the ones without signed agreements, MoU, NDA or confidentiality arrangements. Mutual trust is usually the best factor for successful projects. + +(Originally on Twitter: [Wed Jul 10 17:59:36 +0000 2019](https://twitter.com/adulau/status/1149015327566630917)) +---- +RT @circl_lu: We just published 4000 screenshot images of @torproject hidden service (onion) with classification as an #opendata set for re… + +(Originally on Twitter: [Wed Jul 10 18:01:51 +0000 2019](https://twitter.com/adulau/status/1149015892900139011)) +---- +RT @r3c0nst: Some XFS #ATM #Malware. Uploaded to VT on 21th June 2019 from Russia. Nothing special though. Hash -> 2740bd2b7aa0eaa8de2135dd… + +(Originally on Twitter: [Wed Jul 10 19:52:26 +0000 2019](https://twitter.com/adulau/status/1149043721733890048)) +---- +I dig into the "Community ID Flow Hashing" standard by @corelight_inc to have consistent network flow ID https://github.com/corelight/community-id-spec this is simple & efficient. We'll add it for @d4_project network captures and tools and @MISPProject to share easily flow id for correlation. #NSM ![](media/1149205058669690886-D_LKECrWsAAku81.jpg) + +(Originally on Twitter: [Thu Jul 11 06:33:31 +0000 2019](https://twitter.com/adulau/status/1149205058669690886)) +---- +@EndlessMason @MISPProject @corelight_inc @d4_project @tenzir_company Maybe you could switch the hash by a CMAC/HMAC but if you want to correlate between instance without knowing the PSK... but it will limit the advantage. + +(Originally on Twitter: [Thu Jul 11 06:56:54 +0000 2019](https://twitter.com/adulau/status/1149210942305124353)) +---- +RT @MISPProject: The community-id attribute type in MISP added to easily link/correlate similar network flows together. The netflow and net… + +(Originally on Twitter: [Sat Jul 13 08:30:08 +0000 2019](https://twitter.com/adulau/status/1149959180616380417)) +---- +Unpopular opinion, more the tech giant selling personal information are fined, more they will find new creative business models to monetize your data to be able to pay all those fines. You can call it "innovation by fines". + +(Originally on Twitter: [Sat Jul 13 09:16:17 +0000 2019](https://twitter.com/adulau/status/1149970792916115456)) +---- +RT @instacyber: Alternative headline: "Cops Use Clunky Java-Based Graphing Tool To Access The Data They Already Collect" https://t.co/fftLA… + +(Originally on Twitter: [Sat Jul 13 10:09:53 +0000 2019](https://twitter.com/adulau/status/1149984282515050496)) +---- +@rafi0t The poor Victor Schœlcher must be very upset in his vault. + +(Originally on Twitter: [Sun Jul 14 14:42:23 +0000 2019](https://twitter.com/adulau/status/1150415246613450754)) +---- +@openclipart @rejon @basselkhartabil Glad to hear that. Will you release the backend code as an open source project? + +(Originally on Twitter: [Tue Jul 16 11:42:44 +0000 2019](https://twitter.com/adulau/status/1151094814647246848)) +---- +RT @MISPProject: We just extended the call for papers (until the 21st July 2019) for the MISP Threat Intelligence Summit 0x05 https://t.co… + +(Originally on Twitter: [Tue Jul 16 16:31:32 +0000 2019](https://twitter.com/adulau/status/1151167493731508224)) +---- +Key materials reuse by some actors in this case for KopiLuwak (#Turla) is often interesting. Some groups and adversaries are used to reuse PSK. Sometime it's laziness, sometime it's a way to say "I was here" or sometime different actors reusing the same key for diversion. ![](media/1151365754769543168-D_p3_zXXoAUDXur.jpg) + +(Originally on Twitter: [Wed Jul 17 05:39:21 +0000 2019](https://twitter.com/adulau/status/1151365754769543168)) +---- +@find_evil Wietse Venema IMHO. + +(Originally on Twitter: [Wed Jul 17 17:17:53 +0000 2019](https://twitter.com/adulau/status/1151541542731096065)) +---- +There is a continuous monitoring of the public keys (via CT or scanning) https://rsa.sekan.eu/#cmocl to find the popularities of the cryptographic libraries used for generating keys. It can be quite useful, just don't forget that you might have some FPs in the result. ![](media/1151791778238013442-D_v7k6ZX4AELS6O.jpg) + +(Originally on Twitter: [Thu Jul 18 09:52:13 +0000 2019](https://twitter.com/adulau/status/1151791778238013442)) +---- +RT @Vecchi_Paolo: @DespinaSpanou Well... we already have an efficient #security information sharing platform called @MISPProject and it's a… + +(Originally on Twitter: [Thu Jul 18 11:21:07 +0000 2019](https://twitter.com/adulau/status/1151814149393047553)) +---- +RT @MISPProject: @Vecchi_Paolo @DespinaSpanou Indeed, this is a good point. We have an EU funding by @inea_eu within #CEFtelecom program f… + +(Originally on Twitter: [Thu Jul 18 14:38:00 +0000 2019](https://twitter.com/adulau/status/1151863697184366592)) +---- +RT @DespinaSpanou: @MISPProject @Vecchi_Paolo @inea_eu @circl_lu @secin_lu @MISPProject is indeed a success story of the #EU #CIRCCL and #C… + +(Originally on Twitter: [Thu Jul 18 16:05:12 +0000 2019](https://twitter.com/adulau/status/1151885641933893638)) +---- +RT @eric_capuano: If you find yourself analyzing memory retrieved from ESXi, you may encounter a situation where you must analyze both the… + +(Originally on Twitter: [Thu Jul 18 16:46:47 +0000 2019](https://twitter.com/adulau/status/1151896104860078080)) +---- +@quinnnorton It’s common to have some kings without power in some democracies. In France, they have a king and it’s called a president. + +(Originally on Twitter: [Thu Jul 18 21:26:39 +0000 2019](https://twitter.com/adulau/status/1151966537097601027)) +---- +@__biswa @ashitaka007 @sujeetchavhan1 @__VishalGupta__ @USENIXSecurity @BloodyTangerine Maybe it’s time for @USENIXSecurity to make an event in Europe. I’m sure Luxembourg @uni_lu @C3_Luxembourg would be more open to have researchers to visit Europe for such conference. + +(Originally on Twitter: [Fri Jul 19 16:49:24 +0000 2019](https://twitter.com/adulau/status/1152259150673588225)) +---- +RT @bascule: @andrewtj I'd probably suggest sodiumoxide, however if you're okay with a somewhat nonstandard construction I created a STREAM… + +(Originally on Twitter: [Fri Jul 19 16:54:13 +0000 2019](https://twitter.com/adulau/status/1152260363863371776)) +---- +@hackerfantastic @notdan What do you use as clocking source? + +(Originally on Twitter: [Fri Jul 19 20:38:40 +0000 2019](https://twitter.com/adulau/status/1152316848878346240)) +---- +@bortzmeyer Au final, l'espace d'expérimentation et d'exploration des radio amateurs devient une peau de chagrin: +https://twitter.com/adulau/status/1145603931944423424 + +(Originally on Twitter: [Fri Jul 19 21:38:42 +0000 2019](https://twitter.com/adulau/status/1152331955238842372)) +---- +How many books do I read during one week of « vacation »? The example for next week. Usually afterwards it’s a battlefield with notes, bookmarks and damaged books. #reading ![](media/1152487794993971200-D_51h_WX4AAMd2N.jpg) + +(Originally on Twitter: [Sat Jul 20 07:57:57 +0000 2019](https://twitter.com/adulau/status/1152487794993971200)) +---- +@martijn_grooten Thank you! You too. Usually it’s 30% English book and the rest in French. It usually depends of the batch. + +(Originally on Twitter: [Sat Jul 20 08:02:49 +0000 2019](https://twitter.com/adulau/status/1152489022993944577)) +---- +@davidonzo Thank you! I add in my purchase list. + +(Originally on Twitter: [Sat Jul 20 08:27:25 +0000 2019](https://twitter.com/adulau/status/1152495212914257920)) +---- +RT @caovc: The pre-print of our paper "Analyzing the Costs (and Benefits) of DNS, DoT, and DoH for the Modern Web" is now available: https:… + +(Originally on Twitter: [Sat Jul 20 09:22:56 +0000 2019](https://twitter.com/adulau/status/1152509183566188544)) +---- +2 years ago, I did a first clumsy mind map of the process to create @MISPProject events from gathered #OSINT information. Then our new colleague @VincentFALCONI3 (who wrote a book about mind map ;-) improved it in a day. https://github.com/adulau/misp-osint-collection/ #threatintel new ideas welcome. ![](media/1152524701194948608-D_6QA0hXYAEdoAX.jpg) + +(Originally on Twitter: [Sat Jul 20 10:24:36 +0000 2019](https://twitter.com/adulau/status/1152524701194948608)) +---- +By the way, for the curious, his book is available there https://www.amazon.com/Saisir-lessentiel-Mind-Maps-Efficacit%C3%A9-enseignement-ebook/dp/B07H7NVQLF/ and he is working hard on an English version. + +(Originally on Twitter: [Sat Jul 20 10:26:03 +0000 2019](https://twitter.com/adulau/status/1152525065386434560)) +---- +RT @MISPProject: MISP 2.4.111 released with improved proposal sync and small improvements. We recommend everyone to update to the latest ve… + +(Originally on Twitter: [Sat Jul 20 14:19:40 +0000 2019](https://twitter.com/adulau/status/1152583858602303488)) +---- +RT @adriengnt: Gandcrab v5.2 decryption POC scripts: https://github.com/aguinet/crappy/ . +Made possible thanks to the RSA key released by @FBI/@Europo… + +(Originally on Twitter: [Sat Jul 20 14:58:53 +0000 2019](https://twitter.com/adulau/status/1152593727757737984)) +---- +RT @RooneyMcNibNug: Earlier this year I FOIAed the FBI for details on allegations of backdoor installed in the IPSEC stack in 2010, origina… + +(Originally on Twitter: [Sun Jul 21 10:37:30 +0000 2019](https://twitter.com/adulau/status/1152890335774818305)) +---- +@r00tbsd @benkow_ I might say something unconventional but doing a good « fish and chips » is an art. I did experience some good ones in the Cornwall... + +(Originally on Twitter: [Mon Jul 22 18:58:00 +0000 2019](https://twitter.com/adulau/status/1153378679084539904)) +---- +Semantic open question: « What’s the difference between a tiger team versus a red team in the security field? » I have the feeling it’s the same kind of difference between packet filtering and firewalling, a question of state. + +(Originally on Twitter: [Mon Jul 22 19:07:37 +0000 2019](https://twitter.com/adulau/status/1153381097574739969)) +---- +@npua I love the poster below with the word « solidworks » + +(Originally on Twitter: [Tue Jul 23 07:38:54 +0000 2019](https://twitter.com/adulau/status/1153570165612863488)) +---- +If you plan to attend @hack_lu don’t forget to apply for the CfF https://2019.hack.lu/cff/ to present (the/your) biggest failure in cybersecurity you’ve ever experienced and what you learned from it. + +(Originally on Twitter: [Tue Jul 23 11:19:13 +0000 2019](https://twitter.com/adulau/status/1153625609505058816)) +---- +@GunstickULM @npua If you want some fun, search what solidworks is and then you’ll be worried. + +(Originally on Twitter: [Tue Jul 23 12:49:28 +0000 2019](https://twitter.com/adulau/status/1153648320444805120)) +---- +RT @_saadk: I can't insist enough on the importance of @hack_lu Call for Failure 🙏 + +How many cybersecurity conferences have you attended wh… + +(Originally on Twitter: [Tue Jul 23 17:43:03 +0000 2019](https://twitter.com/adulau/status/1153722204187701248)) +---- +If you search a good book about why improvisation is key to conduct projects or improve your day-to-day activities, @robpoynton did a concise and precise work on the topic. Improvisation is under rated even in #DFIR . ![](media/1153758421423988738-EAL4z0bW4AElACB.jpg) + +(Originally on Twitter: [Tue Jul 23 20:06:58 +0000 2019](https://twitter.com/adulau/status/1153758421423988738)) +---- +@robpoynton So my stack of books seem smaller, not really. I added one. Why? Because putting additional constraints is more fun especially when it’s a book about Jeff Wall. ![](media/1153759511934570496-EAL6BR-W4AAzHNQ.jpg) + +(Originally on Twitter: [Tue Jul 23 20:11:18 +0000 2019](https://twitter.com/adulau/status/1153759511934570496)) +---- +@aris_ada Not sure if this is luck or not. But my bad habit came when I was a kid and my uncle had a book store. Then I was reading everything that I could find. Maybe I became a faster reader by practicing my perversion. + +(Originally on Twitter: [Tue Jul 23 20:16:46 +0000 2019](https://twitter.com/adulau/status/1153760887259488256)) +---- +RT @d4_project: "Characterizing Certain DNS DDoS Attacks" +https://arxiv.org/pdf/1905.09958.pdf #DDoS + +(Originally on Twitter: [Wed Jul 24 10:53:19 +0000 2019](https://twitter.com/adulau/status/1153981480206589952)) +---- +@uhoelzle What’s the definition of chocolate? Is it raw chocolate? + +(Originally on Twitter: [Wed Jul 24 17:51:56 +0000 2019](https://twitter.com/adulau/status/1154086829500588034)) +---- +RT @MISPProject: Thanks to @elhoim for the 3 new MISP warning-lists "Google gmail sending IPs", "Googlebot crawler IP ranges" and "cloudfla… + +(Originally on Twitter: [Wed Jul 24 19:28:03 +0000 2019](https://twitter.com/adulau/status/1154111015921094657)) +---- +RT @hack_lu: Joining for the whole week at http://hack.lu is great because you have the @MISPProject summit on Monday - https://t.… + +(Originally on Twitter: [Thu Jul 25 07:05:19 +0000 2019](https://twitter.com/adulau/status/1154286490861604869)) +---- +We are doing it for many open source software that we maintain but it’s really resource intensive. + +If you want to read how we deal with CVE requests for the @MISPProject +https://github.com/MISP/MISP/blob/2.4/CONTRIBUTING.md#reporting-security-vulnerabilities + +(Originally on Twitter: [Thu Jul 25 16:10:52 +0000 2019](https://twitter.com/adulau/status/1154423783979212800)) +---- +I see 2 main reasons why many FLOSS authors don’t request CVE: Doing house keeping/bureaucracy for bugs/security issues is time consuming. Then you have some competitors playing with stupid metrics to bash FLOSS projects. So the incentive is low. +https://mobile.twitter.com/WeldPond/status/1154220228924051456 + +(Originally on Twitter: [Thu Jul 25 16:10:52 +0000 2019](https://twitter.com/adulau/status/1154423781953351680)) +---- +But this is not common for open source projects. So what can we do? Simplify the assignment for the authors by prefixing a fixed vendor namespace? then it’s up to the vendor to assign within that sub-namespace and the validated CVEs are just linked to the sub ones? + +(Originally on Twitter: [Thu Jul 25 16:10:53 +0000 2019](https://twitter.com/adulau/status/1154423785875017734)) +---- +@Regiteric Indeed, some do using the vulnerability object. https://www.misp-project.org/objects.html#_vulnerability https://www.misp-project.org/2018/01/09/Using-MISP-to-share-vulnerability-information-efficiently.html but we are missing a readable unique identifier. Maybe we should find a nice way to represent the UUID? + +(Originally on Twitter: [Thu Jul 25 16:53:08 +0000 2019](https://twitter.com/adulau/status/1154434417387016193)) +---- +@npettiaux A lot of the projects are missing a LICENSE file such as https://github.com/oSoc19/engie-hub?files=1 which basically said the software is technically non-free. Can someone pass the message to make a quick introduction to FLOSS and how to apply a license? @plicplic + +(Originally on Twitter: [Fri Jul 26 07:52:09 +0000 2019](https://twitter.com/adulau/status/1154660664453095425)) +---- +@pietercolpaert @KrisBuytaert @npettiaux @plicplic @Toon @oSocode Cool! As long it’s an open source license approved by the OSI or the FSF, all good. Very often we all forget while pushing code to a GitHub to add a LICENSE file. Thanks for the quick reply! + +(Originally on Twitter: [Fri Jul 26 07:57:55 +0000 2019](https://twitter.com/adulau/status/1154662116592427008)) +---- +RT @_saadk: @adulau Agreed. Quoting Graeber, 'We have become a civilization based on work—not even “productive work” but work as an end and… + +(Originally on Twitter: [Fri Jul 26 09:54:51 +0000 2019](https://twitter.com/adulau/status/1154691542017347584)) +---- +RT @PaulWebSec: Seems like I will not be able to attend @hack_lu this year but if I do, I would definitely be presenting a quick talk on "H… + +(Originally on Twitter: [Sun Jul 28 14:27:57 +0000 2019](https://twitter.com/adulau/status/1155485044414267394)) +---- +RT @paulvixie: @adulau @hack_lu this is a _great_ idea and i hope CIRCL is allowed and willing to summarize this track in a blog or blog-se… + +(Originally on Twitter: [Sun Jul 28 17:21:16 +0000 2019](https://twitter.com/adulau/status/1155528663787552769)) +---- +@paulvixie @hack_lu @WWHackinFest We might also record all the 10 minutes presentations for the archive. The blog post is also a good idea. + +(Originally on Twitter: [Sun Jul 28 18:45:07 +0000 2019](https://twitter.com/adulau/status/1155549762378186752)) +---- +@angealbertini @hack_lu It’s a first experiment and I’m sure we will fail at some points. Don’t hesitate to propose a 10-minute talk interacting with the audience. We are super flexible on the format. + +(Originally on Twitter: [Sun Jul 28 18:53:13 +0000 2019](https://twitter.com/adulau/status/1155551800516386829)) +---- +@matthieugarin Oui mais les participants ne peuvent venir que ces 17 pays. Ni Belgique, Ni Luxembourg. ![](media/1155747987710238720-EAoKqcKWkAE5cg5.jpg) + +(Originally on Twitter: [Mon Jul 29 07:52:47 +0000 2019](https://twitter.com/adulau/status/1155747987710238720)) +---- +RT @VVX7_IO: Check out the latest version of MISP-Dashboard from the #MISP project to see how gamification of #CTI could benefit your org.… + +(Originally on Twitter: [Mon Jul 29 21:00:13 +0000 2019](https://twitter.com/adulau/status/1155946151410987009)) +---- +RT @_raw_data_: I wrote something about #autoit #crypter, process hollowing #shellcode and how samples were chased inside #MalSilo also tha… + +(Originally on Twitter: [Tue Jul 30 05:45:45 +0000 2019](https://twitter.com/adulau/status/1156078407517638656)) +---- +@rejon @openclipart @basselkhartabil @github Thank you for your feedback. Gitea, GitLab and Gogs are open source too (backend wise). + +(Originally on Twitter: [Wed Jul 31 05:54:06 +0000 2019](https://twitter.com/adulau/status/1156442894007447552)) +---- +Hi @textfiles do you know if the majority of SVG files from http://openclipart.org were archived by @internetarchive ? + +(Originally on Twitter: [Wed Jul 31 05:58:57 +0000 2019](https://twitter.com/adulau/status/1156444114914820097)) +---- +RT @CYINT_dude: If you are generating written reports for your intelligence consumers, they'll have an easier time comprehending the conten… + +(Originally on Twitter: [Wed Jul 31 17:57:19 +0000 2019](https://twitter.com/adulau/status/1156624898837684225)) +---- +@doegox Congrats! + +(Originally on Twitter: [Wed Jul 31 18:54:35 +0000 2019](https://twitter.com/adulau/status/1156639309363142659)) +---- +RT @inea_eu: Coming up these 3 trainings in Luxembourg organised by the #CEFTelecom project @MISPProject! Be sure not to miss them if you a… + +(Originally on Twitter: [Thu Aug 01 10:09:47 +0000 2019](https://twitter.com/adulau/status/1156869625960960000)) +---- +@RoninDey @msuiche Matt, I just reset your credentials on the CIRCL MISP private community (there are many others). You should have received the credentials. You can then use the API or sync with your own MISP instance. You can also import default feed as you like too. https://www.misp-project.org/feeds/ + +(Originally on Twitter: [Thu Aug 01 12:57:17 +0000 2019](https://twitter.com/adulau/status/1156911779676663808)) +---- +RT @MISPProject: MISP now includes weakness (CWE) and attack-pattern (CAPEC) object template. A new misp-module to automatically import fro… + +(Originally on Twitter: [Fri Aug 02 08:12:56 +0000 2019](https://twitter.com/adulau/status/1157202611084414976)) +---- +"KiloGrams: Very Large N-Grams for Malware Classification" +https://arxiv.org/pdf/1908.00200.pdf ![](media/1157243844410400769-EA9bJBUXsAArFxC.png) + +(Originally on Twitter: [Fri Aug 02 10:56:47 +0000 2019](https://twitter.com/adulau/status/1157243844410400769)) +---- +@bad_packets On the positive side, they had an inventory of their hardware. Many companies won’t be able to leak such inventory... + +(Originally on Twitter: [Fri Aug 02 20:14:13 +0000 2019](https://twitter.com/adulau/status/1157384126560964609)) +---- +RT @MISPProject: MISP 2.4.112 released a host of API fixes, improvements and a security fix (CVE-2019-14286). https://www.misp-project.org/2019/08/01/MISP.2.4.112.released.html We st… + +(Originally on Twitter: [Sat Aug 03 08:07:30 +0000 2019](https://twitter.com/adulau/status/1157563628993880064)) +---- +I would like to thank the unnamed vendor fighting open source TIPs by comparing with their proprietary software in a nice glossy leaflet. It allows the open source TIPs to reach out a new audience. Thank you! + +(Originally on Twitter: [Mon Aug 05 16:13:50 +0000 2019](https://twitter.com/adulau/status/1158410793639186432)) +---- +@mk270 Threat Intelligence Platform + +(Originally on Twitter: [Mon Aug 05 20:55:02 +0000 2019](https://twitter.com/adulau/status/1158481563019030529)) +---- +@ancailliau Sent via DM ;-) + +(Originally on Twitter: [Tue Aug 06 06:21:31 +0000 2019](https://twitter.com/adulau/status/1158624120478797825)) +---- +@base55net Indeed on a screenshot and @MISPProject is also mentioned. + +(Originally on Twitter: [Tue Aug 06 10:49:41 +0000 2019](https://twitter.com/adulau/status/1158691606926700544)) +---- +@easyJet @SkintLondon Maybe @EASA should conduct an investigation? + +(Originally on Twitter: [Tue Aug 06 10:56:30 +0000 2019](https://twitter.com/adulau/status/1158693322589921280)) +---- +RT @cyb3rops: 2/ People often overestimate the community effort or vendor support that goes into Open Source projects. + +@blubbfiction wrote… + +(Originally on Twitter: [Wed Aug 07 05:45:44 +0000 2019](https://twitter.com/adulau/status/1158977503270248449)) +---- +@wimremes @CISecurity This is indeed a major issue and it’s the same for the ISO standards in the 27xxx series. The license is even more restrictive. It doesn’t help anyone and just limit the ability to create open source tooling or support materials to help others. + +(Originally on Twitter: [Wed Aug 07 11:51:13 +0000 2019](https://twitter.com/adulau/status/1159069480619782144)) +---- +@jfslowik I remember some experiments but as usual the burden is on the poor  « people » organizing it and dealing with all the issues. + +(Originally on Twitter: [Thu Aug 08 19:20:28 +0000 2019](https://twitter.com/adulau/status/1159544926712946688)) +---- +@Jipe_ I was wondering if there is a kind of comparative tests of all the faraday bags and especially depending of the shielding techniques used. + +(Originally on Twitter: [Fri Aug 09 08:05:50 +0000 2019](https://twitter.com/adulau/status/1159737538086670337)) +---- +@martijn_grooten I remember the best travel advice I got from an old time photographer. If you feel sick during a travel, drink at least three huge glass of water. If you feel better, you were most probably dehydrated. + +(Originally on Twitter: [Sat Aug 10 16:08:12 +0000 2019](https://twitter.com/adulau/status/1160221318148689923)) +---- +RT @themooltipass: Our official statement regarding CVE-2019-14357 is live: https://github.com/limpkin/mooltipass/blob/master/CVE-2019-14357_statement.md . +TLDR: side channel attack with debata… + +(Originally on Twitter: [Sat Aug 10 19:03:42 +0000 2019](https://twitter.com/adulau/status/1160265484744499206)) +---- +Every time I see the work from @olafureliasson my perception of the world improved. If you have time to see the exhibition @Tate. Especially the annotated notes on a pin-wall used to collect ideas and resources. There are similarities to OSINT patterns... +https://www.flickr.com/photos/adulau/48509043261/ ![](media/1160459166894501888-EBrHc-nX4AE02BF.jpg) + +(Originally on Twitter: [Sun Aug 11 07:53:20 +0000 2019](https://twitter.com/adulau/status/1160459166894501888)) +---- +RT @hrbrmstr: Solid overview of the 👍🏼 work @circl_lu does to advance cybersecurity data science // Open Dataset of Phishing and Tor Hidden… + +(Originally on Twitter: [Sun Aug 11 10:16:56 +0000 2019](https://twitter.com/adulau/status/1160495307009994752)) +---- +RT @arxiv_org: VisJSClassificator -- Manual Visual Collaborative Classification Graph-based Tool. http://arxiv.org/abs/1908.02941 https://t.co/rzey… + +(Originally on Twitter: [Sun Aug 11 12:48:31 +0000 2019](https://twitter.com/adulau/status/1160533450920747008)) +---- +@r00tbsd Impressive work! + +(Originally on Twitter: [Sun Aug 11 14:28:46 +0000 2019](https://twitter.com/adulau/status/1160558680686891008)) +---- +RT @pinkflawd: #BlackHoodie Luxembourg edition will be two days and three tracks of classes, followed by a day of talks and... registration… + +(Originally on Twitter: [Mon Aug 12 05:48:05 +0000 2019](https://twitter.com/adulau/status/1160790034859139073)) +---- +@xg5_datafiend @doughsec @rimpq @azuread @MISPProject Indeed that’s a great idea. + +(Originally on Twitter: [Tue Aug 13 04:29:44 +0000 2019](https://twitter.com/adulau/status/1161132705012178944)) +---- +RT @MISPProject: Gene is really a cool format to describe signature engine for Windows Event Logs. MISP supports the gene format by default… + +(Originally on Twitter: [Wed Aug 14 07:52:48 +0000 2019](https://twitter.com/adulau/status/1161546196659376128)) +---- +@cbrocas @cryptax @clerc_fab @MaliciaRogue Mais il y a des avantages, c’est pas mal pour faire de la photographie de rue. + +(Originally on Twitter: [Wed Aug 14 15:16:28 +0000 2019](https://twitter.com/adulau/status/1161657848918609925)) +---- +RT @adriengnt: @Fox0x01 The biggest problem is that we pay people to look for bugs in (among others) open source softwares instead of finan… + +(Originally on Twitter: [Wed Aug 14 17:49:16 +0000 2019](https://twitter.com/adulau/status/1161696304520749056)) +---- +@quinnnorton C’est vraiment un labyrinthe ou un hôtel de passe pour thanatophile véreux ? + +(Originally on Twitter: [Wed Aug 14 18:18:59 +0000 2019](https://twitter.com/adulau/status/1161703780917927936)) +---- +@cbrocas @cryptax @clerc_fab @MaliciaRogue Helen Levitt, Philippe Chancel et The Saga of Inventions. Dans le ‘off’ pas mal d’expo très bien. Mais plutôt très inégales pour le ‘in’... + +(Originally on Twitter: [Wed Aug 14 19:30:08 +0000 2019](https://twitter.com/adulau/status/1161721686095532032)) +---- +RT @jeremiahg: InfoSec is ~$127B industry, yet there’s no price tags on any vendor website. For some reason it’s easier to find out what a… + +(Originally on Twitter: [Wed Aug 14 20:28:22 +0000 2019](https://twitter.com/adulau/status/1161736343103295489)) +---- +RT @circl_lu: AIL (Analysis Information Leak framework) v2.1 has been released including a new API to interact with AIL instance. https://t… + +(Originally on Twitter: [Thu Aug 15 07:36:36 +0000 2019](https://twitter.com/adulau/status/1161904509377007616)) +---- +I found an old software catalogue from 1990 for Sun Microsystems and you know what? Selling #ArtificialIntelligence software was already hype. From semantic-based framework in prolog to common lisp or real-time expert system. We are just living in a gigantic loop. ![](media/1161919728870461440-EB_30kjXYAE3LHe.jpg) + +(Originally on Twitter: [Thu Aug 15 08:37:05 +0000 2019](https://twitter.com/adulau/status/1161919728870461440)) +---- +I added in http://cve-search.org the ability to use the new version of the CVE NVD feed in JSON format (instead of the XML). If you have any issue, let us know. +https://github.com/cve-search/cve-search/commit/5e78f0a7d83229f18964f8920699e67f977aa1ea @CVEannounce @pidgeyL + +(Originally on Twitter: [Fri Aug 16 13:46:57 +0000 2019](https://twitter.com/adulau/status/1162360096304902144)) +---- +“if a country refuses to share information, the victim government may decide to see it as a form of sponsorship” in @cguitton book. Another good one for my huge list “why information sharing matters” while giving @MISPProject trainings. #threatintel #cti ![](media/1162666291888570373-ECKe0bwWsAEwiJI.jpg) + +(Originally on Twitter: [Sat Aug 17 10:03:39 +0000 2019](https://twitter.com/adulau/status/1162666291888570373)) +---- +RT @marcan42: To all the senile assholes who think scaring off cats by blasting 19kHz at ear-damage levels all over shops in Japan is a goo… + +(Originally on Twitter: [Sun Aug 18 12:19:44 +0000 2019](https://twitter.com/adulau/status/1163062923796930560)) +---- +@0x736A @H_Miser Milk and tea, it’s just like sodium metal and water. + + +media/1163140599630970880-ECRONEHXsAgqjn2.mp4 + +(Originally on Twitter: [Sun Aug 18 17:28:23 +0000 2019](https://twitter.com/adulau/status/1163140599630970880)) +---- +RT @MISPProject: http://MISP-standard.org - the open source collaborative intelligence standard - the MISP project has spun-off a new struct… + +(Originally on Twitter: [Mon Aug 19 14:23:39 +0000 2019](https://twitter.com/adulau/status/1163456496446967808)) +---- +RT @faker_: Confirmed by Webmin team now. 1.882 - 1.920 contain RCEs introduced due to compromised build infrastructure. +1.890 contained t… + +(Originally on Twitter: [Mon Aug 19 15:48:03 +0000 2019](https://twitter.com/adulau/status/1163477738965090304)) +---- +RT @circl_lu: Ruby rest-client 1.6.13 compromised - +@MISPProject event added with indicators in CIRCL OSINT feed https://www.circl.lu/doc/misp/feed-osint/5d5bfb96-ff34-4470-9107-cfdc950d210f.json… + +(Originally on Twitter: [Tue Aug 20 14:29:49 +0000 2019](https://twitter.com/adulau/status/1163820437777739777)) +---- +@VVX7_IO I love PoC||GTFO. You should try to get a signed version by @doegox and @angealbertini 😉 + +(Originally on Twitter: [Tue Aug 20 17:23:04 +0000 2019](https://twitter.com/adulau/status/1163864038067097602)) +---- +Do not wait for medals and recognition when you make open source software, it’s hard. But the best positive outcome is to learn more about yourself. + +(Originally on Twitter: [Tue Aug 20 17:47:58 +0000 2019](https://twitter.com/adulau/status/1163870303669358592)) +---- +RT @r00tbsd: That's how I prepare the @hack_lu and where I review the papers... And some papers are amazing... we received so many papers t… + +(Originally on Twitter: [Wed Aug 21 18:22:17 +0000 2019](https://twitter.com/adulau/status/1164241325564276737)) +---- +@r00tbsd @hack_lu It’s indeed a lot of papers. We are really glad to have so many good contributions and great reviewers too ;-) IMHO, the most difficult part will be rejecting great papers due to practical limitation. + +(Originally on Twitter: [Wed Aug 21 18:27:46 +0000 2019](https://twitter.com/adulau/status/1164242707591680000)) +---- +@r00tbsd @hack_lu Usually if the quality/rating is comparable, we tend to select the ones who never presented before (to give a chance to everyone). + +(Originally on Twitter: [Wed Aug 21 18:31:05 +0000 2019](https://twitter.com/adulau/status/1164243540668534786)) +---- +@metaconflict I remember some cases where you need to wait until they take the folders with all the sample passports to compare with your passport. Usually you just hope that the sample passport is in the folder. This happens very often for small countries... + +(Originally on Twitter: [Thu Aug 22 06:24:47 +0000 2019](https://twitter.com/adulau/status/1164423148147806208)) +---- +"Virtual Breakpoints for x86/64" +https://arxiv.org/pdf/1801.09250.pdf 🤔 ![](media/1164467709955989504-ECkFNRmXsAEw0hQ.png) + +(Originally on Twitter: [Thu Aug 22 09:21:51 +0000 2019](https://twitter.com/adulau/status/1164467709955989504)) +---- +@VVX7_IO @doegox @angealbertini @MITREattack Not sure. Still under discussion ;-) + +(Originally on Twitter: [Thu Aug 22 12:05:07 +0000 2019](https://twitter.com/adulau/status/1164508799488729089)) +---- +@tathanhdinh @mtarral Indeed, it’s a design. They mention a next step with a FPGA prototype... I’m really curious how this could be implemented in the MMU. + +(Originally on Twitter: [Thu Aug 22 20:19:06 +0000 2019](https://twitter.com/adulau/status/1164633110765625354)) +---- +@xme @googlechrome @hack_lu I suppose they don’t like papers and presentations (as it’s the archive directory) about security. + + +media/1164775592606126080-ECodN5TUIAI-8rs.mp4 + +(Originally on Twitter: [Fri Aug 23 05:45:16 +0000 2019](https://twitter.com/adulau/status/1164775592606126080)) +---- +RT @MISPProject: A new MISP phishing taxonomy which includes different aspects such as the persuasion techniques and psychological acceptab… + +(Originally on Twitter: [Fri Aug 23 12:47:14 +0000 2019](https://twitter.com/adulau/status/1164881785106444293)) +---- +RT @ISCdotORG: ARTEMIS is an open-source tool for detecting BGP prefix hijacking in +real time. Please find an update of the ARTEMIS project… + +(Originally on Twitter: [Fri Aug 23 19:08:38 +0000 2019](https://twitter.com/adulau/status/1164977766011461634)) +---- +Thanks to @tricaud for releasing a first version of the fast sighting database https://github.com/devoinc/sightingdb we are working together on improved/fast insertion strategy from @MISPProject and other OSS components. + +(Originally on Twitter: [Sat Aug 24 07:19:09 +0000 2019](https://twitter.com/adulau/status/1165161606898159616)) +---- +RT @0xdabbad00: The AWS SDK just got a command ec2:ExportImage for converting an AMI to a VM image, which should be helpful for analyzing A… + +(Originally on Twitter: [Sat Aug 24 07:54:33 +0000 2019](https://twitter.com/adulau/status/1165170514010214400)) +---- +S-1 filling are always insightful. This one for @datadoghq is a hard punch into open source projects. Instead of proposing to contribute back to limit their risks, litigation is the first step against the OSS projects used in their own product line. 🤦‍♂️ +https://www.sec.gov/Archives/edgar/data/1561550/000119312519227783/d745413ds1.htm ![](media/1165179066384863233-ECuMLq0XkAAWv26.png) + +(Originally on Twitter: [Sat Aug 24 08:28:32 +0000 2019](https://twitter.com/adulau/status/1165179066384863233)) +---- +@datadoghq To be on the constructive side, they could improve the strategy by supporting and partnering with open source projects. Re-assigning some income into the projects could be a mitigation to reduce the risks for their business. + +(Originally on Twitter: [Sat Aug 24 08:38:04 +0000 2019](https://twitter.com/adulau/status/1165181466650787840)) +---- +RT @nstarke: Ever need to reverse a raw binary firmware image? I wrote some notes up today on how to do that in Ghidra, using for example C… + +(Originally on Twitter: [Sat Aug 24 10:23:01 +0000 2019](https://twitter.com/adulau/status/1165207878535397378)) +---- +The good old days of Internet is back to life with @Ishkur23 and his incredible http://music.ishkur.com/ guide to electronic music. Don't forget to read the FUQ (~FAQ), it's hilarious. By the way, you will discover that the New Beat is not even dead. + +(Originally on Twitter: [Sat Aug 24 20:23:13 +0000 2019](https://twitter.com/adulau/status/1165358925153275909)) +---- +@streetartmagic You sure it’s not Sweden? + +(Originally on Twitter: [Mon Aug 26 10:25:47 +0000 2019](https://twitter.com/adulau/status/1165933351590617090)) +---- +@github Is the GitHub clone statistics broken for everyone? ![](media/1165946117923770368-EC5Fz_5X4AIJ0aR.jpg) + +(Originally on Twitter: [Mon Aug 26 11:16:31 +0000 2019](https://twitter.com/adulau/status/1165946117923770368)) +---- +I wrote a quick post about "Books and Photography" to give an idea of my favourite books and publishers in #photography to grasp its culture. +https://www.foo.be/photoblog/posts/books-and-photography/ + +(Originally on Twitter: [Mon Aug 26 19:12:55 +0000 2019](https://twitter.com/adulau/status/1166066007842217986)) +---- +In software, it’s sometime better to have no documentation than having an incorrect document which makes you running crazy at each broken step. + + +media/1166372579470389249-EC_JrGeXYAELF9O.mp4 + +(Originally on Twitter: [Tue Aug 27 15:31:07 +0000 2019](https://twitter.com/adulau/status/1166372579470389249)) +---- +RT @jvanegue: InfinityHook is a pretty neat piece of software for Win10, allows you to hook syscalls, context switches, and many more kerne… + +(Originally on Twitter: [Wed Aug 28 10:36:42 +0000 2019](https://twitter.com/adulau/status/1166660872900612097)) +---- +RT @circl_lu: How is an internship at @circl_lu? - @VincentFALCONI3 did an interview to describe his experience and his work within CIRCL.… + +(Originally on Twitter: [Wed Aug 28 13:52:16 +0000 2019](https://twitter.com/adulau/status/1166710091065823235)) +---- +@ninoseki @MISPProject @SteveClement Sure I’ll have a look. Is there any reason to not use misp-packer? https://github.com/MISP/misp-packer it’s the one we use for producing the official MISP VM? + +(Originally on Twitter: [Thu Aug 29 05:26:40 +0000 2019](https://twitter.com/adulau/status/1166945237949976576)) +---- +RT @Netxing: 1. Packaging: + +When I took a closer look at the packaging using some light(remembering the @doegox technique (https://t.co/JJs… + +(Originally on Twitter: [Thu Aug 29 05:28:13 +0000 2019](https://twitter.com/adulau/status/1166945629664350208)) +---- +@ninoseki @MISPProject @SteveClement Ah ok Indeed. I’ll have a look. Thank you. + +(Originally on Twitter: [Thu Aug 29 05:40:25 +0000 2019](https://twitter.com/adulau/status/1166948699177705472)) +---- +@martijn_grooten @jfslowik @lorenzofb @hacks4pancakes We as @MISPProject do it for years, for free and freely accessible as JSON https://www.misp-project.org/galaxy.html#_threat_actor and everyone can contribute. The majority of contributions came from independent researchers... https://github.com/MISP/misp-galaxy/blob/master/clusters/threat-actor.json + +(Originally on Twitter: [Thu Aug 29 15:51:30 +0000 2019](https://twitter.com/adulau/status/1167102481668673538)) +---- +RT @d4_project: The @d4_project will publish a series of articles to describe and improve the understanding and taxonomies of #DDoS We publ… + +(Originally on Twitter: [Fri Aug 30 08:32:01 +0000 2019](https://twitter.com/adulau/status/1167354271005892608)) +---- +RT @cyb3rops: Baamm 💥, Sigma rule for iOS implant + +https://github.com/Neo23x0/sigma/blob/master/rules/proxy/proxy_ios_implant.yml https://twitter.com/craiu/status/1167358457344925696 + +(Originally on Twitter: [Fri Aug 30 10:44:13 +0000 2019](https://twitter.com/adulau/status/1167387539969314816)) +---- +RT @malpedia: Yes, this so much! That's why we adopted your threat actor cluster as baseline and contribute back whenever there's a chance!… + +(Originally on Twitter: [Fri Aug 30 19:45:00 +0000 2019](https://twitter.com/adulau/status/1167523635747328002)) +---- +If you are interested in OIE (Open Information Extraction), this git repository contains a good collection of papers, corpus and code reference. OIE is still under used in OSINT collection and processing IMHO. + +https://github.com/gkiril/oie-resources ![](media/1167726446753832960-EDSZAuqXUAAi50Y.jpg) + +(Originally on Twitter: [Sat Aug 31 09:10:54 +0000 2019](https://twitter.com/adulau/status/1167726446753832960)) +---- +RT @MISPProject: @iiyonite Indeed, the only reference that we have is from Symantec in the MISP galaxy tool for Dripion https://t.co/r7PyRt… + +(Originally on Twitter: [Sat Aug 31 09:35:18 +0000 2019](https://twitter.com/adulau/status/1167732585159696385)) +---- +RT @MISPProject: MISP v2.4.114 released (aka the community care package release) including a default way to discover new sharing communiti… + +(Originally on Twitter: [Sat Aug 31 14:45:31 +0000 2019](https://twitter.com/adulau/status/1167810656273412102)) +---- +"why I hate cars" - a photography as dedication to the great work of Katrien De Blauwer @KatrienDB https://www.flickr.com/photos/adulau/48651726697/ #photography ![](media/1167880994847748097-EDUljyZU4AAedq8.jpg) + +(Originally on Twitter: [Sat Aug 31 19:25:02 +0000 2019](https://twitter.com/adulau/status/1167880994847748097)) +---- +@lukOlejnik @superglaze Fingerprinting system libraries from a security perspective can make sense too. Some endpoint security software are actively fingerprinting libraries to gather telemetry, building baselines, finding outliers or malicious/vulnerable libraries. + +(Originally on Twitter: [Mon Sep 02 07:00:54 +0000 2019](https://twitter.com/adulau/status/1168418504929894401)) +---- +RT @circl_lu: CIRCLean the USB sanitizer version 2.5 has been released including updates in the PyCIRCLean library and support for the new… + +(Originally on Twitter: [Mon Sep 02 08:18:06 +0000 2019](https://twitter.com/adulau/status/1168437932212084738)) +---- +Abusing AI bot is funny to get Internet access in the train. Thanks to @FLesueur for the idea. We had some fun. + +(Originally on Twitter: [Mon Sep 02 17:02:30 +0000 2019](https://twitter.com/adulau/status/1168569904812974082)) +---- +RT @DennisRand: Using Threat data in your vulnerability management strategy with MISP + +#MISP #VulnerabilityManagement #PatchManagement #its… + +(Originally on Twitter: [Tue Sep 03 20:25:04 +0000 2019](https://twitter.com/adulau/status/1168983268320063489)) +---- +RT @Ministraitor: @ms__chief @SecurityBSides @Steel_Con Le Tour Du Hack @_enusec_ +OSCAL (more general hacking/activism) @OSCALconf +Wicca… + +(Originally on Twitter: [Tue Sep 03 20:25:54 +0000 2019](https://twitter.com/adulau/status/1168983478408503296)) +---- +RT @ArxSys: I'm very happy that my talk "Memory forensics analysis of Cisco IOS XR 32 bits routers with 'amnesic-sherpa'" got accepted at @… + +(Originally on Twitter: [Wed Sep 04 05:36:35 +0000 2019](https://twitter.com/adulau/status/1169122062948061184)) +---- +Want to obfuscate your C&C hostname into some non-suspicious strings? http://libc.so and http://libc6.so are registered and used by someone... @F_kZ_ + +(Originally on Twitter: [Wed Sep 04 17:27:08 +0000 2019](https://twitter.com/adulau/status/1169300878345588742)) +---- +@F_kZ_ I found something (an android malware) on VT but it seems to be a false-positive. At the end, the idea is pretty clever for anti-forensic. If I find something, I’ll share it. + +(Originally on Twitter: [Wed Sep 04 17:41:39 +0000 2019](https://twitter.com/adulau/status/1169304531039150080)) +---- +RT @jasonfried: When Google puts 4 paid ads ahead of the first organic result for your own brand name, you’re forced to pay up if you want… + +(Originally on Twitter: [Wed Sep 04 19:56:44 +0000 2019](https://twitter.com/adulau/status/1169338525545848834)) +---- +@HuaweiFacts Concerning (4), could you share some malware samples or evidences regarding the attacks you were facing? I'm sure the security community at large would be interested to help and share the indicators with the community. + +(Originally on Twitter: [Wed Sep 04 21:38:26 +0000 2019](https://twitter.com/adulau/status/1169364118010290177)) +---- +@infosecxual Indicators are not always related to network activity such as pattern-in-memory, mutex, service name and alike. Maybe some vendors are focusing on the network activity level but many indicators can be clearly used for hunting on non-network DFIR evidences. + +(Originally on Twitter: [Thu Sep 05 10:05:12 +0000 2019](https://twitter.com/adulau/status/1169552051447185408)) +---- +RT @hack_lu: We are still looking for sponsors for the CTF prizes. If you want to support us and get some visibility during the CTF and @ha… + +(Originally on Twitter: [Thu Sep 05 10:13:15 +0000 2019](https://twitter.com/adulau/status/1169554076767571968)) +---- +@GazTheJourno Don’t worry @GCHQ is at the top of the pyramid. + +(Originally on Twitter: [Thu Sep 05 13:58:18 +0000 2019](https://twitter.com/adulau/status/1169610710860668929)) +---- +Sometime the best thing which can happen is the lack of memory. Then imagination is taking over and it’s always much better. ![](media/1169644175568134144-EDtpK8TXsAAjbSW.jpg) + +(Originally on Twitter: [Thu Sep 05 16:11:17 +0000 2019](https://twitter.com/adulau/status/1169644175568134144)) +---- +RT @quarkslab: [JOBS] we have several open positions: https://quarkslab.com/careers/en/ +Croissants (and food) help to fuel our brains for the challen… + +(Originally on Twitter: [Thu Sep 05 18:09:10 +0000 2019](https://twitter.com/adulau/status/1169673845680300033)) +---- +RT @tricaud: W00t! Just had my workshop on faup accepted for @hack_lu \o/ see you there and if you have any suggestion, ideas etc. before I… + +(Originally on Twitter: [Fri Sep 06 13:18:29 +0000 2019](https://twitter.com/adulau/status/1169963078500397057)) +---- +@OBonaventure someone stole your BGP car plate. ![](media/1170257727836307457-ED2XMGHXoAATzUf.jpg) + +(Originally on Twitter: [Sat Sep 07 08:49:19 +0000 2019](https://twitter.com/adulau/status/1170257727836307457)) +---- +RT @_saadk: My talk 'Disturbance: the Sorry State of Cybersecurity and Potential Cures' was accepted by the fine @hack_lu folks. Thx! + +It w… + +(Originally on Twitter: [Sat Sep 07 08:52:19 +0000 2019](https://twitter.com/adulau/status/1170258483658264576)) +---- +Maybe one of the aspect I love in #photography is the contact sheet and its selection process. I did an animated gif with the contact sheets seen at @rencontresarles 2019 from the "Home Sweet Home" exhibition. + + +media/1170609012401983489-ED7WrMGWkAAOXmR.mp4 + +(Originally on Twitter: [Sun Sep 08 08:05:12 +0000 2019](https://twitter.com/adulau/status/1170609012401983489)) +---- +RT @davidonzo: #FYI +- https://osint.digitalside.it/ +- https://github.com/davidonzo/Threat-Intel/ +Sharing points are (finally...) syncronized to be updated every 10… + +(Originally on Twitter: [Sun Sep 08 10:41:33 +0000 2019](https://twitter.com/adulau/status/1170648361977942018)) +---- +RT @fewdisc: Excited to collaborate with @MISPProject on sightingsDB based on great work from @tricaud and of course, @adulau. More to com… + +(Originally on Twitter: [Sun Sep 08 12:56:45 +0000 2019](https://twitter.com/adulau/status/1170682383395368962)) +---- +RT @1sand0s: A lot of security people will soon learn the hard way that their security relies on (internal) DNS. https://twitter.com/grittygrease/status/1170077782417666048 + +(Originally on Twitter: [Sun Sep 08 18:54:07 +0000 2019](https://twitter.com/adulau/status/1170772320039919624)) +---- +We quickly reopen the CfP for the @MISPProject summit 0x5 (21st October 2019 in Luxembourg) https://2019.hack.lu/misp-summit/ If you forgot to submit a talk or presentation, it's now or never. #ThreatIntel #informationsharing + + +media/1171118954661732359-EECmeUAXUAAhYxm.mp4 + +(Originally on Twitter: [Mon Sep 09 17:51:31 +0000 2019](https://twitter.com/adulau/status/1171118954661732359)) +---- +@KirilsSolovjovs @Ministraitor @MISPProject The MISP summit is completely free. So we usually don’t provide financial travel support for the selected speakers. But you can still submit and explain the difficulties. We can try to be creative in specific cases. Thanks. + +(Originally on Twitter: [Mon Sep 09 18:37:59 +0000 2019](https://twitter.com/adulau/status/1171130645126569985)) +---- +RT @MISPProject: MISP 2.4.115 released including a major security fix (CVE-2019-16202) and various small improvements like sync speed impro… + +(Originally on Twitter: [Tue Sep 10 15:01:19 +0000 2019](https://twitter.com/adulau/status/1171438511045533697)) +---- +RT @MISPProject: Do you want to document and share all the commands supported by a malicious file or process? and allowing correlations bet… + +(Originally on Twitter: [Wed Sep 11 17:50:37 +0000 2019](https://twitter.com/adulau/status/1171843504483590145)) +---- +If you plan to create an international organisation which aims to be inclusive & include a large diversity of members, avoid some countries. Export regulation rules are so unclear and arbitrary, it can put at risk any positive initiative to do information sharing. Select wisely. + +(Originally on Twitter: [Wed Sep 11 18:07:15 +0000 2019](https://twitter.com/adulau/status/1171847689069350912)) +---- +@martijn_grooten Indeed, I’m sad. My advice came from past & recent experiences on the topic. I still dream of the ability to share information with the humanity at large to build a safer place for everyone. But some countries prefer to use international organisations to do the police for them. + +(Originally on Twitter: [Wed Sep 11 18:57:43 +0000 2019](https://twitter.com/adulau/status/1171860388666925056)) +---- +@alexanderjaeger I didn’t do an exhaustive survey of all countries and especially the respective export regulations. But I think some countries do better than other such as Netherlands, Switzerland or Luxembourg (maybe I’m a bit biased for this one). + +(Originally on Twitter: [Wed Sep 11 19:20:10 +0000 2019](https://twitter.com/adulau/status/1171866039065415681)) +---- +@alexanderjaeger The only issue from such list is the real level of application and abuse by each of the countries. Some countries are really abusing the model for economical reasons but some are more sane. IMHO + +(Originally on Twitter: [Wed Sep 11 19:38:12 +0000 2019](https://twitter.com/adulau/status/1171870578149666818)) +---- +@davidonzo Looks really cool. We should add your feeds in the default MISP feeds. Can you do a PR on the JSON? https://github.com/MISP/MISP/blob/2.4/app/files/feed-metadata/defaults.json + +(Originally on Twitter: [Thu Sep 12 10:24:58 +0000 2019](https://twitter.com/adulau/status/1172093739638108160)) +---- +RT @MISPProject: MISP just added the support for the ATT&CK Sightings format of @MITREattack to share metrics about the use of ATT&CK withi… + +(Originally on Twitter: [Thu Sep 12 16:59:16 +0000 2019](https://twitter.com/adulau/status/1172192969958526976)) +---- +@da_667 How did you feel after the SELinux commands? If you see something utterly broken, let me know. + +(Originally on Twitter: [Fri Sep 13 04:45:33 +0000 2019](https://twitter.com/adulau/status/1172370710246744071)) +---- +@huntingneo @MISPProject @certbr Congrats for the workshop! We are super happy to see such amazing contributions. While doing MISP workshops/trainings, we always try to apply the PMF model live https://tools.ietf.org/html/draft-dulaunoy-programming-methodology-framework-00 to improve in fast iterations with feedback from the audience. thx to @zedshaw + +(Originally on Twitter: [Fri Sep 13 05:20:20 +0000 2019](https://twitter.com/adulau/status/1172379464375787522)) +---- +RT @cocaman: Office 365 #phishing campaign abusing: +0) Compromised Outlook email address +1) Cisco branded email ("new voice message") +2) On… + +(Originally on Twitter: [Fri Sep 13 05:22:26 +0000 2019](https://twitter.com/adulau/status/1172379993097129984)) +---- +RT @MISPProject: Until now it was but a mere promise, but finally, it is here "Decaying of Indicators - MISP improved model to expire indic… + +(Originally on Twitter: [Fri Sep 13 12:09:13 +0000 2019](https://twitter.com/adulau/status/1172482361247883265)) +---- +RT @blubbfiction: I'm happy that @hack_lu accepted my Sigma workshop! This year with updated content. + +• Writing Sigma rules +• Generic log… + +(Originally on Twitter: [Fri Sep 13 20:12:51 +0000 2019](https://twitter.com/adulau/status/1172604072584732673)) +---- +@likethecoins I’m really disappointed by “men” acting like that. Those guys are just a net negative for our community and especially to destroy the improvements done by collaboration in our field. I fully support you knowing what you do and how perseverant you are. + +(Originally on Twitter: [Sat Sep 14 07:26:25 +0000 2019](https://twitter.com/adulau/status/1172773581719330817)) +---- +RT @_saadk: Hey @PatriceAuffret, is this the result of your total Perl domination plan? 😈 + +I finally know the real meaning of 'pip' 🤣 https… + +(Originally on Twitter: [Sat Sep 14 08:11:01 +0000 2019](https://twitter.com/adulau/status/1172784805039226880)) +---- +@_saadk @PatriceAuffret By the way, don't forget CPAN stands for Common Python Anarchist Network... + +(Originally on Twitter: [Sat Sep 14 08:12:38 +0000 2019](https://twitter.com/adulau/status/1172785210334883840)) +---- +Don’t forget that any vulnerability data sources which are “open data” at some point in time, can be broken or closed the next days. Never assume that a data provider will make an effort to keep it running. Plan resilience strategies. My experience while developing cve-search. + +(Originally on Twitter: [Mon Sep 16 05:42:01 +0000 2019](https://twitter.com/adulau/status/1173472083835330560)) +---- +@dietervds It’s more all the external data sources (vendors, vulnerability info provider) outside NIST/MITRE which are unstable. We provide the datasets for collecting the VIA4 reference but keeping track of all those is a full time job for open source maintainers. https://www.cve-search.org/dataset/ + +(Originally on Twitter: [Mon Sep 16 05:49:30 +0000 2019](https://twitter.com/adulau/status/1173473966499012608)) +---- +@msuiche Because people are using ancient version of DumpIt on recent version of Windows, sending partial memory dump to CSIRTs and then the memory evidences are lost forever. + + +media/1173615492550078470-EEmFEIFXYAAEDIV.mp4 + +(Originally on Twitter: [Mon Sep 16 15:11:52 +0000 2019](https://twitter.com/adulau/status/1173615492550078470)) +---- +RT @ProjectZeroBugs: lastpass: bypassing do_popupregister() leaks credentials from previous site https://bugs.chromium.org/p/project-zero/issues/detail?id=1930 + +(Originally on Twitter: [Mon Sep 16 15:12:29 +0000 2019](https://twitter.com/adulau/status/1173615647357571072)) +---- +@msuiche I don’t know the exact pattern but it seems they have difficulties to find it. If you could go the FLOSS route as suggested by @cbrocas I’ll send you a box of belgian beers and chocolates. + +(Originally on Twitter: [Mon Sep 16 15:27:26 +0000 2019](https://twitter.com/adulau/status/1173619409912512512)) +---- +I just discover that securail (@SNCB security dept) has full access to the national belgian registry. They do check via radio communication and ask a guy who obviously forgot his wallet to give DoB, full name with all first names to verify if the identity exists. + +(Originally on Twitter: [Mon Sep 16 15:58:20 +0000 2019](https://twitter.com/adulau/status/1173627183534882816)) +---- +@stevendemu @SNCB So everyone can give the real name of someone else... + +(Originally on Twitter: [Mon Sep 16 16:11:02 +0000 2019](https://twitter.com/adulau/status/1173630380659945474)) +---- +@dimartinomar @SNCB It’s a good question. They use the national number as pivot point and have the all first names of the person. They can indeed got it when they register the subscription with the IC. But they didn’t check if the subscription was valid or not. Sounds like a difference db to me. + +(Originally on Twitter: [Mon Sep 16 16:17:18 +0000 2019](https://twitter.com/adulau/status/1173631957504266245)) +---- +@dimartinomar @SNCB I’ll do. Maybe you should do it and cross-check later? + +(Originally on Twitter: [Mon Sep 16 16:22:33 +0000 2019](https://twitter.com/adulau/status/1173633280865906688)) +---- +RT @F_kZ_: \o/ I can use my own instance of cve-search to get Enrichment in MISP <3 Thx @MISPProject + +(Originally on Twitter: [Tue Sep 17 09:55:03 +0000 2019](https://twitter.com/adulau/status/1173898150828023808)) +---- +RT @MISPProject: MISP 2.4.116 released including a long awaited major new feature that deals with decaying indicators in addition to a new… + +(Originally on Twitter: [Tue Sep 17 11:42:12 +0000 2019](https://twitter.com/adulau/status/1173925113252782080)) +---- +@ancailliau @SNCB Indeed. Next time I need to do a validation request, I’ll forget my train subscription 😉 + +(Originally on Twitter: [Tue Sep 17 16:09:41 +0000 2019](https://twitter.com/adulau/status/1173992427499245582)) +---- +RT @corelight_inc: #ZeekWeek19 (fka BroCon) is the most important event for users, developers, #dfir, #threathunters and #securityarchitect… + +(Originally on Twitter: [Tue Sep 17 20:18:44 +0000 2019](https://twitter.com/adulau/status/1174055103566942208)) +---- +RT @Malwar3Ninja: @MISPProject is an awesome #ThreatIntell project. I have been using #MISP for a very long time more than 1.5 years now an… + +(Originally on Twitter: [Wed Sep 18 16:42:17 +0000 2019](https://twitter.com/adulau/status/1174363022413979648)) +---- +cve-search version 2.3 has been released with the support of the new JSON format from NVD (@cvenew) - this release also includes many bug fixes and improvements. https://www.cve-search.org/2019/cve-search-2.3-released/ cc/ @pidgeyL + +(Originally on Twitter: [Wed Sep 18 20:04:58 +0000 2019](https://twitter.com/adulau/status/1174414028594171906)) +---- +@ancailliau @github @duniel_pls Indeed. It might improve the situation for many open source projects who never filled the MITRE CVE form before. Those projects will have referenced and documented vulnerabilities. So it’s a great move. + +(Originally on Twitter: [Thu Sep 19 05:33:18 +0000 2019](https://twitter.com/adulau/status/1174557051843952640)) +---- +When policy makers design/propose export regulation rules, they should not forget the aspect that sharing information for incident response and vulnerability reporting is key to ensure security at large. It impacts sharing communities like @FIRSTdotOrg + +https://www.first.org/newsroom/releases/20190918 + +(Originally on Twitter: [Thu Sep 19 05:44:55 +0000 2019](https://twitter.com/adulau/status/1174559977689796608)) +---- +RT @M_Labs_Ltd: "Back door key check: success" seems to be a totally legit string to appear in the firmware of a managed switch (Netgear GS… + +(Originally on Twitter: [Thu Sep 19 07:19:02 +0000 2019](https://twitter.com/adulau/status/1174583662131712001)) +---- +Thanks to @stamparm for the IPsum lists and the great idea of having level based on numbers of matching per list. The default feed lists are now part of @MISPProject . https://github.com/MISP/MISP/commit/65f6667fb4ac15486db21180765bbbebc4ad6259 The idea came during the #CyberExchange @inea_eu CEF funded program. + +(Originally on Twitter: [Thu Sep 19 15:18:50 +0000 2019](https://twitter.com/adulau/status/1174704408124428288)) +---- +RT @SBousseaden: Pay attention to persistence via Pending GPO (less famous) #GootKit md5:881c8bc27c80b104cc782c37eed59c6b #eql [registry wh… + +(Originally on Twitter: [Thu Sep 19 15:43:37 +0000 2019](https://twitter.com/adulau/status/1174710646409236480)) +---- +RT @cbrocas: @adulau @ancailliau @github @duniel_pls cc @videolan cf the question by @adulau after your #pts19 talk about #vlc difficulties… + +(Originally on Twitter: [Thu Sep 19 16:38:19 +0000 2019](https://twitter.com/adulau/status/1174724408939819010)) +---- +RT @vytwso: @thepacketrat If they are *so* unique why they should use the same output like CADO-NFS? Or their code is based on it ... https… + +(Originally on Twitter: [Fri Sep 20 15:58:23 +0000 2019](https://twitter.com/adulau/status/1175076747487973377)) +---- +RT @daniel_b_cat: This photograph was taken by an ISIS/ISIL supporter on 16 September 2019 around 17:30 hrs at an unknown location. The loc… + +(Originally on Twitter: [Sat Sep 21 05:25:09 +0000 2019](https://twitter.com/adulau/status/1175279779190386688)) +---- +RT @Gillis57: Looks like at a time that almost perfectly coincides with a friday afternoon DoD briefing regarding Iran and the US sending t… + +(Originally on Twitter: [Sat Sep 21 07:47:53 +0000 2019](https://twitter.com/adulau/status/1175315698328965120)) +---- +@formidableinc S'il y a eu distribution (ou "conveying" en v3), uniquement celui qui a reçu le code (avant la suppression) peut toujours le redistribuer sous la GPL v2/v3. Si tu as une personne qui a reçu une copie avant la suppression sous la license libre, c'est bon ;-) + +(Originally on Twitter: [Sat Sep 21 08:40:06 +0000 2019](https://twitter.com/adulau/status/1175328837422538752)) +---- +@cynicalsecurity @angealbertini When I read the reply, I immediately thought of Louis-Ferdinand Céline. So many people blame him and then I saw the original tweet. + +(Originally on Twitter: [Sat Sep 21 10:11:01 +0000 2019](https://twitter.com/adulau/status/1175351719296995330)) +---- +@eromang Le mémoire est disponible en ligne ? + +(Originally on Twitter: [Sat Sep 21 11:25:28 +0000 2019](https://twitter.com/adulau/status/1175370457085829120)) +---- +The future is not into monetizing security dataset but to make those available in the commons. If we don’t fight for this, we will end up in world where security will be only available for some. +https://mobile.twitter.com/urlscanio/status/1175487159618457601 + +(Originally on Twitter: [Sat Sep 21 19:36:41 +0000 2019](https://twitter.com/adulau/status/1175494073110683657)) +---- +RT @passthesaltcon: Fighting for security datasets in commons. No barrier to be secured. Never. #AllEquals https://twitter.com/adulau/status/1175494073110683657 + +(Originally on Twitter: [Sat Sep 21 19:57:21 +0000 2019](https://twitter.com/adulau/status/1175499274068643840)) +---- +RT @_saadk: You are right @adulau. I believe however this concerns a much wider set of fields. We have collectively let our dream of an ope… + +(Originally on Twitter: [Sat Sep 21 19:57:24 +0000 2019](https://twitter.com/adulau/status/1175499287146442752)) +---- +@bambenek Indeed good point. The « no warranty » clause in free/open source licenses is there for such reason. The issue is that open security data(set) are basically not under open source licenses as it’s not source code/software per se. We start to license our JSONs under an OSS license. + +(Originally on Twitter: [Sun Sep 22 06:27:30 +0000 2019](https://twitter.com/adulau/status/1175657856135311361)) +---- +@bambenek And then the discussion starts should we go for copyleft type license or a non-copyleft type license. One is very permissive in the scope from proprietary usage and so on. Great for adoption and large use of your dataset. The other is limited to a copyleft ecosystem. + +(Originally on Twitter: [Sun Sep 22 06:31:38 +0000 2019](https://twitter.com/adulau/status/1175658897853636608)) +---- +@martijn_grooten or the numbers of IP addresses assigned per LIR in that country. + +(Originally on Twitter: [Sun Sep 22 07:25:38 +0000 2019](https://twitter.com/adulau/status/1175672485087514624)) +---- +@eromang It's indeed one of the main friction point. The API cannot be used for any services which could get any financial gains. We are back to the old issue of proprietary software versus open source but in this case for API and datasets. + +(Originally on Twitter: [Sun Sep 22 08:28:02 +0000 2019](https://twitter.com/adulau/status/1175688192198107137)) +---- +@eromang @urlscanio @MISPProject It depends of the community. @MISPProject is just the open source software to support various communities (from very open to very closed ones). Those communities have different rules which is often not a question of monetization but more regarding classification and distribution. + +(Originally on Twitter: [Sun Sep 22 09:53:54 +0000 2019](https://twitter.com/adulau/status/1175709800476348416)) +---- +@eromang @urlscanio That’s another good point between two commercial entities. If the licensing is not clear, you have such inter-locking issues. My point is more that some security critical datasets would be more useful licensed under an open source-like license for the security at large. + +(Originally on Twitter: [Sun Sep 22 09:56:56 +0000 2019](https://twitter.com/adulau/status/1175710563017592832)) +---- +@eromang The dataset of Safe Browsing is also built from users and partners contributing urls via their APIs in the hope they will be block on all Google products. The fishermen example is a nice one indeed. + +(Originally on Twitter: [Sun Sep 22 09:58:54 +0000 2019](https://twitter.com/adulau/status/1175711059082133504)) +---- +@eromang @urlscanio Another good point indeed. Reciprocity is one of the most important aspect in copyleft licensing but we cannot expect that from Google who hates some copyleft license with passion such as the Affero general public license. + +(Originally on Twitter: [Sun Sep 22 12:21:36 +0000 2019](https://twitter.com/adulau/status/1175746968942972929)) +---- +@bambenek Maybe in such case, transfer to a foundation or non-profit could have mitigated the risks? + +(Originally on Twitter: [Sun Sep 22 14:23:37 +0000 2019](https://twitter.com/adulau/status/1175777677254561793)) +---- +@douglasmun @ninoseki @MISPProject Whoaaa this is great. Thanks to @ninoseki for the hard work deciphering our APIs (8 years of legacy entry points ;-) and the reports. + +(Originally on Twitter: [Sun Sep 22 15:48:19 +0000 2019](https://twitter.com/adulau/status/1175798991830884354)) +---- +@MasarahClouston Indeed, it’s a huge paradox. On my side, I take the train for the majority of my travel including my daily commutes. I’m gardening organic. I replanted an orchards and attracting as much wide life as I can in the garden. ![](media/1175801290259161088-EFFJCCjXkAEI0xB.jpg) + +(Originally on Twitter: [Sun Sep 22 15:57:27 +0000 2019](https://twitter.com/adulau/status/1175801290259161088)) +---- +RT @MISPProject: Thanks to @davidonzo for the new feed in MISP standard format of https://osint.digitalside.it/ It's great to see valuable feeds… + +(Originally on Twitter: [Sun Sep 22 16:39:17 +0000 2019](https://twitter.com/adulau/status/1175811816984854530)) +---- +RT @rafi0t: Folks, I wrote a thing explaining how we organise @hack_lu +and try to have more diverse attendees and speakers at the conferenc… + +(Originally on Twitter: [Sun Sep 22 23:40:32 +0000 2019](https://twitter.com/adulau/status/1175917827875844097)) +---- +RT @ANSSI_FR: #DFIRORC - a reliable and scalable asset for incident responders ! +🆕 https://www.ssi.gouv.fr/en/actualite/dfir-orc-an-open-source-forensics-tool-dedicated-to-artefact-collection/ + +Created by @ANSSI_FR to address… + +(Originally on Twitter: [Mon Sep 23 15:34:32 +0000 2019](https://twitter.com/adulau/status/1176157911959166977)) +---- +@fo0_ C’est un montage ? Ce n’est pas possible. + +(Originally on Twitter: [Mon Sep 23 15:41:03 +0000 2019](https://twitter.com/adulau/status/1176159551323873281)) +---- +RT @MarieGMoe: I gave my first keynote talk at @hack_lu in 2015, and this invitation to speak was also contributing to my decision to start… + +(Originally on Twitter: [Mon Sep 23 17:56:27 +0000 2019](https://twitter.com/adulau/status/1176193624285044736)) +---- +@yash_s @Malwar3Ninja @MISPProject Are you sure you use the correct credentials for the web interface? It’s written in the terminal. + +(Originally on Twitter: [Tue Sep 24 17:59:46 +0000 2019](https://twitter.com/adulau/status/1176556845554720768)) +---- +@yash_s @Malwar3Ninja @MISPProject Which ones did you use? + +(Originally on Twitter: [Tue Sep 24 18:01:50 +0000 2019](https://twitter.com/adulau/status/1176557367934279686)) +---- +@yash_s @Malwar3Ninja @MISPProject It works and tested on a recent VM generated. + +(Originally on Twitter: [Tue Sep 24 18:34:07 +0000 2019](https://twitter.com/adulau/status/1176565491021819904)) +---- +I'm really impressed by the work (released as open source) from @_jeanga_ (and his colleagues) to build a stable and low-impact #DFIR tool to gather forensic evidences on Microsoft Windows production system. https://github.com/DFIR-ORC/dfir-orc + +(Originally on Twitter: [Tue Sep 24 20:34:48 +0000 2019](https://twitter.com/adulau/status/1176595861624823809)) +---- +RT @_saadk: Japan: Joy, Revisited +A photographic journey in the land of the infinite shades of perfection #photography + +A series influence… + +(Originally on Twitter: [Wed Sep 25 07:17:57 +0000 2019](https://twitter.com/adulau/status/1176757716959813632)) +---- +RT @_saadk: Japan: Joy, Revisited +A photographic journey in the land of the infinite shades of perfection #photography + +A series influence… + +(Originally on Twitter: [Wed Sep 25 09:10:52 +0000 2019](https://twitter.com/adulau/status/1176786135537897472)) +---- +By the way, @Iglocska just added netfilter/iptables output in @MISPProject during a training to show how easy is to add an output format in the core. Time to contribute your custom output? #opensource + +https://github.com/MISP/MISP/commit/40cf160c53f18664c1e6cd2cf0c76624804f35a8 + +(Originally on Twitter: [Wed Sep 25 18:34:22 +0000 2019](https://twitter.com/adulau/status/1176927942573735939)) +---- +@vladimir_metnew They don’t. They will bill it two times. + +(Originally on Twitter: [Wed Sep 25 19:21:49 +0000 2019](https://twitter.com/adulau/status/1176939882045943813)) +---- +RT @d4_project: Building a distributed @maltrail security monitoring sensor network using D4 @d4_project +https://www.d4-project.org/2019/09/25/maltrail-integration.html a collabo… + +(Originally on Twitter: [Thu Sep 26 15:47:14 +0000 2019](https://twitter.com/adulau/status/1177248272215355393)) +---- +I’m (re)reading the book from @jpom about metadata. Reading about tags and especially free tagging, it might be interesting to extend the case with triple tags libraries as we do in MISP taxonomies https://github.com/MISP/misp-taxonomies . I just hope taxonomies are not used to kill people... ![](media/1177499777438638080-EFdRxC_U8AImPGu.jpg) + +(Originally on Twitter: [Fri Sep 27 08:26:38 +0000 2019](https://twitter.com/adulau/status/1177499777438638080)) +---- +@cbrocas @KernelRecipes @gregkh If you can do a summary, that would be cool ;-) + +(Originally on Twitter: [Fri Sep 27 09:15:57 +0000 2019](https://twitter.com/adulau/status/1177512186366660610)) +---- +@KernelRecipes @cbrocas @gregkh @Aissn Thank you. Some interesting ideas which can be done in http://www.cve-search.org to map CVE and patches together using VIA4CVE as a community work without the need to get approval from MITRE or the CNA. + +(Originally on Twitter: [Fri Sep 27 09:23:47 +0000 2019](https://twitter.com/adulau/status/1177514157802786816)) +---- +@angealbertini IMHO there is indeed a kind of real life underflow. And sometime reaching it as soon as possible is a good option for our own sanity. + +(Originally on Twitter: [Fri Sep 27 10:08:16 +0000 2019](https://twitter.com/adulau/status/1177525354493358080)) +---- +RT @1sand0s: Finally. This was a very difficult and long coordinated disclosure process with awesome research from @bvgastel https://t.co/B… + +(Originally on Twitter: [Fri Sep 27 10:22:30 +0000 2019](https://twitter.com/adulau/status/1177528935493570561)) +---- +RT @SkelSec: !pypykatz in your browser! +The code is now public on github. + +https://github.com/skelsec/pypykatz_wasm https://twitter.com/SkelSec/status/1177885671542927361 + +(Originally on Twitter: [Sun Sep 29 06:35:21 +0000 2019](https://twitter.com/adulau/status/1178196548997599232)) +---- +Currently reviewing this pull-request to add as a taxonomy the cybersecurity kill chain model from @RudyGiuliani described in his memorable talk in Ukraine. Feel free to review & comment. https://github.com/MISP/misp-taxonomies/pull/165 🕵🏽‍♀️🕵🏻‍♂️ + +(Originally on Twitter: [Sun Sep 29 07:45:46 +0000 2019](https://twitter.com/adulau/status/1178214268405260288)) +---- +@benmathieu @Agoriafr L’histoire de l'éducation numérique en Belgique est jonchée d’une politique pro-économique à court terme (cf les accords avec Microsoft), d’un manque de vision sur l'indépendance numérique (cf le manque de cursus sur le logiciel libre) et l’ignorance contre l’auto-apprentissage. + +(Originally on Twitter: [Sun Sep 29 09:34:34 +0000 2019](https://twitter.com/adulau/status/1178241649207631872)) +---- +RT @PrivacyMatters: May 2019. An ITU 'Technical report on SS7 vulnerabilities and mitigation measures for digital financial services transa… + +(Originally on Twitter: [Sun Sep 29 11:09:10 +0000 2019](https://twitter.com/adulau/status/1178265456542654465)) +---- +@MaliciaRogue tlp:red en version papier ? Cela me semble peu probable puisque c'est une classification pour les échanges de personne à personne et principalement de façon verbale. Mais je ne serais pas surpris de voir une mauvaise utilisation d'une "classification"... + +(Originally on Twitter: [Mon Sep 30 17:22:59 +0000 2019](https://twitter.com/adulau/status/1178721917035044864)) +---- +RT @NSAGov: #Ghidra Users: A flaw currently exists within Ghidra versions through 9.0.4. The conditions needed to exploit this flaw are rar… + +(Originally on Twitter: [Tue Oct 01 05:44:29 +0000 2019](https://twitter.com/adulau/status/1178908522483978241)) +---- +RT @0xrawsec: I am going to present WHIDS (an open-source EDR like tool for Windows) for the first time to the public at @MISPProject Summi… + +(Originally on Twitter: [Tue Oct 01 08:44:11 +0000 2019](https://twitter.com/adulau/status/1178953745654325248)) +---- +@cocaman @MISPProject Sure, good point. I just did the update. https://github.com/MISP/MISP/commit/11e48846280a20d2c1442ace6d62e40171f5d77f + +(Originally on Twitter: [Tue Oct 01 17:57:28 +0000 2019](https://twitter.com/adulau/status/1179092985591603201)) +---- +@russellmcormond UUCP over SSH works pretty well to poll your mails at regular interval for email site which are not regularly connected. I still use it and it's very stable (avoiding any bounce mail due to delay or unreachable MTA). + +(Originally on Twitter: [Tue Oct 01 18:21:29 +0000 2019](https://twitter.com/adulau/status/1179099027901734913)) +---- +@cocaman @MISPProject Thank you for the idea too. By the way, I also did an update of the coin-address object if you want to use the object at some point https://www.misp-project.org/objects.html#_coin_address + +(Originally on Twitter: [Tue Oct 01 18:37:15 +0000 2019](https://twitter.com/adulau/status/1179102995386179585)) +---- +@cocaman @MISPProject Sure it’s just depending of the use-case. By the way, we improved the detection of crypto currencies addresses in AIL https://github.com/CIRCL/AIL-framework/commit/9c51c582f9a0568041760af02c58414e3d0723c4 if you see something missing, let us know. + +(Originally on Twitter: [Tue Oct 01 18:53:34 +0000 2019](https://twitter.com/adulau/status/1179107101018411008)) +---- +@halvarflake Wietse Venema is still right. + +(Originally on Twitter: [Tue Oct 01 19:49:02 +0000 2019](https://twitter.com/adulau/status/1179121062379962368)) +---- +If you want persistence for your malware on a recent Ubuntu system, install a « snap » package. No one is checking this, now it’s default on all Ubuntu distribution and just use « classic » mode to get access to everything. #malwarediy + + +media/1179345422139219970-EF3gZ8JWoAAX34e.mp4 + +(Originally on Twitter: [Wed Oct 02 10:40:34 +0000 2019](https://twitter.com/adulau/status/1179345422139219970)) +---- +RT @d4_project: We have a new functionality in beta test to generate @d4_project sensor configuration and get the corresponding binary auto… + +(Originally on Twitter: [Wed Oct 02 14:53:06 +0000 2019](https://twitter.com/adulau/status/1179408976276054016)) +---- +RT @_saadk: ˋWe want to have the knowledge, as if it were a static object, but we don’t want to do the work of claiming it — and so we reac… + +(Originally on Twitter: [Thu Oct 03 04:44:02 +0000 2019](https://twitter.com/adulau/status/1179618085260709889)) +---- +@craiu Thank you for sharing (and @r00tbsd for the original one) . I added the event in the default OSINT feed of @circl_lu @MISPProject https://www.circl.lu/doc/misp/feed-osint/5d95e39a-712c-41b6-b17b-459d950d210f.json By the way, the TLS flows using the faked CA are not very visible at large scale. Could you share the full X.509 certificate? ![](media/1179752720414183429-EF9S1_5W4AAAGok.jpg) + +(Originally on Twitter: [Thu Oct 03 13:39:01 +0000 2019](https://twitter.com/adulau/status/1179752720414183429)) +---- +RT @craiu: Back in 2016, Gdata published about a mysterious APT and their malware named COMPfun. For years, we couldn’t find anything conne… + +(Originally on Twitter: [Thu Oct 03 13:39:11 +0000 2019](https://twitter.com/adulau/status/1179752759459041280)) +---- +@NicoSchottelius @Enno_Insinuator Check @SES_Satellites they have satellite in those footprints and have providers selling VSATs services. + +(Originally on Twitter: [Thu Oct 03 15:30:41 +0000 2019](https://twitter.com/adulau/status/1179780819059187712)) +---- +Don’t forget when you get and analyse a small piece or a standalone module of a bigger malware piece, you just see a very narrow view of the whole compromission. Many « state sponsored » adversaries target from different angles their objectives and have often escape routes. + +(Originally on Twitter: [Thu Oct 03 19:45:54 +0000 2019](https://twitter.com/adulau/status/1179845047531032576)) +---- +@TheosrsOrg Interesting, if you have any reference or document mentioning it, this could be useful for MISP galaxies or taxonomies ;-) + +(Originally on Twitter: [Fri Oct 04 04:42:04 +0000 2019](https://twitter.com/adulau/status/1179979977468583936)) +---- +@TheosrsOrg Thanks! We'll dig into it and see if we could do improvement and import those as default in the libraries. + +(Originally on Twitter: [Fri Oct 04 04:43:58 +0000 2019](https://twitter.com/adulau/status/1179980455698980865)) +---- +RT @MISPProject: Agenda and talks are now published for the MISP summit 0x5 which will take place Monday, Oct. 21, 2019 in Luxembourg +https… + +(Originally on Twitter: [Fri Oct 04 14:40:06 +0000 2019](https://twitter.com/adulau/status/1180130479686782977)) +---- +RT @wimremes: Managed SIEM is the infosec equivalent of thoughts and prayers. + +(Originally on Twitter: [Fri Oct 04 18:37:46 +0000 2019](https://twitter.com/adulau/status/1180190290059104256)) +---- +RT @wimremes: It's always super cool (and a bit humbling) to see a tool you started developing mentioned (17:48) in a talk from leading eng… + +(Originally on Twitter: [Sat Oct 05 10:51:12 +0000 2019](https://twitter.com/adulau/status/1180435262477934593)) +---- +@wimremes It’s indeed awesome to see open source that we maintain being useful. I’m not considering this to be a solved engineering issue as said in the talk ;-) By the way, there some new cool stuff to come with the next release of cve-search. + +(Originally on Twitter: [Sat Oct 05 10:54:48 +0000 2019](https://twitter.com/adulau/status/1180436169147985920)) +---- +RT @SBousseaden: good to know #dfir traces of previously opened .chm files cached in "hh.dat" (full execution path) below some cahed malici… + +(Originally on Twitter: [Sat Oct 05 11:58:13 +0000 2019](https://twitter.com/adulau/status/1180452126578925569)) +---- +@Aristot73 @SteveBellovin @thegrugq How often is MIKEY-SAKKE used within EU for establishing calls? Is there any metrics (@p1security?). +The discussion (in 2010) about the use of MIKEY-SAKKE at 3GPP for LI: +https://www.benthamsgaze.org/wp-content/uploads/2016/01/SA3LI10_099.pdf and the analysis from Steven J. Murdoch: https://www.benthamsgaze.org/2016/01/19/insecure-by-design-protocols-for-encrypted-phone-calls/ + +(Originally on Twitter: [Sun Oct 06 09:10:18 +0000 2019](https://twitter.com/adulau/status/1180772255791505410)) +---- +RT @cve_search: cve-search v2.4 released including many bugs fixed and web interface improvements. Thanks to the contributors and a special… + +(Originally on Twitter: [Sun Oct 06 11:11:45 +0000 2019](https://twitter.com/adulau/status/1180802820364214272)) +---- +RT @damienmiller: Holy shit - pay attention to your fuzzers people https://twitter.com/dvyukov/status/1180194607235305474 + +(Originally on Twitter: [Sun Oct 06 18:57:32 +0000 2019](https://twitter.com/adulau/status/1180920038301356032)) +---- +I found my new year resolution, I should stop running a DHCP server on my laptop. Every time I connect to some random networks, people are running around like headless chicken. I always thought DHCP/BOOTP datagrams were properly filtered by all the switches 😉 + +(Originally on Twitter: [Sun Oct 06 19:13:49 +0000 2019](https://twitter.com/adulau/status/1180924138136965120)) +---- +RT @matalaz: I'm going to change the license of all my (supported and unsupported) Free and Open Source Softwares from GPL v2 and v3 to Aff… + +(Originally on Twitter: [Mon Oct 07 14:00:50 +0000 2019](https://twitter.com/adulau/status/1181207759368392705)) +---- +@matalaz 👍🏻 + +(Originally on Twitter: [Mon Oct 07 14:01:23 +0000 2019](https://twitter.com/adulau/status/1181207897927245826)) +---- +the Scribe mentioned in this recent Facebook blog post +https://engineering.fb.com/data-infrastructure/scribe/ is it the previous open source project they archived some years ago? https://github.com/facebookarchive/scribe If yes, maintaining open source is difficult even for Facebook. + +(Originally on Twitter: [Mon Oct 07 18:47:03 +0000 2019](https://twitter.com/adulau/status/1181279787937128449)) +---- +RT @MISPProject: Thanks to @VVX7_IO for the new matrix-like galaxy to describe misinformation. It helps to share details about hoaxes, disi… + +(Originally on Twitter: [Tue Oct 08 19:34:39 +0000 2019](https://twitter.com/adulau/status/1181654157041786880)) +---- +Did someone analyse the security of the restricted-permission message protocol (rpmsg) from @Microsoft? https://en.wikipedia.org/wiki/Rpmsg + +(Originally on Twitter: [Wed Oct 09 14:24:44 +0000 2019](https://twitter.com/adulau/status/1181938552562737152)) +---- +@verac_m @CristinGoodwin Not the first time I heard it. It’s often coming from people who were never involved in active sharing during incident response. Information sharing starts within a team. If they don’t do it already at this level, there is a fundamental issue then... + +(Originally on Twitter: [Thu Oct 10 15:35:08 +0000 2019](https://twitter.com/adulau/status/1182318655289380865)) +---- +@verac_m @CristinGoodwin another issue is the old broken mantra « sharing only a finalized static report when everything is over » then it’s often too late and indeed just for keeping a good image in front of a community. + +(Originally on Twitter: [Thu Oct 10 15:38:34 +0000 2019](https://twitter.com/adulau/status/1182319520943345664)) +---- +During @hack_lu there is a collaborative open source community meeting/workshop (OSCD) https://oscd.community/ where the aim is to improve the coverage of the open source Sigma rulesets for @MITREattack + +(Originally on Twitter: [Thu Oct 10 15:45:02 +0000 2019](https://twitter.com/adulau/status/1182321145485365249)) +---- +RT @daevlin: Linux oneliner of the day to unpack the Emotet packer: +wrestool emotet_packed --type=rcdata -x --raw | http://xor-kpa.py… + +(Originally on Twitter: [Thu Oct 10 16:07:12 +0000 2019](https://twitter.com/adulau/status/1182326726547914752)) +---- +RT @pinkflawd: Now that the preso is finally gettn into shape I have the courage to say it out loud - yeehaahh I'll be back at @hack_lu thi… + +(Originally on Twitter: [Thu Oct 10 20:14:01 +0000 2019](https://twitter.com/adulau/status/1182388839324831744)) +---- +Seeing the current "hash tree/Merkle tree" debacle, it starts to make sense to work on a real open source project to use hash tree data structure for information sharing. We were kidding about it with @joepgommers +@treyka @Iglocska some years ago. Maybe time is changing. + +(Originally on Twitter: [Thu Oct 10 20:35:26 +0000 2019](https://twitter.com/adulau/status/1182394226723753990)) +---- +@treyka @joepgommers @Iglocska Indeed, we need a German to complete the project. We should ask our colleague @rommelfs to provide a direct line to Angela. + +(Originally on Twitter: [Thu Oct 10 20:39:52 +0000 2019](https://twitter.com/adulau/status/1182395342551212037)) +---- +@cnoanalysis The most scary part is the (ISC)² logo on the poster... + +(Originally on Twitter: [Thu Oct 10 20:42:34 +0000 2019](https://twitter.com/adulau/status/1182396023483830273)) +---- +RT @_saadk: @hack_lu keeps encouraging community-driven initiatives where we can experiment, learn from each other & try to improve cyberse… + +(Originally on Twitter: [Fri Oct 11 07:52:50 +0000 2019](https://twitter.com/adulau/status/1182564700070002688)) +---- +RT @CosicBe: New Postdoc Position: Cryptography secured against physical attacks +https://www.esat.kuleuven.be/cosic/vacancies/ + +(Originally on Twitter: [Fri Oct 11 15:28:46 +0000 2019](https://twitter.com/adulau/status/1182679439211204608)) +---- +RT @jvehent: The over-complexification of provisioning and deployment pipelines is a dangerous trend. I don't trust the layers upon layers… + +(Originally on Twitter: [Sat Oct 12 07:42:03 +0000 2019](https://twitter.com/adulau/status/1182924376645259264)) +---- +@CarmenCrincoli SCSI cables with or without terminators... + +(Originally on Twitter: [Sat Oct 12 07:50:03 +0000 2019](https://twitter.com/adulau/status/1182926387658809344)) +---- +@_reflets_ Il suffit de voir de voir les « quelques services externes » et la tonne de cookies https://lookyloo.circl.lu/tree/b3bc024c-d6cf-4a03-8304-1846e05cb3cd + +(Originally on Twitter: [Sat Oct 12 07:56:34 +0000 2019](https://twitter.com/adulau/status/1182928030257352709)) +---- +RT @MISPProject: MISP 2.4.117 has been released with many new features (new publish filters, throttling feature in restSearch) and performa… + +(Originally on Twitter: [Sat Oct 12 15:51:44 +0000 2019](https://twitter.com/adulau/status/1183047607477833728)) +---- +If I tell you Python 2 and 3, cancer-research results and security vulnerability, it's CVE-2019-17514 . Everything is connected. https://cve.circl.lu/cve/CVE-2019-17514 ![](media/1183049008538931200-EGsIzG7X0AICPbj.jpg) + +(Originally on Twitter: [Sat Oct 12 15:57:18 +0000 2019](https://twitter.com/adulau/status/1183049008538931200)) +---- +RT @cglyer: **new reveal** Recently found new APT41 malware family on a Linux system at a telecom we’ve named MESSAGETAP. + +This enabled AP… + +(Originally on Twitter: [Sun Oct 13 07:33:15 +0000 2019](https://twitter.com/adulau/status/1183284548248977408)) +---- +RT @benhacks: @cyb3rops @ItsReallyNick @FireEye @Mandiant @SElovitz @tiskimber @ReginaElwell @MITREattack @thinkPoison @srunnels @t00manyba… + +(Originally on Twitter: [Sun Oct 13 08:33:33 +0000 2019](https://twitter.com/adulau/status/1183299725518352386)) +---- +@FabianRODES @ValeryMarchive J’ai une préférence pour un bastion OpenSSH avec authentification par clé uniquement et/ou TOTP hardware pour le bastion et un logging agressif. Ensuite le bastion est autorisé en filtrage IP sur les machines non visible en SSH. Le bastion ne voit que du SSH dans du SSH. + +(Originally on Twitter: [Sun Oct 13 10:26:59 +0000 2019](https://twitter.com/adulau/status/1183328269329977345)) +---- +@fasthm00 Thanks for the mention. Knowing the current size of our passive dns dataset, I’m pretty sure the results could be improved significantly. Maybe we should rerun it against our current datasets and share the results. + +(Originally on Twitter: [Mon Oct 14 15:23:51 +0000 2019](https://twitter.com/adulau/status/1183765368768253952)) +---- +RT @angealbertini: Who's coming to @hack_lu? +I'll give a high level talk on hash collisions & exploitations, +then a hands-on workshop on th… + +(Originally on Twitter: [Mon Oct 14 17:53:21 +0000 2019](https://twitter.com/adulau/status/1183802988973957120)) +---- +I don’t always agree with Matthew but this time, I do. + +https://mobile.twitter.com/matthew_d_green/status/1184316338375987200 + +(Originally on Twitter: [Wed Oct 16 04:25:33 +0000 2019](https://twitter.com/adulau/status/1184324475531284482)) +---- +Don't forget submit to your CTI paper/presentation to the "Call for submissions for the 2020 FIRST Symposium @FIRSTdotOrg on Cyber Threat Intelligence (CTI)." https://www.first.org/events/symposium/zurich2020/cfp + +(Originally on Twitter: [Wed Oct 16 08:45:24 +0000 2019](https://twitter.com/adulau/status/1184389869428269056)) +---- +RT @MISPProject: "Turning data into actionable intelligence" presented by @Iglocska from @circl_lu at @FIRSTdotOrg Oslo 2019 Technical Coll… + +(Originally on Twitter: [Wed Oct 16 11:46:39 +0000 2019](https://twitter.com/adulau/status/1184435481783816194)) +---- +RT @_pst: ⁦⁦great conclusion by ⁦@_saadk⁩ ag #bcsc19 -> the things to do for real #cybersecurity ![](media/1184461833664643072-EHANowrX4AAy3lo.jpg) + +(Originally on Twitter: [Wed Oct 16 13:31:22 +0000 2019](https://twitter.com/adulau/status/1184461833664643072)) +---- +RT @_saadk: Only a few days to go for @hack_lu, one of my top 3 cybersecurity conferences 👌🏻 + +The organisers have done a fantastic job over… + +(Originally on Twitter: [Wed Oct 16 17:19:22 +0000 2019](https://twitter.com/adulau/status/1184519213169414145)) +---- +Copyright assignment in open source is often praised by lawyers but seeing how a single copyright owner (organisation) can diverge from its original goal. Maybe nowadays the risks outperform the potential benefits. I let you guess which organisation can be a good example. + +(Originally on Twitter: [Thu Oct 17 05:43:02 +0000 2019](https://twitter.com/adulau/status/1184706362850324480)) +---- +@inliniac It’s a good point but such abusive “contributor” can easily do the same with copyright assignment as in Europe transfert of rights is only the patrimonial side and not the associated moral rights. + +(Originally on Twitter: [Thu Oct 17 05:57:27 +0000 2019](https://twitter.com/adulau/status/1184709992265535488)) +---- +@verac_m Are the data accurate regarding Oracle? Is this an effect of the lawsuit against Google regarding Java? This is quite scary knowing the patent portfolio, they have. + +(Originally on Twitter: [Thu Oct 17 06:02:06 +0000 2019](https://twitter.com/adulau/status/1184711163193577472)) +---- +@verac_m @webmink Indeed, this example shows the classical issue of the organisation receiving the copyright assignments and potentially going rogue. + +(Originally on Twitter: [Thu Oct 17 06:28:38 +0000 2019](https://twitter.com/adulau/status/1184717839363690496)) +---- +RT @cyb3rops: I am experimenting with YARA rules on suspicious Windows Error Reports (WER) + +e.g. Crash due to a heap corruption + +Do you k… + +(Originally on Twitter: [Sat Oct 19 07:36:02 +0000 2019](https://twitter.com/adulau/status/1185459575484567552)) +---- +A good summary of the open challenges and limitations about threat intelligence sharing (the paper has "a solution" but it's not solving all those challenges). Ok we solved the point 20, still some work to be done on the 19 points remaining. #ThreatIntel ![](media/1185470956095131648-EHOjjBwWsAICV4E.jpg) + +(Originally on Twitter: [Sat Oct 19 08:21:15 +0000 2019](https://twitter.com/adulau/status/1185470956095131648)) +---- +@xme @rafi0t Those ICMP echo-request messages can be silly and the echo-reply can be even more silly especially it's a screenshot ;-) ![](media/1185476368047443968-EHOoeEKXkAADcFx.jpg) + +(Originally on Twitter: [Sat Oct 19 08:42:45 +0000 2019](https://twitter.com/adulau/status/1185476368047443968)) +---- +RT @pinkflawd: A heartfelt thank you and lotsa ❤ to the crew of @hack_lu and @LuxSecurityWeek for helping #BlackHoodie getting set up in Lu… + +(Originally on Twitter: [Sat Oct 19 08:43:28 +0000 2019](https://twitter.com/adulau/status/1185476547152617472)) +---- +@goenie @MISPProject https://link.springer.com/article/10.1007/s11235-019-00613-4 + +(Originally on Twitter: [Sat Oct 19 10:52:49 +0000 2019](https://twitter.com/adulau/status/1185509096935641088)) +---- +RT @malwaremustd1e: Post exploitation, from scripts to the frameworks & infrastructure, is relying on code injection, escalation & trace co… + +(Originally on Twitter: [Sun Oct 20 14:43:16 +0000 2019](https://twitter.com/adulau/status/1185929480788992003)) +---- +RT @Aristot73: Cayford, Michelle ; @WolterPieters / The effectiveness of surveillance technology : What intelligence officials are saying.… + +(Originally on Twitter: [Sun Oct 20 18:57:21 +0000 2019](https://twitter.com/adulau/status/1185993425365151744)) +---- +RT @Aristot73: if in the future there's an award for impact, dedication to open source, community building and advancing technical know how… + +(Originally on Twitter: [Mon Oct 21 06:37:40 +0000 2019](https://twitter.com/adulau/status/1186169662842789889)) +---- +RT @Ministraitor: Rise and shine, it's @MISPProject time! +We're starting earlier than previous years and will have a great many shorter tal… + +(Originally on Twitter: [Mon Oct 21 06:37:43 +0000 2019](https://twitter.com/adulau/status/1186169677938069504)) +---- +Thanks to @tricaud for releasing a first version of his open source SightingDB project. +This is a great step to improved sightings within MISP and especially when you have a large-scale dataset. +https://twitter.com/tricaud/status/1186241511698108416 + +(Originally on Twitter: [Mon Oct 21 11:33:56 +0000 2019](https://twitter.com/adulau/status/1186244220065107968)) +---- +RT @tricaud: Oh, and last week I released pcraft: https://github.com/devoinc/pcraft you create a scenario in YAML and it builds a PCAP. + +(Originally on Twitter: [Mon Oct 21 13:56:07 +0000 2019](https://twitter.com/adulau/status/1186280005380333575)) +---- +RT @circl_lu: "Friday 25 October 2019 - EU @MITREattack Community fourth workshop in Luxembourg" just after @hack_lu at the same location.… + +(Originally on Twitter: [Tue Oct 22 05:29:57 +0000 2019](https://twitter.com/adulau/status/1186515008391397377)) +---- +RT @therealsaumil: An amazing line up for the 15th Anniversary @hack_lu https://2019.hack.lu/agenda/. #MuchAwesomeness! Greets to @angealbertini… + +(Originally on Twitter: [Tue Oct 22 06:01:31 +0000 2019](https://twitter.com/adulau/status/1186522955645370369)) +---- +RT @Pat_Ventuzelo: Really happy to say that my workshop at @hack_lu about "Reversing #webassembly module 101" was completely full ;) 🎉 + +Hug… + +(Originally on Twitter: [Tue Oct 22 12:51:28 +0000 2019](https://twitter.com/adulau/status/1186626119962898433)) +---- +RT @Ministraitor: Memory Forensics Analysis Of Cisco IOS XR 32 Bits Routers With 'Amnesic-Sherpa' - Solal Jacob @ArxSys #hacklu @hack_lu ht… + +(Originally on Twitter: [Tue Oct 22 21:21:16 +0000 2019](https://twitter.com/adulau/status/1186754415941898240)) +---- +RT @0xrawsec: This obviously means that I release WHIDS v1.6.2 which now integrates with @MISPProject. You can now create detection rules t… + +(Originally on Twitter: [Tue Oct 22 23:19:05 +0000 2019](https://twitter.com/adulau/status/1186784067561361408)) +---- +RT @0xrawsec: If I were you I would go to Repacking the unpacker: Applying Time Travel Debugging to malware analysis @hack_lu workshop by @… + +(Originally on Twitter: [Wed Oct 23 07:41:55 +0000 2019](https://twitter.com/adulau/status/1186910610455519232)) +---- +RT @Iglocska: Excellent talk by @_saadk about the saad state of cyber security. AI is not the yin to the yang of the dangers we're facing.… + +(Originally on Twitter: [Wed Oct 23 09:03:19 +0000 2019](https://twitter.com/adulau/status/1186931093351686145)) +---- +We love to experiment new concept during @hack_lu we have 5 talks talking (and enjoying) failures. Those will be given tonight after lightning talks session. Thanks to @_saadk for the original idea. Thanks to @virtualabs @inbarraz @cvandeplas @rafi0t for the dive in cold waters. ![](media/1186933065676972033-EHjVUm_XYAEsKGy.jpg) + +(Originally on Twitter: [Wed Oct 23 09:11:09 +0000 2019](https://twitter.com/adulau/status/1186933065676972033)) +---- +@GregNou @xme @hack_lu @_saadk @virtualabs @inbarraz @cvandeplas @rafi0t Maybe, it’s up to the speaker to decide. @Ministraitor + +(Originally on Twitter: [Wed Oct 23 13:21:41 +0000 2019](https://twitter.com/adulau/status/1186996113200631808)) +---- +@Ministraitor @GregNou @xme @hack_lu @_saadk @virtualabs @inbarraz @cvandeplas @rafi0t No worries. The initial goal was to have some freedom without recording. So for the first try, without recording sounds good. + +(Originally on Twitter: [Wed Oct 23 13:31:39 +0000 2019](https://twitter.com/adulau/status/1186998622426148864)) +---- +@xme @Ministraitor @GregNou @hack_lu @_saadk @virtualabs @inbarraz @cvandeplas @rafi0t Also a good reason to come at http://hack.lu and join the fun. + +(Originally on Twitter: [Wed Oct 23 13:35:39 +0000 2019](https://twitter.com/adulau/status/1186999628778168321)) +---- +RT @Ministraitor: What The Log?! So Many Events, So Little Time... - Miriam Wiesner @MiriamXyra #hacklu @hack_lu https://youtu.be/nkMDsw4MA48 + +(Originally on Twitter: [Wed Oct 23 13:54:53 +0000 2019](https://twitter.com/adulau/status/1187004467675357185)) +---- +RT @Ministraitor: Hacktivism As A Defense Technique In A Cyberwar. #FRD Lessons For Ukraine - Kostiantyn Korsun @berezhasecurity #hacklu @h… + +(Originally on Twitter: [Wed Oct 23 15:21:06 +0000 2019](https://twitter.com/adulau/status/1187026167460777989)) +---- +RT @hack_lu: "Fileless Malware and Process Injection in Linux" - "Linux post-exploitation from a blue-teamer’s point of view" by Hendrick,… + +(Originally on Twitter: [Wed Oct 23 15:21:39 +0000 2019](https://twitter.com/adulau/status/1187026303322611714)) +---- +@PatriceAuffret had issues with his laptop while doing a LT at @hack_lu . I didn’t know that Perl was used as an operating system. + +(Originally on Twitter: [Wed Oct 23 16:50:57 +0000 2019](https://twitter.com/adulau/status/1187048777917587456)) +---- +@_saadk @xme @PatriceAuffret @hack_lu We have a CoD https://hack.lu/CoD/ we are more into fish nowadays. + +(Originally on Twitter: [Wed Oct 23 17:00:12 +0000 2019](https://twitter.com/adulau/status/1187051103277535235)) +---- +RT @verac_m: HackLu @hack_lu CfF was definitely a success. A lot of great experiences shared and a lot of fun 🤣 Thanks @adulau and to all t… + +(Originally on Twitter: [Wed Oct 23 19:33:19 +0000 2019](https://twitter.com/adulau/status/1187089640391614465)) +---- +RT @inea_eu: PISAX project will allow @LU_CIX and POST #Luxembourg to have an automated & secure threat intelligence sharing system on plat… + +(Originally on Twitter: [Thu Oct 24 07:54:38 +0000 2019](https://twitter.com/adulau/status/1187276197656436737)) +---- +RT @tricaud: Indeed I can see that. @hack_lu is a great example! (Except there it has always been like that!) https://twitter.com/chandlerc1024/status/1186402087543787522 + +(Originally on Twitter: [Thu Oct 24 11:55:56 +0000 2019](https://twitter.com/adulau/status/1187336923125370880)) +---- +RT @cve_search: cve-search v2.5 released including bugs fixed and improvements in the CPE/CWE JSON import. Thanks to all the contributors!… + +(Originally on Twitter: [Thu Oct 24 13:52:34 +0000 2019](https://twitter.com/adulau/status/1187366275313520642)) +---- +RT @inbarraz: Another successful @hack_lu is over. Many thanks to @adulau @rafi0t and the rest of the team, for organizing such a great eve… + +(Originally on Twitter: [Thu Oct 24 15:17:51 +0000 2019](https://twitter.com/adulau/status/1187387735037878273)) +---- +RT @circl_lu: The @MITREattack EU community is just starting. The agenda is available https://www.attack-community.org/event/ and talks will be video recor… + +(Originally on Twitter: [Fri Oct 25 07:15:19 +0000 2019](https://twitter.com/adulau/status/1187628688826945536)) +---- +RT @ruehsen: Draft for lzip compression (application/lzip) + +Lzip is a lossless compressed data format similar to gzip [RFC1952]. Lzip is de… + +(Originally on Twitter: [Fri Oct 25 07:59:48 +0000 2019](https://twitter.com/adulau/status/1187639885781450753)) +---- +RT @MISPProject: Curious about our new features regarding @MITREattack support in MISP and our standardisation effort for matrix-like gala… + +(Originally on Twitter: [Fri Oct 25 08:25:37 +0000 2019](https://twitter.com/adulau/status/1187646380652814336)) +---- +RT @malwaremustd1e: Thank you @hack_lu to invite me to be keynote speaker in #hacklu2019 , I appreciate kindness of #hacklu community & fri… + +(Originally on Twitter: [Fri Oct 25 12:00:50 +0000 2019](https://twitter.com/adulau/status/1187700541339639810)) +---- +@malwaremustd1e @ClausHoumann @hack_lu It was a pleasure to have you with us. Thanks a lot for sharing and helping the community to improve. + +(Originally on Twitter: [Fri Oct 25 12:03:00 +0000 2019](https://twitter.com/adulau/status/1187701089916862466)) +---- +Sharepoint is really the best tool for the serial killers who want to hide their corpses. No one will be able to find these back. + +(Originally on Twitter: [Fri Oct 25 12:35:54 +0000 2019](https://twitter.com/adulau/status/1187709366490861568)) +---- +@Iglocska Yep it's not the best approach for a serial killer, you'll find directly the corpse. + +(Originally on Twitter: [Fri Oct 25 12:41:39 +0000 2019](https://twitter.com/adulau/status/1187710816554029057)) +---- +@rafi0t @Iglocska If he uses Lotus Notes or Sharepoint it's indeed a high probability. + +(Originally on Twitter: [Fri Oct 25 12:56:19 +0000 2019](https://twitter.com/adulau/status/1187714505536655360)) +---- +@blubbfiction @hack_lu Mine is to find vulnerabilities from commit messages and generating unique CVE-like id for @cve_search from git commit log message to ease vulnerability tracking. + +(Originally on Twitter: [Fri Oct 25 13:26:05 +0000 2019](https://twitter.com/adulau/status/1187721998673367040)) +---- +@_saadk I read the "Sharepoint for dummies using decent and simple tool such as git and Markdown" and the book has one single chapter called "Stay away from Sharepoint". + +(Originally on Twitter: [Fri Oct 25 13:34:50 +0000 2019](https://twitter.com/adulau/status/1187724197377777665)) +---- +@___wr___ @rafi0t @Iglocska Great! So we discover the movie to watch for @hack_lu 2020 ;-) + +(Originally on Twitter: [Fri Oct 25 14:02:33 +0000 2019](https://twitter.com/adulau/status/1187731175105802243)) +---- +@ValeryMarchive @_saadk At least, each time I'm trying to use it. I'm losing my productivity by a factor of 10. + +(Originally on Twitter: [Fri Oct 25 14:03:52 +0000 2019](https://twitter.com/adulau/status/1187731504778170368)) +---- +RT @___wr___: @adulau @rafi0t @Iglocska @hack_lu Next year at @hack_lu "C'est arrivé près de chez vous" karaoke edition + +(Originally on Twitter: [Fri Oct 25 14:11:52 +0000 2019](https://twitter.com/adulau/status/1187733518446710785)) +---- +@___wr___ @rafi0t @Iglocska @hack_lu Yeah! It’s a great idea and we can do sessions with one or more participants. + +(Originally on Twitter: [Fri Oct 25 14:12:55 +0000 2019](https://twitter.com/adulau/status/1187733780842369025)) +---- +RT @_saadk: Thank you @hack_lu for a wonderful ->inclusive<- conference. The program was stellar 👌🏻 + +Thx also to @adulau & the team for giv… + +(Originally on Twitter: [Fri Oct 25 16:49:18 +0000 2019](https://twitter.com/adulau/status/1187773137959694336)) +---- +After an exhausting but awesome week, reading is a way to recenter yourself in an artistic mood. “The Crooked Path” Jeff Wall. Thanks to @_saadk for this incredible gift. ![](media/1187824046597124096-EHv_qfCW4AY_GYd.jpg) + +(Originally on Twitter: [Fri Oct 25 20:11:36 +0000 2019](https://twitter.com/adulau/status/1187824046597124096)) +---- +@Ministraitor @PyConDE @HITBPlus @Blackhoodie_RE @MISPProject @hack_lu @BSidesLux @MITREattack Thanks for your dedication. We are super impressed by your actions to document the infosec communities. You are giving a voice to many people. Thank you! + +(Originally on Twitter: [Fri Oct 25 20:14:05 +0000 2019](https://twitter.com/adulau/status/1187824675386265600)) +---- +@craiu @_saadk @hack_lu On my side, it is. One of my favourite lens. + +(Originally on Twitter: [Sat Oct 26 06:58:46 +0000 2019](https://twitter.com/adulau/status/1187986912172281857)) +---- +RT @malwrhunterteam: https://twitter.com/malwrhunterteam/status/1187991455366893570 +So, this guy created a malware that: +- is working inside Discord +- steals users' Discord token… + +(Originally on Twitter: [Sat Oct 26 07:35:23 +0000 2019](https://twitter.com/adulau/status/1187996129490808832)) +---- +RT @MiriamXyra: I had an amazing time presenting at @hack_lu @BSidesLux and @MITREattack workshop during @LuxSecurityWeek - thank you for h… + +(Originally on Twitter: [Sat Oct 26 12:21:54 +0000 2019](https://twitter.com/adulau/status/1188068233632518146)) +---- +Don't forget to watch the 'reduced' lightning talk of @tricaud at @hack_lu about pCraft an open source tool to generate synthetic pcap from real scenarios expressed in YAML. +https://twitter.com/Ministraitor/status/1188111575544143872 - https://github.com/DevoInc/pCraft + +(Originally on Twitter: [Sat Oct 26 16:14:56 +0000 2019](https://twitter.com/adulau/status/1188126876579106816)) +---- +RT @___wr___: The 15th @hack_lu network infrastructure just ceased to exist. See you next year ! @fluxfingers @syn2cat @ruckusnetworks @Kap… + +(Originally on Twitter: [Sat Oct 26 16:25:26 +0000 2019](https://twitter.com/adulau/status/1188129517577146373)) +---- +@___wr___ @hack_lu @fluxfingers @syn2cat @ruckusnetworks @KappaData @conostix At least this one is much more reliable than some routing tables managed by Cogent ;-) + +(Originally on Twitter: [Sat Oct 26 16:26:45 +0000 2019](https://twitter.com/adulau/status/1188129852370673664)) +---- +"Scanning the Scanners: Sensing the Internet from a Massively Distributed Network Telescope" The monitoring is from packet filtering devices in front of CDN. Another perspective for network telescope. +https://people.csail.mit.edu/richterp/imc19_scanners.pdf + +(Originally on Twitter: [Sat Oct 26 20:44:49 +0000 2019](https://twitter.com/adulau/status/1188194793890963461)) +---- +Not sure that @techdirt article got the whole point about Banksy artwork and strategy. He shows that the art market is silly and that’s why he refuses the royalties proposed by some (like mentioned in the article). +https://www.techdirt.com/articles/20191007/17291443141/banksys-fake-store-is-attempt-to-abuse-trademark-law-to-avoid-copyright-law.shtml + +(Originally on Twitter: [Sun Oct 27 08:11:53 +0000 2019](https://twitter.com/adulau/status/1188367701208719360)) +---- +Evil proposal plan: complaining about the code complexity of sudo, look at OpenBSD doas replacement which is more secure and more simple, make a portable doas version with a backdoor. How many portable doas could you find as of Today? + +(Originally on Twitter: [Sun Oct 27 08:30:04 +0000 2019](https://twitter.com/adulau/status/1188372278221955072)) +---- +@michelcazenave Not really but seeing how fast an alternative open source package can replace another one. This could be a good trick for any group willing to have a long-term persistence access to critical targets. + +(Originally on Twitter: [Sun Oct 27 09:52:32 +0000 2019](https://twitter.com/adulau/status/1188393030316908544)) +---- +RT @hack_lu: In 2020, the conference will take place from the 20th until the 22nd of October. + +But also: +* @Blackhoodie_RE: 17th - 19th +*… + +(Originally on Twitter: [Mon Oct 28 17:16:12 +0000 2019](https://twitter.com/adulau/status/1188867071238643712)) +---- +https://cve.circl.lu/cve/CVE-2019-3636 I’m sure @cvandeplas would love this McAfee vulnerability to add in his collection. + +(Originally on Twitter: [Mon Oct 28 18:24:03 +0000 2019](https://twitter.com/adulau/status/1188884144782225420)) +---- +RT @MISPProject: MISP supports the sharing of financial information including bank account details, financial transactions and organisation… + +(Originally on Twitter: [Tue Oct 29 10:39:36 +0000 2019](https://twitter.com/adulau/status/1189129653178503170)) +---- +RT @Ministraitor: The CfF bits were not supposed to be recorded, but through sheer chance it happened anyway - just without camera operator… + +(Originally on Twitter: [Tue Oct 29 11:29:48 +0000 2019](https://twitter.com/adulau/status/1189142286644449280)) +---- +RT @quarkslab: [BLOG] EEPROM: When Tearing-Off Becomes a Security Issue https://blog.quarkslab.com/eeprom-when-tearing-off-becomes-a-security-issue.html by @doegox + +(Originally on Twitter: [Tue Oct 29 17:24:21 +0000 2019](https://twitter.com/adulau/status/1189231509271654401)) +---- +RT @VV_X_7: MITRE ATT&CK Sightings + (future) @MISPProject integration is one of the coolest things to come out of @MITREattack so far. htt… + +(Originally on Twitter: [Tue Oct 29 20:05:02 +0000 2019](https://twitter.com/adulau/status/1189271946304937985)) +---- +@downey The platform which basically don’t allow AGPL because they redefined the definition of free software. https://gitlab.com/gitlab-com/blog-posts/issues/527 + +(Originally on Twitter: [Wed Oct 30 06:15:50 +0000 2019](https://twitter.com/adulau/status/1189425660873334784)) +---- +If you need a corpus about insults in Mandarin, https://github.com/notepad-plus-plus/notepad-plus-plus/issues the issues of @Notepad_plus provides a good corpus to build your next natural language library. + +(Originally on Twitter: [Wed Oct 30 07:23:58 +0000 2019](https://twitter.com/adulau/status/1189442806831554560)) +---- +"SeedsMiner: Accurate URL Blacklist-Generation Based on +Efficient OSINT Seed Collection" +http://delivery.acm.org/10.1145/3370000/3361751/p250-tanaka.pdf + +(Originally on Twitter: [Wed Oct 30 21:03:28 +0000 2019](https://twitter.com/adulau/status/1189649039127650312)) +---- +@metaconflict @AFiscutean This is the business of *all* mobile providers. Monetizing the location data. For your information, if you want to buy the service from Proximus https://www.proximus.be/en/id_cl_analytics/companies-and-public-sector/solutions/connected-business/proximus-analytics.html Will you be ready to pay more your mobile subscription to not be in the analytics and also stop the roaming? + +(Originally on Twitter: [Sun Nov 03 08:34:10 +0000 2019](https://twitter.com/adulau/status/1190910025247739904)) +---- +@metaconflict @AFiscutean In addition to that, you have also companies which are aggregating from mobile providers/roaming hub or passive collection company to share and sell the analytics to others. Even if you opt-out from one provider, you will still be present in other datasets. + +(Originally on Twitter: [Sun Nov 03 08:39:31 +0000 2019](https://twitter.com/adulau/status/1190911370964996096)) +---- +@metaconflict @AFiscutean To conclude (but I should do a full article about it someday) the mobile operators having a nice public web page about marketing analytics which can be purchased are the nicest part of such business. The grey market of location business is usually not very public. + +(Originally on Twitter: [Sun Nov 03 08:45:13 +0000 2019](https://twitter.com/adulau/status/1190912803756007424)) +---- +RT @MISPProject: Want to share your experience about CTI, practical use of @MISPProject in your SOC or threat intelligence team don't forge… + +(Originally on Twitter: [Sun Nov 03 10:58:48 +0000 2019](https://twitter.com/adulau/status/1190946420494413825)) +---- +I just released a first version of my git-vuln-finder to find potential software vulnerabilities/fixes from git commit messages. It's still very alpha but it works. The future step is add a simple review process to add these into a new @cve_search feed. ![](media/1191002722968977408-EIdKqP_X0AEEWjB.png) + +(Originally on Twitter: [Sun Nov 03 14:42:31 +0000 2019](https://twitter.com/adulau/status/1191002722968977408)) +---- +RT @asfakian: After 3 interesting and productive years, the contract with my current employer ends at the end December 2019. Thus, I would… + +(Originally on Twitter: [Sun Nov 03 15:05:13 +0000 2019](https://twitter.com/adulau/status/1191008436911259654)) +---- +@F_kZ_ @cve_search Sure (and me being stupid, I forgot to put the link to GitHub ;-) https://github.com/cve-search/git-vuln-finder + +(Originally on Twitter: [Sun Nov 03 17:18:40 +0000 2019](https://twitter.com/adulau/status/1191042018300059648)) +---- +We are working on extending the meta data in the threat-actor database of @MISPProject to solve the issue of ambiguity between threat actor, activity group, campaign and operation. Feedback on the proposed solution is more than welcome: +https://github.com/MISP/misp-galaxy/issues/469 #ThreatIntel #CTI + +(Originally on Twitter: [Mon Nov 04 09:05:22 +0000 2019](https://twitter.com/adulau/status/1191280262400884736)) +---- +You know what's the most sad stuff nowadays, it's the lack of proper telemetry when you write and release open source software. ![](media/1191443064256180229-EIjbJIWWwAQxhn9.jpg) + +(Originally on Twitter: [Mon Nov 04 19:52:17 +0000 2019](https://twitter.com/adulau/status/1191443064256180229)) +---- +@ydklijnsma You are strong and we love you! See you very soon! + +(Originally on Twitter: [Tue Nov 05 06:22:47 +0000 2019](https://twitter.com/adulau/status/1191601737129435136)) +---- +RT @r00tbsd: More details about an actor targeting SMB companies with ransomware - #BitPaymer/#DopplePaymer ? Look at our latest post with… + +(Originally on Twitter: [Tue Nov 05 07:06:55 +0000 2019](https://twitter.com/adulau/status/1191612843956883456)) +---- +RT @davedittrich: Ah, yes. Terminology conflict between domains. An ever present issue. Like the word “countermeasure” (vastly different me… + +(Originally on Twitter: [Tue Nov 05 17:04:02 +0000 2019](https://twitter.com/adulau/status/1191763110379622401)) +---- +RT @_saadk: Highly thought-provoking talk by @Dymaxion about resilient systems & cybersecurity. To the simple question “what’s a computer i… + +(Originally on Twitter: [Tue Nov 05 17:09:54 +0000 2019](https://twitter.com/adulau/status/1191764588209082368)) +---- +RT @cyb3rops: I've asked in a tweet if someone could do some PS1/WMI magic to kill all processes related to "vssadmin delete shadows" just… + +(Originally on Twitter: [Wed Nov 06 05:45:59 +0000 2019](https://twitter.com/adulau/status/1191954864005406721)) +---- +RT @LSELabs: New release: cve-search 2.5 (local CVE and CPE database) by @adulau #cpe #cve https://linuxsecurity.expert/tools/cve-search/ + +(Originally on Twitter: [Wed Nov 06 06:11:50 +0000 2019](https://twitter.com/adulau/status/1191961369316331521)) +---- +RT @Iglocska: Just finished the first revision of one of my 3 @hack_lu inspired features that I wanted to implement into @MISPProject - int… + +(Originally on Twitter: [Wed Nov 06 20:29:36 +0000 2019](https://twitter.com/adulau/status/1192177232384581632)) +---- +Don't forget that if you host open source security software on @github or hosting services located in US, you might be bound to US export restrictions. http://www.apache.org/licenses/exports/ Having localised EU mirror of git repositories can be important for some of your users or contributors. ![](media/1192182939649544197-EIt8D7mW4AYDbu1.png) + +(Originally on Twitter: [Wed Nov 06 20:52:17 +0000 2019](https://twitter.com/adulau/status/1192182939649544197)) +---- +@Iglocska @jwunder So you don't agree with the wisdom of John. I'm really disappointed. + +(Originally on Twitter: [Thu Nov 07 15:09:00 +0000 2019](https://twitter.com/adulau/status/1192458937771208704)) +---- +@x0rz @pwnsdx @EFF @evacide Another paradox is that EFF is in favor of Free Software and Open source where no restriction on where a software is used « No Discrimination Against Fields of Endeavor ». + +(Originally on Twitter: [Thu Nov 07 16:53:44 +0000 2019](https://twitter.com/adulau/status/1192485296199340034)) +---- +@LSELabs FYI I maintain an ssldump version including all the known patches and some more updates. https://github.com/adulau/ssldump + +(Originally on Twitter: [Fri Nov 08 06:38:31 +0000 2019](https://twitter.com/adulau/status/1192692859733983233)) +---- +RT @circl_lu: AIL open source framework version 2.4 released with improved crawled domain correlation (cryptocurrency addresses, pgp keys,… + +(Originally on Twitter: [Fri Nov 08 15:50:00 +0000 2019](https://twitter.com/adulau/status/1192831643796549633)) +---- +RT @erickdahan: Hilarious. Read if you need a good chuckle. https://twitter.com/MISPProject/status/1192813927119380480 ![](media/1192858259411161088-EI3OYh5WsAIqXvC.jpg) + +(Originally on Twitter: [Fri Nov 08 17:35:45 +0000 2019](https://twitter.com/adulau/status/1192858259411161088)) +---- +@rafi0t Just found back a picture of me at the age of 4 playing with fire. Times are changing... ![](media/1193245118469419008-EI9CGoHWkAII-GU.jpg) + +(Originally on Twitter: [Sat Nov 09 19:13:00 +0000 2019](https://twitter.com/adulau/status/1193245118469419008)) +---- +RT @cyb3rops: 3/ +1. Antivirus logs often contain indicators for threat groups‘ activity that aren’t noticed b/c no one pays attention to ev… + +(Originally on Twitter: [Sun Nov 10 11:43:51 +0000 2019](https://twitter.com/adulau/status/1193494473533202433)) +---- +RT @_saadk: While practicing #TheArtofGettingLost, I saw this art book. + +The scene reminded me of a walk with @adulau, during the @FIRSTdo… + +(Originally on Twitter: [Sun Nov 10 14:12:22 +0000 2019](https://twitter.com/adulau/status/1193531849949233152)) +---- +We finally released a first version of MISP with external sighting support. Thanks to @tricaud for the cool collaboration. Expect more services providing sighting lookup in the future to improve threat intelligence contextualisation and decaying. +https://twitter.com/MISPProject/status/1193629341860671492 + +(Originally on Twitter: [Sun Nov 10 21:42:31 +0000 2019](https://twitter.com/adulau/status/1193645132370849793)) +---- +RT @MISPProject: MISP 2.4.118 released including support for the exclusivity tag, the SightingDB support added to lookup for external sight… + +(Originally on Twitter: [Mon Nov 11 06:47:42 +0000 2019](https://twitter.com/adulau/status/1193782333544886272)) +---- +@ydklijnsma We need you. Take care and see you very soon. + +(Originally on Twitter: [Mon Nov 11 12:24:14 +0000 2019](https://twitter.com/adulau/status/1193867024314884099)) +---- +RT @cynicalsecurity: Congratulations Intel: a whole blog post about tons of issues¹ and the link to the "including CVE-2019-0169 which has… + +(Originally on Twitter: [Wed Nov 13 03:52:55 +0000 2019](https://twitter.com/adulau/status/1194463124776243201)) +---- +@limacharlieio @yararules @alienvault Thanks for the @MISPProject standard format support. Do you use all attributes types and objects too to do lookup? + +(Originally on Twitter: [Wed Nov 13 03:58:15 +0000 2019](https://twitter.com/adulau/status/1194464464659263488)) +---- +RT @chrisred_68: So I guess @mokaddem_sami and I are the 1% representing Luxembourg here at #G33kw33k? @circl_lu @MISPProject @centrecyber_… + +(Originally on Twitter: [Thu Nov 14 19:18:03 +0000 2019](https://twitter.com/adulau/status/1195058330345103360)) +---- +RT @bkMSFT: Not speaking to any specific targets, but, the activity group we track as ZIRCONIUM (roughly apt31) had been targeting US organ… + +(Originally on Twitter: [Fri Nov 15 05:37:10 +0000 2019](https://twitter.com/adulau/status/1195214133785956352)) +---- +@rmkml @ater49 @MISPProject @FrancoMisp @OSSIRFrance It’s always great to see active users and contributors participating to make information sharing a reality and supporting an open source project like MISP. + +(Originally on Twitter: [Fri Nov 15 19:23:53 +0000 2019](https://twitter.com/adulau/status/1195422185508220929)) +---- +RT @circl_lu: Digital Forensic - Training materials updated with new materials and training challenges. #DFIR More than 200 pages of slides… + +(Originally on Twitter: [Sat Nov 16 20:36:19 +0000 2019](https://twitter.com/adulau/status/1195802802334945281)) +---- +For the ones who used the Notable markdown notes taking application and were disappointed by the proprietary move, there is a good open source alternative called Joplin. https://github.com/laurent22/joplin + +(Originally on Twitter: [Sat Nov 16 21:45:44 +0000 2019](https://twitter.com/adulau/status/1195820269388148738)) +---- +@AlecMuffett Looks great. Do you have a machine parsable (JSON or alike) of the directory? I would like to make a white-list for AIL crawling. https://github.com/CIRCL/AIL-framework + +(Originally on Twitter: [Sun Nov 17 09:18:50 +0000 2019](https://twitter.com/adulau/status/1195994693718421504)) +---- +Where should we start? Maybe by proposing real interesting jobs in infosec, pay decent salaries, avoid useless requirements (the organisation mentioned below is also not helping there) in profiles and welcome diversity. + +https://mobile.twitter.com/InfoSecHotSpot/status/1195671142767439873 + +(Originally on Twitter: [Sun Nov 17 10:03:56 +0000 2019](https://twitter.com/adulau/status/1196006045015060480)) +---- +RT @_saadk: @adulau We should also be able alleviate the lack of skilled professionals by pushing back against poor cybersecurity products… + +(Originally on Twitter: [Sun Nov 17 13:37:33 +0000 2019](https://twitter.com/adulau/status/1196059804223049728)) +---- +@pro_integritate I use the term infosec job to avoid the c**** word ;-) + +(Originally on Twitter: [Sun Nov 17 13:47:17 +0000 2019](https://twitter.com/adulau/status/1196062252316672006)) +---- +RT @mtarral: Interested by QEMU intrusmentation / introspection ? + +Are you familiar with projects like +- PANDA +- DECAF +- PyREBox + +Then you… + +(Originally on Twitter: [Sun Nov 17 14:58:00 +0000 2019](https://twitter.com/adulau/status/1196080050073980928)) +---- +@Nedfire23 @circl_lu Awesome! Could you make a pull-request on the original repository with the http://draw.io xml? That would super useful for many @MISPProject users Thanks a lot for the contribution + +(Originally on Twitter: [Sun Nov 17 16:20:31 +0000 2019](https://twitter.com/adulau/status/1196100814089142272)) +---- +RT @silascutler: TLP is a construct we created to ensure we all understood the guidelines around sharing. If you don't want to follow it, t… + +(Originally on Twitter: [Sun Nov 17 16:43:43 +0000 2019](https://twitter.com/adulau/status/1196106653986373632)) +---- +@Nedfire23 @circl_lu @MISPProject Maybe a new folder as you wish in https://github.com/adulau/misp-osint-collection ? Thanks a lot + +(Originally on Twitter: [Sun Nov 17 22:28:54 +0000 2019](https://twitter.com/adulau/status/1196193523692908544)) +---- +@KhatibSajjad I'm not aware of an official @MISPProject integration in @LogRhythm maybe the vendor LogRhythm can tell us about it? + +(Originally on Twitter: [Mon Nov 18 05:39:36 +0000 2019](https://twitter.com/adulau/status/1196301911743488001)) +---- +RT @atluxity: Video where @Iglocska is presenting Turning data into actionable intelligence - advanced features in MISP supporting your ana… + +(Originally on Twitter: [Mon Nov 18 15:20:25 +0000 2019](https://twitter.com/adulau/status/1196448077328134144)) +---- +What's triggered me to do more photography was an exhibition about Dennis Hopper in Amsterdam in 2001 ( @Stedelijk) where his photographic and art work was presented. ![](media/1196528535671840768-EJrsWfQWkAIR79z.jpg) + +(Originally on Twitter: [Mon Nov 18 20:40:07 +0000 2019](https://twitter.com/adulau/status/1196528535671840768)) +---- +Especially about his statement about "found objects" - "I think of that with my photographs. I think of them as ‘found’ paintings because I don’t crop them, I don’t manipulate them or anything. So they’re like ‘found’ objects to me." Dennis Hopper ![](media/1196528557805182978-EJrsXqZWwAA1AIx.jpg) + +(Originally on Twitter: [Mon Nov 18 20:40:13 +0000 2019](https://twitter.com/adulau/status/1196528557805182978)) +---- +This quote breaks a kind of taboo in my photographic mindset. You can communicate by using photography and especially by finding those "objects" which are a representation of your state of mind. ![](media/1196528584845856768-EJrsY8lWsAAezsq.jpg) + +(Originally on Twitter: [Mon Nov 18 20:40:19 +0000 2019](https://twitter.com/adulau/status/1196528584845856768)) +---- +20 years later, I'm still experimenting to communicate better in photography but it's still long a journey. ![](media/1196528605850980355-EJrsapWWsAAUvA7.jpg) + +(Originally on Twitter: [Mon Nov 18 20:40:24 +0000 2019](https://twitter.com/adulau/status/1196528605850980355)) +---- +RT @stvemillertime: ICYMI here are a couple of malware families and utilities that use DNS-over-HTTPS (DoH) + +- GODLUA +- PSIXBOT +- Many Rock… + +(Originally on Twitter: [Tue Nov 19 16:58:07 +0000 2019](https://twitter.com/adulau/status/1196835054263185409)) +---- +@_saadk Je vois une opportunité pour la création d’un club de lecture « cyber » ou comment revenir sur terre avec la littérature et la culture. + +(Originally on Twitter: [Tue Nov 19 21:19:57 +0000 2019](https://twitter.com/adulau/status/1196900945281585157)) +---- +@ninoseki Oh cool. Should we add it in the default @MISPProject feeds? + +(Originally on Twitter: [Wed Nov 20 07:40:18 +0000 2019](https://twitter.com/adulau/status/1197057060233515008)) +---- +@ninoseki @MISPProject I see. Maybe we should add some tags in the feed to define the likelihood or some other estimative language estimation. So it could be used for correlation or supporting some contextualisation of existing misp events. + +(Originally on Twitter: [Wed Nov 20 07:54:25 +0000 2019](https://twitter.com/adulau/status/1197060614855839744)) +---- +@payal_jaiswani @MISPProject @cocaman @rafi0t So you configure pull from MISP-2 on the MISP-1 server (sync server configuration) on MISP-2 server you add MISP-1 server and only cache (no pull/push). I hope this helps. + +(Originally on Twitter: [Wed Nov 20 11:18:21 +0000 2019](https://twitter.com/adulau/status/1197111937756205057)) +---- +@GroupIB_GIB There is something strange with your scanner (http://rnd.group-ib.ru), the source port (60000) is always the same. Is it by design (to fingerprint your scanner) or something else? ![](media/1197169028080553986-EJ0y4o1WsAAOd8w.png) + +(Originally on Twitter: [Wed Nov 20 15:05:13 +0000 2019](https://twitter.com/adulau/status/1197169028080553986)) +---- +RT @MISPProject: BelgoMISP Meeting 0x01 "When? 13-Dec-2019, from 5PM until 8PM (Brussels time)" @adulau and @Iglocska will be there to disc… + +(Originally on Twitter: [Wed Nov 20 16:10:19 +0000 2019](https://twitter.com/adulau/status/1197185412759994370)) +---- +RT @MISPProject: FYI, in the @circl_lu MISP OSINT feed, a MISP event (including the malicious sample) is distributed describing in structur… + +(Originally on Twitter: [Thu Nov 21 09:48:49 +0000 2019](https://twitter.com/adulau/status/1197451794072457216)) +---- +@SheSponse Scripts importing data into @MISPProject to see correlations, structure and contextualise information, share with your colleagues what you are working on and discover historical information. + +(Originally on Twitter: [Fri Nov 22 05:42:53 +0000 2019](https://twitter.com/adulau/status/1197752289232072705)) +---- +"The politics of deceptive borders: ‘biomarkers of deceit’ and the case of iBorderCtrl" - https://arxiv.org/pdf/1911.09156.pdf ![](media/1197829167951368194-EJ-LRuVWkAE5T3z.png) + +(Originally on Twitter: [Fri Nov 22 10:48:22 +0000 2019](https://twitter.com/adulau/status/1197829167951368194)) +---- +@wimremes @GossiTheDog Someone crawling random website and getting his/her eyes burnt with all the “legitimate” website on Tor. @AlecMuffett will love it ;-) + +(Originally on Twitter: [Fri Nov 22 12:01:29 +0000 2019](https://twitter.com/adulau/status/1197847567289192448)) +---- +RT @hashbreaker: Amazing compendium of failures of "provable security": https://eprint.iacr.org/2019/1336. I saw a preprint months ago and the shock… + +(Originally on Twitter: [Sun Nov 24 10:08:26 +0000 2019](https://twitter.com/adulau/status/1198543890787246080)) +---- +My last dream was about an academic conference requiring to have an open source software of your researches where everyone can actually understand the software by reading the http://README.md, build it from scratch and the researchers accept pull-request for improvements. + +(Originally on Twitter: [Sun Nov 24 10:20:39 +0000 2019](https://twitter.com/adulau/status/1198546966231310336)) +---- +I decided to move the art and photography related tweets towards another account -> @AdulauA to help the Russian bots, to improve the quality of the marketing stream of Twitter and keep my followers focused on infosec/dfir/threat intelligence/open source security. + +(Originally on Twitter: [Sun Nov 24 17:40:51 +0000 2019](https://twitter.com/adulau/status/1198657747014823937)) +---- +RT @cyb3rops: The Problems With Today's Red Teaming + +@QW5kcmV3 + +https://medium.com/@cyb3rops/the-problems-with-todays-red-teaming-7b8ed1e735c9 ![](media/1198689608529260545-EKD4z1EWoAIvZb-.png) + +(Originally on Twitter: [Sun Nov 24 19:47:27 +0000 2019](https://twitter.com/adulau/status/1198689608529260545)) +---- +RT @circl_lu: AIL Framework version 2.5 released with improved correlation and experimental support for @MISPProject modules. Improvements… + +(Originally on Twitter: [Mon Nov 25 10:30:15 +0000 2019](https://twitter.com/adulau/status/1198911771412578304)) +---- +@TheosrsOrg MISP integrates @MITREattack and you can generate time-based statistics of the matrix for finding the most common used techniques and their evolution. Not sure if the author of the article tested or used the functionality. + +(Originally on Twitter: [Mon Nov 25 16:14:55 +0000 2019](https://twitter.com/adulau/status/1198998510609321984)) +---- +@TheosrsOrg @MITREattack If you want to play with your matrix statistics https://<YOURMISP>/users/statistics/galaxyMatrix and just append .json if you want the machine-readable version. It works with all the matrix-like galaxies from @MITREattack and all the others. ![](media/1199030557537161228-EKPP7uRXUAA93Sn.png) + +(Originally on Twitter: [Mon Nov 25 18:22:16 +0000 2019](https://twitter.com/adulau/status/1199030557537161228)) +---- +Seeing this, I'm close to do an automatic table using @cve_search to pull all the vulnerabilities assigned per TLS library and see which TLS libraries don't report or document their vulnerabilities. +https://twitter.com/bagder/status/1199236144430551040 + +(Originally on Twitter: [Tue Nov 26 08:25:23 +0000 2019](https://twitter.com/adulau/status/1199242736362229760)) +---- +RT @darb0ng: Clop ransomware😈 tries to +- Check Anti virus processes(MalwareBytes -> uninstall, WEBROOT, Panda Security) +- Encrypt file ONL… + +(Originally on Twitter: [Tue Nov 26 09:15:51 +0000 2019](https://twitter.com/adulau/status/1199255433569017856)) +---- +RT @rh0main: (1/2) Here is my analysis of Tencent's Legu: + +https://blog.quarkslab.com/a-glimpse-into-tencents-legu-packer.html + +Most of the analysis was done thanks to open source to… + +(Originally on Twitter: [Tue Nov 26 11:54:30 +0000 2019](https://twitter.com/adulau/status/1199295362403569665)) +---- +RT @WeldPond: DHS CISA is working on a vulnerability disclosure process. They want you comments. https://cyber.dhs.gov/bod/20-01/ + +(Originally on Twitter: [Thu Nov 28 05:54:47 +0000 2019](https://twitter.com/adulau/status/1199929608822558720)) +---- +During the network traffic analysis workshop of a recent network telescope dataset, we saw that Mirai (and others) are more frequently scanning TCP port 26. Mirai variants are still actively relying on setting the ISN with the destination IP address (as seen in the graph below). ![](media/1199971233154174976-EKcneUgWwAAxo8f.jpg) + +(Originally on Twitter: [Thu Nov 28 08:40:11 +0000 2019](https://twitter.com/adulau/status/1199971233154174976)) +---- +At @DC11331 tonight and it remembers me the good old times of the @2600 meetings thx to @Ko97551819 for the organisation. + +(Originally on Twitter: [Thu Nov 28 18:54:53 +0000 2019](https://twitter.com/adulau/status/1200125930972340226)) +---- +The economics behind the exploit market can be hard to crasp. Releasing a PoC is also a way to kill existing premium market but increase the accessibility to a larger audience nevertheless also reinforcing the incentive for the vendor/user to patch. +https://twitter.com/MalwareTechBlog/status/1200512852856958976 + +(Originally on Twitter: [Sat Nov 30 15:20:39 +0000 2019](https://twitter.com/adulau/status/1200796792255926272)) +---- +@bad_packets The top 20 malicious ASNs seen on http://bgpranking.circl.lu + +(Originally on Twitter: [Sat Nov 30 23:47:41 +0000 2019](https://twitter.com/adulau/status/1200924391216963585)) +---- +@r00tbsd Man, it’s an ode to Jan Boelaars. Anthropology is what we do on a daily basis without knowing that we do it... + +(Originally on Twitter: [Sun Dec 01 10:51:24 +0000 2019](https://twitter.com/adulau/status/1201091421337468929)) +---- +RT @stvemillertime: My journey into a security analyst been easier if I had done more of these in college: + +1) Strings of thousands of fil… + +(Originally on Twitter: [Sun Dec 01 16:46:06 +0000 2019](https://twitter.com/adulau/status/1201180682397110273)) +---- +@CesarLizurey Cool bel exemple. La prochaine étape serait de publier ce logiciel en logiciel libre pour développer une communauté d’utilisateurs et de contributeurs. + +(Originally on Twitter: [Mon Dec 02 06:25:43 +0000 2019](https://twitter.com/adulau/status/1201386945517101056)) +---- +@CesarLizurey Cela serait un super complément à @MISPProject qui est aussi utilisé dans plusieurs “LEA” pour partager de l’information entre équipes, enquêteurs et/ou pays partenaires. + +(Originally on Twitter: [Mon Dec 02 06:28:53 +0000 2019](https://twitter.com/adulau/status/1201387742673932288)) +---- +RT @VTeagueAus: Scytl/NSWEC have now released their response to my report on their still-buggy decryption ZKP. Their response https://t.co… + +(Originally on Twitter: [Mon Dec 02 06:35:21 +0000 2019](https://twitter.com/adulau/status/1201389369627697152)) +---- +@CVEnew @MITREcorp @NISTcyber It seems that you don't have the vulnerabilities "awaiting analysis" in the JSON feed. Is it something by design? If yes, is there a JSON feed available? ![](media/1201412045591269376-EKxF4rWXUAI3K6k.png) + +(Originally on Twitter: [Mon Dec 02 08:05:27 +0000 2019](https://twitter.com/adulau/status/1201412045591269376)) +---- +RT @IACR_News: #ePrint Alzette: A 64-bit ARX-box: C Beierle, A Biryukov, LCd Santos, J Großschädl, L Perrin, A Udovenko, V Velichkov, Q Wan… + +(Originally on Twitter: [Mon Dec 02 08:44:31 +0000 2019](https://twitter.com/adulau/status/1201421876972662790)) +---- +@sans_isc @xme Mirai on TCP port 26 -> +https://twitter.com/adulau/status/1199971233154174976 + +(Originally on Twitter: [Mon Dec 02 19:56:52 +0000 2019](https://twitter.com/adulau/status/1201591079985922055)) +---- +RT @diagprov: Apparently RSA Number 240 has been factored (795-bit RSA) by INRIA. https://listserv.nodak.edu/cgi-bin/wa.exe?A2=NMBRTHRY;fd743373.1912&S= + +(Originally on Twitter: [Tue Dec 03 06:12:08 +0000 2019](https://twitter.com/adulau/status/1201745915926716417)) +---- +RT @ga1ois: The slides of our talk "Pool Fengshui in Windows #RDP Vulnerability Exploitation" at #bluehatseattle are available. https://t.c… + +(Originally on Twitter: [Tue Dec 03 06:17:54 +0000 2019](https://twitter.com/adulau/status/1201747366216445952)) +---- +RT @NISTcyber: The issue has been resolved-- please let us know if you are still experiencing problems. https://twitter.com/adulau/status/1201412045591269376 + +(Originally on Twitter: [Tue Dec 03 16:45:22 +0000 2019](https://twitter.com/adulau/status/1201905273197207552)) +---- +@sec_kh @circl_lu @MISPProject https://www.circl.lu/misp-images/ and pick a previous version. + +(Originally on Twitter: [Tue Dec 03 21:43:54 +0000 2019](https://twitter.com/adulau/status/1201980403378208778)) +---- +RT @inea_eu: Transparency Platform for 🇪🇺Projects of Common Interest: public data on cross-border #energy #infrastructure is now up-to-date… + +(Originally on Twitter: [Wed Dec 04 13:41:34 +0000 2019](https://twitter.com/adulau/status/1202221406085402624)) +---- +@H_Miser 13-14-15/05 ? + +(Originally on Twitter: [Wed Dec 04 16:44:11 +0000 2019](https://twitter.com/adulau/status/1202267364315877381)) +---- +@H_Miser Ah not the same. My “memorable” week-end was WannaCry and it was during my birthday... + +(Originally on Twitter: [Wed Dec 04 17:03:02 +0000 2019](https://twitter.com/adulau/status/1202272109801672705)) +---- +@RTBF PISA n’est qu’une mesure partielle et purement normative qui ne représente pas l’ensemble des savoirs. Réaliser une émission sur une valeur parcellaire ? Cela semble peu réaliste pour analyser l'évolution des compétences. #avotreavis + +(Originally on Twitter: [Wed Dec 04 21:17:35 +0000 2019](https://twitter.com/adulau/status/1202336167322161153)) +---- +Alan Perlis had a very good definition of what OFFSEC tools are “Every program has (at least) two purposes: the one for which it was written, and another for which it wasn't.“ + +(Originally on Twitter: [Thu Dec 05 06:46:22 +0000 2019](https://twitter.com/adulau/status/1202479308490649600)) +---- +RT @MISPProject: We have a new MISP galaxy with Surveillance Vendors for vendors selling specific CNE tools. Thanks to @deltalimasierra for… + +(Originally on Twitter: [Thu Dec 05 16:10:52 +0000 2019](https://twitter.com/adulau/status/1202621370024288257)) +---- +RT @cveiche: hey $vendor, when you fix a security bug, assign a damn CVE. CVEs are critical for blue/vuln magt teams. +security bugs happen… + +(Originally on Twitter: [Thu Dec 05 17:36:00 +0000 2019](https://twitter.com/adulau/status/1202642793375707141)) +---- +RT @pietercolpaert: An intriguing practice is when researchers ignore a conference’s page limit by just self-archiving an expanded version… + +(Originally on Twitter: [Thu Dec 05 20:50:16 +0000 2019](https://twitter.com/adulau/status/1202691680769630208)) +---- +RT @darb0ng: #TinyMet(meterpreter stager) 🔨 +- packed with same packer of #TA505 +- before unpack its code, create .bat file to delete itself… + +(Originally on Twitter: [Fri Dec 06 05:41:17 +0000 2019](https://twitter.com/adulau/status/1202825318135812098)) +---- +@ssimonsen0202 @MISPProject @cyb3rops @ScoubiMtl @tifkin_ Do you have an example in mind of the format for the detection logic? I would like to see what’s possible and what we need to extend in MISP to support such use-case. + +(Originally on Twitter: [Fri Dec 06 06:56:31 +0000 2019](https://twitter.com/adulau/status/1202844247961096192)) +---- +RT @Ministraitor: Update On MISP - Alex Dulaunoy @adulau @MITREattack https://youtu.be/oL8jmH1f7M8 + +(Originally on Twitter: [Fri Dec 06 14:44:36 +0000 2019](https://twitter.com/adulau/status/1202962047664869382)) +---- +RT @atc_project: our update from EU MITRE ATT&CK community workshop. kudos to @adulau @FDezeure. thank you for making it happen! https://t.… + +(Originally on Twitter: [Fri Dec 06 18:14:39 +0000 2019](https://twitter.com/adulau/status/1203014906959802369)) +---- +@atc_project @FDezeure Thank you for your continuous contribution to the open source security community. This is really appreciated. and thanks to the video master @Ministraitor ! + +(Originally on Twitter: [Fri Dec 06 18:40:51 +0000 2019](https://twitter.com/adulau/status/1203021500250566656)) +---- +RT @CYINT_dude: Internal #threatintel teams sometimes bias towards “more sophisticated” threats - they are interesting and draw an audience… + +(Originally on Twitter: [Sat Dec 07 08:41:06 +0000 2019](https://twitter.com/adulau/status/1203232956539658242)) +---- +RT @0Rickyy0: @MalwareJake @jaysonstreet I attended @hack_lu this year and apart from them having a quite high rate of female speakers I ha… + +(Originally on Twitter: [Sun Dec 08 07:44:39 +0000 2019](https://twitter.com/adulau/status/1203581136447967233)) +---- +IPMI is maybe underused by adversaries but the attack surface is huge and full of opportunities... especially when vendors are so "reactive". +https://www.dark-sec.net/2019/12/supermicro-ipmi-exploitation.html ![](media/1203597211784896512-ELQJSIlWsAA5KbQ.png) + +(Originally on Twitter: [Sun Dec 08 08:48:31 +0000 2019](https://twitter.com/adulau/status/1203597211784896512)) +---- +RT @0xdea: Tunneling traffic through MySQL service (or your mysqld is my new SOCKS5) by @TheXC3LL + +https://x-c3ll.github.io/posts/Pivoting-MySQL-Proxy/ + +My old MySQL U… + +(Originally on Twitter: [Sun Dec 08 09:29:56 +0000 2019](https://twitter.com/adulau/status/1203607633166516225)) +---- +RT @Aristot73: Wassenaar Arrangement Dec. 2019 + +New entry in the Munitions List: "ML21.b.5 "Software" specially designed or modified for th… + +(Originally on Twitter: [Sun Dec 08 12:51:17 +0000 2019](https://twitter.com/adulau/status/1203658303890501633)) +---- +"Using Sequence-to-Sequence Learning for Repairing C Vulnerabilities" Would you merge blindy fixes generated by an "AI" sequence-to-sequence learning system? But the research is well done but maybe lacking the description of potential limitations. https://arxiv.org/pdf/1912.02015.pdf ![](media/1204121320604209155-ELXl9OjXkAAHNdr.png) + +(Originally on Twitter: [Mon Dec 09 19:31:08 +0000 2019](https://twitter.com/adulau/status/1204121320604209155)) +---- +@gcouprie I never managed to reach the toxic dose. and don't expect to synthetize 3-methoxy-4,5-methylenedioxyamphetamine ;-) + +(Originally on Twitter: [Mon Dec 09 20:23:28 +0000 2019](https://twitter.com/adulau/status/1204134487174586369)) +---- +If someone from @virustotal could share the spec of the vhash fuzzy hashing algorithm, it could be really useful for integration with various tools ;-) +https://twitter.com/arieljt/status/1183064542869381121 + +(Originally on Twitter: [Tue Dec 10 16:18:44 +0000 2019](https://twitter.com/adulau/status/1204435286622711809)) +---- +@ram_ssk @Aristot73 @BKCHarvard @msftsecurity @d_obrien @KendraSerra @salome_viljoen_ @jsnover The taxonomy is really neat. Thanks a lot. I just translated it as a @MISPProject taxonomy and every user can now add the classification in any event shared within MISP information sharing communities. https://www.misp-project.org/taxonomies.html#_failure_mode_in_machine_learning ![](media/1204691095973769217-ELfsKbiXUAEG_R9.png) + +(Originally on Twitter: [Wed Dec 11 09:15:14 +0000 2019](https://twitter.com/adulau/status/1204691095973769217)) +---- +RT @ram_ssk: ⬇️⬇️⬇️ Woowza! < 24 hours since we shared the ML attack taxonomy, @adulau empowered the Threat Intel community via @MISPProjec… + +(Originally on Twitter: [Wed Dec 11 16:05:05 +0000 2019](https://twitter.com/adulau/status/1204794241819533313)) +---- +RT @circl_lu: "Client-side Vulnerabilities in Commercial VPNs" +https://arxiv.org/abs/1912.04669 + +(Originally on Twitter: [Wed Dec 11 16:40:52 +0000 2019](https://twitter.com/adulau/status/1204803244259717121)) +---- +@olihough86 Indeed, good point. Currently the tags are not imported, could you open an issue on https://github.com/MISP/MISP/issues? We will have a look. + +(Originally on Twitter: [Fri Dec 13 05:41:22 +0000 2019](https://twitter.com/adulau/status/1205362050358272001)) +---- +RT @d4_project: If you want to setup your complete Passive DNS collection using D4 as a transport and collection layer. Check our HOWTO ->… + +(Originally on Twitter: [Fri Dec 13 08:06:39 +0000 2019](https://twitter.com/adulau/status/1205398615663009792)) +---- +RT @nadouani: One of the best feelings you could have when you make #opensource projects, is accepting contributions and pull requests from… + +(Originally on Twitter: [Fri Dec 13 11:48:48 +0000 2019](https://twitter.com/adulau/status/1205454518621655041)) +---- +RT @jberggren: A big update on Timesketch: New UI, analysis framework, Colab/Jupyter integration, updated API client and much much more. Th… + +(Originally on Twitter: [Fri Dec 13 14:37:35 +0000 2019](https://twitter.com/adulau/status/1205496997119176704)) +---- +@r00tbsd Very impressive! I love the realism of the short... + +(Originally on Twitter: [Fri Dec 13 18:26:14 +0000 2019](https://twitter.com/adulau/status/1205554538796769282)) +---- +"The Cyber Security Body of Knowledge" is 845 pages of condensed academic knowledge about "cyber security". But the most interesting part is the 1839 academic references. Thanks to @cy_bok for choosing an open license compatible with CC-BY. +https://www.cybok.org/media/downloads/CyBOK_version_1.0_YMKBy7a.pdf ![](media/1206151120558669824-EL0cDDkWsAUsDaB.jpg) + +(Originally on Twitter: [Sun Dec 15 09:56:51 +0000 2019](https://twitter.com/adulau/status/1206151120558669824)) +---- +This issue of a CVE assigned for SQLite from development branches where the commit was never merged, it's giving even more sense to allocate the CVE from the commit-id, to check if a release includes the commit or not. I'll add a commit-id database in https://github.com/cve-search/git-vuln-finder ![](media/1206173495887052800-EL0wZf4XkAAQSLL.jpg) + +(Originally on Twitter: [Sun Dec 15 11:25:45 +0000 2019](https://twitter.com/adulau/status/1206173495887052800)) +---- +RT @felixaime: Iran is one of the APT27 targets, such as other countries in the region, that’s true. Anyway, don’t draw any hasty conclusio… + +(Originally on Twitter: [Sun Dec 15 13:00:33 +0000 2019](https://twitter.com/adulau/status/1206197350483603456)) +---- +@EndlessMason It could be but there is no consensus at NIST about the commit-id as a version number too. I see more the commit-id as two new fields “commit-id-vulnerability-introduced” and “commit-id-vulnerability-fixed” as it’s atomic references for vulnerability databases. + +(Originally on Twitter: [Sun Dec 15 13:08:10 +0000 2019](https://twitter.com/adulau/status/1206199270564605952)) +---- +RT @emollick: Disorganized email is the best email. This paper shows putting email in folders wastes 11 minutes a day on average. People wh… + +(Originally on Twitter: [Sun Dec 15 16:44:38 +0000 2019](https://twitter.com/adulau/status/1206253745958539265)) +---- +Reading the 20th anniversary of the programmatic programmer (still super useful), I see a trend that the PMF model could be added in the next edition. https://tools.ietf.org/id/draft-dulaunoy-programming-methodology-framework-00.html @zedshaw @PragmaticAndy ![](media/1206627051261845504-EL7M53VXYAABFye.jpg) + +(Originally on Twitter: [Mon Dec 16 17:28:01 +0000 2019](https://twitter.com/adulau/status/1206627051261845504)) +---- +RT @FDezeure: Announcing the next EU ATT&CK Community workshop on 18-19 May 2020 in Brussels. Share you experiences with @MITREattack and l… + +(Originally on Twitter: [Mon Dec 16 18:27:55 +0000 2019](https://twitter.com/adulau/status/1206642125821087746)) +---- +If we take a parallel, the release of a potentially offensive software, in the public; It is still an opportunity for the defenders too. It's public and widely shared. Maybe the old discussion about bo2k is back https://web.archive.org/web/20050407210233/http://bo2k.sourceforge.net/docs/bo2k_legitimacy.html + +(Originally on Twitter: [Mon Dec 16 19:25:58 +0000 2019](https://twitter.com/adulau/status/1206656735324319744)) +---- +"C’est lui qui nous fait comprendre combien il est absurde de voir un profit dans une destruction." Bastiat was basically explaining the effects of destruction on the physical property. The release of a software is not comparable IMHO. +https://twitter.com/cnoanalysis/status/1206651849975033856 + +(Originally on Twitter: [Mon Dec 16 19:25:58 +0000 2019](https://twitter.com/adulau/status/1206656733457911813)) +---- +@cnoanalysis Not sure Bastiat really anticipated software and the distribution at no cost (a lot of his text are really about property per se). If we follow Bastiat arguments, the fact of controlling publication of software would be a model of protectionism. But I won't do the parallelism ;-) + +(Originally on Twitter: [Mon Dec 16 19:46:01 +0000 2019](https://twitter.com/adulau/status/1206661777867595778)) +---- +RT @ValdikSS: Neither UEFI Forum nor Kaspersky revoked vulnerable UEFI bootloader which allows to bypass Secure Boot with default configura… + +(Originally on Twitter: [Mon Dec 16 20:41:01 +0000 2019](https://twitter.com/adulau/status/1206675619079213060)) +---- +RT @d4_project: AIL Framework version 2.6 released with improved correlations (hover information, screenshot hash correlation), API improve… + +(Originally on Twitter: [Tue Dec 17 16:04:41 +0000 2019](https://twitter.com/adulau/status/1206968467020222465)) +---- +@olihough86 @Jan0fficial @alienvault Maybe creating a MISP feed or MISP sync caching is much more appropriate and faster for correlating. + +(Originally on Twitter: [Tue Dec 17 21:24:11 +0000 2019](https://twitter.com/adulau/status/1207048870972317697)) +---- +@Pinboard @NatGaertner You mean Jini is back in business... + +(Originally on Twitter: [Wed Dec 18 16:58:57 +0000 2019](https://twitter.com/adulau/status/1207344511069884416)) +---- +RT @_psrok1: Python 3 version of PNG decryptor & PE reconstructor for steganographic loader used by #Icedid/#bokbot, co-authored with @nazy… + +(Originally on Twitter: [Thu Dec 19 08:21:04 +0000 2019](https://twitter.com/adulau/status/1207576570954764289)) +---- +Thanks to @mokaddem_sami for the incredible @MISPProject cookie. Don’t forget we have a flexible data model for information sharing and we even have a cookie object template ;-) https://www.misp-project.org/objects.html#_cookie ![](media/1207736013466062849-EMK9fcDXkAAQdcK.jpg) + +(Originally on Twitter: [Thu Dec 19 18:54:38 +0000 2019](https://twitter.com/adulau/status/1207736013466062849)) +---- +@cnll_fr Il me semblait que l'on ne limitait pas l'usage (liberté 0) dans la définition du logiciel libre. Que faites-vous alors des logiciels libres qui font de la reconnaissance faciale? https://github.com/ageitgey/face_recognition + +(Originally on Twitter: [Fri Dec 20 08:38:27 +0000 2019](https://twitter.com/adulau/status/1207943333865279494)) +---- +@QW5kcmV3 @1njection @ItsReallyNick @RidT @cglyer Could you explain how you envisage "controlling release" of open source tools? + +(Originally on Twitter: [Fri Dec 20 11:26:26 +0000 2019](https://twitter.com/adulau/status/1207985607965839362)) +---- +My wish for next year, that we forgot about unreal and synthetic "cyber" exercises and work more on real incidents handling at international level; instead of emulating something that doesn't map to the time and space constraints of day-to-day incident response. #dfir + +(Originally on Twitter: [Fri Dec 20 14:17:49 +0000 2019](https://twitter.com/adulau/status/1208028735250804741)) +---- +@aloria Maybe Free-PC ?https://www.nytimes.com/1999/11/30/business/no-more-giveaway-computers-free-pc-to-be-bought-by-emachines.html + +(Originally on Twitter: [Fri Dec 20 14:30:53 +0000 2019](https://twitter.com/adulau/status/1208032026701565957)) +---- +RT @oleksii_o: Academic Twitter is for bragging, right? Well, our paper, "SpecFuzz: Bringing Spectre-type vulnerabilities to the surface" h… + +(Originally on Twitter: [Fri Dec 20 14:37:47 +0000 2019](https://twitter.com/adulau/status/1208033760945541121)) +---- +RT @MISPProject: New @apivoid expansion module for MISP, @circl_lu passive dns and passive SSL/TLS modules have now support for MISP object… + +(Originally on Twitter: [Fri Dec 20 15:19:58 +0000 2019](https://twitter.com/adulau/status/1208044376884236291)) +---- +Don’t fall into the trap. Organizations pushing for the control of security tools (or what they call offensive tool which is the definition of software) are basically willing to create a new CoCom and start a new Crypto War. + +(Originally on Twitter: [Fri Dec 20 18:55:22 +0000 2019](https://twitter.com/adulau/status/1208098586040373249)) +---- +@pro_integritate Sure, my point was only on organisation pushing the legal framework and not contractual agreements per-se during an engagement or private partnership which can be useful. + +(Originally on Twitter: [Fri Dec 20 19:56:25 +0000 2019](https://twitter.com/adulau/status/1208113947859148801)) +---- +RT @wimremes: This. Table top exercises can not simulate a real world incident. The best you can do is lower your treshold and trigger IR p… + +(Originally on Twitter: [Sat Dec 21 11:16:46 +0000 2019](https://twitter.com/adulau/status/1208345562610851840)) +---- +RT @__Thanat0s__: @wimremes @adulau In table top, for example, the logs are always in the right format with a damn good retention.. In real… + +(Originally on Twitter: [Sat Dec 21 18:26:02 +0000 2019](https://twitter.com/adulau/status/1208453592010645505)) +---- +@rafi0t @__Thanat0s__ @wimremes ExploitKit ;-) + +(Originally on Twitter: [Sat Dec 21 22:25:27 +0000 2019](https://twitter.com/adulau/status/1208513843246379012)) +---- +Testing TRAM (by @sarah__yoder ) and it's a clever use of natural language processing toolkits for analysing unstructured CTI report. I also like the fact that the software relies on various key open source projects like newspaper3k, nltk or numpy. +https://twitter.com/MITREattack/status/1208107214130548744 ![](media/1208882300433379329-EMbQCSEVAAE1KZ6.jpg) + +(Originally on Twitter: [Sun Dec 22 22:49:35 +0000 2019](https://twitter.com/adulau/status/1208882300433379329)) +---- +RT @VV_X_7: Happy Holidays @MISPProject ! The blue team @Ubisoft present MISP-K8S: automated high availability MISP + MISP Dashboard deploy… + +(Originally on Twitter: [Mon Dec 23 10:36:55 +0000 2019](https://twitter.com/adulau/status/1209060309270446080)) +---- +@QW5kcmV3 @dyn___ @silascutler @k8em0 @taosecurity FLARE OTF team is most probably using metasploit to support their engagements. Such classification in software is not so binary. That’s why controlling software based on arbitrary classification is prone to many issues. + +(Originally on Twitter: [Mon Dec 23 19:08:34 +0000 2019](https://twitter.com/adulau/status/1209189069676302336)) +---- +RT @nao_sec: #FalloutEK (targeting Japan) -> Unknown malware (Zeus family?)🤔 +(CC: @VK_Intel, @James_inthe_box) +https://app.any.run/tasks/45c1fd75-f12b-4eb6-9119-caaeb99c4316/ http… + +(Originally on Twitter: [Mon Dec 23 21:37:49 +0000 2019](https://twitter.com/adulau/status/1209226628393558018)) +---- +@martijn_grooten 2 cats in one shot ;-) + +(Originally on Twitter: [Tue Dec 24 08:40:50 +0000 2019](https://twitter.com/adulau/status/1209393483993227264)) +---- +RT @jayl0w: I would love to see more of the energy currently dedicated to this debate directed to a constructive effort like this. Sigma is… + +(Originally on Twitter: [Tue Dec 24 13:42:41 +0000 2019](https://twitter.com/adulau/status/1209469445158133760)) +---- +RT @travisgoodspeed: PoC||GTFO 20 is now in print! Get it in Leipzig this week, or in Washington DC at the end of January. https://t.co/8P… + +(Originally on Twitter: [Tue Dec 24 15:54:29 +0000 2019](https://twitter.com/adulau/status/1209502613009567752)) +---- +I released the version 1.0 of git-vuln-finder - Finding potential vulnerabilities in source code repositories by analysing git commit messages. https://github.com/cve-search/git-vuln-finder/releases/tag/v1.0 The next release will include an integration with @MISPProject to allow collaborative review of vulnerabilities. ![](media/1209515007572135936-EMkPfCdXsAYHNz8.jpg) + +(Originally on Twitter: [Tue Dec 24 16:43:44 +0000 2019](https://twitter.com/adulau/status/1209515007572135936)) +---- +@LSELabs The funny part is now the de facto ssldump version on various Linux distributions. I did it as the project was not maintained for years beside the myriad of patches. So it’s still the old ssldump with tons of patches. I didn’t rename it to keep this idea. + +(Originally on Twitter: [Wed Dec 25 16:58:09 +0000 2019](https://twitter.com/adulau/status/1209881025993740288)) +---- +RT @360Netlab: #0-day And sending the captured files to a receiver at 103.82.143.51. Due to the real impact here, we suggest reader looking… + +(Originally on Twitter: [Wed Dec 25 17:01:26 +0000 2019](https://twitter.com/adulau/status/1209881849922834434)) +---- +“An access control weakness in the DTMF tone receiver of Fermax Outdoor Panel allows physical attackers to inject a DTMF tone to invoke an access grant that would allow physical access to a restricted floor/level” DTMF is still fun nowadays. +https://cve.circl.lu/cve/CVE-2017-16778 + + +media/1209883308005429248-EMpeckGWsAI7A9I.mp4 + +(Originally on Twitter: [Wed Dec 25 17:07:13 +0000 2019](https://twitter.com/adulau/status/1209883308005429248)) +---- +RT @fumik0_: Let’s play (again) with Predator the thief https://fumik0.com/2019/12/25/lets-play-again-with-predator-the-thief/ ![](media/1210120188005404672-EMqDwWgWsAASZqY.png) + +(Originally on Twitter: [Thu Dec 26 08:48:30 +0000 2019](https://twitter.com/adulau/status/1210120188005404672)) +---- +@r00tbsd the leather texture is really well done! Very impressive. + +(Originally on Twitter: [Thu Dec 26 15:41:35 +0000 2019](https://twitter.com/adulau/status/1210224144098430978)) +---- +"General Resolution: Init systems and systemd" end of the vote is Friday 2019-12-27 23:59:59 UTC for the debian contributors. +https://www.debian.org/vote/2019/vote_002 + +(Originally on Twitter: [Thu Dec 26 15:42:51 +0000 2019](https://twitter.com/adulau/status/1210224462152568832)) +---- +I'm using more Joplin (an open source note taking application) in a fully self-hosted model. The WebClipper extension is also super nifty to save web pages directly in Markdown format into your synced notes. If you do #OSINT, it's the perfect companion. https://joplinapp.org/ ![](media/1210238391591297024-EMuhZExXYAAd-Vo.jpg) + +(Originally on Twitter: [Thu Dec 26 16:38:12 +0000 2019](https://twitter.com/adulau/status/1210238391591297024)) +---- +@thegrugq @charlesafair https://www.win.tue.nl/~aeb/linux/hh/shimomura-25jan95.txt for more factual information. By the way, the one who wrote the STREAMS kernel module might give more details. Maybe he is not too far away from Twitter. + +(Originally on Twitter: [Thu Dec 26 17:57:22 +0000 2019](https://twitter.com/adulau/status/1210258314933755904)) +---- +@foobar27 I don’t know the state of the Emacs integration. I gave up Emacs in early 2000 ;-) + +(Originally on Twitter: [Thu Dec 26 18:15:57 +0000 2019](https://twitter.com/adulau/status/1210262990840385536)) +---- +@foobar27 I used it for more than 10 years due to my early passion for Lisp but then you discover better sane editors ;-) + +(Originally on Twitter: [Thu Dec 26 18:23:27 +0000 2019](https://twitter.com/adulau/status/1210264877790629888)) +---- +RT @Vishnyak0v: The #BronzeUnion/#LuckyMouse/#APT27 infection checker. Possibly from http://cert.ir +MD5: 86c9e95dcf69f6eca2a176407… + +(Originally on Twitter: [Fri Dec 27 08:29:57 +0000 2019](https://twitter.com/adulau/status/1210477907056959488)) +---- +RT @MISPProject: sightingdb version 0.1 has been released by @tricaud (@devo_Inc) Sighting DB is a fast-lookup database for sightings of at… + +(Originally on Twitter: [Fri Dec 27 10:05:08 +0000 2019](https://twitter.com/adulau/status/1210501859745714176)) +---- +@Vishnyak0v Thanks for sharing, this is interesting (@ir_cert could you confirm that the file is from you & used for detection?) . I just did an import of your tweet in @MISPProject, I love the fact that the file has a detection ratio of 10/70 which give an idea of the A/Vs patterns ![](media/1210512572337840129-EMyawwFXkAAK2Sy.jpg) + +(Originally on Twitter: [Fri Dec 27 10:47:42 +0000 2019](https://twitter.com/adulau/status/1210512572337840129)) +---- +@ir_cert @Vishnyak0v @MISPProject Thanks for the feedback. Don’t hesitate to share the indicators and TTPs within one of the MISP community if you have access. It could be useful for many. + +(Originally on Twitter: [Fri Dec 27 14:43:34 +0000 2019](https://twitter.com/adulau/status/1210571931482820609)) +---- +RT @doegox: Is Proximus filtering websites without justice decisions? I've seen DNS redirections to http://193.191.245.56/ but now there a… + +(Originally on Twitter: [Sat Dec 28 12:57:52 +0000 2019](https://twitter.com/adulau/status/1210907720922087424)) +---- +@doegox @ProximusCSIRT I confirm, as of Today, they block (via DNS) https://sci-hub.se/ and https://sci-hub.tw can @proximus explain the background? I suppose this kind of filtering would be an interesting topic for @Medor_mag or @lesoir + +(Originally on Twitter: [Sat Dec 28 13:02:24 +0000 2019](https://twitter.com/adulau/status/1210908860317343744)) +---- +@QW5kcmV3 It takes time to get capabilities in order to process information received via information sharing communities. We have seen a lot of organisation to first have a look at the information shared before being able to process it. It takes times but it's part of information sharing. + +(Originally on Twitter: [Sat Dec 28 13:10:49 +0000 2019](https://twitter.com/adulau/status/1210910976507351040)) +---- +IMHO, information sharing should include more information that an organisation can currently handle to improve their defense mechanisms and long-term capabilities. Hindering the exchange and sharing would be a stagnation for many organisations. + +(Originally on Twitter: [Sat Dec 28 13:15:22 +0000 2019](https://twitter.com/adulau/status/1210912121283854336)) +---- +@QW5kcmV3 Indeed it's great. That's why we add all those object templates in @MISPProject to support the sharing of contextualized information and especially additional counter-measures or tooling to support detection or remediation for organisations part of one or more sharing community. + +(Originally on Twitter: [Sat Dec 28 13:26:45 +0000 2019](https://twitter.com/adulau/status/1210914989466361856)) +---- +RT @xxByte: I struck on gold. Probably the best sticker in #36c3 ![](media/1210924648478789632-EM4Ox5cWoAYk9XV.jpg) + +(Originally on Twitter: [Sat Dec 28 14:05:08 +0000 2019](https://twitter.com/adulau/status/1210924648478789632)) +---- +Just released v1.1 of my unofficial ssldump repo containing various bugfixes contributed by the community. +https://github.com/adulau/ssldump/releases - https://github.com/adulau/ssldump + +(Originally on Twitter: [Sat Dec 28 14:57:58 +0000 2019](https://twitter.com/adulau/status/1210937942828625920)) +---- +@droecher I forced the use of Linux for my in-laws (if they want some support) nevertheless I had to do the following: +- apt-get update/upgrade +- remove old kernel images in an overloaded /boot partition +- check suspicious forwarding rules in various web mail +- review audit logs in webmail + +(Originally on Twitter: [Sat Dec 28 18:57:20 +0000 2019](https://twitter.com/adulau/status/1210998182525714433)) +---- +RT @oscd_initiative: OSCD: Threat Detection Sprint #1 Summary has been published. +Thanks to all the participants and those who helped with… + +(Originally on Twitter: [Sun Dec 29 19:50:33 +0000 2019](https://twitter.com/adulau/status/1211373964154589185)) +---- +You released your content under a free creative common license for years. You change your mind and want to move to a proprietary license? Abuse the GDPR and just claim it’s a requirement to change the license. @maxmind just did it... +https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/ + + +media/1211721568252047361-ENDmVYgXkAEvuii.mp4 + +(Originally on Twitter: [Mon Dec 30 18:51:49 +0000 2019](https://twitter.com/adulau/status/1211721568252047361)) +---- +RT @veorq: it's out https://eprint.iacr.org/2019/1492 + +will present it at @RealWorldCrypto + +the paper I'm the proudest of + +thanks to @sevenps http… + +(Originally on Twitter: [Mon Dec 30 21:17:05 +0000 2019](https://twitter.com/adulau/status/1211758127210795010)) +---- +RT @kurtgn: Looking back on 2019 I have learned that by sharing cybersecurity data members of the community are able to lessen the time fro… + +(Originally on Twitter: [Tue Dec 31 10:20:13 +0000 2019](https://twitter.com/adulau/status/1211955208735072257)) +---- +@rafi0t @SteveClement Bric-à-brac sounds like a proper term for something that you cannot obviously eat or maybe it’s a “cabinet of curiosities” or Wunderkammer which could be listed in @atlasobscura + +(Originally on Twitter: [Tue Dec 31 10:58:47 +0000 2019](https://twitter.com/adulau/status/1211964916241965056)) +---- +RT @MISPProject: Happy New Year! Thanks to all the 400+ contributors who contributed to the MISP project to improve information sharing and… + +(Originally on Twitter: [Wed Jan 01 11:14:08 +0000 2020](https://twitter.com/adulau/status/1212331166516367366)) +---- +@pro_integritate Interesting. What is the exact format of the fuzzy hash used? It sounds useful for fuzzy hashing correlation in misp. + +(Originally on Twitter: [Wed Jan 01 15:06:01 +0000 2020](https://twitter.com/adulau/status/1212389521586868224)) +---- +RT @BSidesBrussels: We are delighted to invite you to the first edition of Bsides Brussels on May 28, 2020. With presentations, lightning t… + +(Originally on Twitter: [Wed Jan 01 16:55:31 +0000 2020](https://twitter.com/adulau/status/1212417075886592001)) +---- +RT @ziobrando: The bullshit asimmetry: the amount of energy needed to refute bullshit is an order of magnitude bigger than to produce it. + +(Originally on Twitter: [Wed Jan 01 18:45:21 +0000 2020](https://twitter.com/adulau/status/1212444719319527424)) +---- +RT @martijn_grooten: As I'll be looking for new work in 2020 (part-time or full-time, remote or on-site, temporary or permanent), I created… + +(Originally on Twitter: [Thu Jan 02 11:29:07 +0000 2020](https://twitter.com/adulau/status/1212697322674630656)) +---- +@olihough86 sed -e s/<WOOT>/Your PC/g ? + +(Originally on Twitter: [Thu Jan 02 11:57:30 +0000 2020](https://twitter.com/adulau/status/1212704466044145664)) +---- +@olihough86 That’s my understanding of the script which contains just a replacement field. The sed search-and-replace would do the job. + +(Originally on Twitter: [Thu Jan 02 12:04:01 +0000 2020](https://twitter.com/adulau/status/1212706106570620928)) +---- +"Schemes for Privacy Data Destruction in a NAND Flash Memory" #DFIR + +https://arxiv.org/abs/2001.00522 ![](media/1213141622143279105-ENXx3qeXsAYPOG8.png) + +(Originally on Twitter: [Fri Jan 03 16:54:36 +0000 2020](https://twitter.com/adulau/status/1213141622143279105)) +---- +RT @MISPProject: MISP project maintains an exhaustive list of threat actors with metadata, relationships and synonyms. The format is machin… + +(Originally on Twitter: [Fri Jan 03 17:07:33 +0000 2020](https://twitter.com/adulau/status/1213144882317086721)) +---- +@ssimonsen0202 @LeahLease There is a doc on how to integrate @MISPProject with Microsoft ATP or Azure Sentinel or Microsoft Graph +https://www.circl.lu/doc/misp/connectors/ + +(Originally on Twitter: [Sat Jan 04 10:18:31 +0000 2020](https://twitter.com/adulau/status/1213404331698995202)) +---- +@lukOlejnik @GossiTheDog WannaCry was already mentioned by NATO https://www.nato.int/cps/en/natohq/news_168435.htm?selectedLocale=en as an example. + +(Originally on Twitter: [Sun Jan 05 13:48:23 +0000 2020](https://twitter.com/adulau/status/1213819533456224257)) +---- +@lukOlejnik @GossiTheDog Strange I never saw a link in the thread pointing to NATO but pointing to media website(s). Maybe I’m too old-school because always restricting my searches to the original supposed source domain name;-) + +(Originally on Twitter: [Sun Jan 05 14:03:23 +0000 2020](https://twitter.com/adulau/status/1213823308245979136)) +---- +@AirAssets Thanks for the tracking. Is this really military assets? Cargolux is not really known to carry military assets. + +(Originally on Twitter: [Sun Jan 05 17:50:40 +0000 2020](https://twitter.com/adulau/status/1213880508150624256)) +---- +RT @jwunder: 1 year old...time flies! (yes, that’s a MISP hoodie) ![](media/1214069566789365760-ENkZj0rU8AElmUh.jpg) + +(Originally on Twitter: [Mon Jan 06 06:21:55 +0000 2020](https://twitter.com/adulau/status/1214069566789365760)) +---- +I just did a very simple API to query the threat actors from the @MISPProject galaxy. There is a public API and the server is also open source. You can find threat actors name, synonyms and all meta-data with a simple curl query. #ThreatIntel + +https://github.com/MISP/threat-actor-intelligence-server#api-and-public-api ![](media/1214212363995533313-ENm_tBuVUAIiDhF.png) + +(Originally on Twitter: [Mon Jan 06 15:49:21 +0000 2020](https://twitter.com/adulau/status/1214212363995533313)) +---- +RT @passthesaltcon: Time has came to unleash your brain and submit your talk/workshop idea to the #pts2020 Call For Papers! Only requiremen… + +(Originally on Twitter: [Mon Jan 06 17:39:34 +0000 2020](https://twitter.com/adulau/status/1214240103595425792)) +---- +@MISPProject The concept behind TAI is to provide a permanent URL (using MISP galaxy UUID) per threat-actor regardless of their naming. An example with Aurora Panda/APT 17/Deputy Dog/Group 8/APT17/Hidden Lynx/Tailgater Team/Dogfish. +https://misp-project.org/tai/get/99e30d89-9361-4b73-a999-9e5ff9320bcb ![](media/1214269192360345600-ENnzY_4XkAEH7zy.jpg) + +(Originally on Twitter: [Mon Jan 06 19:35:10 +0000 2020](https://twitter.com/adulau/status/1214269192360345600)) +---- +@Sebdraven @MISPProject Sure, the API is public and can be actively used by other tools. And we love when other open source projects use the information too. + +(Originally on Twitter: [Mon Jan 06 19:43:42 +0000 2020](https://twitter.com/adulau/status/1214271339755913221)) +---- +@likethecoins @redcanaryco Congrats! You did an incredible job with the team to build an open community and improve the day-to-day life of many defense team in the world. Thank you! + +(Originally on Twitter: [Tue Jan 07 07:05:09 +0000 2020](https://twitter.com/adulau/status/1214442833559601152)) +---- +git-vuln-finder (finding potential software vulnerabilities from git commit messages) v1.1 released which can now be used as a library in addition to the command line. The package is now in @pypi thx to https://mastodon.social/@cedricbonhomme + +https://pypi.org/project/git-vuln-finder/ https://github.com/cve-search/git-vuln-finder ![](media/1214501100189048832-ENrGUAhX0AI2V_z.png) + +(Originally on Twitter: [Tue Jan 07 10:56:41 +0000 2020](https://twitter.com/adulau/status/1214501100189048832)) +---- +RT @realhashbreaker: Seriously, stop using SHA-1! SHA-1 chosen-prefix collisions are now practically demonstrated. Beware of ALL possible c… + +(Originally on Twitter: [Tue Jan 07 11:10:32 +0000 2020](https://twitter.com/adulau/status/1214504584619679745)) +---- +@verovaleros I use tcpdump or ipsumdump to extract the top talkers by tuples (ip-src,ip-dst,dst/port/proto) using simple unix tools like awk, uniq and sort. Then I use tail/head to find outliers in the ranked list of tuples. + +(Originally on Twitter: [Wed Jan 08 06:47:38 +0000 2020](https://twitter.com/adulau/status/1214800811785670656)) +---- +@verovaleros In addition I use -A or -X in tcpdump to sort by payload seen, hash and count and do the same as before outlier versus top. ipsumpdump has a nifty option --payload-md5 to do in one shot. + +(Originally on Twitter: [Wed Jan 08 06:50:30 +0000 2020](https://twitter.com/adulau/status/1214801536603303938)) +---- +A good paper about "Cyber Threat Information Sharing: Perceived Benefits and Barriers" my only disagreement is to add "free riding" as a barrier in information sharing. It's not, it means that the information shared is gathered & used to improve security at large. #ThreatIntel ![](media/1215290179189080064-EN2T-LAX4AEJ1V8.jpg) + +(Originally on Twitter: [Thu Jan 09 15:12:12 +0000 2020](https://twitter.com/adulau/status/1215290179189080064)) +---- +@QW5kcmV3 @jorgeorchilles Great intel for @GHSecurityLab and the community instead of an obscure hosting company in Iran, Panama or US without logs. So we can get the IP addresses of the potential victims directly from GitHub and they can share those to CERTs/@FIRSTdotOrg to notify the victims. + +(Originally on Twitter: [Thu Jan 09 15:37:12 +0000 2020](https://twitter.com/adulau/status/1215296472247427072)) +---- +@TheosrsOrg DOI 10.1145/3339252.3340528 Enjoy! + +(Originally on Twitter: [Thu Jan 09 15:37:37 +0000 2020](https://twitter.com/adulau/status/1215296576043864064)) +---- +@fouroctets Indeed. It’s what we are trying to do with the MISP feed in standard MISP format to ease automation. https://www.circl.lu/doc/misp/feed-osint/ but a lot of feeds are still without contextualization. + +(Originally on Twitter: [Thu Jan 09 16:23:21 +0000 2020](https://twitter.com/adulau/status/1215308085344047105)) +---- +@fouroctets Me too. If you can contribute to the sinkhole warning lists feel free https://github.com/MISP/misp-warninglists/blob/master/lists/sinkholes/list.json or other warning lists that would awesome. + +(Originally on Twitter: [Thu Jan 09 16:34:48 +0000 2020](https://twitter.com/adulau/status/1215310965211791360)) +---- +So all the performance and fine tuning done at kernel level for TCP for the past 20 years will be useless for QUIC. Maybe it’s a good opportunity to review all the UDP stacks around and this might benefit at the end to many other protocols relying on UDP. + +(Originally on Twitter: [Sat Jan 11 14:00:12 +0000 2020](https://twitter.com/adulau/status/1215996835359330306)) +---- +@yerden Indeed maybe the buffering aspects and off loading are still potential improvements. + +(Originally on Twitter: [Sat Jan 11 16:18:39 +0000 2020](https://twitter.com/adulau/status/1216031678994489347)) +---- +@zero_B_S @pypi It’s a bit different. A lot of git commits never include any CVE reference, git-vuln-finder has set of patterns to find potential commit fixing security vulnerabilities. Extracting the CVE is only when it is present in the commit which is rarely the case. So you’ll find more ;-) + +(Originally on Twitter: [Sun Jan 12 09:15:11 +0000 2020](https://twitter.com/adulau/status/1216287497350778881)) +---- +@PrivacyMatters We created specific data models in the open source @MISPProject to support the sharing of dark patterns. If you see additional patterns or extension, let us know. https://www.misp-project.org/galaxy.html#_dark_patterns cc @gallypette + +(Originally on Twitter: [Sun Jan 12 09:28:42 +0000 2020](https://twitter.com/adulau/status/1216290899078123520)) +---- +@verovaleros Plastic recycling is very hard and basically a chimera. What we are trying for years at home, it's to avoid or limit plastic at all costs. So the best IMHO is to limit the input of plastic into your home. + +(Originally on Twitter: [Sun Jan 12 12:08:32 +0000 2020](https://twitter.com/adulau/status/1216331120486293510)) +---- +@verovaleros Indeed. For PET,HDPE,PE bottles, cut in 2 parts can be used for plant nursery (and can be still later sent to recycling centers if clean). Larger PET ones can be used as mini greenhouses in your garden to force plant or protect for spring frosts. + +(Originally on Twitter: [Sun Jan 12 12:14:57 +0000 2020](https://twitter.com/adulau/status/1216332738137075712)) +---- +@olihough86 I think they have a @MISPProject instance where you could get the data in misp format. https://cryptolaemus.com/ maybe you should ask @Cryptolaemus1 access or I suppose they could generate a misp feed out of it. If they need some help, we can do it too. + +(Originally on Twitter: [Mon Jan 13 11:12:38 +0000 2020](https://twitter.com/adulau/status/1216679441948139520)) +---- +RT @d4_project: AIL Framework version 2.7 released with an improved tagging system and many bugs fixed. #ThreatIntel + +https://t.co/RXW0WB7… + +(Originally on Twitter: [Mon Jan 13 18:15:19 +0000 2020](https://twitter.com/adulau/status/1216785814027411456)) +---- +RT @malwaremustd1e: A stupid adversary pwned my brand new ARM router w/ #Mirai called FBOT, uses new encoded config alongside decrypted one… + +(Originally on Twitter: [Tue Jan 14 16:07:56 +0000 2020](https://twitter.com/adulau/status/1217116145981054981)) +---- +@d4_project @circl_lu @Terrtia There is a AIL training foreseen in Luxembourg (20th February) https://en.xing-events.com/YHBTLMJ.html for the ones interested. + +(Originally on Twitter: [Wed Jan 15 05:38:34 +0000 2020](https://twitter.com/adulau/status/1217320146894757888)) +---- +RT @MISPProject: MISP trainings the 18th and 19th February in Luxembourg (@C3_Luxembourg) by @circl_lu Don't wait to register and join us.… + +(Originally on Twitter: [Wed Jan 15 07:42:59 +0000 2020](https://twitter.com/adulau/status/1217351457722245120)) +---- +@fo0_ Même constat pour moi. Je trouve que l’acte de lire est sûrement plus intense intellectuellement car on crée un imaginaire complet avec le livre. L'écoute d’un audiobook me semble toujours être comme une activité passive et peu stimulante IMHO. + +(Originally on Twitter: [Wed Jan 15 18:41:52 +0000 2020](https://twitter.com/adulau/status/1217517271704313856)) +---- +RT @Aristot73: congrats @CERT_at @CERT_EE @circl_lu @CERT_Polska_en ! https://twitter.com/ThierryBreton/status/1217441875898130432 + +(Originally on Twitter: [Wed Jan 15 21:22:24 +0000 2020](https://twitter.com/adulau/status/1217557669986390016)) +---- +RT @r00tbsd: With @SecurityBeard and @_vventura we published our research on an actor targeting middle eastern countries (based on the vict… + +(Originally on Twitter: [Fri Jan 17 08:30:36 +0000 2020](https://twitter.com/adulau/status/1218088217490206720)) +---- +RT @jberggren: We just merged initial support for Sigma in Timesketch! It will be available in the next PyPi release. #DFIR ping @blubbfict… + +(Originally on Twitter: [Fri Jan 17 11:33:36 +0000 2020](https://twitter.com/adulau/status/1218134271401086977)) +---- +Some people complaining to OSS maintainers is a way express their frustration of not being able to fork, code and maintain/create open source projects. If you are a maintainer, don’t take it personally. It’s just a human feeling lost. + +(Originally on Twitter: [Fri Jan 17 17:56:11 +0000 2020](https://twitter.com/adulau/status/1218230551301312512)) +---- +RT @asfakian: Be kind to the people that work on OSS projects (sometimes during their free time), build tools for the community and receive… + +(Originally on Twitter: [Fri Jan 17 18:41:47 +0000 2020](https://twitter.com/adulau/status/1218242024341676034)) +---- +RT @MidasNouwens: New paper (for #CHI2020) on dark patterns in consent pop-ups after the GDPR. We (w/ I Liccardi @mikarv @karger L Kagal) s… + +(Originally on Twitter: [Sun Jan 19 22:22:17 +0000 2020](https://twitter.com/adulau/status/1219022291343945728)) +---- +RT @MISPProject: We have been busy during holidays and the next release (for tomorrow) will include a new timeline feature in MISP. All att… + +(Originally on Twitter: [Mon Jan 20 16:08:56 +0000 2020](https://twitter.com/adulau/status/1219290721573900289)) +---- +@malcomvetter We discover a threat actor who basically gives some rewards to their level-1 staff if they gain access to new key targets. This staff is sometime very motivated but with a lack of proper opsec for their infrastructure ;-) + +(Originally on Twitter: [Mon Jan 20 19:17:16 +0000 2020](https://twitter.com/adulau/status/1219338118509350912)) +---- +@GwinizDu I wrote a tool called git-vuln-finder to search for common security-related message in git commits https://github.com/cve-search/git-vuln-finder + +(Originally on Twitter: [Tue Jan 21 11:22:15 +0000 2020](https://twitter.com/adulau/status/1219580964604665857)) +---- +RT @MISPProject: MISP 2.4.120 released including the timeline support on attributes and objects in MISP. This release also includes various… + +(Originally on Twitter: [Tue Jan 21 16:08:27 +0000 2020](https://twitter.com/adulau/status/1219652988802826240)) +---- +@MalwareWisperer @AdAstra247 @MISPProject Maybe adding MISP lookup in the mitaka extension from @ninoseki would be an option https://github.com/ninoseki/mitaka + +(Originally on Twitter: [Tue Jan 21 21:01:57 +0000 2020](https://twitter.com/adulau/status/1219726849716211714)) +---- +@huntingneo @MISPProject @Iglocska @rommelfs This is really cool. Could you share the GitHub link? We can add it in the tools list. + +(Originally on Twitter: [Wed Jan 22 20:09:12 +0000 2020](https://twitter.com/adulau/status/1220075965675659264)) +---- +@huntingneo @MISPProject @Iglocska @rommelfs Great! I love to see clever use of the ZMQ pub-sub. Well done. + +(Originally on Twitter: [Wed Jan 22 20:15:48 +0000 2020](https://twitter.com/adulau/status/1220077625617670147)) +---- +@DCSecuritydk @intelmq @MISPProject I know organisations using IntelMQ as notification engine for abuse handling from various bots source and also from MISP directly. + +(Originally on Twitter: [Wed Jan 22 20:46:30 +0000 2020](https://twitter.com/adulau/status/1220085351609487361)) +---- +@DCSecuritydk @intelmq @MISPProject The other option is to customize the consumption of the pub-sub channel (ZMQ or Kafka) to feed your defense devices or infrastructure. + +(Originally on Twitter: [Wed Jan 22 20:54:16 +0000 2020](https://twitter.com/adulau/status/1220087307006509056)) +---- +My last dream was basically a society without bureaucracy and where I improved my contribution to open source projects by a factor of five. It’s the first time I dreamed about such strong causality. + +(Originally on Twitter: [Wed Jan 22 21:24:05 +0000 2020](https://twitter.com/adulau/status/1220094811438505987)) +---- +@RoninDey Indeed. Maybe someone should share the original analysis report which triggered the vulnerability disclosure in late 2019 at WhatsApp? or is the mp4 sample mentioned the one that triggered the CVD? + +(Originally on Twitter: [Thu Jan 23 07:26:27 +0000 2020](https://twitter.com/adulau/status/1220246400505667584)) +---- +@th3_jiv3r @rafi0t @MISPProject Addiction with pull-requests is always good ;-) + +(Originally on Twitter: [Sat Jan 25 08:22:49 +0000 2020](https://twitter.com/adulau/status/1220985359615582208)) +---- +@thegrugq @mhackling @0xdade A QR code stuck on a box or the back of a folder works really well. + +(Originally on Twitter: [Sat Jan 25 09:36:43 +0000 2020](https://twitter.com/adulau/status/1221003958505889797)) +---- +@olihough86 If you are missing specific object template or alike, don’t hesitate to reach out. + +(Originally on Twitter: [Sat Jan 25 09:51:05 +0000 2020](https://twitter.com/adulau/status/1221007575359115264)) +---- +@thegrugq @mhackling @0xdade To store private keys to access remote services and hide it in plain sight while crossing borders. + +(Originally on Twitter: [Sat Jan 25 09:53:19 +0000 2020](https://twitter.com/adulau/status/1221008137156747265)) +---- +@thegrugq @mhackling @0xdade You can also easily store HOTP tokens in QR code. I did something similar for standard HOTP token on paper some years ago https://github.com/adulau/paper-token but I can update it to output a QR code. + +(Originally on Twitter: [Sat Jan 25 09:57:11 +0000 2020](https://twitter.com/adulau/status/1221009108637245440)) +---- +Threat Bus: a real-time pub/sub broker to get intelligence/indicators from @MISPProject and feed your @Zeekurity in real-time & get sightings from your NIDS to MISP. A clever way to connect efficiently open source security tools. Thanks to @tenzir_company https://github.com/tenzir/threatbus ![](media/1221114167782002689-EPJE0RxXUAEKfP1.jpg) + +(Originally on Twitter: [Sat Jan 25 16:54:39 +0000 2020](https://twitter.com/adulau/status/1221114167782002689)) +---- +RT @Iglocska: @adulau @MISPProject @Zeekurity @tenzir_company Awesome stuff from @Zeekurity - when you don't want to just burn your money o… + +(Originally on Twitter: [Sat Jan 25 17:01:46 +0000 2020](https://twitter.com/adulau/status/1221115959173357570)) +---- +RT @tenzir_company: @adulau @MISPProject @Zeekurity Thanks for shoutout! Now we don’t have to announce the project 😅. It’s still in early… + +(Originally on Twitter: [Sat Jan 25 18:08:31 +0000 2020](https://twitter.com/adulau/status/1221132756526170112)) +---- +RT @dinodaizovi: The claim in the FTI forensics report on Bezos’ iPhone that, “due to end-to-end encryption employed by WhatsApp, it is vir… + +(Originally on Twitter: [Sun Jan 26 08:47:50 +0000 2020](https://twitter.com/adulau/status/1221354045732020224)) +---- +I will be at @FIC_eu next week if you want to discuss about @MISPProject @cve_search @d4_project @circl_lu open source security or even threat intelligence. Booth G10 +https://twitter.com/MISPProject/status/1219909086684336129 + +(Originally on Twitter: [Sun Jan 26 12:15:38 +0000 2020](https://twitter.com/adulau/status/1221406337202114561)) +---- +@ErrataRob at least one is not doing false claims. + +(Originally on Twitter: [Tue Jan 28 06:10:40 +0000 2020](https://twitter.com/adulau/status/1222039269067436032)) +---- +RT @ChicagoCyber: Wish more ISACs shared via MISP rather than commercial TIPs or email distros. https://twitter.com/MISPProject/status/1221746851600392193 + +(Originally on Twitter: [Wed Jan 29 06:10:54 +0000 2020](https://twitter.com/adulau/status/1222401716257247232)) +---- +RT @cyb3rops: I've spent a whole day on Sigma + +Focus: Facilitate contributions + +- New Rule Creation Guide +https://github.com/Neo23x0/sigma/wiki/Rule-Creation-Guide + +- New… + +(Originally on Twitter: [Fri Jan 31 05:20:00 +0000 2020](https://twitter.com/adulau/status/1223113681438797825)) +---- +It’s kind of depressing to listen about anti-European feelings because of Brexit in a train commute between Belgium and Luxembourg. I think we never learn. + +(Originally on Twitter: [Fri Jan 31 06:36:21 +0000 2020](https://twitter.com/adulau/status/1223132893838528512)) +---- +If you have no clue while doing a cyber cyber cyber presentation, always add a random triangle and you'll always be right. + +(Originally on Twitter: [Fri Jan 31 13:19:31 +0000 2020](https://twitter.com/adulau/status/1223234356573097985)) +---- +« La nuit qui vient » de @_saadk est surement une lecture que tout le monde devrait lire pour approcher l’humanisme qui devrait transparaître dans nos sociétés. +https://medium.com/@saad_13773/la-nuit-qui-vient-f4f8ab9f9bec + +(Originally on Twitter: [Fri Jan 31 20:23:23 +0000 2020](https://twitter.com/adulau/status/1223341023855882240)) +---- +RT @VV_X_7: @adulau I have two in my name just in case. + +(Originally on Twitter: [Fri Jan 31 23:18:02 +0000 2020](https://twitter.com/adulau/status/1223384976948854784)) +---- +RT @USCERT_gov: Systems patched for Citrix #CVE-2019-19781 may still be compromised. See @CISAgov's latest Activity Alert at https://t.co/v… + +(Originally on Twitter: [Sat Feb 01 00:47:34 +0000 2020](https://twitter.com/adulau/status/1223407507303030784)) +---- +RT @0xb0bb: I'm releasing ghidra scripts that I made for pwn and reversing tasks, starting with this set of scripts to replace linux/libc m… + +(Originally on Twitter: [Sat Feb 01 06:58:01 +0000 2020](https://twitter.com/adulau/status/1223500736597757952)) +---- +I discovered the work of @MeAllainYann (thx to @Ko97551819) at #FIC2020 with his passion for antique hardware and his craziness about quantum computing. Obviously you should follow his work with @NextgenQ +https://twitter.com/MeAllainYann/status/1221811180420915200 + +(Originally on Twitter: [Sun Feb 02 09:57:47 +0000 2020](https://twitter.com/adulau/status/1223908361198100480)) +---- +@isma_mans Pour le jardinier c’est plutôt « CO2 Capturer/hunter » + +(Originally on Twitter: [Sun Feb 02 16:36:11 +0000 2020](https://twitter.com/adulau/status/1224008623795462147)) +---- +RT @joshua_saxe: 1\ Malware sandboxes are useful but extremely limited. Here's a malware call graph, and in red are the functions the malw… + +(Originally on Twitter: [Sun Feb 02 17:54:10 +0000 2020](https://twitter.com/adulau/status/1224028249027764224)) +---- +RT @RiftWhiteHat: Attention CTF players (and organizers, CTFd v2.0.0 - v2.2.2 has a serious vulnerability (CVE-2020-7245) in which an attac… + +(Originally on Twitter: [Sun Feb 02 18:41:54 +0000 2020](https://twitter.com/adulau/status/1224040261841539072)) +---- +RT @tklengyel: Do you have an open-source cybersecurity project you would like to see being worked on as part of Google Summer of Code? We… + +(Originally on Twitter: [Mon Feb 03 06:37:53 +0000 2020](https://twitter.com/adulau/status/1224220446343692288)) +---- +RT @d4_project: AIL Framework version 2.9 released with a critical security fix (CVE-2020-8545) and minor bugs fixed. We strongly recommend… + +(Originally on Twitter: [Mon Feb 03 16:11:16 +0000 2020](https://twitter.com/adulau/status/1224364740400635904)) +---- +Weiner's Law of Libraries: «There are no answers, only cross references » after a long read of computer security papers. + +(Originally on Twitter: [Mon Feb 03 18:11:44 +0000 2020](https://twitter.com/adulau/status/1224395058704678913)) +---- +RT @MISPProject: We published a clarification on our website in regards to the use of AGPL as it pertains to the MISP core software. +https… + +(Originally on Twitter: [Tue Feb 04 09:02:35 +0000 2020](https://twitter.com/adulau/status/1224619246661046275)) +---- +RT @MISPProject: We (@adulau and @Iglocska from @circl_lu) will be at the @FIRSTdotOrg FIRST Cyber Threat Intelligence Symposium in Zurich… + +(Originally on Twitter: [Tue Feb 04 16:29:55 +0000 2020](https://twitter.com/adulau/status/1224731823139323904)) +---- +RT @doegox: #iroftheday /8 Choose carefully your black felt if you want to mask sensitive data... +Material: defiltered EOS 50D + 950nm filt… + +(Originally on Twitter: [Tue Feb 04 18:20:23 +0000 2020](https://twitter.com/adulau/status/1224759622273204225)) +---- +In November 2015, we designed (in a cafe in Bruxelles) a simple JSON format to solve the use of unstructured tags in MISP (mainly for the TLP classification). Today, we have 112 public taxonomies to support a wide range of use-cases in sharing communities. +https://twitter.com/MISPProject/status/1224942890234863617 + +(Originally on Twitter: [Wed Feb 05 06:41:45 +0000 2020](https://twitter.com/adulau/status/1224946194071326720)) +---- +@fo0_ Faire la mule de transport pour de la cocaïne, cela me semble une bonne stratégie. Maintenant, c'est aussi risquer pour elle si tu es aussi dans le même business ;-) + +(Originally on Twitter: [Wed Feb 05 13:55:37 +0000 2020](https://twitter.com/adulau/status/1225055379488419840)) +---- +RT @AGertani: So #Dridex #Malware is moving away from "Installing" & "Installed" DebugStrings to some random strings utilizing CryptGenRand… + +(Originally on Twitter: [Thu Feb 06 05:38:14 +0000 2020](https://twitter.com/adulau/status/1225292595963858946)) +---- +"Bicycle Attacks Considered Harmful: Quantifying the Damage of Widespread Password Length Leakage" + +https://arxiv.org/abs/2002.01513 ![](media/1225352683747454976-EQFTptPWsAYL8-g.png) + +(Originally on Twitter: [Thu Feb 06 09:37:00 +0000 2020](https://twitter.com/adulau/status/1225352683747454976)) +---- +@xme @ddurvaux Did they really put the IDS/automation to true? + +(Originally on Twitter: [Thu Feb 06 16:38:49 +0000 2020](https://twitter.com/adulau/status/1225458838335295494)) +---- +@xme @treyka What about the good old token ring cable with the huge black connector? + +(Originally on Twitter: [Thu Feb 06 16:40:25 +0000 2020](https://twitter.com/adulau/status/1225459238786523138)) +---- +RT @MISPProject: We would like to thank @inea_eu & especially @ErikaMagonara who helped us to drive the MISP-NG action into a tremendous su… + +(Originally on Twitter: [Fri Feb 07 10:51:38 +0000 2020](https://twitter.com/adulau/status/1225733852708077574)) +---- +RT @Sebdraven: My new article: APT40 in Malaysia + +With the advisory of Malaysian CERT I found link with differents campaign by #APT40 + +htt… + +(Originally on Twitter: [Fri Feb 07 15:23:08 +0000 2020](https://twitter.com/adulau/status/1225802180407517185)) +---- +If you read academic papers mentioning « Adaptive Autonomous Cyber Deception System » or something similar, just replace it with insecure high-interaction honeypot. It’s just fine. + +(Originally on Twitter: [Fri Feb 07 15:30:16 +0000 2020](https://twitter.com/adulau/status/1225803975305433088)) +---- +RT @Botconf: The #Botconf2020 call for submissions is now online https://www.botconf.eu/botconf-2020/call-for-papers-2020/ - Prepare to join us next December in Nantes, subm… + +(Originally on Twitter: [Sun Feb 09 12:56:36 +0000 2020](https://twitter.com/adulau/status/1226490079734042625)) +---- +RT @shotgunner101: @malwrhunterteam @jpcert_en The fact Emotet is on the defensive for one, being forced to redirect resources to R&D again… + +(Originally on Twitter: [Mon Feb 10 08:15:35 +0000 2020](https://twitter.com/adulau/status/1226781747838357504)) +---- +RT @blackswanburst: Do you know someone who has worked done epic incident response year after year and deserves some recognition? @FIRSTdot… + +(Originally on Twitter: [Mon Feb 10 10:09:31 +0000 2020](https://twitter.com/adulau/status/1226810420608077824)) +---- +Don’t forget when you see information panels in airports crashing, relying on outdated software, booting up with insecure settings or randomly rebooting. It’s just the tip of the iceberg, think about all the hardware and software that you don’t directly see. + +(Originally on Twitter: [Tue Feb 11 05:24:22 +0000 2020](https://twitter.com/adulau/status/1227101047425990656)) +---- +RT @LucDockendorf: @adulau ...some of which helps to carry you at a speed of hundreds of kilometres an hour, several kilometres above the g… + +(Originally on Twitter: [Tue Feb 11 05:30:36 +0000 2020](https://twitter.com/adulau/status/1227102615600799744)) +---- +RT @Ko97551819: Intensive trainings week at @offensive_con @therealsaumil +I'll try to take off for pictures after class +❤️🇦🇲 BERLIN https:/… + +(Originally on Twitter: [Tue Feb 11 10:05:03 +0000 2020](https://twitter.com/adulau/status/1227171681577426945)) +---- +This can be partially solved by a coordinated responsible disclosure. If you found any PII while practicing DFIR on purchased hardware, notify the owner (or via a CERT) It will be useful for incident notification and a reminder for media sanitization. https://mobile.twitter.com/attrc/status/1226955093318230016 + +(Originally on Twitter: [Tue Feb 11 10:33:07 +0000 2020](https://twitter.com/adulau/status/1227178744617537536)) +---- +@TheosrsOrg Indeed, I used the text for the @hack_lu t-shirt some years ago ;-) + +(Originally on Twitter: [Wed Feb 12 15:16:10 +0000 2020](https://twitter.com/adulau/status/1227612363744043008)) +---- +RT @MISPProject: A new version of MISP (2.4.121) has been released. This version is a security/bug fix release and users are highly encoura… + +(Originally on Twitter: [Wed Feb 12 20:21:03 +0000 2020](https://twitter.com/adulau/status/1227689091657019392)) +---- +Frequent travelling is often an exhausting exercise. Nevertheless it’s becoming a more pleasant experience when you meet incredible human in your journeys. ![](media/1227806505136730112-EQoKcekX0AAhIGf.jpg) + +(Originally on Twitter: [Thu Feb 13 04:07:37 +0000 2020](https://twitter.com/adulau/status/1227806505136730112)) +---- +@iamNohwar @ArxSys The git repo is available. + +(Originally on Twitter: [Thu Feb 13 13:57:35 +0000 2020](https://twitter.com/adulau/status/1227954979060752384)) +---- +RT @Ko97551819: Slides of Monday workshop at @offensive_con Firmware extraction and analysis are available on http://Github.com/C00kie-/workshop-materials, we a… + +(Originally on Twitter: [Thu Feb 13 16:49:53 +0000 2020](https://twitter.com/adulau/status/1227998336252366849)) +---- +When @Ko97551819 presented her firmware extraction workshop at @hack_lu 2019, she presented a new territory to explore in hardware and firmware reconnaissance/intel for security. The git repository is a bootstrap for collaboration on the topic. + +https://mobile.twitter.com/Ko97551819/status/1227994722133782528 + +(Originally on Twitter: [Fri Feb 14 06:23:46 +0000 2020](https://twitter.com/adulau/status/1228203158574264320)) +---- +Operational logs contain lot of potential under used information, like the standard OpenSSH logging. In @d4_project we built a set of very simple open source tools to collect unused logging for the benefit of the community. -> +https://www.d4-project.org/2020/02/12/analyzer-d4-log.html @Vecchi_Paolo @gallypette + +(Originally on Twitter: [Fri Feb 14 06:32:01 +0000 2020](https://twitter.com/adulau/status/1228205232485588994)) +---- +RT @halvarflake: It was very satisfying to be able to use BinDiff from Ghidra this week. I am not switching away from IDA, but ot is nice t… + +(Originally on Twitter: [Fri Feb 14 06:33:59 +0000 2020](https://twitter.com/adulau/status/1228205730164957186)) +---- +@Vecchi_Paolo @d4_project @gallypette Sure. The d4 analyzer can be customised to support fail2ban logs. You can already send the info to the public d4 collector. + +(Originally on Twitter: [Fri Feb 14 06:44:04 +0000 2020](https://twitter.com/adulau/status/1228208266053709824)) +---- +RT @DC11331: Hello dear hackers ! Our next meetup will be on Tuesday the 25th, yay, Tuesday ;) and our dear guest are @adulau for "Document… + +(Originally on Twitter: [Fri Feb 14 14:50:34 +0000 2020](https://twitter.com/adulau/status/1228330699389833216)) +---- +RT @MISPProject: Tuesday the 25th February in Paris for @DC11331 @adulau will present some crazy usages of MISP to document & track enemies… + +(Originally on Twitter: [Fri Feb 14 14:59:44 +0000 2020](https://twitter.com/adulau/status/1228333004579319814)) +---- +@_Kitetoa_ @bluetouff @TouitTouit @NicolasVivant ah Netis les routeurs qui avaient une belle backdoor en UDP. https://blog.trendmicro.com/trendlabs-security-intelligence/netis-routers-leave-wide-open-backdoor/ Entre (), on voit encore des paquets pour infecter ce genre de routeur en 2020. + +(Originally on Twitter: [Fri Feb 14 16:53:03 +0000 2020](https://twitter.com/adulau/status/1228361522168127488)) +---- +books are saving us ![](media/1228437434775621634-EQxJUzDX0AAlbTT.jpg) + +(Originally on Twitter: [Fri Feb 14 21:54:42 +0000 2020](https://twitter.com/adulau/status/1228437434775621634)) +---- +RT @_saadk: Everybody. + +Everybody should read. + +https://twitter.com/adulau/status/1228437434775621634 ![](media/1228556326424469505-EQxNSZLXUAAaLIo.jpg) + +(Originally on Twitter: [Sat Feb 15 05:47:08 +0000 2020](https://twitter.com/adulau/status/1228556326424469505)) +---- +RT @_saadk: books are saving us, a reprise. +https://twitter.com/adulau/status/1228437434775621634?s=20 ![](media/1228556349199585280-EQxMpE-WAAEfJOY.jpg) + +(Originally on Twitter: [Sat Feb 15 05:47:13 +0000 2020](https://twitter.com/adulau/status/1228556349199585280)) +---- +RT @g0ul4g: Great talk by @a13xp0p0v about CVE-2019-18683 exploitation in Linux v4l2. Clear and pedagogical with beamer slides #OffensiveCo… + +(Originally on Twitter: [Sat Feb 15 12:36:51 +0000 2020](https://twitter.com/adulau/status/1228659433867182081)) +---- +RT @_saadk: Open your eyes. Look around you. There are many paths aside from the one they've laid before you. + +#TheArtofGettingLost https:/… + +(Originally on Twitter: [Sun Feb 16 09:30:13 +0000 2020](https://twitter.com/adulau/status/1228974854600372224)) +---- +RT @ClearskySec: We have published a new report: Fox Kitten - Widespread Iranian Espionage-Offensive Campaign. +https://www.clearskysec.com/fox-kitten/ + +#AP… + +(Originally on Twitter: [Sun Feb 16 16:08:11 +0000 2020](https://twitter.com/adulau/status/1229075008137375744)) +---- +RT @halvarflake: Slides for my keynote: https://docs.google.com/presentation/d/1YcBqgccBcdn5-v80OX8NTYdu_-qRmrwfejlEx6eq-4E/edit?usp=drivesdk + +(Originally on Twitter: [Sun Feb 16 22:02:12 +0000 2020](https://twitter.com/adulau/status/1229164096920195074)) +---- +RT @MISPProject: "Scoring model for IoCs by combining open intelligence feeds to reduce false positives" https://work.delaat.net/rp/2019-2020/p55/report.pdf A paper ab… + +(Originally on Twitter: [Mon Feb 17 09:54:17 +0000 2020](https://twitter.com/adulau/status/1229343300374716416)) +---- +"MAGNETO: Fingerprinting USB Flash Drives via Unintentional Magnetic Emissions" and you can detect passively "Rubber Ducky" when powered... #tempest +https://arxiv.org/pdf/2002.05905.pdf ![](media/1229358116904620032-EQ-OUdqW4AEs0RY.jpg) + +(Originally on Twitter: [Mon Feb 17 10:53:10 +0000 2020](https://twitter.com/adulau/status/1229358116904620032)) +---- +I’ll be at @DC11331 in Paris next Tuesday (25/02) to talk about crazy usage of @MISPProject where people and organisations can have funky and obscure information sharing models. #CTIcanBEfun + +https://dc11331.com/next-meetup/ + + +media/1229517535260946433-ERAfrQjWoAMbzPI.mp4 + +(Originally on Twitter: [Mon Feb 17 21:26:38 +0000 2020](https://twitter.com/adulau/status/1229517535260946433)) +---- +RT @fr0gger_: Awesome content about binary deobfuscation! #UnprotectProject #Malware https://github.com/malrev/ABD/blob/master/Advanced-Binary-Deobfuscation.pdf + +(Originally on Twitter: [Tue Feb 18 06:24:52 +0000 2020](https://twitter.com/adulau/status/1229652988593164292)) +---- +RT @DennisRand: Det er rigtigt godt at se den allerede voksende opbakning for et Dansk MISP Threat Sharing Community fra såvel private som… + +(Originally on Twitter: [Tue Feb 18 06:45:47 +0000 2020](https://twitter.com/adulau/status/1229658250347458560)) +---- +RT @cbrocas: @abrianceau @MaKyOtOx @Herve_Schauer @ValeryMarchive @circl_lu @ANSSI_FR @acervoise @AccidentalCISO 3 suggestions: Threat inte… + +(Originally on Twitter: [Tue Feb 18 20:10:03 +0000 2020](https://twitter.com/adulau/status/1229860650744238082)) +---- +“IMP4GT: IMPersonation Attacks in 4G NeTworks” sounds like a pretty big deal for 4G while reading the paper. + +https://imp4gt-attacks.net/media/imp4gt_camera_ready.pdf ![](media/1230017065941073921-ERHlpsAWAAACW6g.jpg) + +(Originally on Twitter: [Wed Feb 19 06:31:35 +0000 2020](https://twitter.com/adulau/status/1230017065941073921)) +---- +Every second is the beginning of something. ![](media/1230165465894412290-ERJs8f2XYAAsWk6.jpg) + +(Originally on Twitter: [Wed Feb 19 16:21:17 +0000 2020](https://twitter.com/adulau/status/1230165465894412290)) +---- +RT @d4_project: During the AIL training at @circl_lu we discovered a nice campaign where the attacker used a fixed padding of 126 bytes enc… + +(Originally on Twitter: [Thu Feb 20 14:30:34 +0000 2020](https://twitter.com/adulau/status/1230499991074082817)) +---- +RT @Ko97551819: 🙏 It's a pleasure to announce I'll be presenting a workshop on #reverse #engineering embedded devices at @nullcon on March.… + +(Originally on Twitter: [Fri Feb 21 06:33:37 +0000 2020](https://twitter.com/adulau/status/1230742350986506240)) +---- +RT @privacy_issues: Find the crash course on #DarkPatterns in this thread: Report by the German Parliament and the open source directory of… + +(Originally on Twitter: [Fri Feb 21 10:15:25 +0000 2020](https://twitter.com/adulau/status/1230798169228922880)) +---- +RT @d4_project: AIL Framework version 3.0 has been released with full @MISPProject standard format export/import and small improvements. #T… + +(Originally on Twitter: [Fri Feb 21 15:24:53 +0000 2020](https://twitter.com/adulau/status/1230876050298736640)) +---- +@0xtf @sissden maybe you would like to join us regarding @d4_project ? + +(Originally on Twitter: [Fri Feb 21 17:32:52 +0000 2020](https://twitter.com/adulau/status/1230908258698825729)) +---- +@goenie @d4_project @MISPProject @Terrtia @circl_lu The picture in the middle shows the interface of export where you can select objects from AIL and how deep you want to gather the relationships and it export a MISP with the set of objects selected. + +(Originally on Twitter: [Sat Feb 22 08:02:13 +0000 2020](https://twitter.com/adulau/status/1231127037726863360)) +---- +RT @dfaranha: Are you failing hard in some aspect of your crypto research? Submit to CFAIL 2020 and come fail with us! + +https://t.co/V0w0BG… + +(Originally on Twitter: [Sat Feb 22 14:05:04 +0000 2020](https://twitter.com/adulau/status/1231218352422563840)) +---- +RT @MiasmRe: For the first time in Miasm : documentation! +https://github.com/cea-sec/miasm/pull/1142 + +(Originally on Twitter: [Sun Feb 23 13:43:55 +0000 2020](https://twitter.com/adulau/status/1231575414520328192)) +---- +RT @kasifdekel: #vtgrep plugin for @GHIDRA_RE, with extended abilities to customize the query. can be found here: https://github.com/kasif-dekel/random-stuff/blob/master/VTgrepGHIDRA.JAVA h… + +(Originally on Twitter: [Mon Feb 24 09:39:56 +0000 2020](https://twitter.com/adulau/status/1231876401910906881)) +---- +RT @Ko97551819: It's tomorrowww @DC11331 +@adulau @sk0ll1 @F_kZ_ @GlaCiuS_ @gentilkiwi @kalin0x @erik1o6 🎤🍟🍟🍟🍟🍟🍟🍟🍟🍟🍟🍟🍟🍟🍟🍟🍟🍟🍟🍟🍟🍟🍟https://t.co… + +(Originally on Twitter: [Mon Feb 24 12:57:24 +0000 2020](https://twitter.com/adulau/status/1231926097933197312)) +---- +@Ko97551819 @DC11331 @sk0ll1 @F_kZ_ @GlaCiuS_ @gentilkiwi @kalin0x @erik1o6 A good reminder to prepare my slides in time. See you there! + + +media/1231927603407269888-ERivnruXYAQla9c.mp4 + +(Originally on Twitter: [Mon Feb 24 13:03:23 +0000 2020](https://twitter.com/adulau/status/1231927603407269888)) +---- +@wimremes Happy birthday! + +(Originally on Twitter: [Mon Feb 24 14:58:34 +0000 2020](https://twitter.com/adulau/status/1231956590661701634)) +---- +RT @Aristot73: you know what they say about threat models... everyone has their own - that's it. + +(Originally on Twitter: [Mon Feb 24 15:20:14 +0000 2020](https://twitter.com/adulau/status/1231962044418666496)) +---- +RT @anttitikkanen: Latest Chrome update patches CVE-2020-6418, 0day found in the wild by @_clem1 : https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html?m=1 https://t.co/K2G… + +(Originally on Twitter: [Tue Feb 25 09:36:29 +0000 2020](https://twitter.com/adulau/status/1232237925330538498)) +---- +RT @MISPProject: New object templates added to support the documenting and sharing of IoT devices analysis/reversing. Thanks to @Ko97551819… + +(Originally on Twitter: [Tue Feb 25 10:37:50 +0000 2020](https://twitter.com/adulau/status/1232253364462923777)) +---- +RT @taviso: @0xMatt @ajcaruso Clicking on untrusted links is also a fully supported security boundary. It is totally acceptable to click on… + +(Originally on Twitter: [Wed Feb 26 09:00:36 +0000 2020](https://twitter.com/adulau/status/1232591280275894273)) +---- +RT @malwaremustd1e: Never seen this #ELF, but this is a #IoT #malware dropper/installer w/persistence in "cron.hourly", multi arch, encrypt… + +(Originally on Twitter: [Thu Feb 27 15:46:43 +0000 2020](https://twitter.com/adulau/status/1233055873481789440)) +---- +RT @Ko97551819: Thanks all for coming on Tuesday @DC11331 it was great! Thanks @yop_solo for the last min place, 😁👍@adulau @MISPProject an… + +(Originally on Twitter: [Thu Feb 27 16:58:37 +0000 2020](https://twitter.com/adulau/status/1233073967214317571)) +---- +RT @Ko97551819: It was also very nice to have a conversation about #pratical needs for #contribution to Open-source project in the IoT fiel… + +(Originally on Twitter: [Thu Feb 27 17:09:06 +0000 2020](https://twitter.com/adulau/status/1233076605062393856)) +---- +RT @NVISO_Labs: This morning, PoC code to abuse CVE-2020-0688 (Microsoft Exchange Validation Key Remote Code Execution Vulnerability) was r… + +(Originally on Twitter: [Thu Feb 27 17:24:35 +0000 2020](https://twitter.com/adulau/status/1233080501348507649)) +---- +@bp256r1 http://www.misp-standard.org and also https://github.com/MISP/misp-training + +(Originally on Twitter: [Thu Feb 27 17:35:09 +0000 2020](https://twitter.com/adulau/status/1233083160008839170)) +---- +RT @Caccia7r1c3: To the @VZDBIR folks ... I am looking to create an object for MISP so that i can be adding the right attributes over the y… + +(Originally on Twitter: [Thu Feb 27 17:39:28 +0000 2020](https://twitter.com/adulau/status/1233084247038218241)) +---- +@Caccia7r1c3 @VZDBIR Sure. Do you have a structure in the document? I can help you to build a MISP object template. + +(Originally on Twitter: [Thu Feb 27 17:40:15 +0000 2020](https://twitter.com/adulau/status/1233084444594057219)) +---- +@Caccia7r1c3 @VZDBIR I think it’s more a mix of new MISP object templates along with the Veris taxonomies (available in the MISP taxonomies) https://www.misp-project.org/taxonomies.html#_veris . If you see something missing, let me know. + +(Originally on Twitter: [Thu Feb 27 21:12:39 +0000 2020](https://twitter.com/adulau/status/1233137895256580102)) +---- +You know what’s great while reversing hardware equipments. The stuff are so complex nowadays that you have always a part that looks like the eighties because someone forgot about it. ![](media/1233314040044236800-ER2cgKMX0AA6Z1m.jpg) + +(Originally on Twitter: [Fri Feb 28 08:52:35 +0000 2020](https://twitter.com/adulau/status/1233314040044236800)) +---- +@Ko97551819 + + +media/1233331385382920192-ER2sWjwWsAAgTc2.mp4 + +(Originally on Twitter: [Fri Feb 28 10:01:31 +0000 2020](https://twitter.com/adulau/status/1233331385382920192)) +---- +RT @MISPProject: MISP 2.4.122 has been released including critical bug fixes and some minor new features. #ThreatIntel #CTI + +https://t.co/l… + +(Originally on Twitter: [Fri Feb 28 19:04:22 +0000 2020](https://twitter.com/adulau/status/1233468000344379393)) +---- +RT @gentilkiwi: #mimikatz is now able to decrypt Credential Guard blobs when you have access to Secure Worlds keys (here a vmem file of VMW… + +(Originally on Twitter: [Fri Feb 28 19:28:52 +0000 2020](https://twitter.com/adulau/status/1233474165832912896)) +---- +RT @DrunkBinary: Turla Implants 9 +db1156b072d58acdac1aeab9af2160a2 +f93ce76f6580d68a95260198b2d6feaa +a5e8e5633bb06f12a511011d6adb3a83 +031782… + +(Originally on Twitter: [Fri Feb 28 20:15:17 +0000 2020](https://twitter.com/adulau/status/1233485844696227841)) +---- +RT @rafi0t: Sooo because I know how to party on Friday night, here a quick and dirty importer to @MISPProject format for the #COVID19 data… + +(Originally on Twitter: [Sat Feb 29 07:55:33 +0000 2020](https://twitter.com/adulau/status/1233662075609796608)) +---- +RT @MISPProject: Don't forget MISP is a versatile open source platform for information sharing and yes it can be used to share #COVID19 inf… + +(Originally on Twitter: [Sat Feb 29 08:06:39 +0000 2020](https://twitter.com/adulau/status/1233664869137879041)) +---- +Photography is often a way to be more present in our societies. You can even say photography is a kind of social engineering. But sometime it’s much more than that and it really gives a meaning to your life. ![](media/1233680918520508416-ER7qET7WsAAXgJS.jpg) + +(Originally on Twitter: [Sat Feb 29 09:10:26 +0000 2020](https://twitter.com/adulau/status/1233680918520508416)) +---- +@martijn_grooten It’s a graft. Pretty common for fruit trees. + +(Originally on Twitter: [Sat Feb 29 09:39:40 +0000 2020](https://twitter.com/adulau/status/1233688274457300992)) +---- +RT @quarkslab: [TOOL] QBDI v0.7.1. our dynamic binary instrumentation framework, is out. A lot of love and new features brought by Nicolas… + +(Originally on Twitter: [Sat Feb 29 15:58:30 +0000 2020](https://twitter.com/adulau/status/1233783612761427968)) +---- +RT @rafi0t: And you have other datasets at hand you would like to convert to @MISPProject format, please get in touch, and who know what I'… + +(Originally on Twitter: [Sat Feb 29 15:58:47 +0000 2020](https://twitter.com/adulau/status/1233783682860752896)) +---- +RT @sweis: 892-bit RSA (historically called RSA-250 in decimal digits), and has been factored by Boudot, Gaudry, Guillevic, Heninger, Thome… + +(Originally on Twitter: [Sat Feb 29 16:22:06 +0000 2020](https://twitter.com/adulau/status/1233789552415956994)) +---- +RT @raymondh: #Python tip: Regular expressions can be challenging to learn, to read, and to debug. My friend @r1chardj0n3s wrote a parse… + +(Originally on Twitter: [Sun Mar 01 12:29:14 +0000 2020](https://twitter.com/adulau/status/1234093336509796352)) +---- +@_CPResearch_ @Arkbird_SOLG What’s the license of the encyclopedia? I would like to make a @MISPProject galaxy out of it. Thanks a lot. + +(Originally on Twitter: [Sun Mar 01 16:07:42 +0000 2020](https://twitter.com/adulau/status/1234148315404677120)) +---- +@_CPResearch_ @Arkbird_SOLG @MISPProject Thank you! I’ll have a look to make a MISP galaxy out of it. + +(Originally on Twitter: [Sun Mar 01 17:24:39 +0000 2020](https://twitter.com/adulau/status/1234167681592459264)) +---- +@kp625544 @_CPResearch_ @Arkbird_SOLG @MISPProject MISP is open source. Check out the download page on http://misp-project.org + +(Originally on Twitter: [Sun Mar 01 19:59:53 +0000 2020](https://twitter.com/adulau/status/1234206748145221632)) +---- +@kp625544 @_CPResearch_ @Arkbird_SOLG @MISPProject There are different information sharing communities such as the @circl_lu one, you can get in touch via info(AT)circl(DOT)lu to get access. + +(Originally on Twitter: [Mon Mar 02 05:36:41 +0000 2020](https://twitter.com/adulau/status/1234351904517500928)) +---- +RT @MISPProject: If you want to easily lookup threat actor names or synonyms, we expose a public ReST API of the threat actor MISP galaxy.… + +(Originally on Twitter: [Mon Mar 02 07:36:35 +0000 2020](https://twitter.com/adulau/status/1234382076968919040)) +---- +After years of @MISPProject trainings and workshop, we can safely say that structured information & intelligence sharing is a reality in many organisations. It takes time but it’s now a solid piece to support analysts day-to-day activities. This changes how sharing is perceived. + +(Originally on Twitter: [Mon Mar 02 10:11:22 +0000 2020](https://twitter.com/adulau/status/1234421030782996480)) +---- +RT @Iglocska: Some serious improvements for the new dashboard system in @MISPProject coming up tonight, including widgets that help us keep… + +(Originally on Twitter: [Tue Mar 03 11:46:42 +0000 2020](https://twitter.com/adulau/status/1234807410746937344)) +---- +RT @FIRSTdotOrg: FIRST has made the difficult decision to cancel the CTI Symposium in Zurich. The decision was made with the well-being of… + +(Originally on Twitter: [Tue Mar 03 11:46:53 +0000 2020](https://twitter.com/adulau/status/1234807456867508225)) +---- +RT @Sebdraven: .@MISPProject and @malpedia it's enough to start a CTI activities, with @MaltegoHQ and MISP-Maltego of @cvandeplas it's 😍 + +(Originally on Twitter: [Wed Mar 04 15:48:49 +0000 2020](https://twitter.com/adulau/status/1235230727433793536)) +---- +RT @MISPProject: Visualise all the things - "Building dashboard widgets for @MISPProject" A quick introduction to developing your widgets i… + +(Originally on Twitter: [Thu Mar 05 09:39:57 +0000 2020](https://twitter.com/adulau/status/1235500285616959488)) +---- +"Revisiting Security Vulnerabilities in Commercial Password Managers" +https://arxiv.org/pdf/2003.01985.pdf ![](media/1235550393200979971-ESWOegIWsAYZ5bK.png) + +(Originally on Twitter: [Thu Mar 05 12:59:03 +0000 2020](https://twitter.com/adulau/status/1235550393200979971)) +---- +“Do penguins’ vocal sequences conform to linguistic laws?” Zipf’s law applies to their vocal sequences... Thanks to @Ko97551819 for pointing me to this article. +https://royalsocietypublishing.org/doi/pdf/10.1098/rsbl.2019.0589 + +(Originally on Twitter: [Thu Mar 05 19:07:59 +0000 2020](https://twitter.com/adulau/status/1235643238037499908)) +---- +RT @verac_m: @adulau When we realize that security vendors are not necessarily better than others at handling responsible disclosure, no wo… + +(Originally on Twitter: [Fri Mar 06 06:23:10 +0000 2020](https://twitter.com/adulau/status/1235813153839046656)) +---- +@verac_m @newsoft Economy is driving this. I have seen a TIP vendor blaming an open source TIP because of the number of CVEs assigned to the open source projects. And of course, the proprietary vendor has zero CVE assigned ;-) As long there is no economical incentive to do it, it will remain shit. + +(Originally on Twitter: [Fri Mar 06 06:28:54 +0000 2020](https://twitter.com/adulau/status/1235814593898795011)) +---- +RT @_saadk: @verac_m @adulau @newsoft What consumers are doing about? Where's the counter-power of a consumer lobby for a real, true pushba… + +(Originally on Twitter: [Fri Mar 06 08:20:53 +0000 2020](https://twitter.com/adulau/status/1235842778430488578)) +---- +RT @d4_project: Analysing TCP port scan of Mirai-based botnets. By analysing the TCP initial sequence number from black-hole monitoring fro… + +(Originally on Twitter: [Fri Mar 06 15:22:10 +0000 2020](https://twitter.com/adulau/status/1235948795655045122)) +---- +RT @MISPProject: We are glad to see some practical use of @MISPProject by the Security Service of Ukraine in the @France2tv documentary @Ce… + +(Originally on Twitter: [Fri Mar 06 18:02:19 +0000 2020](https://twitter.com/adulau/status/1235989100295057409)) +---- +@bad_packets @d4_project @adliwahid @circl_lu @inea_eu I love to see consistent results across different collection data points. Thanks for sharing. + +(Originally on Twitter: [Sat Mar 07 08:05:33 +0000 2020](https://twitter.com/adulau/status/1236201304894169089)) +---- +@ClausHoumann @k8em0 @hack_lu I think 7 years if I recall correctly. + +(Originally on Twitter: [Sun Mar 08 21:27:22 +0000 2020](https://twitter.com/adulau/status/1236765479638794241)) +---- +It would be great if @ArcSight could improve their @MISPProject integration. The open source project cannot fix their proprietary connector limitation. The customers are so desperate that they contact us to find a solution. + + +media/1237018404961374208-ESrFrZcX0AAFsyh.mp4 + +(Originally on Twitter: [Mon Mar 09 14:12:25 +0000 2020](https://twitter.com/adulau/status/1237018404961374208)) +---- +RT @therealsaumil: 📣ARM-X Firmware Emulation Framework launched 🚀 https://armx.exploitlab.net/ + +📣New ARM IoT Firmware Laboratory training featur… + +(Originally on Twitter: [Mon Mar 09 16:26:01 +0000 2020](https://twitter.com/adulau/status/1237052027127169024)) +---- +RT @Aristot73: cc @adulau https://twitter.com/lecinema_/status/1237035620314296320 + +(Originally on Twitter: [Mon Mar 09 21:53:17 +0000 2020](https://twitter.com/adulau/status/1237134388606963712)) +---- +@Aristot73 and so little time to capture people reading... ![](media/1237135238993793026-ESsvgf_XkAAq6m3.jpg) + +(Originally on Twitter: [Mon Mar 09 21:56:40 +0000 2020](https://twitter.com/adulau/status/1237135238993793026)) +---- +@gbillois Un peu comme la pub en 2001 “unbreakable” de chez Oracle ;-) + +(Originally on Twitter: [Tue Mar 10 06:26:31 +0000 2020](https://twitter.com/adulau/status/1237263547249410050)) +---- +The #DFIR trick of the day. Don’t expect a quick wiping process of your disks to gather evidence. 8TB disk wiping can take up to 16 hours. Be prepared, wipe your disks some days before doing your next forensic acquisition... ![](media/1237267295929597954-ESunCWeWsAAzGk2.jpg) + +(Originally on Twitter: [Tue Mar 10 06:41:25 +0000 2020](https://twitter.com/adulau/status/1237267295929597954)) +---- +@GunstickULM We do as we have seen that it could impact some raw carving if we don't do multi passes. + +(Originally on Twitter: [Tue Mar 10 08:04:57 +0000 2020](https://twitter.com/adulau/status/1237288319131803655)) +---- +@GunstickULM Usually for flash/SSDs, you should use the standard ATA command for secure wiping (SECURITY ERASE *) https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase + +(Originally on Twitter: [Tue Mar 10 08:10:53 +0000 2020](https://twitter.com/adulau/status/1237289810471116800)) +---- +@MicroFocusSec @ArcSight @MISPProject Great to see you working on this. If you need a refresher on MISP API don’t hesitate to reach out via @MISPProject . Thanks a lot + +(Originally on Twitter: [Tue Mar 10 16:17:21 +0000 2020](https://twitter.com/adulau/status/1237412233732337666)) +---- +The morning controversial statement “NAT has probably done more for securing networks than any data loss/leak prevention software” + +(Originally on Twitter: [Wed Mar 11 06:18:18 +0000 2020](https://twitter.com/adulau/status/1237623865033084928)) +---- +@__Thanat0s__ I think the testing part is also fundamental and as wiping is an intensive task, this is indeed one of the best approach which can be done to test the reliability of a destination disk foreseen for acquisition. + +(Originally on Twitter: [Wed Mar 11 06:23:24 +0000 2020](https://twitter.com/adulau/status/1237625151497351169)) +---- +RT @circl_lu: "TR-58 - CVE-2020-0796 - Critical vulnerability in Microsoft SMBv3 - status and mitigation" Check the mitigation, it's really… + +(Originally on Twitter: [Wed Mar 11 09:34:34 +0000 2020](https://twitter.com/adulau/status/1237673257798709248)) +---- +RT @d4_project: We saw an increase of Tor hidden services related to #Corona #COVID19 such as criminals selling fake vaccine or masks. Coll… + +(Originally on Twitter: [Wed Mar 11 09:50:08 +0000 2020](https://twitter.com/adulau/status/1237677178592133125)) +---- +@FLesueur Cool! Well done! + +(Originally on Twitter: [Wed Mar 11 14:15:54 +0000 2020](https://twitter.com/adulau/status/1237744057369182208)) +---- +@verac_m @MalwareJake I was always wondering if we can really say that “phishing awareness” is ethical. Trapping and abusing psychological acceptance seem IMHO not a good way to do awareness and it’s somehow unethical. + +(Originally on Twitter: [Thu Mar 12 08:33:39 +0000 2020](https://twitter.com/adulau/status/1238020316783423488)) +---- +RT @Ko97551819: Bonjour à tous. Nous annulons notre prochain meetup parisien en attendant une meilleure situation ici. Stay safe! On vous e… + +(Originally on Twitter: [Thu Mar 12 11:35:35 +0000 2020](https://twitter.com/adulau/status/1238066102405664768)) +---- +@TIA568B @InfoSec_Paul_M @ZephrFish @cornerpirate https://github.com/MISP/misp-training/blob/master/README.md + +(Originally on Twitter: [Fri Mar 13 07:15:18 +0000 2020](https://twitter.com/adulau/status/1238362987049648128)) +---- +I was wondering the impact of #Covid_19 on Internet Exchange Points. We can see a significant increase during the past two weeks on @DECIX. Internet infrastructures are critical for the stability of our societies. ![](media/1238430512307408899-ES_JOvSXQAEkpe6.png) + +(Originally on Twitter: [Fri Mar 13 11:43:37 +0000 2020](https://twitter.com/adulau/status/1238430512307408899)) +---- +RT @FlUxIuS: ➡️ Next scheduled 3-day training on RF Hacking with SDR against physical intrusion systems. +🗓️ 15th - 17th of June 2020 +🇫🇷 @ha… + +(Originally on Twitter: [Fri Mar 13 11:55:44 +0000 2020](https://twitter.com/adulau/status/1238433558802333696)) +---- +@miguno @DECIX It would great if the IXPs could share the top ASN reached via their infrastructure ;-) + +(Originally on Twitter: [Fri Mar 13 12:04:42 +0000 2020](https://twitter.com/adulau/status/1238435818940911624)) +---- +RT @hackinparis: Workshop #HIP20 by @Ko97551819 : a seasoned security researcher with a strong touch of threat intelligence analysis and ha… + +(Originally on Twitter: [Fri Mar 13 15:21:05 +0000 2020](https://twitter.com/adulau/status/1238485239493771265)) +---- +@alexcpsec @Caccia7r1c3 @ppym @VZDBIR Indeed we have a MISP taxonomy based on Veris https://www.misp-project.org/taxonomies.html#_veris which is maybe not up to date. We don’t have specific MISP object for Veriz threat but we could add one, it’s super easy. Let me know if you need some help or guidance. + +(Originally on Twitter: [Fri Mar 13 15:53:21 +0000 2020](https://twitter.com/adulau/status/1238493359557263361)) +---- +RT @passthesaltcon: Decisions for #COVID19 outbreak impacts handling: + +https://2020.pass-the-salt.org/coronavirus-statement/ + +* CFP extension to April 30 +* For the mom… + +(Originally on Twitter: [Fri Mar 13 19:48:56 +0000 2020](https://twitter.com/adulau/status/1238552645423501312)) +---- +RT @hasherezade: I updated the #TrickBot decoder (https://github.com/hasherezade/malware_analysis/tree/master/trickbot). Now you can extract the config from the settings file https://t… + +(Originally on Twitter: [Sat Mar 14 07:05:16 +0000 2020](https://twitter.com/adulau/status/1238722852280504320)) +---- +@Ko97551819 @defcongroups @jaysonstreet @aprilwright There is @bigbluebutton which is open source. @Vecchi_Paolo could maybe help to host some of the meet-up online. + +(Originally on Twitter: [Sun Mar 15 09:30:40 +0000 2020](https://twitter.com/adulau/status/1239121828142088192)) +---- +"A report on personally identifiable sensor data from smartphone devices" by Marios Fanourakis - The state-of-the-art gives a good overview about accuracy and methodology per sensor. #privacy +https://arxiv.org/pdf/2003.06159.pdf ![](media/1239474621155549184-ETN-o0tXQAIKCsh.png) + +(Originally on Twitter: [Mon Mar 16 08:52:32 +0000 2020](https://twitter.com/adulau/status/1239474621155549184)) +---- +RT @malwaremustd1e: Let's brush our #RE/#reversing skill at home during #corona #isolation by learning to analyze "Another #Mirai #FBOT pus… + +(Originally on Twitter: [Mon Mar 16 09:26:39 +0000 2020](https://twitter.com/adulau/status/1239483204551278595)) +---- +@Sebdraven Thanks for sharing. It's quite fun to see all the correlation on the old RTF vulnerability CVE-2017-11882 http://cve.circl.lu/cve/CVE-2017-11882 - I'll add your info as a MISP event. + +(Originally on Twitter: [Mon Mar 16 09:34:55 +0000 2020](https://twitter.com/adulau/status/1239485288092766208)) +---- +@Sebdraven Your tweet and the info is now part of the OSINT feed of CIRCL MISP. ![](media/1239489367309258752-ETOMqXjWkAA3BcV.jpg) + +(Originally on Twitter: [Mon Mar 16 09:51:08 +0000 2020](https://twitter.com/adulau/status/1239489367309258752)) +---- +When your addiction of buying books faster than you are able to read those becomes the best strategy in case of a pandemic event. And of course, it just a matter of planning *cough cough* #bookswillsaveus ![](media/1239635897714446340-ETQReTEXgAgTz6i.jpg) + +(Originally on Twitter: [Mon Mar 16 19:33:23 +0000 2020](https://twitter.com/adulau/status/1239635897714446340)) +---- +RT @MISPProject: We have a dedicated MISP to share information about #COVID2019 https://covid-19.iglocska.eu - If you want access DM us on Twitt… + +(Originally on Twitter: [Tue Mar 17 10:46:49 +0000 2020](https://twitter.com/adulau/status/1239865769690894337)) +---- +@SvenKutzer @MISPProject It should work as the account accepts DM without following. + +(Originally on Twitter: [Tue Mar 17 11:04:23 +0000 2020](https://twitter.com/adulau/status/1239870188771856384)) +---- +RT @GreekAnalyst: “Experts recommend sticking to your daily routine even when working from home” + +New Yorkers and Londoners: https://t.co/t… + +(Originally on Twitter: [Tue Mar 17 18:55:52 +0000 2020](https://twitter.com/adulau/status/1239988843023040512)) +---- +I'm impressed by the creativity of people in these days & especially the creative use of open source tools. E.g. many people rely on @MISPProject to share structured information like we did with a #COVID2019 MISP. Ideas & feedback are really welcome. +https://twitter.com/Ko97551819/status/1240248640515571713 + +(Originally on Twitter: [Wed Mar 18 13:30:20 +0000 2020](https://twitter.com/adulau/status/1240269307134738432)) +---- +@Secnewsbytes It would be nice if people and newspapers could share the indicators, structured information and samples on the covid19 @MISPProject https://mobile.twitter.com/MISPProject/status/1239864641993551873 + +(Originally on Twitter: [Wed Mar 18 14:31:01 +0000 2020](https://twitter.com/adulau/status/1240284576276271111)) +---- +RT @NIST_Events: Due to the uncertainty around COVID-19, NIST has decided to cancel the May 2020 Advancing Cybersecurity Risk Management co… + +(Originally on Twitter: [Wed Mar 18 14:42:17 +0000 2020](https://twitter.com/adulau/status/1240287413815185409)) +---- +RT @Skrubis: I made a "finger on a stick", to curb touching my office entrance doors. #FlattenTheCurve + + +media/1240316483084959744-2JYbLnxoPgtSiJIT.mp4 + +(Originally on Twitter: [Wed Mar 18 16:37:48 +0000 2020](https://twitter.com/adulau/status/1240316483084959744)) +---- +RT @AdulauA: You know what's the most critical in art. It's to get a good supply chain for painting. Thanks to @CitykingzDotCom for the fas… + +(Originally on Twitter: [Wed Mar 18 16:55:30 +0000 2020](https://twitter.com/adulau/status/1240320936961888263)) +---- +RT @3CORESec: We're partnering with the awesome group of people at @circl_lu in support of the @d4_project, by sharing ~20.000 daily events… + +(Originally on Twitter: [Thu Mar 19 13:59:44 +0000 2020](https://twitter.com/adulau/status/1240639095321362432)) +---- +We (myself and @Iglocska) will be presenting Today the current state of @MISPProject at #CanSecWest remote. Thanks to @dragosr for making this possible and @tricaud for the support. See you online! https://cansecwest.com/agenda.html + +(Originally on Twitter: [Fri Mar 20 06:41:02 +0000 2020](https://twitter.com/adulau/status/1240891078120820741)) +---- +RT @tricaud: There has been a few talks mentioning @MISPProject during #CanSecWest today, and it is amazing to have them talk tomorrow at 9… + +(Originally on Twitter: [Fri Mar 20 10:54:27 +0000 2020](https://twitter.com/adulau/status/1240954853549056000)) +---- +@VV_X_7 @Iglocska @MISPProject @dragosr @tricaud We will try ;-) + +(Originally on Twitter: [Fri Mar 20 13:56:43 +0000 2020](https://twitter.com/adulau/status/1241000721606225920)) +---- +RT @Sebdraven: My lasted article about APT Chinese againt Kirghistan using #Covid19 documents. +This attack uses a new version of Chinoxy Ba… + +(Originally on Twitter: [Fri Mar 20 15:25:33 +0000 2020](https://twitter.com/adulau/status/1241023076772589574)) +---- +RT @AdulauA: One photographic book per day during the #confinement to thank all the photographer who influenced me during the past years. L… + +(Originally on Twitter: [Fri Mar 20 22:04:01 +0000 2020](https://twitter.com/adulau/status/1241123354142289923)) +---- +@martijn_grooten @vickyjo Belgium did https://euobserver.com/tickers/147748 "Belgium forms emergency government to fight corona" as we were without effective federal government for the past months. + +(Originally on Twitter: [Sat Mar 21 06:51:57 +0000 2020](https://twitter.com/adulau/status/1241256215864360960)) +---- +RT @tricaud: My slides for my #CanSecWest talk http://io.libio.so/stricaud-cansec2020.pdf + +(Originally on Twitter: [Sat Mar 21 09:49:31 +0000 2020](https://twitter.com/adulau/status/1241300901459103744)) +---- +RT @AdulauA: 2nd day of photographic book for #confinement - It's Stephan Vanfleteren (@ATELIERSVF) - I learned something important from hi… + +(Originally on Twitter: [Sat Mar 21 11:21:07 +0000 2020](https://twitter.com/adulau/status/1241323952456306689)) +---- +RT @gael_duval: Let's make remote-work easier for everyone during these difficult times! We have set up a videoconferencing service based o… + +(Originally on Twitter: [Sat Mar 21 11:49:06 +0000 2020](https://twitter.com/adulau/status/1241330994558513152)) +---- +RT @nullcookies: There’s a phenomenon in climbing where a bad climber is convinced the protection they’re setting will catch a fall despite… + +(Originally on Twitter: [Sat Mar 21 12:21:23 +0000 2020](https://twitter.com/adulau/status/1241339118480654336)) +---- +@PaulWebSec Looks like a VSAT connection, you are literally on an island ;-) + +(Originally on Twitter: [Sat Mar 21 17:28:17 +0000 2020](https://twitter.com/adulau/status/1241416351475998722)) +---- +RT @abuse_ch: I've been busy in the past weeks coding on new project. Finally, here it is: + +Introducing Malwarebazaar! +https://t.co/1JZyc… + +(Originally on Twitter: [Sun Mar 22 07:29:06 +0000 2020](https://twitter.com/adulau/status/1241627951176826881)) +---- +RT @_jeanga_: DFIR-Orc team has just published a new version with build artefacts (i.e. binaries) available! Many fixes and improvements! G… + +(Originally on Twitter: [Sun Mar 22 13:47:54 +0000 2020](https://twitter.com/adulau/status/1241723277506236420)) +---- +RT @Carlos_Perez: Did you know that Scheduled Tasks stored credentials in the SYSTEM Credential Store? Did you also knew that even when you… + +(Originally on Twitter: [Sun Mar 22 16:14:36 +0000 2020](https://twitter.com/adulau/status/1241760198244610051)) +---- +RT @AdulauA: 3d day of the photographic book review in confinement. I selected the reprint of "Night Walk" from Ken Schles (@KenSchles) pub… + +(Originally on Twitter: [Sun Mar 22 17:14:20 +0000 2020](https://twitter.com/adulau/status/1241775231699759104)) +---- +RT @TraceLabs: Tickets available for 4th edition Virtual Global Missing CTF - Sat Apr 11 10PM-4AM UTC! Contestants will be working to crowd… + +(Originally on Twitter: [Sun Mar 22 18:26:28 +0000 2020](https://twitter.com/adulau/status/1241793383666003968)) +---- +My stock of good chocolate is dangerously reaching a low level. Then you open a travel bag, you find back a stock of chocolate gift. If there is a god, he is called @_saadk . Thank you from all the chocolate junkies. ![](media/1242161206221312002-ET0JHo6XkAEuLsk.jpg) + +(Originally on Twitter: [Mon Mar 23 18:48:04 +0000 2020](https://twitter.com/adulau/status/1242161206221312002)) +---- +RT @AdulauA: 4th day of the photographic book review in confinement. Harry Gruyaert is most probably the Belgian photographer who reconcile… + +(Originally on Twitter: [Mon Mar 23 21:27:17 +0000 2020](https://twitter.com/adulau/status/1242201274852036612)) +---- +@martijn_grooten I’m sending you some good waves. We are with you. ![](media/1242490537699086338-ET42N2OWsAIpTJp.jpg) + +(Originally on Twitter: [Tue Mar 24 16:36:43 +0000 2020](https://twitter.com/adulau/status/1242490537699086338)) +---- +@fouroctets I thought it was @GoDaddy + +(Originally on Twitter: [Tue Mar 24 16:41:44 +0000 2020](https://twitter.com/adulau/status/1242491799983144961)) +---- +@prohack @fouroctets @GoDaddy For a good list, maybe the top malicious ASN/providers https://bgpranking.circl.lu/ listed on BGP Ranking ;-) + +(Originally on Twitter: [Tue Mar 24 19:40:44 +0000 2020](https://twitter.com/adulau/status/1242536849224105984)) +---- +@olafhartong As you might know, MISP introduced a similar feature where you could do some timeline. If you have any feedback or idea on this feature, feel free. +https://www.misp-project.org/2020/01/21/MISP.2.4.120.released.html + +(Originally on Twitter: [Tue Mar 24 21:41:26 +0000 2020](https://twitter.com/adulau/status/1242567222557642755)) +---- +RT @AdulauA: 5th day of the photographic book review in confinement. Sascha Weidner was a photographer who took a romantic and poetic track… + +(Originally on Twitter: [Tue Mar 24 21:49:54 +0000 2020](https://twitter.com/adulau/status/1242569352580345856)) +---- +"Fault Attacks on Secure Embedded Software: Threats, Design and Evaluation" +https://arxiv.org/pdf/2003.10513.pdf ![](media/1242736396030402562-ET8WKYGXgAEBDpM.png) + +(Originally on Twitter: [Wed Mar 25 08:53:40 +0000 2020](https://twitter.com/adulau/status/1242736396030402562)) +---- +RT @MISPProject: In MISP, two new taxonomies to improve classification when sharing information about covid-19 related information. The cur… + +(Originally on Twitter: [Wed Mar 25 08:59:10 +0000 2020](https://twitter.com/adulau/status/1242737780641406978)) +---- +RT @_saadk: @adulau @CookieDeca You are very welcome! + +Unlike toilet paper, my chocolate stock was also depleting at an alarming rate. Luck… + +(Originally on Twitter: [Wed Mar 25 09:15:59 +0000 2020](https://twitter.com/adulau/status/1242742013847572482)) +---- +RT @circl_lu: Monday-Tuesday 18-19 May 2020 - EU ATT&CK Community Workshop will be full virtual. Don't forget to register and show us how… + +(Originally on Twitter: [Wed Mar 25 10:01:16 +0000 2020](https://twitter.com/adulau/status/1242753409238872069)) +---- +RT @d3sre: the peer reviewed version of my Fingerpointing False Positives paper is finally published by ACM: https://dl.acm.org/doi/abs/10.1145/3370084 thank… + +(Originally on Twitter: [Wed Mar 25 10:31:25 +0000 2020](https://twitter.com/adulau/status/1242760994037866507)) +---- +@Ko97551819 @rafi0t Dark chocolate is the perfect drug for the poly addicted junkie. My favorite component is theobromine in addition to the other components. + + +media/1242864260293840896-ET-Kc8VXgAA4yA0.mp4 + +(Originally on Twitter: [Wed Mar 25 17:21:45 +0000 2020](https://twitter.com/adulau/status/1242864260293840896)) +---- +RT @FDezeure: The EU ATT&CK Community Workshop goes virtual. Timing is modified to allow participants from the US and EU to participate. Us… + +(Originally on Twitter: [Wed Mar 25 18:58:17 +0000 2020](https://twitter.com/adulau/status/1242888552997957632)) +---- +RT @MT6572A: Honeypot just got hit with a payload that drops something very compute-intensive. It doesn't install a coinminer, but instead… + +(Originally on Twitter: [Thu Mar 26 10:11:36 +0000 2020](https://twitter.com/adulau/status/1243118395236724738)) +---- +RT @AdulauA: 6th day of the photographic book review in confinement. Masahisa Fukase is maybe one of the photographer who sacrifices everyt… + +(Originally on Twitter: [Thu Mar 26 15:22:26 +0000 2020](https://twitter.com/adulau/status/1243196620973498369)) +---- +Sometime the reality is beating us in the face when we see the hard reality about #ThreatIntelligence practices ![](media/1243220874431356928-EUDNmGGXsAA081w.jpg) + +(Originally on Twitter: [Thu Mar 26 16:58:49 +0000 2020](https://twitter.com/adulau/status/1243220874431356928)) +---- +RT @MISPProject: A virtual dedicated MISP training on how to use MISP in scope of the #COVID19 threats and especially the covid-19 MISP com… + +(Originally on Twitter: [Thu Mar 26 17:44:04 +0000 2020](https://twitter.com/adulau/status/1243232262017204224)) +---- +RT @Ko97551819: Using #fic2020 goodie bag to make my first sewing works. A prototype of #facemask to protect our beloved from #COVIDー19 #o… + +(Originally on Twitter: [Thu Mar 26 20:15:38 +0000 2020](https://twitter.com/adulau/status/1243270408842940421)) +---- +Glad to see clever use of @FIC_eu goodies. Maybe the next goodies for information security conference conference should be FFP2/FFP3 masks? We might have a look for @hack_lu 2020 ;-) + +https://mobile.twitter.com/Ko97551819/status/1243268180530925568 + +(Originally on Twitter: [Thu Mar 26 20:28:25 +0000 2020](https://twitter.com/adulau/status/1243273625869914117)) +---- +RT @AdulauA: 7th day of the photographic book review in confinement. Ralph Gibson is the kind of photographer who cannot be categorised. W… + +(Originally on Twitter: [Fri Mar 27 08:58:27 +0000 2020](https://twitter.com/adulau/status/1243462374054670342)) +---- +RT @MISPProject: We are always glad to see new information sharing community being created and extending MISP data models. Cogsec Collab MI… + +(Originally on Twitter: [Fri Mar 27 11:14:36 +0000 2020](https://twitter.com/adulau/status/1243496641144991744)) +---- +RT @x0verhaul: [+] just attained training session on #covid19 @MISPProject by @adulau & @Iglocska. thanks guys, you were great. + +(Originally on Twitter: [Fri Mar 27 14:56:34 +0000 2020](https://twitter.com/adulau/status/1243552498184568842)) +---- +@x0verhaul @MISPProject @Iglocska Thank you! It's great to see many people involved and contributing. + +(Originally on Twitter: [Fri Mar 27 14:57:02 +0000 2020](https://twitter.com/adulau/status/1243552617109893125)) +---- +RT @karine_dessale: #graffiti #GraffArt #StreetArt #streetphotography +#MERCI si vous le savez, de nous communiquer le nom du #photographe… + +(Originally on Twitter: [Fri Mar 27 16:41:15 +0000 2020](https://twitter.com/adulau/status/1243578845338521600)) +---- +RT @Ko97551819: Work in progress for this face mask. +As we go for more time in our houses. +We'll post asap all steps and ref on @github +St… + +(Originally on Twitter: [Fri Mar 27 17:37:29 +0000 2020](https://twitter.com/adulau/status/1243592994642636800)) +---- +Il est temps que la @RTBF et @RTLTVI donnent le bon exemple et réalisent les journaux télévisés en téléconférence. Il en est de même pour @prevotmaxime qui se déplace sur les plateaux au lieu de faire de la vidéoconférence... #coronavirusBE + +(Originally on Twitter: [Fri Mar 27 18:56:18 +0000 2020](https://twitter.com/adulau/status/1243612828361199616)) +---- +RT @cyb3rops: Administrative Tools and Logon Types 🎫 + +The most important column is "Reusable credentials on destination" + +> I recommend bo… + +(Originally on Twitter: [Sat Mar 28 07:44:20 +0000 2020](https://twitter.com/adulau/status/1243806110596947969)) +---- +RT @AdulauA: 8th day of the photographic book review in confinement. Daidō Moriyama (森山 大道) is probably the king of snap or snapshot photog… + +(Originally on Twitter: [Sat Mar 28 08:22:57 +0000 2020](https://twitter.com/adulau/status/1243815831441637376)) +---- +@g0ul4g @j0hnb3r00t Oui même celui-ci en Belgique profonde ;-) ![](media/1243877234907197440-EUMjaudWsAIB73I.jpg) + +(Originally on Twitter: [Sat Mar 28 12:26:57 +0000 2020](https://twitter.com/adulau/status/1243877234907197440)) +---- +@quinnnorton You mean stuff like palm oil ;-) + +(Originally on Twitter: [Sat Mar 28 17:50:27 +0000 2020](https://twitter.com/adulau/status/1243958644158455808)) +---- +@quinnnorton and the industrial agro business to replace expensive butter produced by animals with palm oil ;-) + +(Originally on Twitter: [Sat Mar 28 17:52:54 +0000 2020](https://twitter.com/adulau/status/1243959261027356672)) +---- +RT @albinstigo: #hamradio #COVID19 ![](media/1243962699412897792-EUNuJKQXQAEGtlS.jpg) + +(Originally on Twitter: [Sat Mar 28 18:06:33 +0000 2020](https://twitter.com/adulau/status/1243962699412897792)) +---- +RT @SecEvangelism: A friend is looking for 2 Soc analyst, 2 appsec people in, around Berlin or willing to relocate. RT for those looking. S… + +(Originally on Twitter: [Sun Mar 29 07:51:53 +0000 2020](https://twitter.com/adulau/status/1244170399618871296)) +---- +Sometime the beauty of the world is hidden in air bubbles slowly moving in oil. But the real beauty is when our love is synchronized within the ether. ![](media/1244177004372660225-EUQzCU3WsAAoBRh.jpg) + +(Originally on Twitter: [Sun Mar 29 08:18:08 +0000 2020](https://twitter.com/adulau/status/1244177004372660225)) +---- +RT @Ko97551819: Does it fit? It looks OK +I just bought a sewing machine for my mom as well. Be sure we'll have a tutorial in French soon ^… + +(Originally on Twitter: [Sun Mar 29 12:07:43 +0000 2020](https://twitter.com/adulau/status/1244234782545981440)) +---- +@RaNma__ @RTBF @RTLTVI @prevotmaxime arf arf very good one + +(Originally on Twitter: [Sun Mar 29 13:59:43 +0000 2020](https://twitter.com/adulau/status/1244262968604442626)) +---- +RT @LargeCardinal: Remember these? It's those toaster controllers again! +So, some time ago, I decapped one and failed at showing what is g… + +(Originally on Twitter: [Sun Mar 29 19:58:14 +0000 2020](https://twitter.com/adulau/status/1244353193066332166)) +---- +RT @craiu: I put together a list of telemetry domains and URLs used by mobile location tracking libraries. Will add more as I reverse other… + +(Originally on Twitter: [Mon Mar 30 19:16:23 +0000 2020](https://twitter.com/adulau/status/1244705048631934977)) +---- +@jfslowik A recent one? I’m curious. + +(Originally on Twitter: [Mon Mar 30 19:24:24 +0000 2020](https://twitter.com/adulau/status/1244707066180177922)) +---- +@jfslowik Cool ;-) those guys were funny and repeating themselves quite a lot. I remember reusing the same YARA rule on a function name they always used. + +(Originally on Twitter: [Mon Mar 30 19:31:57 +0000 2020](https://twitter.com/adulau/status/1244708966879367176)) +---- +@roryireland I do. Let me know how I can help. + +(Originally on Twitter: [Tue Mar 31 05:42:18 +0000 2020](https://twitter.com/adulau/status/1244862564099600385)) +---- +@circl_lu @mvajou @MISPProject @CERT_FR @CERTCyberdef @CERTXMCO Good catch. It's now fixed in the @MISPProject warning lists. https://github.com/MISP/misp-warninglists/commit/539c6bc8fdf443d49fec58c6255649f2c1aa9eca and will be propagated to all tooling/software using the lists. Thank you. + +(Originally on Twitter: [Tue Mar 31 07:57:47 +0000 2020](https://twitter.com/adulau/status/1244896660095893505)) +---- +"An Automated Framework for Board-level Trojan Benchmarking" The taxonomy tailored for PCB-level alterations can be really useful to see the known and common techniques of PCB-level alteration. The benchmarking/measurements is still a difficult aspect. +https://arxiv.org/abs/2003.12632 ![](media/1244912781490565120-EUbQl4fXgAAJcXk.png) + +(Originally on Twitter: [Tue Mar 31 09:01:51 +0000 2020](https://twitter.com/adulau/status/1244912781490565120)) +---- +RT @vickyjo: If anyone's interested in a Threat Intel Team Lead role, or an Infra Security Advisor role please get in contact. (NL based) + +(Originally on Twitter: [Tue Mar 31 10:01:02 +0000 2020](https://twitter.com/adulau/status/1244927677632598016)) +---- +@olafhartong @MITREattack Cool. Did you select a set of colors to avoid ambiguity for color blind people? @mokaddem_sami maybe we should have a look how we can extend the matrix-like galaxy in misp to have a consistent color scheme. + +(Originally on Twitter: [Tue Mar 31 10:52:50 +0000 2020](https://twitter.com/adulau/status/1244940712166244352)) +---- +@olafhartong @MITREattack @mokaddem_sami I’m one of these ;-) There are some color palettes or space which are better for colorblind people. https://davidmathlogic.com/colorblind/#%23D81B60-%231E88E5-%23FFC107-%23004D40 Paul Tol color space is pretty good too. + +(Originally on Twitter: [Tue Mar 31 11:07:04 +0000 2020](https://twitter.com/adulau/status/1244944296379326465)) +---- +@daniel_bilar @stefan_frei Not sure. I need to (re)read the other paper. It was the ALU which was modified not directly the PCB if I recall correctly? + +(Originally on Twitter: [Tue Mar 31 12:45:58 +0000 2020](https://twitter.com/adulau/status/1244969182556545025)) +---- +While being a lot in front of screens these days, you might want to desaturate your screen to relax a bit your brain while focusing. There is a nifty @gnome extension called "Desaturate All" which desaturates the entire gnome workspace. https://extensions.gnome.org/extension/1102/desaturate-all/ thx @Ko97551819 ![](media/1244969476287860736-EUcClFtWAAIoJUr.png) + +(Originally on Twitter: [Tue Mar 31 12:47:08 +0000 2020](https://twitter.com/adulau/status/1244969476287860736)) +---- +RT @IACR_News: #EUROCRYPT 2020 converted to an all-digital event http://iacr.org/news/item/13731 + +(Originally on Twitter: [Tue Mar 31 19:10:38 +0000 2020](https://twitter.com/adulau/status/1245065989622030339)) +---- +RT @AdulauA: 11th day of the photographic book review in confinement. Sometime you are wandering in a bookshop and discover a photographic… + +(Originally on Twitter: [Tue Mar 31 21:05:19 +0000 2020](https://twitter.com/adulau/status/1245094850372022284)) +---- +RT @AdulauA: 10th day of the photographic book review in confinement. You can see portrait photography as something common and repetitive.… + +(Originally on Twitter: [Tue Mar 31 21:05:25 +0000 2020](https://twitter.com/adulau/status/1245094874480861185)) +---- +Finding 4 musicians or bands that are significant to me is super hard when many played a significant role but here is: + +@laakemusic @HooverphonicOff @TheDoors @depechemode + +I don't nominate anyone because, you know, graph theory and social network. + +https://twitter.com/__Thanat0s__/status/1245280764796731392 + +(Originally on Twitter: [Wed Apr 01 09:41:02 +0000 2020](https://twitter.com/adulau/status/1245285031901368320)) +---- +RT @Ko97551819: Some improvements! +3 layers mask. Respirability OK. The repo on @github is on it's way! @c0n1c @adulau are making some magi… + +(Originally on Twitter: [Wed Apr 01 17:38:44 +0000 2020](https://twitter.com/adulau/status/1245405249155858432)) +---- +RT @0xtf: A lot of new activity coming from Leaseweb NL as well. In less than 24h they went from practically not having SSH scanning agains… + +(Originally on Twitter: [Wed Apr 01 18:49:53 +0000 2020](https://twitter.com/adulau/status/1245423154576666628)) +---- +RT @nixintel: The Secret Life Of JPEGs - "no EXIF data" doesn't mean "no use". + +Blog post looking at how web images store metadata, and how… + +(Originally on Twitter: [Thu Apr 02 06:47:25 +0000 2020](https://twitter.com/adulau/status/1245603725588090886)) +---- +"Research of Caller ID Spoofing Launch, Detection, and Defense" + +https://arxiv.org/abs/2004.00318 ![](media/1245636120622194692-EUljC1jU4AEXeIp.jpg) + +(Originally on Twitter: [Thu Apr 02 08:56:08 +0000 2020](https://twitter.com/adulau/status/1245636120622194692)) +---- +@fabien_trv Pourtant il existe du logiciel libre comme Jitsi ou @bigbluebutton qui fonctionne très bien sans télémétrie abusive vers un vendeur et qui peut s’installer dans une infrastructure dédiée. Pourquoi la CNIL ne recommande pas les solutions libres ? @Vecchi_Paolo @aprilorg + +(Originally on Twitter: [Thu Apr 02 17:33:38 +0000 2020](https://twitter.com/adulau/status/1245766354583592963)) +---- +RT @x0rz: What could go wrong? 🤔 https://twitter.com/josephfcox/status/1245783666090893313 + +(Originally on Twitter: [Thu Apr 02 18:48:58 +0000 2020](https://twitter.com/adulau/status/1245785312409931777)) +---- +RT @c0n1c: @Ko97551819 @github @adulau Nous sommes à 73 masques en 2 jours https://t.co/dT3lHvXMc5 + +(Originally on Twitter: [Fri Apr 03 06:02:11 +0000 2020](https://twitter.com/adulau/status/1245954731291348992)) +---- +@Sebdraven @ValeryMarchive @FabianRODES @jitsinews @Tixeo Bon je vais faire mon râleur. Quand je vois le pognon dépensé en solution propriétaire avec des soucis de sécurités alors qu'il y a des solutions libres/open source qui fonctionnent bien et qui pourrait recevoir des financements. J'utilise beaucoup @bigbluebutton et cela marche. + +(Originally on Twitter: [Fri Apr 03 09:51:22 +0000 2020](https://twitter.com/adulau/status/1246012409522905088)) +---- +RT @Ko97551819: Some examples of things to DO NOT DO while wearing a mask ↘️ +#COVID19 #coronavirus #maskathon #Masks4All https://t.co/ptsl3… + +(Originally on Twitter: [Fri Apr 03 15:45:14 +0000 2020](https://twitter.com/adulau/status/1246101463232843778)) +---- +@Ko97551819 In Europe, we are not really used to wear masks and don’t know the good practices. So repetition is key for education. That’s maybe something, as a community, we could improve and start to pass the good messages as we will wear masks more and more... + +(Originally on Twitter: [Fri Apr 03 16:23:02 +0000 2020](https://twitter.com/adulau/status/1246110975998263299)) +---- +RT @2igosha: Turns out MSFT published the markdown sources for the Win32 API docs (basically, MSDN in .md) on github. Wow. https://t.co/Q1k… + +(Originally on Twitter: [Sat Apr 04 07:38:20 +0000 2020](https://twitter.com/adulau/status/1246341314960130048)) +---- +RT @jstrosch: I've posted a video that discusses manual unpacking techniques using @GHIDRA_RE and #x64dbg using an (old) #simda sample as a… + +(Originally on Twitter: [Sat Apr 04 08:03:05 +0000 2020](https://twitter.com/adulau/status/1246347544936005633)) +---- +RT @hexadecim8: Yesterday's software crackers are today's malware reverse engineers. + +(Originally on Twitter: [Sat Apr 04 11:01:00 +0000 2020](https://twitter.com/adulau/status/1246392320720875520)) +---- +@FLesueur On a fait un training avec 150 personnes. La VM tenait la route mais il ne faut pas hésiter à avoir de la RAM et ne pas oublier que la conversion du recording peut faire des fichiers assez volumineux + +(Originally on Twitter: [Sat Apr 04 13:20:38 +0000 2020](https://twitter.com/adulau/status/1246427457529446400)) +---- +A collaborative effort to make open source materials on how to build #facemasks from fabric selection based on filtering criteria up to a great set of videos (by Julie Foucre) to build your mask from scratch. https://adulau.github.io/DIY-face-masks/ https://github.com/C00kie-/DIY-face-masks #Masks4All Help us! ![](media/1246465216407384065-EUxQ-IgXgAIiKK6.jpg) + +(Originally on Twitter: [Sat Apr 04 15:50:40 +0000 2020](https://twitter.com/adulau/status/1246465216407384065)) +---- +@DavidGlaude @freesewing_org Thanks for the link. I'll add it in the repository. Don't hesitate to make a pull-request with additional references. I'll try to keep track of the open source licenses used too. + +(Originally on Twitter: [Sat Apr 04 16:11:45 +0000 2020](https://twitter.com/adulau/status/1246470521035927558)) +---- +RT @_saadk: At the suggestion of my long time friend & fellow photographer @adulau, I bought Daido Moriyama’s wonderful book ‘Record’. + +Da… + +(Originally on Twitter: [Sat Apr 04 16:29:02 +0000 2020](https://twitter.com/adulau/status/1246474870130647040)) +---- +We also keep track of our failed designs just to follow our good habits on showing how good we are at failing. + +@Ko97551819 + +https://adulau.github.io/DIY-face-masks/FAILED.html + +(Originally on Twitter: [Sat Apr 04 16:51:49 +0000 2020](https://twitter.com/adulau/status/1246480606738952196)) +---- +@SylviaFysica Thank you for the hint. I just added in the list of references. If you know any other open source initiatives, let us know. + +(Originally on Twitter: [Sat Apr 04 17:02:52 +0000 2020](https://twitter.com/adulau/status/1246483385071042561)) +---- +So @ECDC_EU doesn't recommend the use of face masks in case of pandemic. https://www.ecdc.europa.eu/en/seasonal-influenza/prevention-and-control/personal-protective-measures Maybe it's time to update your website and recommendations? #facemasks4all ![](media/1246528115410698243-EUyOJAlWkAIKLZF.png) + +(Originally on Twitter: [Sat Apr 04 20:00:36 +0000 2020](https://twitter.com/adulau/status/1246528115410698243)) +---- +@_j3lena_ @ECDC_EU Indeed, that´s the point. I hope that @ECDC_EU will update their policy and recommendations asap. + +(Originally on Twitter: [Sun Apr 05 05:46:49 +0000 2020](https://twitter.com/adulau/status/1246675640415391745)) +---- +RT @LucaBongiorni: Midnight #Teardown of a new USB Portable GPS Jammer ![](media/1246686761528578053-EUykCdPXsAASHuX.jpg) + +(Originally on Twitter: [Sun Apr 05 06:31:00 +0000 2020](https://twitter.com/adulau/status/1246686761528578053)) +---- +RT @metaweta: I had to use a GPU farm, lattice reduction, and develop a new cryptanalytic technique, the differential meet-in-the-middle at… + +(Originally on Twitter: [Mon Apr 06 06:14:52 +0000 2020](https://twitter.com/adulau/status/1247045088687120384)) +---- +RT @Ko97551819: Here is a dude who takes very seriously our measures to protect others. +#Masks4All ![](media/1247097123373449217-EU6LuKXWAAAwWSE.jpg) + +(Originally on Twitter: [Mon Apr 06 09:41:38 +0000 2020](https://twitter.com/adulau/status/1247097123373449217)) +---- +"This article discusses a fixed critical security bug in Google Tink's Ed25519 Java implementation. The bug allows remote attackers to extract the private key with only two Ed25519 signatures." https://arxiv.org/abs/2004.01403 + +(Originally on Twitter: [Mon Apr 06 09:42:05 +0000 2020](https://twitter.com/adulau/status/1247097236061925378)) +---- +RT @Ko97551819: We updated the repository with new references and more tutorials send by people. Thanks to them. Feedback welcome. +Have a g… + +(Originally on Twitter: [Mon Apr 06 13:01:41 +0000 2020](https://twitter.com/adulau/status/1247147466606157824)) +---- +@FLesueur 16GB of memory (which is a bit low for 150 users but it's still usable) 8vCPU - Ubuntu 16.0.4 + +(Originally on Twitter: [Mon Apr 06 14:03:45 +0000 2020](https://twitter.com/adulau/status/1247163084348608517)) +---- +RT @jasongorman: Universities, stop teaching UML. Take it from me. I've had over 2 million downloads of my UML tutorials. You're wasting yo… + +(Originally on Twitter: [Mon Apr 06 14:21:30 +0000 2020](https://twitter.com/adulau/status/1247167551731195906)) +---- +RT @MISPProject: A new version of MISP (2.4.124) has been released. This version includes various improvements including a new multiline wi… + +(Originally on Twitter: [Mon Apr 06 19:58:16 +0000 2020](https://twitter.com/adulau/status/1247252303519850496)) +---- +RT @mstoned7: I published the 'Operation Shadow Force' analysis report. + +https://www.ahnlab.com/kr/site/securityinfo/secunews/secuNewsView.do?curPage=1&menu_dist=2&seq=29129 (Korean) + +(Originally on Twitter: [Tue Apr 07 06:00:15 +0000 2020](https://twitter.com/adulau/status/1247403795178545152)) +---- +@mstoned7 Cool thanks for sharing. Would it possible to have the indicators in a parseable format (csv or alike) or as a @MISPProject event? + +(Originally on Twitter: [Tue Apr 07 06:02:05 +0000 2020](https://twitter.com/adulau/status/1247404256765906946)) +---- +RT @passthesaltcon: FINAL DECISION: in order to protect our attendees and speakers, #pts20 will be VIRTUAL! : +* it will be held under a web… + +(Originally on Twitter: [Tue Apr 07 10:02:32 +0000 2020](https://twitter.com/adulau/status/1247464770892111872)) +---- +RT @cbrocas: Do you remember the infamous #stegoploit exploit class from @therealsaumil ? It relies part on content type sniffing "feature"… + +(Originally on Twitter: [Tue Apr 07 12:57:44 +0000 2020](https://twitter.com/adulau/status/1247508859423297539)) +---- +If you are wondering about the current effect of the Chernobyl forest fires, I took some measurements. All is fine but we might see the effects in the next days depending of the winds. But who cares? we are in a lockdown. ![](media/1247576672435658758-EVBG-zLWAAERaUs.jpg) + +(Originally on Twitter: [Tue Apr 07 17:27:12 +0000 2020](https://twitter.com/adulau/status/1247576672435658758)) +---- +@___wr___ I have also a radex with a similar level (0.12) and same number of cycles. Usually I use an old lens coated with thorium for testing. + +(Originally on Twitter: [Wed Apr 08 05:33:59 +0000 2020](https://twitter.com/adulau/status/1247759575324880896)) +---- +@___wr___ For the other one, it is a Geiger–Müller tube or another type? + +(Originally on Twitter: [Wed Apr 08 11:32:40 +0000 2020](https://twitter.com/adulau/status/1247849838647160832)) +---- +RT @Ko97551819: Ah nan mais ça va pas là. Après quand ce sera la mode des masques en tissu sans motif genre une seule couleur faudra refair… + +(Originally on Twitter: [Wed Apr 08 12:48:49 +0000 2020](https://twitter.com/adulau/status/1247869003147739137)) +---- +@ValeryMarchive Don’t hesitate to notify @circl_lu or @CERT_FR to warn the owner of the IP range. + +(Originally on Twitter: [Wed Apr 08 14:56:22 +0000 2020](https://twitter.com/adulau/status/1247901104475537410)) +---- +RT @MISPProject: If you want to join the #COVID19 MISP information sharing community, we now have a self-registration interface: + +https://t… + +(Originally on Twitter: [Thu Apr 09 07:38:26 +0000 2020](https://twitter.com/adulau/status/1248153282452828160)) +---- +Crawling funky websites and passing all cookies from a normal session will be available in AIL. When doing regular crawling for OSINT, this will save us some time and improve automation. Thanks to @Terrtia for the amount of time spent to make it a reality. https://twitter.com/d4_project/status/1248169679589388288 + + +media/1248171496343851009-EVJlWwjUMAA4ZZR.mp4 + +(Originally on Twitter: [Thu Apr 09 08:50:49 +0000 2020](https://twitter.com/adulau/status/1248171496343851009)) +---- +RT @NvKf5: なんで❓❓🐱 + + +media/1248628246708506635-IEoeWpE8MsmhrQue.mp4 + +(Originally on Twitter: [Fri Apr 10 15:05:47 +0000 2020](https://twitter.com/adulau/status/1248628246708506635)) +---- +RT @Ko97551819: Mindset after testing design n°582... +But it works well! +I'll post step by step tutorial on the repo for this one. +Website:… + +(Originally on Twitter: [Fri Apr 10 19:17:01 +0000 2020](https://twitter.com/adulau/status/1248691474121850881)) +---- +So the 3 Belgian operators are giving the mobile data of location of their users to @DalbergTweet Why not giving the data to a public research institution instead? Feeding data to private organisations is maybe not the most appropriate way during a pandemic crisis. ![](media/1248862857548177408-EVTY_rEXYAsBDBW.jpg) + +(Originally on Twitter: [Sat Apr 11 06:38:02 +0000 2020](https://twitter.com/adulau/status/1248862857548177408)) +---- +RT @int0x00: @adulau @DalbergTweet Totally agree. If this data is being given pro-bono then there should be a high level of transparency an… + +(Originally on Twitter: [Sat Apr 11 12:37:28 +0000 2020](https://twitter.com/adulau/status/1248953310712860675)) +---- +@int0x00 @DalbergTweet And if the data is properly anonymized it should be even open data for everyone to conduct research. @EU_opendata @openbelgium + +(Originally on Twitter: [Sat Apr 11 12:38:50 +0000 2020](https://twitter.com/adulau/status/1248953656570978305)) +---- +@Iglocska you mean the real valuable currency are the Belgian beers and not the crappy yellow liquid produced by some random chemical industry... + +(Originally on Twitter: [Mon Apr 13 16:19:44 +0000 2020](https://twitter.com/adulau/status/1249734022474817536)) +---- +@kelseyhightower duct tape + +(Originally on Twitter: [Tue Apr 14 06:07:44 +0000 2020](https://twitter.com/adulau/status/1249942395678085121)) +---- +RT @tricaud: SightingDB, a database for Sightings https://medium.com/@tricaud/sightingdb-a-database-for-sightings-b10781e7c52f speeding up Sightings in @MISPProject + +(Originally on Twitter: [Tue Apr 14 07:50:20 +0000 2020](https://twitter.com/adulau/status/1249968215628840962)) +---- +@stevengoossens @DalbergTweet I know that the operator is doing it for sure. But if you have new objective like for covid and the data is anonymised, it should be for the benefit of the community at large and not a single company doing the data mining (and potential broking at the end). + +(Originally on Twitter: [Tue Apr 14 07:54:16 +0000 2020](https://twitter.com/adulau/status/1249969206831075329)) +---- +RT @cyb3rops: APT41 Using New Speculoos Backdoor to Target Organizations Globally | by @PaloAltoNtwks' Unit42 + +https://unit42.paloaltonetworks.com/apt41-using-new-speculoos-backdoor-to-target-organizations-globally/ + +(Originally on Twitter: [Tue Apr 14 13:32:10 +0000 2020](https://twitter.com/adulau/status/1250054238660694016)) +---- +There is still a significant percentage among people with the word "security" in their title, sending us a private key when asking for S/MIME or an OpenPGP key. I suppose it's my fault because I forgot to tell them it's a public key. + +(Originally on Twitter: [Tue Apr 14 14:14:36 +0000 2020](https://twitter.com/adulau/status/1250064918994399232)) +---- +RT @itswillis: We discovered CVE-2020-1027 being exploited in the wild and reported it on 23 March under a 7-day deadline (used only for ac… + +(Originally on Twitter: [Tue Apr 14 18:34:27 +0000 2020](https://twitter.com/adulau/status/1250130314174832644)) +---- +@defensive_lab @CNIL @Place_Beauvau Merci beaucoup. Serait-il possible d'exporter les reports dans le format @MISPProject pour les partager dans les communautés de partage et principalement celles des opérateurs ? + +(Originally on Twitter: [Wed Apr 15 07:46:07 +0000 2020](https://twitter.com/adulau/status/1250329540569608192)) +---- +Ready for some crazy exfiltration covert-channel in a laboratory, ASK and FSK encoding over a vibration channel using the internal fans. https://arxiv.org/abs/2004.06195 #tempest #exfiltration ![](media/1250356188870594560-EVongV-XYAAZt5O.jpg) + +(Originally on Twitter: [Wed Apr 15 09:32:00 +0000 2020](https://twitter.com/adulau/status/1250356188870594560)) +---- +RT @ninoseki: Sectigo says http://crt.sh is having troublesome SSDs and it's not easy to replace them because of the current situ… + +(Originally on Twitter: [Thu Apr 16 13:03:51 +0000 2020](https://twitter.com/adulau/status/1250771892207792128)) +---- +RT @rommelfs: @pastebin That's is great to hear. Now please walk the walk. We're trying to solve this security research related issue since… + +(Originally on Twitter: [Thu Apr 16 19:05:25 +0000 2020](https://twitter.com/adulau/status/1250862880532180992)) +---- +Doing mass collection and gathering for « CTI » is hard, tedious and resource intensive. If you don’t have backup sources, diversity of tools and creativity in mind, you can continue to complain to your paid feed provider. + +(Originally on Twitter: [Fri Apr 17 06:22:23 +0000 2020](https://twitter.com/adulau/status/1251033245724086272)) +---- +@___wr___ Marc Moulin a aussi eu une grosse influence sur la musique électronique et sa diffusion. Les premiers morceaux de Techno à Détroit sont une influence directe de Telex. https://www.discogs.com/A-Number-Of-Names-Sharevari/release/41682 + +(Originally on Twitter: [Fri Apr 17 06:55:38 +0000 2020](https://twitter.com/adulau/status/1251041611859087361)) +---- +RT @malwaremustd1e: @SecEvangelism @KatyAnton @owasp @OWASPControls @SlackHQ @ubuntu @Google @3mm4h3ff @bufrasch @IanColdwater @jessrobin96… + +(Originally on Twitter: [Fri Apr 17 10:46:24 +0000 2020](https://twitter.com/adulau/status/1251099686389383170)) +---- +@malwaremustd1e @SecEvangelism @KatyAnton @owasp @OWASPControls @SlackHQ @ubuntu @Google @3mm4h3ff @bufrasch @IanColdwater @jessrobin96 @censysio @robtexdotcom @WiresharkNews @spiderfoot @github @dutch_osintguy @Sector035 @fs0c131y @chris_foulon @radareorg @freebsd @ClausHoumann @Ministraitor @kerouanton @Xylit0l 1. GNU Screen +2. jq +3. curl +4. xxd +5. (g)awk + +@Iglocska @mokaddem_sami @pinkflawd @Ko97551819 @wimremes @doegox @cbrocas + +(Originally on Twitter: [Fri Apr 17 11:18:46 +0000 2020](https://twitter.com/adulau/status/1251107833569054721)) +---- +RT @doegox: @adulau @malwaremustd1e @SecEvangelism @KatyAnton @owasp @OWASPControls @SlackHQ @ubuntu @Google @3mm4h3ff @bufrasch @IanColdwa… + +(Originally on Twitter: [Fri Apr 17 15:36:15 +0000 2020](https://twitter.com/adulau/status/1251172632353005573)) +---- +@ydklijnsma @gofundme We are with you! You are incredible and I know you are a fighter. + +(Originally on Twitter: [Sat Apr 18 07:04:59 +0000 2020](https://twitter.com/adulau/status/1251406354507538433)) +---- +@ValeryMarchive En effet. Pour ceux qui sont intéressés, il y a aussi une communauté de partage @MISPProject #covid19 https://www.misp-project.org/covid-19-misp/ il y a un lien de self registration. + +(Originally on Twitter: [Sat Apr 18 07:11:10 +0000 2020](https://twitter.com/adulau/status/1251407910640463872)) +---- +RT @AdulauA: Why do I still use analog camera for some of my projects? I think it's just because working with doubts and uncertainty in art… + +(Originally on Twitter: [Sat Apr 18 08:09:14 +0000 2020](https://twitter.com/adulau/status/1251422523205595138)) +---- +@y0m @AdulauA Good one... It was a persistent threat targeting my pears and apples in the cellar. Indeed, I should add it in MISP with the full threat model and the threat actor history. Maybe at some point we could have a good attribution aggregating all those indicators and techniques. + +(Originally on Twitter: [Sat Apr 18 08:41:01 +0000 2020](https://twitter.com/adulau/status/1251430521281880064)) +---- +RT @MartinKorman: I have released regipy 1.5.0 +https://github.com/mkorman90/regipy/releases/tag/1.5.0 +Multiple bugfixes and new plugins! + +(Originally on Twitter: [Sat Apr 18 11:35:56 +0000 2020](https://twitter.com/adulau/status/1251474542364635148)) +---- +When our issues on GitHub for our various open source projects, 30% can be solved with a basic Unix training for the users opening the issues such as how to read logs, how permissions are handled or understanding that @kalilinux is just a Linux distribution and not a magical box. + +(Originally on Twitter: [Sat Apr 18 16:01:25 +0000 2020](https://twitter.com/adulau/status/1251541354091622401)) +---- +@___wr___ @AdulauA So you would need to introduce uncertainty for a deterministic system. Maybe if we add a radioactive source next to a CPU or RAM we could reach such uncertainty level... to be tested. + +(Originally on Twitter: [Mon Apr 20 06:41:07 +0000 2020](https://twitter.com/adulau/status/1252125123655712769)) +---- +RT @OPCDE: 2 days until vOPCDE #3 ! +You can see the agenda on https://www.opcde.com + +And our AWESOME speakers are: +@adulau +@juanandres_gs… + +(Originally on Twitter: [Mon Apr 20 08:37:12 +0000 2020](https://twitter.com/adulau/status/1252154336752386049)) +---- +RT @MISPProject: If you are wondering on "How information sharing is saving us - The MISP project perspective" @adulau will do a keynote ab… + +(Originally on Twitter: [Mon Apr 20 08:57:12 +0000 2020](https://twitter.com/adulau/status/1252159370605010945)) +---- +@thegrugq Will you update your guide "how to operate clandestine networks while a pandemic is messing up everything" ;-) + +(Originally on Twitter: [Mon Apr 20 09:06:36 +0000 2020](https://twitter.com/adulau/status/1252161734254776320)) +---- +RT @Ko97551819: We've seen some little changes here 😋 +Definitely these days my favorite activity for leisure during lock down. So much hac… + +(Originally on Twitter: [Mon Apr 20 16:57:11 +0000 2020](https://twitter.com/adulau/status/1252280162378559488)) +---- +@Ko97551819 @DC11331 @robertesell @therealsaumil A lot of activities were considered as being a sub-culture and now emerged as being the most powerful action to save our societies. If you have an intuition of doing some good, never stop. + +(Originally on Twitter: [Mon Apr 20 17:04:54 +0000 2020](https://twitter.com/adulau/status/1252282103754080264)) +---- +"CryptoCam: Privacy Conscious Open Circuit Television" I really like the idea of the shared feedback loop for CCTV to the subjects nearby but it won't solve the issue of the video usage (but can we?). https://arxiv.org/pdf/2004.08602.pdf ![](media/1252573336904830976-EWIG7-pWkAAIoDR.jpg) + +(Originally on Twitter: [Tue Apr 21 12:22:09 +0000 2020](https://twitter.com/adulau/status/1252573336904830976)) +---- +RT @doegox: "If succesfuly exploited, an attacker within NFC range could obtain remote code execution on android device's NFC daemon." http… + +(Originally on Twitter: [Tue Apr 21 18:39:07 +0000 2020](https://twitter.com/adulau/status/1252668203450408962)) +---- +@simonpetitjean I did the measurements from the past days. It’s still in the normal range for background natural radioactivity. There is a map (the source is known but not sure about the accuracy of it) https://youtu.be/BGuEvUtLiYg + +(Originally on Twitter: [Wed Apr 22 10:58:53 +0000 2020](https://twitter.com/adulau/status/1252914767896993793)) +---- +@jfslowik You should have a look at covid-19 @MISPProject sharing community https://www.misp-project.org/covid-19-misp/ you can self register. + +(Originally on Twitter: [Wed Apr 22 14:40:35 +0000 2020](https://twitter.com/adulau/status/1252970562776903681)) +---- +RT @Ko97551819: "Don't be abused by the legal framework. Use the legal framework." @adulau talking about @MISPProject at @OPCDE + +(Originally on Twitter: [Wed Apr 22 16:49:10 +0000 2020](https://twitter.com/adulau/status/1253002919860998149)) +---- +RT @coolacid: Ah, @adulau is talking @MISPProject on #vOPCDE @opcde https://www.opcde.com/ + +If you ever wanted to know more about MISP, no… + +(Originally on Twitter: [Wed Apr 22 16:49:21 +0000 2020](https://twitter.com/adulau/status/1253002967294369793)) +---- +RT @skydge: @adulau talking about MISP ❤️ #OPCDE2020 +If you're not using it already, you should. +➡️ http://www.misp-project.org + +(Originally on Twitter: [Wed Apr 22 16:49:29 +0000 2020](https://twitter.com/adulau/status/1253003001419177986)) +---- +RT @Ko97551819: Are you people interested in trying to make a paper mask like this one so I can have a feedback with a variety of morpholog… + +(Originally on Twitter: [Wed Apr 22 17:09:34 +0000 2020](https://twitter.com/adulau/status/1253008055702347776)) +---- +@S_Team_Approved @EU_EDPB I hope many countries will read their document especially GEN-3 recommendation where it’s clearly stated that code must be open sourced and any third-parties can analyse it. Many tracing applications should be already discarded as they don’t follow it. + +(Originally on Twitter: [Thu Apr 23 07:06:08 +0000 2020](https://twitter.com/adulau/status/1253218583309680640)) +---- +@S_Team_Approved @EU_EDPB "Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak" +Ref: https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_20200420_contact_tracing_covid_with_annex_en.pdf ![](media/1253219238552178689-EWRUFTQXkAAyEFY.png) + +(Originally on Twitter: [Thu Apr 23 07:08:44 +0000 2020](https://twitter.com/adulau/status/1253219238552178689)) +---- +@MaliciaRogue @S_Team_Approved @EU_EDPB Yes but it doesn’t block or hinder EU Member States to follow their guidelines. + +(Originally on Twitter: [Thu Apr 23 07:12:51 +0000 2020](https://twitter.com/adulau/status/1253220273387638785)) +---- +RT @r00tbsd: People are speaking about tracing apps to fight COVID19. Using Bluetooth to identify if they were in contact with someone sick… + +(Originally on Twitter: [Thu Apr 23 07:19:23 +0000 2020](https://twitter.com/adulau/status/1253221918074974208)) +---- +RT @hack_lu: We would like to announce the opening of this year's CFP: https://cfp.hack.lu/hack-lu-2020/cfp + +Please send us your cool research projects! + +(Originally on Twitter: [Thu Apr 23 11:32:30 +0000 2020](https://twitter.com/adulau/status/1253285615615053825)) +---- +RT @hack_lu: Also note that we expect the event to be virtual, and are planning around that fact. We will take the final decision in late A… + +(Originally on Twitter: [Thu Apr 23 11:32:33 +0000 2020](https://twitter.com/adulau/status/1253285629938499584)) +---- +RT @MISPProject: The CfP for @hack_lu and we will open soon the CfP for the MISP summit which will take place the Monday 19th October just… + +(Originally on Twitter: [Thu Apr 23 11:36:44 +0000 2020](https://twitter.com/adulau/status/1253286682377564160)) +---- +@TheosrsOrg @hack_lu If it’s virtual it will be most probably publicly accessible to everyone. + +(Originally on Twitter: [Thu Apr 23 12:21:04 +0000 2020](https://twitter.com/adulau/status/1253297836793434118)) +---- +@campuscodi Just wondering the logic/model, why are you hiding the Twitter handle ? They publish the name of the companies on their 3 or 4 website rotating (except when one those companies notify cloudflare) or always on their Tor hidden service. + +(Originally on Twitter: [Thu Apr 23 17:46:37 +0000 2020](https://twitter.com/adulau/status/1253379764141711360)) +---- +Any review of "Cyber Operations and International Law" from @francoisdelerue from my followers? To know if the £120 are justified ;-) ![](media/1253662854424772609-EWXkHlFXsAE9ZK7.jpg) + +(Originally on Twitter: [Fri Apr 24 12:31:31 +0000 2020](https://twitter.com/adulau/status/1253662854424772609)) +---- +We are still actively working on finding the perfect design for #facemask . @Ko97551819 did an extensive engineering process to validate many prototypes. Last prototypes are very promising. We'll update the repository & also the filtering list per fabrics. https://github.com/C00kie-/DIY-face-masks ![](media/1253690691441524736-EWX-XO1X0AU0jcT.png) + +(Originally on Twitter: [Fri Apr 24 14:22:07 +0000 2020](https://twitter.com/adulau/status/1253690691441524736)) +---- +RT @coastal8049: Well folks, here's what appears to be a new ZOMBIE SAT! + +LES-5 [2866, 1967-066E] in a GEO graveyard orbit. + +Confirmation… + +(Originally on Twitter: [Sat Apr 25 06:13:53 +0000 2020](https://twitter.com/adulau/status/1253930211189669889)) +---- +A small note for active exploitation and persistence with Ubuntu 20.04, use snap. It's super nice for ensuring persistence while emitting the minimum logs in your target. Sandboxing is cool for everyone. #DFIR + +(Originally on Twitter: [Sat Apr 25 07:53:40 +0000 2020](https://twitter.com/adulau/status/1253955319664914432)) +---- +Computer support during #lockdown is kind of scary. Doing indirect support via a @bigbluebutton video session to @Ko97551819 to support someone who has to install TeamViewer and to get access to an infected win32 machine. At the end, a good old RAT would have been easier. + +(Originally on Twitter: [Sat Apr 25 13:13:57 +0000 2020](https://twitter.com/adulau/status/1254035923655888898)) +---- +RT @rafi0t: @adulau @bigbluebutton @Ko97551819 I'm sure I still have the client/server of Darkomet somewhere... not sure it works on anythi… + +(Originally on Twitter: [Sat Apr 25 13:18:39 +0000 2020](https://twitter.com/adulau/status/1254037107401789443)) +---- +@rafi0t @bigbluebutton @Ko97551819 It could work, it's a Window 7 ;-) I'm close to install a PlugX on the remote machine, it would be easier as I still have some old Python code to act as a server. + +(Originally on Twitter: [Sat Apr 25 13:22:42 +0000 2020](https://twitter.com/adulau/status/1254038122792456193)) +---- +RT @OPCDE: Missed vOPCDE #3? We got you covered! + +Alexandre Dulaunoy (@adulau) discuss on how information sharing is saving us - The MISP p… + +(Originally on Twitter: [Sat Apr 25 14:26:27 +0000 2020](https://twitter.com/adulau/status/1254054169994018817)) +---- +@angealbertini It’s not a fixed value originally from tcpdump? (netdissect.h) + +(Originally on Twitter: [Sat Apr 25 16:46:56 +0000 2020](https://twitter.com/adulau/status/1254089522129879042)) +---- +@Ko97551819 I present you #gizmo and he cannot tweet because he was convicted and sentenced under the CFAA. When being a kitten, he did brute-force (and got access) of a dot MIL website while sleeping on a keyboard. No more Internet for the cat nowadays. Some pictures of the cybercriminal. ![](media/1254661863192887298-EWlzCKWXsAITCqJ.jpg) + +(Originally on Twitter: [Mon Apr 27 06:41:13 +0000 2020](https://twitter.com/adulau/status/1254661863192887298)) +---- +RT @circl_lu: "Darkweb monitoring and leak detection with the open source AIL project - Practical examples and new features - Free Virtual… + +(Originally on Twitter: [Mon Apr 27 14:37:21 +0000 2020](https://twitter.com/adulau/status/1254781686375538693)) +---- +RT @Ko97551819: Here are the masks with the final design, now on test with different fabrics and situations. It requires little amount of f… + +(Originally on Twitter: [Mon Apr 27 19:07:13 +0000 2020](https://twitter.com/adulau/status/1254849600424423426)) +---- +RT @Ko97551819: The level of anxiety in Paris must be higher then I thought. Early today I put this message to my neighbors for free masks.… + +(Originally on Twitter: [Wed Apr 29 18:00:34 +0000 2020](https://twitter.com/adulau/status/1255557601603072000)) +---- +@Ko97551819 I’m sure I will lose some French followers. But it seems to be a cultural difference between countries when you find something in a public place and what you do with it ;-) + +(Originally on Twitter: [Wed Apr 29 18:04:43 +0000 2020](https://twitter.com/adulau/status/1255558649503760386)) +---- +RT @FabienDombard: @QuoLabTech @abuse_ch @vector35 @MITREattack That's for you @adulau ![](media/1255597494387556356-EWzCd0jXYAExkS0.jpg) + +(Originally on Twitter: [Wed Apr 29 20:39:05 +0000 2020](https://twitter.com/adulau/status/1255597494387556356)) +---- +@FabienDombard @QuoLabTech @abuse_ch @vector35 @MITREattack This looks super neat. I'm curious how do you calculate the probability next to the @MITREattack techniques from the binary analysis? + +(Originally on Twitter: [Wed Apr 29 20:42:32 +0000 2020](https://twitter.com/adulau/status/1255598364743421952)) +---- +RT @FabienDombard: @adulau @QuoLabTech @abuse_ch @vector35 @MITREattack This one using TLSH similarities with @MITREattack tags in the same… + +(Originally on Twitter: [Wed Apr 29 20:53:27 +0000 2020](https://twitter.com/adulau/status/1255601113149124611)) +---- +@Ko97551819 @BsidesLivrpool @hack_lu @BSidesLux Everything is too small for me nowadays. I’m lucky enough to have a pile of old @hack_lu t-shirts in all sizes. + + +media/1255873725850963968-EW3Cff-XYAE3ceH.mp4 + +(Originally on Twitter: [Thu Apr 30 14:56:43 +0000 2020](https://twitter.com/adulau/status/1255873725850963968)) +---- +@OsintCurious looking for anomalies + +(Originally on Twitter: [Thu Apr 30 20:06:01 +0000 2020](https://twitter.com/adulau/status/1255951560443650050)) +---- +RT @veorq: Common misunderstandings with crypto hardware security: + +* CC's EAL levels are about assurance quality, not security. + +* FIPS 14… + +(Originally on Twitter: [Fri May 01 07:06:36 +0000 2020](https://twitter.com/adulau/status/1256117803008036864)) +---- +@KimZetter Be persistent and don't be afraid to show what you do. + +(Originally on Twitter: [Fri May 01 09:28:20 +0000 2020](https://twitter.com/adulau/status/1256153470719209472)) +---- +@xme Fire! + + +media/1256153973490417669-EW7BYIvXQAEChwH.mp4 + +(Originally on Twitter: [Fri May 01 09:30:20 +0000 2020](https://twitter.com/adulau/status/1256153973490417669)) +---- +RT @Ko97551819: It looks like this mask design is also working great with glasses 👓😋 +#masks4all can't wait eh? ^^ ![](media/1256184315039428608-EW7cNdTXsAAIvwl.jpg) + +(Originally on Twitter: [Fri May 01 11:30:54 +0000 2020](https://twitter.com/adulau/status/1256184315039428608)) +---- +@a42zalvbb981084 @Ko97551819 Indeed and they even used escherichia coli for testing. As bacteria are living organisms it's also the worst case scenario. + +(Originally on Twitter: [Fri May 01 12:17:16 +0000 2020](https://twitter.com/adulau/status/1256195983043637249)) +---- +Let's be very clear. If you find a huge open Elasticsearch database on Internet (which is not a challenge), using your findings to promote your security company (and the media click fraud) is clearly unethical. Reporting to the company or to the respective CERT is the way to go. + +(Originally on Twitter: [Fri May 01 14:01:06 +0000 2020](https://twitter.com/adulau/status/1256222114870431746)) +---- +RT @je5perl: According to a late night press release from the Danish National Police, a mobile extraction tool has produced wrong timestamp… + +(Originally on Twitter: [Fri May 01 21:20:32 +0000 2020](https://twitter.com/adulau/status/1256332702359228416)) +---- +@lghmctf En effet. Je me souviens de scan sur le port 3306 et 5432. Il y avait des configurations ouvertes. Je suppose que le nombre est moins important que ES mais des passwords faibles sont aussi possibles ;-) + +(Originally on Twitter: [Sat May 02 12:31:36 +0000 2020](https://twitter.com/adulau/status/1256561980674060289)) +---- +RT @MISPProject: @nbareil It's always useful because it's open source and can benefit all the other open source projects. Mutual benefits,… + +(Originally on Twitter: [Sat May 02 13:52:10 +0000 2020](https://twitter.com/adulau/status/1256582254303854592)) +---- +@nbareil It's so true. Diversity is what we need in open source projects. It's good for the stability of the whole open source ecosystem. Biology for open source projects, Charles Elton said that diverse ecosystems are more stable than ecosystems with less species. + +(Originally on Twitter: [Sat May 02 13:57:13 +0000 2020](https://twitter.com/adulau/status/1256583524863348736)) +---- +RT @MISPProject: "Turning Data into Actional Intelligence - Advanced Features in MISP Supporting Your Analysts and Tools" will be presented… + +(Originally on Twitter: [Mon May 04 14:39:03 +0000 2020](https://twitter.com/adulau/status/1257318829140570113)) +---- +@wimremes I think the best is what you do that defines you, not the titles, awards or certifications. + +(Originally on Twitter: [Mon May 04 20:31:35 +0000 2020](https://twitter.com/adulau/status/1257407547381886976)) +---- +RT @pmelson: Anybody recognize this malware? It's been seen being dropped following exploitation of BlueKeep RDP vulnerability. + +https://t.… + +(Originally on Twitter: [Tue May 05 20:00:51 +0000 2020](https://twitter.com/adulau/status/1257762200091078657)) +---- +We did our first webinar about the AIL project https://github.com/ail-project and I’m really lucky to have incredible colleagues like @Terrtia and @mokaddem_sami We are committed to make open source software to improve the life of security analysts and incident responders. #ThreatIntel ![](media/1257772104411463680-EXR-yIJXkAMz1Ot.jpg) + +(Originally on Twitter: [Tue May 05 20:40:12 +0000 2020](https://twitter.com/adulau/status/1257772104411463680)) +---- +RT @qiling_io: Running UEFI on Qiling Framework and debug with IDAPro. Maybe we can also fuzz UEFI with AFLplusplus too. Thanks to @liba2k… + +(Originally on Twitter: [Wed May 06 05:39:13 +0000 2020](https://twitter.com/adulau/status/1257907753391206400)) +---- +RT @LargeCardinal: So, the new COVID-19 contact tracing app from @NHSX uses questionable cryptographic design, but also uses *deprecated cr… + +(Originally on Twitter: [Wed May 06 08:41:19 +0000 2020](https://twitter.com/adulau/status/1257953579962376202)) +---- +RT @NASAJPL: We created and tested 3D printable respirators to help against #COVID19. Check out these #opensource designs and help us evolv… + +(Originally on Twitter: [Wed May 06 11:37:27 +0000 2020](https://twitter.com/adulau/status/1257997903567695872)) +---- +RT @MISPProject: MISP 2.4.125 has been released with self-registration feature, feed improvements and many improvements. https://t.co/ZQYXD… + +(Originally on Twitter: [Wed May 06 17:32:24 +0000 2020](https://twitter.com/adulau/status/1258087228384960519)) +---- +RT @malpedia: That's right! We just published 1,039 automatically generated, code-based YARA rules! Lots of new families covered, a good nu… + +(Originally on Twitter: [Wed May 06 20:05:44 +0000 2020](https://twitter.com/adulau/status/1258125819928547328)) +---- +RT @circl_lu: The video recording of the CIRCL AIL Training is now online https://peertube.opencloud.lu/videos/watch/b8cf2c67-df7b-4abc-a81c-a5b381144a20 Thanks to all the participants and @Vecch… + +(Originally on Twitter: [Thu May 07 04:35:59 +0000 2020](https://twitter.com/adulau/status/1258254227148877825)) +---- +@martijn_grooten My cat gives a last warm kiss to Katje. ![](media/1258273986900897792-EXZI3hwXgAAdCpE.jpg) + +(Originally on Twitter: [Thu May 07 05:54:30 +0000 2020](https://twitter.com/adulau/status/1258273986900897792)) +---- +RT @therealsaumil: We had a special guest instructor in my remote #ARM #IoT #Firmware Lab class @CanSecWest - the legendary @dragosr teachi… + +(Originally on Twitter: [Thu May 07 07:16:54 +0000 2020](https://twitter.com/adulau/status/1258294723288150022)) +---- +@H_Miser Straight to the point. + + +media/1258295337099431937-EXZc74KXgAYKFZV.mp4 + +(Originally on Twitter: [Thu May 07 07:19:21 +0000 2020](https://twitter.com/adulau/status/1258295337099431937)) +---- +RT @H_Miser: Dear $Companies$, when you are pwned, we don't care if you "managed the incident successfully", yes we know that "security of… + +(Originally on Twitter: [Thu May 07 07:19:27 +0000 2020](https://twitter.com/adulau/status/1258295366325280769)) +---- +RT @offsectraining: So @CSCGlobal is doing take down requests on @ExploitDB for any entry that contains the string “IBM” on behalf of @BSAn… + +(Originally on Twitter: [Thu May 07 11:35:02 +0000 2020](https://twitter.com/adulau/status/1258359685318684678)) +---- +RT @quarkslab: [BLOG] Reverse Engineering a VxWorks OS Based Router by +@crackinglandia: https://blog.quarkslab.com/reverse-engineering-a-vxworks-os-based-router.html + +(Originally on Twitter: [Thu May 07 12:59:24 +0000 2020](https://twitter.com/adulau/status/1258380916696719362)) +---- +@ValeryMarchive @zoom_us @KeybaseIO @AHCybSec @ericfreyss @r00tbsd @ater49 La stratégie est surement « si on doit faire du chiffrement end-to-end, on fait un nouveau truc ou on achète une boite qui pourrait le faire » Ils prennent la deuxième solution en croyant que tout va bien se passer. + +(Originally on Twitter: [Thu May 07 15:12:20 +0000 2020](https://twitter.com/adulau/status/1258414367298682880)) +---- +@ValeryMarchive @zoom_us @KeybaseIO @AHCybSec @ericfreyss @r00tbsd @ater49 Ce qui va se passer, les utilisateurs de keybase vont partir. Les core devs vont se dire « intégrer keybase avec du code légataire beurkkk » et l’integration va prendre du temps. C’est une solution pour temporiser au lieu de faire le refactoring du code pour le e2e. + +(Originally on Twitter: [Thu May 07 15:20:54 +0000 2020](https://twitter.com/adulau/status/1258416526006378496)) +---- +RT @maddiestone: Back in 2017, I taught an Introduction to Reverse Engineering Workshop called "n00b to l33t" which introduced the concepts… + +(Originally on Twitter: [Thu May 07 17:15:19 +0000 2020](https://twitter.com/adulau/status/1258445319198605313)) +---- +@SystemLean @Terrtia @mokaddem_sami we are using @bigbluebutton it’s an open source solution. It’s not perfect but it works. Recording is available there https://peertube.opencloud.lu/videos/watch/b8cf2c67-df7b-4abc-a81c-a5b381144a20 + +(Originally on Twitter: [Fri May 08 14:14:11 +0000 2020](https://twitter.com/adulau/status/1258762124840579072)) +---- +RT @tomchop_: A new version of plaso is out! It now uses libfsntfs to parse NTFS volumes, and speedups of ~x2 are to be expected when deali… + +(Originally on Twitter: [Fri May 08 16:47:33 +0000 2020](https://twitter.com/adulau/status/1258800719735422976)) +---- +RT @adriengnt: Just discovered _mm_gf2p8affine_epi64_epi8 in AVX512, which allows the computation of affine functions in GF(2)**8 with a th… + +(Originally on Twitter: [Sat May 09 06:44:28 +0000 2020](https://twitter.com/adulau/status/1259011336937320449)) +---- +A lot of things still amazes me everyday. One thing is the capability of our hands. Their versatility and capabilities are without borders. Sometime I have this strange feeling that they have their own autonomy. Especially while typing Unix commands in a terminal... ![](media/1259214834912157696-EXmffQ9X0AMcoF2.jpg) + +(Originally on Twitter: [Sat May 09 20:13:06 +0000 2020](https://twitter.com/adulau/status/1259214834912157696)) +---- +@Ahugla C’est une mixture entre Brazil, Johny Mnemonic et le livre sf de Bruce Sterling qui se passe dans Paris. Maintenant le plus impressionnant, ce sont les couleurs, ce n’est pas très cyberpunk. + +(Originally on Twitter: [Sun May 10 20:16:04 +0000 2020](https://twitter.com/adulau/status/1259577971448430592)) +---- +@mikko I’ll let you imagine a country building one of those fictional bridges... + +(Originally on Twitter: [Mon May 11 09:11:24 +0000 2020](https://twitter.com/adulau/status/1259773089510043648)) +---- +While reviewing some Tor hidden services using AIL project (https://github.com/ail-project/ail-framework), opsec is hard for everyone including criminals selling stolen credentials. They forgot a single common tracking element in a WordPress module which is used in two others hidden services. ![](media/1259774455225745408-EXubkT_WoAAloNc.png) + +(Originally on Twitter: [Mon May 11 09:16:50 +0000 2020](https://twitter.com/adulau/status/1259774455225745408)) +---- +@jcase @ChristiaanBeek @daniel_bilar His email address match his Twitter handle @vulnsisrock + +(Originally on Twitter: [Mon May 11 12:43:09 +0000 2020](https://twitter.com/adulau/status/1259826379245473792)) +---- +@daniel_bilar @jcase @ChristiaanBeek @vulnsisrock I think it's intentional to reach out with potential sellers. The associated PGP key is also pretty new and clean. Now maybe the question, is it a real broker? or just someone gathering information about the market/sellers or/and new potential vulnerability. + +(Originally on Twitter: [Mon May 11 13:16:42 +0000 2020](https://twitter.com/adulau/status/1259834818843508737)) +---- +@ChristiaanBeek @daniel_bilar @jcase @vulnsisrock Maybe some already did? + + +media/1259846334754033674-EXvfjuKWsAAt9Kb.mp4 + +(Originally on Twitter: [Mon May 11 14:02:27 +0000 2020](https://twitter.com/adulau/status/1259846334754033674)) +---- +RT @gallypette: @campuscodi Well, going through H1 does not help either with IBM. They sit on a vulnerability I sent to them 5 months ago o… + +(Originally on Twitter: [Mon May 11 15:48:44 +0000 2020](https://twitter.com/adulau/status/1259873082099064835)) +---- +RT @ahakcil: Anyone wanna play "Crappy CTF Bingo?" +#ctf #infosec ![](media/1259910231854845954-EXuuuRwXYAElHjy.png) + +(Originally on Twitter: [Mon May 11 18:16:21 +0000 2020](https://twitter.com/adulau/status/1259910231854845954)) +---- +RT @rtlsdrblog: GNU Radio TEMPEST Implementation Now Available https://www.rtl-sdr.com/gnu-radio-tempest-implementation-now-available/ ![](media/1260131484326821889-EXziAjIUwAA8nhl.jpg) + +(Originally on Twitter: [Tue May 12 08:55:32 +0000 2020](https://twitter.com/adulau/status/1260131484326821889)) +---- +@olihough86 Single /32 or a specific CIDR block? + +(Originally on Twitter: [Tue May 12 09:13:34 +0000 2020](https://twitter.com/adulau/status/1260136021808865280)) +---- +RT @doegox: Having fun with an EAL6+ JavaCard... timing attack on the PIN *length* https://blog.quarkslab.com/how-a-security-anomaly-was-accidentally-found-in-an-eal6-javacard.html involving very sophisticated equ… + +(Originally on Twitter: [Tue May 12 14:10:04 +0000 2020](https://twitter.com/adulau/status/1260210637797498880)) +---- +@doegox "So, don't be intimidated by high certifications of products and still try out stuff by yourself, who knows..." should be added in the default quote while testing hardware or software. + +(Originally on Twitter: [Tue May 12 14:11:50 +0000 2020](https://twitter.com/adulau/status/1260211083589095425)) +---- +RT @circl_lu: AIL Framework version 3.1 released with new crawling capabilities, Telegram username correlation, new external feeders (e.g.… + +(Originally on Twitter: [Tue May 12 15:33:14 +0000 2020](https://twitter.com/adulau/status/1260231567705808897)) +---- +RT @VV_X_7: @ctileague is doing great work combatting COVID-19 disinformation. Our Slack bots for the @MISPProject make it easier for influ… + +(Originally on Twitter: [Tue May 12 19:58:14 +0000 2020](https://twitter.com/adulau/status/1260298258510987265)) +---- +RT @RidT: Evergreen recommendation: *date* your APT report. + +Bonus: tell us the *place* of publication. + +(Originally on Twitter: [Wed May 13 06:39:51 +0000 2020](https://twitter.com/adulau/status/1260459723758895104)) +---- +I remember an old discussion during a closed meeting about the impact of bug bounties programs. Until now, the real impact is to drive the price up for the vulnerability broking. But did they really improve the vulnerability disclosure process and the security at large? + +(Originally on Twitter: [Wed May 13 19:04:31 +0000 2020](https://twitter.com/adulau/status/1260647125328617472)) +---- +@arekfurt @x0rz Indeed or we tend to aggregate two separated team/groups into one. + +(Originally on Twitter: [Thu May 14 06:06:42 +0000 2020](https://twitter.com/adulau/status/1260813769296486401)) +---- +@1sand0s I have seen a lot of organisations abusing bug bounty programs to delay even more the processing of vulnerability reports or asking a third-party to strictly filter to avoid reaching their PSCIRT (and removing the direct contact). There are positive points and negative aspects. + +(Originally on Twitter: [Thu May 14 06:18:29 +0000 2020](https://twitter.com/adulau/status/1260816737907458049)) +---- +@LargeCardinal Thanks Mark! I like when my broken English improves and especially in a specific « technical vocabulary ». + +(Originally on Twitter: [Thu May 14 06:23:46 +0000 2020](https://twitter.com/adulau/status/1260818065740226561)) +---- +RT @1sand0s: @adulau Oh sure, and there have been political debates about vuln disclosure that made me go + + +media/1260818199060373505-EX9S0I3X0AYQBIc.mp4 + +(Originally on Twitter: [Thu May 14 06:24:18 +0000 2020](https://twitter.com/adulau/status/1260818199060373505)) +---- +RT @k8em0: @paulvixie @adulau As commercially implemented today, bug bounties are more often a perversion of disclosure, combining the NDA… + +(Originally on Twitter: [Thu May 14 12:56:05 +0000 2020](https://twitter.com/adulau/status/1260916796644823042)) +---- +@Aristot73 https://m.youtube.com/watch?v=sTMgX1PDGAE + +(Originally on Twitter: [Thu May 14 14:18:09 +0000 2020](https://twitter.com/adulau/status/1260937449188003842)) +---- +@r00tbsd + + +media/1260987237380108290-EX_tNEJWoAEU3qP.mp4 + +(Originally on Twitter: [Thu May 14 17:36:00 +0000 2020](https://twitter.com/adulau/status/1260987237380108290)) +---- +@malwaremustd1e @Xylit0l @Ministraitor @SecEvangelism @trufae @switch_d @siri_urz @__Thanat0s__ @__Emilien__ @jimmychappell @jcanto @0xAli @ClausHoumann @PatriceAuffret @Marco_Ramilli @Sug4r7 @Der0ad @tolisec @mboelen @shipcod3 @_larry0 Thank you man! To be honest, I don’t know what we could do without you too. + +(Originally on Twitter: [Sat May 16 13:11:39 +0000 2020](https://twitter.com/adulau/status/1261645487163219968)) +---- +@r00tbsd @FortniteGame Don't forget to fill the forms for the dual-use license ;-) https://ec.europa.eu/trade/import-and-export-rules/export-from-eu/dual-use-controls/ + +(Originally on Twitter: [Sun May 17 09:09:34 +0000 2020](https://twitter.com/adulau/status/1261946954407456773)) +---- +@jfslowik I thought it was the cybercafé in Kabul next to the NATO base selling pre-infected USB thumb drives. I missed the raccoon part then ;-) + +(Originally on Twitter: [Sun May 17 19:59:40 +0000 2020](https://twitter.com/adulau/status/1262110556523241473)) +---- +RT @MITREattack: The Fifth EU ATT&CK Community Workshop kicks off this morning! We don't run this event, but we'll be giving several talks.… + +(Originally on Twitter: [Mon May 18 10:27:09 +0000 2020](https://twitter.com/adulau/status/1262328865172709377)) +---- +I’ll do a quick update Today at #euattackworkshop on @MITREattack and @MISPProject what are the current functionalities in MISP but also the future features to interlink and share intelligence using different models (ATT&CK and others). + +(Originally on Twitter: [Mon May 18 10:30:46 +0000 2020](https://twitter.com/adulau/status/1262329776318136320)) +---- +RT @ZeinaZakhour: Interesting intervention by @adulau on MiSP Galaxy2.0 and how it will Map and relate all the models inc Att&Ck framework… + +(Originally on Twitter: [Mon May 18 12:00:29 +0000 2020](https://twitter.com/adulau/status/1262352356085202950)) +---- +RT @cyb3rops: Great talks at +#euattackworkshop +@adulau @Cyb3rWard0g @olafhartong @andriinb @bareiss_patrick 👍 + +All slides will be release… + +(Originally on Twitter: [Mon May 18 14:05:22 +0000 2020](https://twitter.com/adulau/status/1262383785116684288)) +---- +@kp625544 @MITREattack @MISPProject Indeed, slides are available here https://github.com/MISP/misp-training/blob/master/x.9-eu-attack-community/slide.pdf + +(Originally on Twitter: [Mon May 18 15:12:46 +0000 2020](https://twitter.com/adulau/status/1262400745942515712)) +---- +RT @cyb5r3Gene: Very interesting that Bank of England (@bankofengland) is using MISP (@MISPProject) as a TIP. A great talk from James Morri… + +(Originally on Twitter: [Mon May 18 15:32:45 +0000 2020](https://twitter.com/adulau/status/1262405773008789506)) +---- +RT @aionescu: Well, I complained about signed drivers the other day, but a @Microsoft partner *cheating on their test* to get WHQL certific… + +(Originally on Twitter: [Mon May 18 18:15:29 +0000 2020](https://twitter.com/adulau/status/1262446728197951496)) +---- +Some organisations are investing time and money into intelligence gathering for state-sponsored actors. But sometime, ransomware actors are really worth to be investigated... + +(Originally on Twitter: [Mon May 18 20:00:58 +0000 2020](https://twitter.com/adulau/status/1262473272370900992)) +---- +@ninoseki @MISPProject @InQuest Thanks. Looks pretty cool. I’ll add it in tools list of the misp project website. If you know others, let me know. + +(Originally on Twitter: [Tue May 19 06:12:03 +0000 2020](https://twitter.com/adulau/status/1262627054845124610)) +---- +RT @MISPProject: How easy is to create an @MITREattack like matrix in MISP? @Iglocska did it live during the #EUATTACKworkshop - don't hesi… + +(Originally on Twitter: [Tue May 19 15:17:21 +0000 2020](https://twitter.com/adulau/status/1262764284351672323)) +---- +"Backstabber's Knife Collection: A Review of Open Source Software Supply Chain Attacks" Some interesting points and state-of-the-art. The safeguards for protecting repositories and software collection exist but the implementation will be hard. + +https://arxiv.org/abs/2005.09535 ![](media/1263035102847778817-EYczYfsWoAU_ZcM.jpg) + +(Originally on Twitter: [Wed May 20 09:13:29 +0000 2020](https://twitter.com/adulau/status/1263035102847778817)) +---- +RT @gentilkiwi: I just pushed a new #mimikatz version supporting Windows 10 2004 (build 19041) 🥝 + +> https://github.com/gentilkiwi/mimikatz/releases + +With sekurlsa,… + +(Originally on Twitter: [Wed May 20 16:22:31 +0000 2020](https://twitter.com/adulau/status/1263143073435078657)) +---- +I remember a discussion in 2000 where I proposed to use Postfix instead of qmail. Just because Wietse Venema was much more humble about the security of his MTA. Social evaluation can be a parameter for evaluating secure coding practices. + +(Originally on Twitter: [Wed May 20 18:28:20 +0000 2020](https://twitter.com/adulau/status/1263174738312126470)) +---- +@coolacid Not really but the feed format of MISP (as you might know) works like that ( https://www.misp-standard.org/rfc/misp-standard-core.html#rfc.section.4 ). Extending the manifest part to support additional formats would be trivial. Let me know what you think. + +(Originally on Twitter: [Thu May 21 06:56:30 +0000 2020](https://twitter.com/adulau/status/1263363016994816000)) +---- +@___wr___ wtf I hope this crap is only with a serial interface and not an Ethernet port. + +(Originally on Twitter: [Thu May 21 18:46:50 +0000 2020](https://twitter.com/adulau/status/1263541780773048320)) +---- +RT @naehrdine: It's online! Bluetooth RCE == Wi-Fi RCE. Say hello to Spectra, the concept of breaking wireless chip separation as they shar… + +(Originally on Twitter: [Thu May 21 18:48:32 +0000 2020](https://twitter.com/adulau/status/1263542207841255424)) +---- +@find_evil It’s fine until a set of upset criminals (the ones you were tracking) are using your PDF resume with a nasty OpenAction and send the modified PDF to a huge HR spam list. My mailbox still remembers the experience. + +(Originally on Twitter: [Thu May 21 19:17:55 +0000 2020](https://twitter.com/adulau/status/1263549604030828544)) +---- +Don't underestimate the impact of DNS (@MITREcorp outage). CWE and CAPEC data cannot be updated in @cve_search currently. Thanks @wimremes for pointing this out. ![](media/1263753434202869760-EYm_ADrXYAAwQBU.jpg) + +(Originally on Twitter: [Fri May 22 08:47:52 +0000 2020](https://twitter.com/adulau/status/1263753434202869760)) +---- +RT @hasherezade: Finally our paper about the "Silent Night" #Zloader /#Zbot is out! - by me (analysis) and @prsecurity_ (intelligence): htt… + +(Originally on Twitter: [Fri May 22 11:31:56 +0000 2020](https://twitter.com/adulau/status/1263794723287977984)) +---- +@rafi0t Nice. The list of hashes should be added in a warning-list when do the correlation on screenshot on the AIL framework. @Terrtia what do you think of the idea? + +(Originally on Twitter: [Fri May 22 13:50:17 +0000 2020](https://twitter.com/adulau/status/1263829536745144320)) +---- +@FVT @Ministraitor Can we have a nice before and after photo? ;-) + +(Originally on Twitter: [Fri May 22 15:20:14 +0000 2020](https://twitter.com/adulau/status/1263852175882702849)) +---- +@zim2918 Myosotis + +(Originally on Twitter: [Fri May 22 20:24:54 +0000 2020](https://twitter.com/adulau/status/1263928847055179776)) +---- +RT @0x3c7: Added most of the @Secureworks threat actor names as synonyms to the @MISPProject galaxy today. https://twitter.com/Secureworks/status/1263580691398197249 + +(Originally on Twitter: [Sat May 23 08:19:55 +0000 2020](https://twitter.com/adulau/status/1264108786475827201)) +---- +RT @MISPProject: Thanks to Nils @0x3c7 and @Secureworks for the contribution. MISP threat-actor galaxy is updated, published on the websit… + +(Originally on Twitter: [Sat May 23 08:24:19 +0000 2020](https://twitter.com/adulau/status/1264109894925508608)) +---- +@langnergroup @ValeryMarchive Often a flat directory structure with dates of all raw logs are easier to search with grep than any of the above mentioned tools. #grep for #DFIR and the bill is much lower. + +(Originally on Twitter: [Sat May 23 09:23:03 +0000 2020](https://twitter.com/adulau/status/1264124676822962181)) +---- +@brennsteinerc Proper distributed storage, multiple filesystem (XFS) mounted per year or month (depending of the volume) and a quick index (can be a file or a redis) counting the entries per source per date and year. Lookup from index, generating path for grep and you grep your raw logs. + +(Originally on Twitter: [Sat May 23 11:25:18 +0000 2020](https://twitter.com/adulau/status/1264155441141026820)) +---- +@brennsteinerc For the collection, it's usually an ugly mixture (syslog, custom log exporter and proprietary agent) depending of your devices sending to the main collector which can write on your storage. + +(Originally on Twitter: [Sat May 23 11:27:23 +0000 2020](https://twitter.com/adulau/status/1264155963650686978)) +---- +@npettiaux @framaka @amazon La seule alternative viable est bien souvent une version papier (sans DRM ;-)). + +(Originally on Twitter: [Sun May 24 07:18:18 +0000 2020](https://twitter.com/adulau/status/1264455666711683072)) +---- +"EU to dedicate nearly EUR 41 million to innovative projects on digital security" and one project is called "PALANTIR" not sure if trademarks apply for Horizon 2020 research project name. +https://ec.europa.eu/digital-single-market/en/news/eu-dedicate-nearly-eur-41-million-innovative-projects-digital-security + +(Originally on Twitter: [Sun May 24 09:21:50 +0000 2020](https://twitter.com/adulau/status/1264486754763104256)) +---- +RT @MISPProject: The nifty feature of @MISPProject to extend event has now its own taxonomy to support the reason behind the extended event… + +(Originally on Twitter: [Wed May 27 09:14:51 +0000 2020](https://twitter.com/adulau/status/1265572161894391808)) +---- +RT @circl_lu: DFIR Training Materials by @circl_lu : Edition May 2020 computer forensic training are published. "Post-mortem Digital Forens… + +(Originally on Twitter: [Wed May 27 14:39:25 +0000 2020](https://twitter.com/adulau/status/1265653843582386176)) +---- +RT @MISPProject: threat-actor-intelligence-server software has been updated and threat actor can now be queried by country. There is public… + +(Originally on Twitter: [Thu May 28 15:27:10 +0000 2020](https://twitter.com/adulau/status/1266028247566835712)) +---- +During @hack_lu conference, we always wanted to improve the visibility of security researches and long-term reference. + +So this year, if you submit a proposal and it's accepted, you'll get published in a book. So why don't you try? + +https://cfp.hack.lu/hack-lu-2020/cfp ![](media/1266990662198624256-EZUv8PlWoAMCs47.png) + +(Originally on Twitter: [Sun May 31 07:11:28 +0000 2020](https://twitter.com/adulau/status/1266990662198624256)) +---- +@LargeCardinal @BlackHatEvents @defcon @hack_lu We really want to support researchers who usually don’t write papers or have the ability to publish their work in a book. Maybe the difference, we don’t mind to include articles in a more lax e-zine format like phrack magazine. + +(Originally on Twitter: [Sun May 31 08:09:14 +0000 2020](https://twitter.com/adulau/status/1267005201350889472)) +---- +RT @rafi0t: Tired of watching videos all day long on your computer by now? No, not just yet? We bet you will be in October! + +That's why we… + +(Originally on Twitter: [Sun May 31 11:18:02 +0000 2020](https://twitter.com/adulau/status/1267052716041388034)) +---- +RT @hack_lu: What about we produce a book instead? And what about a book with online support material, so people can discover your work wit… + +(Originally on Twitter: [Sun May 31 13:30:12 +0000 2020](https://twitter.com/adulau/status/1267085973323689986)) +---- +RT @Ko97551819: It's important to root the community also on an accessible and referenced work among researchers 😉 so don't hesitate, send… + +(Originally on Twitter: [Mon Jun 01 06:59:32 +0000 2020](https://twitter.com/adulau/status/1267350047458500608)) +---- +RT @JoelSernaMoreno: Evil Crow RF Beta: documentation, gerbers, design and schematic. + +https://github.com/joelsernamoreno/EvilCrowRF-Beta ![](media/1267875499692429314-EZhbb08X0AAtmYB.jpg) + +(Originally on Twitter: [Tue Jun 02 17:47:29 +0000 2020](https://twitter.com/adulau/status/1267875499692429314)) +---- +@nullcookies Directories full of text is great. I remember the parallel coordinates visualisation from @tricaud called picviz which was something in between and actually useable on large datasets. I remember using it on large set of directories as an index. + +(Originally on Twitter: [Tue Jun 02 18:11:21 +0000 2020](https://twitter.com/adulau/status/1267881506480979969)) +---- +RT @cve_search: cve-search 2.8 has been released including bugs fixed and default support for the NVD CVE JSON 1.1. Thanks to all the contr… + +(Originally on Twitter: [Wed Jun 03 14:12:36 +0000 2020](https://twitter.com/adulau/status/1268183810631491587)) +---- +RT @juanandres_gs: Catching up on @OPCDE after the fact – Amazing to see a talk on newer Penquin Turla samples. Excellent work by @DukarAlc… + +(Originally on Twitter: [Thu Jun 04 07:32:38 +0000 2020](https://twitter.com/adulau/status/1268445544172654593)) +---- +"Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques -- An Experiment" Indeed, many of us are still using honeytokens in targeted cases. This paper tries to formalise their usage. + +https://arxiv.org/abs/2006.01849 + +(Originally on Twitter: [Thu Jun 04 12:14:05 +0000 2020](https://twitter.com/adulau/status/1268516371035545600)) +---- +@Sebdraven @ninoseki @58_158_177_102 It’s not in my sinkhole db. + +(Originally on Twitter: [Thu Jun 04 15:11:51 +0000 2020](https://twitter.com/adulau/status/1268561109667233797)) +---- +RT @barbieauglend: Hey ladies and first timers :) If you are unsure about your research or how / what to submit to @hack_lu this year, my D… + +(Originally on Twitter: [Fri Jun 05 04:55:05 +0000 2020](https://twitter.com/adulau/status/1268768282510790656)) +---- +If you are looking for a simple and efficient open source RSS reader to run on premises, newspipe is really neat. Thanks to Cedric Bonhomme for the hard work. #rss #OSINT + +https://git.sr.ht/~cedric/newspipe +https://github.com/cedricbonhomme/newspipe ![](media/1268848974833860608-EZvYtRJX0AAMO9j.jpg) + +(Originally on Twitter: [Fri Jun 05 10:15:44 +0000 2020](https://twitter.com/adulau/status/1268848974833860608)) +---- +@asfakian @MISPProject You are clever. We are working on it ;-) There will be an export to MISP for selected article. + +(Originally on Twitter: [Fri Jun 05 14:01:37 +0000 2020](https://twitter.com/adulau/status/1268905819921416193)) +---- +RT @FDezeure: We just published Organizing a conference during lockdown https://link.medium.com/wxJMbWeiO6 @MITREattack @MITREengenuity @CIRCL @CERTEU + +(Originally on Twitter: [Fri Jun 05 15:11:46 +0000 2020](https://twitter.com/adulau/status/1268923476154425344)) +---- +RT @Ko97551819: half a day full of decaf, the other half installing a @MISPProject instance. I took some notes to help others "what are the… + +(Originally on Twitter: [Fri Jun 05 17:11:39 +0000 2020](https://twitter.com/adulau/status/1268953644403232768)) +---- +RT @circl_lu: During the EU @MITREattack workshop, many tools & models are mentioned. http://Attack-community.org is building a directory of to… + +(Originally on Twitter: [Mon Jun 08 08:39:43 +0000 2020](https://twitter.com/adulau/status/1269911977696137216)) +---- +RT @_ringzer0: Here's a great intro to #Ghidra and how it compares to #radare, #BinaryNinja, #IDAPro. Talk by @0xJeremy at #cmeasurecon. ht… + +(Originally on Twitter: [Mon Jun 08 13:33:27 +0000 2020](https://twitter.com/adulau/status/1269985895119237122)) +---- +What's the sex of Gizmo? It is fundamental question because people complain about my cat called Gizmo but it's a female. + +(Originally on Twitter: [Mon Jun 08 17:45:23 +0000 2020](https://twitter.com/adulau/status/1270049296088514560)) +---- +@goenie She reacts only when talking about feeding her with cat food. She doesn’t give a sh*t about her name. + +(Originally on Twitter: [Mon Jun 08 19:20:03 +0000 2020](https://twitter.com/adulau/status/1270073120993488896)) +---- +RT @MarkBaggett: @adulau I think Gizmo was female. I think biologist typically refer to asexual reproductive species as female. Asexual rep… + +(Originally on Twitter: [Mon Jun 08 20:44:31 +0000 2020](https://twitter.com/adulau/status/1270094378615345153)) +---- +Don't use multiple words threat-actor name. Appending "team", "group", "panda" or what ever you like is a source of confusion. Is it "menupass" or "menupass Team" ? Single word is always better. You can use code like "TAXXX" or "APT-XXX", simple and easy. + +(Originally on Twitter: [Tue Jun 09 14:02:35 +0000 2020](https://twitter.com/adulau/status/1270355616914178049)) +---- +Let's talk about recommendations on how to choose a threat actor name for the security vendors. I analysed the 905 names within the @MISPProject threat-actor galaxy. First, please stop using common words for threat actors. It makes difficult for analysts gathering OSINT. ![](media/1270355614204559360-EaEye3RXQAEwVEN.jpg) + +(Originally on Twitter: [Tue Jun 09 14:02:35 +0000 2020](https://twitter.com/adulau/status/1270355614204559360)) +---- +and don't forget to have a standard document describing the naming choice, if it's lower-case or upper-case (don't mix-up). Avoid UTF-8, stick to ASCII. I think we will do a recommendation document. Feedback welcome. + +(Originally on Twitter: [Tue Jun 09 14:02:36 +0000 2020](https://twitter.com/adulau/status/1270355618726109184)) +---- +@EndlessMason @MISPProject Good point. I will add the recommendation to not use name of persons, places or alike even if the threat actor is from 2001 ;-) + +(Originally on Twitter: [Tue Jun 09 14:47:11 +0000 2020](https://twitter.com/adulau/status/1270366837834948608)) +---- +RT @Ko97551819: Good thread. #ThreatIntel https://twitter.com/adulau/status/1270355614204559360 + +(Originally on Twitter: [Tue Jun 09 16:35:57 +0000 2020](https://twitter.com/adulau/status/1270394209623834624)) +---- +RT @taosecurity: It looks like it was a wise decision for @mandiant to use APTxxx many years ago when naming advanced persistent threat act… + +(Originally on Twitter: [Tue Jun 09 16:36:10 +0000 2020](https://twitter.com/adulau/status/1270394264351117317)) +---- +@HostileSpectrum @MISPProject I fully agree that's also the analyst's mind and not only a matter of format for automatic processing. Naming is hard and can even convey bias or assumption in the name. I'll come with an Internet-Draft, open for comments and feedback. Thanks for the feedback. + +(Originally on Twitter: [Tue Jun 09 19:07:59 +0000 2020](https://twitter.com/adulau/status/1270432471272873991)) +---- +RT @IfNotPike: Here's my write-up on how I built a RPi controller for my Yaesu VX-7R! :D + +https://bad-radio.solutions/notes_yaesu_rpi +#Ham #Radio https://t.co/… + +(Originally on Twitter: [Wed Jun 10 07:17:31 +0000 2020](https://twitter.com/adulau/status/1270616063164796928)) +---- +RT @CERT_Polska_en: Our platform http://mwdb.cert.pl now supports hunting samples with #YARA rules! Thanks to integration with mquery (… + +(Originally on Twitter: [Wed Jun 10 17:57:27 +0000 2020](https://twitter.com/adulau/status/1270777110320250880)) +---- +@Ko97551819 My feeling while searching the history and meaning of old Unix commands. + + +media/1271498689081737218-EaVFUEtWoAAfdq4.mp4 + +(Originally on Twitter: [Fri Jun 12 17:44:45 +0000 2020](https://twitter.com/adulau/status/1271498689081737218)) +---- +RT @MISPProject: A new MISP taxonomy for misinformation website label has been added by @Ko97551819 Original work by @mishmz - cc/ @VV_X_7… + +(Originally on Twitter: [Fri Jun 12 20:01:58 +0000 2020](https://twitter.com/adulau/status/1271533222007111681)) +---- +@chort0 @_CLX @MISPProject A first early version of the Internet-Draft for the threat-actor naming recommendations: + +https://github.com/MISP/misp-rfc/tree/master/threat-actor-naming + +Feel free to comment or do pull-request on + +https://github.com/MISP/misp-rfc/blob/master/threat-actor-naming/raw.md + +Thanks to all who already gave ideas! + +(Originally on Twitter: [Fri Jun 12 20:05:33 +0000 2020](https://twitter.com/adulau/status/1271534124025679874)) +---- +I thought to never hear again new track which gives this inner feeling of techno from the nineties. But @CharlottedWitte did it (again) with Return To Nowhere. https://open.spotify.com/track/77IiDftw9wiK4mxBDWKnA2?si=JFujSDmERy2DAvduVprz_A ![](media/1272055298119946240-Eac_Yb3WsAAVz5l.jpg) + +(Originally on Twitter: [Sun Jun 14 06:36:31 +0000 2020](https://twitter.com/adulau/status/1272055298119946240)) +---- +RT @LSELabs: New release: cve-search 2.8 (local CVE and CPE database) by @adulau #cpe #cve https://linuxsecurity.expert/tools/cve-search/ + +(Originally on Twitter: [Mon Jun 15 04:44:51 +0000 2020](https://twitter.com/adulau/status/1272389585121808386)) +---- +The success of an information sharing community seems to be inversely proportional to the number of legal documents that are required to be signed. #informationsharing #ThreatIntel + +(Originally on Twitter: [Mon Jun 15 06:20:23 +0000 2020](https://twitter.com/adulau/status/1272413624628322304)) +---- +RT @JamesAtack: Trust can’t be legislated, contractualised, ordered or processed #informationsharing #ThreatIntel https://twitter.com/adulau/status/1272413624628322304 + +(Originally on Twitter: [Mon Jun 15 08:50:05 +0000 2020](https://twitter.com/adulau/status/1272451301633384448)) +---- +RT @DennisRand: @adulau I totally agree, however there is also the #ShareScare, i've seen examples where people are scared of sharing since… + +(Originally on Twitter: [Mon Jun 15 09:06:26 +0000 2020](https://twitter.com/adulau/status/1272455412646805504)) +---- +RT @stevengoossens: @JamesAtack @adulau I would even say all contracts, NDAs etc lead to more mistrust, in many cases for something which i… + +(Originally on Twitter: [Mon Jun 15 09:06:33 +0000 2020](https://twitter.com/adulau/status/1272455442887835653)) +---- +@dan_tinsley Indeed but it’s more when the service is exploited by vendors reselling or broking the data. My example was more information sharing communities having common goals or sharing the same « cultural » practices. + +(Originally on Twitter: [Tue Jun 16 06:41:10 +0000 2020](https://twitter.com/adulau/status/1272781244540039169)) +---- +RT @passthesaltcon: TIME TO REGISTER! Want to attend our #pts20 Virtual Edition and its keynote and 6 different Sessions as detailed on the… + +(Originally on Twitter: [Tue Jun 16 06:58:34 +0000 2020](https://twitter.com/adulau/status/1272785624462917633)) +---- +@fraisfringant @jeancreed1 Il va vraiment nous manquer. + +(Originally on Twitter: [Tue Jun 16 15:51:40 +0000 2020](https://twitter.com/adulau/status/1272919783483342849)) +---- +RT @th3jiv3r: @bp384r1 if you work for private organisations, organisations, CERTs, if you are a trusted security vendor or researcher, you… + +(Originally on Twitter: [Tue Jun 16 20:22:13 +0000 2020](https://twitter.com/adulau/status/1272987866562539526)) +---- +RT @MaltegoHQ: We are happy to announce that the @MITREattack and @MISPProject Transforms are now officially part of #Maltego Transform Hub… + +(Originally on Twitter: [Wed Jun 17 15:08:39 +0000 2020](https://twitter.com/adulau/status/1273271344428351489)) +---- +If you are wondering what kind of digital evidence you can gather from @alexa99 API, there is a good summary in this paper https://arxiv.org/abs/2006.08749 "Using Amazon Alexa APIs as a Source of Digital Evidence" #DFIR ![](media/1273320681191739395-Eau-ULpXsAER-B4.png) + +(Originally on Twitter: [Wed Jun 17 18:24:42 +0000 2020](https://twitter.com/adulau/status/1273320681191739395)) +---- +@aris_ada Tout le monde doit connaître une des meilleures séquence de Strip-Tease ;-) + +(Originally on Twitter: [Thu Jun 18 14:27:14 +0000 2020](https://twitter.com/adulau/status/1273623309532315650)) +---- +@aris_ada Ah oui, Allo Police... je mélange toujours les deux ;-) + +(Originally on Twitter: [Thu Jun 18 14:33:27 +0000 2020](https://twitter.com/adulau/status/1273624873433210880)) +---- +RT @MarieGMoe: This is huge for me. Almost five years since I started the pacemaker hacking project and finally CVEs have been published fo… + +(Originally on Twitter: [Thu Jun 18 16:51:19 +0000 2020](https://twitter.com/adulau/status/1273659570687262721)) +---- +RT @MISPProject: MISP 2.4.127 released with an improved version of attributes decaying, new set of widgets, many improvements and bugs fixe… + +(Originally on Twitter: [Fri Jun 19 07:35:26 +0000 2020](https://twitter.com/adulau/status/1273882066854260737)) +---- +RT @FDezeure: After the highly successful fifth EU ATT&CK Community Workshop we didn’t want to wait to open the registrations for the next… + +(Originally on Twitter: [Fri Jun 19 07:54:21 +0000 2020](https://twitter.com/adulau/status/1273886824818245632)) +---- +@Sebdraven Cela me rappelle nos discussions sur les contributions de la France sur des projets libres existant... ah non, c'est pas possible. Alors on refait un nouveau projet. + +(Originally on Twitter: [Fri Jun 19 08:41:34 +0000 2020](https://twitter.com/adulau/status/1273898706446802946)) +---- +@Ko97551819 @billpollock My favorite one is still “ed” which is not even a full screen editor. I’m sure you’ll tell me that for old chaps like me... + +(Originally on Twitter: [Fri Jun 19 13:35:47 +0000 2020](https://twitter.com/adulau/status/1273972749330001925)) +---- +@J_M_Schroeder @MISPProject The organisations are equals and filtering rules can be applied either on organisation or tags. You could use tags to achieve what you want but maybe we should consider to introduce such mechanisms in MISP directly. + +(Originally on Twitter: [Fri Jun 19 14:19:48 +0000 2020](https://twitter.com/adulau/status/1273983825966780423)) +---- +@J_M_Schroeder @MISPProject Admiralty is just a taxonomy with tags. So short answer: yes ;-) + +(Originally on Twitter: [Fri Jun 19 14:57:08 +0000 2020](https://twitter.com/adulau/status/1273993223493619712)) +---- +RT @Timo_Steffens: A dossier compiled by a Khodorkovsky-funded project (https://fsb.dossier.center) cites a former or current FSB officer that… + +(Originally on Twitter: [Fri Jun 19 17:19:46 +0000 2020](https://twitter.com/adulau/status/1274029117143502848)) +---- +RT @ptracesecurity: The secret life of GPS trackers (1/2) https://decoded.avast.io/martinhron/the-secret-life-of-gps-trackers/ #MobileSecurity #AndroidSecurity #GPS #Infosec https://… + +(Originally on Twitter: [Sat Jun 20 07:33:45 +0000 2020](https://twitter.com/adulau/status/1274244030075895809)) +---- +RT @Ko97551819: Hey, just build a list for day to day #opensource tools we use. Feel free to fill it up with tools u (really) use and like… + +(Originally on Twitter: [Sat Jun 20 10:33:50 +0000 2020](https://twitter.com/adulau/status/1274289347118993411)) +---- +@laufrittella @hack_lu Finally the “talk” at @hack_lu was so advanced and a precursor about the bamboo impact ;-) + +(Originally on Twitter: [Mon Jun 22 09:28:53 +0000 2020](https://twitter.com/adulau/status/1274997780260556800)) +---- +RT @OrangeCertCC: Vous êtes expert.e en cyber sécurité et motivé.e pour nous rejoindre ? https://orange.jobs/jobs/offer.do?joid=92804&lang=FR + +(Originally on Twitter: [Mon Jun 22 10:21:53 +0000 2020](https://twitter.com/adulau/status/1275011118533095426)) +---- +@r00tbsd Impressive. I really like the atmosphere, well done for a first one! + +(Originally on Twitter: [Mon Jun 22 10:37:55 +0000 2020](https://twitter.com/adulau/status/1275015153776562177)) +---- +RT @ESETresearch: #ESETresearch unearths modus operandi of the elusive #InvisiMole group, digging up their arsenal used to stay invisible.… + +(Originally on Twitter: [Mon Jun 22 10:54:53 +0000 2020](https://twitter.com/adulau/status/1275019422357479424)) +---- +RT @MISPProject: A new information sharing community using MISP has been created called PISAX - pan-European Information Sharing and Analys… + +(Originally on Twitter: [Mon Jun 22 15:51:01 +0000 2020](https://twitter.com/adulau/status/1275093946079809536)) +---- +RT @hack_lu: Hey, just a reminder that our Call for Proposals is still open, and we're looking forward to know more about your research pro… + +(Originally on Twitter: [Wed Jun 24 12:07:35 +0000 2020](https://twitter.com/adulau/status/1275762494401843201)) +---- +I love when @subgraph is basically killing a @Graphviz dot file parsing because of its reserved name. Escaping is hard for everyone. + + +media/1275816063440162817-EbSb7-SXgAEIj3W.mp4 + +(Originally on Twitter: [Wed Jun 24 15:40:27 +0000 2020](https://twitter.com/adulau/status/1275816063440162817)) +---- +Just published the Internet-Draft "Passive DNS - Common Output Format" adding the time_first_ms and time_last_ms to add optional millisecond precision to Passive DNS output format. Thanks to all the contributors from the @FIRSTdotOrg SIG. + +https://tools.ietf.org/html/draft-dulaunoy-dnsop-passive-dns-cof-07 ![](media/1276173825949020160-EbXgCXNXsAASc-t.png) + +(Originally on Twitter: [Thu Jun 25 15:22:04 +0000 2020](https://twitter.com/adulau/status/1276173825949020160)) +---- +What did I learn about fusion centers when looking at the #blueleaks and the current state of information sharing? Still exchanging tons of PDF which cannot be easily parsed and correlated. They should really have a look at @MISPProject ;-) + + +media/1276215843073019909-EbYHiglWkAEnlT6.mp4 + +(Originally on Twitter: [Thu Jun 25 18:09:02 +0000 2020](https://twitter.com/adulau/status/1276215843073019909)) +---- +RT @WolfieChristl: The current state of commercial tracking: + +Adobe is (re)selling data from another data broker, who tracked protesters in… + +(Originally on Twitter: [Fri Jun 26 16:26:25 +0000 2020](https://twitter.com/adulau/status/1276552408324333571)) +---- +RT @_saadk: Black Hearts Matter. +Title and poem inspired by a beautiful sketch @AdulauA shared with me earlier today. +#photography #art #Bl… + +(Originally on Twitter: [Sun Jun 28 09:17:07 +0000 2020](https://twitter.com/adulau/status/1277169144023126016)) +---- +"Towards end-to-end Cyberthreat Detection from Twitter using Multi-Task Learning" + +Dataset(s) and code available: https://github.com/ndionysus/multitask-cyberthreat-detection + +http://www.di.fc.ul.pt/~bessani/publications/ijcnn20-mtlearning.pdf #ThreatIntelligence ![](media/1277344028825128962-EboJKryXYAEWlgc.jpg) + +(Originally on Twitter: [Sun Jun 28 20:52:03 +0000 2020](https://twitter.com/adulau/status/1277344028825128962)) +---- +RT @MISPProject: We develop a companion to @MISPProject called Cerebrate Project. Cerebrate is an open-source platform meant to act as a tr… + +(Originally on Twitter: [Mon Jun 29 08:37:17 +0000 2020](https://twitter.com/adulau/status/1277521507623874560)) +---- +RT @Ko97551819: got questions about our #opensource experiment? https://github.com/mianmo-project +with actual success and fails ;-) +@adulau @passthes… + +(Originally on Twitter: [Mon Jun 29 12:42:28 +0000 2020](https://twitter.com/adulau/status/1277583211976101891)) +---- +Slides presented at @passthesaltcon about our (@Ko97551819) experience when starting the face mask open source project and what we discovered to build better FOSS in the future. #opensource https://github.com/C00kie-/foss-tools/blob/master/best-practices/slides/slides.pdf #facemasks #FaceMasks4all ![](media/1277590190408769539-EbrocmXWoAAZX0b.jpg) + +(Originally on Twitter: [Mon Jun 29 13:10:12 +0000 2020](https://twitter.com/adulau/status/1277590190408769539)) +---- +If you have an idea, code it while you have the idea. If not it will go away or you might spend more time bragging about it than finding the immediate limitations of the idea. And by the way, there is no such thing as coding too early. This is just project management BS. + +(Originally on Twitter: [Mon Jun 29 15:42:23 +0000 2020](https://twitter.com/adulau/status/1277628486769934336)) +---- +@Giribot Je sais mais au final, c'est simplement un peu de marketing autour d'un modèle d'agricole biologique puisqu'il respect au minimum les règles bio. + +(Originally on Twitter: [Tue Jun 30 11:53:15 +0000 2020](https://twitter.com/adulau/status/1277933211646152705)) +---- +RT @maciekkotowicz: Today's #Trickbot loaders with a screen resolution #antivm trick, if you have 800x600 or 1024x768 resolution - you are… + +(Originally on Twitter: [Wed Jul 01 05:36:26 +0000 2020](https://twitter.com/adulau/status/1278200770173767680)) +---- +@Ko97551819 @LargeCardinal And the most critical part of the photo https://www.takana.be/en/home-en/ and then you’ll become a junkie. + +(Originally on Twitter: [Wed Jul 01 15:23:08 +0000 2020](https://twitter.com/adulau/status/1278348420084883456)) +---- +“We're born alone, we live alone, we die alone. Only through our love and friendship can we create the illusion for the moment that we're not alone.” Orson Welles + +(Originally on Twitter: [Wed Jul 01 15:48:32 +0000 2020](https://twitter.com/adulau/status/1278354812954914816)) +---- +@MichlSchmid It’s just a reminder ;-) + +(Originally on Twitter: [Wed Jul 01 19:09:23 +0000 2020](https://twitter.com/adulau/status/1278405356125855745)) +---- +@LargeCardinal Because it’s easier to download a ML library/framework claiming to do everything for you than to learn how to write a proper regex + +(Originally on Twitter: [Thu Jul 02 18:19:57 +0000 2020](https://twitter.com/adulau/status/1278755304231055360)) +---- +@superruserr Thank you very much. We hope this will become an RFC soon as the majority of pdns implementation uses this format for the past years. + +(Originally on Twitter: [Thu Jul 02 21:04:17 +0000 2020](https://twitter.com/adulau/status/1278796659699388418)) +---- +@codefiscal J'adore le tweet... mais je ne comprends pas trop la relation entre les deux ;-) + +(Originally on Twitter: [Fri Jul 03 12:26:50 +0000 2020](https://twitter.com/adulau/status/1279028827667251200)) +---- +@codefiscal Oui, c'est un des co-fondateurs de la conférence (je suis l'autre co-fondateur). Mais je ne comprends toujours pas le lien avec le tweet précédent? + +(Originally on Twitter: [Fri Jul 03 12:46:53 +0000 2020](https://twitter.com/adulau/status/1279033871988862977)) +---- +Unpopular but factual opinion, GDPR and especially the decision of @ICANN to hide the owners behind a domain was basically the biggest boost for criminals to conduct phishing campaigns. Nowadays a takedown for a phishing is much slower (by a factor of 2 or more) than previously. + +(Originally on Twitter: [Fri Jul 03 15:40:46 +0000 2020](https://twitter.com/adulau/status/1279077635042226176)) +---- +@gamithra_marga I think this could be a good contribution as a corpus for @NLTK_org or http://spacy.io and similar libraries when the project reaches a stable state ;-) + +(Originally on Twitter: [Fri Jul 03 15:49:56 +0000 2020](https://twitter.com/adulau/status/1279079938042343424)) +---- +@stevengoossens @ICANN If registrars (as @ICANN forced them to hide the information) act as abuse point of contact, it could be a solution but I’m sure it will be an additional layer of delay. I think the legal dept of ICANN was badly advised. We don’t hide owners of companies from registries... + +(Originally on Twitter: [Fri Jul 03 16:08:04 +0000 2020](https://twitter.com/adulau/status/1279084504498540544)) +---- +@adrianom @shotgunner101 @ICANN Let me take another example. You want to find a company to do some renovation at your home. You checked the website, review if there is any pending litigation and check if the company owners are real in public directories. Same for domain names... but now you cannot check. + +(Originally on Twitter: [Fri Jul 03 18:17:24 +0000 2020](https://twitter.com/adulau/status/1279117052968607747)) +---- +@thierryzoller @ICANN You mean that hiding the information of who owns a domain name is a liberty or a freedom? + +(Originally on Twitter: [Fri Jul 03 18:21:19 +0000 2020](https://twitter.com/adulau/status/1279118035987714056)) +---- +@thierryzoller @ICANN When you setup a business, the names of the founder are public. It's not a question of privacy. + +(Originally on Twitter: [Fri Jul 03 20:26:36 +0000 2020](https://twitter.com/adulau/status/1279149564067446784)) +---- +@linecon0 @shotgunner101 @ICANN The reality is different. When you need to do a take down a phishing website, you cannot wait for weeks to get a warrant ;-) + +(Originally on Twitter: [Fri Jul 03 20:28:23 +0000 2020](https://twitter.com/adulau/status/1279150015559196672)) +---- +@linecon0 @abuse_ch @ICANN Purchasing a domain and hosting service is different than buying a product as a consumer. You are setting up an active service on Internet and you need a point of contact in case of abuse. When you create a business, you need to have your name registered too. + +(Originally on Twitter: [Fri Jul 03 20:33:03 +0000 2020](https://twitter.com/adulau/status/1279151189150650368)) +---- +@Ko97551819 @gamithra_marga I love it when you will be completely addicted, you might want to ask a ceramist to design one for you. I have this one for more than 10 years. https://www.flickr.com/photos/adulau/6412193209 ![](media/1279307865023557636-EcEDVL1XsAA0G2x.jpg) + +(Originally on Twitter: [Sat Jul 04 06:55:38 +0000 2020](https://twitter.com/adulau/status/1279307865023557636)) +---- +@Sh0ckFR @Ko97551819 @gamithra_marga It’s seeds of alfalfa (Luzerne in French) in mine. I love the taste. In the one from @Ko97551819 she will tell ;-) + +(Originally on Twitter: [Sat Jul 04 07:38:46 +0000 2020](https://twitter.com/adulau/status/1279318722981908480)) +---- +@ChloeS1985 @ICANN It’s more about reaching out owner of servers which are compromised and abused. At the end, we cannot reach the victims... + +(Originally on Twitter: [Sat Jul 04 08:53:36 +0000 2020](https://twitter.com/adulau/status/1279337553917870081)) +---- +@naughtynerdy @thierryzoller @ICANN It can be the webmaster or owner of the host to be contacted in case of emergency or abuse of their infrastructure. No need to be the final user. Currently every contact point is removed. + +(Originally on Twitter: [Sat Jul 04 17:18:24 +0000 2020](https://twitter.com/adulau/status/1279464591454539776)) +---- +@thierryzoller @naughtynerdy @ICANN It can be an abuse point of contact. No need of personal data. The current records of whois (for a majority of registries) even hide generic point of contact for the owner due to a misinterpretation of the GDPR. + +(Originally on Twitter: [Sat Jul 04 17:40:29 +0000 2020](https://twitter.com/adulau/status/1279470146747281408)) +---- +@_fogfish_ @linecon0 @abuse_ch @ICANN At least you have the abuse contact of the social network operators which is often enough. For domains and hosting companies, it is a jungle to find the appropriate contact to deal with security issues. And there the default GDPR hiding doesn’t help. + +(Originally on Twitter: [Sat Jul 04 18:46:34 +0000 2020](https://twitter.com/adulau/status/1279486779276636163)) +---- +@naughtynerdy @thierryzoller @ICANN When you have to notify and find contacts for thousands of phishing website on some random compromised domains/hosts per day, court orders and warrants are not really the appropriate legal tool just to find the contact point of a domain. + +(Originally on Twitter: [Sun Jul 05 06:07:48 +0000 2020](https://twitter.com/adulau/status/1279658215282745347)) +---- +@thierryzoller @naughtynerdy @ICANN That's the point. ICANN overreacted and should have found better alternative or limit access on purpose. + +(Originally on Twitter: [Sun Jul 05 08:36:04 +0000 2020](https://twitter.com/adulau/status/1279695529149108225)) +---- +@GossiTheDog They first come for a miner and then they later discover that would have been more economically interesting to do some ransomware. + +(Originally on Twitter: [Sun Jul 05 09:00:48 +0000 2020](https://twitter.com/adulau/status/1279701755501125632)) +---- +RT @ninoseki: Classifying Network Vendors at Internet Scale (PDF) +https://arxiv.org/pdf/2006.13086.pdf ![](media/1279767367007035392-EcKfmupU0AAoSNk.jpg) + +(Originally on Twitter: [Sun Jul 05 13:21:31 +0000 2020](https://twitter.com/adulau/status/1279767367007035392)) +---- +RT @Botconf: We have decided the two following evolutions for #Botconf2020 : +- CFP deadline is postponed to July 15th +- The conference will… + +(Originally on Twitter: [Tue Jul 07 07:48:44 +0000 2020](https://twitter.com/adulau/status/1280408393409273861)) +---- +Anyone from @cliqz willing to release as open source the back-end of their search engine ? https://cliqz.com/announcement.html + +(Originally on Twitter: [Wed Jul 08 06:49:24 +0000 2020](https://twitter.com/adulau/status/1280755850181779456)) +---- +RT @circl_lu: We published the open source #DFIR training materials created to support LEA and police in the scope of the ENFORCE project (… + +(Originally on Twitter: [Wed Jul 08 12:51:46 +0000 2020](https://twitter.com/adulau/status/1280847041095241729)) +---- +RT @d4_project: In the training materials for LEA and police released by @circl_lu , a specific training about cryptography includes the ou… + +(Originally on Twitter: [Wed Jul 08 13:21:24 +0000 2020](https://twitter.com/adulau/status/1280854501541531650)) +---- +@asfakian @Cyb3rMik3 @circl_lu @EUHomeAffairs @ceis_strat @Place_Beauvau It’s materials that we did as @circl_lu in the scope of an ISF project with @ceis_strat . This content is now open source under an open source project (neolea) to bring more organisations (LEA and non-LEA) contributing to the training materials on the long run. + +(Originally on Twitter: [Wed Jul 08 16:16:25 +0000 2020](https://twitter.com/adulau/status/1280898543415418880)) +---- +@Iglocska @SteveClement @github Git core mantra « branching cost nothing » + +(Originally on Twitter: [Wed Jul 08 16:21:57 +0000 2020](https://twitter.com/adulau/status/1280899935886598145)) +---- +@asfakian @Cyb3rMik3 @circl_lu @EUHomeAffairs @ceis_strat @Place_Beauvau and I didn’t know about the meaning in Greek. But it sounds cool 😅 + +(Originally on Twitter: [Wed Jul 08 16:34:41 +0000 2020](https://twitter.com/adulau/status/1280903142284988417)) +---- +I did use @NLTK_org for years but I rewrote an old code using @spacy_io and especially using their pretrained statistical models for French. The results are quite impressive. Nice to see such progress in open source software for NLP. #opensource #datamining + + +media/1280980202345160704-Ecb0s0PWkAw7vtH.mp4 + +(Originally on Twitter: [Wed Jul 08 21:40:54 +0000 2020](https://twitter.com/adulau/status/1280980202345160704)) +---- +@ater49 @NLTK_org @spacy_io Nope. It might be at some point. + +(Originally on Twitter: [Wed Jul 08 21:49:06 +0000 2020](https://twitter.com/adulau/status/1280982266731167746)) +---- +@MichlSchmid @circl_lu @EUHomeAffairs @ceis_strat @Place_Beauvau Thank you. We try to do our best to produce useful content for everyone. Feel free to collaborate on the GitHub if you have any ideas or feedback. + +(Originally on Twitter: [Thu Jul 09 07:38:16 +0000 2020](https://twitter.com/adulau/status/1281130534811373569)) +---- +@FabienDombard @NLTK_org @spacy_io Sure, you can ask. It might become an open source project at some point ;-) + +(Originally on Twitter: [Thu Jul 09 08:00:09 +0000 2020](https://twitter.com/adulau/status/1281136044260364289)) +---- +RT @ptracesecurity: Breaking the D-Link DIR3060 Firmware Encryption - Recon - Part 1 https://0x434b.dev/breaking-the-d-link-dir3060-firmware-encryption-recon-part-1/ #Pentesting #DLink #Recon #I… + +(Originally on Twitter: [Fri Jul 10 05:07:44 +0000 2020](https://twitter.com/adulau/status/1281455039136096257)) +---- +@r00tbsd @AZobec @__Thanat0s__ For the soundscape, I would make the sound a bit more stretched with a small tick or rhythm linked to the output of the tubes ;-) I like the design and especially the fact that we cannot really identify what is it. + +(Originally on Twitter: [Fri Jul 10 08:13:40 +0000 2020](https://twitter.com/adulau/status/1281501832003674117)) +---- +It’s quite impressive to see the number of apps depending of the Facebook SDK analytics https://developers.facebook.com/status/issues/1739188102911114/ and how all the apps are crashing just because the service is not reachable. + +(Originally on Twitter: [Fri Jul 10 11:20:52 +0000 2020](https://twitter.com/adulau/status/1281548941742485504)) +---- +RT @bascule: @ausernamedjosh I like the James Mickens version of this take https://www.usenix.org/system/files/1401_08-12_mickens.pdf ![](media/1281698822842982401-EckwazcUwAAsAib.png) + +(Originally on Twitter: [Fri Jul 10 21:16:26 +0000 2020](https://twitter.com/adulau/status/1281698822842982401)) +---- +@msuiche It remembers me when we worked on @MISPProject and Microsoft released Interflow. And finally, what stayed, an open source project with a community. So building a community on an open source project is more viable on the long run. @vloquet + +(Originally on Twitter: [Sat Jul 11 06:19:48 +0000 2020](https://twitter.com/adulau/status/1281835562568212481)) +---- +Really impressed with clever contributions to extend @MISPProject galaxy such as « The Segregation (or separation) of Duties (SoD) Matrix for CSIRTs, LEA and Judiciary » https://github.com/cudeso/SoD-Matrix @cudeso made a tremendous contribution. ![](media/1281844245683478528-EcoF6d0XoAEgpN5.jpg) + +(Originally on Twitter: [Sat Jul 11 06:54:18 +0000 2020](https://twitter.com/adulau/status/1281844245683478528)) +---- +RT @belathoud: +1 + +Beyond openness, the actual strength of any open-source initiative stays in its community. That's the key :-) https://t.… + +(Originally on Twitter: [Mon Jul 13 09:52:00 +0000 2020](https://twitter.com/adulau/status/1282613740630933506)) +---- +RT @therealsaumil: Download the ARM-X Preview VM if you want to play with Tenda AC15 vulns. + +https://armx.exploitlab.net/docs/emulating-tenda-ac15.html + +https://t.co/b4usFCh… + +(Originally on Twitter: [Tue Jul 14 08:55:54 +0000 2020](https://twitter.com/adulau/status/1282962010385403912)) +---- +RT @circl_lu: A CVSS 10.0 vulnerability in Microsoft DNS server implementation has been published, remote code execution is possible. Worka… + +(Originally on Twitter: [Tue Jul 14 18:20:26 +0000 2020](https://twitter.com/adulau/status/1283104079506538501)) +---- +@alexanderjaeger @_saadk Aren’t people running <add your favorite software> on their Domain Controllers? + +(Originally on Twitter: [Tue Jul 14 20:16:08 +0000 2020](https://twitter.com/adulau/status/1283133196713033730)) +---- +There are many positive effects on "meow". One is killing the market of "cybersecurity" companies doing buzz about open database for selling services. + +(Originally on Twitter: [Mon Jul 27 08:56:29 +0000 2020](https://twitter.com/adulau/status/1287673201892499456)) +---- +@y0m As you can see in my tweet, I didn't say it was "cyberattack" ;-) + +(Originally on Twitter: [Mon Jul 27 10:14:16 +0000 2020](https://twitter.com/adulau/status/1287692776428249090)) +---- +RT @Timo_Steffens: Finally! The English version of "Attribution of Advanced Persistent Threats" is available for Kindle! Hardcover will fol… + +(Originally on Twitter: [Mon Jul 27 11:41:37 +0000 2020](https://twitter.com/adulau/status/1287714755709407233)) +---- +@jpmens Again a good example how @hintjens was right about being open to accept pull-requests and contribution to build an active community out of an open source project. http://www.foo.be/docs-free/social-architecture/book.pdf + +(Originally on Twitter: [Mon Jul 27 12:45:18 +0000 2020](https://twitter.com/adulau/status/1287730785508904960)) +---- +RT @d4_project: "Wondering how to analyse all the network captures (pcaps) from D4 without using a massive amount of disk: give pcapdj a tr… + +(Originally on Twitter: [Tue Jul 28 09:43:06 +0000 2020](https://twitter.com/adulau/status/1288047320920096769)) +---- +RT @MISPProject: MISP 2.4.129 released including merge event improved, event block rule system, security fixes and many bugs fixed. + +https:… + +(Originally on Twitter: [Tue Jul 28 11:35:25 +0000 2020](https://twitter.com/adulau/status/1288075583583387648)) +---- +RT @JusticeRage: We're very happy that this research is released: https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ +In it, @felixaime, @securechicken and I discuss t… + +(Originally on Twitter: [Tue Jul 28 20:20:13 +0000 2020](https://twitter.com/adulau/status/1288207654700154882)) +---- +RT @d4_project: version v0.2 of the Passive DNS analyser for @d4_project has been released with various installation fixes. https://t.co/Ay… + +(Originally on Twitter: [Wed Jul 29 08:39:01 +0000 2020](https://twitter.com/adulau/status/1288393580667645954)) +---- +"A fast disassembler which is accurate enough for the resulting assembly code to be reassembled." At least this could reduce the classical waste of time spent to reassemble a larger disassembled ELF with dirty tricks. + +https://github.com/GrammaTech/ddisasm + +(Originally on Twitter: [Wed Jul 29 08:55:26 +0000 2020](https://twitter.com/adulau/status/1288397710194810880)) +---- +@MaliciaRogue Je ne sais pas pourquoi mais je sens que cette souveraineté va passer par des acteurs du logiciel propriétaire plutôt que ceux du logiciel libre... + +(Originally on Twitter: [Wed Jul 29 12:29:56 +0000 2020](https://twitter.com/adulau/status/1288451693475016704)) +---- +@MaliciaRogue Courage pour cette aventure ! + +(Originally on Twitter: [Wed Jul 29 12:41:48 +0000 2020](https://twitter.com/adulau/status/1288454680826335232)) +---- +@martijn_grooten @MaliciaRogue @_saadk Just a sample of what I’m reading or just read in the past 10 days (titles in the image description). My sanity can only be satisfied with a continuous stream of reading. One of the book is a gift. The others came from my compulsive book acquisition disorder. ![](media/1288740617774915586-EeKFckqWsAA8Q1c.jpg) + +(Originally on Twitter: [Thu Jul 30 07:38:01 +0000 2020](https://twitter.com/adulau/status/1288740617774915586)) +---- +@zmanion If you have access to the last draft version, we can make an @ietf Internet-Draft to avoid the locking of @isostandards - IETF documents are freely accessible. @1sand0s @k8em0 + +(Originally on Twitter: [Thu Jul 30 08:04:45 +0000 2020](https://twitter.com/adulau/status/1288747343324622849)) +---- +@_saadk @martijn_grooten @MaliciaRogue @Ko97551819 So basically a psychiatric hospital with good books and great food. I'm in. + +(Originally on Twitter: [Thu Jul 30 08:05:46 +0000 2020](https://twitter.com/adulau/status/1288747602633162752)) +---- +RT @javagrifter: I saved my company 100k a month by switching from AWS to Localhost! 💪🏻💻🤳🏻 + +(Originally on Twitter: [Thu Jul 30 13:45:52 +0000 2020](https://twitter.com/adulau/status/1288833191730728965)) +---- +@SushiDude @WeldPond @k8em0 @1sand0s @zmanion @ietf @isostandards @OECD Then another option would be to publish it via @FIRSTdotOrg publicly which can give some weight in the document and then a fast track publication process can be even done towards @ITU at a later stage. + +(Originally on Twitter: [Thu Jul 30 17:26:26 +0000 2020](https://twitter.com/adulau/status/1288888695517589504)) +---- +@k8em0 @SushiDude @WeldPond @1sand0s @zmanion @ietf @isostandards @OECD @FIRSTdotOrg @ITU If the NTIA documents are the reference ones and freely accessible, all good then. + +(Originally on Twitter: [Thu Jul 30 17:44:34 +0000 2020](https://twitter.com/adulau/status/1288893259457146881)) +---- +I’m still impressed by the number of projects with administrative tasks which cannot track the document revision properly and refuse to use git. I think it’s because they are still stuck with binary formats for their document. Moving to Markdown and git is often a huge gain. + +(Originally on Twitter: [Fri Jul 31 05:37:15 +0000 2020](https://twitter.com/adulau/status/1289072612577087493)) +---- +RT @MISPProject: Creating a MISP Galaxy, 101 by @cudeso - a great introduction if you want to expand MISP with your own matrix-like galaxy… + +(Originally on Twitter: [Fri Jul 31 07:54:53 +0000 2020](https://twitter.com/adulau/status/1289107250322313216)) +---- +RT @_saadk: When one of my shades meets the artsy side of @adulau. + +I love his ‘Black of Waves’ painting and I’m glad that it is now sittin… + +(Originally on Twitter: [Sat Aug 01 20:19:12 +0000 2020](https://twitter.com/adulau/status/1289656952478240771)) +---- +RT @smeriot: Le CSIRT d'@OVHcloud recherche un devops passionné pour travailler sur #MISP, la collecte, le stockage et la production d'#IoC… + +(Originally on Twitter: [Wed Aug 05 08:06:32 +0000 2020](https://twitter.com/adulau/status/1290922122223722496)) +---- +"Distributed Security Framework for Reliable Threat Intelligence Sharing" Extending @MISPProject open standard format to audit the provenance of threat intelligence. #ThreatHunting + +https://www.hindawi.com/journals/scn/2020/8833765/ ![](media/1291025281248100353-EeqkZQCXYAYrNJv.png) + +(Originally on Twitter: [Wed Aug 05 14:56:27 +0000 2020](https://twitter.com/adulau/status/1291025281248100353)) +---- +RT @AdmVonSchneider: Another tool in the same problem space as #VxSig: +https://github.com/arieljt/VTCodeSimilarity-YaraGen + +This is not entirely dissimilar to https://… + +(Originally on Twitter: [Wed Aug 05 14:59:55 +0000 2020](https://twitter.com/adulau/status/1291026152979681281)) +---- +@danusminimus You don't need one per se on @MISPProject but it's just more convenient for resetting password or alike. You can contact @circl_lu who is managing various sharing communities. + +(Originally on Twitter: [Wed Aug 05 15:03:56 +0000 2020](https://twitter.com/adulau/status/1291027162376667139)) +---- +@K1ng__J0hn 2K IOCs is just fine even on a Raspberry Pi ;-) Did it work? + +(Originally on Twitter: [Wed Aug 05 15:05:23 +0000 2020](https://twitter.com/adulau/status/1291027526278668290)) +---- +RT @bry_campbell: ![](media/1291256185161646085-Eer1F8HXoAEOwNi.jpg) + +(Originally on Twitter: [Thu Aug 06 06:13:59 +0000 2020](https://twitter.com/adulau/status/1291256185161646085)) +---- +"Forensic Writer Identification Using Microblogging Texts" #DFIR Sometime acquiring a public dataset from @Twitter can be a challenge and redistributing the dataset is not even possible. How are researchers supposed to do ? a good example in this paper. +https://arxiv.org/pdf/2008.01533.pdf ![](media/1291258820010881025-Eet4Qx4XsAI95YF.png) + +(Originally on Twitter: [Thu Aug 06 06:24:27 +0000 2020](https://twitter.com/adulau/status/1291258820010881025)) +---- +RT @tricaud: The first time I gave a presentation about pCraft, this was a 5 mn lightning talk at @hack_lu and people like @xme gave me ama… + +(Originally on Twitter: [Sun Aug 09 18:27:15 +0000 2020](https://twitter.com/adulau/status/1292527878953893888)) +---- +@asfakian Enjoy and relax ;-) + +(Originally on Twitter: [Sun Aug 09 20:30:17 +0000 2020](https://twitter.com/adulau/status/1292558843982106627)) +---- +RT @circl_lu: Together with @hack_lu we organise the Open Source Security Software Hackathon 0x4 is a 2-day virtual open hackathon (26-27 A… + +(Originally on Twitter: [Mon Aug 10 09:52:06 +0000 2020](https://twitter.com/adulau/status/1292760629149933568)) +---- +I knew Putty was a disaster as an OpenSSH client but a solar flare, it’s a huge threat nowadays. ![](media/1292863528190320643-EfEsOqPXYAcOeC7.jpg) + +(Originally on Twitter: [Mon Aug 10 16:41:00 +0000 2020](https://twitter.com/adulau/status/1292863528190320643)) +---- +RT @zh4ck: The ARM IoT Exploit Laboratory by @therealsaumil was excellent. I really liked that all the weird things were explained instead… + +(Originally on Twitter: [Tue Aug 11 05:50:36 +0000 2020](https://twitter.com/adulau/status/1293062237461020672)) +---- +RT @FVT: Damn you @adulau you've given away the next openssh vulnerability marketing name + +That was supposed to be a secret https://t.co/pp… + +(Originally on Twitter: [Tue Aug 11 06:42:48 +0000 2020](https://twitter.com/adulau/status/1293075376189640704)) +---- +@rafi0t There is a fundamental question here. Do you prefer to keep the media space empty? Only hear the voice of the incompetent and fascist shooting in the media space? or having imperfect alternatives trying to overcome the current flow of hate and social disinformation? + +(Originally on Twitter: [Wed Aug 12 08:38:30 +0000 2020](https://twitter.com/adulau/status/1293466879802200064)) +---- +@cbrocas Take care! Skating is the art of breaking bones not hearts ;-) + +(Originally on Twitter: [Thu Aug 13 05:12:18 +0000 2020](https://twitter.com/adulau/status/1293777377068294145)) +---- +@_saadk @Jipe_ I think it’s a direct critic of the members of the EU parliament who voted the Directive 2002/58. I always remember the legal guy who complained about a static website I managed about missing cookies warning for a website without cookies... + +(Originally on Twitter: [Thu Aug 13 07:08:51 +0000 2020](https://twitter.com/adulau/status/1293806706670080000)) +---- +@Jipe_ If the publisher had a tag, you can filter out these. Maybe the best option is to ensure that the publisher is tagging the origin of the information (osint:source-type="automatic-analysis" or cssa:origin="sandbox") & the receiving party can decide to do whatever they like with it + +(Originally on Twitter: [Thu Aug 13 07:34:51 +0000 2020](https://twitter.com/adulau/status/1293813251160125440)) +---- +@jfslowik It's the only opportunity to read man pages from a to z. + +(Originally on Twitter: [Thu Aug 13 12:59:47 +0000 2020](https://twitter.com/adulau/status/1293895023080202240)) +---- +I love when having a chat with someone clever, I rediscovered where I learned a lot. Obviously skateboarding is one of the activity which sounds like a “sport” but it’s not. It’s way to understand the space around you and deal with that space. + +(Originally on Twitter: [Thu Aug 13 20:19:38 +0000 2020](https://twitter.com/adulau/status/1294005715066073090)) +---- +Missing your webcam cover, a good ficus benjamina could perfectly do the job. ![](media/1294236730674094080-EfYM4zBXsAAN4pp.jpg) + +(Originally on Twitter: [Fri Aug 14 11:37:37 +0000 2020](https://twitter.com/adulau/status/1294236730674094080)) +---- +@sk0ll1 @Ko97551819 The person is known to change name frequently depending to who the person talks to. + +(Originally on Twitter: [Fri Aug 14 12:23:13 +0000 2020](https://twitter.com/adulau/status/1294248210127560704)) +---- +@sk0ll1 @Ko97551819 and let me know if we should add this person in the @MISPProject threat actor galaxy https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json ;-) + +(Originally on Twitter: [Fri Aug 14 12:39:04 +0000 2020](https://twitter.com/adulau/status/1294252198633844741)) +---- +Why such data would be deleted? How do you reclassify unwanted content if it’s deleted? Evidences for law enforcement? Undelete on request from the users? There is no simple answer and privacy is just one aspect. Maybe one day article will be balanced. + +https://mobile.twitter.com/threatpost/status/1294264612079259648 + +(Originally on Twitter: [Sat Aug 15 06:49:51 +0000 2020](https://twitter.com/adulau/status/1294526700127125504)) +---- +@sergedroz Indeed but I see a huge paradox of @threatpost surfing on such announce while at the same time they give their viewers data to brokers compared to instagram having some legitimate use-cases. But life is full of paradox ;-) + +(Originally on Twitter: [Sat Aug 15 07:31:30 +0000 2020](https://twitter.com/adulau/status/1294537183441948672)) +---- +RT @robperdisci: Coming soon at @IEEEEUROSP 2020: "IoTFinder: Efficient Large-Scale Identification of IoT Devices via Passive DNS Traffic A… + +(Originally on Twitter: [Sun Aug 16 07:46:44 +0000 2020](https://twitter.com/adulau/status/1294903404909727744)) +---- +RT @_can1357: I've decided to publish my VMProtect devirtualizer working for every 3.x version up to the latest 3.6 along with the experime… + +(Originally on Twitter: [Mon Aug 17 06:25:06 +0000 2020](https://twitter.com/adulau/status/1295245247220461574)) +---- +RT @r3c0nst: ATM.Malware.Loup is a small cli-tool to cash out #NCR devices. Code was uploaded from Egypt to VT. Looks more like a poc then… + +(Originally on Twitter: [Mon Aug 17 12:49:03 +0000 2020](https://twitter.com/adulau/status/1295341875000414210)) +---- +No sure about you. But packing all the bad news in a single day is better, so if you have a bad news for me, shout, it’s the day. + +(Originally on Twitter: [Mon Aug 17 15:43:25 +0000 2020](https://twitter.com/adulau/status/1295385752474451971)) +---- +@FVT This one is a kind of good news for our galaxy ;-) + +(Originally on Twitter: [Mon Aug 17 15:45:41 +0000 2020](https://twitter.com/adulau/status/1295386325936484353)) +---- +RT @0xAcid: I spent a few weeks at @quarkslab digging into the field of whiteboxes. I thought that sharing my journey from 0-knowledge to b… + +(Originally on Twitter: [Tue Aug 18 12:44:03 +0000 2020](https://twitter.com/adulau/status/1295703002821677058)) +---- +"SoK: Why Johnny Can't Fix PGP Standardization" #OpenPGP back to the core problem. The management of keys in a decentralized model. + +https://arxiv.org/abs/2008.06913 ![](media/1295703634269876225-EftDEloXoAAemJL.png) + +(Originally on Twitter: [Tue Aug 18 12:46:34 +0000 2020](https://twitter.com/adulau/status/1295703634269876225)) +---- +@H_Miser @ddouhine @Air_Loren + + +media/1295746042722488321-EftqJwRXsAEW_hw.mp4 + +(Originally on Twitter: [Tue Aug 18 15:35:05 +0000 2020](https://twitter.com/adulau/status/1295746042722488321)) +---- +Do you think the Stockholm syndrome can apply for ransomware situation? + +(Originally on Twitter: [Wed Aug 19 12:52:30 +0000 2020](https://twitter.com/adulau/status/1296067518168211461)) +---- +RT @circl_lu: Next release of the AIL project includes the ability to use @yararules directly in AIL just like set, regexp or words match.… + +(Originally on Twitter: [Wed Aug 19 13:03:34 +0000 2020](https://twitter.com/adulau/status/1296070303706230784)) +---- +@fredraynal I was maybe expecting a bit of romance in the cruel world of ransomware. + +(Originally on Twitter: [Wed Aug 19 13:08:52 +0000 2020](https://twitter.com/adulau/status/1296071634919579649)) +---- +RT @MSwannMSFT: @ollieatnccgroup Another option is to generate passwords that are partial hash collisions, so you can search for leaked pas… + +(Originally on Twitter: [Thu Aug 20 06:06:21 +0000 2020](https://twitter.com/adulau/status/1296327693294809088)) +---- +@Ko97551819 + + +media/1296371755360149504-Ef2jPJdXYAAQKxs.mp4 + +(Originally on Twitter: [Thu Aug 20 09:01:26 +0000 2020](https://twitter.com/adulau/status/1296371755360149504)) +---- +@thepacketrat Yep it’s @Lipton not sure what’s worst + +(Originally on Twitter: [Thu Aug 20 14:24:00 +0000 2020](https://twitter.com/adulau/status/1296452930636263424)) +---- +RT @tiraniddo: Just uploaded a simple tool to quickly dump all* Reparse Points on an NTFS volume through the $Extend\$Reparse directory. *… + +(Originally on Twitter: [Fri Aug 21 07:30:26 +0000 2020](https://twitter.com/adulau/status/1296711243403792384)) +---- +@le_quotidien_lu Il serait temps d'arrêter de promouvoir la destruction des nids de guêpes et frelons. Ce sont des auxiliaires utiles pour assurer une stabilité dans les écosystèmes. + +(Originally on Twitter: [Fri Aug 21 08:47:06 +0000 2020](https://twitter.com/adulau/status/1296730537361645568)) +---- +@arnaudsoullie @le_quotidien_lu Les risques sont vraiment négligeables... c'est souvent de la peur plutôt que de la rationalité. J'ai eu deux nids de frelon (vespa crabro) sur la terrasse. L'alternative c'est d'observer, de comprendre comment ils fonctionnent et avoir une attitude logique. + +(Originally on Twitter: [Fri Aug 21 11:40:30 +0000 2020](https://twitter.com/adulau/status/1296774172551647233)) +---- +Don’t forget the definition of OSINT for some is « information deliberately disclosed or disseminated to an audience » so this can change a bit the perspective... ![](media/1296793517423984643-Ef8giZ4XYAEyhve.jpg) + +(Originally on Twitter: [Fri Aug 21 12:57:22 +0000 2020](https://twitter.com/adulau/status/1296793517423984643)) +---- +@arnaudsoullie @le_quotidien_lu Oui rendre difficile je peux comprendre mais la destruction ne va résoudre ce problème car elles chassent souvent sur un territoire plus large et pas proche du nid. C’est aussi assez évocateur du manque d’autres insectes (elles sont carnivores) si tu les vois souvent. + +(Originally on Twitter: [Fri Aug 21 13:00:20 +0000 2020](https://twitter.com/adulau/status/1296794262756106241)) +---- +RT @MISPProject: MISP 2.4.130 released with various fixes, performance improvements and new features. #threatintel #threatintelligence + +ht… + +(Originally on Twitter: [Fri Aug 21 13:16:57 +0000 2020](https://twitter.com/adulau/status/1296798444921729028)) +---- +RT @Frikkylikeme: I just got @github sponsors set up 🥳 + +If you'd like to see @shuffleio become the best security automation platform out th… + +(Originally on Twitter: [Sun Aug 23 09:31:39 +0000 2020](https://twitter.com/adulau/status/1297466525063041024)) +---- +@xme oops take care! + +(Originally on Twitter: [Sun Aug 23 16:09:13 +0000 2020](https://twitter.com/adulau/status/1297566572287074307)) +---- +Using Word by email with this crappy track changes is obviously the best way to loose text, add loophole in text or hide issues. Git with text files (like Markdown) provides a proper history, audit trails and many other advantages. + + +media/1297782200285507584-EgKmBxNWoAIljkn.mp4 + +(Originally on Twitter: [Mon Aug 24 06:26:02 +0000 2020](https://twitter.com/adulau/status/1297782200285507584)) +---- +RT @bagder: Thou shalt not judge a project by the security flaws it reports, but on the way it handles them! (slide from a coming presentat… + +(Originally on Twitter: [Mon Aug 24 06:26:15 +0000 2020](https://twitter.com/adulau/status/1297782254295539712)) +---- +@LimorElbaz @Peerlyst Will you provide a full data dump ? it could help people like @internetarchive ? cc @ClausHoumann Thanks a lot for your work + +(Originally on Twitter: [Mon Aug 24 06:45:19 +0000 2020](https://twitter.com/adulau/status/1297787052856152065)) +---- +RT @MISPProject: New MISP galaxy "ASPI's China Defence University Tracker: Database of Chinese institutions engaged in military or security… + +(Originally on Twitter: [Mon Aug 24 08:18:26 +0000 2020](https://twitter.com/adulau/status/1297810484876451840)) +---- +@belathoud Indeed Manubot is really good at handling the painful process of citation when writing a paper. + +(Originally on Twitter: [Mon Aug 24 08:30:51 +0000 2020](https://twitter.com/adulau/status/1297813611952381952)) +---- +@OSUCISOHelen Logging + +(Originally on Twitter: [Mon Aug 24 18:29:19 +0000 2020](https://twitter.com/adulau/status/1297964221146300418)) +---- +@Iglocska I have officially lost all my sanity, not due to #COVID19 but while using systemd in these past hours. + + +media/1298292262997295104-EgR165BXoAIDdIQ.mp4 + +(Originally on Twitter: [Tue Aug 25 16:12:51 +0000 2020](https://twitter.com/adulau/status/1298292262997295104)) +---- +@Iglocska We just need to find a hotel in the woods, put systemd there and chase it until the hotel is reduced to ashes. + +(Originally on Twitter: [Tue Aug 25 16:15:34 +0000 2020](https://twitter.com/adulau/status/1298292945976725504)) +---- +RT @abuse_ch: Two Conti ransomware samples shared by @Dashowl on MalwareBazaar: + +https://bazaar.abuse.ch/sample/c14f8bc656284715516f26935afe487a1d584f56ffabbcb98f2974f6ca6cd3a4 +https://bazaar.abuse.ch/sample/1ef1ff8b1e81815d13bdd293554ddf8b3e57490dd3ef4add7c2837ddc67f9c24/ https://t.… + +(Originally on Twitter: [Thu Aug 27 06:38:14 +0000 2020](https://twitter.com/adulau/status/1298872432124735489)) +---- +@chrisrockhacker @TC_Johnson @bryanmcaninch What’s the licensing model of SIEMonster? + +(Originally on Twitter: [Thu Aug 27 06:41:11 +0000 2020](https://twitter.com/adulau/status/1298873173170151424)) +---- +When you are talking about the victims of a ransomware group and mentioning that the victims paid the ransom to get back their files, you are advertising their business. You are then part of the criminal scheme. Even if you don’t like it, you are their advertiser. + +(Originally on Twitter: [Thu Aug 27 07:42:55 +0000 2020](https://twitter.com/adulau/status/1298888709916459008)) +---- +Why this tweet? I got a call from a journalist and I told him my answer will be summarized in a tweet. + +(Originally on Twitter: [Thu Aug 27 07:49:26 +0000 2020](https://twitter.com/adulau/status/1298890350489149441)) +---- +@ju916 It’s super « easy » but less reader attractive. Do deep analysis of the ransomware business and how it works and especially what’s the best strategies for companies to limit the risks. But listing victims with what they paid is counterproductive (except for the ransom groups). + +(Originally on Twitter: [Thu Aug 27 08:53:14 +0000 2020](https://twitter.com/adulau/status/1298906406314221574)) +---- +@ju916 Comparing to vulnerability disclosure... not sure I follow your argumentation. Can you point me to one of your article about ransomware? It's maybe better for understanding your approach. + +(Originally on Twitter: [Thu Aug 27 09:07:19 +0000 2020](https://twitter.com/adulau/status/1298909952166318080)) +---- +@ju916 I quickly read it (my German is flaky ;-). It's exhaustive and quite factual. The journalist I got on the phone wanted to list which victims paid and who got back their files in a national media without further (or too much) explanation. IMHO it's not comparable to your article. + +(Originally on Twitter: [Thu Aug 27 09:27:19 +0000 2020](https://twitter.com/adulau/status/1298914981916876800)) +---- +RT @sergedroz: @adulau Sad fact: Governments are compliant: Ransoms are tax deductible: https://www.forbes.com/sites/robertwood/2017/05/16/if-you-pay-ransom-write-it-off-on-your-taxes/ + +And this is very bad! + +(Originally on Twitter: [Thu Aug 27 09:53:41 +0000 2020](https://twitter.com/adulau/status/1298921620455559170)) +---- +We just published an updated version of the @MISPProject standard core format. The updates only include new types like vhash or sha3. The standard is stable from the past years and easily extensible without modifying this core format. #ThreatIntelligence +https://tools.ietf.org/html/draft-dulaunoy-misp-core-format-11 + +(Originally on Twitter: [Thu Aug 27 17:06:55 +0000 2020](https://twitter.com/adulau/status/1299030646195654664)) +---- +RT @maddiestone: I’m really fucking tired. On average, about every week I receive some message about how I’m “unskilled”, “P0’s biggest mis… + +(Originally on Twitter: [Thu Aug 27 17:24:29 +0000 2020](https://twitter.com/adulau/status/1299035068124606472)) +---- +RT @ydklijnsma: Add to this: if you hype up these criminal’s business when they announce a new victim you are now the PR person for a crimi… + +(Originally on Twitter: [Thu Aug 27 18:01:38 +0000 2020](https://twitter.com/adulau/status/1299044414829006848)) +---- +@thierryzoller Because it’s a proof that a group can deliver the service (aka decrypt your files) and then victims tend to choose the easiest path. Then you continue to fund their business and more are jumping in the market. + +(Originally on Twitter: [Thu Aug 27 19:09:00 +0000 2020](https://twitter.com/adulau/status/1299061368730144771)) +---- +RT @Iglocska: Some people try to change the world, some try to tick checkboxes. + +(Originally on Twitter: [Fri Aug 28 07:53:27 +0000 2020](https://twitter.com/adulau/status/1299253750926848000)) +---- +RT @ail_project: With the new version of AIL, correlation between twitter users and telegram users is by default. Below an example of someo… + +(Originally on Twitter: [Fri Aug 28 09:52:48 +0000 2020](https://twitter.com/adulau/status/1299283785020735488)) +---- +@Pa0x73cal @MaliciaRogue @ANSSI_FR Et ils vont les remplacer par du ZTE ;-) + +(Originally on Twitter: [Fri Aug 28 12:54:29 +0000 2020](https://twitter.com/adulau/status/1299329506222768129)) +---- +RT @decalage2: SpuriousEmu is a new experimental project by @ldbo_ to parse and interpret malicious VBA macros, in order to analyse their b… + +(Originally on Twitter: [Fri Aug 28 14:02:20 +0000 2020](https://twitter.com/adulau/status/1299346580231905281)) +---- +Huge thank you to @___wr___ for the pull-request in ssldump to refresh the build part which was ancient. He did this during the @hack_lu / @circl_lu hackathon. https://github.com/adulau/ssldump/pull/31 A new release of ssldump is foreseen in the next days. + + +media/1299618629504446470-EgksQFsWkAAtXBX.mp4 + +(Originally on Twitter: [Sat Aug 29 08:03:21 +0000 2020](https://twitter.com/adulau/status/1299618629504446470)) +---- +RT @Ko97551819: Morning thoughts about learning for beginners to advanced people! +- make your knowledge repeatable, applicable on many top… + +(Originally on Twitter: [Sat Aug 29 08:07:50 +0000 2020](https://twitter.com/adulau/status/1299619757440880640)) +---- +@Ko97551819 @therealsaumil @pinkflawd @barbieauglend @44CON @42born2code IMHO a great advantage to make your knowledge accessible, it is to share new explanation paths and often discover some bias or shortcuts you used in the past. It’s a gain for everyone. + +(Originally on Twitter: [Sat Aug 29 09:50:13 +0000 2020](https://twitter.com/adulau/status/1299645523301773314)) +---- +RT @felixaime: #DeathStalker aka. #Deceptikons is one of the intrusion sets doing some flase flags, such as deploying false (old.) #Sofacy… + +(Originally on Twitter: [Sat Aug 29 14:41:56 +0000 2020](https://twitter.com/adulau/status/1299718934644641799)) +---- +@thedarktangent @BCSecurity1 @infoconorg Hosting/archiving the videos on the long term can be a challenge. @Ministraitor what do you think of Jeff initiative and how we can do it for arching your huge collection of video materials from infosec con? + +(Originally on Twitter: [Mon Aug 31 05:43:10 +0000 2020](https://twitter.com/adulau/status/1300308125292154881)) +---- +Nowadays the boundary between disclosing a vulnerability to a vendor and finding the right broker where to sell vulnerabilities, it’s just thin ice. Again the economical incentive drives the market... luckily many researchers go the ethical way. + +https://mobile.twitter.com/SecuriTeam_SSD/status/1300016510522531840 + +(Originally on Twitter: [Mon Aug 31 07:21:32 +0000 2020](https://twitter.com/adulau/status/1300332879491346432)) +---- +RT @Ministraitor: @adulau @thedarktangent @BCSecurity1 @infoconorg I send my public videos privately to a repository at @_nikhef and @infoc… + +(Originally on Twitter: [Mon Aug 31 08:28:47 +0000 2020](https://twitter.com/adulau/status/1300349806410452992)) +---- +@darktracer_int Which backend do you use for the correlation? It sounds cool. + +(Originally on Twitter: [Mon Aug 31 14:07:11 +0000 2020](https://twitter.com/adulau/status/1300434964492750850)) +---- +@redsandbl4ck @MISPProject Let us know if you want to discuss with us the idea. We have an open issue for a feature request https://github.com/MISP/MISP/issues/6261 feel free to comment. The decaying indicator functionality can be already a good basis. + +(Originally on Twitter: [Tue Sep 01 07:12:57 +0000 2020](https://twitter.com/adulau/status/1300693107021942784)) +---- +"a new off-path TCP hijacking attack that can be used to terminate victim TCP connections or inject forged data into victim TCP connections " The paper is really interesting and they implemented a new IPID assignment proposal for Linux. https://arxiv.org/abs/2008.12981 ![](media/1300729724516421632-Eg0eVOJWoAIKo9E.png) + +(Originally on Twitter: [Tue Sep 01 09:38:27 +0000 2020](https://twitter.com/adulau/status/1300729724516421632)) +---- +@cbrocas @Regiteric It's not trivial as you need to first be able to spoof packets (so you need a "friendly" operator but it exists ;-) then to downgrade the IPID assignment with some ICMP packets (which could be filtered too). But the attack scenario is possible but higher layers could catch it. ![](media/1300736441341927424-Eg0kYrMXkAIoa1P.jpg) + +(Originally on Twitter: [Tue Sep 01 10:05:08 +0000 2020](https://twitter.com/adulau/status/1300736441341927424)) +---- +@Ko97551819 @therealsaumil I just hope it was organic soybeans and not the Roundup Ready soybean ;-) + + +media/1300880257260621827-Eg2nsd4XgAAUAw5.mp4 + +(Originally on Twitter: [Tue Sep 01 19:36:37 +0000 2020](https://twitter.com/adulau/status/1300880257260621827)) +---- +@SkelSec Pending in the vendor queue. + +(Originally on Twitter: [Tue Sep 01 20:18:33 +0000 2020](https://twitter.com/adulau/status/1300890811467534337)) +---- +RT @herbertbos: @adulau Yes, cool work, this one. I love this consistent stream of new approaches to do tcp hijacking, using challenge ac… + +(Originally on Twitter: [Tue Sep 01 20:32:45 +0000 2020](https://twitter.com/adulau/status/1300894383282290690)) +---- +The most interesting and funny part of the @DGSEfr twitter account is the following list ;-) ![](media/1301065776309448705-Eg5PqsZWsAELAyC.png) + +(Originally on Twitter: [Wed Sep 02 07:53:48 +0000 2020](https://twitter.com/adulau/status/1301065776309448705)) +---- +RT @ail_project: We are currently adding new YARA rules for classified materials. https://github.com/ail-project/ail-yara-rules/blob/master/rules/classified/us.yar if you know some good references… + +(Originally on Twitter: [Wed Sep 02 09:18:07 +0000 2020](https://twitter.com/adulau/status/1301086997507903488)) +---- +Every time I run a container and trying to understand how the stuff really works, I end up doing some digital forensic on the container file system. Is it me or all containers are a kind of training material for #DFIR? + +(Originally on Twitter: [Wed Sep 02 17:16:40 +0000 2020](https://twitter.com/adulau/status/1301207428579631105)) +---- +@Nedfire23 use a VPN ;-) + +(Originally on Twitter: [Wed Sep 02 17:30:45 +0000 2020](https://twitter.com/adulau/status/1301210970438733827)) +---- +"Java Cryptography Uses in the Wild" + +85% of cryptographic APIs are misused in Java project. The discussions included in the paper give some insightful views on the social aspects of this. + +https://arxiv.org/abs/2009.01101 +https://arxiv.org/pdf/2009.01101.pdf +Dataset: http://crypto-explorer.com/cryptomine/ ![](media/1301473335365246981-Eg_B7HpWoAIVwt5.png) + +(Originally on Twitter: [Thu Sep 03 10:53:18 +0000 2020](https://twitter.com/adulau/status/1301473335365246981)) +---- +@ValeryMarchive @ffforward @Supre31539665 @stoerchl @AdamTheAnalyst @malwrhunterteam @JAMESWT_MHT @James_inthe_box @VK_Intel @kyleehmke @cocaman @kilijanek @lazyactivist192 @BushidoToken @bash0x00 @Jan0fficial @gcorelabs Ah the "famous ISP" moving across countries... drop an email to @circl_lu will have a look ;-) But I'm betting we already sent the notification to them. + +(Originally on Twitter: [Thu Sep 03 10:54:27 +0000 2020](https://twitter.com/adulau/status/1301473627796385793)) +---- +RT @markrussinovich: Coming soon in Sysmon: clipboard change capture to help defenders retrieve attacker RDP file and command drops, includ… + +(Originally on Twitter: [Fri Sep 04 05:20:50 +0000 2020](https://twitter.com/adulau/status/1301752055900647424)) +---- +If you run GnuPG, patch https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html even if it’s Friday. + +(Originally on Twitter: [Fri Sep 04 16:50:47 +0000 2020](https://twitter.com/adulau/status/1301925687515906049)) +---- +@secrisk @MITREattack This is great. Do you plan to release it under an open source license (instead of the freeware license)? It might be useful for integration with other open source tools. Thanks! + +(Originally on Twitter: [Fri Sep 04 18:33:30 +0000 2020](https://twitter.com/adulau/status/1301951536545882113)) +---- +@SecEvangelism You mean having a series in the evening which looks like the mess of the day ;-) + +(Originally on Twitter: [Fri Sep 04 18:58:06 +0000 2020](https://twitter.com/adulau/status/1301957727422484481)) +---- +@SecEvangelism We could do a full episode « evidence horror picture show ». + +(Originally on Twitter: [Fri Sep 04 19:01:34 +0000 2020](https://twitter.com/adulau/status/1301958601821519873)) +---- +@fsf Any reason why you forgot @bigbluebutton ? + +(Originally on Twitter: [Sat Sep 05 14:26:23 +0000 2020](https://twitter.com/adulau/status/1302251738699894786)) +---- +RT @pwnedmio: A blog post for guys interested in Qiling Framework. + +Cc: @qiling_io + +https://blog.lazym.io/2020/09/05/Dive-deeper-Analyze-real-mode-binaries-like-a-Pro-with-Qiling-Framework/ + +(Originally on Twitter: [Sun Sep 06 07:38:24 +0000 2020](https://twitter.com/adulau/status/1302511452520091648)) +---- +@message4bob @ERC_Research Great news! I’m sure you’ll find, share and publish new discoveries. + +(Originally on Twitter: [Sun Sep 06 09:29:18 +0000 2020](https://twitter.com/adulau/status/1302539361607716864)) +---- +@Timo_Steffens It’s indeed a good idea. We did this new feature called extended events in MISP to support competitive analysis of reports. My current experience is a lot of organisations don’t want to share their competitive analysis except in some closed communities. How can we improve there? + +(Originally on Twitter: [Sun Sep 06 15:14:06 +0000 2020](https://twitter.com/adulau/status/1302626132630679552)) +---- +@sashank_dara @Timo_Steffens The main concern (in my understanding without analysing this too much) is usually to show to unknown parties their real capabilities of analysis. + +(Originally on Twitter: [Sun Sep 06 18:46:25 +0000 2020](https://twitter.com/adulau/status/1302679566595567617)) +---- +Sometime you just need a new k-pop threat actor to fuzz your already messy threat actor database. Reminder for malware authors, don’t forget to put some k-pop references for improved attribution. + +Naming something fussy is often a way to make it real. + +https://mobile.twitter.com/BiellaColeman/status/1302736320041754627 + +(Originally on Twitter: [Mon Sep 07 05:21:31 +0000 2020](https://twitter.com/adulau/status/1302839393464602624)) +---- +@DuguinStephane @woodyatpch @Timo_Steffens @KajaCiglic @MarietjeSchaake Do you share your counter analysis publicly ? + +(Originally on Twitter: [Mon Sep 07 09:27:54 +0000 2020](https://twitter.com/adulau/status/1302901397306961920)) +---- +@woodyatpch @DuguinStephane @Timo_Steffens @KajaCiglic @MarietjeSchaake @CyberpeaceInst Thanks. Not sure we talk about the same thing, we talked about collaborative intelligence reports with comprehensive and counter analysis being reviewed by the community at large. + +(Originally on Twitter: [Mon Sep 07 15:13:25 +0000 2020](https://twitter.com/adulau/status/1302988350874365952)) +---- +@TU_CARE @asfakian Is there a specific reason to ask for PII in order to get the dataset? + +(Originally on Twitter: [Tue Sep 08 06:21:37 +0000 2020](https://twitter.com/adulau/status/1303216906724405254)) +---- +RT @Enno_Insinuator: Discovering Suspicious APT Behaviors by Analyzing DNS Activities +https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7038486/ ![](media/1303300907782807555-EhVjLFoWsAEz3mw.jpg) + +(Originally on Twitter: [Tue Sep 08 11:55:25 +0000 2020](https://twitter.com/adulau/status/1303300907782807555)) +---- +RT @TU_CARE: @adulau @asfakian Great Q! Yes! +1. Sector & reasons for request- report back to #NSF to demonstrate usefulness. +2. Name/email/… + +(Originally on Twitter: [Tue Sep 08 12:59:58 +0000 2020](https://twitter.com/adulau/status/1303317152158670850)) +---- +@TU_CARE @asfakian Thank you! It makes sense and I filled the form as @MISPProject I hope we can collaborate too. + +(Originally on Twitter: [Tue Sep 08 13:01:46 +0000 2020](https://twitter.com/adulau/status/1303317605470609408)) +---- +RT @FDezeure: The draft agenda for the 6th EU ATT&CK Community Workshop on 23 October is online: https://attack-community.org/event/. Super speakers an… + +(Originally on Twitter: [Tue Sep 08 15:55:49 +0000 2020](https://twitter.com/adulau/status/1303361407744868352)) +---- +RT @MISPProject: MISP 2.4.131 released (improvements, bug fixes and major update to JavaScript dependencies). + +https://www.misp-project.org/2020/09/08/MISP.2.4.131.released.html #Th… + +(Originally on Twitter: [Tue Sep 08 16:14:18 +0000 2020](https://twitter.com/adulau/status/1303366059538501633)) +---- +@Frikkylikeme Markdown and mermaid? https://mermaid-js.github.io/mermaid/#/ + +(Originally on Twitter: [Tue Sep 08 16:33:49 +0000 2020](https://twitter.com/adulau/status/1303370969617235969)) +---- +@ripencc Do you have any issue with the LIR portal? I got an error from an upstream proxy. + +(Originally on Twitter: [Wed Sep 09 10:07:34 +0000 2020](https://twitter.com/adulau/status/1303636154043039744)) +---- +@ripencc It seems that you fixed in the mean time. Thanks! + +(Originally on Twitter: [Wed Sep 09 11:09:50 +0000 2020](https://twitter.com/adulau/status/1303651824029839360)) +---- +Who said file parsing is hard? ![](media/1303720516382085131-Ehe9In-XkAMOJTR.jpg) + +(Originally on Twitter: [Wed Sep 09 15:42:47 +0000 2020](https://twitter.com/adulau/status/1303720516382085131)) +---- +@GunstickULM or let’s ask the customer to buy more consulting to fix our broken libraries. + +(Originally on Twitter: [Wed Sep 09 16:03:31 +0000 2020](https://twitter.com/adulau/status/1303725733303517192)) +---- +@japi999 @Aristot73 This is an effect of who is the main producer of reports. If there were incentives for more non-profit analysis and reporting, this could change the landscape. But it’s again a matter of diversity... + +(Originally on Twitter: [Thu Sep 10 06:56:55 +0000 2020](https://twitter.com/adulau/status/1303950564808691712)) +---- +RT @a66ot: We're happy to finally release vulnerabilities related to code execution on @ingenico POS terminals. Great job @A1ex_S @_Dmit an… + +(Originally on Twitter: [Thu Sep 10 11:08:59 +0000 2020](https://twitter.com/adulau/status/1304013997516169221)) +---- +If I have someone from the EU commission asking me why there is no innovation in Europe, I can easily reply « can we stop with the requirement to have a stamp on every single document to get a simple travel reimbursement» + + +media/1304019511264317441-EhjO09MXYAAYvrN.mp4 + +(Originally on Twitter: [Thu Sep 10 11:30:53 +0000 2020](https://twitter.com/adulau/status/1304019511264317441)) +---- +@cudeso Thanks for sharing. I remember reading the 4th edition but it was often very vague especially when talking about collection for example. Do you know if this improved in the 6th edition? + +(Originally on Twitter: [Thu Sep 10 12:43:59 +0000 2020](https://twitter.com/adulau/status/1304037907917934592)) +---- +RT @ItsReallyNick: Added #STRONTIUM election-related credential harvesting campaign "detection" to #AzureSentinel: https://github.com/Azure/Azure-Sentinel/blob/master/Detections/OfficeActivity/StrontiumCredHarvesting.yaml… + +(Originally on Twitter: [Fri Sep 11 05:04:09 +0000 2020](https://twitter.com/adulau/status/1304284573333889024)) +---- +RT @vxunderground: We've added a new paper: From a C project, through assembly, to shellcode by @hasherezade + +A vx-underground exclusive.… + +(Originally on Twitter: [Fri Sep 11 05:23:02 +0000 2020](https://twitter.com/adulau/status/1304289327518748672)) +---- +RT @chrisdoman: @kwm @MITREcorp Yup that's what https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json is - started with the spreadsheet and updated/maintained by the com… + +(Originally on Twitter: [Fri Sep 11 11:14:46 +0000 2020](https://twitter.com/adulau/status/1304377843221254144)) +---- +@likethecoins @kwm @MITREcorp We maintain parseable JSON with threat actors names, known/seen synonyms and metadata in @MISPProject galaxy which are reused by the community at large. https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json maybe you want to have a look at it? pull-requests are more than welcome ;-) + +(Originally on Twitter: [Fri Sep 11 11:19:27 +0000 2020](https://twitter.com/adulau/status/1304379022739206144)) +---- +RT @MISPProject: @r0wdy_ We maintain this mess in JSON files (known as MISP galaxy) including known synonyms and meta data for threat-actor… + +(Originally on Twitter: [Fri Sep 11 11:58:01 +0000 2020](https://twitter.com/adulau/status/1304388727238778880)) +---- +RT @kwm: Thanks, @MISPProject for pointing out misp-galaxy, which aims to address the issue of standardizing a wide variety of attributes u… + +(Originally on Twitter: [Fri Sep 11 12:36:18 +0000 2020](https://twitter.com/adulau/status/1304398361458626561)) +---- +@verac_m Courage... + + +media/1304399588405710848-EhoogOKXsAE9_iS.mp4 + +(Originally on Twitter: [Fri Sep 11 12:41:11 +0000 2020](https://twitter.com/adulau/status/1304399588405710848)) +---- +RT @VARIoT_project: VARIoT has been scanning the IPv4 Internet for Accessible CoAP services since mid-June 2020 - latest scans by @Shadowse… + +(Originally on Twitter: [Fri Sep 11 16:36:39 +0000 2020](https://twitter.com/adulau/status/1304458845893337089)) +---- +@Ko97551819 + + +media/1304461742462963714-EhphCNDWkAAh7L6.mp4 + +(Originally on Twitter: [Fri Sep 11 16:48:09 +0000 2020](https://twitter.com/adulau/status/1304461742462963714)) +---- +RT @quarkslab: Protections (Obfuscation, shielding...) and attacks (vulnerabilities, crypto...) are in our DNA when it comes to applicatio… + +(Originally on Twitter: [Sat Sep 12 11:33:41 +0000 2020](https://twitter.com/adulau/status/1304744989755310080)) +---- +When seeing this, I remember the management interface of a network device which was using Flash. Do you remember the brand/vendor ? My memory failed. + +https://mobile.twitter.com/FrankMcG/status/1304580513647210496 + +(Originally on Twitter: [Sat Sep 12 21:02:05 +0000 2020](https://twitter.com/adulau/status/1304888031984443397)) +---- +@pro_integritate Nice findings... Thanks for sharing. So it’s much more than I knew, cyberspace can be scary sometime. + +(Originally on Twitter: [Sun Sep 13 05:56:36 +0000 2020](https://twitter.com/adulau/status/1305022548153962498)) +---- +@NotLordByron The previous owner of the house had crappy taste. + +(Originally on Twitter: [Sun Sep 13 06:33:46 +0000 2020](https://twitter.com/adulau/status/1305031902546538501)) +---- +RT @DistributedDave: It's long been assumed that there are no nontrivial reflected amplification attacks using TCP—prior attacks are UDP or… + +(Originally on Twitter: [Sun Sep 13 08:00:12 +0000 2020](https://twitter.com/adulau/status/1305053655041806336)) +---- +@MaliciaRogue La mésange charbonnière est majoritairement insectivore (même si elle adore les graines de tournesols en hiver)... il n'est pas impossible (mais rare) qu'elle mange des larves sur le cadavre d'un autre animal. Sur la photo, c'est l'hiver et donc peu probable... 🙃 + +(Originally on Twitter: [Sun Sep 13 08:41:19 +0000 2020](https://twitter.com/adulau/status/1305063999671865345)) +---- +@MaliciaRogue Oui en effet. Désolé, j'ai toujours mes vieux réflexes de naturaliste ;-) + +(Originally on Twitter: [Sun Sep 13 08:45:15 +0000 2020](https://twitter.com/adulau/status/1305064989942743040)) +---- +@0xabad1dea Data broking. Oracle is, for some years, with AdTech and MarTech in the “dirty” business of ads networks. It looks like they just bought a huge dataset/network without the algorithms. + +(Originally on Twitter: [Mon Sep 14 05:51:03 +0000 2020](https://twitter.com/adulau/status/1305383539563786240)) +---- +@pinkflawd Do you need some chocolate? If I post it now, you might receive it in December ;-) + +(Originally on Twitter: [Mon Sep 14 11:10:19 +0000 2020](https://twitter.com/adulau/status/1305463885072338945)) +---- +RT @bialczakp: Hfinger, my malware HTTP request fingerprinter, has been published today @x33fcon. It's still a prototype, but can already q… + +(Originally on Twitter: [Mon Sep 14 11:16:32 +0000 2020](https://twitter.com/adulau/status/1305465449132457984)) +---- +@fredraynal @virustotal We already succeeded to remove various files from VT as long there is a good justification. DM me if you want to discuss about it. + +(Originally on Twitter: [Mon Sep 14 17:28:48 +0000 2020](https://twitter.com/adulau/status/1305559135577145346)) +---- +I always see this kind of statement in some random cybersecurity documents "avoid duplication of activities/work". Is it really an issue? Don't we innovate by trying different paths on a same topic? Is competitive work or research so bad? If end results are shared, why not? + +(Originally on Twitter: [Mon Sep 14 20:34:51 +0000 2020](https://twitter.com/adulau/status/1305605956664000515)) +---- +I always refused to be credited for finding vulnerabilities. Just because I know how difficult it can be to fix a vulnerability. + +(Originally on Twitter: [Tue Sep 15 05:48:23 +0000 2020](https://twitter.com/adulau/status/1305745258618159105)) +---- +La citation du jour par @gallypette  « C’est tellement bon que c’est classifié » - « it’s so good that is classified » - Or how to hide your crappy project. + + +media/1306558384309710849-EiHT654XsAEPlqI.mp4 + +(Originally on Twitter: [Thu Sep 17 11:39:28 +0000 2020](https://twitter.com/adulau/status/1306558384309710849)) +---- +RT @ail_project: The @yararules in @ail_project to find PHP "obfuscation" gives many interesting results. But sometime, you could find some… + +(Originally on Twitter: [Thu Sep 17 12:51:12 +0000 2020](https://twitter.com/adulau/status/1306576437902802949)) +---- +RT @WolfieChristl: Android apps from dating to fertility to selfie editors share personal data with the Chinese company Jiguang via its SDK… + +(Originally on Twitter: [Thu Sep 17 16:22:51 +0000 2020](https://twitter.com/adulau/status/1306629700295458816)) +---- +@ValeryMarchive @CharlieDeltaLum 45% me semble élevé (mais mes chiffres sont sur un nombre peu significatif d’entreprises) mais 20% est réaliste. De plus il est clairement suffisant pour dynamiser le marché et voir de la competition dans l’écosystème du ransomware. + +(Originally on Twitter: [Fri Sep 18 05:25:51 +0000 2020](https://twitter.com/adulau/status/1306826750068957189)) +---- +@margolainen As long there is no pineapple, all is fine ;-) + +(Originally on Twitter: [Fri Sep 18 20:15:08 +0000 2020](https://twitter.com/adulau/status/1307050543605571584)) +---- +@cbrocas @Vecchi_Paolo might be the right guy to make a blog post about his standard setup of @bigbluebutton + +(Originally on Twitter: [Sat Sep 19 10:53:13 +0000 2020](https://twitter.com/adulau/status/1307271524047609860)) +---- +@DCSecuritydk @markaorlando @_saadk @chrissanders88 Not sure the “term quality” is the best term. I’m more into contextualized information which can be used (or discarded) for machine to be processed or supporting intelligence analyst. I have seen very good intelligence or geopolitical report which highlight potential steps/tasks. + +(Originally on Twitter: [Sat Sep 19 18:19:32 +0000 2020](https://twitter.com/adulau/status/1307383840298631169)) +---- +@DCSecuritydk @markaorlando @_saadk @chrissanders88 For IR reports, I think the tendency is still to talk about what has been seen and rarely about proactive steps or protective/detection measure to take. Not sure what you want to achieve but it’s clearly an area which needs improvement. We need to work more on analytical steps. + +(Originally on Twitter: [Sat Sep 19 18:22:23 +0000 2020](https://twitter.com/adulau/status/1307384559756079105)) +---- +@DCSecuritydk @markaorlando @_saadk @chrissanders88 But again, the issue is economical, such intelligence has value and there is no common values to share it publicly. Intelligence reporting needs to be produced by a diversity of organisations and not only by security vendors... + +(Originally on Twitter: [Sat Sep 19 18:24:15 +0000 2020](https://twitter.com/adulau/status/1307385029622984705)) +---- +Adding online registration to a router firmware to have its full functionality including the local UI. It was already super difficult to have people updating their routers. Adding more creepy dark patterns and build the next botnet of unmanaged devices. + +https://kb.netgear.com/000062364/GC108P-GC108PP-Firmware-Version-1-0-5-8 + +(Originally on Twitter: [Sun Sep 20 06:42:52 +0000 2020](https://twitter.com/adulau/status/1307570909390270469)) +---- +RT @AdulauA: network graph in lost buildings - #graffiti #StreetArt ![](media/1307588698515570688-EiV8AotXsAEYYDD.jpg) + +(Originally on Twitter: [Sun Sep 20 07:53:34 +0000 2020](https://twitter.com/adulau/status/1307588698515570688)) +---- +RT @ail_project: AIL extracts automatically all PGP user-id from PGP messages including signatures, public-keys or encrypted messages. You… + +(Originally on Twitter: [Sun Sep 20 09:28:12 +0000 2020](https://twitter.com/adulau/status/1307612516244168707)) +---- +@louisderrac Prenons IPv6, un standard qui a été développé pour avoir assez d’adresses IP sur Internet car IPv4 n’a plus assez adresses (en gros). La création du standard date de 1994 mais c’est seulement maintenant que l’on utilise à large échelle. Pour justifier cette migration nécessaire, + +(Originally on Twitter: [Mon Sep 21 06:16:02 +0000 2020](https://twitter.com/adulau/status/1307926540861218818)) +---- +@louisderrac les justifications économiques sont venues avec des utilisations complémentaires (objets connectés ou autre) car justifier par le simple manque d’adresse IP était difficile pour réinvestir des équipements. Pour l’evolution des standard 3GPP (5G et 5G NR), c’est souvent les soucis + +(Originally on Twitter: [Mon Sep 21 06:18:49 +0000 2020](https://twitter.com/adulau/status/1307927244820672512)) +---- +@louisderrac de congestion par le nombre grandissant d’utilisateurs. Maintenant, les investisseurs ne trouvent pas ces raisons suffisantes, alors il faut essayer de vendre ces extensions et les nouveaux usages utopiques. C’est souvent la complexité économique de maintenir des réseaux + +(Originally on Twitter: [Mon Sep 21 06:21:40 +0000 2020](https://twitter.com/adulau/status/1307927962252128256)) +---- +@louisderrac qui est le nerf de la guerre. Maintenir et fournir des services à des utilisateurs demandent du temps, des resources et de l’argent. Le justifier avec des nouvelles utilisations est souvent le +plus simple. + +(Originally on Twitter: [Mon Sep 21 06:23:28 +0000 2020](https://twitter.com/adulau/status/1307928413102125056)) +---- +@louisderrac @Ztec6 @nitot Pas uniquement, les connexions “backhaul” entre les “BS” sont souvent en micro-onde s’il y a une visibilité directe. La latence en radio est plus faible que la fibre. + +(Originally on Twitter: [Mon Sep 21 06:30:56 +0000 2020](https://twitter.com/adulau/status/1307930294050263040)) +---- +@louisderrac Ce n’est pas vraiment le cas. Il faut maintenir des infrastructures et beaucoup des upgrades sont logiciels pour mettre à jour le code vis-à-vis des normes 3GPP. Une infra telecom est un investissement continu si on ne veut pas perdre des utilisateurs, ne pas investir est pire. + +(Originally on Twitter: [Mon Sep 21 06:34:48 +0000 2020](https://twitter.com/adulau/status/1307931266025762816)) +---- +@louisderrac Il existe des standards comme WiMax pour ce genre d’approche (oui cela utilise souvent des fréquences proches de la 5G depuis des années ;-) mais le problème est économique. Personne ne veut payer les infrastructures, les standard GSM sont une commodité et le coût est faible. + +(Originally on Twitter: [Mon Sep 21 06:41:59 +0000 2020](https://twitter.com/adulau/status/1307933072185274369)) +---- +RT @joernchen: 🥳 + +This fixes a RCE bug in this transport helper reported by Joern Schneeweisz to the git-security mailing list. The issue i… + +(Originally on Twitter: [Mon Sep 21 10:59:22 +0000 2020](https://twitter.com/adulau/status/1307997847615348736)) +---- +@thierryzoller I use it to devaluate my laptop and covering the screws. + +(Originally on Twitter: [Mon Sep 21 13:38:15 +0000 2020](https://twitter.com/adulau/status/1308037830527066120)) +---- +RT @Enno_Insinuator: Follow the blue bird: A study on threat data published on Twitter +https://openaccess.city.ac.uk/id/eprint/24565/1/CameraReady.pdf [PDF] ![](media/1308064084403924992-EictHjJWoAA0i3z.png) + +(Originally on Twitter: [Mon Sep 21 15:22:35 +0000 2020](https://twitter.com/adulau/status/1308064084403924992)) +---- +RT @GossiTheDog: Regarding Zerologon detection - @ashwinpatil @cglyer and myself have been working on an Azure Sentinel mega query to detec… + +(Originally on Twitter: [Tue Sep 22 06:24:09 +0000 2020](https://twitter.com/adulau/status/1308290971134832640)) +---- +RT @pinkflawd: After long hesitation there will finally be a virtual BlackHoodie 🤓 COV isn't going away soon enough and I'm getting itchy.… + +(Originally on Twitter: [Tue Sep 22 07:34:10 +0000 2020](https://twitter.com/adulau/status/1308308593716985856)) +---- +RT @hmemcpy: The Agile Hellscape v3 ![](media/1308388887069446144-Eia-LGmWsAAy5sa.jpg) + +(Originally on Twitter: [Tue Sep 22 12:53:14 +0000 2020](https://twitter.com/adulau/status/1308388887069446144)) +---- +I released ssldump version 1.2 which incorporates the improved build process (huge thanks to @___wr___ ), decrypt resumed sessions and many small improvements. Thanks to Matt Slot and Aleksey Ryabkov for the contributions. https://github.com/adulau/ssldump + +(Originally on Twitter: [Tue Sep 22 14:17:40 +0000 2020](https://twitter.com/adulau/status/1308410138404020224)) +---- +RT @P3b7_: Want to build a cheap and DIY EM Fault Injector? Have a look at the latest article from the @DonjonLedger. +With this setup, it's… + +(Originally on Twitter: [Wed Sep 23 04:02:18 +0000 2020](https://twitter.com/adulau/status/1308617663946653696)) +---- +@Ko97551819 This remembers me the quote from Banksy “ I'd been painting rats for three years before someone said, 'That's clever. It's an anagram of art,' and I had to pretend I'd known that all along.” +Banksy in Wall and Piece + +(Originally on Twitter: [Wed Sep 23 04:05:24 +0000 2020](https://twitter.com/adulau/status/1308618442484965377)) +---- +RT @angealbertini: Mitra is a tool to generate binary polyglots. +https://github.com/corkami/mitra ![](media/1308668853447204866-EiimgsEWkAM5ws9.png) + +(Originally on Twitter: [Wed Sep 23 07:25:43 +0000 2020](https://twitter.com/adulau/status/1308668853447204866)) +---- +RT @akiratk0355: Excited to announce our LadderLeak attack on ECDSA (https://ia.cr/2020/615) will appear at CCS 2020. Kudos to the team @d… + +(Originally on Twitter: [Thu Sep 24 08:37:02 +0000 2020](https://twitter.com/adulau/status/1309049189725331464)) +---- +@MeAllainYann @jubobroff hardcover first ;-) + +(Originally on Twitter: [Thu Sep 24 15:50:26 +0000 2020](https://twitter.com/adulau/status/1309158257030766596)) +---- +@DCSecuritydk @Iglocska @nadouani Sure @DennisRand did an incredible job. We also bootstrapped various trainings in DK but also in various EU countries. Thanks @inea_eu CEF and @circl_lu funding which helped a lot for getting the initial set of training materials. + +(Originally on Twitter: [Thu Sep 24 18:32:48 +0000 2020](https://twitter.com/adulau/status/1309199118267449345)) +---- +RT @botherder: FinFisher for Linux steals emails from Thunderbird by installing a malicious extension which reads emails and pipes them thr… + +(Originally on Twitter: [Sat Sep 26 11:01:20 +0000 2020](https://twitter.com/adulau/status/1309810279400775680)) +---- +why is @volatility 3.0 now released under a license which is not recognized as open source by @OpenSourceOrg or as free software license by @fsf ? https://github.com/volatilityfoundation/volatility3/blob/master/LICENSE.txt re-inventing a license is always a bad idea (loophole, incompatibilities, fragmentations...) + + +media/1309847856749129731-Ei2DrV0WAAAQIWR.mp4 + +(Originally on Twitter: [Sat Sep 26 13:30:39 +0000 2020](https://twitter.com/adulau/status/1309847856749129731)) +---- +@aris_ada @volatility @OpenSourceOrg @fsf It’s a nice way to kill your open source project and especially interactions with your past and future contributors. On the legal side, it’s fine as they rewrote it from scratch. But ethically, it sounds border line. + +(Originally on Twitter: [Sat Sep 26 16:13:07 +0000 2020](https://twitter.com/adulau/status/1309888742166089728)) +---- +If you plan to run an organisation (companies, associations, team), don’t follow management book too blindly. But have a look at practical do-ocracy and how they work https://communitywiki.org/wiki/DoOcracy and let people being autonomous/free. Random advise for Monday management meeting. + +(Originally on Twitter: [Sun Sep 27 18:14:52 +0000 2020](https://twitter.com/adulau/status/1310281770747691011)) +---- +@Ko97551819 She also serves cocktails late in the night from her card box bar. + + +media/1310308620962234368-Ei8mucuXcAA4YEc.mp4 + +(Originally on Twitter: [Sun Sep 27 20:01:34 +0000 2020](https://twitter.com/adulau/status/1310308620962234368)) +---- +@mtarral Maybe we should have a look at all those Python-based ransomware and see how they do it to bundle the Python interpreter efficiently ;-) + +(Originally on Twitter: [Sun Sep 27 20:28:15 +0000 2020](https://twitter.com/adulau/status/1310315336269533185)) +---- +@MaliciaRogue Oui je confirme, on nous oublie souvent. Une bonne resource sur le sujet https://jfly.uni-koeln.de/color/ et aussi le forum @EdwardTufte https://www.edwardtufte.com/bboard/q-and-a-fetch-msg?msg_id=0000HT + +(Originally on Twitter: [Mon Sep 28 07:50:14 +0000 2020](https://twitter.com/adulau/status/1310486962369953794)) +---- +@MaliciaRogue @EdwardTufte Je trouve ce qui aide le plus c’est de s’assurer que la representation graphique fonctionne aussi en noir et blanc. Une trame (en plus des couleurs) aide vraiment mais je me souviens d’un graphiste qui avait enlevé les trames sur un graph matplotlib car « c’est laid » \facepalm. + +(Originally on Twitter: [Mon Sep 28 07:57:17 +0000 2020](https://twitter.com/adulau/status/1310488736740921344)) +---- +Can someone tell the @SNCB to get rid of the 1st class during a pandemic time to ensure a better distribution of people among the trains. It would avoid crowded second class while having two empty trains for 1st class. @Emmanuel_microb + +(Originally on Twitter: [Mon Sep 28 15:12:53 +0000 2020](https://twitter.com/adulau/status/1310598359326089219)) +---- +@belgiumbe https://mobile.twitter.com/adulau/status/1310598359326089219 Any idea who to contact @SanteBelgique ? @CrisiscenterBE to make this a reality? + +(Originally on Twitter: [Mon Sep 28 15:20:03 +0000 2020](https://twitter.com/adulau/status/1310600162558050304)) +---- +@SNCB @BenoitSchelll @Emmanuel_microb @STIBMIVB What about the removal of the 1st class during the pandemic as initially proposed? + +(Originally on Twitter: [Tue Sep 29 08:23:48 +0000 2020](https://twitter.com/adulau/status/1310857797245063169)) +---- +@likethecoins @bengoerz @gertjanbruggink @alexcpsec @_whatshisface @anthomsec @asfakian @markarenaau @mgill80 @olafhartong @sherrod_im @jfslowik @ChicagoCyber @fierytermite @v33na @NCSC @ncsc_nl @PDXbek @DavidJBianco @Ch33r10 @cglyer @lennyzeltser Indeed. What I also like it's a complementary table, describing the sentences into a more structured way for analysts who prefer columns over complex sentences. + +(Originally on Twitter: [Tue Sep 29 12:58:17 +0000 2020](https://twitter.com/adulau/status/1310926875250905088)) +---- +@SNCB @jpflorent @BenoitSchelll @Emmanuel_microb @STIBMIVB My proposal is to do it by default and get rid of the 1st class. The reason is not to put the burden on the staff (difficult to quantify when you are in the train) instead of a passenger finding a less crowded place. Having a single class would solve the issue. + +(Originally on Twitter: [Tue Sep 29 13:06:50 +0000 2020](https://twitter.com/adulau/status/1310929025293062150)) +---- +@SNCB @jpflorent @BenoitSchelll @Emmanuel_microb @STIBMIVB I tried but the default forms don’t allow to describe this kind of proposal. We are not talking about a utter complex measure, a simple one which is suppressing the classes during a pandemic to improve people distribution in the cars. Nothing more. + +(Originally on Twitter: [Tue Sep 29 13:11:24 +0000 2020](https://twitter.com/adulau/status/1310930174997934081)) +---- +RT @layle_ctf: My emulator for Valve's anticheat modules (VAC3) is finally public! It utilizes @qiling_io to do the emulation. The code is… + +(Originally on Twitter: [Tue Sep 29 15:36:28 +0000 2020](https://twitter.com/adulau/status/1310966681968283648)) +---- +Don’t give up. Coding is the act of creating code which will be destroyed at one point. Just like our lives. + +(Originally on Twitter: [Wed Sep 30 06:03:00 +0000 2020](https://twitter.com/adulau/status/1311184753379414016)) +---- +RT @MISPProject: A step-by-step tutorial on how to create a Python script to import @github user metadata into MISP. +https://t.co/y4Ge85K… + +(Originally on Twitter: [Wed Sep 30 08:37:38 +0000 2020](https://twitter.com/adulau/status/1311223668412907522)) +---- +https://arxiv.org/abs/2009.14007 "Tracking Mixed Bitcoins" ![](media/1311319975681028096-EjKahW6WkAIFmaL.jpg) + +(Originally on Twitter: [Wed Sep 30 15:00:20 +0000 2020](https://twitter.com/adulau/status/1311319975681028096)) +---- +I hate when I just use a public API, make a mistake in the query and got a stack trace with other credentials back. At least, a point of contact was indirectly mentioned in the stack trace. Everyone is safe and I should stop using computers for the next hours. + + +media/1311347988703449088-EjLYCl8XsAErf38.mp4 + +(Originally on Twitter: [Wed Sep 30 16:51:38 +0000 2020](https://twitter.com/adulau/status/1311347988703449088)) +---- +@ClausHoumann Attack is a big word when you just add an unexpected additional parameter to a POST request. + +(Originally on Twitter: [Wed Sep 30 17:32:40 +0000 2020](https://twitter.com/adulau/status/1311358313536401410)) +---- +@follc Un pipeline entre la France et la Belgique ? avec de la bière ? + +(Originally on Twitter: [Wed Sep 30 20:26:49 +0000 2020](https://twitter.com/adulau/status/1311402139655106560)) +---- +RT @cve_search: cve-search 3.0 has been released including a rewritten import process, unit tests and many bugs fixed. Thanks to Paul Tikke… + +(Originally on Twitter: [Thu Oct 01 12:21:11 +0000 2020](https://twitter.com/adulau/status/1311642312938860554)) +---- +@alexanderjaeger @craiu The pet doctor is when you have to deal with the investors ;-) + +(Originally on Twitter: [Thu Oct 01 17:34:33 +0000 2020](https://twitter.com/adulau/status/1311721175308001284)) +---- +@matthieugarin J'espère que le taux de faux négatif n’est pas trop important. Cela donne une fausse impression qu’une email n’a pas été ciblée... + +(Originally on Twitter: [Fri Oct 02 06:18:15 +0000 2020](https://twitter.com/adulau/status/1311913367607668736)) +---- +"BRON -- Linking Attack Tactics, Techniques, and Patterns with Defensive Weaknesses, Vulnerabilities and Affected Platform Configurations" Maybe something to implement in @cve_search + +Paper: https://arxiv.org/abs/2010.00533 + +Source code: https://github.com/ALFA-Group/BRON ![](media/1312021373229903879-EjU8Gj8XgAAxKRR.png) + +(Originally on Twitter: [Fri Oct 02 13:27:26 +0000 2020](https://twitter.com/adulau/status/1312021373229903879)) +---- +@Glacius___ + + +media/1312085138302476290-EjV2eWkXgAM0PH8.mp4 + +(Originally on Twitter: [Fri Oct 02 17:40:48 +0000 2020](https://twitter.com/adulau/status/1312085138302476290)) +---- +RT @thehellu: Thanks to the VB conference for letting us present our research on #Tonto threat actor! We found some interesting infection v… + +(Originally on Twitter: [Fri Oct 02 19:26:32 +0000 2020](https://twitter.com/adulau/status/1312111745888997382)) +---- +@ater49 Non mais et le rayonnement du soleil, il pollue tout le spectre. Et en plus, les plantes volent une partie pour leurs propres intérêts. Il faut faire une petition. + +(Originally on Twitter: [Sat Oct 03 07:28:50 +0000 2020](https://twitter.com/adulau/status/1312293517599944704)) +---- +RT @mtarral: RELEASE: http://checksec.py 🐍 + +A cross-platform checksec tool for Windows and Linux. + +➡️ pip install https://t.co/9ilZtMt… + +(Originally on Twitter: [Sat Oct 03 08:03:39 +0000 2020](https://twitter.com/adulau/status/1312302278272000001)) +---- +@r00tbsd I love it. The black part is really deep. Well done. + +(Originally on Twitter: [Sat Oct 03 13:34:11 +0000 2020](https://twitter.com/adulau/status/1312385460216434688)) +---- +@r00tbsd It’s always like that with paintings and photographic prints. I decided to start also a bigger painting than usual for Today. For the curious, some of my paintings are on @AdulauA ;-) ![](media/1312386843644694532-EjaIn4-WkAE1rCu.jpg) + +(Originally on Twitter: [Sat Oct 03 13:39:41 +0000 2020](https://twitter.com/adulau/status/1312386843644694532)) +---- +@o0tAd0o @r00tbsd @AdulauA Krink MTN. Sometime you need some distances... + +(Originally on Twitter: [Sat Oct 03 14:43:18 +0000 2020](https://twitter.com/adulau/status/1312402852837568514)) +---- +@__Thanat0s__ @r00tbsd @AdulauA rofl it’s linen for painting ;-) + +(Originally on Twitter: [Sat Oct 03 17:24:47 +0000 2020](https://twitter.com/adulau/status/1312443492510044160)) +---- +RT @benedictevans: A new post: the end of the American internet. https://www.ben-evans.com/benedictevans/2020/10/3/the-end-of-the-american-internet + +(Originally on Twitter: [Sun Oct 04 09:05:04 +0000 2020](https://twitter.com/adulau/status/1312680123087413248)) +---- +RT @mattnotmax: "Registers" are akin to variables in #CyberChef. Here we can shift columns of a log file around to make the date leading fo… + +(Originally on Twitter: [Sun Oct 04 13:04:30 +0000 2020](https://twitter.com/adulau/status/1312740378483793921)) +---- +"PEP 584 -- Add Union Operators To dict" appears in Python 3.9 - I don't know how many times I rewrote a similar function but this is finally here. The PEP is pretty interesting with the "state-of-the-art'" and the rejected ideas. +https://www.python.org/dev/peps/pep-0584/ + +(Originally on Twitter: [Mon Oct 05 21:10:50 +0000 2020](https://twitter.com/adulau/status/1313225156874121216)) +---- +Just a reminder to the infosec folks using @GitHub if you upload a huge PDF without the sources (e.g. Markdown), without specifying an open source license and not allowing contribution. It’s still a proprietary blob. + +(Originally on Twitter: [Tue Oct 06 05:59:39 +0000 2020](https://twitter.com/adulau/status/1313358237794795522)) +---- +@F_kZ_ sniff sniff. Take care. + +(Originally on Twitter: [Tue Oct 06 13:08:31 +0000 2020](https://twitter.com/adulau/status/1313466165738590208)) +---- +An insurance broker got a ransomware. + +Luckily, they were in the best position to get an insurance... + +https://www.theregister.com/AMP/2020/10/06/ardonagh_group_ransomware/ + +(Originally on Twitter: [Tue Oct 06 17:43:58 +0000 2020](https://twitter.com/adulau/status/1313535485357285379)) +---- +@AlexArchambault @zdnetfr @reesmarc On déplace juste le lieu de conservation comme la collecte est maintenue. + +(Originally on Twitter: [Tue Oct 06 17:51:57 +0000 2020](https://twitter.com/adulau/status/1313537494550556672)) +---- +Glad to see new open source projects in #infosec https://github.com/Felix83000/Watcher Watcher is a tool to do proactive monitoring from RSS/social network/... to search for emerging threats. The tool has some great potential to be extended & already integrates @MISPProject & @TheHive_Project + +(Originally on Twitter: [Wed Oct 07 15:09:35 +0000 2020](https://twitter.com/adulau/status/1313859019379965959)) +---- +@msuiche https://www.first.org/members/teams/amazon_sirt Amazon SIRT is also a PSIRT? or do I miss something + +(Originally on Twitter: [Thu Oct 08 06:15:13 +0000 2020](https://twitter.com/adulau/status/1314086930104168448)) +---- +@msuiche We already sent report for AWS or even vuln for some products and they managed to fix the issues. So I suppose it’s a kind of single point of contact for IR. + +(Originally on Twitter: [Thu Oct 08 06:25:16 +0000 2020](https://twitter.com/adulau/status/1314089461454643200)) +---- +@Serianox_ Rien n’est vérifié... et il n’existe pas d’annuaire commun des comptes IBAN pour les valider. C’est pour cela que les incidents sur les fausses factures sont si fréquent. Mais cela demanderait aux banques de partager les comptes IBAN et l'analytique associée. + +(Originally on Twitter: [Thu Oct 08 08:23:05 +0000 2020](https://twitter.com/adulau/status/1314119109643247616)) +---- +@edarchis @Serianox_ La banque destinataire qui a le compte de la mule. C’est justement le problème, ce n’est jamais (rarement?) vérifié. Il est mieux de faire la verification avant de faire la compensation vers une banque inconnue. L’annuaire pourrait éviter de faire des transferts vers les mules. + +(Originally on Twitter: [Thu Oct 08 09:22:53 +0000 2020](https://twitter.com/adulau/status/1314134157136719873)) +---- +RT @ail_project: "http://onion.foundation is a tor2web-like service that provides access to any .onion hidden service." We setup the servic… + +(Originally on Twitter: [Thu Oct 08 11:04:56 +0000 2020](https://twitter.com/adulau/status/1314159839254323202)) +---- +RT @hatr: I was alerted to this ESET paper (https://www.welivesecurity.com/wp-content/uploads/2018/03/ESET_OceanLotus.pdf) On page 15 (see screenshot) you can see that #OceanLotus uses DNS-base… + +(Originally on Twitter: [Thu Oct 08 14:12:06 +0000 2020](https://twitter.com/adulau/status/1314206943934783489)) +---- +@GreatDismal I quickly looked at the excerpt and it’s really good. Another positive aspect is the quality of the typography but the publisher is known for such details. I really love the quote below, it’s becoming a reality in our societies... ![](media/1314242737487654912-Ej0ffFfX0AMv-UA.jpg) + +(Originally on Twitter: [Thu Oct 08 16:34:20 +0000 2020](https://twitter.com/adulau/status/1314242737487654912)) +---- +RT @vector35: We've open sourced two of our core architectures, armv7 and aarch64! Check out our blog post explaining in more detail https:… + +(Originally on Twitter: [Thu Oct 08 16:47:43 +0000 2020](https://twitter.com/adulau/status/1314246103341113347)) +---- +RT @DarkReading: Open Source Threat Intelligence Searches for Sustainable Communities http://ow.ly/N3mP50BMB5G by @roblemos #threatintel #in… + +(Originally on Twitter: [Thu Oct 08 21:37:55 +0000 2020](https://twitter.com/adulau/status/1314319135195762690)) +---- +@clevybencheton @MISPProject @rafi0t It’s a great question. I think for such position is more the ability of the human to proactively « be able to do, be curious, share his/her work and never stop learning ». Education is just much more than just school and certification. + +(Originally on Twitter: [Sat Oct 10 16:39:44 +0000 2020](https://twitter.com/adulau/status/1314968871183495174)) +---- +@clevybencheton @MISPProject @rafi0t I think the issue is quite complex. It’s a matter of accepting risks. In large corporations, HR processes tend to be complex to hide the risks. If they were able to accept some risks while hiring people, they will not create job openings with such formal conditions. + +(Originally on Twitter: [Sat Oct 10 17:13:14 +0000 2020](https://twitter.com/adulau/status/1314977300417523712)) +---- +@cyb3rops Oh cool. This could be used as a correlation function in @MISPProject I like the idea. + +(Originally on Twitter: [Sat Oct 10 18:50:18 +0000 2020](https://twitter.com/adulau/status/1315001731311337472)) +---- +RT @cyb3rops: Maybe someone else finds this rule hash generator for YARA rules useful + +We calculate a hash over a #YARA rule to identify du… + +(Originally on Twitter: [Sat Oct 10 18:50:21 +0000 2020](https://twitter.com/adulau/status/1315001743005102080)) +---- +There is a pull-request in imagehash to support "Efficient crop resistance" based on " Efficient Cropping-Resistant Robust Image Hashing". This looks promising and could help of a lot of open source tools doing image correlation. https://ieeexplore.ieee.org/document/6980335 +https://github.com/JohannesBuchner/imagehash/pull/120 + +(Originally on Twitter: [Sun Oct 11 10:26:00 +0000 2020](https://twitter.com/adulau/status/1315237205296603136)) +---- +The original reference to @depechemode has now been officially removed from @github + +https://twitter.com/GHchangelog/status/1311730705123213312 ![](media/1315273985278513152-EkDKpdNWAAM8XLw.png) + +(Originally on Twitter: [Sun Oct 11 12:52:09 +0000 2020](https://twitter.com/adulau/status/1315273985278513152)) +---- +@KrisBuytaert @mattstratton @ahidalgosre That could be 2005 or 2006. I remember some discussions that « dns over a satellite link » is like solving a problem with a regex, we now have two problems ;-) + +(Originally on Twitter: [Sun Oct 11 19:18:27 +0000 2020](https://twitter.com/adulau/status/1315371200839913476)) +---- +@KrisBuytaert @mattstratton @ahidalgosre I remember the debugging session and the craziness of having separated up/down streams of IP packets encapsulated in DVB-MPE and devices in the middle doing some acceleration on UDP/TCP. Then an empty resolv.conf which was lost in the battle field ;-) + +(Originally on Twitter: [Sun Oct 11 19:24:22 +0000 2020](https://twitter.com/adulau/status/1315372692326014976)) +---- +RT @MISPProject: New main feature in MISP (next release), it's the event report. Along with structured information, reports in Markdown for… + +(Originally on Twitter: [Mon Oct 12 10:28:21 +0000 2020](https://twitter.com/adulau/status/1315600185637117952)) +---- +@Ko97551819 + + +media/1315683587258232833-EkI_PFXXsAMygO7.mp4 + +(Originally on Twitter: [Mon Oct 12 15:59:46 +0000 2020](https://twitter.com/adulau/status/1315683587258232833)) +---- +@davem_dokebi Take care! We love you and need you. + +(Originally on Twitter: [Mon Oct 12 16:28:57 +0000 2020](https://twitter.com/adulau/status/1315690934559006720)) +---- +The useless actions against covid in Belgium, outlawing people in street between 1h and 6h in the night. But taking care of crowded public transport during peak time is another story... https://mobile.twitter.com/lalibrebe/status/1315702161410457600 and in the mean time @SNCB is still not removing the 1st class. + +(Originally on Twitter: [Mon Oct 12 17:24:16 +0000 2020](https://twitter.com/adulau/status/1315704855089082368)) +---- +@H_Miser Thales fait dans la chimie organique ? Je ne sais pas si je dois prendre deux MDMA avec du MDE et un peu de MDOH pour essayer de comprendre... + +(Originally on Twitter: [Mon Oct 12 17:44:57 +0000 2020](https://twitter.com/adulau/status/1315710057313693698)) +---- +@digihash @MISPProject Not at this stage but it’s foreseen in the next iteration. If you have some ideas, you can add those in https://github.com/MISP/MISP/issues/6410 Thanks! + +(Originally on Twitter: [Tue Oct 13 04:33:33 +0000 2020](https://twitter.com/adulau/status/1315873283515056129)) +---- +RT @ail_project: AIL Framework version 3.3 released with an improved item view and many other improvements. #ThreatIntel #DarkWeb #infosecu… + +(Originally on Twitter: [Tue Oct 13 16:09:27 +0000 2020](https://twitter.com/adulau/status/1316048413599961090)) +---- +@DavidGlaude @SNCB I knew it. What’s next? promoting the use of electronic voting? 🤣 + +(Originally on Twitter: [Tue Oct 13 16:31:01 +0000 2020](https://twitter.com/adulau/status/1316053842933448704)) +---- +There are a lot of scientific articles about cognitive biases. But not that much about biases or faults in collection of raw intelligence. Maybe we completely missed where the major issues were from the past years. #threatintel #intelligence + +(Originally on Twitter: [Wed Oct 14 05:31:37 +0000 2020](https://twitter.com/adulau/status/1316250286932078593)) +---- +Just added telfhash in @MISPProject and in the file object templates. You can now share telfhash information in addition to the other hashes and fuzzy hashes https://github.com/MISP/MISP/commit/550f09f628f86d3a62cf8bac1f21fecbee8a647c for the ones wondering we had already imphash and impfuzzy for PE files. https://www.misp-project.org/datamodels/ + +(Originally on Twitter: [Wed Oct 14 05:43:21 +0000 2020](https://twitter.com/adulau/status/1316253237826248704)) +---- +@ninoseki I like the JSON format they use for the regex description and the FP handling. + +(Originally on Twitter: [Wed Oct 14 05:46:45 +0000 2020](https://twitter.com/adulau/status/1316254093615259649)) +---- +@ninoseki Interesting because we were looking for improvements in @ail_project (in addition to pattern matching and set of terms) it’s just that various new classifiers need to be built depending of the potential leaked data structures searched by users. Again a matter of good corpus. + +(Originally on Twitter: [Wed Oct 14 06:11:29 +0000 2020](https://twitter.com/adulau/status/1316260319828873217)) +---- +@Aristot73 Yes it is. A lot of CTI “producers” are missing the HUMINT / IR collection part and some NGO showed well this missing gap while finding new threats. + +(Originally on Twitter: [Wed Oct 14 06:56:14 +0000 2020](https://twitter.com/adulau/status/1316271581937664000)) +---- +@cvesearch I suppose you know about the open source project called cve-search @cve_search https://github.com/cve-search/cve-search ? + +(Originally on Twitter: [Wed Oct 14 06:59:55 +0000 2020](https://twitter.com/adulau/status/1316272508895670273)) +---- +"The Vacuity of the Open Source Security Testing Methodology Manual" - "Thus, we argue that OSSTMM is neither fit for purpose nor can it be salvaged, and it should be abandoned by security professionals. " + +https://arxiv.org/abs/2010.06377 ![](media/1316302732161097729-EkRxlRvXkAAUDfS.png) + +(Originally on Twitter: [Wed Oct 14 09:00:01 +0000 2020](https://twitter.com/adulau/status/1316302732161097729)) +---- +@rafi0t @Iglocska It's the default answer, "home". Same for various countries (the small country next to Luxembourg), the tracing call centre use "home" when they don't have an answer, they pick the default value. + +(Originally on Twitter: [Wed Oct 14 14:16:57 +0000 2020](https://twitter.com/adulau/status/1316382489078829056)) +---- +@cvesearch @cve_search Cool, thanks for the feedback. It would have been easier for the users to use a different name to avoid confusion with cve-search which provides also a public api too for people who cannot run the open source software. + +(Originally on Twitter: [Wed Oct 14 14:22:31 +0000 2020](https://twitter.com/adulau/status/1316383890496532481)) +---- +@rafi0t @Iglocska Oh so it's even more confusing indeed. + + +media/1316387428538683398-EkS_YcDX0AAaeSG.mp4 + +(Originally on Twitter: [Wed Oct 14 14:36:34 +0000 2020](https://twitter.com/adulau/status/1316387428538683398)) +---- +@rafi0t @Iglocska Because everyone is exhausted by the situation. + +(Originally on Twitter: [Wed Oct 14 14:41:00 +0000 2020](https://twitter.com/adulau/status/1316388540419375106)) +---- +I hate to see the word “junior” in an open position. I have learned many things from “junior” people and that’s completely demotivating for them to classify new staff. In any case, titles are useless. + +(Originally on Twitter: [Wed Oct 14 16:45:32 +0000 2020](https://twitter.com/adulau/status/1316419881257127941)) +---- +@Koen_Security The paper is great and having very good arguments against such methods. The future work described is also very good and propose better paths. I usually only share the interesting academic papers ;-) + +(Originally on Twitter: [Wed Oct 14 18:57:34 +0000 2020](https://twitter.com/adulau/status/1316453108122345472)) +---- +@S_Team_Approved Rofl but we could also start a thread about bugbounty too ? ;-) + +(Originally on Twitter: [Thu Oct 15 10:41:02 +0000 2020](https://twitter.com/adulau/status/1316690541971746817)) +---- +@thepacketrat He is back ;-) + +(Originally on Twitter: [Thu Oct 15 11:48:13 +0000 2020](https://twitter.com/adulau/status/1316707447084548097)) +---- +@likethecoins Yes. As long as you feel well, everything is great. Some people had fun of me because I always wear trekking pants ;-) It’s comfy, drying quickly and rock solid. cc @treyka + +(Originally on Twitter: [Fri Oct 16 15:36:17 +0000 2020](https://twitter.com/adulau/status/1317127231957798912)) +---- +@treyka @likethecoins Forever comfy sounds like the mantra of a threat actor ;-) ![](media/1317136368859045888-EkdoLwjXgAACw5A.jpg) + +(Originally on Twitter: [Fri Oct 16 16:12:36 +0000 2020](https://twitter.com/adulau/status/1317136368859045888)) +---- +@arnaudsoullie @likethecoins @treyka Living in Belgium, travelling to Luxembourg by train. You are under the constant pressure of some random rains. + +(Originally on Twitter: [Fri Oct 16 16:15:27 +0000 2020](https://twitter.com/adulau/status/1317137087947210754)) +---- +@peterkruse Take care! + +(Originally on Twitter: [Fri Oct 16 16:37:25 +0000 2020](https://twitter.com/adulau/status/1317142615255584768)) +---- +RT @MISPProject: MISP 2.4.133 released with major improvements such as the markdown report feature and many UI improvements. + +#ThreatInte… + +(Originally on Twitter: [Fri Oct 16 21:25:00 +0000 2020](https://twitter.com/adulau/status/1317214987530764294)) +---- +@cbrocas @treyka @likethecoins Fjällräven g1000 is my favorite brand/model. + +(Originally on Twitter: [Sat Oct 17 19:09:31 +0000 2020](https://twitter.com/adulau/status/1317543281274834944)) +---- +RT @circl_lu: "A remote code execution vulnerability exists when Windows Network Address Translation (NAT) fails to properly handle UDP tra… + +(Originally on Twitter: [Sun Oct 18 08:19:00 +0000 2020](https://twitter.com/adulau/status/1317741959369379842)) +---- +RT @_saadk: Building on what @adulau shared some time ago, @lwnnet published ‘Further analysis of PyPI typosquatting’, covering 2 types of… + +(Originally on Twitter: [Sun Oct 18 09:48:29 +0000 2020](https://twitter.com/adulau/status/1317764481288708096)) +---- +@BeeFaauBee09 Did the pull-request got accepted ? You can also request a CVE. Then they might have a dispute but it might of the interest of everyone to understand the background story. + +(Originally on Twitter: [Sun Oct 18 11:48:14 +0000 2020](https://twitter.com/adulau/status/1317794616058515457)) +---- +RT @FDezeure: Final call for the EU ATT&CK Workshop next Friday, we will close registrations on Monday evening https://attack-community.org/event/ @MI… + +(Originally on Twitter: [Sun Oct 18 12:38:51 +0000 2020](https://twitter.com/adulau/status/1317807355678044160)) +---- +@OrOneEqualsOne A copy to markdown table format would have been also nifty to avoid to have IOCs as an images and being able to search and copy values from the tables in incident or intelligence reports. + +(Originally on Twitter: [Mon Oct 19 05:37:43 +0000 2020](https://twitter.com/adulau/status/1318063761719164928)) +---- +@clausoverbeck Indeed. We have seen some cases (especially crypto-miners) for ruby and Python packages but the impact was very limited. Indeed for larger packages, it will happen sooner or later or it’s really well done (and we are missing it for years). + +(Originally on Twitter: [Mon Oct 19 11:07:20 +0000 2020](https://twitter.com/adulau/status/1318146712234565634)) +---- +@CSS_Zurich @HenrikLindbo @HarvardIR Now, we can ask the question, what part of the open source software used by the mobile vendors included in their products is from Europe ? Maybe it’s time to consider the public funding of open source projects as a way to reach sovereignty in Europe. + +(Originally on Twitter: [Mon Oct 19 13:37:56 +0000 2020](https://twitter.com/adulau/status/1318184611655110659)) +---- +@msftsecurity + + +media/1318628932409851904-Eky2BV8XgAEHwRc.mp4 + +(Originally on Twitter: [Tue Oct 20 19:03:31 +0000 2020](https://twitter.com/adulau/status/1318628932409851904)) +---- +@markaorlando Sometime a random selection is better than a rational one. Let’s put some randomness regularly when selecting the incidents to work on. + +(Originally on Twitter: [Tue Oct 20 20:05:08 +0000 2020](https://twitter.com/adulau/status/1318644439955505153)) +---- +@markaorlando I remember that we found interesting/notable cases by disrupting our triage process. Indeed, it’s not the regular process but refining it with some randomness can help. + +(Originally on Twitter: [Tue Oct 20 20:18:53 +0000 2020](https://twitter.com/adulau/status/1318647902609223680)) +---- +I really support the tremendous job done by @FIRSTdotOrg and the members in order to reach a common code of ethics. Indeed, it’s not perfect and there many cultural diversities among members. But it’s an important step to bring ethical issues while collaborating between CSIRTs. https://twitter.com/FIRSTdotOrg/status/1318756631841247233 + +(Originally on Twitter: [Wed Oct 21 06:26:40 +0000 2020](https://twitter.com/adulau/status/1318800854464516096)) +---- +RT @MISPProject: A new enrichment misp-module for @clamav has been added to easily analyse a file and get the details from clamav directly… + +(Originally on Twitter: [Wed Oct 21 09:07:29 +0000 2020](https://twitter.com/adulau/status/1318841323563192320)) +---- +@catherinefonck @alexanderdecroo C’est assez simple, c’est la libre circulation des personnes (article 3 - traité sur l’union européenne). La solution, revaloriser les salaires pour le personnel soignant. + +(Originally on Twitter: [Wed Oct 21 16:23:43 +0000 2020](https://twitter.com/adulau/status/1318951105372487680)) +---- +@catherinefonck @alexanderdecroo Je ne crois pas que le @gouv_lu joue sur la concurrence et c’est même le contraire. Le Luxembourg a aussi accueilli des patients d’autres pays membres... https://gouvernement.lu/fr/actualites/toutes_actualites/communiques/2020/07-juillet/13-lenert-fete-nationale.html La Belgique bénéficie aussi de personnels venant des pays membres comme la Roumanie. + +(Originally on Twitter: [Wed Oct 21 19:37:55 +0000 2020](https://twitter.com/adulau/status/1318999978715582464)) +---- +RT @hack_lu: The great @fluxfingers team is on stage to run the #hacklu CTF this week. Join and have fun! #CTF + +Fri, Oct. 23, 13:37 UTC — S… + +(Originally on Twitter: [Thu Oct 22 10:40:14 +0000 2020](https://twitter.com/adulau/status/1319227054383091713)) +---- +@H_Miser Je me rappelle de grands comptes qui disaient que notre solution read-only était du “bricolage” https://www.circl.lu/pub/tr-55/ + +(Originally on Twitter: [Thu Oct 22 16:16:22 +0000 2020](https://twitter.com/adulau/status/1319311646662250497)) +---- +@ValeryMarchive @H_Miser Cela aide pour rendre les fichiers immuables en lecture unique. Quelle partie AD? + +(Originally on Twitter: [Thu Oct 22 16:23:05 +0000 2020](https://twitter.com/adulau/status/1319313333766455296)) +---- +@_saadk @ValeryMarchive @H_Miser Je sens le trolling LDAP et LDBM arriver ;-) + +(Originally on Twitter: [Thu Oct 22 16:27:52 +0000 2020](https://twitter.com/adulau/status/1319314540958523392)) +---- +RT @iiyonite: Faster than last time: EU Council imposes restrictive measures on Badin, GRU head Kostyukov, and the GRU's Unit 26165 (APT28)… + +(Originally on Twitter: [Thu Oct 22 16:31:55 +0000 2020](https://twitter.com/adulau/status/1319315558085644288)) +---- +@k8em0 Did @OBEYGIANT portrait you? ;-) ![](media/1319319343268855808-Ek8p3nPXIAAXisG.jpg) + +(Originally on Twitter: [Thu Oct 22 16:46:57 +0000 2020](https://twitter.com/adulau/status/1319319343268855808)) +---- +@bluetrusty_fr @_saadk @H_Miser On n'a jamais parlé de solution magique mais simplement d'une solution en logiciel libre utilisant squashfs pour assurer l’immuabilité. + +(Originally on Twitter: [Thu Oct 22 18:49:59 +0000 2020](https://twitter.com/adulau/status/1319350302408048640)) +---- +RT @MISPProject: As we participate to the EU ATT&CK Workshop, we included today the @MITREattack sub-techniques support in MISP. These are… + +(Originally on Twitter: [Fri Oct 23 05:43:46 +0000 2020](https://twitter.com/adulau/status/1319514834048897024)) +---- +RT @fluxfingers: Already over 100 teams registered! We are really looking forward to @hack_lu CTF starting today at 13:37 UTC and hope you… + +(Originally on Twitter: [Fri Oct 23 09:22:01 +0000 2020](https://twitter.com/adulau/status/1319569760057774081)) +---- +@alexanderjaeger @hankgreen 5 minutes in Belgium + +(Originally on Twitter: [Fri Oct 23 10:31:42 +0000 2020](https://twitter.com/adulau/status/1319587293297020928)) +---- +RT @MISPProject: We introduced a simple tea matrix in MISP to help analysts using MISP to prepare their tea while working. Presented during… + +(Originally on Twitter: [Fri Oct 23 14:27:03 +0000 2020](https://twitter.com/adulau/status/1319646522863210501)) +---- +@SamiTainio @MISPProject @MITREattack It could become compliant with some updates ;-) + +(Originally on Twitter: [Fri Oct 23 14:51:47 +0000 2020](https://twitter.com/adulau/status/1319652749064228872)) +---- +@avoulk @MISPProject @MITREattack Great! Don’t hesitate to do a pull request ;-) + +(Originally on Twitter: [Fri Oct 23 20:09:46 +0000 2020](https://twitter.com/adulau/status/1319732771074510849)) +---- +@jfslowik @DragosInc @DomainTools + + +media/1319797262273445889-ElDcnEeXgAAgG1U.mp4 + +(Originally on Twitter: [Sat Oct 24 00:26:02 +0000 2020](https://twitter.com/adulau/status/1319797262273445889)) +---- +Are we living in the future from our worst sci-fi books? This is an insightful reading.... the quote on how stackoverflow is influencing our life. This will make me looking at @StackOverflow in a very different way. + +https://mobile.twitter.com/therealsaumil/status/1320290009618862080 ![](media/1320291733729587200-ElKdWBIWkAAmFCS.jpg) + +(Originally on Twitter: [Sun Oct 25 09:10:53 +0000 2020](https://twitter.com/adulau/status/1320291733729587200)) +---- +RT @circl_lu: "This script will enable you to reset the krbtgt account password and related keys while minimizing the likelihood of Kerbero… + +(Originally on Twitter: [Sun Oct 25 17:52:52 +0000 2020](https://twitter.com/adulau/status/1320423095547666438)) +---- +RT @archeofuto: Compulsive Book Acquisition Disorder, a Visual Manifesto. + +https://archeofuturism.today/2020/10/25/compulsive-book-acquisition-disorder-a-visual-manifesto/ + +#photography #blackandwhitephotography… + +(Originally on Twitter: [Mon Oct 26 05:30:55 +0000 2020](https://twitter.com/adulau/status/1320598763292004352)) +---- +RT @David3141593: @linuxthor @LargeCardinal You may be interested in my extremely tiny (69 byte) NASM-syntax AES implementation, also using… + +(Originally on Twitter: [Mon Oct 26 06:15:29 +0000 2020](https://twitter.com/adulau/status/1320609978760220672)) +---- +RT @LargeCardinal: Wrote a thing at work - might have some potentially useful code for some people :P + +"QuantumRNG-aaS - Making use of Qua… + +(Originally on Twitter: [Mon Oct 26 10:47:02 +0000 2020](https://twitter.com/adulau/status/1320678317243224066)) +---- +@LargeCardinal I’ll do some tests with the code. It’s nifty. Maybe an integration with haveged would be useful to run the NIST SP 800-22 tests suite. Thanks for sharing. + +(Originally on Twitter: [Mon Oct 26 10:51:50 +0000 2020](https://twitter.com/adulau/status/1320679524699381763)) +---- +@FIRSTdotOrg http://First.org conference 2015 in Berlin because it’s where we discussed with many friends new projects which became a reality in 2020. #firstcon One of this project will be presented at #firstcon20 ;-) + +(Originally on Twitter: [Mon Oct 26 16:29:47 +0000 2020](https://twitter.com/adulau/status/1320764574665220099)) +---- +RT @AFiscutean: In the late 1980s, when Czechoslovakia was in the grip of Communism, a few kids aged 10 to 19 wrote video games that mocked… + +(Originally on Twitter: [Tue Oct 27 06:11:49 +0000 2020](https://twitter.com/adulau/status/1320971442532556802)) +---- +You know what it is rewarding in these days. + +It’s when someone come to you with an old open source code you did and share with you his/her improved version. Knowing that you had in impact, it’s a relief. So you know what to do, contribute even if your code is crappy. + +(Originally on Twitter: [Tue Oct 27 07:08:01 +0000 2020](https://twitter.com/adulau/status/1320985588921753606)) +---- +RT @SBousseaden: example of initial execution traces (sysmon) of ProcessHerpaderping uploaded + +https://jxy-s.github.io/herpaderping/ + +https://t.co/aLeUfn… + +(Originally on Twitter: [Tue Oct 27 16:15:07 +0000 2020](https://twitter.com/adulau/status/1321123271224500224)) +---- +RT @just_security: The Government of Finland sets out important statement on international law in #cyberspace. + +Read analysis by leading ex… + +(Originally on Twitter: [Tue Oct 27 17:49:53 +0000 2020](https://twitter.com/adulau/status/1321147116782342147)) +---- +@GrehackConf It’s the safest for everyone. I’m sure you’ll do a great virtual conference! + +(Originally on Twitter: [Tue Oct 27 21:22:52 +0000 2020](https://twitter.com/adulau/status/1321200715801513986)) +---- +@faisalusuf @MISPProject @circl_lu Could you open an issue https://github.com/MISP/misp-dashboard/issues ? including what you exactly did and your detail setup. Thanks + +(Originally on Twitter: [Wed Oct 28 06:50:19 +0000 2020](https://twitter.com/adulau/status/1321343521324937217)) +---- +RT @FDezeure: The presentations from the 6th EU ATT&CK Community Workshop on 23 October are online now: https://attack-community.org/event/. Save the d… + +(Originally on Twitter: [Wed Oct 28 09:07:09 +0000 2020](https://twitter.com/adulau/status/1321377957894627328)) +---- +RT @MISPProject: We are glad to support a new research project "The Social Perspective in Intelligence Activity Among Information Sharing C… + +(Originally on Twitter: [Wed Oct 28 14:41:10 +0000 2020](https://twitter.com/adulau/status/1321462015492263944)) +---- +@DCSecuritydk @circl_lu @enisa_eu @ECSIRT There are quite a lot related to IR https://www.misp-project.org/taxonomies.html in the taxonomy library. But you’ll need to dig a little bit ;-) + +(Originally on Twitter: [Wed Oct 28 15:59:21 +0000 2020](https://twitter.com/adulau/status/1321481689231745024)) +---- +RT @d4_project: "Regain sight in a network blackhole - Exploitation of the Mirai botnet weaknesses" Exploiting weaknesses of Mirai botnet t… + +(Originally on Twitter: [Wed Oct 28 20:36:52 +0000 2020](https://twitter.com/adulau/status/1321551528268845059)) +---- +I was super glad (it was also fun with his dog) to give the 2020 @hack_lu award for the long time commitment of @DidierStevens to the conference but also to the security community at large. Who never used one of his PDF analysis tools? + +https://twitter.com/LuxSecurityWeek/status/1321863248329777158 + +(Originally on Twitter: [Thu Oct 29 17:27:20 +0000 2020](https://twitter.com/adulau/status/1321866220287729666)) +---- +@jfslowik this sounds like a coding scheme for an exfiltration method over Telegram or VK + +(Originally on Twitter: [Thu Oct 29 19:48:50 +0000 2020](https://twitter.com/adulau/status/1321901830452948995)) +---- +RT @likethecoins: JUST PUBLISHED. Today, we wrote a blog post about an incident this month where we saw Bazar + Cobalt Strike. We took acti… + +(Originally on Twitter: [Fri Oct 30 06:54:38 +0000 2020](https://twitter.com/adulau/status/1322069381556379648)) +---- +@rafi0t Quand tu fais une commande en ligne, il y a aussi une multitude de contractants, d’ouvriers et d'employés sous-payés qui doivent prendre leur voiture pour rejoindre des zones logistiques. Il serait utile de faire des statistiques par zone d'activité. + +(Originally on Twitter: [Sat Oct 31 06:36:19 +0000 2020](https://twitter.com/adulau/status/1322427163111555072)) +---- +RT @jfslowik: ![](media/1322806715113443329-ElsaUrtUcAA7FP_.jpg) + +(Originally on Twitter: [Sun Nov 01 07:44:32 +0000 2020](https://twitter.com/adulau/status/1322806715113443329)) +---- +RT @d_olex: I was unable to find any ready to use tool for capturing debug messages of Qualcomm modems firmware over the DIAG interface, so… + +(Originally on Twitter: [Sun Nov 01 08:05:19 +0000 2020](https://twitter.com/adulau/status/1322811945960001537)) +---- +@MaximCombes @WillySchraen Il n’a pas peur du ridicule. « sentinelle sanitaire » pour tirer sur les oiseaux dans les zones humides. Si le sujet d’intéresse, la PPA ramenée en Belgique par les chasseurs est aussi accablant pour la chasse récréative. ![](media/1322825032167530498-EludZmtXEAEMwBK.jpg) + +(Originally on Twitter: [Sun Nov 01 08:57:19 +0000 2020](https://twitter.com/adulau/status/1322825032167530498)) +---- +@vincib Uniquement les logiciels comme Postfix peuvent le détecter (Merci Wietse Venema pour la qualité du code), les autres vont accepter silencieusement les données... + +(Originally on Twitter: [Sun Nov 01 11:35:26 +0000 2020](https://twitter.com/adulau/status/1322864823215005696)) +---- +This week was super interesting with #geekweek organised by @cybercentre_ca - I started to work on EVTX to @MISPProject code (evtx-toolkit) https://github.com/MISP/evtx-toolkit and a first idea for building correlating hashes from Event values. Thanks to the team for many great ideas. #DFIR ![](media/1322869179050008576-ElvFhP8WMAgXr3A.jpg) + +(Originally on Twitter: [Sun Nov 01 11:52:44 +0000 2020](https://twitter.com/adulau/status/1322869179050008576)) +---- +@Seifreed @cybercentre_ca @MISPProject Let me know if you have any idea. I'll update the code in the next days. If everything is going well, we will add the new type in MISP very soon. + +(Originally on Twitter: [Sun Nov 01 13:17:55 +0000 2020](https://twitter.com/adulau/status/1322890615907110913)) +---- +@reg_reginald_ @cybercentre_ca @MISPProject Yep, I'm trying to solve a problem that we encounter very often with pretty large set of evidences containing Windows event. In the next days, I'll make a complete prototype with an integration for MISP. + +(Originally on Twitter: [Sun Nov 01 13:19:58 +0000 2020](https://twitter.com/adulau/status/1322891129336070146)) +---- +RT @d1vious: @adulau @cybercentre_ca @MISPProject @adulau this is great, ⭐️ in GitHub to keep track of the progress thank you 🙏 + +(Originally on Twitter: [Sun Nov 01 13:56:27 +0000 2020](https://twitter.com/adulau/status/1322900312080994310)) +---- +@dfirence @Seifreed @cybercentre_ca @MISPProject @aboutsecurity Thanks it’s indeed interesting. I have a huge set of EVTX for testing and many have some strange behaviors with different parsers. I might end up with a set of pluggable parsers depending of the available dependencies. + +(Originally on Twitter: [Mon Nov 02 06:39:00 +0000 2020](https://twitter.com/adulau/status/1323152612255031296)) +---- +RT @abuse_ch: Introducing: MalwareBazaar Code Signing Certificate Blocklist (CSCB) 🛑 + +Sample report (Quakbot): +👉 https://bazaar.abuse.ch/sample/b5e167293b5978ad7aa100c846e91e42cc1a8da04cb8603b823a11eba692ddd6/#codesign + +D… + +(Originally on Twitter: [Tue Nov 03 11:58:31 +0000 2020](https://twitter.com/adulau/status/1323595411177852928)) +---- +@__Thanat0s__ At least you got a useful feedback about the state of their mbox 😂 + +(Originally on Twitter: [Wed Nov 04 06:56:03 +0000 2020](https://twitter.com/adulau/status/1323881677601542145)) +---- +We (@Ko97551819 and I) did a small open source tool to make statistical analysis of text. It’s quite nifty for #osint analysis from different sources. Thanks to http://spacy.io for the great nlp library. +Feedback, ideas and pr more than welcome. + +https://github.com/adulau/napkin-text-analysis ![](media/1324446023016718347-EmFfIDjWkAA2lfV.png) + +(Originally on Twitter: [Thu Nov 05 20:18:33 +0000 2020](https://twitter.com/adulau/status/1324446023016718347)) +---- +@RavivTamir any plan to make the threat database public and accessible via an API or JSON? That would be cool for a lot of people. + +(Originally on Twitter: [Fri Nov 06 06:42:26 +0000 2020](https://twitter.com/adulau/status/1324603026825502720)) +---- +@RavivTamir @cocaman @MsftSecIntel Thanks a lot. The idea is to integrate it in @MISPProject and especially the galaxies to make accessible to other tools. + +(Originally on Twitter: [Fri Nov 06 07:59:19 +0000 2020](https://twitter.com/adulau/status/1324622376466829312)) +---- +@Casillic Do you have a date when the photo was taken? My only time reference is the watch from the operator ;-) + +(Originally on Twitter: [Sat Nov 07 07:01:36 +0000 2020](https://twitter.com/adulau/status/1324970240787304450)) +---- +@CrisiscenterBE Beaucoup de bois en @tourismewallon @Wallonia_BE sont inaccessibles à cause de la chasse récréative. Il conviendrait de se débarrasser de ces vieilles pratiques inutiles, barbares et qui privatisent l’espace commun. + +(Originally on Twitter: [Sat Nov 07 08:45:30 +0000 2020](https://twitter.com/adulau/status/1324996384873979904)) +---- +Doing workshop online is utterly difficult. Especially to get the group dynamic to do and learn at the same time is a challenge. I remember the good old days at @Univ_Lorraine while doing a practical threat intelligence workshop all together. https://twitter.com/adulau/status/954682500940488704 + +(Originally on Twitter: [Sat Nov 07 08:54:34 +0000 2020](https://twitter.com/adulau/status/1324998668903194624)) +---- +grap from @yaps8 "grap: define and match graph patterns within binaries" is a neat piece of software. https://github.com/QuoSecGmbH/grap/ and a nice use-case against QakBot - https://blog.quosec.net/posts/grap_qakbot_strings/ @QuoSecGmbH grap relies on @capstone_engine + +(Originally on Twitter: [Sat Nov 07 09:05:58 +0000 2020](https://twitter.com/adulau/status/1325001538083954689)) +---- +RT @aurelsec: Very cool paper! +Many BlueTooth chips used in earbuds leak analog audio signal over radio as it get mixed with power regulato… + +(Originally on Twitter: [Sat Nov 07 17:59:08 +0000 2020](https://twitter.com/adulau/status/1325135713726320645)) +---- +@h4ckb1tu5 Il est souvent plus facile de compromettre un serveur random sur Internet ;-) + +(Originally on Twitter: [Sun Nov 08 19:12:09 +0000 2020](https://twitter.com/adulau/status/1325516475440959492)) +---- +https://twitter.com/jsrailton/status/1325546833624625157 + +Maybe they will find the old design of the Clipper chip and start to work on it... + + +media/1325556892794581003-EmVS9vOXYAMxDGu.mp4 + +(Originally on Twitter: [Sun Nov 08 21:52:45 +0000 2020](https://twitter.com/adulau/status/1325556892794581003)) +---- +@alexanderjaeger @Univ_Lorraine I took some notes. But one of the most important aspect, it’s to take real practical use-cases. People are more engaged with real analysis if the « exercices » are based on real incidents or ongoing technical investigation. They feel being part of a team. + +(Originally on Twitter: [Mon Nov 09 06:40:01 +0000 2020](https://twitter.com/adulau/status/1325689583917477889)) +---- +@Jipe_ @jedisct1 @matthew_d_green I just hope that the resolution is not under the common foreign and security policy (CFSP) at the council and not in the scope of TFEU. Some resolutions fail under « decision under operational character » where the EP is just consultative... + +(Originally on Twitter: [Mon Nov 09 06:58:55 +0000 2020](https://twitter.com/adulau/status/1325694339478134784)) +---- +RT @abuse_ch: I've re-engineered MalwareBazaar's search function which now allows you to hunt for malware samples using eg a Yara rule or c… + +(Originally on Twitter: [Tue Nov 10 15:59:09 +0000 2020](https://twitter.com/adulau/status/1326192680573997061)) +---- +@_saadk @F_kZ_ Dans la continuité Saâdienne: + +- Reverse +- Random +- Rofl +- Roy (ref à Roy Lichtenstein) +- Ravesteyn +- Rave +- Rothko +- R2 +- R.strip() + +(Originally on Twitter: [Wed Nov 11 07:10:46 +0000 2020](https://twitter.com/adulau/status/1326422095883014154)) +---- +@rafi0t Are we talking about the vax that needs to be kept as minus 70 deg celsius and used with a series of 2 or 3 shots? It sounds like a logistic nightmare to handle. + +(Originally on Twitter: [Wed Nov 11 07:13:50 +0000 2020](https://twitter.com/adulau/status/1326422869203709952)) +---- +From the CobaltStrike source code, you can now build nice query rules for your local Passive DNS database or NIDS. + + https://github.com/Freakboy/CobaltStrike/blob/master/src/main/java/beacon/BeaconDNS.java#L70 ![](media/1326813096711761921-EmnIZnfXcAAG2rM.jpg) + +(Originally on Twitter: [Thu Nov 12 09:04:27 +0000 2020](https://twitter.com/adulau/status/1326813096711761921)) +---- +@martijn_grooten @_saadk It looks like the only medication is more books. You know to cure evil with evil. + + +media/1326874026015416325-EmoA4svW8AUksYv.mp4 + +(Originally on Twitter: [Thu Nov 12 13:06:34 +0000 2020](https://twitter.com/adulau/status/1326874026015416325)) +---- +@dk_samper Yes and also cdn and api on A and TXT records respectively. + +(Originally on Twitter: [Thu Nov 12 16:42:30 +0000 2020](https://twitter.com/adulau/status/1326928367749386240)) +---- +RT @MISPProject: MISP 2.4.134 released with a new convenient import extractor for the event report, various new features/improvements and f… + +(Originally on Twitter: [Thu Nov 12 17:14:08 +0000 2020](https://twitter.com/adulau/status/1326936329473708034)) +---- +RT @foxit: Decrypting OpenSSH sessions for fun and profit: In our latest technical blog we publish the research that we have done to decry… + +(Originally on Twitter: [Fri Nov 13 07:48:12 +0000 2020](https://twitter.com/adulau/status/1327156295036702724)) +---- +RT @circl_lu: We (@Terrtia and @adulau) will present at @FIRSTdotOrg #firstcon20 "Passive SSH, a Fast-Lookup Database of SSH Key Materials… + +(Originally on Twitter: [Fri Nov 13 13:12:21 +0000 2020](https://twitter.com/adulau/status/1327237870898253829)) +---- +@Ko97551819 @therealsaumil @jmechner Challenge accepted 😉 + +(Originally on Twitter: [Fri Nov 13 19:03:40 +0000 2020](https://twitter.com/adulau/status/1327326282753990656)) +---- +When I saw the article at first, I was thinking cool idea to use Jupyter notebook as a backdoor. Then no, it’s just again a naming confusion and a .NET malware... but backdooring Jupyter notebooks sounds promising. + +https://blog.morphisec.com/jupyter-infostealer-backdoor-introduction + +(Originally on Twitter: [Sat Nov 14 07:47:11 +0000 2020](https://twitter.com/adulau/status/1327518425669840897)) +---- +RT @nneonneo: Thanks to a challenge from @angealbertini, I made a "universal" build of DOOM that runs on everything from DOS 6 to Windows 9… + +(Originally on Twitter: [Sat Nov 14 08:44:45 +0000 2020](https://twitter.com/adulau/status/1327532914704314368)) +---- +RT @d4_project: Don't forget to join us at @FIRSTdotOrg conference on Monday. We will talk about our new open source project Passive SSH an… + +(Originally on Twitter: [Sun Nov 15 08:33:28 +0000 2020](https://twitter.com/adulau/status/1327892463437156352)) +---- +If someone tell you that SSH key materials are never reused on servers, someone is lying to you... https://github.com/D4-project/passive-ssh - if you are curious about passive ssh, we will do a presentation this afternoon at @FIRSTdotOrg #FIRSTCON20 - the source code has been released. #DFIR ![](media/1328256476662665216-Em7qE4mW8AARUPH.png) + +(Originally on Twitter: [Mon Nov 16 08:39:56 +0000 2020](https://twitter.com/adulau/status/1328256476662665216)) +---- +@srslypascal @FIRSTdotOrg @Terrtia @d4_project @circl_lu Indeed that's another way. There is an interesting aspect of stability of hosts using SSH. The banners evolve over time and details a lot of information about the distro released while the cryptographic keys remain steady over time... ![](media/1328260545267589122-Em7t4emXUAAB0Qg.png) + +(Originally on Twitter: [Mon Nov 16 08:56:06 +0000 2020](https://twitter.com/adulau/status/1328260545267589122)) +---- +@srslypascal @FIRSTdotOrg @Terrtia @d4_project @circl_lu You would be surprised the number of security software and products beaconing back to fetch a simple icon when you add some funky JavaScript in a SPF/TXT records in a DNS ;-) + +(Originally on Twitter: [Mon Nov 16 09:07:07 +0000 2020](https://twitter.com/adulau/status/1328263315592777729)) +---- +Thanks to @FIRSTdotOrg #FIRSTCON20 @sergedroz and the audience for the excellent Q&A session. The slides for the Passive SSH are available at the following location: + +https://github.com/D4-project/passive-ssh/blob/main/doc/slides/passive-ssh-presentation.pdf + +https://twitter.com/adulau/status/1328256476662665216 + +(Originally on Twitter: [Mon Nov 16 17:40:00 +0000 2020](https://twitter.com/adulau/status/1328392387392139273)) +---- +@grumpy4n6 Is this a protected area? In some countries, you have to keep a percentage of the trees at regular interval for the wild life if you cut a large portion. + +(Originally on Twitter: [Tue Nov 17 07:28:32 +0000 2020](https://twitter.com/adulau/status/1328600898021576705)) +---- +RT @Iglocska: Later on today, @treyka and I will be presenting on how - and most importantly - why you should go beyond sharing simple indi… + +(Originally on Twitter: [Tue Nov 17 07:58:33 +0000 2020](https://twitter.com/adulau/status/1328608448104312833)) +---- +RT @MISPProject: Watching #firstcon20, already worried of the sessions of the day being over soon and wanting more? + +Have a look at the pre… + +(Originally on Twitter: [Tue Nov 17 16:26:07 +0000 2020](https://twitter.com/adulau/status/1328736184277868545)) +---- +RT @corelight_inc: .@adulau on building a passive database of SSH server key material. Server key material is something @Zeekurity includes… + +(Originally on Twitter: [Tue Nov 17 18:54:31 +0000 2020](https://twitter.com/adulau/status/1328773530914316292)) +---- +@g0ul4g Non mais c’est aussi grave que de cuire des frites en une seule cuisson... + +(Originally on Twitter: [Tue Nov 17 21:11:38 +0000 2020](https://twitter.com/adulau/status/1328808035108741123)) +---- +@MaliciaRogue La liberté de circulation des biens et des personnes. + +(Originally on Twitter: [Wed Nov 18 11:56:21 +0000 2020](https://twitter.com/adulau/status/1329030681826095104)) +---- +Some example of what you can do with galaxy 2.0: You want to add 2 new techniques in ATT&CK and share it within your community. You can also fork and update an existing techniques and decide where to share it. + +(Originally on Twitter: [Thu Nov 19 10:42:12 +0000 2020](https://twitter.com/adulau/status/1329374410252414979)) +---- +We finally merged a long awaited feature in MISP (which took some time to be developed). The ability to customise Galaxy cluster (threat-actor, @MITREattack or any knowledge base) but also to extend and share it within your community or at large scale. ![](media/1329374408071376898-EnLZ4BjXIAAjQL_.jpg) + +(Originally on Twitter: [Thu Nov 19 10:42:12 +0000 2020](https://twitter.com/adulau/status/1329374408071376898)) +---- +This feature will be in next release (foreseen in the next days) and if you want to test it, you can use the current 2.4 branch. + +(Originally on Twitter: [Thu Nov 19 10:42:13 +0000 2020](https://twitter.com/adulau/status/1329374414740271106)) +---- +Relationships between galaxy clusters are now supported. As an example, you can create any custom relationships between all knowledge base. (e.g. threat actor with @malpedia or ransomware galaxies or anything you like) + +(Originally on Twitter: [Thu Nov 19 10:42:13 +0000 2020](https://twitter.com/adulau/status/1329374413318479873)) +---- +You don't agree with the naming or attribution in the threat-actor galaxy. Easy, you fork it locally and update it according to your needs. You can share your own threat actor galaxy or kept it for yourself. You can also contribute back to the community at large. + +(Originally on Twitter: [Thu Nov 19 10:42:13 +0000 2020](https://twitter.com/adulau/status/1329374411833696259)) +---- +RT @DennisRand: This is amazing news, really nice work :) https://twitter.com/adulau/status/1329374408071376898 + +(Originally on Twitter: [Thu Nov 19 13:58:35 +0000 2020](https://twitter.com/adulau/status/1329423831207907329)) +---- +@treyka Thanks and it’s really based on the feedback from many users like you. Thank you too. + +(Originally on Twitter: [Thu Nov 19 14:20:46 +0000 2020](https://twitter.com/adulau/status/1329429412094283776)) +---- +@DennisRand Thank you too. I remember one of our first training where you explained how you used MISP as a knowledge base. It really helped us to make it better! + +(Originally on Twitter: [Thu Nov 19 14:21:59 +0000 2020](https://twitter.com/adulau/status/1329429721575268360)) +---- +I'll talk about "The Good, The Bad and The Ugly" in coordinated vulnerability disclosure (3rd Dec). Sorry in advance, it will be super bias including my point of view regarding bug bounty programs and funny stories of vulnerability disclosure. #infosec + +https://twitter.com/DoclerTechTalks/status/1329433284275802121 + +(Originally on Twitter: [Thu Nov 19 15:27:25 +0000 2020](https://twitter.com/adulau/status/1329446186588270600)) +---- +RT @qwertyoruiopz: lmao what, exploit pocs now fetch your crashlogs to send to the exploit dev? ![](media/1329723389565669377-EnNbEdxXIAAkXRi.jpg) + +(Originally on Twitter: [Fri Nov 20 09:48:55 +0000 2020](https://twitter.com/adulau/status/1329723389565669377)) +---- +@cedricpernet @Mnyo The list is quite interesting: + +https://pastebin.com/qXK7NBiK + +to see who they consider as competitor. I see some missing. + +(Originally on Twitter: [Fri Nov 20 10:09:22 +0000 2020](https://twitter.com/adulau/status/1329728534957453318)) +---- +"Screen Gleaning: A Screen Reading TEMPEST Attack on Mobile Devices Exploiting an Electromagnetic Side Channel" +#privacy #tempest It's fun but the reality of the exploitation (especially regarding distance and pre-trained models) seems very low. + +https://arxiv.org/abs/2011.09877 ![](media/1329812121182466049-EnRwjX8W8AYTrL6.jpg) + +(Originally on Twitter: [Fri Nov 20 15:41:31 +0000 2020](https://twitter.com/adulau/status/1329812121182466049)) +---- +@MeAllainYann Good idea ;-) + +(Originally on Twitter: [Fri Nov 20 17:17:45 +0000 2020](https://twitter.com/adulau/status/1329836339865542657)) +---- +You know what is more painful when you are used to do write Unix-like tools. 20 years ago you move the tools in a ./bin dir and that’s it. Nowadays you have to deal with CI, system deployment frameworks and the horrible systemd. You don’t even remember where your tool is ;-) + + +media/1330058714171183106-EnVRWK-XMAA1MbF.mp4 + +(Originally on Twitter: [Sat Nov 21 08:01:23 +0000 2020](https://twitter.com/adulau/status/1330058714171183106)) +---- +@halvarflake The good old ssh bastion host is becoming trendy again because of an environmental friendly policy... + +(Originally on Twitter: [Sat Nov 21 08:12:57 +0000 2020](https://twitter.com/adulau/status/1330061625139851267)) +---- +@FVT a cat eating is usually a good sign. I hope it will be better soon. + +(Originally on Twitter: [Sat Nov 21 18:27:36 +0000 2020](https://twitter.com/adulau/status/1330216306700939271)) +---- +@S_Team_Approved C'est de la Fluorescéine, on utilise cela pour tracer les cours d'eau souterrain en spéléo ou pour tracer les fuites dans les égouts. + +(Originally on Twitter: [Sun Nov 22 09:34:08 +0000 2020](https://twitter.com/adulau/status/1330444444315885573)) +---- +@PatriceAuffret @malwaremustd1e The mix-up of ASN and CIDR allocation between Iran and Russia is a common pattern ;-) + +(Originally on Twitter: [Sun Nov 22 09:44:49 +0000 2020](https://twitter.com/adulau/status/1330447132218843136)) +---- +@MaliciaRogue Courage + +(Originally on Twitter: [Sun Nov 22 20:17:39 +0000 2020](https://twitter.com/adulau/status/1330606391673942017)) +---- +@inbarraz I’m sure it’s again to exploit an old equipment in a hotel. I hope you didn’t run into a buffer underrun with cdrecord ;-) + +(Originally on Twitter: [Sun Nov 22 21:16:37 +0000 2020](https://twitter.com/adulau/status/1330621228223229954)) +---- +Sharepoint is the cancer of our remote societies. + +(Originally on Twitter: [Tue Nov 24 18:03:47 +0000 2020](https://twitter.com/adulau/status/1331297476536655873)) +---- +@Vecchi_Paolo @_saadk You mean XMODEM or UUCP + +(Originally on Twitter: [Tue Nov 24 18:43:19 +0000 2020](https://twitter.com/adulau/status/1331307428009406465)) +---- +@MeAllainYann @risc_v @GregDavill @mithro @1bitsquared @folknology Will you write a post somewhere about your RISC_V tests? I think a lot of people would be interested. Thanks! + +(Originally on Twitter: [Wed Nov 25 08:33:54 +0000 2020](https://twitter.com/adulau/status/1331516449282797570)) +---- +RT @Ko97551819: https://xkcd.com/2390/ @adulau + +(Originally on Twitter: [Thu Nov 26 09:36:49 +0000 2020](https://twitter.com/adulau/status/1331894672218853376)) +---- +@Ko97551819 You know what’s the worst aspect. You start to discuss with linguists and then you buy books about linguistics, try to understand the 20 schools of interpretations and then you become as picky as the crazy linguists. + +(Originally on Twitter: [Thu Nov 26 09:52:51 +0000 2020](https://twitter.com/adulau/status/1331898704064876546)) +---- +RT @nadouani: When we published @TheHive_Project 4y ago, we have got many advices from already mature projects and particularly @MISPProjec… + +(Originally on Twitter: [Thu Nov 26 09:53:05 +0000 2020](https://twitter.com/adulau/status/1331898765414981634)) +---- +@nadouani @TheHive_Project @MISPProject @Iglocska and you know what's great? We still learn a lot from @TheHive_Project team, it's a great to see how a community is growing and gaining from each other. We (@MISPProject @d4_project @cve_search @ail_project) are always happy to support/help new open source projects. + +(Originally on Twitter: [Thu Nov 26 16:05:39 +0000 2020](https://twitter.com/adulau/status/1331992524701962241)) +---- +@mtarral Not sure if this is the current best practices but @rafi0t did some extensive tests for PyMISP https://github.com/MISP/PyMISP/blob/main/tests/testlive_comprehensive.py with various kind of tests. Maybe it's useful. + +(Originally on Twitter: [Fri Nov 27 13:23:14 +0000 2020](https://twitter.com/adulau/status/1332314036436930562)) +---- +@LAB52io @__Thanat0s__ @Sebdraven @ThaiCERT Name chosen by committee... but having unique UUID per group is already helping a lot. https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json#L2434 we tried to maintain this in @MISPProject threat actor galaxy with all the name. + +(Originally on Twitter: [Fri Nov 27 13:25:30 +0000 2020](https://twitter.com/adulau/status/1332314609320157196)) +---- +@__Thanat0s__ @LAB52io @Sebdraven @ThaiCERT @MISPProject but at least you have an history and not random names not linked together ;-) + +(Originally on Twitter: [Fri Nov 27 14:24:15 +0000 2020](https://twitter.com/adulau/status/1332329392891158529)) +---- +@__Thanat0s__ @LAB52io @Sebdraven @ThaiCERT @MISPProject Yep like the hashes... there are some tentative like in MalwareBazaar like humanhash (diet-red-iowa-asparagus) but it's still difficult. By the way, we have an editor in 2.4.135 ;-) you can also fork and do whatever you like. + +(Originally on Twitter: [Fri Nov 27 14:39:56 +0000 2020](https://twitter.com/adulau/status/1332333339714473984)) +---- +@__Thanat0s__ @LAB52io @Sebdraven @ThaiCERT @MISPProject It was merged and released recently. You can also fork galaxies and share part of it if you would like. Feedback is also super welcome. @mokaddem_sami did invest a lot of time in the feature ;-) + +(Originally on Twitter: [Fri Nov 27 14:45:16 +0000 2020](https://twitter.com/adulau/status/1332334682801917952)) +---- +@alexanderjaeger @svblxyz as bad as choosing foo as a domain name ;-) + +(Originally on Twitter: [Fri Nov 27 19:38:28 +0000 2020](https://twitter.com/adulau/status/1332408469891190787)) +---- +RT @fr0gger_: I have created a cheatsheet for Yara rules that can be printed for your office! More cheatsheets are available on my Medium.… + +(Originally on Twitter: [Fri Nov 27 20:58:24 +0000 2020](https://twitter.com/adulau/status/1332428584233918465)) +---- +@pinkflawd @intel You are talented, a hard worker and you know where you are going. The next team will be super lucky to have you on board. 👍🏻 Congrats! + +(Originally on Twitter: [Sat Nov 28 07:14:33 +0000 2020](https://twitter.com/adulau/status/1332583643466899456)) +---- +@rafi0t Just put some Belgians in a meeting with Frenchies and those rules will blow up. + + +media/1333154872716357633-EoBRSVsW8AE3wO8.mp4 + +(Originally on Twitter: [Sun Nov 29 21:04:25 +0000 2020](https://twitter.com/adulau/status/1333154872716357633)) +---- +RT @circl_lu: "Whac-A-Mole: Six Years of DNS Spoofing" - "We show +that spoofing today is rare, occurring only in about 1.7% of +observations… + +(Originally on Twitter: [Mon Nov 30 14:27:14 +0000 2020](https://twitter.com/adulau/status/1333417307356487680)) +---- +I recently added IPv6 connectivity to a recursive DNS. Two interesting aspects, the IPv6 latency was better than IPv4. If you just use @ripencc K-root servers as root server in v6, you can get a significant boost in lookup time if you are close to those servers. + +(Originally on Twitter: [Mon Nov 30 18:38:44 +0000 2020](https://twitter.com/adulau/status/1333480600796327937)) +---- +@F_kZ_ @circl_lu Sure do it. You deserve it just replace « products » by « open source tools ». + + +media/1333495106889003008-EoGGujKXEAEAlk5.mp4 + +(Originally on Twitter: [Mon Nov 30 19:36:23 +0000 2020](https://twitter.com/adulau/status/1333495106889003008)) +---- +More abstraction don’t give you more security. A good example in containerd with CVE-2020-15257 -> +https://cvepremium.circl.lu/cve/CVE-2020-15257 + +(Originally on Twitter: [Tue Dec 01 06:46:11 +0000 2020](https://twitter.com/adulau/status/1333663667204853761)) +---- +@Ko97551819 Don’t let anyone stopping you from learning. Knowing a bit your questions, it’s often a way for all of us to learn even more. Many researches start from a sharp question in the audience. At the end, a good researcher is someone asking the good questions. You are one. + +(Originally on Twitter: [Tue Dec 01 10:16:15 +0000 2020](https://twitter.com/adulau/status/1333716533755977728)) +---- +@H_Miser @martin_u Sometime it’s just too easy to troll the NCA ;-) + +(Originally on Twitter: [Tue Dec 01 10:17:42 +0000 2020](https://twitter.com/adulau/status/1333716897414717443)) +---- +@jtkristoff @ripencc Thanks to Hurricane electric open peering policy, the v6 path is much better. + +(Originally on Twitter: [Tue Dec 01 16:47:19 +0000 2020](https://twitter.com/adulau/status/1333814950360453122)) +---- +Wednesday confession about @matrixdotorg everything is cool (from being open source, privacy, decentralized and federated) but I'm missing the gif so much that I'm close to switch back to a proprietary chat application. + + +media/1334255194360700929-EoQ6BgcXMAgS_5V.mp4 + +(Originally on Twitter: [Wed Dec 02 21:56:42 +0000 2020](https://twitter.com/adulau/status/1334255194360700929)) +---- +@Iglocska @GunstickULM @Vecchi_Paolo @matrixdotorg Yep I suppose the only issue mightbe the copyright of the materials but I suppose there is a kind of tolerance for parody or small extracts. + +(Originally on Twitter: [Thu Dec 03 13:21:01 +0000 2020](https://twitter.com/adulau/status/1334487805540515841)) +---- +RT @DoclerTechTalks: Watch live this month's edition on #itsecurity +https://bit.ly/36D4jLc + +@circl_lu @DoclerHoldingLU @adulau https://t… + +(Originally on Twitter: [Thu Dec 03 17:34:13 +0000 2020](https://twitter.com/adulau/status/1334551527084728334)) +---- +RT @verac_m: @DoclerTechTalks @adulau @circl_lu @DoclerHoldingLU Thanks for the great talk with scary examples. Vulnerability disclosure (R… + +(Originally on Twitter: [Thu Dec 03 20:04:03 +0000 2020](https://twitter.com/adulau/status/1334589232623595522)) +---- +Analysing TTLs over time in IPv4 packets can help you to spot some crafted packets using non-standard TTLs and refine your filtering rules while analysing a large packet capture. #DFIR. ![](media/1334973045145014274-EobFYY0W4AIQLQM.jpg) + +(Originally on Twitter: [Fri Dec 04 21:29:11 +0000 2020](https://twitter.com/adulau/status/1334973045145014274)) +---- +RT @markarenaau: It's rare for someone to be experienced as a CTI analyst on both cyber espionage and cybercrime threat types. I see it oft… + +(Originally on Twitter: [Sat Dec 05 14:21:45 +0000 2020](https://twitter.com/adulau/status/1335227865995030528)) +---- +@Ko97551819 Lovely... reading in the clouds. I’m sure @_saadk would see next to the rat, a huge bookshelf waiting to be captured ;-) + +(Originally on Twitter: [Sat Dec 05 17:07:39 +0000 2020](https://twitter.com/adulau/status/1335269617401556994)) +---- +@Ko97551819 @_saadk You mean a huge stack of chocolate from Takana 😋 + +(Originally on Twitter: [Sat Dec 05 17:34:17 +0000 2020](https://twitter.com/adulau/status/1335276319966437376)) +---- +RT @quarkslab: Last Tuesday the FreeBSD team released a patch to 4 vulnerabilities in code processing ICMPv6 packets, including a potential… + +(Originally on Twitter: [Sat Dec 05 19:18:10 +0000 2020](https://twitter.com/adulau/status/1335302462652248067)) +---- +@Ko97551819 Glad to see more happy users of @joplinapp open source can make nice, useful and useable software. + +(Originally on Twitter: [Sat Dec 05 21:44:27 +0000 2020](https://twitter.com/adulau/status/1335339274623983617)) +---- +RT @abuse_ch: TrickBot UEFI malware samples on MalwareBazaar, caught by @JasonMilletary & @ArkbirdDevil 👏 + +👉https://bazaar.abuse.ch/browse/tag/UEFI/ https:/… + +(Originally on Twitter: [Sat Dec 05 21:58:17 +0000 2020](https://twitter.com/adulau/status/1335342757662089216)) +---- +@LargeCardinal @rasbt Indeed. Deep reinforcement learning is still in machine learning ? I have the impression that nowadays is a toolbox just like we do with data structures « little bit of Bloom filter, a red-black tree there and a hyperloglog structure » + +(Originally on Twitter: [Sun Dec 06 09:11:40 +0000 2020](https://twitter.com/adulau/status/1335512218323050497)) +---- +@LargeCardinal @rasbt I tend to agree especially using some lego block might have a huge impact on the final result if you don’t know the inner working of each « model ». It always remembers me the classical issue when a sorted set is given to some sorting algorithms. In that field, it’s worst imho. + +(Originally on Twitter: [Sun Dec 06 09:18:02 +0000 2020](https://twitter.com/adulau/status/1335513822157746177)) +---- +@TheophileDano x is time over a period of 24 hours and y is the TTL value + +(Originally on Twitter: [Sun Dec 06 16:28:29 +0000 2020](https://twitter.com/adulau/status/1335622150514991106)) +---- +Curious about the most commonly key types used for SSH, some statistics collected from Passive SSH https://github.com/D4-project/passive-ssh #infosec ![](media/1335709464289308673-Eolj-cEW8AsMbrW.png) + +(Originally on Twitter: [Sun Dec 06 22:15:27 +0000 2020](https://twitter.com/adulau/status/1335709464289308673)) +---- +RT @UlfFrisk: MemProcFS v3.6 "FindEvil" released! + +Locate malware injections in seconds by analyzing live memory or dump files in easy-to-u… + +(Originally on Twitter: [Mon Dec 07 10:25:22 +0000 2020](https://twitter.com/adulau/status/1335893156370518017)) +---- +Could you confirm or not @msftsecurity @msftsecresponse that you don’t issue CVEs for vulnerabilities in some software like Teams which are updated without user intervention? I find it hard to believe... thank you. + +https://github.com/oskarsve/ms-teams-rce ![](media/1336210285661655040-EosrvIzXcAI62OP.jpg) + +(Originally on Twitter: [Tue Dec 08 07:25:32 +0000 2020](https://twitter.com/adulau/status/1336210285661655040)) +---- +RT @AdamLangePL: @adulau @cyb3rops @msftsecurity @msftsecresponse CVE went weird way allowing vendors to assign CVE numbers (have control o… + +(Originally on Twitter: [Tue Dec 08 08:03:48 +0000 2020](https://twitter.com/adulau/status/1336219916521926659)) +---- +@campuscodi @cyb3rops @msftsecurity @msftsecresponse Teams is composed of a large software stack on the client side and recently got updates on the Linux client for example... + +(Originally on Twitter: [Tue Dec 08 11:06:44 +0000 2020](https://twitter.com/adulau/status/1336265951910748161)) +---- +@campuscodi @cyb3rops @msftsecurity @msftsecresponse I would have agreed with you ten years ago. But the software stack is moving around, if you delegate a service to a third party and you cannot track if a specific vulnerability was fixed. You don’t know when and how your users were exposed. + +(Originally on Twitter: [Tue Dec 08 12:07:46 +0000 2020](https://twitter.com/adulau/status/1336281311653355520)) +---- +@campuscodi @cyb3rops @msftsecurity @msftsecresponse My point is the ability to know when a vulnerability was discovered and how long this vulnerability was exposed to potential abuse. CVE vulnerability definition also includes service component by the way. + +(Originally on Twitter: [Tue Dec 08 12:11:45 +0000 2020](https://twitter.com/adulau/status/1336282315971063810)) +---- +@PaulWebSec Bonjour Lucien 🤩 + +(Originally on Twitter: [Tue Dec 08 16:15:59 +0000 2020](https://twitter.com/adulau/status/1336343777422823430)) +---- +@cyb3rops I was wondering what we would be the best strategy for them maybe to release the tools as open source in addition to the current signatures? + +(Originally on Twitter: [Tue Dec 08 22:02:16 +0000 2020](https://twitter.com/adulau/status/1336430924272119822)) +---- +@campuscodi @cyb3rops @msftsecurity @msftsecresponse The following CVE has been assigned CVE-2020-10146 https://cve.circl.lu/cve/CVE-2020-10146 - especially that can be "exploited on Teams clients". + +(Originally on Twitter: [Wed Dec 09 12:57:49 +0000 2020](https://twitter.com/adulau/status/1336656294896394241)) +---- +@rafi0t + + +media/1337285627352666112-Eo7-Lk9WEAAqqkN.mp4 + +(Originally on Twitter: [Fri Dec 11 06:38:33 +0000 2020](https://twitter.com/adulau/status/1337285627352666112)) +---- +So having oracle or trusted test output (as mentioned in the paper) help obviously to understand the inner working of tools and the expected result out. But sometime, it's hard to figure out what would be the final result of the evidences against the original target. + +(Originally on Twitter: [Fri Dec 11 07:42:05 +0000 2020](https://twitter.com/adulau/status/1337301615422922757)) +---- +"Towards Increasing Trust In Expert Evidence Derived From Malware Forensic Tools Malware Forensic Tools" Some good points... The biggest challenge when doing #DFIR is having different tools, giving different results but depending of the interpretation, both can be correct. ![](media/1337301613258674177-Eo8JznZWEAI-E8I.jpg) + +(Originally on Twitter: [Fri Dec 11 07:42:05 +0000 2020](https://twitter.com/adulau/status/1337301613258674177)) +---- +Nevertheless the paper gives some "structure" while thinking about testing forensic tools (malware dynamic analysis) but there is no perfect framework to test all forensic tools. The best, IMHO, is to test and compare continuously output between tools. https://commons.erau.edu/jdfsl/vol15/iss2/3/ + +(Originally on Twitter: [Fri Dec 11 07:42:06 +0000 2020](https://twitter.com/adulau/status/1337301619390771201)) +---- +Like you have a pcap file, you look at the packets. And often, when looking at packets, datagrams... will those being discarded or not by the network stack of the target. If you emulate a stack, it's nearly impossible to know all the network stack behaviour. It's a hard problem. + +(Originally on Twitter: [Fri Dec 11 07:42:06 +0000 2020](https://twitter.com/adulau/status/1337301617587130368)) +---- +@cudeso Wait does this mean the hunters won’t come in our area to kill the wild life? That’s a great news, finally technology is useful! + +(Originally on Twitter: [Fri Dec 11 22:23:38 +0000 2020](https://twitter.com/adulau/status/1337523463335141377)) +---- +https://www.linuxfoundation.org/wp-content/uploads/2020/12/2020FOSSContributorSurveyReport_V7.pdf The Linux Foundation 2020 FOSS Contributor Survey has some good points regarding the need of more effort in the security of FOSS. But the main problem, it’s very rare to see funding to just improve security without new features... #paradox ![](media/1338038201462743043-EpGp2s9XUAAWUhO.jpg) + +(Originally on Twitter: [Sun Dec 13 08:29:01 +0000 2020](https://twitter.com/adulau/status/1338038201462743043)) +---- +@S_Team_Approved @ISSOLAHT Honeytoken pour l’auteur original de la password list ou peut-être le reliquat de la source originale ;-) + +(Originally on Twitter: [Tue Dec 15 09:35:03 +0000 2020](https://twitter.com/adulau/status/1338779597094137856)) +---- +"AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers" They use DDR RAM to generate a 2.4GHz signal... next time, you think that an air-gapped computer cannot generate signals. #sigint #tempest + +https://arxiv.org/abs/2012.06884 ![](media/1338965013697064960-EpTz2RlW8AMRskO.jpg) + +(Originally on Twitter: [Tue Dec 15 21:51:50 +0000 2020](https://twitter.com/adulau/status/1338965013697064960)) +---- +@Aristot73 Finding McCoy Pauley in the next patch for SolarWinds, this would be much more cyberpunk. + +(Originally on Twitter: [Wed Dec 16 06:31:18 +0000 2020](https://twitter.com/adulau/status/1339095742888239105)) +---- +@jfslowik At least it’s digital... some gTLD are just so messy. + + +media/1339265279528996865-EpYGqgwWMAI0wgm.mp4 + +(Originally on Twitter: [Wed Dec 16 17:44:59 +0000 2020](https://twitter.com/adulau/status/1339265279528996865)) +---- +@cyb3rops yep and then you discover some clients do DoH by default... + +(Originally on Twitter: [Thu Dec 17 12:03:56 +0000 2020](https://twitter.com/adulau/status/1339541837753815041)) +---- +We just released version 4.0 of cve-search with many improvements, new web backend, faster import and a new ReST API. A huge to thanks to @PaulTikken for his impressive work and all the contributors. @cve_search https://github.com/cve-search/cve-search/releases/tag/v4.0 #infosec #opensource + + +media/1339662640625442821-EpdwERPXEAAvCga.mp4 + +(Originally on Twitter: [Thu Dec 17 20:03:57 +0000 2020](https://twitter.com/adulau/status/1339662640625442821)) +---- +RT @NSACyber: Today our #Ghidra team pushed a preview debugger on @GitHub. #Developers and testers, check out this long awaited feature: ht… + +(Originally on Twitter: [Fri Dec 18 06:58:08 +0000 2020](https://twitter.com/adulau/status/1339827269691445248)) +---- +Sorry to disappoint you but cybersecurity certification won’t solve fundamental security problems. By the way, how to enable FIPS in SolarWinds Orion https://documentation.solarwinds.com/en/Success_Center/orionplatform/Content/Core-Enabling-FIPS-sw1508.htm . Just to say that certification is always scoped and won’t cover all the angles available by an attacker. + +(Originally on Twitter: [Fri Dec 18 09:18:58 +0000 2020](https://twitter.com/adulau/status/1339862709333078017)) +---- +@verac_m Yes and product certification makes sense for components. I'm wondering in which direction the certification will go in Europe to properly cover some aspects and not going into generic certification which will end-up by covering nothing at the end. + +(Originally on Twitter: [Fri Dec 18 09:32:55 +0000 2020](https://twitter.com/adulau/status/1339866223820107777)) +---- +RT @stevengoossens: @adulau I would even say it might have an opposite effect, since you spend budget/people to focus on all these certific… + +(Originally on Twitter: [Fri Dec 18 10:30:58 +0000 2020](https://twitter.com/adulau/status/1339880829477138436)) +---- +"Key Management Interoperability Protocol (KMIP) Specification Version 2.1" has been released but I was wondering what's the attack surface? Where is this used? I haven't seen a lot of CVEs related to implementation KMIP. Is this a blind spot? + +https://docs.oasis-open.org/kmip/kmip-spec/v2.1/os/kmip-spec-v2.1-os.pdf + +(Originally on Twitter: [Sat Dec 19 08:54:39 +0000 2020](https://twitter.com/adulau/status/1340218980129251328)) +---- +@rafi0t Did you discover two interoperable TAXII servers? It's like finding in a mammoth alive in the Belgian country-side. + +(Originally on Twitter: [Sat Dec 19 10:31:51 +0000 2020](https://twitter.com/adulau/status/1340243442467803139)) +---- +RT @d4_project: Passive-SSH server and scanner version 1.0 released (2020-12-19) has been released. Thanks to @Terrtia @adulau and @gallype… + +(Originally on Twitter: [Sat Dec 19 10:54:22 +0000 2020](https://twitter.com/adulau/status/1340249109178052608)) +---- +@vincib Oui, les ransomware ;-) On peut attribuer une partie du succès aux Bitcoin. + +(Originally on Twitter: [Sat Dec 19 11:48:04 +0000 2020](https://twitter.com/adulau/status/1340262621761712130)) +---- +@MaliciaRogue @bortzmeyer @JulienNocetti @TV5MONDE @clusif @lguezo Je suis curieux. Quel serait le sujet de géopolitique pour #SolarWinds qui serait différent des autres menaces informatiques ? + +(Originally on Twitter: [Sat Dec 19 12:15:52 +0000 2020](https://twitter.com/adulau/status/1340269618842185729)) +---- +@MaliciaRogue @bortzmeyer @JulienNocetti @TV5MONDE @clusif @lguezo Pas de stress. Je me demandais si j’avais loupé un truc en geopo concernant SolarWinds ;-) + +(Originally on Twitter: [Sat Dec 19 12:31:38 +0000 2020](https://twitter.com/adulau/status/1340273587421405186)) +---- +RT @MISPProject: The power of the community. In 2016, we introduced MISP objects to have custom object in MISP standard. In 2020, we have 2… + +(Originally on Twitter: [Sun Dec 20 10:53:41 +0000 2020](https://twitter.com/adulau/status/1340611322724167681)) +---- +@Janet_LegReg I have a huge aversion for the article 49 especially when you want to make proper and efficient automatic transfer for legitimate use-case especially in information security. You are basically back to pen-and-paper even if the use-case legitimate. + +(Originally on Twitter: [Sun Dec 20 11:12:42 +0000 2020](https://twitter.com/adulau/status/1340616110476058624)) +---- +Someone asked me what I will do during those cultural, social and/or mythical commemorations. It's super simple; just like everyday. Enjoying life, working, reading good books, contributing to open source, painting and keeping only virtual social interactions. Stay safe! + + +media/1340655517342044160-Epr3FWGWMAEivEc.mp4 + +(Originally on Twitter: [Sun Dec 20 13:49:18 +0000 2020](https://twitter.com/adulau/status/1340655517342044160)) +---- +RT @ail_project: "AIL Framework version 3.4 released with a new language detection module and many improvements" #DarkWeb #infosec #openso… + +(Originally on Twitter: [Sun Dec 20 14:54:40 +0000 2020](https://twitter.com/adulau/status/1340671967767224322)) +---- +@npettiaux Il y a aussi @matrixdotorg qui fonctionne plutôt bien. L’ensemble est libre, il est possible d’avoir facilement son serveur en fédération et il n’y a pas d’annuaire centralisé. + +(Originally on Twitter: [Mon Dec 21 07:13:12 +0000 2020](https://twitter.com/adulau/status/1340918224154746882)) +---- +@RidT @r00tbsd You think they were never caught? I'm not so sure... + +(Originally on Twitter: [Mon Dec 21 08:16:43 +0000 2020](https://twitter.com/adulau/status/1340934210438258689)) +---- +@npettiaux @matrixdotorg Element (ex-riot) est un bon client libre pour Matrix. Evite Signal car ce n'est pas possible d'avoir un annuaire et une fédération indépendante. + +(Originally on Twitter: [Mon Dec 21 09:49:43 +0000 2020](https://twitter.com/adulau/status/1340957614658756608)) +---- +@Emmanuel_microb Quelle est la référence/publication académique de cet arbre phylogénétique ? Merci + +(Originally on Twitter: [Mon Dec 21 17:13:49 +0000 2020](https://twitter.com/adulau/status/1341069373558169600)) +---- +@Emmanuel_microb En creusant un peu le data-set, on trouve un hôte qui est l'environnement au lieu d'un humain. C'est une erreur d'encodage ? + +https://nextstrain.org/ncov/global?c=host&s=env/Qingdao/IVDC-011-10/2020 ![](media/1341073570454269961-EpxyK9vXIAY-aPm.jpg) + +(Originally on Twitter: [Mon Dec 21 17:30:29 +0000 2020](https://twitter.com/adulau/status/1341073570454269961)) +---- +@Emmanuel_microb Ou c'est une collecte directe sur des matériaux ? + +(Originally on Twitter: [Mon Dec 21 17:31:37 +0000 2020](https://twitter.com/adulau/status/1341073855608213508)) +---- +RT @ProjectZeroBugs: An iOS hacker tries Android https://googleprojectzero.blogspot.com/2020/12/an-ios-hacker-tries-android.html + +(Originally on Twitter: [Mon Dec 21 21:16:28 +0000 2020](https://twitter.com/adulau/status/1341130438983729154)) +---- +RT @megabeets_: *ALL* the FNV-1a hashes embedded in the #SUNBURST malware are now cracked! +Thanks to the work of many people in the communi… + +(Originally on Twitter: [Mon Dec 21 21:17:35 +0000 2020](https://twitter.com/adulau/status/1341130722510319616)) +---- +“We are all broken. That’s how the light gets in.” the famous merged quote from Hemingway and Leonard Cohen makes much more sense nowadays in information security, it’s just a matter of light. + +(Originally on Twitter: [Mon Dec 21 21:25:39 +0000 2020](https://twitter.com/adulau/status/1341132752297615361)) +---- +Maybe I rediscovered Today the joy of commuting by train and especially reading book sections to refresh your mind before implementing new software. #readingissavingus or maybe it’s again #CBAD hitting me... ![](media/1341438252914520064-Ep29s4ZXUAUKHVP.jpg) + +(Originally on Twitter: [Tue Dec 22 17:39:36 +0000 2020](https://twitter.com/adulau/status/1341438252914520064)) +---- +@shrekts @Ko97551819 @archeofuto @meyny @AdulauA Some chapters are ok and provide ideas or good overviews on existing algorithms. But the quality can be patchy and variable among the different chapters... It’s not best one but it does the job. + +(Originally on Twitter: [Tue Dec 22 19:57:20 +0000 2020](https://twitter.com/adulau/status/1341472912591777794)) +---- +@Sebdraven Indeed, it could be used for such use case ;-) + +(Originally on Twitter: [Tue Dec 22 20:03:25 +0000 2020](https://twitter.com/adulau/status/1341474445966360579)) +---- +RT @jfslowik: Primer on espionage norms and proprortionality: ![](media/1341650925379858433-Ep4x1GoVgAA42jJ.png) + +(Originally on Twitter: [Wed Dec 23 07:44:41 +0000 2020](https://twitter.com/adulau/status/1341650925379858433)) +---- +The IETF WG for OpenPGP has been rechartered with the goal to update RFC4880. Current draft open for comment: + +https://datatracker.ietf.org/doc/draft-ietf-openpgp-rfc4880bis/ + +https://mailarchive.ietf.org/arch/msg/openpgp/u3mpJcFTGBFNJRW8EHoWdbx5UcI/ ![](media/1341673921825959936-Ep6TTcjWMAIw4r_.jpg) + +(Originally on Twitter: [Wed Dec 23 09:16:04 +0000 2020](https://twitter.com/adulau/status/1341673921825959936)) +---- +Did I tell you that I trust less VPN providers than my local internet service provider in Belgium? Each time I'm testing or using a VPN provider, it's always a privacy nightmare from information gathering, interception of traffic, shady routing and/or extensive logging. + +(Originally on Twitter: [Wed Dec 23 14:55:24 +0000 2020](https://twitter.com/adulau/status/1341759316320260097)) +---- +@4Dgifts Indeed, I use it too but not sure if I trust more my VPS provider than my local provider for the exit traffic ;-) + +(Originally on Twitter: [Wed Dec 23 15:02:04 +0000 2020](https://twitter.com/adulau/status/1341760996159987714)) +---- +RT @dnsoarc: We are excited to announce @dnsoarc #OARC34 (February 4th & 5th). Further details (Registration & Call for Presentations) are… + +(Originally on Twitter: [Wed Dec 23 15:45:08 +0000 2020](https://twitter.com/adulau/status/1341771831074639872)) +---- +RT @MISPProject: MISP Training Materials have been updated with the past months training materials including decaying indicators, MISP gala… + +(Originally on Twitter: [Wed Dec 23 16:56:42 +0000 2020](https://twitter.com/adulau/status/1341789843492356097)) +---- +@Glacius_ @virustotal @circl_lu @cyb3rops Thanks for sharing, a good set of nifty @sigma_hq rules. + +(Originally on Twitter: [Wed Dec 23 17:01:15 +0000 2020](https://twitter.com/adulau/status/1341790989325922306)) +---- +@jfslowik Those bloody VPN providers, they will never stop ;-) + +(Originally on Twitter: [Wed Dec 23 17:05:29 +0000 2020](https://twitter.com/adulau/status/1341792054972719105)) +---- +@AdrienCherqui At least 8 or 10 VPN services over the past years... + +(Originally on Twitter: [Wed Dec 23 19:45:09 +0000 2020](https://twitter.com/adulau/status/1341832233074778113)) +---- +RT @MISPProject: MISP 2.4.135 released with galaxy 2.0 to customise Galaxy clusters (threat-actor, @MITREattack or any knowledge base), ext… + +(Originally on Twitter: [Wed Dec 23 19:58:51 +0000 2020](https://twitter.com/adulau/status/1341835681786712064)) +---- +RT @jfslowik: Mindmap YOLO on RU-linked threat groups: ![](media/1341877630543548419-Ep83s-HVEAAe13G.jpg) + +(Originally on Twitter: [Wed Dec 23 22:45:32 +0000 2020](https://twitter.com/adulau/status/1341877630543548419)) +---- +@sergedroz @Janet_LegReg Yes I fully agree when you are in a non-democratic country, running on an open wifi in a hotel room or places where the trust of the ISP is lower than the VPN provider. + +(Originally on Twitter: [Thu Dec 24 10:21:38 +0000 2020](https://twitter.com/adulau/status/1342052810012192769)) +---- +@cudeso Wait? They do have electricity in the first place... + +(Originally on Twitter: [Thu Dec 24 10:27:26 +0000 2020](https://twitter.com/adulau/status/1342054268216475651)) +---- +@Ko97551819 "Clifford Stoll captivates his audience with a wildly energetic sprinkling of anecdotes, observations, asides -- and even a science experiment. After all, by his own definition, he's a scientist: "Once I do something, I want to do something else." + +https://www.ted.com/talks/clifford_stoll_the_call_to_learn/transcript?language=en + +(Originally on Twitter: [Thu Dec 24 13:57:44 +0000 2020](https://twitter.com/adulau/status/1342107193261269000)) +---- +RT @circl_lu: Lookyloo version 1.3 is out including many new features and a new @MISPProject export. Thanks to @rafi0t and @Internews #open… + +(Originally on Twitter: [Thu Dec 24 14:34:41 +0000 2020](https://twitter.com/adulau/status/1342116491169329152)) +---- +RT @jtkristoff: @adulau Few VPNs are sufficiently transparent in my experience and I have known some that operate for the purposes of traff… + +(Originally on Twitter: [Thu Dec 24 14:39:01 +0000 2020](https://twitter.com/adulau/status/1342117580161560577)) +---- +RT @thegrugq: Supply chain attacks. Something so devious only the Russians would dare use it! + +https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/ https://t.co/z9md1L… + +(Originally on Twitter: [Fri Dec 25 06:34:47 +0000 2020](https://twitter.com/adulau/status/1342358109298241536)) +---- +RT @PowerDNS_Bert: In this post, we'll reverse-engineer the actual mRNA code of the @BioNTech_Group/@pfizer SARS-CoV-2 vaccine, character f… + +(Originally on Twitter: [Sat Dec 26 08:35:14 +0000 2020](https://twitter.com/adulau/status/1342750807779930113)) +---- +What about cyber security in the EU-UK trade and cooperation agreement? 2 pages nothing very astonishing. All is voluntary between the two parties, no mention of automatic information sharing. + +https://ec.europa.eu/info/sites/info/files/draft_eu-uk_trade_and_cooperation_agreement.pdf ![](media/1342827208147087364-EqKtHXzWMAE7vcc.jpg) + +(Originally on Twitter: [Sat Dec 26 13:38:49 +0000 2020](https://twitter.com/adulau/status/1342827208147087364)) +---- +I'm really sad that http://scans.io publicly accessible scans disappears in profit of a private repository (API limited) runs by private companies as an attractor for customers. I guess it's again difficult to have direct funding for long-term public open data. + +(Originally on Twitter: [Sat Dec 26 16:00:02 +0000 2020](https://twitter.com/adulau/status/1342862746212294657)) +---- +@silascutler @zakirbpd I think they kill it. + +(Originally on Twitter: [Sat Dec 26 16:03:56 +0000 2020](https://twitter.com/adulau/status/1342863726035279872)) +---- +RT @ail_project: The most common dos-executable (malware) file found encoded in hexadecimal on various Tor hidden services. First-seen 2018… + +(Originally on Twitter: [Sat Dec 26 17:45:10 +0000 2020](https://twitter.com/adulau/status/1342889204859236359)) +---- +@H_Miser Marcel Petite ? + +(Originally on Twitter: [Sat Dec 26 19:36:13 +0000 2020](https://twitter.com/adulau/status/1342917150135250948)) +---- +@H_Miser Tu connais l’emmental des grottes de Kaltbach (AOP) ? Une belle tuerie ;-) + +(Originally on Twitter: [Sat Dec 26 19:42:01 +0000 2020](https://twitter.com/adulau/status/1342918609249644546)) +---- +@H_Miser Oui c’est top. Kaltbach fait aussi de l’Appenzeller ;-) ben m*rde ils sont sur Twitter @Kaltbach + +(Originally on Twitter: [Sat Dec 26 19:47:14 +0000 2020](https://twitter.com/adulau/status/1342919924168208385)) +---- +RT @wdormann: Perhaps evidence of SolarWinds #SUPERNOVA exploitation may be in IIS logs: +POST request with: +- ScriptResource.axd or WebReso… + +(Originally on Twitter: [Sat Dec 26 20:26:02 +0000 2020](https://twitter.com/adulau/status/1342929689229332485)) +---- +@elhoim @PaulTikken The challenge is to ensure continuous funding which is rarely the case for EU-funded projects which require to reach sustainability after 2-3 years of funding. Then you start with proprietary models and stopping the open data approach... + +(Originally on Twitter: [Sun Dec 27 11:43:47 +0000 2020](https://twitter.com/adulau/status/1343160646716817410)) +---- +@Malwar3Ninja Looks really cool! Do you mind if I add this in the default feed of @MISPProject ? + +(Originally on Twitter: [Sun Dec 27 16:36:57 +0000 2020](https://twitter.com/adulau/status/1343234426252251137)) +---- +RT @cudeso: How to Support Defenders with the Permissible Actions Protocol (PAP) https://www.vanimpe.eu/2020/12/28/how-to-support-defenders-with-the-permissible-actions-protocol/ + +(Originally on Twitter: [Mon Dec 28 10:32:28 +0000 2020](https://twitter.com/adulau/status/1343505086111166465)) +---- +RT @jtkristoff: @adulau I was thinking of doing more than the proto41 feed. What is at the top of your list. I can't make promises, since… + +(Originally on Twitter: [Mon Dec 28 17:08:39 +0000 2020](https://twitter.com/adulau/status/1343604789561749512)) +---- +@TerribleMaps It was a co-managed nuclear power plant between Belgium and France. The other part is in Tihange (close to German and Dutch border) in Belgium. At least this one was not so close to the other borders ;-) + +(Originally on Twitter: [Mon Dec 28 19:05:43 +0000 2020](https://twitter.com/adulau/status/1343634249740595200)) +---- +RT @ncrocfer: OpenCVE, a platform used for your CVE alerting and formerly known as Saucs, is now available ! + +The code is on Github, so yo… + +(Originally on Twitter: [Wed Dec 30 07:21:10 +0000 2020](https://twitter.com/adulau/status/1344181718606077953)) +---- +RT @ninoseki: An introduction to reverse engineering of binary formats using Kaitai Struct workshop will be started in 30 minutes. +https://… + +(Originally on Twitter: [Wed Dec 30 07:29:31 +0000 2020](https://twitter.com/adulau/status/1344183823286865920)) +---- +RT @CERT_Polska_en: The internet is a series of tubes full of cats, and our malware analysis pipeline is a series of queues filled with mal… + +(Originally on Twitter: [Wed Dec 30 16:19:40 +0000 2020](https://twitter.com/adulau/status/1344317238816477184)) +---- +@clevybencheton Security clearance could be an entire book subject explaining why this is hindering information sharing, collaborative work, slowing down incident response, flexibility and I’m sure I’m forgetting a full trunk of arguments. + +(Originally on Twitter: [Thu Dec 31 08:38:01 +0000 2020](https://twitter.com/adulau/status/1344563446986256388)) +---- +In 2103, @altquinn and I did a joint work on how to interact with journalists. Some years later, I still use it as a basis when interacting with media and journalists. + +Feedback and updates are still more than welcome. + +https://gist.github.com/adulau/6209099 + +(Originally on Twitter: [Thu Dec 31 10:16:45 +0000 2020](https://twitter.com/adulau/status/1344588294244413441)) +---- +RT @electrospaces: NEW: Summary of the report about the investigation by the by the Swiss intelligence oversight committee into the case of… + +(Originally on Twitter: [Thu Dec 31 10:39:33 +0000 2020](https://twitter.com/adulau/status/1344594034115960832)) +---- +Glad to see that Microsoft claims that the secrecy of code source is not a security measure. I’m impressed of their evolution from the Halloween documents written against open source in the nineties to become a company more oriented towards open source... +https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/ ![](media/1344717713411878913-Eqlk5r-XUAM43m0.jpg) + +(Originally on Twitter: [Thu Dec 31 18:51:01 +0000 2020](https://twitter.com/adulau/status/1344717713411878913)) +---- +@daveaitel Thanks for all you did. Enjoy life! + +(Originally on Twitter: [Fri Jan 01 07:55:28 +0000 2021](https://twitter.com/adulau/status/1344915127947177986)) +---- +When you have an advanced adversary in your network and this actor is able to modify the build process of a software vendor, don’t expect the actor to be just at one place in your infrastructure. Such actor does everything possible to keep their access. Keep that in mind. + +(Originally on Twitter: [Fri Jan 01 19:21:01 +0000 2021](https://twitter.com/adulau/status/1345087653906165761)) +---- +@theodoros377 Maybe the story is a set of past, present and future stories ;-) + +(Originally on Twitter: [Fri Jan 01 19:30:07 +0000 2021](https://twitter.com/adulau/status/1345089941332758528)) +---- +@DCSecuritydk @enisa_eu There is a now task force and a GitHub repository https://github.com/enisaeu/Reference-Security-Incident-Taxonomy-Task-Force and they have a machine tag representation of it. It’s moving, slowly but moving. There are some other initiatives but when you have a committee, things tend to slow down. + +(Originally on Twitter: [Sat Jan 02 21:52:04 +0000 2021](https://twitter.com/adulau/status/1345488055021559816)) +---- +@DCSecuritydk @enisa_eu FYI, we are working on a new project to better reference existing information security materials. I'll let you know we will share a first version of the proposal. + +(Originally on Twitter: [Sat Jan 02 22:27:49 +0000 2021](https://twitter.com/adulau/status/1345497050306244613)) +---- +@hpiedcoq https://www.ncjrs.gov/pdffiles1/Digitization/168113NCJRS.pdf - le papier de Douglas Gentz et Deborah Taylor donne plusieurs pistes. et le document complet "Law Enforcement's Impact on Families" est une source intéressante. + +(Originally on Twitter: [Sun Jan 03 11:35:08 +0000 2021](https://twitter.com/adulau/status/1345695185217482753)) +---- +@hpiedcoq La police belge possède une DB avec la morphologie mais pas d'info accessible sur le statut familial http://www.stat.policefederale.be/morphologie/ par contre il y aussi quelques pistes possibles de causalité sur la féminisation de la police cf. https://dial.uclouvain.be/memoire/ucl/en/object/thesis%3A12228/datastream/PDF_01/view p71 + +(Originally on Twitter: [Sun Jan 03 11:48:04 +0000 2021](https://twitter.com/adulau/status/1345698439942823936)) +---- +@rafi0t Is it the default parking page of @EuroDNS ? maybe per click they fund the vaccine for developing countries? + +(Originally on Twitter: [Sun Jan 03 15:42:53 +0000 2021](https://twitter.com/adulau/status/1345757532992774148)) +---- +@rafi0t @EuroDNS @EuroDNS any feedback? + +(Originally on Twitter: [Sun Jan 03 16:04:55 +0000 2021](https://twitter.com/adulau/status/1345763079729115136)) +---- +@vardi @vclaTUwien Publish everything and let other researchers review the papers publicly. Limited and private review model was always an issue for other researchers to review and all is locked behind paywalls and small PC in a same clique. + +(Originally on Twitter: [Mon Jan 04 07:42:57 +0000 2021](https://twitter.com/adulau/status/1345999141395177472)) +---- +@weebly @sergedroz "We're sorry but Weebly Support doesn't work properly without JavaScript enabled. Please enable it to continue." + +(Originally on Twitter: [Mon Jan 04 15:39:03 +0000 2021](https://twitter.com/adulau/status/1346118957217021953)) +---- +@likethecoins By the way, there is a very good federated open source protocol which can basically improve resiliency, security (e2e) and it's auditable. It's @matrixdotorg synapse more and more CSIRTs/CERTs installing their own instance. @element_hq mobile app is also great. + +(Originally on Twitter: [Mon Jan 04 16:03:44 +0000 2021](https://twitter.com/adulau/status/1346125167836192768)) +---- +RT @likethecoins: Consider this #SlackOutage to be a nice tabletop exercise. If you can't move forward with business as usual, this is a gr… + +(Originally on Twitter: [Mon Jan 04 16:05:17 +0000 2021](https://twitter.com/adulau/status/1346125558720167945)) +---- +@likethecoins @matrixdotorg @element_hq You're welcome. At @circl_lu we deployed it and we are also using it for some of our public support rooms like @MISPProject or @ail_project - and the federation aspect is really easy and resilient. The mobile app improved a lot during the past months. + +(Originally on Twitter: [Mon Jan 04 16:15:11 +0000 2021](https://twitter.com/adulau/status/1346128048203116544)) +---- +@SecShea @likethecoins @matrixdotorg @element_hq I tried many, I operated too many servers (even some funky SILC servers) and until now, my experience with @matrixdotorg is positive compared to the other protocols. It works on various operational networks, there are users and the client UI really improved. + +(Originally on Twitter: [Mon Jan 04 16:27:54 +0000 2021](https://twitter.com/adulau/status/1346131250373865473)) +---- +@DCSecuritydk @MISPProject Dates will be announced soon. It will be early February. + +(Originally on Twitter: [Mon Jan 04 17:27:05 +0000 2021](https://twitter.com/adulau/status/1346146141889392640)) +---- +@fransvanberckel @likethecoins @matrixdotorg @element_hq @Mattermost We used it but the federation part is not open source, there is no e2e and the mobile client is not super intuitive. But the admin part of MatterMost is really great and @matrixdotorg synapse is bit behind on this aspect. I hope it will improve. + +(Originally on Twitter: [Mon Jan 04 18:48:41 +0000 2021](https://twitter.com/adulau/status/1346166678607065090)) +---- +When I saw videodrome for the first time, it was a blast. + +Nowadays, it sounds like a prophecy. Especially when browsing Tor hidden services, you can find people selling crazy video or trying to scam the buyers. We are living in videodrome. + + +media/1346179388711329793-Eq6U_nMW4AAc7PM.mp4 + +(Originally on Twitter: [Mon Jan 04 19:39:11 +0000 2021](https://twitter.com/adulau/status/1346179388711329793)) +---- +@ClounerPhedra Je le savais que tu es une personne de bon goût. + +(Originally on Twitter: [Mon Jan 04 21:27:33 +0000 2021](https://twitter.com/adulau/status/1346206657462870020)) +---- +@toddwilloughby @DCSecuritydk @MISPProject in the cyberspace. + +(Originally on Twitter: [Mon Jan 04 22:08:10 +0000 2021](https://twitter.com/adulau/status/1346216878713274369)) +---- +RT @netresec: NEW FINDING: There's a 1 bit flag hidden in #SUNBURST DNS requests indicating whether or not the victim has been targeted and… + +(Originally on Twitter: [Mon Jan 04 22:14:09 +0000 2021](https://twitter.com/adulau/status/1346218385907003392)) +---- +@Sebdraven Currently updating the MISP galaxy ransomware https://github.com/MISP/misp-galaxy/blob/main/clusters/ransomware.json Do you have some public references for Vasa Locker and relationship between the two? Thanks + +(Originally on Twitter: [Tue Jan 05 09:36:26 +0000 2021](https://twitter.com/adulau/status/1346390087483990019)) +---- +@Sebdraven Thanks my dear. I'll update the MISP galaxy cluster. + +(Originally on Twitter: [Tue Jan 05 10:06:12 +0000 2021](https://twitter.com/adulau/status/1346397580725510144)) +---- +"Jamming Attacks and Anti-Jamming Strategies in +Wireless Networks: A Comprehensive Survey" A good state-of-the-art of all the jamming attacks against wireless networks along with their countermeasures. + +https://arxiv.org/pdf/2101.00292.pdf ![](media/1346407386328817664-Eq9jHtRXAAQ5p7k.png) + +(Originally on Twitter: [Tue Jan 05 10:45:10 +0000 2021](https://twitter.com/adulau/status/1346407386328817664)) +---- +Thanks to @cedowens for the C2-JARM repository, it's a great idea. I found it so cool that I made a specific @MISPProject jarm object and a MISP #OSINT event with the known fingerprints. Nifty for pivoting. + +MISP event: https://www.circl.lu/doc/misp/feed-osint/4ce77fdd-19a8-4037-ac75-4ece0c05d63f.json + +Object: https://www.misp-project.org/objects.html#_jarm ![](media/1346503451375759365-Eq-9f9OXEAIdu-v.jpg) + +(Originally on Twitter: [Tue Jan 05 17:06:54 +0000 2021](https://twitter.com/adulau/status/1346503451375759365)) +---- +@DCSecuritydk @cedowens @MISPProject @Glacius_ @circl_lu ja3/ja3s, hassh and favicon-mmh3 are also full of opportunities ;-) + +(Originally on Twitter: [Tue Jan 05 17:52:52 +0000 2021](https://twitter.com/adulau/status/1346515020063105029)) +---- +RT @ArxSys: After 3 years, I finally released a new (beta) version of DFF including all the modules and features of the pro version ! It's… + +(Originally on Twitter: [Tue Jan 05 17:57:11 +0000 2021](https://twitter.com/adulau/status/1346516106861826049)) +---- +@ArxSys @udgover You rock! Thanks for sharing. + +(Originally on Twitter: [Tue Jan 05 17:57:43 +0000 2021](https://twitter.com/adulau/status/1346516238869082112)) +---- +@DCSecuritydk @maartenvhb @MISPProject @FIRSTdotOrg @sansforensics Taxonomies are evolving and I suppose this one is quite historical. My mantra is « taxonomies are used by social groups and you use the ones to be part of the social group you want to join and collaborate with » + +(Originally on Twitter: [Tue Jan 05 19:34:47 +0000 2021](https://twitter.com/adulau/status/1346540667128999943)) +---- +RT @DCSecuritydk: This mantra is actually quite perfect to describe any organizations approach to why you choose the incident classificatio… + +(Originally on Twitter: [Tue Jan 05 19:47:33 +0000 2021](https://twitter.com/adulau/status/1346543880154599430)) +---- +RT @cyb3rops: Fully working SMB protocol implementation is webassembly, it runs in your browser https://twitter.com/SkelSec/status/1346517626026123268 + +(Originally on Twitter: [Wed Jan 06 09:31:14 +0000 2021](https://twitter.com/adulau/status/1346751169025241089)) +---- +@PatouDubrois @Fn92Chatillon @Flobga C'est une visite officielle pour l'Airbus A 350 lors des premiers tests en mai 2014. +https://www.bundesregierung.de/breg-de/mediathek/fotos/die-kanzlerin-hat-gelegenheit-das-innere-des-neuen-airbus-a-350-zu-besichtigen--241516 + +(Originally on Twitter: [Wed Jan 06 12:24:41 +0000 2021](https://twitter.com/adulau/status/1346794817733455872)) +---- +@PatouDubrois @Fn92Chatillon @Flobga Ce sont des vieux brevets pour des méthodes pour essayer de déclencher de la pluie. +Pour une liste exhaustive https://patents.google.com/?q=~patent%2fUS3456880A mais je suppose que ma réponse précédente sur votre fausse information de départ ne vous convient pas. + +(Originally on Twitter: [Wed Jan 06 12:37:32 +0000 2021](https://twitter.com/adulau/status/1346798053135704065)) +---- +RT @0xrawsec: I did not give up, still working in my free time to make WHIDS (https://github.com/0xrawsec/whids) a good #opensource EDR for Windows.… + +(Originally on Twitter: [Wed Jan 06 12:42:51 +0000 2021](https://twitter.com/adulau/status/1346799388757254147)) +---- +@rafi0t is it me or the story of parsing URLs is following you everywhere you go even if you cross the Atlantic ;-) + +(Originally on Twitter: [Wed Jan 06 14:25:06 +0000 2021](https://twitter.com/adulau/status/1346825121701494784)) +---- +@angealbertini We are with you! + +(Originally on Twitter: [Thu Jan 07 14:20:38 +0000 2021](https://twitter.com/adulau/status/1347186386282151936)) +---- +@Archer83Able with some good german parts "ARGOS-II HD / HDT" +https://www.hensoldt.net/products/optronics/argos-ii/ + +(Originally on Twitter: [Thu Jan 07 15:00:32 +0000 2021](https://twitter.com/adulau/status/1347196427064242177)) +---- +RT @ylecun: Thanks CSAIL! + +In the video: +- Larry Jackel, Adaptive Systems Research department head (my boss), behind the camera. +- Donnie H… + +(Originally on Twitter: [Thu Jan 07 19:51:39 +0000 2021](https://twitter.com/adulau/status/1347269690410872832)) +---- +RT @gmazoyer: Peering Manager v1.3.1 has been released. It contains a bunch of bug fixes which were caused by previous' release refactoring… + +(Originally on Twitter: [Thu Jan 07 20:31:39 +0000 2021](https://twitter.com/adulau/status/1347279753657655296)) +---- +@Ko97551819 You are a f*king drug dealer for rats. Maybe it's related to this quote "drug, n: A substance that, injected into a rat, produces a scientific paper." + +(Originally on Twitter: [Fri Jan 08 15:06:50 +0000 2021](https://twitter.com/adulau/status/1347560401857351682)) +---- +RT @belathoud: @adulau Dunno why, but reading this : +https://us-cert.cisa.gov/ncas/alerts/aa21-008a +I remembered this tweet from @adulau +With that many ingress ve… + +(Originally on Twitter: [Fri Jan 08 22:20:49 +0000 2021](https://twitter.com/adulau/status/1347669617267929088)) +---- +Why there is no certificate transparency logs for code signing certificates? + +(Originally on Twitter: [Sat Jan 09 08:20:00 +0000 2021](https://twitter.com/adulau/status/1347820404052779009)) +---- +@___wr___ Software for such infrastructure is there but the CA doing certificate code signing are not publishing those anywhere until now? + +(Originally on Twitter: [Sat Jan 09 10:00:20 +0000 2021](https://twitter.com/adulau/status/1347845655344066560)) +---- +@ydklijnsma He was one of the kindest and incredible person in the world. We will miss him terribly. + +(Originally on Twitter: [Sun Jan 10 07:52:52 +0000 2021](https://twitter.com/adulau/status/1348175963293675520)) +---- +@likethecoins @CIA I'm trying to keep an archive and references to all those methodologies https://www.threat-intelligence.eu/methodologies/ and everyone can contribute via @github https://github.com/adulau/threat-intelligence.eu + +(Originally on Twitter: [Sun Jan 10 08:00:25 +0000 2021](https://twitter.com/adulau/status/1348177865595088897)) +---- +RT @moxie: @manfred_karrer @signalapp Signal is a non-profit and supported directly by people like you! You can donate here or in the app:… + +(Originally on Twitter: [Sun Jan 10 15:40:59 +0000 2021](https://twitter.com/adulau/status/1348293770534645763)) +---- +@cocaman Indeed, those guys/folks love us ;-) + +(Originally on Twitter: [Mon Jan 11 11:25:34 +0000 2021](https://twitter.com/adulau/status/1348591880309764101)) +---- +RT @MISPProject: If you are using @McAfee products and search for MISP integration, the incredible @mohlcyber has a lot of tools to ease th… + +(Originally on Twitter: [Mon Jan 11 14:10:07 +0000 2021](https://twitter.com/adulau/status/1348633288806690816)) +---- +@pstirparo @Google Good luck for your next adventure! + +(Originally on Twitter: [Mon Jan 11 15:20:12 +0000 2021](https://twitter.com/adulau/status/1348650926463213569)) +---- +@jfslowik IPv6 addresses are another underestimated areas of crawling. + +(Originally on Twitter: [Mon Jan 11 18:49:59 +0000 2021](https://twitter.com/adulau/status/1348703720071163905)) +---- +@y0m I remember the actor(s) who used various strings from AgentBTZ and everyone jumping around some years ago. It’s just a very small piece of information in a complete competitive analysis. It’s often easier to say « it’s them » than really doing a competitive analysis. + +(Originally on Twitter: [Mon Jan 11 19:18:08 +0000 2021](https://twitter.com/adulau/status/1348710806037393408)) +---- +@SamuelStolton @techvsterrorism @EP_Justice 1h take down is clearly unrealistic especially a large proportion of hosting companies/ISP already take days to remove some phishing website. Even some have no abuse point of contact, don’t have the staff to work 24/7 or have no abuse handling process. + +(Originally on Twitter: [Tue Jan 12 06:56:05 +0000 2021](https://twitter.com/adulau/status/1348886450377551872)) +---- +@Aristot73 I take my old hat. Copyright (authors' rights) applies for original work (detecting RC4/AES key material is not new), expression (yes, Yara is way to express something) and independently created (could be), Authors' right applies for Yara but is this a significant original one? + +(Originally on Twitter: [Tue Jan 12 08:20:40 +0000 2021](https://twitter.com/adulau/status/1348907735602122752)) +---- +@sergedroz @SamuelStolton @techvsterrorism @EP_Justice We already found a phishing kit to support and finance Daesh operation ;-) + +(Originally on Twitter: [Tue Jan 12 08:22:02 +0000 2021](https://twitter.com/adulau/status/1348908081133006848)) +---- +RT @alexanderjaeger: 🐦The first Timesketch Summit will happen on 🕓March 10th🕙. +✨Looking for Presentations and Workshops✨ +✍️Registration is… + +(Originally on Twitter: [Tue Jan 12 15:41:52 +0000 2021](https://twitter.com/adulau/status/1349018767179837443)) +---- +I did a quick presentation about the Passive SSH project (part of @d4_project) at the @CertLu community + +Slides: https://www2.slideshare.net/adulau/passive-ssh-a-fastlookup-database-of-ssh-key-materials-to-support-incident-response #threatintel #osint + +Code: https://github.com/d4-project/passive-ssh + +(Originally on Twitter: [Tue Jan 12 16:00:23 +0000 2021](https://twitter.com/adulau/status/1349023429589164040)) +---- +RT @jtkristoff: My friend Alexandre "Je vais programmer quelques trucs" has designed and built a number of community tools some organizati… + +(Originally on Twitter: [Tue Jan 12 21:52:34 +0000 2021](https://twitter.com/adulau/status/1349112056809709570)) +---- +@jtkristoff LOL. I remember the "doing some stuff" in Berlin. I hope we can come back to a hackathon session together to make some more incredible stuff in a near future. + +(Originally on Twitter: [Tue Jan 12 21:54:31 +0000 2021](https://twitter.com/adulau/status/1349112548029820935)) +---- +"Protocol-Aware Reactive LTE Signal Overshadowing and its Applications in DoS Attacks" + +"signal overshadowing, where the attacker signal is sent with the same timing and slightly higher power as the legitimate signal of an LTE base station" #jamming + +https://www.research-collection.ethz.ch/handle/20.500.11850/455834 + +(Originally on Twitter: [Tue Jan 12 22:11:38 +0000 2021](https://twitter.com/adulau/status/1349116853885534214)) +---- +@2sec4u I had the same reaction ;-) Now it's TLP:WHITE. + +(Originally on Twitter: [Thu Jan 14 13:56:36 +0000 2021](https://twitter.com/adulau/status/1349717051846389761)) +---- +@nullcookies Reading Psychology of Intelligence Analysis by Richard J. Heuer, Jr. http://www.threat-intelligence.eu/methodologies/#psychology-of-intelligence-analysis-by-richard-j-heuer-jr as a first step. and reviewing also the existing methodologies and/or models existing. http://www.threat-intelligence.eu/methodologies/ + +(Originally on Twitter: [Fri Jan 15 09:02:09 +0000 2021](https://twitter.com/adulau/status/1350005339542982657)) +---- +RT @steventseeley: A story on how I gained RCE against Microsoft Exchange Online using CVE-2020-16875 and bypassed their patches twice over… + +(Originally on Twitter: [Fri Jan 15 17:35:10 +0000 2021](https://twitter.com/adulau/status/1350134443743334406)) +---- +The most important aspect to have a successful open source project. + +Just maintain it on the long-term. + +That’s the best gift you can do. + +(Originally on Twitter: [Sat Jan 16 09:59:40 +0000 2021](https://twitter.com/adulau/status/1350382201666416640)) +---- +@Ko97551819 I second that. But I’m still very bad at writing good documentation for my open source projects ;-) + +(Originally on Twitter: [Sun Jan 17 18:21:53 +0000 2021](https://twitter.com/adulau/status/1350870975928262658)) +---- +The pleasure of travelling was really underestimated before this pandemic era. I rediscovered the true effect on your mind while traveling and walking long distant. It’s the catalyser for our intellect. ![](media/1350874430965243911-Er9ERTRXIAAFYQW.jpg) + +(Originally on Twitter: [Sun Jan 17 18:35:37 +0000 2021](https://twitter.com/adulau/status/1350874430965243911)) +---- +RT @spotfoss: Your reminder that the SSPL is neither free software nor open source: + +https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/IQIOBOGWJ247JGKX2WD6N27TZNZZNM6C/ + + +media/1351067821200076806-ErtzLamXYAAw4tf.mp4 + +(Originally on Twitter: [Mon Jan 18 07:24:04 +0000 2021](https://twitter.com/adulau/status/1351067821200076806)) +---- +"Identifying Authorship Style in Malicious Binaries: Techniques, Challenges & Datasets" + +https://arxiv.org/abs/2101.06124 + +It's really an impressive research, some good ideas. Maybe the only minor negative point, it's you need to register to access to the dataset. #ThreaIntel @craiu ![](media/1351486500358262786-EsFwO7mW8AEvcMt.png) + +(Originally on Twitter: [Tue Jan 19 11:07:45 +0000 2021](https://twitter.com/adulau/status/1351486500358262786)) +---- +@JSyversen @daveaitel @craiu Interesting. Do you have references to papers, code and/or datasets about the Cyber Genome project? + +(Originally on Twitter: [Tue Jan 19 15:19:16 +0000 2021](https://twitter.com/adulau/status/1351549794150453249)) +---- +RT @MISPProject: @tenacioustek MISP JSON format is an easy to parse format. You can have very simple list of indicators up to more complex… + +(Originally on Twitter: [Tue Jan 19 17:34:01 +0000 2021](https://twitter.com/adulau/status/1351583704674656259)) +---- +RT @circl_lu: Want to work with us? We are looking for a Senior Software Engineer to work on the different open source software we develop… + +(Originally on Twitter: [Wed Jan 20 16:01:27 +0000 2021](https://twitter.com/adulau/status/1351922798898327554)) +---- +Last warning before the end of the world, if you see an open source project with a requirement to sign a copyright assignment, run away (or fork and maintain a version without). Even if it’s a foundation or association. Every board or organisation can change a license... + +(Originally on Twitter: [Thu Jan 21 08:03:26 +0000 2021](https://twitter.com/adulau/status/1352164890090340354)) +---- +@paulvixie Because like FSF or Apache (in those days), they tend to not abuse their rights or change their mind. Now for the others, it's a complete different story. + +(Originally on Twitter: [Thu Jan 21 08:44:40 +0000 2021](https://twitter.com/adulau/status/1352175267549208577)) +---- +@Le0n0209 @espie_openbsd @Sebdraven and OpenBSD for example ;-) + +(Originally on Twitter: [Thu Jan 21 11:20:32 +0000 2021](https://twitter.com/adulau/status/1352214492252426241)) +---- +@craiu Old fan of Norton Commander ;-) + +(Originally on Twitter: [Thu Jan 21 11:22:45 +0000 2021](https://twitter.com/adulau/status/1352215051722231810)) +---- +@rsemancik Except if you don't want to sign the CLA ;-) + +(Originally on Twitter: [Thu Jan 21 12:12:49 +0000 2021](https://twitter.com/adulau/status/1352227650710999040)) +---- +@H_Miser « Toi aussi tu peux gagner 10k EUR en ouvrant un compte sur Internet » ;-) + +(Originally on Twitter: [Fri Jan 22 13:10:33 +0000 2021](https://twitter.com/adulau/status/1352604568107028480)) +---- +@selenalarson @likethecoins She is incredible, super sharp on every topics but the most important, she has a good sense of humour. + +(Originally on Twitter: [Fri Jan 22 18:00:09 +0000 2021](https://twitter.com/adulau/status/1352677444701057032)) +---- +RT @MISPProject: "ETIP: An Enriched Threat Intelligence Platform for Improving OSINT Correlation, Analysis, Visualization and Sharing Capab… + +(Originally on Twitter: [Sat Jan 23 09:32:59 +0000 2021](https://twitter.com/adulau/status/1352912201351372800)) +---- +A lot of people have high expectations of the CCTV operators and the auditing processes. The reality is dirty and it is impossible to solve. The only option is less CCTV but the current trend is in the opposite direction. #privacy +https://mobile.twitter.com/KimZetter/status/1352681107804676096 + +(Originally on Twitter: [Sat Jan 23 11:54:55 +0000 2021](https://twitter.com/adulau/status/1352947918743990273)) +---- +@Ko97551819 reverse parental control + +(Originally on Twitter: [Sat Jan 23 19:29:47 +0000 2021](https://twitter.com/adulau/status/1353062393429934081)) +---- +Thanks to @amazon for the Elasticsearch fork without the need of copyright assignments. I hope more large corporations will get rid of the copyright assignment craziness. ![](media/1353259084724756480-Ese8GkfWMAEJwWl.jpg) + +(Originally on Twitter: [Sun Jan 24 08:31:22 +0000 2021](https://twitter.com/adulau/status/1353259084724756480)) +---- +It works and for example we use it within @MISPProject https://www.misp-project.org/license/#contributing-and-copyright and everyone retains the rights. The open source license cannot be changed because everyone own collectively the software. That’s how we keep everyone at the same level of freedom. + +(Originally on Twitter: [Sun Jan 24 08:31:23 +0000 2021](https://twitter.com/adulau/status/1353259088143134720)) +---- +And for people (lawyers) asking about the risk of not having copyright assignment agreements, there is a simple and clean way called Developer Certificate of Origin: https://developercertificate.org/ by @linuxfoundation + +(Originally on Twitter: [Sun Jan 24 08:31:23 +0000 2021](https://twitter.com/adulau/status/1353259086306037760)) +---- +@MeThierryVallat Cela ne me semble pas si simple. Qu’elle est votre définition d’exploitation? Il y a l’acquisition, l’extraction et l’analyse. Je sais par experience que l’extraction n’est pas toujours triviale et peut prendre du temps. L’avocat passerait une semaine avec l’OPJ ou le technicien? + +(Originally on Twitter: [Mon Jan 25 06:42:01 +0000 2021](https://twitter.com/adulau/status/1353593954432913409)) +---- +@DfirNotes @cyb3rops We were thinking of having an optional enforcement on misp modules expansion. Do you think this could be useful? + +(Originally on Twitter: [Mon Jan 25 20:34:40 +0000 2021](https://twitter.com/adulau/status/1353803497288982529)) +---- +@DCSecuritydk Welcome to this new world! You are in good hands. + +(Originally on Twitter: [Tue Jan 26 06:45:33 +0000 2021](https://twitter.com/adulau/status/1353957230534676480)) +---- +@Sebdraven @hpiedcoq "Il n'aura échappé à personne que, dans le cadre de la campagne électorale, le retour au premier plan de la thématique sécuritaire a coïncidé de façon parfaite avec le retour au premier plan des mocassins à glands." dixit https://www.lemonde.fr/m-styles/article/2012/04/19/est-ce-bien-raisonnable-de-porter-des-mocassins-a-glands_1687614_4497319.html + +(Originally on Twitter: [Tue Jan 26 09:01:48 +0000 2021](https://twitter.com/adulau/status/1353991517560598531)) +---- +@miguno @ErgoDoxEZ I'm really curious. Did you run statistics before and after the use of the new keyboard? How many backspaces or typo avoided/created in the command line? + +(Originally on Twitter: [Tue Jan 26 16:36:46 +0000 2021](https://twitter.com/adulau/status/1354106013268516865)) +---- +RT @unpacker: We have seen that Lazarus group use this malware cluster, we named ThreatNeedle, in recent attack against the defense industr… + +(Originally on Twitter: [Wed Jan 27 11:58:01 +0000 2021](https://twitter.com/adulau/status/1354398250913173510)) +---- +RT @milkr3am: All Emotet epochs now are delivering the payload (https://www.virustotal.com/gui/file/a9c68d527223db40014d067cf4fdae5be46cca67387e9cfdff118276085f23ef/detection) which has the code to remove Emotet on 25 March 20… + +(Originally on Twitter: [Wed Jan 27 17:08:14 +0000 2021](https://twitter.com/adulau/status/1354476321125117957)) +---- +@AlyssaM_InfoSec @langnergroup In IR process, (B) is often the most common question « do you have an inventory to find other potential compromised system? » Very often, there is none. I would first recommend to have one and being reliable is often a nice to have ;-) + +(Originally on Twitter: [Thu Jan 28 06:59:15 +0000 2021](https://twitter.com/adulau/status/1354685451676905479)) +---- +@AlyssaM_InfoSec @langnergroup Having an inventory is also a great list for what need to be monitored, logged, scanned and audited. + +(Originally on Twitter: [Thu Jan 28 07:00:26 +0000 2021](https://twitter.com/adulau/status/1354685752727252992)) +---- +RT @circl_lu: Our private sector @MISPProject information sharing community is composed of 1267 organisations in Luxembourg and abroad. Org… + +(Originally on Twitter: [Thu Jan 28 10:07:47 +0000 2021](https://twitter.com/adulau/status/1354732900961366022)) +---- +@AlyssaM_InfoSec @lazyanalyst @langnergroup I have seen such scanners in action and the result is usually a very low coverage compared for example of the inventory from a network monitoring systems or IP allocation tools. + +(Originally on Twitter: [Thu Jan 28 12:48:29 +0000 2021](https://twitter.com/adulau/status/1354773340762894339)) +---- +RT @bagder: Of course! Lots of HTTPS servers out there don't actually support the SNI name if not provided in lowercase, even if the spec s… + +(Originally on Twitter: [Thu Jan 28 19:09:13 +0000 2021](https://twitter.com/adulau/status/1354869157024714752)) +---- +@cudeso Going open source and public build process ;-) + +(Originally on Twitter: [Fri Jan 29 17:39:52 +0000 2021](https://twitter.com/adulau/status/1355209057179734025)) +---- +RT @mjxg: MITRE InfoSec just open sourced a project called the 'malchive'. Quick and dirty it's a software package written in Python contai… + +(Originally on Twitter: [Fri Jan 29 19:31:07 +0000 2021](https://twitter.com/adulau/status/1355237056302239744)) +---- +@jtkristoff Reference: https://nprint.github.io/nprint/ + +(Originally on Twitter: [Fri Jan 29 20:04:21 +0000 2021](https://twitter.com/adulau/status/1355245416615440388)) +---- +The IP "139.28.217.222" from the famous M247 Ltd provider is quite interesting. If you publish a new certificate which appears in the CT logs, it tries to get any ".git/config" from your host. It's clever as at the enrolment of many machines, a git config could remain. ![](media/1355832456834854921-EtDfUjCW8AEhSx2.png) + +(Originally on Twitter: [Sun Jan 31 10:57:02 +0000 2021](https://twitter.com/adulau/status/1355832456834854921)) +---- +@LSELabs We maintain an updated version of ssldump at this location https://github.com/adulau/ssldump and with many improvements, bugs fixed. Maybe you should update the link? + +(Originally on Twitter: [Sun Jan 31 14:35:52 +0000 2021](https://twitter.com/adulau/status/1355887527702495234)) +---- +@Iglocska @DCSecuritydk @_raw_data_ @MISPProject Maybe the easier would be to have a misp shop with goodies ;-) + +(Originally on Twitter: [Sun Jan 31 14:39:13 +0000 2021](https://twitter.com/adulau/status/1355888369339936772)) +---- +@cudeso @ACMemewars I love the various paradoxes but my favorite one is the economical freedom request while asking for the prohibition of 5G. /facepalm + +(Originally on Twitter: [Sun Jan 31 15:53:03 +0000 2021](https://twitter.com/adulau/status/1355906952874876936)) +---- +@rafi0t Every country did the same kind of software for vaccination scheduling. Imagine a backup open source software co-financed by all the countries? Sometime open source could be used as a business continuity plan... + +(Originally on Twitter: [Sun Jan 31 19:00:41 +0000 2021](https://twitter.com/adulau/status/1355954172760367104)) +---- +@Iglocska @rafi0t lol I remember someone telling me that open source was the clear example of a liberal economy as described by Frederic Bastiat. I even remember in the nineties someone was willing to rename it liberal software ;-) + +(Originally on Twitter: [Mon Feb 01 07:32:08 +0000 2021](https://twitter.com/adulau/status/1356143281374162945)) +---- +Maybe the accurate definition of DevOps is “ the poor person who was to understand a complex software stack while trying to figure out if the bugs are from the stack, the OS/infra or the code on top of the stack.“ + +(Originally on Twitter: [Mon Feb 01 12:22:42 +0000 2021](https://twitter.com/adulau/status/1356216405407002631)) +---- +@alexanderjaeger @volatility @OpenSourceOrg @fsf Every time a new broken license is written, a bag full of kitten is killed. + + +media/1356333226109841412-EtKp4EUXAAAM12o.mp4 + +(Originally on Twitter: [Mon Feb 01 20:06:55 +0000 2021](https://twitter.com/adulau/status/1356333226109841412)) +---- +@thepacketrat I was wondering if someone got in touch with them because I suppose they sometime give support to the wrong people... and what’s exactly the business of HelpSystems? I assume many people already double checked... ![](media/1356507188957769729-EtNHCIUXYAIWOs8.jpg) + +(Originally on Twitter: [Tue Feb 02 07:38:11 +0000 2021](https://twitter.com/adulau/status/1356507188957769729)) +---- +RT @MISPProject: Suite aux nombreuses demandes, une session de formation et d'introduction CTI à MISP est prévue le 25 février 2021 de 14:0… + +(Originally on Twitter: [Tue Feb 02 10:43:33 +0000 2021](https://twitter.com/adulau/status/1356553839546146818)) +---- +@ESETresearch @marc_etienne_ @ulexec Thanks for sharing. I did a @MISPProject event https://www.circl.lu/doc/misp/feed-osint/2ebc21a4-5635-4a7d-9553-ec5f58be0ee6.json which is now in the @circl_lu OSINT feed. + +(Originally on Twitter: [Tue Feb 02 13:50:55 +0000 2021](https://twitter.com/adulau/status/1356600990745546753)) +---- +We just released ssldump version 1.3 https://github.com/adulau/ssldump Many bugs fixed including memory leaks and a new nifty JSON export. #dfir #opensource Thanks to @___wr___ for the continuous fuzzing and stream of improvements. JSON export used in @d4_project Passive SSL collection. ![](media/1356617344383090689-EtOrexkXUAETOQ8.png) + +(Originally on Twitter: [Tue Feb 02 14:55:54 +0000 2021](https://twitter.com/adulau/status/1356617344383090689)) +---- +@jtkristoff You're welcome. It includes all the known patches from all the distributions, many improvements (rewrite pcap, TLS extensions, JSON export), many bugs fixed and many fuzzing tests. I hope that more distribution will use it as default because some rely on the ancient code base. + +(Originally on Twitter: [Tue Feb 02 16:36:30 +0000 2021](https://twitter.com/adulau/status/1356642662468751361)) +---- +@jtkristoff We have in our todo list two major updates ja3/ja3s and improvements on the IPv6 decoding side. + +(Originally on Twitter: [Tue Feb 02 16:42:46 +0000 2021](https://twitter.com/adulau/status/1356644241129283585)) +---- +We are adding more feeders into @ail_project if you have any ideas of interesting feeder ideas to add in AIL. Let us know. #OSINT + +https://twitter.com/ail_project/status/1357016349889986564 + +(Originally on Twitter: [Wed Feb 03 17:30:45 +0000 2021](https://twitter.com/adulau/status/1357018703511101446)) +---- +@cudeso @ail_project It’s a great idea. We have an ongoing project to find open database (it’s still very alpha) https://github.com/ail-project/equaeris testers are welcome ;-) + +(Originally on Twitter: [Wed Feb 03 19:27:12 +0000 2021](https://twitter.com/adulau/status/1357048009100578827)) +---- +@arnaudporterie This is one of the recurring issue of inventing « yet-another-ambigious-non-free-license » I never understood why they don’t use an open source license such as the AGPLv3 which is well designed. + +(Originally on Twitter: [Thu Feb 04 06:38:50 +0000 2021](https://twitter.com/adulau/status/1357217028642377731)) +---- +@Aristot73 @cudeso I didn’t know that British Standards were involved in the process ;-) + +(Originally on Twitter: [Thu Feb 04 21:28:39 +0000 2021](https://twitter.com/adulau/status/1357440958485397509)) +---- +@SecEvangelism Take care Chris! + +(Originally on Twitter: [Fri Feb 05 07:25:18 +0000 2021](https://twitter.com/adulau/status/1357591110378487808)) +---- +@H_Miser @TonProc Tellement juste. J’avais ce papier sur la porte de mon bureau il y a plusieurs années: https://basecamp.com/gettingreal/07.3-meetings-are-toxic + +(Originally on Twitter: [Fri Feb 05 07:34:44 +0000 2021](https://twitter.com/adulau/status/1357593487584223232)) +---- +RT @bryceabdo: This looks solid 🏋️‍♂️ for #CobaltStrike hunting in logs. I use a similar method with vt yara module + +rule beacon_pipe_8 {… + +(Originally on Twitter: [Fri Feb 05 07:44:17 +0000 2021](https://twitter.com/adulau/status/1357595887309053953)) +---- +The Open Source Project Criticality Score calculates the criticality score of a project based on various parameters from git. I tested @MISPProject (0.74) and ssldump (0.33). The concept is neat but there are some blind spots from private repo and dist. +https://github.com/ossf/criticality_score ![](media/1357977267218100224-Eth-tQ9XMAA7orc.jpg) + +(Originally on Twitter: [Sat Feb 06 08:59:45 +0000 2021](https://twitter.com/adulau/status/1357977267218100224)) +---- +@NguyenEmmanuel3 @MISPProject @circl_lu @mokaddem_sami Oui, nous allons en annoncer une autre. 70 inscriptions en 2 jours fut une bonne surprise ;-) + +(Originally on Twitter: [Sat Feb 06 21:14:53 +0000 2021](https://twitter.com/adulau/status/1358162272166813696)) +---- +I love this year @fosdem no need to wait for having a spot in a room, all is easily accessible, live comments can help to better understand live talks and online interaction is simplified. Thanks to all the volunteers and @matrixdotorg for the hard work. + +https://mobile.twitter.com/matrixdotorg/status/1358334875565240321 + +(Originally on Twitter: [Sun Feb 07 08:45:46 +0000 2021](https://twitter.com/adulau/status/1358336135689347080)) +---- +@FredericJacobs @RocketLab Funny that you mention RocketLab. Do you know how they are funded? + +(Originally on Twitter: [Sun Feb 07 12:40:27 +0000 2021](https://twitter.com/adulau/status/1358395196753518593)) +---- +@eromang Good question some ideas https://homepages.inf.ed.ac.uk/rbf/AIMOVIES/AImovies.htm + +(Originally on Twitter: [Sun Feb 07 20:54:03 +0000 2021](https://twitter.com/adulau/status/1358519416640651265)) +---- +RT @CycatP: Announcing @CycatP, a FOSS project to create a Cybersecurity resource CATalogue (CyCAT), in order to easily promote, validate a… + +(Originally on Twitter: [Mon Feb 08 16:15:22 +0000 2021](https://twitter.com/adulau/status/1358811671712653318)) +---- +@Aristot73 Why is this worrying? Using CNE is not new, it was used in many cases, they deployed something specific (didn’t purchase it from those shady vendors), focus on a specific criminal operator and solved many criminal cases with the collection. CNE is rarely fully documented. + +(Originally on Twitter: [Mon Feb 08 20:30:39 +0000 2021](https://twitter.com/adulau/status/1358875916416544770)) +---- +@Aristot73 @SteveBellovin @mattblaze I need to dig into it. Thanks. It remembers me the DeCSS case ;-) Nevertheless for the specific case we are discussing, it’s not uncommon to have the acquisition tools without the source code disclosed. If we assume the court saw this as a standard forensic acquisition... + +(Originally on Twitter: [Mon Feb 08 21:26:14 +0000 2021](https://twitter.com/adulau/status/1358889901257850882)) +---- +@Aristot73 @SteveBellovin @mattblaze IMHO all the forensic tooling should be clearly open sourced with the ability for any expert in the field to reproduce the process. In this specific case, not sure we are in front of a common case of forensic analysis. It sounds more like logging from an interception at OS level. + +(Originally on Twitter: [Mon Feb 08 21:31:29 +0000 2021](https://twitter.com/adulau/status/1358891223268818944)) +---- +I was wondering what’s now the available open source SIEM without ES? The only one I found is @ApacheMetron having a @ApacheSolr option. Something else? + +(Originally on Twitter: [Tue Feb 09 07:15:04 +0000 2021](https://twitter.com/adulau/status/1359038088266268672)) +---- +@_n0p_ @ApacheMetron @ApacheSolr License + +(Originally on Twitter: [Tue Feb 09 07:19:38 +0000 2021](https://twitter.com/adulau/status/1359039236826161152)) +---- +@_n0p_ @ApacheMetron @ApacheSolr Sure but having some diversity is maybe a safe bet for the future. + +(Originally on Twitter: [Tue Feb 09 07:22:32 +0000 2021](https://twitter.com/adulau/status/1359039964852453376)) +---- +RT @MISPProject: MISP 2.4.138 released with many improvements including http://CISA.gov AIS dynamic marking functionality, RSIT gal… + +(Originally on Twitter: [Wed Feb 10 18:01:51 +0000 2021](https://twitter.com/adulau/status/1359563246001348611)) +---- +RT @PierreKimSec: Multiple vulnerabilities found in FiberHome HG6245D routers https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html #0day #backdoor #RCE #FTTH #ONT + +(Originally on Twitter: [Wed Feb 10 21:56:31 +0000 2021](https://twitter.com/adulau/status/1359622301268983814)) +---- +@Seifreed @asfakian @MITREattack I see a new @MISPProject galaxy to create with all the relationships to MITRE ATT&CK. + +(Originally on Twitter: [Thu Feb 11 07:29:01 +0000 2021](https://twitter.com/adulau/status/1359766372914454531)) +---- +@fr0gger_ @Seifreed @asfakian @MITREattack @MISPProject Whoaaa that’s another good one. Is there a repo with the JSON or machine parseable format? We can also add it. + +(Originally on Twitter: [Thu Feb 11 08:02:01 +0000 2021](https://twitter.com/adulau/status/1359774680148754432)) +---- +RT @cbrocas: Great cliché (please browse his entire gallery on #flickr !) by @adulau of a #streetart wall at "Rue de la Brèche" (EN: Breach… + +(Originally on Twitter: [Thu Feb 11 08:16:46 +0000 2021](https://twitter.com/adulau/status/1359778391570993153)) +---- +@cbrocas Thank you! + +(Originally on Twitter: [Thu Feb 11 08:16:59 +0000 2021](https://twitter.com/adulau/status/1359778444406620160)) +---- +Very often we want to show the captivating examples requested by the intelligence community to extend MISP. To avoid any leaks of sensitive models, we now use films ;-) + +https://twitter.com/MISPProject/status/1359792372452851713 + +(Originally on Twitter: [Thu Feb 11 09:51:31 +0000 2021](https://twitter.com/adulau/status/1359802237158096901)) +---- +So I did a first presentation of the project in front of an audience from an information security association. The feedback was cold and a well known university teacher just told in front of the audience: « what’s the use of keeping malware, it’s useless ». Here is my mistake: + +(Originally on Twitter: [Thu Feb 11 20:14:33 +0000 2021](https://twitter.com/adulau/status/1359959027652919303)) +---- +People are sharing their biggest mistakes on Twitter, here is mine: more than 14 years, I started to write a malware database from malware collected via honeypots. I did a first early version and it worked. But that’s not the mistake... + +http://www.foo.be/cgi-bin/wiki.pl/MalwareDatabase + +(Originally on Twitter: [Thu Feb 11 20:14:33 +0000 2021](https://twitter.com/adulau/status/1359959026310782976)) +---- +Instead of challenging his comment. I just assumed he was right and it was my last presentation about the project. So if someone tell you that your project is useless, challenge them and continue your project. I learn a lot from my mistakes and this one helped me a lot. + +(Originally on Twitter: [Thu Feb 11 20:14:34 +0000 2021](https://twitter.com/adulau/status/1359959029469110283)) +---- +@F_kZ_ Why not ;-) but I suppose there are pretty good open source datastore nowadays. + +(Originally on Twitter: [Thu Feb 11 20:21:08 +0000 2021](https://twitter.com/adulau/status/1359960683618709509)) +---- +@cyb3rops Lol. It works also for the contractor or supplier sharing the same passwords across different customers while using TeamViewer. + +(Originally on Twitter: [Fri Feb 12 12:39:13 +0000 2021](https://twitter.com/adulau/status/1360206824939651079)) +---- +@fr0s7_ @certbe Indeed it's quite suspicious (the hosting on Alibaba cloud) but bpost could track the campaign as the website deliver a cookie from the official website. +The result from @lookyloo_app +https://lookyloo.circl.lu/tree/98a37a01-8388-444f-865d-e5c479bf2fe8 + +(Originally on Twitter: [Fri Feb 12 12:56:43 +0000 2021](https://twitter.com/adulau/status/1360211229483098114)) +---- +RT @Ko97551819: Updated the ORCRIme repository with new links to databases on #HumanTrafficking +#crime +Thanks @adulau for the links! +http… + +(Originally on Twitter: [Fri Feb 12 16:48:05 +0000 2021](https://twitter.com/adulau/status/1360269455830487041)) +---- +@ancailliau @Iglocska There are some templates on GitHub but many are without license mentioned and incomplete. Maybe time to have a clean repo? + +(Originally on Twitter: [Fri Feb 12 16:53:04 +0000 2021](https://twitter.com/adulau/status/1360270710992760834)) +---- +RT @ail_project: "Passive SSH, a Fast-Lookup Database of SSH Key Materials to Support Incident Response" videos from the @FIRSTdotOrg 2020… + +(Originally on Twitter: [Fri Feb 12 17:05:55 +0000 2021](https://twitter.com/adulau/status/1360273942712377352)) +---- +RT @jtkristoff: Weekend Reads: + +* COVID dark web vaccines https://arxiv.org/abs/2102.05470 +* Reverse engineering Emotet https://cert.grnet.gr/en/blog/reverse-engineering-emotet/ +* GS… + +(Originally on Twitter: [Fri Feb 12 17:06:07 +0000 2021](https://twitter.com/adulau/status/1360273992402276353)) +---- +@Ko97551819 @msuiche A copyleft-type license (e.g. AGPL) is a way to build a community based on your software ensuring your software will remain always free. The license applies when there is a distribution (conveying, online services in case of AGPL) and the code has been modified. + +(Originally on Twitter: [Sat Feb 13 07:39:30 +0000 2021](https://twitter.com/adulau/status/1360493787974410243)) +---- +@Ko97551819 @msuiche « bundling in a commercial package » is a vague term which can lead to confusion especially if you want to enforce the license. Nevertheless if it’s an extension of the covered work, then the license clearly applies or restrict the user freedom in the work licensed under AGPL. ![](media/1360496109047730176-EuFzW4uXMAIIsyj.jpg) + +(Originally on Twitter: [Sat Feb 13 07:48:43 +0000 2021](https://twitter.com/adulau/status/1360496109047730176)) +---- +@Ko97551819 @msuiche That’s exactly what some organisations are trying to do is to hide the fact there is a component under AGPL then you can enforce it while there is distribution. The AGPL was designed based on the GPL (a diff will show you the changes) and the wording is clear. + +(Originally on Twitter: [Sat Feb 13 07:57:43 +0000 2021](https://twitter.com/adulau/status/1360498374324150281)) +---- +Hey @doctolib using external cookies for medical appointments including @getsentry to debug your code or the obscure http://sdk.privacy-centry.org sending data in US or even Google. It's maybe a bit too much? @CNIL_en + +https://lookyloo.circl.lu/tree/bcc1681c-2d0c-490e-9754-5d177f65ab39 ![](media/1360524543819923457-EuGMCJjXYAArX6u.jpg) + +(Originally on Twitter: [Sat Feb 13 09:41:43 +0000 2021](https://twitter.com/adulau/status/1360524543819923457)) +---- +I just remembered when we claimed that those screen locker attacks were made by lamers. It was just the beginnings of the ransomware strategies. Even « lamers » are a source of innovation because they have no shame to experiment. #threatintelligence + +(Originally on Twitter: [Sun Feb 14 07:35:39 +0000 2021](https://twitter.com/adulau/status/1360855205932367872)) +---- +RT @mr_phrazer: Great paper by @grmenguy and the @BinsecTool team in which they improve the state of the art in semantic code deobfuscation… + +(Originally on Twitter: [Sun Feb 14 09:37:35 +0000 2021](https://twitter.com/adulau/status/1360885894077702145)) +---- +RT @_msw_: From my personal point of view, AGPLv3 isn't the right license for a Freemium model. Freemium isn't about providing Software Fre… + +(Originally on Twitter: [Mon Feb 15 20:39:25 +0000 2021](https://twitter.com/adulau/status/1361414837100679170)) +---- +It’s not because you prefix « Open » in your project that makes it an open source project especially when the license is not open source one. + +(Originally on Twitter: [Mon Feb 15 20:59:14 +0000 2021](https://twitter.com/adulau/status/1361419822886621185)) +---- +@Aristot73 I suppose so when a compiler is involved, it’s becoming a supply chain attack. + +(Originally on Twitter: [Mon Feb 15 21:19:09 +0000 2021](https://twitter.com/adulau/status/1361424833947516929)) +---- +@Aristot73 @Misp @MISPProject ;-) + +(Originally on Twitter: [Mon Feb 15 21:26:27 +0000 2021](https://twitter.com/adulau/status/1361426671321178113)) +---- +@Seifreed @virustotal I remember some years ago, I found a huge package of yara rules in a tar file. I still wonder if the leak was not intentional. + +(Originally on Twitter: [Wed Feb 17 22:12:04 +0000 2021](https://twitter.com/adulau/status/1362162928825335809)) +---- +@H_Miser Imagine 10% de cette somme pour les projets libres en « cybersécurité » ? Bon ok, on peut toujours rêver le matin avant le travail. + +(Originally on Twitter: [Thu Feb 18 06:07:46 +0000 2021](https://twitter.com/adulau/status/1362282642285150208)) +---- +Just a small advice if you do a review of an open source tool for your next academic paper, please test and use the tool. Copy-pasting an incorrect description from another old academic paper doesn’t make sense for a state-of-the-art. It doesn’t help science at the end. + +(Originally on Twitter: [Thu Feb 18 17:26:52 +0000 2021](https://twitter.com/adulau/status/1362453541441462272)) +---- +@H_Miser Exactement augmenter les compétences en interne avec des outils libres et la collaboration, c’est bien mieux que d'acheter des produits propriétaires et téléphoner à un support technique qui ne peut rien faire de vos demandes. + +(Originally on Twitter: [Thu Feb 18 17:45:18 +0000 2021](https://twitter.com/adulau/status/1362458183357317123)) +---- +@Sebdraven @H_Miser Anarcho-socialo-libéral me semble plus adapté pour ma pensée du logiciel libre comme un outil économique et émancipateur. + +(Originally on Twitter: [Thu Feb 18 17:55:13 +0000 2021](https://twitter.com/adulau/status/1362460677676421120)) +---- +@H_Miser Merci beaucoup. Je te retourne le compliment. Tu fais vraiment partie de la communauté et tes contributions sont toujours pertinentes et utiles pour nous tous. + +(Originally on Twitter: [Thu Feb 18 20:29:57 +0000 2021](https://twitter.com/adulau/status/1362499615984152580)) +---- +@Aristot73 I love when the legal is like « sure keep an uncontrolled botnet for any next criminal to operate » because we are not sure if the police can shut it down completely. I hope the legal staff of LE will use « proportionality » and we can finally get the work done. + +(Originally on Twitter: [Fri Feb 19 07:16:53 +0000 2021](https://twitter.com/adulau/status/1362662425733042176)) +---- +Apple included a "Hardware microphone disconnect" in 2019 and 2020. + +https://manuals.info.apple.com/MANUALS/1000/MA1902/en_US/apple-platform-security-guide.pdf + +It's well documented, some other vendors should follow these best practices. #privacy #infosec ![](media/1363054227153711106-EuqKAIWXYAEPlAz.jpg) + +(Originally on Twitter: [Sat Feb 20 09:13:46 +0000 2021](https://twitter.com/adulau/status/1363054227153711106)) +---- +@Ko97551819 @RatsEveryHour + + +media/1363152664205361152-EurkHVOXcAMpmJY.mp4 + +(Originally on Twitter: [Sat Feb 20 15:44:55 +0000 2021](https://twitter.com/adulau/status/1363152664205361152)) +---- +RT @___wr___: @drraid https://twitter.com/___wr___/status/1351093669512830976 + +(Originally on Twitter: [Sun Feb 21 07:37:23 +0000 2021](https://twitter.com/adulau/status/1363392360277807104)) +---- +Bon @lesoir je dois avouer que je ne comprends plus votre modèle, j’ai un abonnement (papier/numérique) et je me retrouve à avoir une application de tracking. Vos lecteurs payants sont aussi devenus des produits marketing pour des tiers malgré plus de 200 euros d’abonnement. ![](media/1364108198202998784-Eu5IzJnWYAcSSE8.jpg) + +(Originally on Twitter: [Tue Feb 23 07:01:53 +0000 2021](https://twitter.com/adulau/status/1364108198202998784)) +---- +@LucDockendorf @lesoir The data brokers and marketing partners used by press websites showing off their backend infrastructure: + + +media/1364112030211469312-Eu5MqB4XcAE62J4.mp4 + +(Originally on Twitter: [Tue Feb 23 07:17:06 +0000 2021](https://twitter.com/adulau/status/1364112030211469312)) +---- +@cudeso I hope they will change the license to an open source license soon. + +(Originally on Twitter: [Tue Feb 23 07:51:25 +0000 2021](https://twitter.com/adulau/status/1364120665238999041)) +---- +I want to see the face of the « group » while listening to this: + +https://mobile.twitter.com/josephfcox/status/1364305681613000707 + +(Originally on Twitter: [Tue Feb 23 20:29:06 +0000 2021](https://twitter.com/adulau/status/1364311342455394306)) +---- +@g0ul4g What’s your bet on how many people were involved? as you know quite well CNE too. + +(Originally on Twitter: [Tue Feb 23 20:46:55 +0000 2021](https://twitter.com/adulau/status/1364315825583382530)) +---- +@clevybencheton My bet is about the fact that the most successful team in intelligence operation are often small and highly effective team. Indeed, such figures can be used to impress the political masses. + +(Originally on Twitter: [Tue Feb 23 20:50:23 +0000 2021](https://twitter.com/adulau/status/1364316698980057096)) +---- +Working on the @CycatP with @Iglocska @_saadk and @FDezeure and we have a preliminary document describing the CyCAT idea and especially how to interlink existing cybersecurity references and projects together. + +https://www.cycat.org/services/concept/ ![](media/1364537860209192963-Eu_PjSlWgAI81Sp.jpg) + +(Originally on Twitter: [Wed Feb 24 11:29:12 +0000 2021](https://twitter.com/adulau/status/1364537860209192963)) +---- +RT @chrisdoman: "The NCCC at the NSDC of Ukraine warns of a cyberattack on the document management system of state bodies" -https://t.co/a… + +(Originally on Twitter: [Wed Feb 24 19:26:46 +0000 2021](https://twitter.com/adulau/status/1364658045054300163)) +---- +@Glacius_ Cool. I’m wondering if we should not create a @MISPProject feed generator out of any github repository like this one. + +(Originally on Twitter: [Wed Feb 24 19:35:17 +0000 2021](https://twitter.com/adulau/status/1364660187039154177)) +---- +RT @FarsightSecInc: New blog article: Malware Information Sharing Platform (MISP) Now Offering Farsight DNSDB Flexible Search Capabilities… + +(Originally on Twitter: [Thu Feb 25 06:26:40 +0000 2021](https://twitter.com/adulau/status/1364824114775621632)) +---- +RT @MISPProject: After a fruitful discussion with the great team of @FarsightSecInc , we recently added DKIM attribute type and object in M… + +(Originally on Twitter: [Thu Feb 25 06:40:52 +0000 2021](https://twitter.com/adulau/status/1364827688708567042)) +---- +To summarize 2021 incident responsibility and action from a private company, it’s the fault of the intern and someone using GitHub. In 1988 due the Morris worm, CERT/CC was created, analysis was shared & many actions done. Time for action? +https://mobile.twitter.com/CNN/status/1365445311066480641 ![](media/1365557073774317569-EvNtYgAWQAAldER.jpg) + +(Originally on Twitter: [Sat Feb 27 06:59:11 +0000 2021](https://twitter.com/adulau/status/1365557073774317569)) +---- +Fingerprinting nation-states, interns, open source offensive tools, the squirrels... it’s too easy. Just explain what will be your actions to secure your organisation to the journalists. + +(Originally on Twitter: [Sat Feb 27 06:59:12 +0000 2021](https://twitter.com/adulau/status/1365557076030877696)) +---- +@Aristot73 EUropean Legal Anarchy + +(Originally on Twitter: [Sat Feb 27 09:02:41 +0000 2021](https://twitter.com/adulau/status/1365588153353052161)) +---- +@hpiedcoq My favourite one... from the design to the CPU. The analog interface for the TV was super cool too. And the crappy part was indeed the keyboard... https://worldofspectrum.net/pub/sinclair/books/z/Z80UsersManual.pdf + +(Originally on Twitter: [Sat Feb 27 09:09:15 +0000 2021](https://twitter.com/adulau/status/1365589803048333314)) +---- +@mikko Is there a dump/archive somewhere of the flash/hdd image from those devices? + +(Originally on Twitter: [Sat Feb 27 09:12:56 +0000 2021](https://twitter.com/adulau/status/1365590731407183874)) +---- +RT @MISPProject: The MISP ransomware taxonomy has been significantly improved with the current state-of-the-art of the literature about ran… + +(Originally on Twitter: [Sat Feb 27 09:37:40 +0000 2021](https://twitter.com/adulau/status/1365596955779432457)) +---- +@Ko97551819 Lovely... do you know when your rat will start to encode her first event in @MISPProject? We need more analysts. + +(Originally on Twitter: [Sat Feb 27 09:39:08 +0000 2021](https://twitter.com/adulau/status/1365597326295896067)) +---- +RT @christianrossow: Ever wanted to apply #YARA signatures to >32,000,000 malware samples in ~12.5 seconds? @mbbrengel has just released Ya… + +(Originally on Twitter: [Sun Feb 28 07:53:39 +0000 2021](https://twitter.com/adulau/status/1365933167291621377)) +---- +@Ko97551819 For me, I'm missing: the smell of paper, the sound of the door opening and the awkward requests. + +(Originally on Twitter: [Sun Feb 28 10:40:57 +0000 2021](https://twitter.com/adulau/status/1365975269962620928)) +---- +Thanks to @azu_re to work and maintain honkit https://github.com/honkit/honkit a fork of the killed open source project @GitBookIO - The most important part of sustainability in open source, it’s the commitment of all the individuals. + +(Originally on Twitter: [Sun Feb 28 12:26:22 +0000 2021](https://twitter.com/adulau/status/1366001796464996353)) +---- +@Ko97551819 « Oulalala mais ma petit dame ce n’est pas réglementaire, cela risque d’attirer la foule et de faire un attroupement. » dixit l’agent de police qui vient de voir cette guirlande hors norme. + +(Originally on Twitter: [Sun Feb 28 18:35:58 +0000 2021](https://twitter.com/adulau/status/1366094810982068232)) +---- +@Ko97551819 + + +media/1366098490259099653-EvVbU7UXcAAjxpz.mp4 + +(Originally on Twitter: [Sun Feb 28 18:50:35 +0000 2021](https://twitter.com/adulau/status/1366098490259099653)) +---- +Reading « Confronting Cyberespionage Under International Law » and I’m sure some readers will just read as a good opportunity to find legal loopholes to conduct CNE. ![](media/1366291013128577025-EvYI1hcXUAILduD.jpg) + +(Originally on Twitter: [Mon Mar 01 07:35:36 +0000 2021](https://twitter.com/adulau/status/1366291013128577025)) +---- +@pstirparo @DragosInc + + +media/1366466461825462275-EvaqABZXYAQIgx7.mp4 + +(Originally on Twitter: [Mon Mar 01 19:12:46 +0000 2021](https://twitter.com/adulau/status/1366466461825462275)) +---- +RT @ninoseki: Sharing Machine Learning Models as Indicators of Compromise for Cyber Threat Intelligence +https://www.mdpi.com/2624-800X/1/1/8 +An interest… + +(Originally on Twitter: [Tue Mar 02 06:12:50 +0000 2021](https://twitter.com/adulau/status/1366632572550328323)) +---- +@sashank_dara @ninoseki @MISPProject @snort @StratosphereIPS @eldracote Great news. Let us know if you have a description of the signature format, we can create new object templates very easily in @MISPProject ! + +(Originally on Twitter: [Tue Mar 02 06:47:28 +0000 2021](https://twitter.com/adulau/status/1366641286812479491)) +---- +@_msw_ Funny to see in the blog post of Apache which tries to mimic the effect of a copyleft-type license without promoting such license in their foundation. + +(Originally on Twitter: [Tue Mar 02 06:52:54 +0000 2021](https://twitter.com/adulau/status/1366642656131047424)) +---- +@_msw_ Indeed. I still wonder why they think a copyleft model is a limiting factor for the economy especially seeing how a copyleft-type model secure a community and ensure the values are always increasing. + +(Originally on Twitter: [Tue Mar 02 07:01:27 +0000 2021](https://twitter.com/adulau/status/1366644806680731653)) +---- +RT @CycatP: Thanks @enisa_eu for the opportunity to present @CycatP project during the 13th #CSIRTsNetwork meeting later today. + +We will co… + +(Originally on Twitter: [Wed Mar 03 09:50:31 +0000 2021](https://twitter.com/adulau/status/1367049742191099907)) +---- +RT @wimremes: @adulau remember why I wrote CVE Search? This is why I wrote the original CVE Search 😭 https://twitter.com/Bank_Security/status/1367140516903735298 + +(Originally on Twitter: [Wed Mar 03 17:53:15 +0000 2021](https://twitter.com/adulau/status/1367171226507096067)) +---- +@wimremes 😉The crazy part is many organisation doesn’t want to run their own cve-search and still rely on our public instance. Another good reason to run local open source software to avoid third-party footprint. + +(Originally on Twitter: [Wed Mar 03 18:26:14 +0000 2021](https://twitter.com/adulau/status/1367179524731985927)) +---- +@Cyr_ @wimremes It can make sense especially that we don’t have any info from the user (beside an IP address). I just mean that sometime management should support more internal staff doing open source than blindly buying AI-driven products ;-) + +(Originally on Twitter: [Wed Mar 03 18:38:35 +0000 2021](https://twitter.com/adulau/status/1367182634691014658)) +---- +@Cyr_ @wimremes Cool. Continuous patching is great indeed. Do you maintain a list of the product/vendor url where you monitor the new releases? That could be useful for many of us. + +(Originally on Twitter: [Wed Mar 03 18:41:03 +0000 2021](https://twitter.com/adulau/status/1367183254449700877)) +---- +RT @Cyr_: @adulau @wimremes I wrote a small tool, based on cve-search’s idea, that uses debian’s uscan to monitor a list of urls but it’s m… + +(Originally on Twitter: [Wed Mar 03 18:48:52 +0000 2021](https://twitter.com/adulau/status/1367185222522048522)) +---- +@daveaitel @MISPProject maintains JSON files for threat actors (and many other things) including a unique UUID along with a value and all the known synonyms. https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json - +https://www.misp-project.org/galaxy.html + +(Originally on Twitter: [Wed Mar 03 21:34:32 +0000 2021](https://twitter.com/adulau/status/1367226913174020096)) +---- +RT @CycatP: Slides of the CyCAT project - Lightning Talk given by @_saadk and @adulau are available. If you want to have an overview of th… + +(Originally on Twitter: [Wed Mar 03 22:47:32 +0000 2021](https://twitter.com/adulau/status/1367245282270842882)) +---- +@_msw_ It’s indeed the case when you create software to be interoperable with existing system calls, networked filesystem protocols and format. On the other hand, I have seen a lot of innovation in open source tools especially when it’s new and don’t need to be backward compatible. + +(Originally on Twitter: [Fri Mar 05 06:18:19 +0000 2021](https://twitter.com/adulau/status/1367721114818994179)) +---- +@_msw_ As an example, we develop @MISPProject and we introduced functionalities which were new in the field of intelligence platform like model-based decaying indicators, dynamic object template or community sharing protocols. Nevertheless you rely on the science around you to create. + +(Originally on Twitter: [Fri Mar 05 06:23:36 +0000 2021](https://twitter.com/adulau/status/1367722443922628609)) +---- +@stevengoossens @_bromiley @Mandiant @anthomsec @MISPProject Yes it’s the positive sighting functionality in MISP which can be assigned on any attribute. It’s also used for the decaying of indicators (expiration). It’s great to see the information mentioned in a report. + +(Originally on Twitter: [Fri Mar 05 12:42:26 +0000 2021](https://twitter.com/adulau/status/1367817780242841603)) +---- +@Ko97551819 Learning and studying. Just can’t get enough. + + +media/1368282586854916098-Ev0dwaqWQAIqkBQ.mp4 + +(Originally on Twitter: [Sat Mar 06 19:29:24 +0000 2021](https://twitter.com/adulau/status/1368282586854916098)) +---- +@nadouani @MISPProject @TheHive_Project @MITREattack + + +media/1368326570239221769-Ev1Fwj2WgAoH89M.mp4 + +(Originally on Twitter: [Sat Mar 06 22:24:11 +0000 2021](https://twitter.com/adulau/status/1368326570239221769)) +---- +Advice for adversaries searching to hide exploitation in a corporate Linux environment, they should just mimic a snmpd segmentation fault and no one will notice among the hundreds of existing segmentation fault of snmpd. + +(Originally on Twitter: [Sat Mar 06 22:30:50 +0000 2021](https://twitter.com/adulau/status/1368328244915802114)) +---- +The myth of patch obfuscation is clearly a path which will again help all the adversaries, kill the remaining capabilities of defenders to understand what proprietary software does and exploit more the build/supply chains. + +https://mobile.twitter.com/DAlperovitch/status/1368559815656673280 + +(Originally on Twitter: [Mon Mar 08 06:28:23 +0000 2021](https://twitter.com/adulau/status/1368810812710789122)) +---- +@vm00z @MITREattack Very good article. We will have a look at the @MISPProject limitations mentioned, I’m sure we can quickly fix these. + +(Originally on Twitter: [Mon Mar 08 16:19:08 +0000 2021](https://twitter.com/adulau/status/1368959477475590145)) +---- +@paulvixie @jtkristoff Thanks for sharing. It’s so crazy that I would like to dig into old bind code just to see how you manage to do it. It was still in a CVS repo in those days? + +(Originally on Twitter: [Mon Mar 08 19:21:59 +0000 2021](https://twitter.com/adulau/status/1369005496397672448)) +---- +RT @TimSweeneyEpic: @isostandards @mikko The value of standards is in their adoption. ISO obstructs adoption of standards by paywalling the… + +(Originally on Twitter: [Mon Mar 08 19:28:52 +0000 2021](https://twitter.com/adulau/status/1369007226472574981)) +---- +RT @abuse_ch: Tired of hunting for IOCs on social media and fighting with different logins across different platforms? I'm happy to announc… + +(Originally on Twitter: [Mon Mar 08 20:02:45 +0000 2021](https://twitter.com/adulau/status/1369015755182927877)) +---- +"This repository holds proof-of-concepts for the VOOdoo vulnerabilities found in NETGEAR CG3700B cable modems provided by VOO to its subscribers." + +https://github.com/QKaiser/voodoo + +(Originally on Twitter: [Tue Mar 09 09:21:00 +0000 2021](https://twitter.com/adulau/status/1369216641091964940)) +---- +@y0m Je croyais qu’ils voulaient juste visiter la cathédrale... ![](media/1369620918742487043-EwHevmOWYAgfOOH.jpg) + +(Originally on Twitter: [Wed Mar 10 12:07:28 +0000 2021](https://twitter.com/adulau/status/1369620918742487043)) +---- +RT @MISPProject: MISP 2.4.140 released with OpenID support, cross object references in extended events and many improvements. A minor secur… + +(Originally on Twitter: [Wed Mar 10 17:24:39 +0000 2021](https://twitter.com/adulau/status/1369700742114721796)) +---- +RT @JusticeRage: In the interest of supporting the discussion on the ethics of releasing PoCs for critical vulnerabilities, I created the f… + +(Originally on Twitter: [Wed Mar 10 21:36:41 +0000 2021](https://twitter.com/adulau/status/1369764168958640129)) +---- +@ancailliau @Iglocska @asfakian Cool idea. I love the simple and clean implementation. Running it with the YARA rules of @ail_project could give some interesting hits on some mailboxes. https://github.com/ail-project/ail-yara-rules + +(Originally on Twitter: [Fri Mar 12 06:24:49 +0000 2021](https://twitter.com/adulau/status/1370259466793406468)) +---- +RT @r2x0t: I see others are still struggling with decoding of this signal and various custom #SpaceX frames is uses. + +So here are all the i… + +(Originally on Twitter: [Sat Mar 13 08:18:49 +0000 2021](https://twitter.com/adulau/status/1370650543262212097)) +---- +@abuse_ch Good luck with the move! Thanks for all the work you do. + +(Originally on Twitter: [Sat Mar 13 08:40:25 +0000 2021](https://twitter.com/adulau/status/1370655978459369472)) +---- +RT @FDezeure: 7th EU ATT&CK Workshop on 1-2 June. https://attack-community.org/event/. Updates from @MITREattack, launching @CycatP, exciting news from… + +(Originally on Twitter: [Sat Mar 13 10:04:30 +0000 2021](https://twitter.com/adulau/status/1370677139067052032)) +---- +Reading about a "A Slow Global Response" about patching of Microsoft Exchange, there are some challenges: + +- Notification is getting harder especially that whois contact per domain is harder to get due to GDPR. +- Outsourcing legacy systems dilute patching responsibility. + +(Originally on Twitter: [Sat Mar 13 10:42:49 +0000 2021](https://twitter.com/adulau/status/1370686783147667456)) +---- +@simonpetitjean Even generic company or organisations point-of-contact (phone numbers or email) are not accessible any more. The privacy argument is just BS especially if you operate a business, the responsible natural person(s) must be known. + +(Originally on Twitter: [Sat Mar 13 10:48:18 +0000 2021](https://twitter.com/adulau/status/1370688161920249856)) +---- +@xme Could this be linked to this vulnerability https://cvepremium.circl.lu/cve/CVE-2020-35232 ? + +(Originally on Twitter: [Sat Mar 13 10:50:46 +0000 2021](https://twitter.com/adulau/status/1370688783000215552)) +---- +@marjatech Thanks for the update of @malpedia galaxy in MISP. + +(Originally on Twitter: [Sat Mar 13 11:01:16 +0000 2021](https://twitter.com/adulau/status/1370691425524932609)) +---- +@belathoud The problem is that ARIN saw the GDPR has a solution to solve the illegitimate use of the whois database without considering the balance with all the legitimate and critical use of whois records. + +(Originally on Twitter: [Sat Mar 13 11:20:35 +0000 2021](https://twitter.com/adulau/status/1370696283950841856)) +---- +@S_Team_Approved Oui cela va partir au pilon et donc il faut vider les stocks. + +(Originally on Twitter: [Sat Mar 13 18:01:45 +0000 2021](https://twitter.com/adulau/status/1370797243192778752)) +---- +@shotgunner101 @vxunderground @FlashpointIntel Indeed this is how many companies do work. Maybe one day such information will be just a commodity crowdsourced by the community, available as open source and freely accessible for everyone. In the past years, the public accessible feeds evolved into high quality ones. @abuse_ch + +(Originally on Twitter: [Sun Mar 14 08:46:58 +0000 2021](https://twitter.com/adulau/status/1371020016146071560)) +---- +@jfslowik "Saft el-Hinna" but known as "Per-Sopdu" in those days? but not sure we are talking about the same "North" in the lower Egypt. It's confusing just like the bloody time zone. + +(Originally on Twitter: [Sun Mar 14 21:23:09 +0000 2021](https://twitter.com/adulau/status/1371210313811566596)) +---- +@CryptoCypher maybe it should be a foundation handling and providing leak information to the public. + +(Originally on Twitter: [Mon Mar 15 19:49:01 +0000 2021](https://twitter.com/adulau/status/1371549013670031361)) +---- +@CryptoCypher My main worry is the dependency on HIBP as a single provider which can be acquired or moved. + +(Originally on Twitter: [Mon Mar 15 19:59:42 +0000 2021](https://twitter.com/adulau/status/1371551702533484553)) +---- +@m0nster847 It’s a broken fix. We have experienced many notification via such model in those “privacy preserving” registrars. It just sending an email in blackhole without bounces and even escalation procedure. + +(Originally on Twitter: [Tue Mar 16 06:04:17 +0000 2021](https://twitter.com/adulau/status/1371703848520314882)) +---- +@Ko97551819 + + +media/1371863344534192133-EwnWb6oWEAAoyEi.mp4 + +(Originally on Twitter: [Tue Mar 16 16:38:03 +0000 2021](https://twitter.com/adulau/status/1371863344534192133)) +---- +@thegrugq Another territory which is not widely accepted is to have an increased diversity in the software industry as mentioned by Dan Geer some decade ago. Measuring success of a software company by the number of companies using its software might become a negative point in the future. + +(Originally on Twitter: [Wed Mar 17 06:16:24 +0000 2021](https://twitter.com/adulau/status/1372069285615566849)) +---- +RT @abuse_ch: Daily MISP events for everyone! 🥳 + +I'm now publishing daily @MISPProject feeds on URLhaus, MalwareBazaar and ThreatFox! + +URLh… + +(Originally on Twitter: [Wed Mar 17 16:07:21 +0000 2021](https://twitter.com/adulau/status/1372218004423970823)) +---- +@Ko97551819 + + +media/1372301120136167431-EwtklhsWYAMfoGp.mp4 + +(Originally on Twitter: [Wed Mar 17 21:37:37 +0000 2021](https://twitter.com/adulau/status/1372301120136167431)) +---- +@lorenzo2472 @CNIL Let me guess car manufacturers found a way to monetize the legal obligation of eCall by turning it always on. + +https://europa.eu/youreurope/citizens/travel/security-and-emergencies/emergency-assistance-vehicles-ecall/index_en.htm + +(Originally on Twitter: [Thu Mar 18 06:38:29 +0000 2021](https://twitter.com/adulau/status/1372437232456466438)) +---- +RT @MISPProject: How to create new MISP objects, extend the data-model and contribute back to the community. The MISP Objects 101 article e… + +(Originally on Twitter: [Fri Mar 19 07:29:09 +0000 2021](https://twitter.com/adulau/status/1372812371190759429)) +---- +@H_Miser @jpgaulier En Belgique, on dirait mais « c’est quoi ce brol » ? Si vous trouvez la référence aux brevets mentionnés... ![](media/1373547076571779076-Ew_OKjRWUAMOo4-.jpg) + +(Originally on Twitter: [Sun Mar 21 08:08:36 +0000 2021](https://twitter.com/adulau/status/1373547076571779076)) +---- +@H_Miser @jpgaulier Si vous voulez rire un peu https://altrnativ.com/media/2020/09/presentation-net-doh.pdf + +(Originally on Twitter: [Sun Mar 21 08:29:08 +0000 2021](https://twitter.com/adulau/status/1373552241840418817)) +---- +What the use of the 840MHz in Belgium? @BIPT_IBPT says it’s public mobile networks without further details. ![](media/1373686721976668165-ExBPKulWgAAvy-J.jpg) + +(Originally on Twitter: [Sun Mar 21 17:23:31 +0000 2021](https://twitter.com/adulau/status/1373686721976668165)) +---- +@marcolanie @BIPT_IBPT Oui je trouvais cela assez étroit pour du LTE mais je vais essayer de décoder. + +(Originally on Twitter: [Sun Mar 21 17:36:47 +0000 2021](https://twitter.com/adulau/status/1373690064295854080)) +---- +@DrScriptt Yes. gqrx is a nice companion for spotting interesting frequency or quickly debugging. + +(Originally on Twitter: [Mon Mar 22 06:17:21 +0000 2021](https://twitter.com/adulau/status/1373881466891952130)) +---- +@DrScriptt Maybe starts to have a look at the ISM bands especially 433 and 868. Then you can spot interesting stuff with and without decoder from https://github.com/merbanan/rtl_433 and start to build your own. The pull-request of the projects are usually very good and insightful. + +(Originally on Twitter: [Mon Mar 22 06:23:59 +0000 2021](https://twitter.com/adulau/status/1373883136233369606)) +---- +RT @BIPT_IBPT: @adulau The 832-862 MHz band is used in Belgium (and in Europe in general) for 4G uplink (transmission of the terminal). The… + +(Originally on Twitter: [Mon Mar 22 09:03:49 +0000 2021](https://twitter.com/adulau/status/1373923357083721730)) +---- +@BIPT_IBPT Thank you very much for the feedback. By the way, do you have a parseable open data for all the spectrum allocation in JSON or CSV format? + +(Originally on Twitter: [Mon Mar 22 09:05:16 +0000 2021](https://twitter.com/adulau/status/1373923723326144513)) +---- +RT @NATOCanada: In this article, Bryan Roh explains the NATO origins behind an open source software called MISP and the reasons for its wor… + +(Originally on Twitter: [Mon Mar 22 11:03:38 +0000 2021](https://twitter.com/adulau/status/1373953510316904455)) +---- +@Ko97551819 Huge... I mean the rat ;-) + +(Originally on Twitter: [Tue Mar 23 17:18:30 +0000 2021](https://twitter.com/adulau/status/1374410235729702915)) +---- +@olberger @fsf Same for me https://github.com/rms-open-letter/rms-open-letter.github.io/pull/204/commits/c7421041837352ba265c5c079e7ad0f433ff1fe0 I was a regular supporter of the FSF (#53). We clearly deserve better for the free software community. + +(Originally on Twitter: [Tue Mar 23 21:36:56 +0000 2021](https://twitter.com/adulau/status/1374475273496760328)) +---- +@clevybencheton It’s a training about bypassing DRM protection? + +(Originally on Twitter: [Thu Mar 25 14:18:02 +0000 2021](https://twitter.com/adulau/status/1375089598041358338)) +---- +just released DomainClassifier 1.0 with a new "Passive DNS" output format https://github.com/adulau/DomainClassifier which will be used in the next release of @ail_project to feed passive DNS sensors. + +DomainClassifier is a python library to find domains and hostnames from unstructured text. ![](media/1375121227774373898-ExVolexWUAoS51S.png) + +(Originally on Twitter: [Thu Mar 25 16:23:43 +0000 2021](https://twitter.com/adulau/status/1375121227774373898)) +---- +@Ko97551819 Less of everything + +(Originally on Twitter: [Fri Mar 26 19:19:53 +0000 2021](https://twitter.com/adulau/status/1375527949085118466)) +---- +A shared model of copyright assignments locks the software license and the contributions into a common pot. A foundation can be a copyright owner along with one or more authors/contributors. Authors just need to certify their contribution https://developercertificate.org/ + +(Originally on Twitter: [Sat Mar 27 08:43:48 +0000 2021](https://twitter.com/adulau/status/1375730261565050881)) +---- +Let’s talk about copyright assignments for open source projects, single copyright assignment is a risk for a lot of open source projects. Recent examples such as Elastic and even the FSF board going nuts. So what’s the safest approach for free software projects? + +(Originally on Twitter: [Sat Mar 27 08:43:48 +0000 2021](https://twitter.com/adulau/status/1375730259685998595)) +---- +If you do foundation or you are the maintainer of an open source/free software project, just think about it. What’s the best common interest for the community? + +(Originally on Twitter: [Sat Mar 27 08:43:49 +0000 2021](https://twitter.com/adulau/status/1375730264660381697)) +---- +Open source projects are moving among developers, maintainers, contributors and even foundations. Locking the open source license opens the work to be freely shared while avoiding a single copyright holder to get rid of the open source license at some point. + +(Originally on Twitter: [Sat Mar 27 08:43:49 +0000 2021](https://twitter.com/adulau/status/1375730263179821057)) +---- +RT @maximilianhils: @adulau The objective of your legal council is to minimize risk, your objective should be to balance concerns and make… + +(Originally on Twitter: [Sat Mar 27 11:55:49 +0000 2021](https://twitter.com/adulau/status/1375778582199472130)) +---- +@BlueTeamJK I agree if organisations are going for DCO and shared ownerships (and not CLA) which is the often case for Linux Foundation. It’s not the case for Apache Foundation or OASIS. These foundations need to rethink this. The governance should evolve and be a support to the community. + +(Originally on Twitter: [Sat Mar 27 12:01:01 +0000 2021](https://twitter.com/adulau/status/1375779890952335365)) +---- +@BlueTeamJK CLA, most of the time, includes a copyright (or licensing when the country doesn’t allow a full transfert of patrimonial rights) assignment agreement. Instead of this model, DCO is just a sane model without having the risk of relicensing or abuse of a project by an organisation. + +(Originally on Twitter: [Sat Mar 27 16:39:09 +0000 2021](https://twitter.com/adulau/status/1375849885849821198)) +---- +@BlueTeamJK It’s not the case. A DCO like this one used for the Linux kernel and many other projects is a just a certificate telling that you the right to contribute the code https://developercertificate.org/ and you are not transferring author-rights to a third party. + +(Originally on Twitter: [Sat Mar 27 18:19:37 +0000 2021](https://twitter.com/adulau/status/1375875167788929027)) +---- +RT @Iglocska: @BlueTeamJK @adulau Obviously, there are many ways to kill a project, but might as well eliminate one obvious one by keeping… + +(Originally on Twitter: [Sat Mar 27 18:35:22 +0000 2021](https://twitter.com/adulau/status/1375879131662012417)) +---- +https://www.marxists.org/archive/marx/works/1894-c3/ch04.htm + +"The chief means of reducing the time of circulation is improved communications." Karl Marx did mention the telegraph along with the Suez Canal in the effect of the turnover on the rate of profit. Nothing is new, everything is old. ![](media/1376190841891475458-ExkzgBRWYAM6EWp.png) + +(Originally on Twitter: [Sun Mar 28 15:13:59 +0000 2021](https://twitter.com/adulau/status/1376190841891475458)) +---- +Just merged support for ja3 fingerprint in ssldump (thanks to @___wr___ for the work) it will be used for @d4_project shared ja3 public database. https://github.com/adulau/ssldump ![](media/1376549280681492481-Exp5vVXXAAAH8PO.jpg) + +(Originally on Twitter: [Mon Mar 29 14:58:18 +0000 2021](https://twitter.com/adulau/status/1376549280681492481)) +---- +@cyb3rops Looking at the typo and the comments, it could be also a committer who wanted to prove a point to force the use of signed commits and enforcing the use of GitHub instead of an unmaintained gitlab server. + +(Originally on Twitter: [Mon Mar 29 15:43:07 +0000 2021](https://twitter.com/adulau/status/1376560560200941568)) +---- +@USAID @ITU Maybe promoting and supporting open source would be the best approach to support other countries in improving their capabilities. + +(Originally on Twitter: [Tue Mar 30 17:43:24 +0000 2021](https://twitter.com/adulau/status/1376953219415425025)) +---- +RT @ail_project: "AIL Framework: Practical and Efficient Data-Mining of Suspicious Websites, Forums and Tor Hidden-Services" +1st April 2021… + +(Originally on Twitter: [Wed Mar 31 09:36:39 +0000 2021](https://twitter.com/adulau/status/1377193112930508800)) +---- +@aris_ada After those BDSM sessions, I always go back to latex-beamer and feel much better after. + +(Originally on Twitter: [Wed Mar 31 17:34:43 +0000 2021](https://twitter.com/adulau/status/1377313422803677184)) +---- +Maybe one day, I’ll do a book about 0days and how we fucked up by creating a market for it. + +(Originally on Twitter: [Wed Mar 31 20:29:19 +0000 2021](https://twitter.com/adulau/status/1377357361912897536)) +---- +@pro_integritate Yes to say that I also fucked up ;-) + +(Originally on Twitter: [Thu Apr 01 05:08:10 +0000 2021](https://twitter.com/adulau/status/1377487931858948096)) +---- +RT @Agarri_FR: Gitlab acquired Peach Fuzzer Pro then open-sourced most of it 🤩 + +https://gitlab.com/gitlab-org/security-products/protocol-fuzzer-ce + +(Originally on Twitter: [Fri Apr 02 15:18:38 +0000 2021](https://twitter.com/adulau/status/1378003948435599369)) +---- +It seems I’ll participate in a round table discussion about « legal interception of communications - the inextricable issue of backdoors » if you have some horror stories to share ;-) + + +media/1378008582784946180-Ex-rf43WEAQ5PV8.mp4 + +(Originally on Twitter: [Fri Apr 02 15:37:02 +0000 2021](https://twitter.com/adulau/status/1378008582784946180)) +---- +Slowly designing a first version of the crawler and fast lookup back-end for @CycatP I hope to have something working early next week. + +(Originally on Twitter: [Fri Apr 02 21:00:52 +0000 2021](https://twitter.com/adulau/status/1378090077981671432)) +---- +RT @joernchen: "Have some free CVEs" + +Seems like we're at a point where we need to automate disclosure as it simply doesn't scale any more… + +(Originally on Twitter: [Sat Apr 03 08:16:09 +0000 2021](https://twitter.com/adulau/status/1378260017799958533)) +---- +RT @MISPProject: If you want a good open source companion to MISP, @ail_project allows you to export in MISP evidences collected in AIL aut… + +(Originally on Twitter: [Sat Apr 03 12:35:48 +0000 2021](https://twitter.com/adulau/status/1378325359582662659)) +---- +If you operate an unfiltered DoH server in France, it might become an issue soon. I have the strong feeling that @cedric_o got a call from @ElsevierConnect or their favourite lobbyists. + +http://www.senat.fr/amendements/2020-2021/455/Amdt_639.html + +https://twitter.com/cedric_o/status/1378014243618967553 ![](media/1378330282835738627-EyDPOksWgAYY7GH.jpg) + +(Originally on Twitter: [Sat Apr 03 12:55:22 +0000 2021](https://twitter.com/adulau/status/1378330282835738627)) +---- +RT @Arkbird_SOLG: Looks like a recent maldoc of #APT34 that's drops #Karkoff implant. +Sample : +https://bazaar.abuse.ch/sample/1f47770cc42ac8805060004f203a5f537b7473a36ff41eabb746900b2fa24cc8/ +Maldoc : https://t.c… + +(Originally on Twitter: [Sun Apr 04 06:43:08 +0000 2021](https://twitter.com/adulau/status/1378598996705476612)) +---- +@hpiedcoq The hype is from a well known company trying to sell their « darkweb monitoring services » which loves to contact the press as a marketing strategy. + +(Originally on Twitter: [Sun Apr 04 16:19:03 +0000 2021](https://twitter.com/adulau/status/1378743930980864001)) +---- +@bp256r1 MISP has a huge set +of artefact objects for #DFIR (such as regripper, evidences) https://misp-project.org/objects.html and is easily extendable + +(Originally on Twitter: [Mon Apr 05 07:07:50 +0000 2021](https://twitter.com/adulau/status/1378967601443901444)) +---- +@antoinehasday @Intel_Online_Fr C’est vraiment l’offre pour les personnes individuelles ou les étudiants ? ou c’est une erreur de typo ? Merci ![](media/1378968967218409474-EyMUsF5XAAEaDie.jpg) + +(Originally on Twitter: [Mon Apr 05 07:13:16 +0000 2021](https://twitter.com/adulau/status/1378968967218409474)) +---- +RT @FIRSTdotOrg: Happy Monday! AIL Framework Workshop posted to YouTube. Watch & subscribe at https://youtu.be/KG1xkmdEbHA. Thx to the @circl_lu… + +(Originally on Twitter: [Mon Apr 05 13:54:37 +0000 2021](https://twitter.com/adulau/status/1379069971641339907)) +---- +While compiling R from scratch, I found a bug and fixed it. Then I wanted to make a pull-request and just discover that R is still using Subversion https://www.r-project.org/bugs.html read "how to submit patches..." and you'll remember the talk of Linus Torvalds about Subversion + + +media/1379185748423929860-EyPaH5NWQAEunWe.mp4 + +(Originally on Twitter: [Mon Apr 05 21:34:41 +0000 2021](https://twitter.com/adulau/status/1379185748423929860)) +---- +@_msw_ Yep another good example why a foundation umbrella alone, when your project doesn’t have an active community, it’s useless. Or is the structure too rigid to attract new contributors? + +(Originally on Twitter: [Tue Apr 06 16:29:08 +0000 2021](https://twitter.com/adulau/status/1379471243691319300)) +---- +RT @dragosr: PWN2OWN 2021 fun. Preauth remote RCE in Exchange via a 3 vuln chain, from the folks who found the last one. + +(Originally on Twitter: [Tue Apr 06 16:41:02 +0000 2021](https://twitter.com/adulau/status/1379474237237366788)) +---- +@attritionorg Wait... the stone is much bigger nowadays ;-) + +(Originally on Twitter: [Thu Apr 08 21:46:51 +0000 2021](https://twitter.com/adulau/status/1380275974659522560)) +---- +I was really glad to give those two days MISP @FIRSTdotOrg workshops with @Iglocska - the audience was incredible and gave a lot of insightful feedback to improve the MISP project and sharing communities. I’m really optimist about the future. + + +media/1380618369582391297-EyjxFd4WQAszCft.mp4 + +(Originally on Twitter: [Fri Apr 09 20:27:24 +0000 2021](https://twitter.com/adulau/status/1380618369582391297)) +---- +@grumpy4n6 @FIRSTdotOrg @Iglocska Thanks. We have also incredible users and contributors 🙏🏻 + +(Originally on Twitter: [Fri Apr 09 20:39:38 +0000 2021](https://twitter.com/adulau/status/1380621448386084865)) +---- +@atluxity @FIRSTdotOrg @Iglocska Thank you! We are just trying to make things a bit better in the cyber space ;-) + +(Originally on Twitter: [Sat Apr 10 07:06:51 +0000 2021](https://twitter.com/adulau/status/1380779290975997952)) +---- +RT @vessial: #Qualcomm 4/5G #Baseband internal messaging system and state machine reverse engineering , https://github.com/vessial/baseband/blob/master/Qualcomm_BaseBand_Messaging_and_State_Machine.md ,only Chine… + +(Originally on Twitter: [Sat Apr 10 08:18:47 +0000 2021](https://twitter.com/adulau/status/1380797395886350336)) +---- +RT @malwaremustd1e: Dealing w/stripped #ELF #malware? +Few strings? Has crypt code? In #RISC #cpu? +Don't panic, take a deep breath! +Open @ra… + +(Originally on Twitter: [Sat Apr 10 10:16:48 +0000 2021](https://twitter.com/adulau/status/1380827094666645505)) +---- +@hpiedcoq Catalyseur, inter-connecteur, “dynamiseur” mais je suppose que l’on peut faire plein de néologismes + +(Originally on Twitter: [Sat Apr 10 11:29:26 +0000 2021](https://twitter.com/adulau/status/1380845372101251072)) +---- +@alexanderjaeger @circl_lu It’s CC-BY. We will be update the web page. Thanks for using it and the hint ;-) + +(Originally on Twitter: [Sat Apr 10 11:32:33 +0000 2021](https://twitter.com/adulau/status/1380846157241405441)) +---- +Wondering something for years and no one really answered me. How the “digital nomads” deal with taxes seeing how it’s already difficult to do remote work while working in Luxembourg and living in Belgium? + +(Originally on Twitter: [Sun Apr 11 11:28:55 +0000 2021](https://twitter.com/adulau/status/1381207629297487876)) +---- +@DebugPrivilege Lol it’s just putting your driving license next to your name. It doesn’t mean that you are a good driver. Pretty useless. + +(Originally on Twitter: [Sun Apr 11 11:33:19 +0000 2021](https://twitter.com/adulau/status/1381208737487187968)) +---- +@superruserr Thanks for the info. Where do you pay your taxes? where you work I suppose and how do you deal for social declarations. If you are nomad and move every 3 months. I cannot believe it’s realistic to make a social declaration in each country you work from? Any good reference? + +(Originally on Twitter: [Sun Apr 11 11:41:34 +0000 2021](https://twitter.com/adulau/status/1381210815081160708)) +---- +@lud0bar Il y a des restrictions sur le nombre de jours de télétravail et il y aussi des limites sur le lieu de télétravail. Il y a aussi des questions sur les charges sociales s’il y a un dépassement. C’est un casse-tête administratif. Mais pour les “digital nomads” cela semble ok 🧐 + +(Originally on Twitter: [Sun Apr 11 11:45:52 +0000 2021](https://twitter.com/adulau/status/1381211897920376838)) +---- +@superruserr In your case, it’s indeed easier if you work contracting and self-employed. Thanks for the feedback. + +(Originally on Twitter: [Sun Apr 11 11:49:47 +0000 2021](https://twitter.com/adulau/status/1381212881497305089)) +---- +ssldump v1.4 - IPv6 support added, JA3 hashes added and various bugs fixed. Thanks to @___wr___ for the contributions. The tool is now used in @d4_project thanks to @circl_lu and @cinea_eu for the support and funding. #DFIR https://github.com/adulau/ssldump/ ![](media/1381527994129379329-Eywo1iKWQAMqc1x.jpg) + +(Originally on Twitter: [Mon Apr 12 08:41:56 +0000 2021](https://twitter.com/adulau/status/1381527994129379329)) +---- +In the future book “how to not lead your free software foundation”, the FSF will have a full chapter. + +(Originally on Twitter: [Mon Apr 12 17:48:40 +0000 2021](https://twitter.com/adulau/status/1381665586246209537)) +---- +@hpiedcoq Comme quoi une vieille bécane Unix avec awk, perl 4 et bc serait plus efficace ;-) + +(Originally on Twitter: [Tue Apr 13 05:36:57 +0000 2021](https://twitter.com/adulau/status/1381843830555570177)) +---- +"The Tip of the Iceberg: On the Merits of Finding SecurityBugs" Many interesting points especially the the impact of bug bounty programs in FOSS. + +https://fileserver.tk.informatik.tu-darmstadt.de/Publications/2020/alexopoulos2020TOPS.pdf ![](media/1381877996953427969-Ey1qqGfWQAs2A60.jpg) + +(Originally on Twitter: [Tue Apr 13 07:52:43 +0000 2021](https://twitter.com/adulau/status/1381877996953427969)) +---- +@Vecchi_Paolo @S_Team_Approved @metaconflict @MicrosoftEdge firefox -p « yourprofile » is a life saver ;-) + +(Originally on Twitter: [Wed Apr 14 11:20:57 +0000 2021](https://twitter.com/adulau/status/1382292790642626562)) +---- +@cyb3rops Many of the uniforms include camouflage. It's a default feature. I remember going to meetings and wondering why the camouflage pattern is sometime the same for different organisations. + +(Originally on Twitter: [Thu Apr 15 13:56:48 +0000 2021](https://twitter.com/adulau/status/1382694400057348099)) +---- +RT @MISPProject: Passive DNS @FarsightSecInc dnsdb MISP module has been updated in MISP. Timeline is automatically built from Passive DNS r… + +(Originally on Twitter: [Thu Apr 15 20:19:28 +0000 2021](https://twitter.com/adulau/status/1382790700585082885)) +---- +@Timo_Steffens @y0m @egflo It's not a clever move seeing the number of reported vulnerabilities found by PT and sent to many PSIRTs for different vendors in Europe and US. + +(Originally on Twitter: [Fri Apr 16 07:31:57 +0000 2021](https://twitter.com/adulau/status/1382959935458279425)) +---- +@Timo_Steffens @y0m @egflo « limited disclosure » is lacking some concrete evidences imho. I have seen much more reports from them to PSIRTs than many US-based companies selling services to US DoD. On the intelligence side, using sanction seems risky and could hinder information gathering. + +(Originally on Twitter: [Fri Apr 16 08:50:05 +0000 2021](https://twitter.com/adulau/status/1382979600666492930)) +---- +@Timo_Steffens @y0m @egflo Maybe they tried to follow the trend of all those vulnerabilities brokers greenwashing with private channel of preventive notifications for some selected customers ;-) + +(Originally on Twitter: [Fri Apr 16 08:52:06 +0000 2021](https://twitter.com/adulau/status/1382980105375522816)) +---- +RT @MISPProject: Thanks for organising LS21 @ccdcoe, we've had a blast and learned a lot. Expect changes to come to MISP based on feedback… + +(Originally on Twitter: [Fri Apr 16 11:34:46 +0000 2021](https://twitter.com/adulau/status/1383021041694486533)) +---- +RT @jtkristoff: As one RP software package prepares to make an exit, another very thoughtful implementation is helping to fill the void. E… + +(Originally on Twitter: [Fri Apr 16 13:49:10 +0000 2021](https://twitter.com/adulau/status/1383054863727202308)) +---- +a great post of @PowerDNS_Bert explaining why Europe doesn’t lead anymore the engineering aspects in the telecommunications. + +https://mobile.twitter.com/PowerDNS_Bert/status/1383313367440314371 ![](media/1383366314144632834-EzKz6slVkAI7P9w.jpg) + +(Originally on Twitter: [Sat Apr 17 10:26:45 +0000 2021](https://twitter.com/adulau/status/1383366314144632834)) +---- +@alexanderjaeger « go to the cloud » is outsourcing? or do I miss something? + +(Originally on Twitter: [Sat Apr 17 10:46:16 +0000 2021](https://twitter.com/adulau/status/1383371225401946115)) +---- +@GalaMolecules Ou alors c’est un vrai jardinier qui laisse monter quelques salades pour récolter les graines ;-) + +(Originally on Twitter: [Sun Apr 18 08:04:10 +0000 2021](https://twitter.com/adulau/status/1383692817600454657)) +---- +@bortzmeyer @edasfr Un anarchiste c’est pas un libertarien sans boulot ? + +(Originally on Twitter: [Mon Apr 19 16:37:54 +0000 2021](https://twitter.com/adulau/status/1384184493498531844)) +---- +@Ko97551819 I would recommend the vendors of security product to replace their glossy marketing papers with real toilet paper. It will be good for everyone. + +(Originally on Twitter: [Mon Apr 19 16:41:44 +0000 2021](https://twitter.com/adulau/status/1384185456133218306)) +---- +RT @jimmychappell: It’s a wrap! Day 1 of the @FIRSTdotOrg CTI Summit featured all these excellent talks - looking forward to many more tom… + +(Originally on Twitter: [Tue Apr 20 06:39:19 +0000 2021](https://twitter.com/adulau/status/1384396240247472128)) +---- +RT @circl_lu: "TR-63 - Vulnerabilities and Exploitation of Pulse Connect Secure" + +https://www.circl.lu/pub/tr-63/ + +If you are operating Pulse Conne… + +(Originally on Twitter: [Wed Apr 21 10:05:06 +0000 2021](https://twitter.com/adulau/status/1384810417604726785)) +---- +RT @d4_project: We publish "Industrialize the Tracking of Botnet Operations – A Practical Case with Large Coin-Mining Threat-Actor(s)” incl… + +(Originally on Twitter: [Wed Apr 21 15:39:44 +0000 2021](https://twitter.com/adulau/status/1384894630307766272)) +---- +I have mixed feelings about this research: +https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf Did it bring something new to the open source community? If you have a group of contributors and someone is playing unfairly at random intervals. The only solution is to kick out such contributor. + +(Originally on Twitter: [Wed Apr 21 17:44:40 +0000 2021](https://twitter.com/adulau/status/1384926072291090443)) +---- +@davidonzo Indeed. The most important part is the ethical aspect. What is the most ethical approach? Trying to sneak in malicious commits (to publish a paper) when you have received the trust from a group or kicking out someone for not respecting the group trust? The answer is clear to me. + +(Originally on Twitter: [Wed Apr 21 18:08:23 +0000 2021](https://twitter.com/adulau/status/1384932039506501638)) +---- +@___wr___ @remi_laurent @rafi0t The original interface was much more sexy and the outcome was a great experience while listing to old-school Belgian techno. Nowadays you get a potential ticket to a large room without electronic music. + +(Originally on Twitter: [Wed Apr 21 19:18:02 +0000 2021](https://twitter.com/adulau/status/1384949566278078465)) +---- +RT @olafhartong: The great team at @Sysinternals released #Sysmon version 13.10 adding a new event type. I posted a small blog to describe… + +(Originally on Twitter: [Thu Apr 22 06:11:22 +0000 2021](https://twitter.com/adulau/status/1385113985045962757)) +---- +RT @malwaremustd1e: I personally thank+owe a lot to these great guys to bring excellent #CTI research to #1stCTI21 w/my short notice:🙏 +@Ser… + +(Originally on Twitter: [Thu Apr 22 07:53:13 +0000 2021](https://twitter.com/adulau/status/1385139613900095489)) +---- +@Ko97551819 This makes B&B which is the whole concept for Donut. + +(Originally on Twitter: [Thu Apr 22 08:40:10 +0000 2021](https://twitter.com/adulau/status/1385151430303047683)) +---- +@H_Miser @CertSG Congrats for your work and commitment to make the Internet a safer place! + +(Originally on Twitter: [Thu Apr 22 18:15:52 +0000 2021](https://twitter.com/adulau/status/1385296308420980736)) +---- +Where do you write the credentials stolen in your compromised Wordpress? license.txt no one reads the license file ;-) ![](media/1385577974683127813-EzqPPixWQAMXsm7.png) + +(Originally on Twitter: [Fri Apr 23 12:55:06 +0000 2021](https://twitter.com/adulau/status/1385577974683127813)) +---- +RT @wcbowling: Anyone using ExifTool make sure to update to 12.24+ as CVE-2021-22204 can be triggered with a perfectly valid image (jpg, ti… + +(Originally on Twitter: [Sat Apr 24 06:59:58 +0000 2021](https://twitter.com/adulau/status/1385850989052407811)) +---- +We just released cve-search v4.1.0 including many improvements and bugs fixed. . + +https://github.com/cve-search/cve-search/releases/tag/v4.1.0 + +cve-search is an open source project to maintain a local vulnerability database. There is an advanced API https://cvepremium.circl.lu/api_docs Thanks to all contributors. #infosec + +(Originally on Twitter: [Sat Apr 24 08:22:16 +0000 2021](https://twitter.com/adulau/status/1385871703159492608)) +---- +@Ko97551819 + + +media/1385933267652812801-EzvS9QeWEAMsPrR.mp4 + +(Originally on Twitter: [Sat Apr 24 12:26:55 +0000 2021](https://twitter.com/adulau/status/1385933267652812801)) +---- +Life will be less creative without @dakami we will miss him. + +(Originally on Twitter: [Sat Apr 24 15:38:06 +0000 2021](https://twitter.com/adulau/status/1385981383340929025)) +---- +@_msw_ Indeed and for Cygnus Solution too. The copyleft-type licenses ensure a common ground for economical trade and relationship while having the software kept in the same economical system. + +(Originally on Twitter: [Sun Apr 25 06:25:36 +0000 2021](https://twitter.com/adulau/status/1386204728007315457)) +---- +@ninoseki Sounds really cool. I see many interesting opportunities to use @ail_project yara ruleset too or use uzen as a crawler in AIL via the crawler manager https://github.com/ail-project + +(Originally on Twitter: [Sun Apr 25 13:31:05 +0000 2021](https://twitter.com/adulau/status/1386311803634954243)) +---- +@cbrocas @Gendarmerie @linuxpratique Alors quelles sont les bonnes astuces pour booster son terminal ? Moi j’ai tjs le nom de la branche git en cours dans mon prompt pour éviter les bêtises ;-) + +(Originally on Twitter: [Sun Apr 25 16:23:16 +0000 2021](https://twitter.com/adulau/status/1386355136147120131)) +---- +@cbrocas @Gendarmerie @linuxpratique parse_git_branch() { + git branch 2> /dev/null | sed -e '/^[^*]/d' -e 's/* \(.*\)/(\1)/' +} + +export PS1="\u@\h \[\e[32m\]\w \[\e[91m\]\$(parse_git_branch)\[\e[00m\]$ " + +(Originally on Twitter: [Sun Apr 25 20:36:49 +0000 2021](https://twitter.com/adulau/status/1386418944483880961)) +---- +@ninoseki @ail_project Indeed the only issue is to scale with 10-20 crawlers using headless Chromium at the same time. We need to investigate. + +(Originally on Twitter: [Mon Apr 26 08:52:30 +0000 2021](https://twitter.com/adulau/status/1386604083516149760)) +---- +When I started to write free software in the 90, Bill Gates told us that “free software is a cancer”. Nowadays the whole world runs on open source and Microsoft is embracing it. But Bill Gates didn’t learn, get rid of patents and you’ll see the economy growing while saving lives. ![](media/1386720293289332736-Ez6dSESXMAYnuA3.jpg) + +(Originally on Twitter: [Mon Apr 26 16:34:16 +0000 2021](https://twitter.com/adulau/status/1386720293289332736)) +---- +@DrScriptt I know and some software vendors like @RedHat does it via kind of patent promise or grant of license for open source projects https://www.redhat.com/en/about/patent-promise but it doesn’t solve the issue of legal uncertainty, feeding a broken system and slowing down innovation. + +(Originally on Twitter: [Tue Apr 27 05:16:45 +0000 2021](https://twitter.com/adulau/status/1386912178402430978)) +---- +@akolsuoicauqol When I see “Kali Linux” on a resume, I always ask questions about the use of “sudo/su/doas” wondering why ;-) + +(Originally on Twitter: [Tue Apr 27 06:28:13 +0000 2021](https://twitter.com/adulau/status/1386930162059653124)) +---- +RT @MISPProject: MISP 2.4.142 released with new correlation features, UI sync functionality improved, new dashboard widgets and a security… + +(Originally on Twitter: [Wed Apr 28 16:45:20 +0000 2021](https://twitter.com/adulau/status/1387447855019958273)) +---- +Seeing more and more open source tools doing telemetry or tracking of theirs users. Even if it’s compatible with an open source license, do you think it’s ethical when there is no mention of such telemetry anywhere beside the code? + +(Originally on Twitter: [Wed Apr 28 19:57:52 +0000 2021](https://twitter.com/adulau/status/1387496304364896263)) +---- +@christophetd That’s my feeling too. For example, I don’t mind if they clearly explain what they do with the information collected like improving the software. But I have the bad feeling that some collect the information for future business models. + +(Originally on Twitter: [Wed Apr 28 20:17:19 +0000 2021](https://twitter.com/adulau/status/1387501199671369734)) +---- +"secml-malware: A Python Library for Adversarial Robustness Evaluation of Windows Malware Classifiers" #DFIR + +https://github.com/zangobot/secml_malware +https://arxiv.org/abs/2104.12848 +https://github.com/zangobot/secml_malware/blob/master/attack_tutorial.ipynb + +(Originally on Twitter: [Wed Apr 28 21:12:19 +0000 2021](https://twitter.com/adulau/status/1387515040362901508)) +---- +@msuiche @craiu @oct0xor Let me guess it's another researcher of the University of Minnesota. I think the title could have been "Hypocrite Threat Intelligence, how to ingest fake Indicators into threat intelligence platforms with AI profile modelization on crowd sourced sharing community" + +(Originally on Twitter: [Thu Apr 29 13:16:51 +0000 2021](https://twitter.com/adulau/status/1387757774289969157)) +---- +@remi_laurent After a successful tentative of an aggressive handshake in ISAKMP, finding the right compatible MAC/hashing algorithm, setting up a GRE or a L2TP tunnel or some incompatible shit, we just discover that the routing is done outside the tunnel. + + +media/1387830476069654531-E0KQdQbWEAY_kTs.mp4 + +(Originally on Twitter: [Thu Apr 29 18:05:44 +0000 2021](https://twitter.com/adulau/status/1387830476069654531)) +---- +@shrekts @Iglocska @mavam @tenzir_company Congrats! The team at Tenzir is incredible and having you onboard it’s just the perfect match. + +(Originally on Twitter: [Thu Apr 29 20:16:49 +0000 2021](https://twitter.com/adulau/status/1387863464509644809)) +---- +@F_kZ_ + + +media/1387865390974443523-E0KwNo5XIAATSgl.mp4 + +(Originally on Twitter: [Thu Apr 29 20:24:29 +0000 2021](https://twitter.com/adulau/status/1387865390974443523)) +---- +RT @passthesaltcon: Just a few hours to submit your research about Security+FLOSS to #pts21 CFP and have the opportunity to follow in the f… + +(Originally on Twitter: [Fri Apr 30 16:14:32 +0000 2021](https://twitter.com/adulau/status/1388164878804914176)) +---- +RT @andreafioraldi: #libafl is now public! https://github.com/AFLplusplus/LibAFL +We decided to make it public even without so much documentation so peopl… + +(Originally on Twitter: [Fri Apr 30 16:34:50 +0000 2021](https://twitter.com/adulau/status/1388169988129890310)) +---- +"NSA Comes Out of the Closet: The Debate over Public Cryptography in the Inman Era" (1977) partially declassified is a fascinating read. #cryptography +https://cryptome.org/2021/04/Joseph-Meyer-IEEE-1977.pdf + +(Originally on Twitter: [Sat May 01 07:56:28 +0000 2021](https://twitter.com/adulau/status/1388401924681183233)) +---- +I did some clean-up in the @MISPProject warning lists and added the great hash list Not an IOC list from @mount_knowledge which includes empty indicators, 1-3 byte variation but also empty HTML documents or alike. #CTI #DFIR + +https://github.com/MISP/misp-warninglists +https://github.com/RichieB2B/nioc/ + +(Originally on Twitter: [Sat May 01 09:14:43 +0000 2021](https://twitter.com/adulau/status/1388421615730429952)) +---- +RT @AndrewBarnas: I fixed the "Types of Scientific Paper" meme. ![](media/1388745531925598209-E0O9t7aVkAYhiT1.png) + +(Originally on Twitter: [Sun May 02 06:41:51 +0000 2021](https://twitter.com/adulau/status/1388745531925598209)) +---- +RT @cocaman: New post: Introducing COLT – Compromise to Leak Time https://wp.me/p9bHRg-rm #ransomware #PYSA #DarkSide + +(Originally on Twitter: [Mon May 03 04:44:58 +0000 2021](https://twitter.com/adulau/status/1389078506332696576)) +---- +@cocaman Thanks for sharing, it’s really cool. + +(Originally on Twitter: [Mon May 03 04:45:37 +0000 2021](https://twitter.com/adulau/status/1389078672330657794)) +---- +@cocaman https://github.com/MISP/misp-galaxy/commit/6f7d3d5c2bb16ac5d591c9286582b42410c01fa0#diff-077770915f657ee80b7d71c6a2305241638ddb186153bd0ba3e09647eb0aed21 + +(Originally on Twitter: [Mon May 03 05:44:50 +0000 2021](https://twitter.com/adulau/status/1389093573971353604)) +---- +@jpflorent Je dois avouer que je comprends pas trop. Les indicateurs sont au rouge, les auto évaluations sont aussi négatives.... pourquoi l'installation industrielle n'est pas fermée tant que les normes ne sont pas rencontrées? @celine_tellier + +(Originally on Twitter: [Mon May 03 10:54:26 +0000 2021](https://twitter.com/adulau/status/1389171486305443843)) +---- +@Ko97551819 She might pass the NATO test soon https://www.sto.nato.int/publications/STO%20Technical%20Reports/RTO-AG-SCI-095/$$AG-SCI-095-ALL.pdf + +(Originally on Twitter: [Mon May 03 10:56:14 +0000 2021](https://twitter.com/adulau/status/1389171939579777027)) +---- +It’s always great to discuss passive dns with @_aaron_kaplan_ @taratine @chrisred_68 @Terrtia and then new ideas emerge to find insights, new automation in @MISPProject and intelligence gathering methods. + +(Originally on Twitter: [Mon May 03 15:38:21 +0000 2021](https://twitter.com/adulau/status/1389242934617415682)) +---- +Looking for an open source EDR, you should have a look at it. It's maintained and the author is open to contribution (and a cool guy). #opensource #dfir + + https://twitter.com/0xrawsec/status/1389505408226758660 + +(Originally on Twitter: [Tue May 04 09:11:02 +0000 2021](https://twitter.com/adulau/status/1389507851337572353)) +---- +@Ls01 Une simple signature dans un certificat X.509 avec les CA qui peuvent émettre le certificat. Techno éprouvée et le code/lib sont dispos partout. + +(Originally on Twitter: [Tue May 04 10:43:29 +0000 2021](https://twitter.com/adulau/status/1389531118425317377)) +---- +RT @_aaron_kaplan_: @adulau @taratine @chrisred_68 @Terrtia @MISPProject And here is the link to the passive DNS common output format (COF)… + +(Originally on Twitter: [Tue May 04 20:28:08 +0000 2021](https://twitter.com/adulau/status/1389678252109844483)) +---- +@mireillemoret Seeing the model of private equity which is squeezing existing structures from their previous investments. Then reselling the destroyed structure to other companies. Maybe their PoV is growth after a war period… + +(Originally on Twitter: [Thu May 06 06:16:03 +0000 2021](https://twitter.com/adulau/status/1390188592434122752)) +---- +@Qwant_FR Ce sont les décisions des hommes qui peuvent réduire les libertés. Un exemple, on ne peut plus publier un nu photographique sur @instagram mais c’est sans soucis dans un musée ou un livre d’art accessible en librairie. La liberté d’Internet est devenu un mythe… + +(Originally on Twitter: [Thu May 06 06:22:10 +0000 2021](https://twitter.com/adulau/status/1390190133589204993)) +---- +RT @cyb3rops: The agenda for this year's EU @MITREattack Community Workshop is online + +1-2 June 2021 from 2pm CET until 6pm CET + +https://t.… + +(Originally on Twitter: [Fri May 07 10:50:49 +0000 2021](https://twitter.com/adulau/status/1390620127922737155)) +---- +RT @decalage2: #oletools 0.56.2 just released, with a number of bugfixes: https://github.com/decalage2/oletools/releases/tag/v0.56.2 +To update: pip install -U oletools +or see… + +(Originally on Twitter: [Sat May 08 12:00:02 +0000 2021](https://twitter.com/adulau/status/1390999934024011779)) +---- +@Stekkz @Ko97551819 Get rid of @Ferrero_EU industrial ones and test this one https://www.jeanherve.fr/en/la-chocolade-/65-la-chocolade-3390390000269.html you will never go back ;-) + +(Originally on Twitter: [Sat May 08 22:01:00 +0000 2021](https://twitter.com/adulau/status/1391151170744422407)) +---- +Not sure if you have the same feeling but « critical infrastructure » is a variable thing. For some, a pipeline is critical and would go in war for such thing. But who he is willing to fight back when ransomware target hospitals? + +https://mobile.twitter.com/DAlperovitch/status/1391126646716047367 + +(Originally on Twitter: [Sun May 09 07:14:21 +0000 2021](https://twitter.com/adulau/status/1391290428046168066)) +---- +RT @hasherezade: New releases: #PEsieve (https://github.com/hasherezade/pe-sieve/releases) & #HollowsHunter (https://github.com/hasherezade/hollows_hunter/releases) - updated with a bugfix - v0.… + +(Originally on Twitter: [Sun May 09 07:47:13 +0000 2021](https://twitter.com/adulau/status/1391298699993698304)) +---- +@Vecchi_Paolo I think every critical infrastructure are just low hanging fruits. They drown under a stack of compliance documents, inertia of bureaucracy, lack of motivation and creativity to improve security. I would love to be proven wrong but the state of security is not nice… + +(Originally on Twitter: [Sun May 09 07:58:39 +0000 2021](https://twitter.com/adulau/status/1391301574409003008)) +---- +RT @Ministraitor: #BestOfRecordings +Come To The Dark Side! We Have Radical Insurance Groups And Ransomware by @blackswanburst +and @bondanki… + +(Originally on Twitter: [Sun May 09 07:59:58 +0000 2021](https://twitter.com/adulau/status/1391301905490587648)) +---- +@Ministraitor @blackswanburst @hack_lu This talk is amazing and seeing how some insurance companies are dropping their customers targeted by ransomware… the talk was a kind of precursor to predict the future moves. + +(Originally on Twitter: [Sun May 09 08:01:49 +0000 2021](https://twitter.com/adulau/status/1391302373319057408)) +---- +RT @cPeterr: Checkout my full report on #Darkside #Ransomware v1.8.6.2! + +The malware uses custom RSA-1024 and Salsa20 for hybrid-cryptograp… + +(Originally on Twitter: [Sun May 09 14:50:04 +0000 2021](https://twitter.com/adulau/status/1391405112803856388)) +---- +RT @MichaelDrogalis: Put a UUID on it. Put a timestamp on it. Put a version on it. + +You won’t regret it. + +(Originally on Twitter: [Mon May 10 09:20:02 +0000 2021](https://twitter.com/adulau/status/1391684444109647874)) +---- +There is something that a lot of AGPL bashers need to know. Just read the license and you’ll see, it only applies if you modify the program. Distribution of software licensed under AGPL without modification is just a plain GPLv3 license. + + +media/1391863509940637697-E1DkeyEXMAAYRJS.mp4 + +(Originally on Twitter: [Mon May 10 21:11:35 +0000 2021](https://twitter.com/adulau/status/1391863509940637697)) +---- +@Vecchi_Paolo EUPL is a kind of generic copyleft license which was initiated by the EU Commission because there was some worries about the non-existing legally binding translations of most commonly used licenses. The license is fine & you can swap license to one of the predefined licenses. + +(Originally on Twitter: [Tue May 11 05:18:06 +0000 2021](https://twitter.com/adulau/status/1391985949903626240)) +---- +I was expecting more parallel discussions or experts talking about the Farewell dossier, the Trans-Siberian pipeline in 1982 and the current pipeline incident in US. But I assume we didn’t reach that stage of discussions in the pub… + +(Originally on Twitter: [Tue May 11 05:52:35 +0000 2021](https://twitter.com/adulau/status/1391994627033636865)) +---- +@kr_isgelijkaan You should better read my records in the National Register of person ;-) I'm much older than you think. + + +media/1392013160404684801-E1FslhoWUAIaSoJ.mp4 + +(Originally on Twitter: [Tue May 11 07:06:14 +0000 2021](https://twitter.com/adulau/status/1392013160404684801)) +---- +@KrisBuytaert @tijldeneut @Ciberth @wimremes @xme I see the same for some years while giving my courses at the university. It’s usually a very short period of time until they discover the vast world of open source security and how it can be used in defense. If it’s fun for them, they forget about the hype and become creative. + +(Originally on Twitter: [Thu May 13 06:47:50 +0000 2021](https://twitter.com/adulau/status/1392733304131043330)) +---- +RT @KimZetter: I suppose it's a sign that I'm doing a good job on Zero Day if someone is lifting a lengthy paragraph from one of my pieces… + +(Originally on Twitter: [Thu May 13 06:49:42 +0000 2021](https://twitter.com/adulau/status/1392733774002143234)) +---- +@browninfosecguy Some recommendations: Please don't use a word from the dictionary (it's confusing as hell and difficult to search in public forums for analysts), take a different name than the existing ones and don't wait for the antivirus industry to pick a stupid name for you ;-) + +(Originally on Twitter: [Thu May 13 07:59:55 +0000 2021](https://twitter.com/adulau/status/1392751445909323779)) +---- +@stevengoossens @MISPProject @tricaud @ErrataRob Indeed. Some vendors really want to keep their customer captive to avoid having a mixed environment with multiple vendors and open source threat intelligence platforms. I have some horrors stories about that… + +(Originally on Twitter: [Thu May 13 15:15:14 +0000 2021](https://twitter.com/adulau/status/1392860997849915395)) +---- +We don’t say anymore detection but XDR… it doesn’t mean it’s easier. It’s just more sexy on glossy papers. + + +media/1392937648789114887-E1S1ZLjXEAYGfI6.mp4 + +(Originally on Twitter: [Thu May 13 20:19:49 +0000 2021](https://twitter.com/adulau/status/1392937648789114887)) +---- +RT @MISPProject: On the 15th May 2011, a first version of MISP was released. We are celebrating our first 10 years birthday as the leading… + +(Originally on Twitter: [Fri May 14 09:50:37 +0000 2021](https://twitter.com/adulau/status/1393141692480507908)) +---- +@cyb3rops Thanks for working on this. Is the license compatible with other FSF or OSI approved license? Looking at it quickly, I would say so. Did you get feedback about the compatibility? just to be sure. + +(Originally on Twitter: [Fri May 14 10:51:23 +0000 2021](https://twitter.com/adulau/status/1393156985466593282)) +---- +@Sebdraven Thank you and especially thanks for all your contribution. It’s super useful! + +(Originally on Twitter: [Fri May 14 14:19:16 +0000 2021](https://twitter.com/adulau/status/1393209302672941057)) +---- +RT @alexanderjaeger: If someone would ask me why MISP has so much success, I would say #1: The team behind it puts so much effort in suppor… + +(Originally on Twitter: [Fri May 14 19:22:37 +0000 2021](https://twitter.com/adulau/status/1393285642658910211)) +---- +RT @CERT_Polska_en: Good Friday news! A new project joined the happy open-source Karton family. Rejoice with us and check out karton- @MISP… + +(Originally on Twitter: [Sat May 15 06:19:21 +0000 2021](https://twitter.com/adulau/status/1393450913990316040)) +---- +The more you have public information, accessible git repositories and published materials the less you have to worry about potential leak. + +(Originally on Twitter: [Sat May 15 06:43:39 +0000 2021](https://twitter.com/adulau/status/1393457029231038465)) +---- +@cudeso Luckily they can use their insurance… + +(Originally on Twitter: [Sat May 15 15:56:46 +0000 2021](https://twitter.com/adulau/status/1393596223307853825)) +---- +@Ko97551819 lol. Then you start to do text classification with ELMo https://tfhub.dev/google/elmo/3 + +(Originally on Twitter: [Sun May 16 08:15:38 +0000 2021](https://twitter.com/adulau/status/1393842566265810944)) +---- +@Stekkz @Ko97551819 @cybersecmeg It’s never a fail. You can learn something out of it or even better the idea presented will help other to get some more ideas on the specific subject. + +(Originally on Twitter: [Sun May 16 11:49:42 +0000 2021](https://twitter.com/adulau/status/1393896436148969476)) +---- +@_msw_ @h_ingo From my experience, giving assets (copyright / author rights) to a foundation is not an incentive for participation. Collective ownership is a better incentive without the risk of a foundation going nuts or following only the funding sources. + +(Originally on Twitter: [Mon May 17 05:58:11 +0000 2021](https://twitter.com/adulau/status/1394170364499013632)) +---- +@MaliciaRogue La tactique de la chaise vide reste aussi une négociation. Je me souviens d’une formation « leadership » avec ce genre de pratiques, j’ai quitté la formation. Les experiences de Stanley Milgram devraient être une lecture requise avant de participer à des formations. + +(Originally on Twitter: [Mon May 17 17:51:06 +0000 2021](https://twitter.com/adulau/status/1394349773340266501)) +---- +RT @thomas_bonner: I'm very pleased to announce a raft of updates for #PETree, including #Ghidra and #Volatility plugins, as well as suppor… + +(Originally on Twitter: [Tue May 18 11:56:45 +0000 2021](https://twitter.com/adulau/status/1394622987060514828)) +---- +RT @allanfriedman: Looking forward to closing out Day 2 of @RSAConference with some fun discussions around cocktails and supply chain at th… + +(Originally on Twitter: [Tue May 18 20:06:54 +0000 2021](https://twitter.com/adulau/status/1394746336843554823)) +---- +RT @MISPProject: MISP 2.4.143 released (10 year anniversary edition) a new audit subsystem, various quality of life improvements and bug fi… + +(Originally on Twitter: [Wed May 19 09:37:49 +0000 2021](https://twitter.com/adulau/status/1394950412378193922)) +---- +RT @MISPProject: MISP cheat sheet for core concepts, data models and user/admin tools by @mokaddem_sami - A quick & exhaustive resource of… + +(Originally on Twitter: [Wed May 19 16:14:17 +0000 2021](https://twitter.com/adulau/status/1395050182899818496)) +---- +@JeroenPinoy Maybe a visit of the exhibition from Pierre Alechinsky https://www.fine-arts-museum.be/fr/expositions/pierre-alechinsky + +(Originally on Twitter: [Wed May 19 16:53:26 +0000 2021](https://twitter.com/adulau/status/1395060038742552582)) +---- +@JeroenPinoy Enjoy your birthday. Mine was last week, the day before MISP ;-) + +(Originally on Twitter: [Wed May 19 19:12:33 +0000 2021](https://twitter.com/adulau/status/1395095047809425410)) +---- +@0xAlexei The current situation of detection in these layers is clearly bad. I remember a threat actor changing the protocol type in Ethernet frames and we found it by doing statistical analysis of protocol type distribution because we the saw the trick in the code. Detection is hard. + +(Originally on Twitter: [Thu May 20 05:35:08 +0000 2021](https://twitter.com/adulau/status/1395251726140284933)) +---- +Everything is (can be) a DNS issue. This is a good reminder for open source projects to review the current administrative owner of their domains. + +https://mobile.twitter.com/jedisct1/status/1395257202638721034 + +(Originally on Twitter: [Thu May 20 06:00:48 +0000 2021](https://twitter.com/adulau/status/1395258183162138627)) +---- +@subm3rge Indeed, it could be. It’s a good wake up call for domain management in general ;-) + +(Originally on Twitter: [Thu May 20 06:18:41 +0000 2021](https://twitter.com/adulau/status/1395262684346654725)) +---- +Gave a quick presentation at ISED 2021 (@SnT_uni_lu) about what we learned from setting up the @MISPProject covid-19 instance last year. Building information/intelligence sharing community can be really done without too much prior planning. #informationsharing ![](media/1395662624629706755-E15gxoQWQAAT-dO.png) + +(Originally on Twitter: [Fri May 21 08:47:54 +0000 2021](https://twitter.com/adulau/status/1395662624629706755)) +---- +RT @jedisct1: Fabrice Bellard is back: NNCP - Lossless Data Compression with Neural Networks +https://bellard.org/nncp/ + +(Originally on Twitter: [Sat May 22 07:21:06 +0000 2021](https://twitter.com/adulau/status/1396003168203550723)) +---- +RT @nixcraft: My Perl or shell script written 22 years back works perfectly in production IT, but stupid Ansible playbook gets broken that… + +(Originally on Twitter: [Sat May 22 21:21:39 +0000 2021](https://twitter.com/adulau/status/1396214698111127560)) +---- +@dragosr I'm really sad. My condolences to the family and all the friends. + +(Originally on Twitter: [Sat May 22 21:39:39 +0000 2021](https://twitter.com/adulau/status/1396219231180570626)) +---- +@ehashdn My favorite part is the inability to properly configure the email address in his git config. + +(Originally on Twitter: [Mon May 24 18:24:23 +0000 2021](https://twitter.com/adulau/status/1396894863690506244)) +---- +RT @UYBHYS: Hello Wild Wild World ! + +Nous vous présentons les premiers partenaires pour l'édition #UYBHYS 2021 : @Formind, @RandoriSec, @xa… + +(Originally on Twitter: [Tue May 25 16:05:16 +0000 2021](https://twitter.com/adulau/status/1397222241549619216)) +---- +Collateral law in a sharing community: "More information will be shared to blame the ones sharing than for the ones who never share." + +(Originally on Twitter: [Tue May 25 16:15:10 +0000 2021](https://twitter.com/adulau/status/1397224733674979334)) +---- +RT @Timo_Steffens: Much needed, down-to-Earth, acute characterization of the current threat landscape for ICS/OT systems after all the hype… + +(Originally on Twitter: [Wed May 26 06:10:10 +0000 2021](https://twitter.com/adulau/status/1397434868829724672)) +---- +@dascritch @bortzmeyer En effet. Si je me souviens bien, pour établir un circuit, on doit savoir si la connection est établie. Avec UDP en stateless, pas de chance. Paradoxalement il y a plusieurs tentatives pour remplacer les circuits avec QUIC à la place de TCP mais le problème est toujours présent. + +(Originally on Twitter: [Fri May 28 06:18:20 +0000 2021](https://twitter.com/adulau/status/1398161699857911812)) +---- +@jfslowik You do everything possible to confuse OSINT analyst. Is it still Christmas in your area? or you are just one of those crazy guys who love blinking lights in the night ;-) + +(Originally on Twitter: [Fri May 28 15:30:16 +0000 2021](https://twitter.com/adulau/status/1398300598924197894)) +---- +RT @FarsightSecInc: Farsight and @MISPProject have developed a new module to import Farsight DNSDB Passive DNS data in Common Output Format… + +(Originally on Twitter: [Fri May 28 21:15:29 +0000 2021](https://twitter.com/adulau/status/1398387474758520832)) +---- +Looking at the nice infographic from @lesoir it gives a good insight that automated information exchange/sharing about potential terrorist activities is still not a reality in Belgium. There are solutions already used by many other countries. ![](media/1398535254818930689-E2iWvDUXMAM_mEF.jpg) + +(Originally on Twitter: [Sat May 29 07:02:42 +0000 2021](https://twitter.com/adulau/status/1398535254818930689)) +---- +RT @CycatP: If you want to help us, the easiest. It's when you create a new open source project in cybersecurity with rules, documents, ref… + +(Originally on Twitter: [Sat May 29 09:53:14 +0000 2021](https://twitter.com/adulau/status/1398578170962583555)) +---- +RT @d3sre: Really happy to be giving a short insight into what i'm currently up to.. https://twitter.com/MITREengenuity/status/1394639767204245505 + +(Originally on Twitter: [Sun May 30 11:57:39 +0000 2021](https://twitter.com/adulau/status/1398971867038470144)) +---- +@wimremes Great news! Take care. + +(Originally on Twitter: [Mon May 31 12:52:04 +0000 2021](https://twitter.com/adulau/status/1399347947847008257)) +---- +@cyb3rops @Microsoft I remember the AV program at Microsoft where you were not able to get the full lists of binaries compiled by Microsoft and it was only for the English edition of the main release. We really need it. The official NSLR of Microsoft for all compiled binaries… I’m dreaming of it. + +(Originally on Twitter: [Tue Jun 01 08:12:46 +0000 2021](https://twitter.com/adulau/status/1399640050237849606)) +---- +We just released the first beta version (0.9) of the public API for @CycatP which provides a public API for cybersecurity resources You can easily lookup by UUID, namespace/id, relationships and keywords. #infosec #ThreatIntel + +https://github.com/CyCat-project/cycat-service +https://api.cycat.org/ + +(Originally on Twitter: [Tue Jun 01 12:28:40 +0000 2021](https://twitter.com/adulau/status/1399704449535315969)) +---- +@Vecchi_Paolo @gaiax_aisbl Thanks for taking care of open source. It makes a lot of sense to use open source software for Cloud infrastructure to ensure autonomy, independence and auditability. + +(Originally on Twitter: [Tue Jun 01 12:48:25 +0000 2021](https://twitter.com/adulau/status/1399709420221829127)) +---- +RT @Frikkylikeme: The new @CycatP project looks really interesting for relationship mgmt. Been listening to @adulau speaking about it at co… + +(Originally on Twitter: [Tue Jun 01 16:00:59 +0000 2021](https://twitter.com/adulau/status/1399757879972872195)) +---- +@Frikkylikeme @CycatP @shuffleio That's awesome! Thanks a lot. If you see additional datasets to import or include in @CycatP let us know. + +(Originally on Twitter: [Tue Jun 01 16:04:56 +0000 2021](https://twitter.com/adulau/status/1399758874501169158)) +---- +Is it just me but when I see advice in management training like “Delegate” it sounds like “Put the burden on another human”? + +(Originally on Twitter: [Wed Jun 02 05:47:51 +0000 2021](https://twitter.com/adulau/status/1399965966973423618)) +---- +@aris_ada My issue is a lot of “crappy tasks” get delegated instead of looking at the task usefulness or just automate it instead of just passing these tasks to the next human next to you. + +(Originally on Twitter: [Wed Jun 02 08:18:15 +0000 2021](https://twitter.com/adulau/status/1400003818771959821)) +---- +@pro_integritate My point is more that delegation is used as an argument to avoid take responsibilities and actually reviewing the task to be delegated. + +(Originally on Twitter: [Wed Jun 02 08:20:15 +0000 2021](https://twitter.com/adulau/status/1400004322050596867)) +---- +@cudeso Sometime expensive, proprietary products in the security field have a life-time which is smaller than an open source project self-maintained by a single person. + +(Originally on Twitter: [Thu Jun 03 07:05:53 +0000 2021](https://twitter.com/adulau/status/1400347991614144516)) +---- +RT @doegox: The paper of the talk "EEPROM: It Will All End in Tears" by @herrmann1001 and myself is now available https://www.sstic.org/media/SSTIC2021/SSTIC-actes/eeprom_it_will_all_end_in_tears/SSTIC2021-Article-eeprom_it_will_all_end_in_tears-herrmann_teuwen.pdf h… + +(Originally on Twitter: [Thu Jun 03 15:00:38 +0000 2021](https://twitter.com/adulau/status/1400467469618270210)) +---- +RT @MISPProject: The information sharing Special Interest Group at @FIRSTdotOrg is a group talking about all the aspects of information SHA… + +(Originally on Twitter: [Thu Jun 03 16:38:03 +0000 2021](https://twitter.com/adulau/status/1400491984125513733)) +---- +@asta_fish + + +media/1400542720649842697-E2-6LVTWUAMgqui.mp4 + +(Originally on Twitter: [Thu Jun 03 19:59:40 +0000 2021](https://twitter.com/adulau/status/1400542720649842697)) +---- +@S_Team_Approved Nous gardons actif le @MISPProject covid-19 community. https://www.misp-project.org/covid-19-misp/ + +(Originally on Twitter: [Fri Jun 04 05:20:09 +0000 2021](https://twitter.com/adulau/status/1400683771733676032)) +---- +RT @MISPProject: In the next release of MISP, @CycatP lookups will be available and can show all the known context and relationships for a… + +(Originally on Twitter: [Fri Jun 04 06:59:23 +0000 2021](https://twitter.com/adulau/status/1400708746897154049)) +---- +I was a bit bored in a long meeting and decided to make a public ReST interface to lookup MD5/SHA-1 hash in known database such as NSRL. The service is available https://hashlookup.circl.lu/ we will add some more data sources soon. #DFIR ![](media/1400742631861325825-E3BvqRXWYAAuT3L.jpg) + +(Originally on Twitter: [Fri Jun 04 09:14:02 +0000 2021](https://twitter.com/adulau/status/1400742631861325825)) +---- +@tomchop_ @Sebdraven @tomchop Challenge accepted. For my next boring meeting, I'll add a bulk lookup. What's the maximum number of items for the bulk you would like? + +(Originally on Twitter: [Fri Jun 04 09:30:04 +0000 2021](https://twitter.com/adulau/status/1400746665468903426)) +---- +@c2defense @circl_lu @gallypette @MISPProject We plan to add a @MISPProject module and also a specific new kind of lookup in the warning-lists feature (to filter out results from the API). The dataset is really huge (and will become bigger) so we might produce Bloomfilter or alike for MISP. + +(Originally on Twitter: [Fri Jun 04 09:33:01 +0000 2021](https://twitter.com/adulau/status/1400747407428706304)) +---- +@tomchop_ @Sebdraven @tomchop @alexanderjaeger Maybe bulk of 1K would be fine to have a good balance between RTT/TCP handshake, query time and timeout. I'll start with that and we could test it. + +(Originally on Twitter: [Fri Jun 04 09:45:09 +0000 2021](https://twitter.com/adulau/status/1400750463994187782)) +---- +@tomchop_ @Sebdraven @tomchop @alexanderjaeger Currently it's NSRL (which is CC-0 as US materials). I plan to add some internal ones (also CC-0) and also xcyclopedia which is MIT. + +(Originally on Twitter: [Fri Jun 04 10:03:44 +0000 2021](https://twitter.com/adulau/status/1400755137971429384)) +---- +@l3m0ntr33 @tomchop_ @Sebdraven @tomchop @alexanderjaeger I’ll add it in the todo list. Thanks for the idea! + +(Originally on Twitter: [Fri Jun 04 10:33:43 +0000 2021](https://twitter.com/adulau/status/1400762684572901377)) +---- +@___wr___ @circl_lu @gallypette rofl + +(Originally on Twitter: [Fri Jun 04 11:05:32 +0000 2021](https://twitter.com/adulau/status/1400770691100778498)) +---- +@lorenzo2472 @circl_lu @gallypette I would like but for the NSRL dataset, it is only MD5 and SHA-1 available in their original dataset. + +(Originally on Twitter: [Fri Jun 04 11:52:25 +0000 2021](https://twitter.com/adulau/status/1400782489648615424)) +---- +@lorenzo2472 @circl_lu @gallypette I could add winbindex but it sounds like to be very different than NSRL. Then you have the other issue, Winbindex only includes SHA-256 not SHA-1 and MD5.The best dataset would be the 3 hashes and one fuzzy hash like ssdeep too ;-) + +(Originally on Twitter: [Fri Jun 04 11:59:08 +0000 2021](https://twitter.com/adulau/status/1400784180796088323)) +---- +@tomchop_ @Sebdraven @tomchop @alexanderjaeger A bulk search for MD5 and SHA-1 is now available (without limitation until now): + +https://gist.github.com/adulau/4191d44e30fc01df38f1d5fe605fa920 + +Yes another meeting helped me a bit ;-) Feedback welcome. + +(Originally on Twitter: [Fri Jun 04 12:49:29 +0000 2021](https://twitter.com/adulau/status/1400796852224675844)) +---- +@alexanderjaeger @tomchop_ @Sebdraven @tomchop @Iglocska @rafi0t A copy of my calendar + + +media/1400825117815586818-E3C7AzEXIAYnNej.mp4 + +(Originally on Twitter: [Fri Jun 04 14:41:48 +0000 2021](https://twitter.com/adulau/status/1400825117815586818)) +---- +@b4stet4 @circl_lu @gallypette Indeed very good point. I'll add an API endpoint to expand the NSRLMfg, OS and Prod values into the human readable version. + +(Originally on Twitter: [Fri Jun 04 21:00:57 +0000 2021](https://twitter.com/adulau/status/1400920532657262594)) +---- +@_aaron_kaplan_ @circl_lu @gallypette It's swagger on top of flask-restx https://flask-restx.readthedocs.io/en/latest/ + +(Originally on Twitter: [Sat Jun 05 05:07:43 +0000 2021](https://twitter.com/adulau/status/1401043033567678468)) +---- +@b4stet4 @circl_lu @gallypette Thanks for the idea. It's done. The single hash lookup now includes the ProductCode and the OpSystemCode (if available). Documentation updated: https://gist.github.com/adulau/4191d44e30fc01df38f1d5fe605fa920 ![](media/1401105213646331911-E3G5iE0XEAIZoUJ.jpg) + +(Originally on Twitter: [Sat Jun 05 09:14:48 +0000 2021](https://twitter.com/adulau/status/1401105213646331911)) +---- +Cleaning up my home office and I discovered many old firewall products such as the « Raptor Firewall » from Axent. They were committed to become the « global leader »… looks like it was a success. At the end, the long lasting ones are the open source firewalls. ![](media/1401174570263056385-E3H3qnzX0AASaGz.jpg) + +(Originally on Twitter: [Sat Jun 05 13:50:24 +0000 2021](https://twitter.com/adulau/status/1401174570263056385)) +---- +RT @hasherezade: If anyone interested, I made an implementation of #TransactedHollowing - the PE injection technieque used by the #Osiris l… + +(Originally on Twitter: [Sat Jun 05 14:16:23 +0000 2021](https://twitter.com/adulau/status/1401181108604112897)) +---- +RT @StamusN: #CelebrateTheDefenders: Alexander Dulaunoy (@adulau) is a security researcher at CIRCL. He is a man with lots of interests, co… + +(Originally on Twitter: [Sat Jun 05 15:24:55 +0000 2021](https://twitter.com/adulau/status/1401198356190400520)) +---- +@StamusN Thank you! + +(Originally on Twitter: [Sat Jun 05 15:25:06 +0000 2021](https://twitter.com/adulau/status/1401198401702830093)) +---- +@MaliciaRogue Je ne sais pas pourquoi mais je conseille toujours « Dirty sexy valley » d’Olivier Bruneau pour voir qui sont mes amis. Il y aussi un challenge OSINT pour trouver l’auteur qui se cache derrière ce délire artistique. + +(Originally on Twitter: [Sat Jun 05 20:05:38 +0000 2021](https://twitter.com/adulau/status/1401269000089255941)) +---- +@Ko97551819 @MISPProject and also when macros need to be enabled to read the Taxonomy. It's even more creepy ;-) + +(Originally on Twitter: [Sun Jun 06 11:12:31 +0000 2021](https://twitter.com/adulau/status/1401497223620407299)) +---- +While reading this, I remember a discussion with @gallypette to make a reverse policy Git hosting web site where everything forbidden on GitHub is allowed. + +https://mobile.twitter.com/BleepinComputer/status/1401221391526019076 + +(Originally on Twitter: [Sun Jun 06 12:51:25 +0000 2021](https://twitter.com/adulau/status/1401522111383052291)) +---- +@cudeso I’m using a RocksDB backend on SSD. The design goal is to be able to handle a high rate of lookups. + +(Originally on Twitter: [Sun Jun 06 14:34:49 +0000 2021](https://twitter.com/adulau/status/1401548133474131969)) +---- +@bert_db Indeed. But there was also no shame of bashing open source solutions in those days ;-) + +(Originally on Twitter: [Sun Jun 06 15:56:25 +0000 2021](https://twitter.com/adulau/status/1401568670556602368)) +---- +@cudeso I also added a DNS interface "dig +short -t TXT http://b6b776f3bd53f59ae13f2d7fa5b23ee1b4ec6891.dns.hashlookup.circl.lu | jq -r . | jq ." and that's why the backend should be as fast as possible. + +(Originally on Twitter: [Sun Jun 06 15:57:44 +0000 2021](https://twitter.com/adulau/status/1401569001172606977)) +---- +@stevengoossens @circl_lu @gallypette Indeed, it's foreseen. We would like to extend warning-lists with external lookups. We have some plan to make it fast as this can be quite challenging for large lists. + +(Originally on Twitter: [Mon Jun 07 09:10:13 +0000 2021](https://twitter.com/adulau/status/1401828832903151624)) +---- +RT @w3ndige: Open sourced my #malware #similarity platform Aurora 🌌 + +Capable of finding samples that share similar sets of strings or commo… + +(Originally on Twitter: [Mon Jun 07 11:07:59 +0000 2021](https://twitter.com/adulau/status/1401858470157107202)) +---- +RT @JohnnyCiocca: another amazing presentation on #FIRSTCON21, thank you @adulau! + +(Originally on Twitter: [Tue Jun 08 15:06:45 +0000 2021](https://twitter.com/adulau/status/1402280947228237826)) +---- +@JohnnyCiocca Thank you for joining! + +(Originally on Twitter: [Tue Jun 08 15:07:55 +0000 2021](https://twitter.com/adulau/status/1402281242242994180)) +---- +"Improving Internet Wide Scanning with Dynamic Scanning" - Slides https://github.com/adulau/active-scanning-techniques/blob/main/slides/active-scanning.pdf given at #FIRSTCON21 @FIRSTdotOrg ![](media/1402293878884012038-E3XpLdhXoAMQFY9.jpg) + +(Originally on Twitter: [Tue Jun 08 15:58:08 +0000 2021](https://twitter.com/adulau/status/1402293878884012038)) +---- +RT @Jhaddix: More scope = more hope + +don't sleep on IPv6 + +#bugbountytips https://twitter.com/adulau/status/1402293878884012038 + +(Originally on Twitter: [Tue Jun 08 16:09:43 +0000 2021](https://twitter.com/adulau/status/1402296793812148224)) +---- +RT @MISPProject: MISP 2.4.144 released including a massive update to the documentation along with http://CyCAT.org integration, impr… + +(Originally on Twitter: [Wed Jun 09 08:15:44 +0000 2021](https://twitter.com/adulau/status/1402539898708672513)) +---- +@danbri I tried many of those « RDF-like » stores and my perception is always the same. Pushing a theories into a software without having a practical usage of those, it’s usually a source of confusion. I always end up using k/v store (like Redis) to represent such dataset and it works. ![](media/1402705225857777667-E3do6r2X0AYe1c3.jpg) + +(Originally on Twitter: [Wed Jun 09 19:12:41 +0000 2021](https://twitter.com/adulau/status/1402705225857777667)) +---- +@archillect Printing Till the Exhaustion of Drypoint - Dóra Maurer +https://en.mng.hu/artworks/?artwork_author=maurer-dora + +(Originally on Twitter: [Thu Jun 10 05:40:52 +0000 2021](https://twitter.com/adulau/status/1402863313374097412)) +---- +@lalibrebe dixit le site qui littéralement joue avec notre vie privée https://lookyloo.circl.lu/tree/ed08d155-62a5-412c-a4e3-b74416c8d353 + +(Originally on Twitter: [Fri Jun 11 04:45:01 +0000 2021](https://twitter.com/adulau/status/1403211646831583236)) +---- +RT @jedisct1: doh-server 0.9 released with support for the final Oblivious DoH spec, as well as dnscrypt-proxy 2.0.46beta3. https://t.co/SR… + +(Originally on Twitter: [Sat Jun 12 12:59:32 +0000 2021](https://twitter.com/adulau/status/1403698482905559045)) +---- +@ecteg I’m curious to see how this is supposed to work knowing some operators in Europe not able to remove a phishing website after 7 days. Or even lacking operational abuse point of contact. + +(Originally on Twitter: [Sat Jun 12 20:05:02 +0000 2021](https://twitter.com/adulau/status/1403805564719841289)) +---- +RT @cyb3rops: The slides of the 7th @MITREattack workshop are now online + +Agenda +https://www.attack-community.org/event/ + +Slides +https://web.tresorit.com/l/OUWDd#B7bBNMx6TeEH0nTCGzDgAw ht… + +(Originally on Twitter: [Sun Jun 13 06:37:33 +0000 2021](https://twitter.com/adulau/status/1403964742063071233)) +---- +@clevybencheton @threddyrex 4x32 ;-) + +(Originally on Twitter: [Sun Jun 13 06:55:45 +0000 2021](https://twitter.com/adulau/status/1403969323006414848)) +---- +@cyb3rops On the topic, Lethal Pneumonia Cases in Mojiang Miners (2012) + +https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7606707/ + +(Originally on Twitter: [Sun Jun 13 16:04:59 +0000 2021](https://twitter.com/adulau/status/1404107542976991234)) +---- +@cyb3rops Not sure if you read french but there is a very good book http://www.zones-sensibles.org/frederic-keck-les-sentinelles-des-pandemies/ about the topic and the publisher has a good track records for publishing scientific books especially about anthropology. + +(Originally on Twitter: [Sun Jun 13 16:40:43 +0000 2021](https://twitter.com/adulau/status/1404116535069790213)) +---- +Every time I see captcha and asking me « I’m not a robot ». I always wonder how I’m supposed to know it. + +(Originally on Twitter: [Sun Jun 13 17:23:05 +0000 2021](https://twitter.com/adulau/status/1404127193744224260)) +---- +@leifnixon What desert? + +(Originally on Twitter: [Sun Jun 13 18:01:24 +0000 2021](https://twitter.com/adulau/status/1404136837233397760)) +---- +The paradox of security compliance check box, you have to fill 30 sheets in an spreadsheet to tell an organisation that you are compliant but the first thing they ask you to do, it's to enable macro for that compliance sheet. + +(Originally on Twitter: [Mon Jun 14 08:08:34 +0000 2021](https://twitter.com/adulau/status/1404350035509272584)) +---- +. @NIST @NISTcyber something is broken with your DNSSEC for the http://nist.gov domain. ![](media/1404403268910977026-E31xE1iXIAAvfGo.png) + +(Originally on Twitter: [Mon Jun 14 11:40:06 +0000 2021](https://twitter.com/adulau/status/1404403268910977026)) +---- +A nice ongoing analysis +https://github.com/doegox/icopyx-teardown of iCopy-X made by @doegox - again the vendor forgot to respect the GPL license and includes the source code… + +(Originally on Twitter: [Tue Jun 15 06:14:30 +0000 2021](https://twitter.com/adulau/status/1404683717856174081)) +---- +People wonder why @Zerodium pays for RCE on Moodle. A five seconds google search and you can see the coverage of Moodle: (a kind reminder to all the operators to keep logs of their Moodle server) ![](media/1405056365572333570-E3_CjOdXwAEe9VI.jpg) + +(Originally on Twitter: [Wed Jun 16 06:55:16 +0000 2021](https://twitter.com/adulau/status/1405056365572333570)) +---- +RT @lukOlejnik: My analysis of the @ICRC report on military cyber operations. Very interesting and important document concerning practical… + +(Originally on Twitter: [Wed Jun 16 15:16:22 +0000 2021](https://twitter.com/adulau/status/1405182471373721600)) +---- +@lukOlejnik @ICRC Thank you for the analysis. The “self-burning” is somehow already a reality to avoid specific attribution or even used for deception. Regarding CERTs being a target, the clear separation between military personnels and civilians should be considered by some countries… + +(Originally on Twitter: [Wed Jun 16 15:20:33 +0000 2021](https://twitter.com/adulau/status/1405183521782743047)) +---- +RT @likethecoins: In threat intel, I see a lot of private critique of publicly-released blog posts and reports. Constructive criticism is i… + +(Originally on Twitter: [Wed Jun 16 16:41:03 +0000 2021](https://twitter.com/adulau/status/1405203780451381253)) +---- +RT @v0lundr_: The amount of CTI tips/tricks/info that can be picked up in @FIRSTdotOrg webinars is just tremendous. Another great one curre… + +(Originally on Twitter: [Thu Jun 17 16:19:02 +0000 2021](https://twitter.com/adulau/status/1405560628299931653)) +---- +@4n6lady @WoSECtweets What’s your best approach for doing live memory forensic acquisition on an Android-based mobile phone or iOS? + +(Originally on Twitter: [Fri Jun 18 05:54:35 +0000 2021](https://twitter.com/adulau/status/1405765866986229760)) +---- +I’m wondering how large the success of some large security companies just rely on someone who just pushed an interesting malware sample without knowing it was interesting. + +(Originally on Twitter: [Fri Jun 18 06:04:31 +0000 2021](https://twitter.com/adulau/status/1405768367261175813)) +---- +RT @MDSecLabs: Bypassing Image Load Kernel Callbacks - A new approach for reflective loading by @_batsec_ has just hit the blog https://t.c… + +(Originally on Twitter: [Fri Jun 18 06:10:38 +0000 2021](https://twitter.com/adulau/status/1405769907828973576)) +---- +RT @FIRSTdotOrg: Yesterday's #FIRSTCON21 training session is up on YouTube. Thank you again to the @MISPProject , @adulau , @Iglocska @moka… + +(Originally on Twitter: [Fri Jun 18 13:38:20 +0000 2021](https://twitter.com/adulau/status/1405882573616730112)) +---- +@4n6lady @WoSECtweets Thanks for the feedback and the thread. We also came to the same conclusion. If you find something better/cooler, let us know ;-) + +(Originally on Twitter: [Fri Jun 18 16:30:37 +0000 2021](https://twitter.com/adulau/status/1405925929449185280)) +---- +The full dataset of NSRL (National Software Reference Library) NIST is imported and available in https://hashlookup.circl.lu/ (legacy, current, Android and iOS). If you know additional dataset to add, let me know. #DFIR + +ReST and DNS API Doc: https://gist.github.com/adulau/4191d44e30fc01df38f1d5fe605fa920 ![](media/1405994677522812930-E4MXn5ZWQAkYZ8y.jpg) + +(Originally on Twitter: [Fri Jun 18 21:03:47 +0000 2021](https://twitter.com/adulau/status/1405994677522812930)) +---- +@Ko97551819 @UK_Daniel_Card Zombie survival and Elon Musk next to each other. Is there a subliminal message? + +(Originally on Twitter: [Sat Jun 19 06:10:28 +0000 2021](https://twitter.com/adulau/status/1406132253135101952)) +---- +@securityfreax Of course, it's the full NSRL database but it doesn't include all distributions of files from third parties. We have some ideas to extend it. Any complementary (trusted) data sources are welcome ;-) + +(Originally on Twitter: [Sat Jun 19 10:29:54 +0000 2021](https://twitter.com/adulau/status/1406197543332163584)) +---- +@securityfreax Indeed, this is a good one. We will add it in the repo as an additional source. Thanks. + +(Originally on Twitter: [Sat Jun 19 10:39:56 +0000 2021](https://twitter.com/adulau/status/1406200065300086785)) +---- +@securityfreax The funny part. I even opened an issue some days ago ;-) https://github.com/strontic/xcyclopedia/issues/3 + +(Originally on Twitter: [Sat Jun 19 10:41:06 +0000 2021](https://twitter.com/adulau/status/1406200358578315268)) +---- +@fiberghost Thank you! + +(Originally on Twitter: [Sat Jun 19 13:39:37 +0000 2021](https://twitter.com/adulau/status/1406245284187881474)) +---- +@notajungman Sure I’ll cleanup the repo and release it as open source very soon. + +(Originally on Twitter: [Sat Jun 19 21:52:27 +0000 2021](https://twitter.com/adulau/status/1406369309513895947)) +---- +@MaliciaRogue En Belgique, j’ai été secrétaire, assesseur et scrutateur de bureau de vote. Le vote électronique détruit la possibilité de vérification par les citoyens. Le vote électronique a été un fiasco en Belgique. Papiers et crayons sont les techniques les plus simples à vérifier ;-) + +(Originally on Twitter: [Tue Jun 22 06:32:38 +0000 2021](https://twitter.com/adulau/status/1407224994309054466)) +---- +Today I had a discussion with my colleagues about the biggest plague in our societies. « docx emailing and random merging » was first on the list. + + +media/1407379642214924288-E4gEUgRWUAAJs_G.mp4 + +(Originally on Twitter: [Tue Jun 22 16:47:09 +0000 2021](https://twitter.com/adulau/status/1407379642214924288)) +---- +@nsmfoo Thank you! It should be easy to implement as a Python script. We just released a first version of the Python library https://github.com/CIRCL/PyHashlookup to access http://hashlookup.circl.lu + +(Originally on Twitter: [Wed Jun 23 09:25:42 +0000 2021](https://twitter.com/adulau/status/1407630936074821635)) +---- +@clevybencheton It’s an improvement. Previously it was only on an island ;-) + +(Originally on Twitter: [Wed Jun 23 14:55:41 +0000 2021](https://twitter.com/adulau/status/1407713979510763520)) +---- +@doctolib @oliviertesquet @fourmeux Vraiment ? https://mobile.twitter.com/adulau/status/1360524543819923457 + +(Originally on Twitter: [Wed Jun 23 15:43:58 +0000 2021](https://twitter.com/adulau/status/1407726130992402436)) +---- +@Sebdraven Garantir l'efficacité et la sûreté n’est pas possible. C’est un mythe. @Pour_EVA en Belgique a fait un boulot super sur la sensibilisation à la question. @DavidGlaude une idée pour la France ? ;-) + +(Originally on Twitter: [Thu Jun 24 16:19:14 +0000 2021](https://twitter.com/adulau/status/1408097393707474948)) +---- +"Generating Fake Cyber Threat Intelligence Using Transformer-Based Models" +If you want to test your CTI tools and especially the automatic extraction of information... just missing the release of the tool from the paper. + +https://arxiv.org/pdf/2102.04351.pdf ![](media/1408291992283586561-E4tBTqdXEAIE6CV.jpg) + +(Originally on Twitter: [Fri Jun 25 05:12:30 +0000 2021](https://twitter.com/adulau/status/1408291992283586561)) +---- +@xme I’m wondering if someone did a real evaluation of the security posture (e.g. attack surface) of iso27k1 companies versus the companies who never certify. + +(Originally on Twitter: [Fri Jun 25 19:16:31 +0000 2021](https://twitter.com/adulau/status/1408504394639872002)) +---- +Keep this is mind when you have a signed binary. “It’s signed by us but signed by a third-party” + + +media/1408755123854188544-E4znUE9XwAIaKg1.mp4 + +(Originally on Twitter: [Sat Jun 26 11:52:49 +0000 2021](https://twitter.com/adulau/status/1408755123854188544)) +---- +@cbrocas @rea_hsa @Nahema_Issa @FabriceReaCHU @GaelleMollier Merci 🙏🏻❤️ + +(Originally on Twitter: [Sun Jun 27 11:26:15 +0000 2021](https://twitter.com/adulau/status/1409110827354017792)) +---- +@Vecchi_Paolo 49°45'46.6"N 6°38'20.6"E + +(Originally on Twitter: [Sun Jun 27 14:09:42 +0000 2021](https://twitter.com/adulau/status/1409151960939442177)) +---- +@halvarflake Memory k/v store: Redis +for disk-based k/v store: kvrocks https://github.com/KvrocksLabs/kvrocks - it’s also Redis compatible + +(Originally on Twitter: [Sun Jun 27 17:58:10 +0000 2021](https://twitter.com/adulau/status/1409209453619171329)) +---- +@jtkristoff I was so upset that I registered http://pgp-servers.net and put my favourite servers in the list ;-) + +(Originally on Twitter: [Mon Jun 28 18:56:16 +0000 2021](https://twitter.com/adulau/status/1409586465193947138)) +---- +RT @MISPProject: The CRAWL, WALK, RUN series from Farsight Security / MISP Project webinars videos are now online. A great overview of Pas… + +(Originally on Twitter: [Tue Jun 29 05:43:57 +0000 2021](https://twitter.com/adulau/status/1409749458976489473)) +---- +@lukOlejnik You remember this https://apps.dtic.mil/sti/pdfs/ADA471993.pdf - it was in June 1999 + +(Originally on Twitter: [Tue Jun 29 07:31:50 +0000 2021](https://twitter.com/adulau/status/1409776609649905664)) +---- +@lukOlejnik Listening to the rhetoric used at the UNSC, I have sometime this strange feeling of going back in time. + +(Originally on Twitter: [Tue Jun 29 07:34:36 +0000 2021](https://twitter.com/adulau/status/1409777306017615874)) +---- +RT @mikel_hamm: 1 USB key, 3 files with different content, depending on the system you connect it, too. Next week, I'll present at @passthe… + +(Originally on Twitter: [Tue Jun 29 10:11:23 +0000 2021](https://twitter.com/adulau/status/1409816758492532736)) +---- +RT @circl_lu: "An attacker can craft a specific IdaPro *.i64 file that will cause the BinDiff plugin to load an invalid memory offset. This… + +(Originally on Twitter: [Tue Jun 29 15:12:53 +0000 2021](https://twitter.com/adulau/status/1409892636014563341)) +---- +@rafi0t @remi_laurent I think the kimchi one was a discrimination case. Especially with the perfume from some people you have to endure is clearly much more aggressive than a well-made organic kimchi. + +(Originally on Twitter: [Tue Jun 29 22:01:23 +0000 2021](https://twitter.com/adulau/status/1409995439970131970)) +---- +@treyka @Iglocska @mokaddem_sami git blame and archeology in one gif ;-) + + +media/1410237000301613059-E5IrEpBWYAQwwFF.mp4 + +(Originally on Twitter: [Wed Jun 30 14:01:16 +0000 2021](https://twitter.com/adulau/status/1410237000301613059)) +---- +Seeing someone in the train watching a video about investment advices in cryptocurrencies, it’s like seeing some video about witch craft practicing. + + +media/1410474520750788610-E5MDGLpWEAEynb1.mp4 + +(Originally on Twitter: [Thu Jul 01 05:45:05 +0000 2021](https://twitter.com/adulau/status/1410474520750788610)) +---- +@CsirtPost For the curious, the analysis with @lookyloo_app https://lookyloo.circl.lu/tree/f2e0c20c-2042-4601-806d-896337557a59 + +(Originally on Twitter: [Thu Jul 01 14:01:54 +0000 2021](https://twitter.com/adulau/status/1410599549748482064)) +---- +RT @0xrawsec: Currently polishing a pure @golang library to consume ETW events (https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/event-tracing-for-windows--etw-). Next step will be to integrate it… + +(Originally on Twitter: [Thu Jul 01 18:39:27 +0000 2021](https://twitter.com/adulau/status/1410669395488219138)) +---- +@nsmfoo Looks really cool https://github.com/nsmfoo/Cortex-Analyzers/tree/CIRCLHashlookup Thank you! + +(Originally on Twitter: [Fri Jul 02 05:25:06 +0000 2021](https://twitter.com/adulau/status/1410831876659597317)) +---- +I suppose they don’t know that VirusTotal provides a stream to all A/V vendors and some customers… + +https://www.bleepingcomputer.com/news/security/virustotal-ordered-to-reveal-private-info-of-stolen-hse-data-downloaders/ + +(Originally on Twitter: [Fri Jul 02 05:39:30 +0000 2021](https://twitter.com/adulau/status/1410835501901303812)) +---- +@gallypette Maybe they were running out of quota on their VirusTotal account and asked for a copy ;-) + +(Originally on Twitter: [Fri Jul 02 05:57:29 +0000 2021](https://twitter.com/adulau/status/1410840029983920129)) +---- +One of my favorite infosec paper is the article from Dan Geer “The Evolution of Security” where the importance of diversity is critical for software and infrastructure. It’s in-temporal and reflecting the current state of mess. + +http://geer.tinho.net/acm.geer.0704.pdf + +(Originally on Twitter: [Sun Jul 04 07:21:50 +0000 2021](https://twitter.com/adulau/status/1411586030294163457)) +---- +@DrScriptt For broken html https://beautiful-soup-4.readthedocs.io/en/latest/ beautifulsoup is not too bad at parsing + +(Originally on Twitter: [Mon Jul 05 06:00:30 +0000 2021](https://twitter.com/adulau/status/1411927949721362434)) +---- +@srslypascal It seems temporary especially that Ubuntu doesn’t peer with anyone and pull a daily dump from various keyservers. ![](media/1412305592715198466-E5mERYhXoAEbeCD.jpg) + +(Originally on Twitter: [Tue Jul 06 07:01:07 +0000 2021](https://twitter.com/adulau/status/1412305592715198466)) +---- +@srslypascal OpenPGP is indeed used for signing but also for a shit load of other use-cases. But the public key distribution is not solved in signify or minisign. + +(Originally on Twitter: [Tue Jul 06 07:19:31 +0000 2021](https://twitter.com/adulau/status/1412310222362890245)) +---- +@srslypascal It's indeed clearly a huge issue but the need of directories for many projects is critical. For one of our open source project (@MISPProject), we work on a stand-alone directory where keys can be stored and published. https://github.com/cerebrate-project/cerebrate + +(Originally on Twitter: [Tue Jul 06 07:41:23 +0000 2021](https://twitter.com/adulau/status/1412315725151227904)) +---- +RT @fr0gger_: The API for the #UnprotectProject is up and running! You can now use it to search for a malware evasion technique with your o… + +(Originally on Twitter: [Tue Jul 06 09:08:00 +0000 2021](https://twitter.com/adulau/status/1412337523817332736)) +---- +Now when someone send me a private key in addition to a public key, I won't say it's a mistake. It's a proof of trust. + +(Originally on Twitter: [Tue Jul 06 09:37:35 +0000 2021](https://twitter.com/adulau/status/1412344970875387905)) +---- +@guedou @quarkslab Congrats! + +(Originally on Twitter: [Tue Jul 06 19:31:03 +0000 2021](https://twitter.com/adulau/status/1412494320469487620)) +---- +@datashed I was expecting a smoother transition with the SX and DX versions ;-) + +(Originally on Twitter: [Wed Jul 07 12:36:12 +0000 2021](https://twitter.com/adulau/status/1412752306672709633)) +---- +RT @circl_lu: CIRCL hash lookup is a public and free API to lookup hash values against known database of files. This gives you context and… + +(Originally on Twitter: [Thu Jul 08 14:39:29 +0000 2021](https://twitter.com/adulau/status/1413145721507745799)) +---- +@H_Miser Pour les standards islandais, c'est une route pas une "gravel road". + +(Originally on Twitter: [Fri Jul 09 10:23:04 +0000 2021](https://twitter.com/adulau/status/1413443579813384199)) +---- +I tested a lot of open source tools for collaborative document edition in Markdown. Until now, the best one I have used so far is @HedgeDocOrg http://hedgedoc.org - it works, the UI is incredible and the features are just perfect. + +(Originally on Twitter: [Fri Jul 09 11:53:38 +0000 2021](https://twitter.com/adulau/status/1413466371799887874)) +---- +@HedgeDocOrg Great! How do you plan to the migration of existing HedgeDoc instance to the version 2? + +(Originally on Twitter: [Fri Jul 09 12:11:01 +0000 2021](https://twitter.com/adulau/status/1413470747947716619)) +---- +@lukOlejnik Political wishful thinking. The long-term major improvement factor is the economical aspect. Economical incentive on the victim side to take care of security. And better economical situation where the threat actors are operating from. (remember Romanian situation in the nineties) + +(Originally on Twitter: [Sat Jul 10 07:38:32 +0000 2021](https://twitter.com/adulau/status/1413764560729804801)) +---- +@Ko97551819 I really hope some people will understand why vaccination is critical for everyone around us. + +It’s where you see that we still have a huge step to make knowledge accessible. + + +media/1413790795086417921-E57LOuTXIAA27Le.mp4 + +(Originally on Twitter: [Sat Jul 10 09:22:47 +0000 2021](https://twitter.com/adulau/status/1413790795086417921)) +---- +@PrincipeDebase Je me demande s’il y a une belle visualisation infographique de l’épopée Fast and Furious. @EdwardTufte pourrait faire un blog post sur le sujet… + +(Originally on Twitter: [Sat Jul 10 09:25:41 +0000 2021](https://twitter.com/adulau/status/1413791526673686528)) +---- +@jfslowik Little story, as a conference organiser I regularly receive requests for attendance certificate (because some people want their CPE) but they never came to the conference. So I asked them about it, they are even willing to pay for a fake one. This model is utterly broken. + +(Originally on Twitter: [Sun Jul 11 15:15:31 +0000 2021](https://twitter.com/adulau/status/1414241952766255105)) +---- +@mnemotix @languesFR Merci pour l’initiative. Où se trouve le code source de l’application open source et le dataset ? https://www.dictionnairedesfrancophones.org/ + +(Originally on Twitter: [Mon Jul 12 05:14:38 +0000 2021](https://twitter.com/adulau/status/1414453124199223297)) +---- +@dwhitenist Thanks for the info. Is this applicable to RDS_ modern.iso or all ISOs? + +(Originally on Twitter: [Mon Jul 12 13:34:59 +0000 2021](https://twitter.com/adulau/status/1414579042154602498)) +---- +@dwhitenist Thanks a lot for the notification. We will run a reimport of all ISOs. + +(Originally on Twitter: [Mon Jul 12 14:28:59 +0000 2021](https://twitter.com/adulau/status/1414592629757579264)) +---- +@jerezim We will miss him. It’s the end of an era but he plant the seeds for a future sharing society. + +(Originally on Twitter: [Tue Jul 13 05:14:21 +0000 2021](https://twitter.com/adulau/status/1414815439981514755)) +---- +Nice to see TIP vendors adding same functionalities that @MISPProject had introduced 10 years ago. Open source projects can be a source of innovation for proprietary software vendors. + +(Originally on Twitter: [Tue Jul 13 10:10:46 +0000 2021](https://twitter.com/adulau/status/1414890037280481280)) +---- +@digint31 @Sector035 If you know additional lists to add or complementary sources, let us know. We try to keep it very up to date. + +(Originally on Twitter: [Tue Jul 13 10:25:07 +0000 2021](https://twitter.com/adulau/status/1414893646651052034)) +---- +@cryptax @MISPProject Of course not ;-) They also like to bash open source during their sale pitch. + +(Originally on Twitter: [Tue Jul 13 10:26:11 +0000 2021](https://twitter.com/adulau/status/1414893914436382758)) +---- +@d0xygen @MISPProject The innovation aspects common shared taxonomies, custom decaying models for indicators or (bi)directional distributed synchronisation. + +(Originally on Twitter: [Tue Jul 13 10:28:47 +0000 2021](https://twitter.com/adulau/status/1414894568416415745)) +---- +@v0lundr_ @MISPProject I had a similar experience. The problem with the premium feed vendor is to reach the real technical people doing the hard work. We had some good experiences with some vendors but not everyone is open to discuss such matter. + +(Originally on Twitter: [Tue Jul 13 12:18:35 +0000 2021](https://twitter.com/adulau/status/1414922202542186499)) +---- +@Aristot73 Never miss a chance to quote Dan Geer in general. + +(Originally on Twitter: [Tue Jul 13 16:11:43 +0000 2021](https://twitter.com/adulau/status/1414980869593444353)) +---- +Looking at #SolarWinds Serv-U issue, the SSH banners (found in our Passive SSH) are hilarious especially the FIPS compliant ones. If you are an adversary, it's maybe the first you would like to target... ![](media/1414982415521665024-E6MGy5LXsAIfoSO.png) + +(Originally on Twitter: [Tue Jul 13 16:17:51 +0000 2021](https://twitter.com/adulau/status/1414982415521665024)) +---- +RT @blackswanburst: So many things look different with adversarial eyes. https://twitter.com/adulau/status/1414982415521665024 + +(Originally on Twitter: [Tue Jul 13 19:00:06 +0000 2021](https://twitter.com/adulau/status/1415023247138172933)) +---- +@eromang @xme @circl_lu @gallypette Lol. It’s only for the VNC access of the POS ;-) + +(Originally on Twitter: [Tue Jul 13 19:22:35 +0000 2021](https://twitter.com/adulau/status/1415028906202181638)) +---- +@philaloux @APD_GBA @lesoir Je viens de lire l’article. Et j’ai l’impression que la situation risque d'être pire et même plus dangereuse. Actuellement au CSI, il y a des gens qui connaissent le sujet comme Bart Preneel. On va se retrouver avec une clique politique et/ou bureaucratique + +(Originally on Twitter: [Wed Jul 14 06:14:50 +0000 2021](https://twitter.com/adulau/status/1415193046724063233)) +---- +@philaloux @APD_GBA @lesoir On peut même si ce n’est pas la stratégie du gouvernement. De rendre politique une structure qui devrait être neutre et indépendante. La pression de la Commission européen me semble simplement un argumentaire pour éviter la discussion et donner une vraie indépendance. + +(Originally on Twitter: [Wed Jul 14 06:21:01 +0000 2021](https://twitter.com/adulau/status/1415194605520359430)) +---- +RT @ail_project: AIL Framework version 3.6 released with new features (such as YARA retrohunt) and many bugs fixed. #ThreatIntel #dataleak… + +(Originally on Twitter: [Wed Jul 14 14:56:37 +0000 2021](https://twitter.com/adulau/status/1415324358730559494)) +---- +@RidT We exactly developed the open source @MISPProject to capture and capture intelligence from the different sources. There are many communities using the platform to keep such archive. The oral history is indeed a huge lack at the moment. I would be interesting to see how to do it. + +(Originally on Twitter: [Wed Jul 14 15:49:29 +0000 2021](https://twitter.com/adulau/status/1415337665529098246)) +---- +RT @MalwareRE: Additional information/context from TAG regarding the WebKit vulnerability (CVE-2021-1879) leveraged by #NOBELIUM during the… + +(Originally on Twitter: [Wed Jul 14 16:58:15 +0000 2021](https://twitter.com/adulau/status/1415354969004417030)) +---- +@mnemotix @languesFR Cool ! Merci pour le feedback. + +(Originally on Twitter: [Thu Jul 15 07:36:51 +0000 2021](https://twitter.com/adulau/status/1415576075225247745)) +---- +@faq Merci ! + +(Originally on Twitter: [Thu Jul 15 11:59:44 +0000 2021](https://twitter.com/adulau/status/1415642231671824387)) +---- +@notajungman I just pushed my dirty code for hashlookup server on https://github.com/adulau/hashlookup-server - it works but it's very alpha. I will document and improve the import scripts in the next weeks. Feedback, issues or pull-requests more than welcome ;-) + +(Originally on Twitter: [Thu Jul 15 15:58:42 +0000 2021](https://twitter.com/adulau/status/1415702369652912128)) +---- +@vickieli7 Least privilege. and reading the Saltzer and Schroeder's design principles. + +(Originally on Twitter: [Fri Jul 16 14:42:51 +0000 2021](https://twitter.com/adulau/status/1416045669731733510)) +---- +RT @AmittFramework: The AMITT Red framework for analyzing disinformation is built into the @MISPProject toolset - MISP is used by a lot of… + +(Originally on Twitter: [Sun Jul 18 11:10:18 +0000 2021](https://twitter.com/adulau/status/1416716958758756353)) +---- +@lukOlejnik I see some good open source output from @gaiax_aisbl partners but still the focus is making a copy-cat of some US-based cloud providers instead of providing an EU-funded common stack. For IC, there are some initiatives like https://libresilicon.com/ will EU invest in open source? + +(Originally on Twitter: [Mon Jul 19 08:47:50 +0000 2021](https://twitter.com/adulau/status/1417043490463158273)) +---- +@Sebdraven Il y a plusieurs soucis comme le non respect des licences d’exportation (l’exemple HackingTeam et le gouvernement italien), la volonté de garder ces sociétés dans les pays démocratiques (pour éviter le backdoring crypto) et j’en passe. + +(Originally on Twitter: [Mon Jul 19 09:34:15 +0000 2021](https://twitter.com/adulau/status/1417055171478175744)) +---- +@Sebdraven Je crois que le plus important c’est d'améliorer les capacités de monitoring sur les téléphones mobiles pour la détection d’incidents. Mais aussi partager les infos sur les modèles (techniques et financier) de fonctionnement de ces sociétés. Ces sociétés sont aussi vulnérables. + +(Originally on Twitter: [Mon Jul 19 09:37:53 +0000 2021](https://twitter.com/adulau/status/1417056088952872961)) +---- +@Sebdraven Maintenant cela arrange plusieurs structures de savoir où récupérer de l’info sur les infra SaaS qui hébergent du CNE ;-) + +(Originally on Twitter: [Mon Jul 19 09:39:29 +0000 2021](https://twitter.com/adulau/status/1417056491744514053)) +---- +@Sebdraven @y0m Difficile à dire mais on peut dire que NSO a plus de moyens financiers et techniques que HT. Maintenant, c’est difficile de savoir faire tout dans la chaine CNE donc tu peux avoir des boites “yolo” pour certains services. + +(Originally on Twitter: [Mon Jul 19 09:58:12 +0000 2021](https://twitter.com/adulau/status/1417061198361677826)) +---- +@josephfcox @Sebdraven Thanks for sharing. We added the list in the default OSINT @MISPProject from @circl_lu - https://www.circl.lu/doc/misp/feed-osint/0f5d36d5-9eda-429f-8c72-bdfaa7b6a750.json looking at the correlations it makes sense. Just some Sofacy (NS records) sharing similar infrastructure and one domain used by TA505. + +(Originally on Twitter: [Mon Jul 19 11:13:50 +0000 2021](https://twitter.com/adulau/status/1417080233644199936)) +---- +@NaoCk C'est un syrphe (brachycères) et non cela ne pique pas. +Pour résumer, c'est une "sorte de mouche" mais c'est un raccourci. + +(Originally on Twitter: [Mon Jul 19 11:40:16 +0000 2021](https://twitter.com/adulau/status/1417086884321316877)) +---- +Sharing a quick experience how to convert a shit load of PDF containing tables (for an art project) into Markdown tables. I started with scripting PDF parsing, objects, stream, regex... but wait, is there an open source project doing that? https://camelot-py.readthedocs.io/en/master/ and it works. ![](media/1417213686490542085-E6r0LTyXEAU4Kpo.jpg) + +(Originally on Twitter: [Mon Jul 19 20:04:08 +0000 2021](https://twitter.com/adulau/status/1417213686490542085)) +---- +@jfslowik DGSE challenger… + + +media/1417928851586433026-E61-xRjX0AA4LBT.mp4 + +(Originally on Twitter: [Wed Jul 21 19:25:56 +0000 2021](https://twitter.com/adulau/status/1417928851586433026)) +---- +Why open data is critical? The real-time forecast of flooding is not open data and only accessible to partners. Using data from a EU funded satellite monitoring system and it’s not open data. This needs to be changed especially to have citizen access to it. @eu_echo @EU_opendata ![](media/1418098261450186752-E64XQLAWYAM-YnA.jpg) + +(Originally on Twitter: [Thu Jul 22 06:39:07 +0000 2021](https://twitter.com/adulau/status/1418098261450186752)) +---- +It seems this is a good complement why EFAS data must be open data and especially the real-time analysis https://mobile.twitter.com/eschnou/status/1418468068737658880 + +(Originally on Twitter: [Fri Jul 23 07:19:15 +0000 2021](https://twitter.com/adulau/status/1418470752249126915)) +---- +@DavidGlaude @eschnou C’est pour cela que rendre les données en open data limite le risque de « boite » non lue ;-) + +(Originally on Twitter: [Fri Jul 23 09:26:29 +0000 2021](https://twitter.com/adulau/status/1418502768151695360)) +---- +@tenacioustek @franceinter Et pour les utilisations licites (dans le cadre de la loi) dans les pays démocratiques ? + +(Originally on Twitter: [Fri Jul 23 09:31:25 +0000 2021](https://twitter.com/adulau/status/1418504013016883200)) +---- +@yvesvdm @tenacioustek @franceinter Merci en effet mais j'ai l'impression que toutes les demandes en cours oublient les utilisations licites de telles technologies. + +(Originally on Twitter: [Fri Jul 23 10:33:27 +0000 2021](https://twitter.com/adulau/status/1418519624275083265)) +---- +@tenacioustek @franceinter @AmnestyTech Il y a déjà un cadre législatif sur le contrôle de l'exportation - https://trade.ec.europa.eu/doclib/docs/2020/december/tradoc_159198.pdf mais en effet, l'historique de son application n'est pas des plus brillant. ![](media/1418522477920141314-E6-aqdPXMAEptLT.jpg) + +(Originally on Twitter: [Fri Jul 23 10:44:48 +0000 2021](https://twitter.com/adulau/status/1418522477920141314)) +---- +@majorhayden @github It’s interesting. Do you have some sensitive repos used by many users? + +(Originally on Twitter: [Sat Jul 24 17:09:45 +0000 2021](https://twitter.com/adulau/status/1418981743688835078)) +---- +RT @EA1FID: First prototype of Aiga: an open-source VHF/UHF antenna for portable use with detachable elements, optimised for low elevation… + +(Originally on Twitter: [Sun Jul 25 14:56:57 +0000 2021](https://twitter.com/adulau/status/1419310711176630279)) +---- +@jtkristoff ah ah the TokenRing MAU I remember those and especially trying to figure out which one is badly connected. + +(Originally on Twitter: [Sun Jul 25 18:12:31 +0000 2021](https://twitter.com/adulau/status/1419359924128296964)) +---- +@gallypette Un livre peut-être un plus avancé sur le sujet ;-) http://www.zones-sensibles.org/frederic-keck-les-sentinelles-des-pandemies/ "Frédéric Keck, Les Sentinelles des pandémies: Chasseurs de virus et observateurs d’oiseaux aux frontières de la Chine" + +(Originally on Twitter: [Mon Jul 26 08:21:20 +0000 2021](https://twitter.com/adulau/status/1419573536251842561)) +---- +@IelTop Many CSIRTs and CERTs worldwide are partially or fully by public funding and act as public service. + +(Originally on Twitter: [Mon Jul 26 09:29:39 +0000 2021](https://twitter.com/adulau/status/1419590729916162050)) +---- +@IelTop This would vary depending of the regions or even the sectors. It’s also common to have private-public partnerships between public and private CSIRTs to share role and duties during incident handling. + +(Originally on Twitter: [Mon Jul 26 10:08:03 +0000 2021](https://twitter.com/adulau/status/1419600393068322819)) +---- +RT @MISPProject: MISP is not only an open source software it's also a set of open standards for information exchange, sharing and modelling… + +(Originally on Twitter: [Mon Jul 26 14:25:50 +0000 2021](https://twitter.com/adulau/status/1419665268893175823)) +---- +@MrAhmadAwais A simple way to dump all your tweets, likes and RTed in CSV or JSON without having to use the API. + +(Originally on Twitter: [Mon Jul 26 18:06:43 +0000 2021](https://twitter.com/adulau/status/1419720853772804098)) +---- +A small advice for the companies telling loudly “oh yeah this will be open sourced real soon” and then one year later nothing. Tell the truth and then someone can make a real open source project earlier. + + +media/1419767489819467783-E7QHAIdWQAAYjV2.mp4 + +(Originally on Twitter: [Mon Jul 26 21:12:02 +0000 2021](https://twitter.com/adulau/status/1419767489819467783)) +---- +RT @Nxgr_l: I did a thing :) #IcedID #Qiling +https://blogs.vmware.com/security/2021/07/hunting-icedid-and-unpacking-automation-with-qiling.html + +(Originally on Twitter: [Tue Jul 27 08:06:24 +0000 2021](https://twitter.com/adulau/status/1419932167359111179)) +---- +@mireillemoret The interesting aspect is that executing code is often outside many software license such as the GPL and even considered as fair use. + +(Originally on Twitter: [Tue Jul 27 08:36:53 +0000 2021](https://twitter.com/adulau/status/1419939838959276033)) +---- +RT @MISPProject: MISP 2.4.147 released including multiple improvements and bugs/security fixes. #ThreatIntel Don't forget to update your MI… + +(Originally on Twitter: [Tue Jul 27 15:57:50 +0000 2021](https://twitter.com/adulau/status/1420050806154440709)) +---- +@GelosSnake Yes it means it was assigned that year. I remember reporting an IBM Lotus Notes vulnerability years ago, the assignment was that year even it was published some years later. This can be also related to the CNA allocation strategy. + +(Originally on Twitter: [Tue Jul 27 21:39:18 +0000 2021](https://twitter.com/adulau/status/1420136740438876164)) +---- +@GelosSnake It’s clearly not the first time I see this. I remember some cases where they dig in old report with a CVE already assigned for another vulnerability and then discover it’s the still same unfixed vulnerability. 5 months to fix and publish can happen for some vendors. + +(Originally on Twitter: [Tue Jul 27 21:47:01 +0000 2021](https://twitter.com/adulau/status/1420138682854612992)) +---- +If your adversary has less bureaucracy than your organisation, the adversary is most probably winning. + +(Originally on Twitter: [Wed Jul 28 05:57:51 +0000 2021](https://twitter.com/adulau/status/1420262205304487936)) +---- +@Cyr_ Not sure I consider a reinstall procedure as being bureaucracy ;-) Bureaucracy is more the paper work for just paper work without any real objectives. + +(Originally on Twitter: [Wed Jul 28 06:16:04 +0000 2021](https://twitter.com/adulau/status/1420266789225836546)) +---- +@rsmst74 Maybe some. Some large organisations have some time less bureaucracy than some SMEs. + +(Originally on Twitter: [Wed Jul 28 06:18:12 +0000 2021](https://twitter.com/adulau/status/1420267326541344771)) +---- +@treyka @Cyr_ Lol. We are quite fine on that side compared to some ;-) + +(Originally on Twitter: [Wed Jul 28 06:45:58 +0000 2021](https://twitter.com/adulau/status/1420274314365001731)) +---- +RT @jedisct1: Interested in DNS and privacy? sdns://2021 is happening soon! https://sdns2021.dnscrypt.info + +(Originally on Twitter: [Wed Jul 28 10:35:47 +0000 2021](https://twitter.com/adulau/status/1420332148079333376)) +---- +A huge thanks to @b0rce who helped us a lot to better understand our users of @MISPProject and especially the usability perspective. We hope to integrate more recommendations into MISP project during the next months. + +https://mobile.twitter.com/b0rce/status/1420380814509060100 + +(Originally on Twitter: [Wed Jul 28 13:57:27 +0000 2021](https://twitter.com/adulau/status/1420382900030255107)) +---- +@barsteward Maybe the overhead of bureaucracy is transferred to you and your adversary (the other dept) gets less paper work to do ;-) + +(Originally on Twitter: [Wed Jul 28 21:06:11 +0000 2021](https://twitter.com/adulau/status/1420490793324892160)) +---- +@crossdefault @halvarflake Their turnover was around EUR 230 million in 2019. Not sure about all the revenue stream they have but I suppose the cost of operating is significant. Details about their asset in 2015 is available at https://archive.org/details/OsyTechnologiesSarl2015/page/n1/mode/2up + +(Originally on Twitter: [Thu Jul 29 08:44:16 +0000 2021](https://twitter.com/adulau/status/1420666470992949252)) +---- +@GelosSnake This one is more funky... https://cvepremium.circl.lu/cve/CVE-2013-7286 - assigned in 2013 published in 2020 and updated in 2021. (Published in full-disclosure in 2014). My guess, someone trigger the CVE publish a bit too late ;-) + +(Originally on Twitter: [Thu Jul 29 10:17:56 +0000 2021](https://twitter.com/adulau/status/1420690044650721280)) +---- +@BlackMatter23 and IBM is also the company doing everything possible to avoid any interconnection with open source security software. + +(Originally on Twitter: [Fri Jul 30 06:08:51 +0000 2021](https://twitter.com/adulau/status/1420989747615436800)) +---- +RT @Unit42_Intel: We created a Python scrypt that can decrypt and unpack encrypted PlugX payloads. Download the tool and read our technical… + +(Originally on Twitter: [Fri Jul 30 14:06:52 +0000 2021](https://twitter.com/adulau/status/1421110043815157760)) +---- +Seeing the crazy amount of custom fee and VAT for some import from UK to EU, I suppose we will see the old import tradition from the early nineties that travelling over there is cheaper than ordering online. + +(Originally on Twitter: [Sat Jul 31 08:01:19 +0000 2021](https://twitter.com/adulau/status/1421380439948791810)) +---- +@edarchis Indeed the BPOST fee is outrageous... + + +media/1421482544676155392-E7oe1htXEAMjlMW.mp4 + +(Originally on Twitter: [Sat Jul 31 14:47:03 +0000 2021](https://twitter.com/adulau/status/1421482544676155392)) +---- +RT @dcuthbert: There isn't a cybersecurity/IT skills shortage. + +There is a shortage of modern interview skills. We rely too much on outdat… + +(Originally on Twitter: [Thu Aug 05 05:58:45 +0000 2021](https://twitter.com/adulau/status/1423161533048184832)) +---- +RT @gentilkiwi: Windows 365 is expensive and without basic security + +Did #mimikatz dumped my Azure *cleartext* password here? Or my Primar… + +(Originally on Twitter: [Thu Aug 05 14:37:39 +0000 2021](https://twitter.com/adulau/status/1423292118823407632)) +---- +@AlexArchambault Je suppose que la liste des phash ne sera jamais publiquement disponible. Il est donc difficile de tester cette liste pour les faux positifs. Il existe PhotoDNA mais c’est un service cloud et la db NCMEC n’est pas disponible à ma connaissance. Comment valider les recherches ? ![](media/1423539597083123714-E8Fsh6TWUAID0sr.jpg) + +(Originally on Twitter: [Fri Aug 06 07:01:02 +0000 2021](https://twitter.com/adulau/status/1423539597083123714)) +---- +RT @cyb3rops: ProxyLogon is Just the Tip of the Iceberg: A New Attack Surface on Microsoft Exchange Server! + +Great talk by @orange_8361 👍… + +(Originally on Twitter: [Sat Aug 07 06:44:35 +0000 2021](https://twitter.com/adulau/status/1423897843409080324)) +---- +@gchampeau @tnoisette C’est le but d’une CRL et je suppose que la generation d’un nouveau pass sur le site des gouvernements serait avec l’update du timestamp (le champ iat) https://github.com/ehn-dcc-development/hcert-spec/blob/main/hcert_spec.md#336-issued-at pour renouveler son certificat en cas d’abus. + +(Originally on Twitter: [Sun Aug 08 10:44:32 +0000 2021](https://twitter.com/adulau/status/1424320615859826690)) +---- +@NaoCk C’est une belle scutigère (scutigera caleoptrara). Elle mord un peu ;-) + +(Originally on Twitter: [Sun Aug 08 14:25:23 +0000 2021](https://twitter.com/adulau/status/1424376195051835397)) +---- +Trying to understand if the new CSAM scanning from Apple could be triggered with an @ail_project blurred screenshot with CSAM content. Difficult to test as there is no way to check how their ML-based fingerprint database is generated and especially the thresholds used. + +(Originally on Twitter: [Sun Aug 08 15:12:05 +0000 2021](https://twitter.com/adulau/status/1424387947495841800)) +---- +@ThatMSG @ail_project It goes to NCMEC and most probably after review to law enforcement. I’m not even sure that the user is notified in case of a hit. So fuzzing for testing won’t work? or the file is rejected at the end? + +(Originally on Twitter: [Sun Aug 08 16:54:50 +0000 2021](https://twitter.com/adulau/status/1424413806516703237)) +---- +and bam we cannot expect easily a way to test with the dataset. It’s encrypted https://mobile.twitter.com/jonathanmayer/status/1423381993371279360 + +(Originally on Twitter: [Sun Aug 08 17:10:51 +0000 2021](https://twitter.com/adulau/status/1424417838874480644)) +---- +RT @blubbfiction: Cool stuff already contained in the new sigmatools: + +* CIDR matches +* Deferred expressions for matching stuff not possibl… + +(Originally on Twitter: [Mon Aug 09 07:04:56 +0000 2021](https://twitter.com/adulau/status/1424627740477624323)) +---- +RT @angealbertini: I’m looking for a new position (remote work while being based in Germany or local, based near Bodensee). +Any pointers? + +(Originally on Twitter: [Tue Aug 10 06:03:17 +0000 2021](https://twitter.com/adulau/status/1424974614929813522)) +---- +I remember when I used my 2400 baud modem in early nineties. It was an evidence that working remotely would be possible. Nowadays, there are still resistance to do so. Technology is there but the future is late. + +(Originally on Twitter: [Tue Aug 10 06:18:16 +0000 2021](https://twitter.com/adulau/status/1424978385579749384)) +---- +RT @cyb3rops: From MISP to ElastAlert via Sigma + +MISP > Sigmai > Sigma Rule > Sigmac > ElastAlert + +a simple Bash Script by @therealwlambert… + +(Originally on Twitter: [Wed Aug 11 06:25:21 +0000 2021](https://twitter.com/adulau/status/1425342556112621573)) +---- +I think there is an opportunity for a workshop « how to read error messages to not overwhelm open source maintainers » + +(Originally on Twitter: [Thu Aug 12 09:28:49 +0000 2021](https://twitter.com/adulau/status/1425751113362464769)) +---- +RT @malwarelab_eu: #MalwareLabDaily 0xDB +When analyzing a malware, we often need to check if some files are known good or not. There are da… + +(Originally on Twitter: [Fri Aug 13 07:15:25 +0000 2021](https://twitter.com/adulau/status/1426079931772063748)) +---- +@re3data @OpenAIRE_eu Do you plan to have a JSON schema ? + +(Originally on Twitter: [Fri Aug 13 11:40:03 +0000 2021](https://twitter.com/adulau/status/1426146526699589633)) +---- +@alexanderjaeger @TimesketchProj @sigma_hq This is great! Thank you. + + +media/1426232566177308675-E8r-9GrXMAEZrmG.mp4 + +(Originally on Twitter: [Fri Aug 13 17:21:56 +0000 2021](https://twitter.com/adulau/status/1426232566177308675)) +---- +I did an update to the hashlookup-server to add a DFIR session feature to keep track of matching and non-matching hash results. The code is still beta. I'll do an official release soon. + +https://github.com/adulau/hashlookup-server/commit/284e4719c789f2e25966f282da6ab7ebbf534a4f + +https://github.com/adulau/hashlookup-server + +Thanks to @cudeso for the idea. #DFIR ![](media/1426463766196142085-E8vQn-XWYAEjtQw.jpg) + +(Originally on Twitter: [Sat Aug 14 08:40:38 +0000 2021](https://twitter.com/adulau/status/1426463766196142085)) +---- +RT @moltke: In documents from the @snowden archive the NSA proudly described how they built a ‘city in the desert’ and how their bling data… + +(Originally on Twitter: [Sun Aug 15 07:48:51 +0000 2021](https://twitter.com/adulau/status/1426813122254413827)) +---- +RT @horsicq: PDBRipper is an utility for extract an information from PDB-files. + +Version 2.01 + +[+] Many bugs have been fixed. + +https://t.co… + +(Originally on Twitter: [Sun Aug 15 16:01:30 +0000 2021](https://twitter.com/adulau/status/1426937098691559426)) +---- +RT @cudeso: Legal and cooperation frameworks between CSIRTs and law enforcement agencies https://www.vanimpe.eu/2021/08/08/legal-and-cooperation-frameworks-between-csirts-and-law-enforcement-agencies/ + +(Originally on Twitter: [Mon Aug 16 07:35:47 +0000 2021](https://twitter.com/adulau/status/1427172221894733825)) +---- +@clevybencheton LaTeX template, bash with a sed to replace a macro with the name from the list ;-) + +(Originally on Twitter: [Wed Aug 18 16:21:23 +0000 2021](https://twitter.com/adulau/status/1428029269356199949)) +---- +@clevybencheton If you have an SVG a sed would work too ;-) The really ugly one is to use « compose » from imagemagick to add the name on the image. I did it some years ago but you feel dirty afterwards. + +(Originally on Twitter: [Wed Aug 18 16:28:00 +0000 2021](https://twitter.com/adulau/status/1428030933203042304)) +---- +@editingemily icaridin (20% min) works pretty well. + +(Originally on Twitter: [Thu Aug 19 05:43:49 +0000 2021](https://twitter.com/adulau/status/1428231205632286721)) +---- +We just had a look at @projectsigstore and especially https://github.com/sigstore/rekor rekor - it seems to be a great start for a Certificate Transparency of software releases. It also support minisign from @jedisct1 or even ssh keys for signing and different types such as rpm, tuf. + +(Originally on Twitter: [Thu Aug 19 14:18:05 +0000 2021](https://twitter.com/adulau/status/1428360627530072079)) +---- +@veorq @tieum_ Morocco, June 2008? + +(Originally on Twitter: [Fri Aug 20 13:08:03 +0000 2021](https://twitter.com/adulau/status/1428705388883595266)) +---- +@veorq @tieum_ then Abu Dhabi in December 2011 ? Maybe close to "Bab Al Shams" ? I'm so bad with brand of 4X4 by country ;-) + +(Originally on Twitter: [Fri Aug 20 13:33:40 +0000 2021](https://twitter.com/adulau/status/1428711834736107526)) +---- +RT @jstrosch: I'm pleased to announce that #subcrawl is now open-source on Github. #SubCrawl is a modular framework for discovering open di… + +(Originally on Twitter: [Sat Aug 21 07:31:49 +0000 2021](https://twitter.com/adulau/status/1428983161778757633)) +---- +Next time, I apply for an H2020 research project, I will propose "capharnaüm" as a name without ambiguity. + + +media/1429791066530754564-E9ejY-lWYAgYpss.mp4 + +(Originally on Twitter: [Mon Aug 23 13:02:09 +0000 2021](https://twitter.com/adulau/status/1429791066530754564)) +---- +"A Survey on Common Threats in npm and PyPi Registries" + +https://arxiv.org/abs/2108.09576 ![](media/1430115047850848296-E9jKBl0XoAA2B28.jpg) + +(Originally on Twitter: [Tue Aug 24 10:29:32 +0000 2021](https://twitter.com/adulau/status/1430115047850848296)) +---- +In digital forensic theory, there is always a first step which is data acquisition. But the theory always forgets about finding the right disk or device to acquire. If I would get an euro each time I received a wrong disk, I would be rich. #dfir + +(Originally on Twitter: [Tue Aug 24 16:02:09 +0000 2021](https://twitter.com/adulau/status/1430198754997571584)) +---- +@kr_isgelijkaan I'm just rich of knowledge but I learned everything in some obscure association named after a reptile ;-) + +(Originally on Twitter: [Tue Aug 24 18:48:11 +0000 2021](https://twitter.com/adulau/status/1430240539090247686)) +---- +@blackswanburst I thought the tweet would be about Netflow ;-) + +(Originally on Twitter: [Tue Aug 24 20:24:49 +0000 2021](https://twitter.com/adulau/status/1430264858470227969)) +---- +RT @circl_lu: We just added new sources such as CentOS core packages in CIRCL hashlookup. You can easily find from where a specific hash is… + +(Originally on Twitter: [Wed Aug 25 08:57:10 +0000 2021](https://twitter.com/adulau/status/1430454191219253250)) +---- +I wrote a @MISPProject module to query @circl_lu hashlookup service. Any additional ideas are more than welcome ;-) #DFIR https://mobile.twitter.com/MISPProject/status/1430620595142672385 + +(Originally on Twitter: [Wed Aug 25 20:06:49 +0000 2021](https://twitter.com/adulau/status/1430622713115205638)) +---- +@Sebdraven @MISPProject @circl_lu Awesome! Let me know if you have any ideas. Especially for additional data sources for hashlookup. + +(Originally on Twitter: [Wed Aug 25 20:22:20 +0000 2021](https://twitter.com/adulau/status/1430626618364551171)) +---- +@film_girl @migueldeicaza Yggdrasil Linux + +(Originally on Twitter: [Fri Aug 27 05:44:18 +0000 2021](https://twitter.com/adulau/status/1431130431399866372)) +---- +@MarcOverIP Get compromised publicly and then you get the support to disable NTLM and upgrade legacy sh*t. + +(Originally on Twitter: [Fri Aug 27 15:41:42 +0000 2021](https://twitter.com/adulau/status/1431280773517217792)) +---- +RT @ail_project: AIL Framework version 3.7 released with many bugs fixed, improvement and new feeders (including Discord, ActivityPub and R… + +(Originally on Twitter: [Fri Aug 27 21:26:28 +0000 2021](https://twitter.com/adulau/status/1431367536751296514)) +---- +@joelgombin @mart1oeil Par contre le mail des http://gaia-x.eu sont toujours chez Microsoft o365 ;-) ![](media/1431894588642537475-E98ciSwXIAAakqf.jpg) + +(Originally on Twitter: [Sun Aug 29 08:20:47 +0000 2021](https://twitter.com/adulau/status/1431894588642537475)) +---- +@pgl I can tell you the .class gTLD is funky as hell. and some registered well known Java libraries as name ;-) + +(Originally on Twitter: [Mon Aug 30 15:50:58 +0000 2021](https://twitter.com/adulau/status/1432370267960008708)) +---- +To all the infosec and dfir archivists around, I’m searching the old hashkeeper dataset (from the now retired National Drug Intelligence Center). Let me know if you have one and could share it with me. + + +media/1432374401060704269-E-DQ61HWEAoabMm.mp4 + +(Originally on Twitter: [Mon Aug 30 16:07:24 +0000 2021](https://twitter.com/adulau/status/1432374401060704269)) +---- +@DEVCE_CIC @CSOCIntel Thanks but I did and also asked http://archive.org. Those datasets are not there. That’s I’m asking potential people who received it some years ago. + +(Originally on Twitter: [Mon Aug 30 16:51:19 +0000 2021](https://twitter.com/adulau/status/1432385455648030728)) +---- +Thanks to @___wr___ ;-) + +(Originally on Twitter: [Mon Aug 30 20:51:03 +0000 2021](https://twitter.com/adulau/status/1432445786948870146)) +---- +@tuxpanik @Ahugla Yep the only way to get it was to extract the binary database of an old FTK installer ;-) + +(Originally on Twitter: [Mon Aug 30 21:22:32 +0000 2021](https://twitter.com/adulau/status/1432453706973392899)) +---- +As a digital forensic investigator or malware reverser, what’s the most useful fuzzy hashing (Context Triggered Piecewise Hashing ) algorithm for your day-to-day activities? + +(Originally on Twitter: [Tue Aug 31 15:47:27 +0000 2021](https://twitter.com/adulau/status/1432731768919048196)) +---- +@tuxpanik @Ahugla ;-) https://misp.github.io/misp-modules/expansion/#hashlookup + +(Originally on Twitter: [Tue Aug 31 20:21:16 +0000 2021](https://twitter.com/adulau/status/1432800676556455937)) +---- +@DavidGlaude It’s still a topic in DFIR https://kclpure.kcl.ac.uk/portal/files/138758922/WSDF_2020_invited_final.pdf and sometime the incident from Belgium is used in some cases. + +(Originally on Twitter: [Wed Sep 01 05:57:48 +0000 2021](https://twitter.com/adulau/status/1432945768990642176)) +---- +I'm still really wondering why some universities cursus are still very old style and don't embrace stuff such as git, markdown, open source contribution and collaboration while teaching. Is it just a matter of laziness or an interest to maintain a status-quo? + +(Originally on Twitter: [Wed Sep 01 20:38:02 +0000 2021](https://twitter.com/adulau/status/1433167286454657028)) +---- +@_msw_ "Our account manager needs to know how many CPUs you have on your system" + +(Originally on Twitter: [Sat Sep 04 07:20:27 +0000 2021](https://twitter.com/adulau/status/1434053730085871621)) +---- +RT @FDezeure: Announcing the 8th EU ATT&CK Workshop on 22 October. https://attack-community.org/event/. News from @MITREattack and best practices prese… + +(Originally on Twitter: [Sat Sep 04 07:59:38 +0000 2021](https://twitter.com/adulau/status/1434063589833326594)) +---- +@gchampeau Pour exister, les monnaies fiduciaires utilisent de l’énergie pour simplement avoir une existence sur un marché. La partie forex et principalement le trading est un des plus gros marché. L'infrastructure en place est significative aussi. Mais comment calculer l’énergie utilisée? + +(Originally on Twitter: [Sun Sep 05 20:17:23 +0000 2021](https://twitter.com/adulau/status/1434611640171958277)) +---- +The @SNCB is teaching how to react when something is broken in their app. « Disable the feedback » and by the way the application search is still broken for many users. #uxdesign ![](media/1434763645930573828-E-lNZJcWUAAXL9X.jpg) + +(Originally on Twitter: [Mon Sep 06 06:21:24 +0000 2021](https://twitter.com/adulau/status/1434763645930573828)) +---- +@MaliciaRogue C’est même une belle menace pour les clients et opérateurs/vendeurs d’outils/services de surveillance ;-) + +(Originally on Twitter: [Mon Sep 06 11:12:59 +0000 2021](https://twitter.com/adulau/status/1434837024956108801)) +---- +@DraakBZH @gchampeau Si vous connaissez des références à des publications scientifiques sur les coûts énergétiques pour les marchés financiers incluant la partie « high-frequency trading » et/ou la partie forex inter-bancaires, je suis curieux. + +(Originally on Twitter: [Mon Sep 06 11:53:13 +0000 2021](https://twitter.com/adulau/status/1434847148693143558)) +---- +RT @rafi0t: Sometimes, colleagues, especially @chrisred_68, the poor, poor soul developing the STIX2 connector for @MISPProject, throw a t… + +(Originally on Twitter: [Tue Sep 07 19:12:51 +0000 2021](https://twitter.com/adulau/status/1435320176568852485)) +---- +@rafi0t @chrisred_68 @MISPProject + + +media/1435320324187426825-E-tIOPVXIAkxQNF.mp4 + +(Originally on Twitter: [Tue Sep 07 19:13:26 +0000 2021](https://twitter.com/adulau/status/1435320324187426825)) +---- +@rafi0t @chrisred_68 @MISPProject I suppose it’s maybe related to the triangle of security promoted by Rudy? + + +media/1435322239843504136-E-tJ9sDXEAQ6-Bl.mp4 + +(Originally on Twitter: [Tue Sep 07 19:21:03 +0000 2021](https://twitter.com/adulau/status/1435322239843504136)) +---- +RT @cyb3rops: Sigma rule to detect CVE-2021-40444 exploitation activity + +- Office program with control.exe child seems to be stable enough… + +(Originally on Twitter: [Thu Sep 09 08:13:57 +0000 2021](https://twitter.com/adulau/status/1435879133008080897)) +---- +RT @circl_lu: CIRCL hashlookup has been updated including the new @NIST NSRL September 2021 dataset and new additional sources. #dfir #for… + +(Originally on Twitter: [Thu Sep 09 20:12:30 +0000 2021](https://twitter.com/adulau/status/1436059962904559616)) +---- +RT @matrixdotorg: Pre-disclosure: we are planning a coordinated security release of several Matrix clients starting ~1pm UK (UTC+1) Monday… + +(Originally on Twitter: [Fri Sep 10 16:40:49 +0000 2021](https://twitter.com/adulau/status/1436369077690322946)) +---- +@wimremes Take care! and rest. + +(Originally on Twitter: [Fri Sep 10 21:25:39 +0000 2021](https://twitter.com/adulau/status/1436440759943696387)) +---- +RT @h2jazi: This is interesting! It is using "Cybersecurity in the EU Common Security and Defense Policy" as lure. + +ee1b63ac2915999ae0951f8… + +(Originally on Twitter: [Sat Sep 11 06:13:43 +0000 2021](https://twitter.com/adulau/status/1436573649985736704)) +---- +RT @matte_lodi: with the new @intel_owl version we have integrated the recent hashlookup server project (https://github.com/adulau/hashlookup-server) by @adula… + +(Originally on Twitter: [Tue Sep 14 15:03:12 +0000 2021](https://twitter.com/adulau/status/1437794066096349198)) +---- +@matte_lodi @intel_owl That’s great, thanks for the integration. The public @circl_lu hashlookup service contains around 1.7 billion hashes of know sources. https://www.circl.lu/services/hashlookup/ from various public sources. + +(Originally on Twitter: [Tue Sep 14 15:07:13 +0000 2021](https://twitter.com/adulau/status/1437795073421361161)) +---- +RT @MISPProject: Virtual MISP Summit 0x06 - Thursday 21st October 2021. +Registration is now open. +Do you want to present or show how you us… + +(Originally on Twitter: [Wed Sep 15 07:50:42 +0000 2021](https://twitter.com/adulau/status/1438047611487932417)) +---- +Lazy tweet for people doing natural language processing. Is there any "super fast and memory efficient" open source library to check if a word is out-of-vocabulary or not? @spacy_io any idea? beside doing a Bloom filter per dictionary. + +(Originally on Twitter: [Wed Sep 15 13:54:19 +0000 2021](https://twitter.com/adulau/status/1438139118781861892)) +---- +@PatriceAuffret @spacy_io It’s more for @ail_project and finding a way to quickly discriminate specific tokens for further processing and detection. At the end, it’s a kind of Scrabble at high speed ;-) + +(Originally on Twitter: [Wed Sep 15 18:35:02 +0000 2021](https://twitter.com/adulau/status/1438209761510572033)) +---- +Don't forget to submit your proposal for the Virtual MISP summit https://cfp.hack.lu/misp-2021/cfp if you did open source or even proprietary integration with @MISPProject . Submit a talk, it's a nice way to share and discuss with the MISP community. #threatintelligence #infosec + +(Originally on Twitter: [Thu Sep 16 15:15:04 +0000 2021](https://twitter.com/adulau/status/1438521825135235074)) +---- +I love when @SNCB does it well. Thanks to them for taking care of bikes and good products. ![](media/1438544013980753922-E_a7r_bWUAQliYL.jpg) + +(Originally on Twitter: [Thu Sep 16 16:43:14 +0000 2021](https://twitter.com/adulau/status/1438544013980753922)) +---- +@davidonzo @SNCB Nope just saw it in the bike area of the train between Luxembourg and Belgium. + +(Originally on Twitter: [Thu Sep 16 17:08:23 +0000 2021](https://twitter.com/adulau/status/1438550341893623811)) +---- +@alexanderjaeger @SNCB lol it’s not my bike 😀 + +(Originally on Twitter: [Thu Sep 16 17:11:17 +0000 2021](https://twitter.com/adulau/status/1438551074328260618)) +---- +@Iglocska @alexanderjaeger @SNCB I found a CCTV sequence of the real story ;-) + + +media/1438557354740658177-E_bISPlXMAIpiAx.mp4 + +(Originally on Twitter: [Thu Sep 16 17:36:15 +0000 2021](https://twitter.com/adulau/status/1438557354740658177)) +---- +@inversecos @blubbfiction Maybe interesting to update the @MISPProject galaxy for o365 https://github.com/MISP/misp-galaxy/blob/main/galaxies/o365-exchange-techniques.json ? + +(Originally on Twitter: [Fri Sep 17 05:44:31 +0000 2021](https://twitter.com/adulau/status/1438740630100979714)) +---- +You know what's the main similarity between an open source developer from China and France. It's not uncommon to see their @github README in their own language only. + +(Originally on Twitter: [Fri Sep 17 13:12:46 +0000 2021](https://twitter.com/adulau/status/1438853438226550787)) +---- +RT @gallypette: @adulau @github ie. https://github.com/graphlab-fr/cosma it looks like a good alternative to obsidian but it stays completely under the… + +(Originally on Twitter: [Fri Sep 17 13:19:38 +0000 2021](https://twitter.com/adulau/status/1438855165189181443)) +---- +We published a first Internet-Draft for the hashlookup format. The one used on http://hashlookup.circl.lu - it's still in early design, feedback is more than welcome. Thanks to @gallypette and @_aaron_kaplan_ for the contributions. #DFIR #forensic + +https://www.ietf.org/archive/id/draft-dulaunoy-hashlookup-format-01.html + +(Originally on Twitter: [Fri Sep 17 14:03:29 +0000 2021](https://twitter.com/adulau/status/1438866200226934795)) +---- +RT @decalage2: Some CVE-2021-40444 DOCX samples are starting to use XML obfuscation techniques such as character entities (&#xx) to hide UR… + +(Originally on Twitter: [Sat Sep 18 16:51:57 +0000 2021](https://twitter.com/adulau/status/1439270984956194828)) +---- +@vtxproject Looks cool. What’s your commitment regarding the open source strategy? will you keep it open source on the long-term? + +(Originally on Twitter: [Sat Sep 18 18:05:00 +0000 2021](https://twitter.com/adulau/status/1439289365939867648)) +---- +@blubbfiction @inversecos @MISPProject That's great! I just merged it. It will be in the next release of MISP. + + +media/1439344604575318034-E_mUR64X0AMmIHG.mp4 + +(Originally on Twitter: [Sat Sep 18 21:44:30 +0000 2021](https://twitter.com/adulau/status/1439344604575318034)) +---- +"What are the attackers doing now? Automating cyberthreat intelligence extraction from text on pace with the changing threat landscape: A survey" +https://arxiv.org/pdf/2109.06808.pdf +A very good SOTA about CTI extraction with a coherent pipeline proposed including @MISPProject standards. ![](media/1439589538070945793-E_pxQ8aWQAEY7sj.jpg) + +(Originally on Twitter: [Sun Sep 19 13:57:46 +0000 2021](https://twitter.com/adulau/status/1439589538070945793)) +---- +I just added a companion to @cve_search called CPE guesser to guess the CPE name based on a list of keywords. It's also available online: + +curl -s -X POST https://cpe-guesser.cve-search.org/search -d "{\"query\": [\"outlook\", \"connector\"]}" + +Source code and explanation: https://github.com/cve-search/cpe-guesser + + +media/1439971128198541323-E_vOGqrWEAE2AY8.mp4 + +(Originally on Twitter: [Mon Sep 20 15:14:04 +0000 2021](https://twitter.com/adulau/status/1439971128198541323)) +---- +The algorithm is super simple and based on a reverse index of the words seen in the CPE name. Again, this software came from a frustration to find the proper vulnerability without knowing the exact CPE or finding the most-used ones. Feedback and pull-request(s) welcome. + +(Originally on Twitter: [Mon Sep 20 15:14:05 +0000 2021](https://twitter.com/adulau/status/1439971130866028547)) +---- +What do you regulate? the execution, distribution? is this the expression (implementation) of an algorithm? so you put algorithmic limitation in software? what do you do with open source software implementing it? Is this again an oxymora like DRM in open source software ;-) + +(Originally on Twitter: [Tue Sep 21 05:30:47 +0000 2021](https://twitter.com/adulau/status/1440186726048092162)) +---- +“Algorithmic regulation: A maturing concept for investigating regulation of and through algorithms” + +https://onlinelibrary.wiley.com/doi/full/10.1111/rego.12437 + +I’m wondering how this can go more than just wishful thinking? Maths cannot be patented then how are you supposed to regulate it? + +(Originally on Twitter: [Tue Sep 21 05:30:47 +0000 2021](https://twitter.com/adulau/status/1440186723909062658)) +---- +@pro_integritate For software it’s indeed the case but the maths (fundamental research) behind are not covered by such export license or EAR. That’s why I was wondering how this can be really regulated at the end. + +(Originally on Twitter: [Tue Sep 21 05:48:52 +0000 2021](https://twitter.com/adulau/status/1440191276435996677)) +---- +@Sebdraven C’est factuel des deux côtés ? ou ces quelques pages montrent la possibilité de changer le niveau de confidence de ce rapport ? + +(Originally on Twitter: [Tue Sep 21 20:36:49 +0000 2021](https://twitter.com/adulau/status/1440414738257637379)) +---- +@_msw_ Yep, this is usually the most painful experience when trying to read a man page. By the way, for the ones writing man pages https://github.com/apjanke/ronn-ng/ ronn markup is a good alternative (an extended Markdown format) to produce roff. + +(Originally on Twitter: [Wed Sep 22 05:25:02 +0000 2021](https://twitter.com/adulau/status/1440547667625480200)) +---- +Take any computer science problem which looks simple on the surface, scratch it, look at it, test and then discover this giant hole of ignorance on the subject. If you tackle the issue on a very long period, you might discover some knowledge to fill the hole. #infosec ![](media/1440774731276292097-E_6o1-eUcAUqbns.jpg) + +(Originally on Twitter: [Wed Sep 22 20:27:18 +0000 2021](https://twitter.com/adulau/status/1440774731276292097)) +---- +@clevybencheton Before doing any regulation on 20EUR equipments, it would be more useful to have an equivalent to the FCC in Europe. The only way to get technical info of a crappy device is to use the FCC id and go to the FCC website. + +(Originally on Twitter: [Thu Sep 23 05:31:52 +0000 2021](https://twitter.com/adulau/status/1440911772593098756)) +---- +RT @MISPProject: Open Source Security hackathon - Monday 25th October 2021 and Tuesday 26th October 2021 - don't hesitate to join us @MISPP… + +(Originally on Twitter: [Thu Sep 23 14:22:54 +0000 2021](https://twitter.com/adulau/status/1441045412455059456)) +---- +I have a huge respect for @Andrew___Morris work and what he achieved with @GreyNoiseIO . Now the job openings, the information shared with the applicants about the full process is incredible. Many companies should learn from them. 👍🏻 https://jobs.greynoise.io/sr-software-engineer/en ![](media/1441117830934515719-E__f6IjVcAwSu4A.jpg) + +(Originally on Twitter: [Thu Sep 23 19:10:40 +0000 2021](https://twitter.com/adulau/status/1441117830934515719)) +---- +@b0rce @MISPProject @ACSAC_Conf @SnT_uni_lu @uni_lu @FnrLux Well done! + + +media/1441351973526282240-FAC1-nMVgAYiWeD.mp4 + +(Originally on Twitter: [Fri Sep 24 10:41:04 +0000 2021](https://twitter.com/adulau/status/1441351973526282240)) +---- +RT @cbrocas: IT Security team from @ameli_actu (French public Health Insurance) has launched its blog site to contribute back to the Securi… + +(Originally on Twitter: [Fri Sep 24 20:07:47 +0000 2021](https://twitter.com/adulau/status/1441494592956817414)) +---- +RT @uhoelzle: A trip down memory lane...exactly 23 years ago Google signed its first datacenter contract.  Let's walk through the lease in… + +(Originally on Twitter: [Mon Sep 27 06:21:11 +0000 2021](https://twitter.com/adulau/status/1442373737865641994)) +---- +@aris_ada and their security is also a f*cking joke. + +(Originally on Twitter: [Mon Sep 27 16:05:15 +0000 2021](https://twitter.com/adulau/status/1442520723004743685)) +---- +We had a meeting with @qjerom @0xrawsec about WHIDS and the integration of his cool Open Source EDR for Windows with @MISPProject - the integration will be available in the next weeks ;-) https://github.com/0xrawsec/whids #opensource #infosec + +(Originally on Twitter: [Mon Sep 27 19:38:46 +0000 2021](https://twitter.com/adulau/status/1442574454404440069)) +---- +RT @0xrawsec: @adulau @qjerom @MISPProject Spoiler about a coming plugin to automatically push EDR detection reports to @MISPProject. Detec… + +(Originally on Twitter: [Wed Sep 29 04:34:18 +0000 2021](https://twitter.com/adulau/status/1443071612958429189)) +---- +@Ko97551819 Lol. I love the light on the second one. + +(Originally on Twitter: [Wed Sep 29 15:52:26 +0000 2021](https://twitter.com/adulau/status/1443242271332241417)) +---- +@r00tbsd I’m always jealous of Ivan color hair! + + +media/1443255896625360906-FAd5lXJWEAc9TNH.mp4 + +(Originally on Twitter: [Wed Sep 29 16:46:34 +0000 2021](https://twitter.com/adulau/status/1443255896625360906)) +---- +RT @cudeso: Just found out that the @ail_project has a feeder for content from Telegram channels. https://github.com/ail-project/ail-feeder-telegram (you have to know… + +(Originally on Twitter: [Fri Oct 01 04:35:34 +0000 2021](https://twitter.com/adulau/status/1443796709721710592)) +---- +First day of a new month, many systems ask you for an update of your password. Then you enter a full SHA-512 hex representation, password is not complex enough, then you add a special character at the end, password is too long, then you truncate it to 10 bytes. + + +media/1443844417169862657-FAmQ1vuXMC83ogP.mp4 + +(Originally on Twitter: [Fri Oct 01 07:45:09 +0000 2021](https://twitter.com/adulau/status/1443844417169862657)) +---- +RT @d4_project: The @d4_project team (@Terrtia @gallypette @adulau @chrisred_68 ) will join the @circl_lu / @MISPProject hackathon (Monday… + +(Originally on Twitter: [Fri Oct 01 14:52:03 +0000 2021](https://twitter.com/adulau/status/1443951850487697408)) +---- +RT @cudeso: Open Letter: 81 organizations and cybersecurity experts call on the Belgian Government to halt legislation to undermine end-to-… + +(Originally on Twitter: [Sat Oct 02 10:29:03 +0000 2021](https://twitter.com/adulau/status/1444248055616876548)) +---- +I just released a first version (0.1) hashlookup-forensic-analyser to find files which are known or not against @circl_lu hashlookup service. Quickly tested on some compromised Linux boxes, it really helps in forensic triage. #DFIR #opensource +https://github.com/hashlookup/hashlookup-forensic-analyser ![](media/1444612394337148931-FAxKcoAWEAgm87K.jpg) + +(Originally on Twitter: [Sun Oct 03 10:36:49 +0000 2021](https://twitter.com/adulau/status/1444612394337148931)) +---- +@digihash @sansforensics Oh cool. I’m curious if you did some tests with hashlookup and especially if you have some ideas for additional features. Enjoy Berlin! + +(Originally on Twitter: [Sun Oct 03 11:10:54 +0000 2021](https://twitter.com/adulau/status/1444620972150112259)) +---- +@digihash @sansforensics Nice! There is also a hashlookup misp module for expansion which works quite well. + +(Originally on Twitter: [Sun Oct 03 11:13:39 +0000 2021](https://twitter.com/adulau/status/1444621667381268483)) +---- +The hard reminder of the day, don't run a Redis BGSAVE on the 1st Sunday of the Month when a Linux checkarray is also running on the same software RAID. + + +media/1444677560479145989-FAyGlHpXoAEg1aG.mp4 + +(Originally on Twitter: [Sun Oct 03 14:55:45 +0000 2021](https://twitter.com/adulau/status/1444677560479145989)) +---- +In the never ending quest of tempest attacks, "LANTENNA: Exfiltrating Data from Air-Gapped Networks via Ethernet Cables" https://arxiv.org/abs/2110.00104 ![](media/1445114778352066569-FA4Td76WEAUujv6.png) + +(Originally on Twitter: [Mon Oct 04 19:53:06 +0000 2021](https://twitter.com/adulau/status/1445114778352066569)) +---- +RT @circl_lu: We just added @cdnjs hash values in CIRCL hashlookup public service and it will be updated on a daily basis. #dfir #hashlook… + +(Originally on Twitter: [Tue Oct 05 12:36:06 +0000 2021](https://twitter.com/adulau/status/1445367190115475465)) +---- +I remember arguing with an auditor about physical security of racks and especially physical key locks. The auditor wrote a negative mark as the locks were non managed centrally and physical. + +(Originally on Twitter: [Wed Oct 06 05:30:40 +0000 2021](https://twitter.com/adulau/status/1445622515913551872)) +---- +@sk0ll1 His point of view was: it is “lowtek” then it’s insecure. + +(Originally on Twitter: [Wed Oct 06 20:13:53 +0000 2021](https://twitter.com/adulau/status/1445844782744440833)) +---- +The @Twitch leak showed me a competent security team having design proper pipelines, custom search queries for their SIEM, adequate and advanced monitoring using @osquery and custom logging for their infrastructure. + +(Originally on Twitter: [Thu Oct 07 08:16:14 +0000 2021](https://twitter.com/adulau/status/1446026570217533442)) +---- +@lhausermann @Twitch @osquery 9166321a29a78b7722d6c8e101230fae4062a663 http://security.zip - multiple git repositories tails, splunk-saved-searches and many others. + +(Originally on Twitter: [Fri Oct 08 04:43:59 +0000 2021](https://twitter.com/adulau/status/1446335542187151398)) +---- +@tricaud @kwestin @BillieGoatin and @qjerom leads this open source project. A great guy! + +(Originally on Twitter: [Fri Oct 08 18:35:08 +0000 2021](https://twitter.com/adulau/status/1446544707249745927)) +---- +If you use @MISPProject and want to share your experience, project or integration the CfP for the MISP summit (Thursday 21st October 2021) is still open. #opensource #infosec #ThreatIntel + +https://cfp.hack.lu/misp-2021/ + +(Originally on Twitter: [Fri Oct 08 20:14:52 +0000 2021](https://twitter.com/adulau/status/1446569806103261187)) +---- +@fredraynal I rarely see a good reason for NDA with a vuln disclosure process. I remember only one where it was a bug in an FPGA and they required to go to each customer for replacing hardware in a critical infra. And an agreement was made to ensure the embargo is respected. So it's rare. + +(Originally on Twitter: [Sat Oct 09 07:04:05 +0000 2021](https://twitter.com/adulau/status/1446733186038390786)) +---- +@btreguier @M4tlink @renaud_lehoux Tu peux aussi utiliser @circl_lu hashlookup en vérifiant le hash de la librairie et voir si ce n'est pas d'une autre origine malgré un nom identique. + +https://circl.lu/services/hashlookup/ + +(Originally on Twitter: [Sat Oct 09 08:38:18 +0000 2021](https://twitter.com/adulau/status/1446756896652894208)) +---- +RT @bortzmeyer: RFC 9132: DOTS Signal Channel Specification + +DOTS vise à permettre au client d'un service anti-#dDoS de demander au service… + +(Originally on Twitter: [Sun Oct 10 15:56:19 +0000 2021](https://twitter.com/adulau/status/1447229515831422987)) +---- +This moment when you discover the library that you worked on the past days is already an open source repository on @github with zero stars, no README file and much better. + + +media/1447266425903755266-FBW5I5_WYAw6iCS.mp4 + +(Originally on Twitter: [Sun Oct 10 18:22:59 +0000 2021](https://twitter.com/adulau/status/1447266425903755266)) +---- +@PolBegov Une « task force » c’est juste cacher la source… l’investissement ICT est déjà minimal dans plusieurs organisations alors la partie sécurité est encore plus négligée. C’est le cas pour la grande majorité des démocraties à travers le monde. + +(Originally on Twitter: [Sun Oct 10 18:38:14 +0000 2021](https://twitter.com/adulau/status/1447270264316829699)) +---- +@dawiddczarnecki Recommended fix or ways to solve the security issues should be part of best practices when reporting a security vulnerability. I have seen a wide range of practices from reporting without any information up to reporters providing patches and pull-requests to existing projects. + +(Originally on Twitter: [Sun Oct 10 20:22:16 +0000 2021](https://twitter.com/adulau/status/1447296444956880901)) +---- +@HaboubiAnis @PolBegov Il faut un « incentive » comme par exemple la réduction des charges sociales s’il y a du personnel interne en charge de la sécurité comme un CISO et/ou du personnel ICT en sécurité. + +(Originally on Twitter: [Mon Oct 11 07:14:44 +0000 2021](https://twitter.com/adulau/status/1447460642286411778)) +---- +RT @UYBHYS: [Workshop] +> Vendredi 12 nov #Brest #UYBHYS +> Sujet: @MISPProject (outil incontournable pour un #CERT) by @circl_lu +> de 14h à… + +(Originally on Twitter: [Mon Oct 11 13:47:50 +0000 2021](https://twitter.com/adulau/status/1447559571015442435)) +---- +@cyb3rops 58% of a random stream is still a random stream. ![](media/1447598298114691078-FBbm2fLXIAYz53V.jpg) + +(Originally on Twitter: [Mon Oct 11 16:21:44 +0000 2021](https://twitter.com/adulau/status/1447598298114691078)) +---- +@digihash @MISPProject @OASISopen It depends of your source. Very often sources are producing files which are not validating with the official validator. + +(Originally on Twitter: [Tue Oct 12 13:13:11 +0000 2021](https://twitter.com/adulau/status/1447913238541357064)) +---- +RT @0xrawsec: The repository also contains working plugins to bind WHIDS and @MISPProject together for faster #DFIR and better monitoring.… + +(Originally on Twitter: [Tue Oct 12 13:21:07 +0000 2021](https://twitter.com/adulau/status/1447915235529080843)) +---- +RT @mjos_crypto: My little Ring Oscillator stochastic model paper will appear in http://asianhost.org/2021/ 😊 .. so I uploaded it to IACR ePr… + +(Originally on Twitter: [Tue Oct 12 13:23:19 +0000 2021](https://twitter.com/adulau/status/1447915786631356422)) +---- +@digihash @MISPProject @OASISopen Currently it’s only the 2.1 export in MISP core, the rest will follow. + +(Originally on Twitter: [Tue Oct 12 13:39:20 +0000 2021](https://twitter.com/adulau/status/1447919820419342336)) +---- +@treyka @digihash @MISPProject @OASISopen Indeed and the specs are usually as clear as the water where the horse is ;-) + +(Originally on Twitter: [Tue Oct 12 13:40:15 +0000 2021](https://twitter.com/adulau/status/1447920049793245194)) +---- +@avilarenata Congrats! Nice to see great people driving such critical initiative. + +(Originally on Twitter: [Tue Oct 12 13:45:11 +0000 2021](https://twitter.com/adulau/status/1447921293022617604)) +---- +@H_Miser C'est un point super important. Je me souviens de détection à cause d'une popup authentication proxy sur des acrobat readers ou des applications qui n'étaient pas censées de faire des connexions TCP. + +(Originally on Twitter: [Tue Oct 12 15:18:17 +0000 2021](https://twitter.com/adulau/status/1447944721356165125)) +---- +@rafi0t I really see a trend from the past twenty years. The lifetime of a library has been shortened significantly. When starting a new software project, I evaluate the option to take over the maintenance of the used libraries. We will all die alone with our maintained software ;-) + +(Originally on Twitter: [Wed Oct 13 19:00:32 +0000 2021](https://twitter.com/adulau/status/1448363040294981636)) +---- +@rafi0t Yep focusing on simple libraries doing something well and being stable is a good strategy. The rest is just putting all your software at risk. + +(Originally on Twitter: [Wed Oct 13 19:12:53 +0000 2021](https://twitter.com/adulau/status/1448366147452145666)) +---- +@hubertguillaud @framaka @valeriepeugeot @Calimaq @NumEnCommuns @Silvae J’ai essayé de savoir si le dataset (le dictionnaire) est disponible en licence libre. Mais cela ne semble pas disponible… + +(Originally on Twitter: [Wed Oct 13 19:49:20 +0000 2021](https://twitter.com/adulau/status/1448375319786893313)) +---- +RT @gallypette: I was seeking to download the tor browser bundle using my tor browser bundle. I hope it's legit. ![](media/1448646205433532433-FBqffckVEBMTCTN.jpg) + +(Originally on Twitter: [Thu Oct 14 13:45:44 +0000 2021](https://twitter.com/adulau/status/1448646205433532433)) +---- +@thepacketrat We also welcome you the tea and cats club ;-) + +(Originally on Twitter: [Thu Oct 14 17:18:59 +0000 2021](https://twitter.com/adulau/status/1448699871221923841)) +---- +RT @quarkslab: We recently switched from IRC to @Mattermost and took the opportunity to develop an end-to-end encryption plugin! Let's welc… + +(Originally on Twitter: [Thu Oct 14 18:09:03 +0000 2021](https://twitter.com/adulau/status/1448712469799702528)) +---- +RT @jtkristoff: Weekend Reads: + +* TCP congestion control book https://tcpcc.systemsapproach.org/ +* Nations transit concentration https://t.co/X9LqKiCY… + +(Originally on Twitter: [Fri Oct 15 20:30:46 +0000 2021](https://twitter.com/adulau/status/1449110522511646721)) +---- +We try to improve how open data is shared and especially how the metadata are described when sharing network security dataset. Feedback welcome! + +https://www.variot.eu/2021/10/07/publishing-open-data-in-the-cyber-security-field/ + +@VARIoT_project @circl_lu @EU_HaDEA + +(Originally on Twitter: [Sat Oct 16 07:00:04 +0000 2021](https://twitter.com/adulau/status/1449268890102648834)) +---- +hashlookup-forensic-analyser v0.2 released with some improvements in the CSV export. + +Release: https://github.com/hashlookup/hashlookup-forensic-analyser/releases/tag/v0.2 + +About @circl_lu hashlookup service - how to improve your digital forensic investigations: +https://gist.github.com/adulau/e9e95fead4f32ac0fe725cb2a32fdb51 + +#DFIR #infosec #opensource #nsrl + +(Originally on Twitter: [Sat Oct 16 15:14:15 +0000 2021](https://twitter.com/adulau/status/1449393256853278725)) +---- +@jaimeblascob Good luck for the future! I’m sure you’ll rock the place. + +(Originally on Twitter: [Sat Oct 16 16:22:43 +0000 2021](https://twitter.com/adulau/status/1449410485389041670)) +---- +@ObnoxiousJul Finalement les fertilisants organiques vont redevenir financièrement plus intéressant. Au final le lisier (et dans une moindre mesure le fumier) qui étaient une source de problèmes vont devenir un produit à haute valeur. Et la méthanisation va aussi entrer en concurrence… + +(Originally on Twitter: [Sun Oct 17 14:19:05 +0000 2021](https://twitter.com/adulau/status/1449741760859619334)) +---- +@ObnoxiousJul C'est plus de boulot, cela demande une plus grande réflexion sur les tailles de culture. Pour le maraîchage, cela fonctionne plutôt bien mais c'est en effet un peu plus de temps. Dans nos régions (sud de la Belgique) cela revient dans les pratiques des producteurs locaux. + +(Originally on Twitter: [Sun Oct 17 19:35:05 +0000 2021](https://twitter.com/adulau/status/1449821286780346370)) +---- +@ObnoxiousJul Oui pour les productions industrielles de masse cela demande de changer les pratiques, augmenter la main d'oeuvre et réduire les surfaces. Mais on le savait depuis longtemps que l'agriculture industrielle subventionnée n'était que temporaire. + +(Originally on Twitter: [Sun Oct 17 19:38:40 +0000 2021](https://twitter.com/adulau/status/1449822188459134977)) +---- +RT @circl_lu: We (@gallypette and @adulau) will present at @securepl about our ongoing monitoring techniques of a botnet using Tor. It's a… + +(Originally on Twitter: [Mon Oct 18 11:56:21 +0000 2021](https://twitter.com/adulau/status/1450068227963371526)) +---- +RT @cyb3rops: In ~80% of the APT cases in the years 2012 to 2019 (when I got out of IR) we found evidence in Antivirus logs of the affected… + +(Originally on Twitter: [Mon Oct 18 16:31:24 +0000 2021](https://twitter.com/adulau/status/1450137446260350986)) +---- +@cudeso @MISPProject The agenda will be published tomorrow. + +(Originally on Twitter: [Tue Oct 19 15:40:25 +0000 2021](https://twitter.com/adulau/status/1450487005624905733)) +---- +Just released v1.0 of the CPE guesser to find CPE(s) from a set of keywords. You can run the software locally or use the public online version. #vulnerability #opensource #infosec + +https://github.com/cve-search/cpe-guesser/releases/tag/v1.0 + +Thanks to @oh2fih for the contributions. @cve_search @cvebase @CVEnew + +(Originally on Twitter: [Tue Oct 19 16:42:20 +0000 2021](https://twitter.com/adulau/status/1450502587103469574)) +---- +RT @mattblaze: @TypeMRT Software-based systems are inherently unreliable, especially against malicious tampering. This has at its roots fou… + +(Originally on Twitter: [Tue Oct 19 18:52:00 +0000 2021](https://twitter.com/adulau/status/1450535219023564806)) +---- +Watching live the Federal police in Brazil using @MISPProject at the MISP summit. An interesting overview of all the challenges from the law enforcement perspective. + +https://twitter.com/MISPProject/status/1451150805277499398 + +(Originally on Twitter: [Thu Oct 21 13:52:42 +0000 2021](https://twitter.com/adulau/status/1451184671778242580)) +---- +RT @testanull: Just published some details about the CVE-2021–35215, SolarWinds Orion Deserialization to RCE. +The second part will come wi… + +(Originally on Twitter: [Fri Oct 22 04:59:30 +0000 2021](https://twitter.com/adulau/status/1451412877387124750)) +---- +@ancailliau I'll push the pre-print soon. + +(Originally on Twitter: [Fri Oct 22 08:45:16 +0000 2021](https://twitter.com/adulau/status/1451469694062546949)) +---- +RT @climagic: Print an access_log with indicator chart bars under each request line to show the size of the data transfer using log() to ke… + +(Originally on Twitter: [Sat Oct 23 09:09:58 +0000 2021](https://twitter.com/adulau/status/1451838295449735170)) +---- +@GunstickULM @climagic That's super cool! Thanks for sharing. + +(Originally on Twitter: [Sat Oct 23 12:12:29 +0000 2021](https://twitter.com/adulau/status/1451884226844971013)) +---- +RT @cerebrateproje1: Cerebrate 1.0 released - the companion to ISACs, CSIRTs and SOCs. + +Cerebrate is an open-source platform meant to act a… + +(Originally on Twitter: [Sat Oct 23 14:00:34 +0000 2021](https://twitter.com/adulau/status/1451911428697374722)) +---- +RT @CuratedIntel: Learn about the Initial Access Broker (IAB) space with this new visual! + +Created by @TrevorGiffen with notable peer revie… + +(Originally on Twitter: [Sat Oct 23 15:19:54 +0000 2021](https://twitter.com/adulau/status/1451931395694071810)) +---- +@MISPProject @cudeso My guess someone has been to the "M&E" trainings. + +(Originally on Twitter: [Sat Oct 23 21:03:23 +0000 2021](https://twitter.com/adulau/status/1452017834452783104)) +---- +More your dependency, build and testing pipeline is complex for an open source project, the more you open it to bugs, security issues & long-term maintainability issues. + +If I find a 20 years old C library, it builds. If I find code in a "modern" language, it's already outdated. + +(Originally on Twitter: [Sun Oct 24 06:40:54 +0000 2021](https://twitter.com/adulau/status/1452163172580921348)) +---- +@manhack IMHO c'est lié à une mauvaise interprétation du papier de Robert Morris (père) et Ken Thompson (1979) - "Password Security: A Case History " https://rist.tech.cornell.edu/6431papers/MorrisThompson1979.pdf Oui Morris et Thompson recommandait déjà le MFA (*OTP) mais l’interprétation fut sur le "password"... ![](media/1452173707540144134-FCcnm71WUAIsGhs.png) + +(Originally on Twitter: [Sun Oct 24 07:22:46 +0000 2021](https://twitter.com/adulau/status/1452173707540144134)) +---- +@matrixdotorg What's the privacy impact of the permanent connection to "http://scalar-staging.riot.im" in Element desktop ? I thought when connecting to a private matrix server, no complementary TLS handshakes were made from the client. Can this be disabled? ![](media/1452376416763457551-FCfgEWsX0AY-x8W.jpg) + +(Originally on Twitter: [Sun Oct 24 20:48:16 +0000 2021](https://twitter.com/adulau/status/1452376416763457551)) +---- +@matrixdotorg Thanks for the feedback. Strange as the connection seems permanent. Or is there an additional service using the same IPv6 address? + +(Originally on Twitter: [Mon Oct 25 05:11:27 +0000 2021](https://twitter.com/adulau/status/1452503049658896389)) +---- +@Benjojo12 @CogentCo @henet It’s time for @CogentCo to do something about it. + + +media/1452676954369449988-FCjx_HfXEAcxj-A.mp4 + +(Originally on Twitter: [Mon Oct 25 16:42:30 +0000 2021](https://twitter.com/adulau/status/1452676954369449988)) +---- +For my french speaking followers, « on ne dit plus j’ai loupé une réunion » mais « j’ai détemporalisé mon agenda » + +(Originally on Twitter: [Mon Oct 25 18:08:16 +0000 2021](https://twitter.com/adulau/status/1452698538777919488)) +---- +"Multi Layer Archive - A pure rust encrypted and compressed archive file format" another impressive stuff from @ANSSI_FR - seekable encrypted archive files. I hope more implementations in different languages will appear using the same format. +https://github.com/ANSSI-FR/MLA + +(Originally on Twitter: [Tue Oct 26 07:46:29 +0000 2021](https://twitter.com/adulau/status/1452904452868935680)) +---- +@clevybencheton I just pick one « data science model signatures » and started to wonder what we are talking about. Gartner is again creating a newspeak to sell their glossy paper co-sponsored by vendors who try to sell the old as new. + +(Originally on Twitter: [Wed Oct 27 19:16:12 +0000 2021](https://twitter.com/adulau/status/1453440412178395136)) +---- +@FredLB @clevybencheton That’s the point. You were able to increase capabilities in your team without relying on vendors. My fear is that piece instead of supporting team to improve autonomy, build their own tools and using open source, it’s misused to support sales pitch. + +(Originally on Twitter: [Thu Oct 28 04:38:23 +0000 2021](https://twitter.com/adulau/status/1453581889080602630)) +---- +As some people were asking ;-) and yes the incredible @fluxfingers team https://ctftime.org/event/1452 - https://flu.xxx/ is organizing a @hack_lu 2021 online #CTF. Don't forget to register. + +Fri, 29 Oct. 2021, 18:00 UTC — Sun, 31 Oct. 2021, 18:00 UTC + +(Originally on Twitter: [Thu Oct 28 13:59:40 +0000 2021](https://twitter.com/adulau/status/1453723141289562136)) +---- +@remi_laurent @cyb3rops "dig +short -t TXT http://32698bd1d3a0ff6cf441770d1b2b816285068d19.dns.hashlookup.circl.lu | jq -r . | jq ." works - NSRL is there and also many distributions. ![](media/1453748482062303232-FCzAWaFWEAU1Ws0.jpg) + +(Originally on Twitter: [Thu Oct 28 15:40:22 +0000 2021](https://twitter.com/adulau/status/1453748482062303232)) +---- +@JeroenPinoy Congrats! + +(Originally on Twitter: [Thu Oct 28 15:55:06 +0000 2021](https://twitter.com/adulau/status/1453752189378338821)) +---- +Maybe I should use this signature for some @github issue “The art of reading is just an old ancient technique which was not transmitted to our humanity.” + + +media/1453968588604198916-FC2IuFeVIAgeIX3.mp4 + +(Originally on Twitter: [Fri Oct 29 06:14:59 +0000 2021](https://twitter.com/adulau/status/1453968588604198916)) +---- +RT @fluxfingers: Less than 24h until Hacklu CTF 2021 and the registration is now open! Sign up at https://flu.xxx/ to become the bes… + +(Originally on Twitter: [Fri Oct 29 06:18:05 +0000 2021](https://twitter.com/adulau/status/1453969370208563209)) +---- +@Iglocska @github sub nuclear + + +media/1453969982203723778-FC2J_LgUcAoYfYy.mp4 + +(Originally on Twitter: [Fri Oct 29 06:20:31 +0000 2021](https://twitter.com/adulau/status/1453969982203723778)) +---- +RT @cudeso: @adulau @github Reading is not part of a Gartner Qd + +(Originally on Twitter: [Fri Oct 29 06:21:39 +0000 2021](https://twitter.com/adulau/status/1453970265830920193)) +---- +@grumpy4n6 pip issues are a kind of worm hole in the time and space continuum. + +(Originally on Twitter: [Fri Oct 29 15:53:54 +0000 2021](https://twitter.com/adulau/status/1454114277632233472)) +---- +@digihash @gallypette @0xrawsec You are right. WHIDS has a great potential to become the open source #EDR solution. + +(Originally on Twitter: [Sat Oct 30 09:22:43 +0000 2021](https://twitter.com/adulau/status/1454378218706853891)) +---- +RT @fluxfingers: Hacklu CTF 2021 is now live at https://flu.xxx! Markets are open, stonks must go up! #CTF #Hack_lu https://t.co/ak… + +(Originally on Twitter: [Sat Oct 30 11:19:27 +0000 2021](https://twitter.com/adulau/status/1454407598770434054)) +---- +RT @alexanderjaeger: I had multiple conversations with @joachimmetz around EVTX and things I was assuming. He wrote an article on common mi… + +(Originally on Twitter: [Sat Oct 30 14:11:48 +0000 2021](https://twitter.com/adulau/status/1454450972638519299)) +---- +RT @fluxfingers: The @hack_lu CTF 2021 has now concluded. Congratulations to everyone who solved something! The top 3 teams are: + +1. organi… + +(Originally on Twitter: [Sun Oct 31 18:57:47 +0000 2021](https://twitter.com/adulau/status/1454885328687357956)) +---- +RT @mrd0x: Today I've launched https://malapi.io. I've been analyzing malware source code that utilizes WinAPIs and have been categor… + +(Originally on Twitter: [Mon Nov 01 08:08:18 +0000 2021](https://twitter.com/adulau/status/1455084269643124737)) +---- +@H_Miser Yeah ! Félicitations ! + +(Originally on Twitter: [Mon Nov 01 12:52:32 +0000 2021](https://twitter.com/adulau/status/1455155797286170632)) +---- +RT @FDezeure: The presentations from the 8th EU ATT&CK Community Workshop are online now: https://attack-community.org/event/. @MITREattack @circl_lu @… + +(Originally on Twitter: [Mon Nov 01 14:49:06 +0000 2021](https://twitter.com/adulau/status/1455185132990701574)) +---- +And now everyone is running grep -r -e $'\u202a' -e $'\u202b' -e $'\u202d' -e $'\u202e' -e $'\u2066' -e $'\u2067' -e $'\u2068' -e $'\u202c' -e $'\u2069' on their code repositories + +(Originally on Twitter: [Mon Nov 01 14:51:24 +0000 2021](https://twitter.com/adulau/status/1455185712781971457)) +---- +@mjasay Is there a maintained fork with the original open source license? + +(Originally on Twitter: [Mon Nov 01 16:48:20 +0000 2021](https://twitter.com/adulau/status/1455215139825885186)) +---- +@GunstickULM Check this paper https://trojansource.codes/trojan-source.pdf and enjoy the pleasure of Unicode + +(Originally on Twitter: [Mon Nov 01 18:32:04 +0000 2021](https://twitter.com/adulau/status/1455241245220016136)) +---- +@Aristot73 Core War + +(Originally on Twitter: [Wed Nov 03 19:54:20 +0000 2021](https://twitter.com/adulau/status/1455986724463595524)) +---- +RT @UYBHYS: [fr] #UYBHYS Talk +Samedi 13 nov + +> HashLookup API +par @adulau +#Malware #CERT #SOC + +https://www.unlockyourbrain.bzh/2021/10/28/hashlookup-api/ https://t.co/iWxX2h… + +(Originally on Twitter: [Sat Nov 06 15:41:04 +0000 2021](https://twitter.com/adulau/status/1457010152318640139)) +---- +Next week, I'll be at @UYBHYS to talk on how to improve and speed-up #DFIR with @circl_lu hashlookup open service and what's next about known file filters in digital forensic. See you there! + +https://twitter.com/UYBHYS/status/1457006641308737536 + +(Originally on Twitter: [Sat Nov 06 15:46:05 +0000 2021](https://twitter.com/adulau/status/1457011412333744129)) +---- +@kaepora Welcome to Europe! It's great to have you on board. + +(Originally on Twitter: [Sat Nov 06 15:49:57 +0000 2021](https://twitter.com/adulau/status/1457012386771181568)) +---- +Just to tell you the state of the so-called VPN providers. You find a compromised Linux box, start to find that the box is obviously “managed” by a VPN provider and then you discover that the majority of their boxes are compromised left and right. Just don’t buy VPN services. + +(Originally on Twitter: [Mon Nov 08 07:10:59 +0000 2021](https://twitter.com/adulau/status/1457606559266217986)) +---- +The CERT Polska team, Przemysław Jaroszewski, had been forced to quit his job. Firing competent people due to personal political view is a way to shoot oneself in the foot. + +Official text in polish : https://cert.pl/posts/2021/11/list-otwarty/ + +(Originally on Twitter: [Mon Nov 08 16:23:05 +0000 2021](https://twitter.com/adulau/status/1457745501810565120)) +---- +@AgriSkippy Par rapport à une prairie de fauche, c’est plutôt le contraire… + +(Originally on Twitter: [Mon Nov 08 20:21:29 +0000 2021](https://twitter.com/adulau/status/1457805496153423880)) +---- +RT @paulvixie: 41 years after dropping out of high school, i am finally unemployed. +https://www.farsightsecurity.com/blog/long-view/end-of-the-beginning-20211109/ + +(Originally on Twitter: [Tue Nov 09 21:07:50 +0000 2021](https://twitter.com/adulau/status/1458179547191468043)) +---- +@paulvixie Congratulation! You are one of the key people who helped many of us to make their own path and become autonomous. 🙏 + +(Originally on Twitter: [Tue Nov 09 21:09:58 +0000 2021](https://twitter.com/adulau/status/1458180085039697921)) +---- +RT @xluccianox: wrote my first nmap script for GitLab version detection, shows CVEs list and automatically updates the versions dict everyd… + +(Originally on Twitter: [Wed Nov 10 10:56:20 +0000 2021](https://twitter.com/adulau/status/1458388044755656712)) +---- +@ChaosD0c @circl_lu Sure. We will let you know soon via email ;-) This sounds promising. + +(Originally on Twitter: [Wed Nov 10 13:23:55 +0000 2021](https://twitter.com/adulau/status/1458425186609467396)) +---- +Organisations talking about « XDR » and having unpatched Microsoft Exchange servers in the wild internet have clearly an obscure and atypical way of doing risk assessment. + +(Originally on Twitter: [Wed Nov 10 18:10:34 +0000 2021](https://twitter.com/adulau/status/1458497326981451784)) +---- +@belathoud We hope the domino effect won’t be a reality during the next weeks. + +(Originally on Twitter: [Wed Nov 10 19:52:29 +0000 2021](https://twitter.com/adulau/status/1458522971270692865)) +---- +@cudeso Is it me or panels are the worst experience for speakers and the audience? + +(Originally on Twitter: [Sat Nov 13 09:11:17 +0000 2021](https://twitter.com/adulau/status/1459448774091329539)) +---- +An interesting TPM SPI extractor relying on @sigrokproject done by @luigifrag https://github.com/giggi0x00/Sigrok_TPM_SPI_Extractor (presented at @UYBHYS) + +(Originally on Twitter: [Sat Nov 13 09:42:45 +0000 2021](https://twitter.com/adulau/status/1459456693872513028)) +---- +RT @Herve_Schauer: A #UYBHYS Inforensique @adulau «acquisition disque = 150k fichiers» pour distinguer le connu, @circl_lu «génère 1 milli… + +(Originally on Twitter: [Sat Nov 13 14:50:49 +0000 2021](https://twitter.com/adulau/status/1459534219248611330)) +---- +RT @UYBHYS: Toujours didactique et inspirant : +> Présentation de HashLookup API par @adulau #UYBHYS cc @circl_lu + +https://www.unlockyourbrain.bzh/2021/10/28/hashlookup-api/… + +(Originally on Twitter: [Sat Nov 13 14:51:35 +0000 2021](https://twitter.com/adulau/status/1459534412404740101)) +---- +@Sebdraven @FLesueur Il me semble que le bashing PGP est une vieille rengaine mais souvent il y a un manque de lecture des evolutions de la norme OpenPGP et des nouvelles librairies OpenPGP + +(Originally on Twitter: [Mon Nov 15 07:51:15 +0000 2021](https://twitter.com/adulau/status/1460153407264673797)) +---- +@FLesueur @Sebdraven Je suis assez d’accord pour l’UX (mais je peux aussi dire la même chose avec la verification dans matrix/element ;-). Par contre pour les serveurs, hockeypuck fonctionne assez bien et limite la casse avec les abus. https://hockeypuck.io/ + +(Originally on Twitter: [Mon Nov 15 08:12:02 +0000 2021](https://twitter.com/adulau/status/1460158639059214344)) +---- +@HowellONeill The full article https://archive.md/DAKwH + +(Originally on Twitter: [Mon Nov 15 14:21:39 +0000 2021](https://twitter.com/adulau/status/1460251654469603329)) +---- +@J0hnnyXm4s @grimmcyber Sounds great! Can I ask how you deal with the taxes? You do a declaration in each country you are in? + +(Originally on Twitter: [Mon Nov 15 17:04:34 +0000 2021](https://twitter.com/adulau/status/1460292654906892290)) +---- +@vloquet @Herve_Schauer @circl_lu @MISPProject @TheHive_Project @ietf @UYBHYS Breaking hashes. ROFL. + + +media/1460309483440197638-FEQPuzVXEAAju6_.mp4 + +(Originally on Twitter: [Mon Nov 15 18:11:26 +0000 2021](https://twitter.com/adulau/status/1460309483440197638)) +---- +@CynicLib @cyb3rops L'école où travaille Monsieur @Sebdraven me semble une bonne piste. + +(Originally on Twitter: [Tue Nov 16 09:19:46 +0000 2021](https://twitter.com/adulau/status/1460538073834561536)) +---- +"...to reduce the size of the IPv4 local loopback network ("localnet") from /8 to /16, freeing up over 16 million IPv4 addresses for other possible uses." + +https://www.ietf.org/id/draft-schoen-intarea-unicast-127-00.html + +The lucky folks who get the remaining part will get the most interesting network telescope... + + +media/1460858625539325955-FEYDK0ZWYBQnnzD.mp4 + +(Originally on Twitter: [Wed Nov 17 06:33:32 +0000 2021](https://twitter.com/adulau/status/1460858625539325955)) +---- +The bureaucracy to access a @EuroHPC_JU @EuroHpc should be simplified to a simple process to accept an organisation based on @github or alike and being able CI jobs from public repositories. It will help open source projects and open research. + +https://eurohpc-ju.europa.eu/news/access-eurohpc-supercomputers-now-open + +(Originally on Twitter: [Wed Nov 17 07:46:11 +0000 2021](https://twitter.com/adulau/status/1460876908657356802)) +---- +@patrikryann @MISPProject @Sebdraven @ANSSI_FR PR are kindly accepted ;-) + +(Originally on Twitter: [Wed Nov 17 17:47:11 +0000 2021](https://twitter.com/adulau/status/1461028155926495246)) +---- +@jaysonstreet Perfect! + + +media/1461082965686067205-FEbPNXdXEAg2IA6.mp4 + +(Originally on Twitter: [Wed Nov 17 21:24:59 +0000 2021](https://twitter.com/adulau/status/1461082965686067205)) +---- +RT @circl_lu: Finding the right version of @Microsoft exchange server while scanning can be difficult, our colleague @righelx did a @nmap N… + +(Originally on Twitter: [Fri Nov 19 16:15:06 +0000 2021](https://twitter.com/adulau/status/1461729758409019400)) +---- +Just published an update of the hashlookup Internet-Draft to include the new meta-fields available in the hashlookup standard used on http://hashlookup.circl.lu + +📑https://datatracker.ietf.org/doc/draft-dulaunoy-hashlookup-format/02/ + +Thanks for the feedback/ideas after the @UYBHYS talk. + +Slides 📖-> https://github.com/hashlookup/hashlookup-format/blob/main/slides/2021-Unlock-Your-Brain/main.pdf + +(Originally on Twitter: [Sun Nov 21 16:04:54 +0000 2021](https://twitter.com/adulau/status/1462451968383889414)) +---- +@digihash @uuallan I see a pattern in the field. + +(Originally on Twitter: [Sun Nov 21 21:22:10 +0000 2021](https://twitter.com/adulau/status/1462531810559238145)) +---- +RT @nolimitsecu: #Podcast #Cybersécurité + +Épisode #343 consacré au MITRE ATT&CK, avec @adulau + +https://www.nolimitsecu.fr/mitre-attck/ + +(Originally on Twitter: [Mon Nov 22 07:59:24 +0000 2021](https://twitter.com/adulau/status/1462692172357062664)) +---- +Recently seeing the mess with some proprietary software vendors to get their software fixed, a git clone approach and a manual security fix sounds like a reasonable approach nowadays in the open source world. + +(Originally on Twitter: [Mon Nov 22 19:21:45 +0000 2021](https://twitter.com/adulau/status/1462863891566845961)) +---- +RT @ACSAC_Conf: Our next #ACSAC2021 #paper #preview looks at Cyber Threat Intelligence sharing platforms. The mixed-methods investigation o… + +(Originally on Twitter: [Tue Nov 23 16:22:19 +0000 2021](https://twitter.com/adulau/status/1463181126671941637)) +---- +@clevybencheton PGP sucks less when your file exchange portal is pwned and all the files are encrypted at rest in OpenPGP ;-) + +(Originally on Twitter: [Wed Nov 24 17:15:25 +0000 2021](https://twitter.com/adulau/status/1463556877489516555)) +---- +RT @ThreatFabric: D'oh! #Cabassous/#Flubot now using DNS-over-HTTPS-tunneling to communicate with C2 in #Voicemail campaign! DoH-tunneling… + +(Originally on Twitter: [Thu Nov 25 09:05:49 +0000 2021](https://twitter.com/adulau/status/1463796050108600325)) +---- +RT @circl_lu: We imported 1.6 millions of Windows 10 hashes including some common software such as WinRAR,Putty in hashlookup. #DFIR + +htt… + +(Originally on Twitter: [Thu Nov 25 14:33:37 +0000 2021](https://twitter.com/adulau/status/1463878545747423248)) +---- +@belathoud C’est une belle découverte. Je me souviens de l’histoire des cameras Zorki mais je me demande le modèle entre ses mains… + +(Originally on Twitter: [Thu Nov 25 20:38:55 +0000 2021](https://twitter.com/adulau/status/1463970478066913283)) +---- +@digihash It’s a very common problem for many teams especially the initial collection and pre-classification/indexing challenge. We were thinking of building a very specific piece of open source software to later feed structured data in @MISPProject and similar tools. + +(Originally on Twitter: [Thu Nov 25 21:51:21 +0000 2021](https://twitter.com/adulau/status/1463988704482144267)) +---- +@Aristot73 @digihash @MISPProject This is one part of the issue. + +But the other side is more helping analysts to keep track of what has been done and what’s need to be processed with the constant streams of unstructured intelligence. + +(Originally on Twitter: [Thu Nov 25 22:10:30 +0000 2021](https://twitter.com/adulau/status/1463993523733245965)) +---- +Diversity in open source software is the only way to ensure stability and sustainability. Don’t listen to people telling you that we don’t need overlapping and competing software. Stable ecosystems are made of diversity. + +(Originally on Twitter: [Sat Nov 27 20:55:27 +0000 2021](https://twitter.com/adulau/status/1464699412706471938)) +---- +@digihash A good opportunity to take a book from a huge stack of unread books. @_saadk + +(Originally on Twitter: [Sat Nov 27 21:08:23 +0000 2021](https://twitter.com/adulau/status/1464702668765634570)) +---- +@alexanderjaeger @gitlab Indeed or even running a @giteaio with a mirror of all the repositories. It’s also nice for users having ITAR restrictions and cannot use @github + +(Originally on Twitter: [Sat Nov 27 21:21:59 +0000 2021](https://twitter.com/adulau/status/1464706089233043465)) +---- +@lukOlejnik As long you document/record your processing activities, a lot of things are allowed ;-) + +(Originally on Twitter: [Mon Nov 29 14:24:13 +0000 2021](https://twitter.com/adulau/status/1465325730741555201)) +---- +@ldelavaissiere @newsoft https://www.circl.lu/pub/tr-53/ Je dois avouer que je ne comprends toujours l’application du RGPD sur les entrées whois. C’est comme un registre des entreprises, c’est une information critique pour les utilisateurs pour connaître le détenteur d’un domaine. + +(Originally on Twitter: [Mon Nov 29 19:53:46 +0000 2021](https://twitter.com/adulau/status/1465408663791837191)) +---- +@ldelavaissiere @newsoft En effet et les solutions proposées en passant par des requêtes « LE » ne sont pas réalistes. Depuis l’application, les phishing sont plus difficiles à retirer car on ne plus facilement automatiser en contactant les propriétaires des domaines infectés. + +(Originally on Twitter: [Mon Nov 29 19:58:29 +0000 2021](https://twitter.com/adulau/status/1465409850712674317)) +---- +We are looking for official firmware repositories for @circl_lu http://hashlookup.circl.lu - if you know some, feel free to reply or send me a DM. Thanks a lot. The results will be accessible to everyone via the API. #dfir + +(Originally on Twitter: [Tue Nov 30 09:24:36 +0000 2021](https://twitter.com/adulau/status/1465612716584878082)) +---- +@TwitterSafety So it means you are excluding street photography from Twitter ? That’s really a bad move. + +(Originally on Twitter: [Tue Nov 30 18:04:18 +0000 2021](https://twitter.com/adulau/status/1465743503552565253)) +---- +@Iglocska I see the programmer in her. Following a linked list until the null byte ;-) + +(Originally on Twitter: [Wed Dec 01 20:06:47 +0000 2021](https://twitter.com/adulau/status/1466136718663421960)) +---- +The scale of the trust level is between 0 and 100. 50 means that we don't have any opinion on the file. If it's below 50, we have less trust in the legitimacy of the file. If it's above 50, it appears in multiple sources and have an improved trust. Feedback is more welcome! + +(Originally on Twitter: [Thu Dec 02 10:59:23 +0000 2021](https://twitter.com/adulau/status/1466361348070199300)) +---- +After digging a bit more in the black-hole of files being present in various sources including legitimate and potentially malicious sources. We added a hashlookup:trust level when querying @circl_lu http://hashlookup.circl.lu service. It helps to decide how we trust the file. #DFIR ![](media/1466361345838927874-FFlrypMXoAEx9h4.jpg) + +(Originally on Twitter: [Thu Dec 02 10:59:23 +0000 2021](https://twitter.com/adulau/status/1466361345838927874)) +---- +RT @ail_project: AIL Framework version 4.0 released with a new synchronisation feature, tracker webhook improvement and many bugs fixed. #t… + +(Originally on Twitter: [Thu Dec 02 15:24:06 +0000 2021](https://twitter.com/adulau/status/1466427966745980932)) +---- +Looking at how weak our critical infrastructures (such as hospitals) are in front of a virus or a ransomware group, can you imagine the situation in case of a nuclear incident or a virus with a higher rate of mortality… + +(Originally on Twitter: [Thu Dec 02 16:23:28 +0000 2021](https://twitter.com/adulau/status/1466442904390582279)) +---- +@MatthiasStrubel you can use cve-search in two steps: + +- Use the cpe guesser from the package name; +- Then query the cpe in cve-search directly. + +https://github.com/cve-search/cpe-guesser + +https://github.com/cve-search/ + +(Originally on Twitter: [Thu Dec 02 16:25:39 +0000 2021](https://twitter.com/adulau/status/1466443454389571589)) +---- +@gbozic Yes it's a standard way in the intelligence community. In the DNI/CIA standards of estimative language https://www.misp-project.org/taxonomies.html#_estimative_language or admiralty scale https://www.misp-project.org/taxonomies.html#_admiralty_scale where 50 is often "cannot be judged". We wanted to use this for integration with decaying in @MISPProject too. + +(Originally on Twitter: [Fri Dec 03 10:20:20 +0000 2021](https://twitter.com/adulau/status/1466713906169192449)) +---- +RT @json_dirs: Of course Elsevier's "enhanced pdf viewer" tracks where you click, view, if you hide the page, etc. and then transmits a big… + +(Originally on Twitter: [Sun Dec 05 09:57:56 +0000 2021](https://twitter.com/adulau/status/1467433047477956608)) +---- +@tuxpanik @abuse_ch Indeed, I'll add the @MISPProject warning-list in the info of hashlookup records. Empty files are quite common in many software packages, you can also check many indicators showing that the file is empty in hashlookup. + +https://hashlookup.circl.lu/lookup/sha256/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 ![](media/1467519594067861509-FF2tAFWWUAIA0jD.jpg) + +(Originally on Twitter: [Sun Dec 05 15:41:51 +0000 2021](https://twitter.com/adulau/status/1467519594067861509)) +---- +RT @Gephi: The Gephi code sustainability retreat 2021 ended last week, and it was great for the project. + +For a summary of what we've done,… + +(Originally on Twitter: [Tue Dec 07 06:37:21 +0000 2021](https://twitter.com/adulau/status/1468107345549012996)) +---- +RT @0xrawsec: The best new thing of this new WHIDS beta release is probably the full OpenAPI documentation: +https://petstore.swagger.io/?url=https://raw.githubusercontent.com/0xrawsec/whids/v1.8.0.beta.5/doc/admin.openapi.json +If you… + +(Originally on Twitter: [Wed Dec 08 06:50:00 +0000 2021](https://twitter.com/adulau/status/1468472915205279746)) +---- +Listening to lawyers who think that contract changes by a customer in an off-the-shelf software can improve the security of the software. Such legal changes rarely percolate to the software dev process. + + +media/1468515793755381762-FGE3SzFWYAAR6ac.mp4 + +(Originally on Twitter: [Wed Dec 08 09:40:23 +0000 2021](https://twitter.com/adulau/status/1468515793755381762)) +---- +If you rely on the Alexa top website list, you might have some surprises. https://support.alexa.com/hc/en-us/articles/4410503838999-We-will-be-retiring-Alexa-com-on-May-1-2022 + +In @MISPProject warning lists we still have Cisco Umbrella top list and Tranco. + +https://github.com/MISP/misp-warninglists + +If you know other lists, let us know. + +(Originally on Twitter: [Thu Dec 09 17:12:43 +0000 2021](https://twitter.com/adulau/status/1468992015375507459)) +---- +RT @courtneyelta: To learn more about the nature and characteristics of open source toxicity and more check out the paper! Preprint: https:… + +(Originally on Twitter: [Thu Dec 09 19:46:26 +0000 2021](https://twitter.com/adulau/status/1469030697834852356)) +---- +RT @circl_lu: "Graphoscope is a solution to access multiple independent data sources from a common UI and show data relations as a graph"… + +(Originally on Twitter: [Fri Dec 10 14:58:43 +0000 2021](https://twitter.com/adulau/status/1469320682223943689)) +---- +RT @circl_lu: Don't underestimate the attack surface of the Remote code injection in Log4j . + +Just checking @github dependencies it's alrea… + +(Originally on Twitter: [Fri Dec 10 16:40:17 +0000 2021](https://twitter.com/adulau/status/1469346239410057220)) +---- +RT @yazicivo: Log4j maintainers have been working sleeplessly on mitigation measures; fixes, docs, CVE, replies to inquiries, etc. Yet noth… + +(Originally on Twitter: [Sat Dec 11 07:05:05 +0000 2021](https://twitter.com/adulau/status/1469563873388810241)) +---- +@martijn_grooten no one is an island + +(Originally on Twitter: [Sat Dec 11 07:16:33 +0000 2021](https://twitter.com/adulau/status/1469566760806400006)) +---- +@Sebdraven @nadouani @ValeryMarchive @aegir_fr Il y a une vraie question. Le logiciel libre est la base de nos économies. C’est le catalyseur de plusieurs industries numériques mais cela reste sous financé. Le privé et le public oublient son importance. + +(Originally on Twitter: [Sat Dec 11 19:11:49 +0000 2021](https://twitter.com/adulau/status/1469746762411913224)) +---- +@ValeryMarchive @Sebdraven @nadouani @aegir_fr Je vois un parallèle sur le(s) financement(s) des "Black start" dans un grid. https://en.wikipedia.org/wiki/Black_start ;-) + +(Originally on Twitter: [Sat Dec 11 20:17:13 +0000 2021](https://twitter.com/adulau/status/1469763222072930318)) +---- +RT @markus_neis: Payloads which get dropped in current #log4j exploitation are not only miners an old friend is popping up once again #Muhs… + +(Originally on Twitter: [Sat Dec 11 21:29:59 +0000 2021](https://twitter.com/adulau/status/1469781535738167296)) +---- +By the way, the majority of links are now giving 404 especially the old links from Sun Microsystems. At the end the #log4j is just showing how bad the full industry is in documenting, tracking vulnerabilities and responding to it. + +(Originally on Twitter: [Sun Dec 12 09:00:50 +0000 2021](https://twitter.com/adulau/status/1469955393417879554)) +---- +While doing text analysis on @cve_search I was always annoyed by "Unspecified vulnerability"used by @Oracle as a CNA. With CVE-2009-1094, this take a complete different dimension. Until we have documented database of vulnerabilities, we cannot improve. + +https://cvepremium.circl.lu/cve/CVE-2009-1094 + +(Originally on Twitter: [Sun Dec 12 09:00:50 +0000 2021](https://twitter.com/adulau/status/1469955390414729216)) +---- +Looking at my old analysis done 2013, it's around 15K+ mentioned of "unspecified" in the CVE description. ![](media/1469959657049538561-FGZXu10WQAIA9Zg.png) + +(Originally on Twitter: [Sun Dec 12 09:17:47 +0000 2021](https://twitter.com/adulau/status/1469959657049538561)) +---- +@GossiTheDog Don't forget Oracle forgetting to document a similar vulnerability in 2009 https://twitter.com/adulau/status/1469955390414729216 ;-) + +(Originally on Twitter: [Sun Dec 12 09:24:24 +0000 2021](https://twitter.com/adulau/status/1469961320468553728)) +---- +RT @entropyqueen_: Another hit from 45.155.205[.]233 + +Tries to exploit #log4shell using GET requests and 2 HTTP Headers, with various bypas… + +(Originally on Twitter: [Sun Dec 12 09:27:50 +0000 2021](https://twitter.com/adulau/status/1469962187976450052)) +---- +RT @metalookup: A new dynamic network graph view is now available to have an overview of parents and children from the hash queries. An ea… + +(Originally on Twitter: [Sun Dec 12 11:17:04 +0000 2021](https://twitter.com/adulau/status/1469989675171467267)) +---- +"This repository intends to simplify access to and synchronization of Malpedia's automatically generated, code-based YARA rules." Thanks again @malpedia @push_pnx for your work. + +https://github.com/malpedia/signator-rules + +(Originally on Twitter: [Sun Dec 12 13:22:23 +0000 2021](https://twitter.com/adulau/status/1470021213422592003)) +---- +RT @MISPProject: We received multiple requests asking if MISP is vulnerable to #Log4Shell . It's not vulnerable as we don't use Java and do… + +(Originally on Twitter: [Sun Dec 12 15:26:34 +0000 2021](https://twitter.com/adulau/status/1470052466427416581)) +---- +@H_Miser 😘 + +(Originally on Twitter: [Sun Dec 12 20:41:45 +0000 2021](https://twitter.com/adulau/status/1470131783576563717)) +---- +@dawiddczarnecki It’s maybe the visualisation library which is truncating the word. + +(Originally on Twitter: [Sun Dec 12 20:55:06 +0000 2021](https://twitter.com/adulau/status/1470135144870821889)) +---- +@dawiddczarnecki @cve_search @Oracle Avoiding confusion or unclear stuff. If you allocate a CVE saying « unspecified vulnerability », it sounds awkward especially if you just fix something unspecified ;-) + +(Originally on Twitter: [Sun Dec 12 21:02:36 +0000 2021](https://twitter.com/adulau/status/1470137030050865157)) +---- +@CycloneDX_Spec Why did you deprecrate the CPE field in the standard? Is there another way to express it? ![](media/1470276951738929156-FGd43EaXsAU_Nnv.jpg) + +(Originally on Twitter: [Mon Dec 13 06:18:36 +0000 2021](https://twitter.com/adulau/status/1470276951738929156)) +---- +@stevespringett @CycloneDX_Spec The official NVD (screenshot below is 2021 JSON dump) only includes CPE version 2.3. I haven't seen any SWID mapping in the past years for the NIST NVD database. ![](media/1470289709180018693-FGeD98NXIAIGsga.jpg) + +(Originally on Twitter: [Mon Dec 13 07:09:17 +0000 2021](https://twitter.com/adulau/status/1470289709180018693)) +---- +@stevespringett @CycloneDX_Spec I would recommend to keep CPE as it's an easy way to represent a software package without the need to do CBOR and ROLIE encoding. You can do easy guessing of CPE name from vendor and product name. + +https://github.com/cve-search/cpe-guesser + +(Originally on Twitter: [Mon Dec 13 07:14:47 +0000 2021](https://twitter.com/adulau/status/1470291092209905664)) +---- +@Iglocska @ancailliau @MISPProject @ancailliau Do you propose yourself to write a new Python library for fast-lookup using the misp-warninglists? ;-) + +(Originally on Twitter: [Mon Dec 13 07:52:23 +0000 2021](https://twitter.com/adulau/status/1470300555067199490)) +---- +@cudeso @CESIN_France @circl_lu Sure, the slide deck is available at the following location: https://www.foo.be/cesin-solarwinds-supply-chain-attack.pdf + +(Originally on Twitter: [Mon Dec 13 08:03:22 +0000 2021](https://twitter.com/adulau/status/1470303319339982850)) +---- +@Sebdraven Après quelques discussions avec des core développeurs et vendeurs sur plusieurs projets durant cette superbe journée, ils découvrent des dépendances cachées. Alors comment imaginer qu’une entreprise utilisant ces logiciels puisse faire un inventaire des deps logicielles. + +(Originally on Twitter: [Mon Dec 13 17:07:12 +0000 2021](https://twitter.com/adulau/status/1470440175956340742)) +---- +@tenzir_company @OpenCyberAllnc Congrats! Vast is an incredible piece of open source software. + +(Originally on Twitter: [Mon Dec 13 18:24:34 +0000 2021](https://twitter.com/adulau/status/1470459648801132545)) +---- +RT @stevespringett: @adulau @CycloneDX_Spec Thanks for reminding us about this. We’re tracking this change and expect to clarify the CPE do… + +(Originally on Twitter: [Tue Dec 14 05:53:05 +0000 2021](https://twitter.com/adulau/status/1470632918313754624)) +---- +@stevespringett @CycloneDX_Spec Thanks a lot, this is great. We will work on the integration of hashlookup with CycloneDX https://www.circl.lu/services/hashlookup/ + +(Originally on Twitter: [Tue Dec 14 05:55:41 +0000 2021](https://twitter.com/adulau/status/1470633572935647232)) +---- +RT @circl_lu: Updated TR-65 recommendations for #log4j vulnerability. We now recommend to update to log4j version 2.16.0 (not only 2.15.0)… + +(Originally on Twitter: [Tue Dec 14 09:05:35 +0000 2021](https://twitter.com/adulau/status/1470681362885718023)) +---- +RT @0gtweet: We know NTFS can store invaluable #DFIR data in the USN Journal. But how long records stay there? You can check it with a simp… + +(Originally on Twitter: [Tue Dec 14 12:57:07 +0000 2021](https://twitter.com/adulau/status/1470739628709892116)) +---- +Just released hashlookup-forensic-analyser version 0.5 with support for bloom filter lookup (to avoid online check against @circl_lu hashlookup) and a caching functionality. #DFIR #digitalforensic #opensource + +https://github.com/hashlookup/hashlookup-forensic-analyser/releases/tag/v0.5 + + +media/1470745745246597120-FGkjb6vXsAEMV_J.mp4 + +(Originally on Twitter: [Tue Dec 14 13:21:25 +0000 2021](https://twitter.com/adulau/status/1470745745246597120)) +---- +WAF vendors try to promote their black box to CSIRTs while incidents are ongoing. It's like a real estate agent giving business card during a burial. + +(Originally on Twitter: [Tue Dec 14 13:38:07 +0000 2021](https://twitter.com/adulau/status/1470749949499518982)) +---- +RT @r00tbsd: Our blog post about owowa, a malicious IIS extension deployed on Exchange servers is online on @Securelist: https://t.co/VjFAW… + +(Originally on Twitter: [Tue Dec 14 13:40:13 +0000 2021](https://twitter.com/adulau/status/1470750478359314433)) +---- +@matte_lodi @circl_lu @intel_owl Thank you! We are working on it. The hashlookup bloom filter from @circl_lu will be announced soon on the official web page. This integration was the first test. The other application will follow. + +(Originally on Twitter: [Tue Dec 14 13:42:23 +0000 2021](https://twitter.com/adulau/status/1470751021546749958)) +---- +RT @RichmondRatche1: @adulau @hacks4pancakes A rare three-fer! ![](media/1470843862411317251-FGl8JkHX0AQ7xLa.jpg) + +(Originally on Twitter: [Tue Dec 14 19:51:18 +0000 2021](https://twitter.com/adulau/status/1470843862411317251)) +---- +RT @UYBHYS: Retour sur la "Closing Party" @thalessecurity lors de la 6ème édition de #UYBHYS à #Brest. + +De nouveau Grand Merci à toutes le… + +(Originally on Twitter: [Wed Dec 15 12:47:39 +0000 2021](https://twitter.com/adulau/status/1471099637486522369)) +---- +RT @RolfRolles: While researching C++/STL reverse engineering, I collected a list every MSVC CRT version I could find on github: https://t.… + +(Originally on Twitter: [Thu Dec 16 06:44:02 +0000 2021](https://twitter.com/adulau/status/1471370514392395776)) +---- +@anton_chuvakin DLP software can also increase the exposure and the attack surface https://cvepremium.circl.lu/cve/CVE-2021-31844 + +(Originally on Twitter: [Thu Dec 16 19:28:23 +0000 2021](https://twitter.com/adulau/status/1471562870248939537)) +---- +@anton_chuvakin Exactly. So less software is better at the end.. and maybe less logging ;-))) + +(Originally on Twitter: [Thu Dec 16 19:40:05 +0000 2021](https://twitter.com/adulau/status/1471565815866667013)) +---- +@Sebdraven @anton_chuvakin Side channel detection using shadow logging ;-) + +(Originally on Twitter: [Thu Dec 16 20:10:43 +0000 2021](https://twitter.com/adulau/status/1471573523562962947)) +---- +@Vicen_Herrera Sure. I did it long time ago but the result is still available there http://www.foo.be/cve/ - using @cve_search as a source https://github.com/cve-search/cve-search - + +(Originally on Twitter: [Fri Dec 17 09:50:24 +0000 2021](https://twitter.com/adulau/status/1471779802843602945)) +---- +RT @circl_lu: "As we have an endless stream of vulnerabilities in Log4j & especially advanced logging libraries, we recommend to re-evaluat… + +(Originally on Twitter: [Fri Dec 17 13:48:13 +0000 2021](https://twitter.com/adulau/status/1471839654626406402)) +---- +@PrincipeDebase Cool. Heureusement qu'il existe des licences d'évaluation ;-) + +(Originally on Twitter: [Sat Dec 18 15:56:09 +0000 2021](https://twitter.com/adulau/status/1472234236941938689)) +---- +@eevee I know @Graphviz can be a pain sometime but this website saved me a lot of time https://dreampuf.github.io/GraphvizOnline/ + +(Originally on Twitter: [Mon Dec 20 06:08:51 +0000 2021](https://twitter.com/adulau/status/1472811214245879810)) +---- +Reading "Open Source Pwned Passwords with FBI Feed and 225M New NCA Passwords is Now Live!". I still wonder why public organisation like @NCA_UK share information with a single private organisation but don't provide an open dataset to all researchers... + +https://www.troyhunt.com/open-source-pwned-passwords-with-fbi-feed-and-225m-new-nca-passwords-is-now-live/ ![](media/1473208820512043008-FHHjnPgXIAQneaF.png) + +(Originally on Twitter: [Tue Dec 21 08:28:48 +0000 2021](https://twitter.com/adulau/status/1473208820512043008)) +---- +@bortzmeyer Oui du Mirai est (était) déployé via ce domaine. J'ai des hits le 11 décembre. + +(Originally on Twitter: [Tue Dec 21 11:29:48 +0000 2021](https://twitter.com/adulau/status/1473254369533566982)) +---- +RT @Aristot73: Submitted on 20 Dec 2021] + +An Investigation into Inconsistency of Software Vulnerability Severity across Data Sources +https:… + +(Originally on Twitter: [Tue Dec 21 14:59:18 +0000 2021](https://twitter.com/adulau/status/1473307093587353604)) +---- +@Aristot73 I was just reading it at the exact same time ;-) trying to figure out the biases in such table. The paper is good and there are also some more insight in the additional papers referenced. ![](media/1473308906252386314-FHI-mYzXEA0GlDY.jpg) + +(Originally on Twitter: [Tue Dec 21 15:06:30 +0000 2021](https://twitter.com/adulau/status/1473308906252386314)) +---- +@Aristot73 I cheated, I got the paper a bit earlier with my arxiv scrapper ;-) + +(Originally on Twitter: [Tue Dec 21 15:08:58 +0000 2021](https://twitter.com/adulau/status/1473309527210696704)) +---- +@kirbstr Calling universities and alumni associations to validate the existence of a LinkedIn account. + +(Originally on Twitter: [Tue Dec 21 15:28:14 +0000 2021](https://twitter.com/adulau/status/1473314373015904261)) +---- +RT @circl_lu: We added the ability to query hashlookup without online queries. A hashlookup Bloom filter is regularly published with all th… + +(Originally on Twitter: [Tue Dec 21 15:59:54 +0000 2021](https://twitter.com/adulau/status/1473322344684957697)) +---- +@belathoud @SWHeritage Good point! I was wondering if @SWHeritage is storing also the release (including binaries) from source code repositories or just the source code from the SCM. + +(Originally on Twitter: [Tue Dec 21 16:25:25 +0000 2021](https://twitter.com/adulau/status/1473328763974918153)) +---- +@SNCB Pourrait-on imaginer avoir des trains sur la ligne Namur-Luxembourg aujourd’hui ? ou c’est game over et vous recommandez de faire uniquement du télétravail ;-) + +(Originally on Twitter: [Wed Dec 22 06:46:50 +0000 2021](https://twitter.com/adulau/status/1473545548737228801)) +---- +@SNCB Bizarre parce que à Marbehan on patiente toujours ;-) ![](media/1473547812998635523-FHMXuQRXIAEQ9N8.jpg) + +(Originally on Twitter: [Wed Dec 22 06:55:50 +0000 2021](https://twitter.com/adulau/status/1473547812998635523)) +---- +@SNCB Je me demande toujours comment c’est possible d’avoir des informations incorrectes entre l’application et l’affichage en gare. ![](media/1473548770210201601-FHMYbzZX0AAnlI4.jpg) + +(Originally on Twitter: [Wed Dec 22 06:59:38 +0000 2021](https://twitter.com/adulau/status/1473548770210201601)) +---- +RT @MISPProject: What's new in MISP 2.4.152 release many improvements such as the timeline visualization to view pictures of each objects d… + +(Originally on Twitter: [Wed Dec 22 10:18:27 +0000 2021](https://twitter.com/adulau/status/1473598804389732357)) +---- +@Sebdraven Oui c’est dingue. On ferme les cinemas et la culture… par contre l’horeca est ouvert. Ce sont des décisions pour plaire à l'électorat du @MR_officiel … et non des décisions sanitaires. + +(Originally on Twitter: [Wed Dec 22 17:57:21 +0000 2021](https://twitter.com/adulau/status/1473714289513050114)) +---- +@Sebdraven Surtout que les cinémas font des investissements dans les système d’aérations et les règles sont super strictes. + +(Originally on Twitter: [Wed Dec 22 18:01:06 +0000 2021](https://twitter.com/adulau/status/1473715233105588225)) +---- +@Sebdraven Et bien entendu, les lieux de culte sont ouverts… + + +media/1473716188396113925-FHOxDsJXoAMlEMX.mp4 + +(Originally on Twitter: [Wed Dec 22 18:04:54 +0000 2021](https://twitter.com/adulau/status/1473716188396113925)) +---- +@ErrataRob There is a little secret in France. Alsace region does much better « Champagne » than Champagne region. Check « crémant ». It’s cheaper, better and there are even some organic ones. + +(Originally on Twitter: [Wed Dec 22 19:05:31 +0000 2021](https://twitter.com/adulau/status/1473731441896955907)) +---- +@quinnnorton There are many people in Luxembourg (having residence) but got their vaccination in the neighboring countries including student abroad. These are accounted in the other countries. + +(Originally on Twitter: [Wed Dec 22 19:08:21 +0000 2021](https://twitter.com/adulau/status/1473732156782518278)) +---- +@cyb3rops I have seen it for some threat intelligence platform vendors who use the names of some open source TIP ;-) + +(Originally on Twitter: [Thu Dec 23 07:20:18 +0000 2021](https://twitter.com/adulau/status/1473916356726865926)) +---- +@notshenetworks The cat always takes funky posture. ![](media/1473920188819070981-FHRp-o1XsAIP7o8.jpg) + +(Originally on Twitter: [Thu Dec 23 07:35:31 +0000 2021](https://twitter.com/adulau/status/1473920188819070981)) +---- +RT @circl_lu: We are working on improvements to the @d4_project BGP Ranking core open source software. + +CIRCL BGP Ranking now runs the cur… + +(Originally on Twitter: [Thu Dec 23 10:54:26 +0000 2021](https://twitter.com/adulau/status/1473970245849206784)) +---- +@cudeso The focus of the map is very Five Eyes interception capabilities. + +(Originally on Twitter: [Thu Dec 23 19:47:22 +0000 2021](https://twitter.com/adulau/status/1474104362813337606)) +---- +@Ko97551819 Hydroalcoholic gel is our savior + + +media/1474315423441207301-FHXSD0vXwBoLd8I.mp4 + +(Originally on Twitter: [Fri Dec 24 09:46:03 +0000 2021](https://twitter.com/adulau/status/1474315423441207301)) +---- +"Statistical Feature-based Personal Information Detection in Mobile Network Traffic" #privacy #dfir IMEI is the most common leak in traffic... and some insight about various Chinese apps. I hope the researchers report it to the national PoC before ;-) + +https://arxiv.org/abs/2112.12346 ![](media/1474317272177164291-FHXSxOLXwA8NcCO.png) + +(Originally on Twitter: [Fri Dec 24 09:53:23 +0000 2021](https://twitter.com/adulau/status/1474317272177164291)) +---- +hashlookup-forensic-analyser version 0.6 released including various bugs fixed and improved logging. + +Thanks to the users who reported bugs and ideas especially @mikel_hamm for the extensive tests. + +#dfir #forensics + +https://github.com/hashlookup/hashlookup-forensic-analyser + +(Originally on Twitter: [Fri Dec 24 11:16:46 +0000 2021](https://twitter.com/adulau/status/1474338255868936192)) +---- +RT @MISPProject: For the French-speaking users of MISP, there is a series of article in MISC Mag (N 119) written by people from @circl_lu… + +(Originally on Twitter: [Sat Dec 25 15:42:54 +0000 2021](https://twitter.com/adulau/status/1474767619270004743)) +---- +RT @lvanbever: What happened to the Internet in 2021 in one print. The print depicts the number of routing announcements observed by 256 In… + +(Originally on Twitter: [Mon Dec 27 19:16:42 +0000 2021](https://twitter.com/adulau/status/1475546199478484994)) +---- +RT @SecurityYamato: We just released two Windows event log analysis tools: Hayabusa and WELA: https://github.com/Yamato-Security/ #yamasec + +(Originally on Twitter: [Tue Dec 28 09:05:57 +0000 2021](https://twitter.com/adulau/status/1475754884930678787)) +---- +RT @cudeso: Send malware samples from MISP (@MISPProject ) to your MWDB instance (@CERT_Polska_en ) via a MISP module. #automation https://… + +(Originally on Twitter: [Tue Dec 28 09:50:02 +0000 2021](https://twitter.com/adulau/status/1475765977782620164)) +---- +Just released a new version of hashlookup-forensic-analyser v0.7 fixing some bugs. + +Finding known files in large directory, just take some seconds with the Bloom Filter lookup. #DFIR #infosec #opensource + +https://github.com/hashlookup/hashlookup-forensic-analyser/releases/tag/v0.7 +https://github.com/hashlookup/hashlookup-forensic-analyser + + +media/1475869408472047617-vw8BNUXzOAs_g68J.mp4 + +(Originally on Twitter: [Tue Dec 28 16:41:01 +0000 2021](https://twitter.com/adulau/status/1475869408472047617)) +---- +@ADMDFRANCE @NaThaNoJ593 Vu de Belgique, cette position est vraiment rétrograde et d'un manque d'humanisme gigantesque. Ici, on écrit sa déclaration anticipée en matière d'euthanasie comme un acte humain et responsable. https://organesdeconcertation.sante.belgique.be/fr/documents/declaration-anticipee-relative-leuthanasie C'est encadré dans la législation depuis 2002-2003. + +(Originally on Twitter: [Wed Dec 29 16:10:38 +0000 2021](https://twitter.com/adulau/status/1476224148036898818)) +---- +RT @circl_lu: hashlookup Bloom filter updated to the latest version of the database which now includes all hashes from https://t.co/TCqNf4R… + +(Originally on Twitter: [Thu Dec 30 10:26:59 +0000 2021](https://twitter.com/adulau/status/1476500052201857026)) +---- +@halvarflake ❤️ + +(Originally on Twitter: [Sat Jan 01 08:47:51 +0000 2022](https://twitter.com/adulau/status/1477199881253097472)) +---- +RT @MISPProject: For this new year we would like to thank the 461+ contributors to the @MISPProject who helped us to make MISP a better ope… + +(Originally on Twitter: [Sat Jan 01 17:25:30 +0000 2022](https://twitter.com/adulau/status/1477330151532867585)) +---- +Every day (and night) is such a gift to be in teams of talented individuals within @MISPProject @ail_project @circl_lu @d4_project @cerebrateproje1 and many others. I strongly the believe open source strength are the communities behind. + +Happy new year! + +https://twitter.com/MISPProject/status/1477329721503645699 + + +media/1477334536010833922-FICL7Q9XMAISPGe.mp4 + +(Originally on Twitter: [Sat Jan 01 17:42:55 +0000 2022](https://twitter.com/adulau/status/1477334536010833922)) +---- +RT @alexanderjaeger: @MISPProject @circl_lu @cerebrateproje1 Very cool to see how MISP is growing. For new folks I highly recommend getting… + +(Originally on Twitter: [Sat Jan 01 19:09:20 +0000 2022](https://twitter.com/adulau/status/1477356283732930563)) +---- +Just released a version 0.8 of the hashlookup forensic analyser including a new Markdown report and JSON export of the results. #dfir #forensics #opensource + +https://github.com/hashlookup/hashlookup-forensic-analyser/releases/tag/v0.8 +https://github.com/hashlookup/hashlookup-forensic-analyser ![](media/1477607773865222145-FIGD2TIXsAImbYu.jpg) + +(Originally on Twitter: [Sun Jan 02 11:48:40 +0000 2022](https://twitter.com/adulau/status/1477607773865222145)) +---- +Just moved my old & ugly script with Benthos (declarative data streaming service) to make some data mangling from various streams (ZMQ and Redis). + +It's open source, well maintained, binary release works. 🔝🆒 + +https://www.benthos.dev/ + + and @Jeffail is funny. + +(Originally on Twitter: [Sun Jan 02 15:36:00 +0000 2022](https://twitter.com/adulau/status/1477664985883058183)) +---- +RT @hrbrmstr: Threw together a small #RStats 📦 to work with the super-useful @circl_lu hash lookup service https://github.com/hrbrmstr/hashlookup https://… + +(Originally on Twitter: [Sun Jan 02 16:03:49 +0000 2022](https://twitter.com/adulau/status/1477671984062509065)) +---- +Indeed, as an example, if you search for Python documentation, the official http://python.org is often below a multiple of websites with tons of ads. If you reduce search timeframe to one week, the results are even just fake clickbait websites. + +https://mobile.twitter.com/mwseibel/status/1477701120319361026 + +(Originally on Twitter: [Sun Jan 02 22:30:24 +0000 2022](https://twitter.com/adulau/status/1477769272764121089)) +---- +git-vuln-finder v1.2 released including support for @githubarchive processing to analyse GitHub archive for potential vulnerabilities mentioned in commit logs. #opensource #infosec + +https://github.com/cve-search/git-vuln-finder + +Thanks to @cruciani_david for the http://GHarchive.org support. ![](media/1478009140895260676-FILwqlgXoAIr9go.jpg) + +(Originally on Twitter: [Mon Jan 03 14:23:33 +0000 2022](https://twitter.com/adulau/status/1478009140895260676)) +---- +@entropyqueen_ @InakMali https://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.re/post/khenE0WOEkAlpOoD61d307b4079fd + +(Originally on Twitter: [Mon Jan 03 17:44:44 +0000 2022](https://twitter.com/adulau/status/1478059766685577225)) +---- +RT @LBacaj: I managed multiple engineering teams before quitting big tech. + +Now that I quit, I can speak freely. + +Here are 12 things your m… + +(Originally on Twitter: [Tue Jan 04 13:30:42 +0000 2022](https://twitter.com/adulau/status/1478358227469410316)) +---- +@notareverser I strongly agree with you. We are under using partial hashing and even the « pyramid of pain » gave the wrong impression about file hashing. The ExpHash is also an interesting step for finding outliers libraries. + +(Originally on Twitter: [Tue Jan 04 13:51:49 +0000 2022](https://twitter.com/adulau/status/1478363542915014662)) +---- +@ValeryMarchive @AuCyble @Securityblog Fake claims are very common in ransomware cases but too often these come from both sides. + +(Originally on Twitter: [Tue Jan 04 14:14:02 +0000 2022](https://twitter.com/adulau/status/1478369133863620615)) +---- +RT @cudeso: Ever wondered how uploading of attachments to @MISPProject result in a file object? This is done by "app/files/scripts/generate… + +(Originally on Twitter: [Tue Jan 04 14:23:04 +0000 2022](https://twitter.com/adulau/status/1478371405507006473)) +---- +"A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques" A very good state of the art about DNS Encryption and impact on detection and abuse by malware/c2 communication. #dns #infosec + +https://arxiv.org/abs/2201.00900 ![](media/1479006660672868356-FIZ8UBPX0AcZyNX.jpg) + +(Originally on Twitter: [Thu Jan 06 08:27:21 +0000 2022](https://twitter.com/adulau/status/1479006660672868356)) +---- +@ancailliau @digihash @asfakian I compiled some of my personal notes into this gist about SOC setup (feel free to update): +https://gist.github.com/adulau/f3c2434de2f8ef91027ad4c2057e16ed +The MITRE document "Ten Strategies of a World-Class +Cybersecurity Operations Center" is really my favourite. + +(Originally on Twitter: [Thu Jan 06 15:20:47 +0000 2022](https://twitter.com/adulau/status/1479110707647975432)) +---- +Just added a graphical view of the relationships in the @MISPProject galaxy documentation (such as threat actors, tools, ...). + +https://www.misp-project.org/galaxy.html#_threat_actor + +The source is the standard MISP galaxy repository. +Pull-requests welcome. + +https://github.com/MISP/misp-galaxy/ +#ThreatIntel #opensource ![](media/1479149294334746629-FIb8kYBXIA4acQa.png) + +(Originally on Twitter: [Thu Jan 06 17:54:07 +0000 2022](https://twitter.com/adulau/status/1479149294334746629)) +---- +RT @_Mike_Holm_: Last day to apply! @AusCERT +is hiring a Linux/AWS Systems Administrator. Lots of fun stuff to work on, like @MISPProject a… + +(Originally on Twitter: [Fri Jan 07 09:18:14 +0000 2022](https://twitter.com/adulau/status/1479381853350023171)) +---- +@xme Last time I did the following, "Thank for the no information, we will not renew the contract with you." and a carbon copy to the account manager. I received a PDF with the technical details, the same day. + +(Originally on Twitter: [Fri Jan 07 17:03:31 +0000 2022](https://twitter.com/adulau/status/1479498945818726406)) +---- +@RichardStruse @MITREcorp Thank you for bringing so much pragmatic approaches and reality into the industry. Congrats for your new adventures. + +(Originally on Twitter: [Sun Jan 09 09:02:12 +0000 2022](https://twitter.com/adulau/status/1480102596107030528)) +---- +@opexxx Interesting one. Did you have the source for this table? Thank you. + +(Originally on Twitter: [Sun Jan 09 10:24:59 +0000 2022](https://twitter.com/adulau/status/1480123429693108224)) +---- +The initiative from @codeberg_org is promising. It's a community/non-profit driven git hosting (based on the incredible @giteaio). It's hosted in Europe. So it will be easier for contributors and users with some (ITAR) restrictions applicable to GItHub. + +https://codeberg.org/ + +(Originally on Twitter: [Sun Jan 09 10:46:16 +0000 2022](https://twitter.com/adulau/status/1480128786213617672)) +---- +Complaining about corporate organisations using open source when the author first released their open source software under some non-copyleft licenses sound like counter productive to me. They forgot the four freedoms of free software. + +https://mobile.twitter.com/AlexMog_FR/status/1479956193879728137 + +(Originally on Twitter: [Sun Jan 09 12:44:25 +0000 2022](https://twitter.com/adulau/status/1480158520561610756)) +---- +@volt4ire Indeed. Abusing its own software sounds like a way to shoot in your foot. It's self destroying your open source community. + +(Originally on Twitter: [Sun Jan 09 16:20:59 +0000 2022](https://twitter.com/adulau/status/1480213018940170245)) +---- +If you are looking for some technical details about the @Apple "iCloud Private Relay" - + +Those slides presented at the IETF PEARG WG give a good overview: + +https://datatracker.ietf.org/meeting/111/materials/slides-111-pearg-private-relay-00 + +https://datatracker.ietf.org/rg/pearg/ ![](media/1480851342650400774-FI0KPWMXsAIHb-4.png) + +(Originally on Twitter: [Tue Jan 11 10:37:27 +0000 2022](https://twitter.com/adulau/status/1480851342650400774)) +---- +RT @jfslowik: FSB links are possible too, and potentially more likely, which I should have noted earlier as explained in the text: https://… + +(Originally on Twitter: [Tue Jan 11 16:18:16 +0000 2022](https://twitter.com/adulau/status/1480937109972299783)) +---- +It would be great if @GCHQ CyberChef https://github.com/gchq/CyberChef/pull/1303 would stop requiring a CLA. It's a limiting factor to contributions. + +DCO (Developer Certificate of Origin) would be an excellent alternative and would allow more users to contribute back. + +https://developercertificate.org/ + +(Originally on Twitter: [Tue Jan 11 21:27:36 +0000 2022](https://twitter.com/adulau/status/1481014955809947651)) +---- +@alex_lanstein I’m sure without confidentiality agreement or NDA is also possible when it’s a dedicated day on public or non-classified activity. It’s usually the most interesting part as everyone try to be efficient without following complex legal framework ;-) + +(Originally on Twitter: [Wed Jan 12 17:02:07 +0000 2022](https://twitter.com/adulau/status/1481310534792368135)) +---- +@alex_lanstein Lol Symantec might not be the most interesting nowadays. But the shoulder surfing during the stuxnet case analysis would have been funky over there ;-) + +(Originally on Twitter: [Wed Jan 12 17:22:45 +0000 2022](https://twitter.com/adulau/status/1481315725906173958)) +---- +@Sebdraven @EBouliou @flic_advisor Tu ne crois pas que la moitié c’est de l’investissement dans l’immobilier comme le campus cyber ? + +(Originally on Twitter: [Wed Jan 12 17:45:46 +0000 2022](https://twitter.com/adulau/status/1481321517564715023)) +---- +RT @Digital_Cold: Our paper on emulating basebands for security analysis has been accepted at NDSS! We found multiple critical pre-auth vul… + +(Originally on Twitter: [Wed Jan 12 20:51:49 +0000 2022](https://twitter.com/adulau/status/1481368340195155968)) +---- +@eric_capuano @TheHive_Project @AirbusCyber I suppose they never heard of @MISPProject with crazy support of timelines. + +https://www.misp-project.org/2020/01/21/MISP.2.4.120.released.html + +and the feature is maintained + +https://www.misp-project.org/2021/12/22/MISP.2.4.152.released.html + +I’m wondering if this spreadsheet will be ever maintained… + +(Originally on Twitter: [Thu Jan 13 07:23:23 +0000 2022](https://twitter.com/adulau/status/1481527277590654984)) +---- +@rafi0t @BloodyTangerine For all the details about the core issue (HTTP3 bug) - https://bugzilla.mozilla.org/show_bug.cgi?id=1749908 + +(Originally on Twitter: [Thu Jan 13 09:23:43 +0000 2022](https://twitter.com/adulau/status/1481557561598005248)) +---- +@npua @bortzmeyer @CENTR_Polina Indeed "Costs for operating the infrastructure during its lifetime will be excluded under the call." and it's just co-funding for max 50% under the CEF grant model. + +I suppose the best would be to find a business model to monetize the data collected for remaining funding ;-) ![](media/1481587140261818371-FI-nPMCXoAMl4eO.png) + +(Originally on Twitter: [Thu Jan 13 11:21:15 +0000 2022](https://twitter.com/adulau/status/1481587140261818371)) +---- +@bortzmeyer @npua @CENTR_Polina I think they should revise the original proposal and make a 100% funding (or 75% like it was for the CEF grants before) because then the incentive is going away... or organisations might built dangerous castles to complete the original funding. + +(Originally on Twitter: [Thu Jan 13 14:03:45 +0000 2022](https://twitter.com/adulau/status/1481628035661058055)) +---- +@lambdafu Do you include the compatible sks server like hockeypuck? + +(Originally on Twitter: [Thu Jan 13 19:41:39 +0000 2022](https://twitter.com/adulau/status/1481713071714410498)) +---- +@lambdafu Thank you. You might want to have look at https://spider.pgpkeys.eu/sks-peers and the overview https://spider.pgpkeys.eu/graphs/walk-sks.green.dot.svg which is a bit different network wise. + +(Originally on Twitter: [Fri Jan 14 05:34:56 +0000 2022](https://twitter.com/adulau/status/1481862376521621504)) +---- +RT @cudeso: Visualise @MISPProject galaxies and clusters, outside MISP with http://graph.py #cti https://www.vanimpe.eu/2022/01/14/visualising-misp-galaxies-and-clusters/ https://t… + +(Originally on Twitter: [Fri Jan 14 10:29:23 +0000 2022](https://twitter.com/adulau/status/1481936475793014786)) +---- +RT @treyka: Totally uncool: the ongoing military tensions between Russia, Ukraine, and NATO. + +Totally cool: seeing @MISPProject on the fron… + +(Originally on Twitter: [Fri Jan 14 17:16:13 +0000 2022](https://twitter.com/adulau/status/1482038857898078208)) +---- +RT @nunohaien: Remember the SolarWinds supply-chain attack? Here's a #100DaysofYARA rule that matches the (normalized) .NET CIL bytecode of… + +(Originally on Twitter: [Fri Jan 14 19:06:43 +0000 2022](https://twitter.com/adulau/status/1482066665131106309)) +---- +RT @MISPProject: "On the Integration of Course of Action Playbooks into Shareable Cyber Threat Intelligence" by @vasileim and others is a g… + +(Originally on Twitter: [Sat Jan 15 09:22:07 +0000 2022](https://twitter.com/adulau/status/1482281937284870144)) +---- +@sinwindie Sounds awesome! Not sure if the public ssh keys of the profile are mentioned in your diagram. It’s an incredible resource to cross discover similar accounts. + +(Originally on Twitter: [Sun Jan 16 08:22:10 +0000 2022](https://twitter.com/adulau/status/1482629235642613763)) +---- +@ItsReallyNick Tox ID are regularly used by "GOLD WINTER". I was curious about the Tox ID and the user seems offline while testing. (if the spec are correct with OFFLINE status - https://zetok.github.io/tox-spec/#friend-connection) or changed the NoSpam ID. + +(Originally on Twitter: [Sun Jan 16 16:09:50 +0000 2022](https://twitter.com/adulau/status/1482746929993994241)) +---- +@ItsReallyNick The main public doc is from @Secureworks + +https://www.misp-project.org/galaxy.html#_gold_winter + +I have seen some cases with a custom Tox ID per target in the ransom note. I think all where using HADES ransomware. I would be curious to look at the samples (;-) to see if there are any code reused. + +(Originally on Twitter: [Sun Jan 16 16:18:49 +0000 2022](https://twitter.com/adulau/status/1482749188991561732)) +---- +@ItsReallyNick @Secureworks By the way, concerning detection of Tox communication, the bootstrap for the DHT is useful and available online as JSON https://nodes.tox.chat/json + +(Originally on Twitter: [Sun Jan 16 16:20:06 +0000 2022](https://twitter.com/adulau/status/1482749513093767169)) +---- +RT @bartblaze: With everything going on with #WhisperGate, it's important to take a step back and assess what its actual purpose may be. Th… + +(Originally on Twitter: [Tue Jan 18 08:28:16 +0000 2022](https://twitter.com/adulau/status/1483355546400997377)) +---- +@bartblaze @Sebdraven Thanks a lot for your effort to explain the complexity to perform analysis and especially to clearly assess the objectives of a CNE. + +(Originally on Twitter: [Tue Jan 18 08:30:37 +0000 2022](https://twitter.com/adulau/status/1483356137210748930)) +---- +RT @circl_lu: First release v1.0 of factual rules, a new open source tool to build YARA rules for known installed software on operating sys… + +(Originally on Twitter: [Tue Jan 18 10:36:13 +0000 2022](https://twitter.com/adulau/status/1483387745016119296)) +---- +@jfslowik Just wondering what was the impact of « crypto miners » in the past and maybe future crisis in Texas. https://www.cnbc.com/2021/10/31/bitcoin-mining-giants-bitdeer-riot-blockchain-in-rockdale-texas.html We can see a pattern in different countries… + +(Originally on Twitter: [Tue Jan 18 19:00:16 +0000 2022](https://twitter.com/adulau/status/1483514594777776129)) +---- +@ptrstpp950 Delphi and SCCS as source control management system. + +(Originally on Twitter: [Wed Jan 19 12:57:30 +0000 2022](https://twitter.com/adulau/status/1483785688822726658)) +---- +Sometime reading some incidents and reports, you can see patterns and fingerprints where attackers are regularly playing CTF. + +But how far a CTF can go to not disclose the final target to the players? and act as a relay to actual exploitation of infrastructure. + + +media/1483818803188350979-FJeVVUyXoAYr_ow.mp4 + +(Originally on Twitter: [Wed Jan 19 15:09:05 +0000 2022](https://twitter.com/adulau/status/1483818803188350979)) +---- +@aris_ada For sure, they do. I was more like in evil mode. Imagine a CTF which is just a front-end to an actual CNE. + +(Originally on Twitter: [Wed Jan 19 15:34:04 +0000 2022](https://twitter.com/adulau/status/1483825092111085568)) +---- +@cryptax @aris_ada Not sure. For a first-stage exploitation, you can still give other results afterwards. They might see at some point but the exploitation is already performed. + +(Originally on Twitter: [Wed Jan 19 15:59:04 +0000 2022](https://twitter.com/adulau/status/1483831380790419458)) +---- +@doegox + + +media/1483837792174194695-FJemmmlWQAErBtM.mp4 + +(Originally on Twitter: [Wed Jan 19 16:24:32 +0000 2022](https://twitter.com/adulau/status/1483837792174194695)) +---- +We are working on something called Common Exercise Format (CEXF) which is a new format to automate cyber exercises. +The goal is to ease our work when running exercises for @MISPProject and to make it open and free to everyone else. Feedback is welcome! + +https://github.com/MISP/cexf/blob/main/format-description.md + +(Originally on Twitter: [Thu Jan 20 16:48:12 +0000 2022](https://twitter.com/adulau/status/1484206136320577536)) +---- +@clevybencheton Awesome! Feel free to open issues and provide feedback. We are still in the alpha stage. + +(Originally on Twitter: [Thu Jan 20 17:19:29 +0000 2022](https://twitter.com/adulau/status/1484214008362192902)) +---- +Trying to keep an accurate and up-to-date list of tor2web and Tor proxy services: + +https://gist.github.com/adulau/5caf188bb1f63263bf7ac00c4a19f710 + +Contributions and updates more than welcome. #threatintelligence ![](media/1484449028096077826-FJnSEvQXwAE-DdW.png) + +(Originally on Twitter: [Fri Jan 21 08:53:22 +0000 2022](https://twitter.com/adulau/status/1484449028096077826)) +---- +@treyka You might want to try those organic and local ones https://www.bioferme.be/nl/yaourt_bio_brasses.php and you can get the flavor you like. + +(Originally on Twitter: [Fri Jan 21 22:18:08 +0000 2022](https://twitter.com/adulau/status/1484651551721508867)) +---- +RT @DTCERT: 🛠️#YARA rule🔍 for hunting XOR encrypted #PlugX / #Korplug payloads as distributed by threat actor #MustangPanda 🐼. The first ze… + +(Originally on Twitter: [Sat Jan 22 15:42:43 +0000 2022](https://twitter.com/adulau/status/1484914432576733188)) +---- +I just merged a new @MISPProject taxonomy proposed by @cudeso "Beyond Attribution: Seeking National +Responsibility for Cyber Attacks" and The Spectrum of State Responsibility created by @AtlanticCouncil @Jason_Healey - #ThreatIntelligence #CyberSecurity + +https://www.misp-project.org/taxonomies.html#_state_responsibility ![](media/1484943161562652674-FJuTT3OXsAELpiD.jpg) + +(Originally on Twitter: [Sat Jan 22 17:36:53 +0000 2022](https://twitter.com/adulau/status/1484943161562652674)) +---- +As the weather was crap, I wrote mmdb-server. It is an open source fast and local API server to lookup IP addresses for their geographic location supporting any MMDB file and includes a default free and open country-location database. #opensource #dfir + +https://github.com/adulau/mmdb-server ![](media/1485304316713967618-FJzbOlSXsAM8i7U.jpg) + +(Originally on Twitter: [Sun Jan 23 17:31:59 +0000 2022](https://twitter.com/adulau/status/1485304316713967618)) +---- +@theragex His exact wording is interesting « he wants France to leave the NATO’s integrated command structure but remains a member nation to vote against Ukraine joining NATO » + +(Originally on Twitter: [Mon Jan 24 06:34:06 +0000 2022](https://twitter.com/adulau/status/1485501142192775169)) +---- +@theragex Source: https://mobile.twitter.com/Cdanslair/status/1485350055846502404 - 9:33 PM · Jan 23, 2022 + +(Originally on Twitter: [Mon Jan 24 06:36:13 +0000 2022](https://twitter.com/adulau/status/1485501674647175171)) +---- +@yvesvdm @theragex or it’s maybe inline with his ongoing source of campaign funding… + +(Originally on Twitter: [Mon Jan 24 11:09:06 +0000 2022](https://twitter.com/adulau/status/1485570351203561473)) +---- +After more than 20 years of existence the AEL (Association Electronique Libre) non-profit organisation is officially dissolved. It was a long ride but times have changed. We donated 1.808,30 EUR to @fosdem + +@RaNma__ @etychon @thosil76 Thanks everyone. + +https://en.wikipedia.org/wiki/Association_Electronique_Libre + + +media/1485600076915527680-FJ3pZF4XsAgpTLG.mp4 + +(Originally on Twitter: [Mon Jan 24 13:07:14 +0000 2022](https://twitter.com/adulau/status/1485600076915527680)) +---- +RT @colmmacc: The cryptography that is in 'crypto' is merely enough to serve as a foundation myth of mathematical purity and incorruptibili… + +(Originally on Twitter: [Tue Jan 25 17:49:46 +0000 2022](https://twitter.com/adulau/status/1486033568132481029)) +---- +RT @MISPProject: Comrade, nice try! Please be so kind and if you find any vulnerabilities, be a bro and let us know at https://t.co/YbesLHn… + +(Originally on Twitter: [Wed Jan 26 16:03:51 +0000 2022](https://twitter.com/adulau/status/1486369299811946497)) +---- +@GrablyR @gallypette Le plus marrant c’est l’utilisation de support pour stocker des œuvres libres (logiciels libres, contenu sous licence libre), des œuvres privées (dont les droits patrimoniaux sont à vous) et des œuvres sans droits patrimoniaux. Vous payez et cela ne va pas à la BNF ou au libre. + +(Originally on Twitter: [Wed Jan 26 17:15:52 +0000 2022](https://twitter.com/adulau/status/1486387424192249858)) +---- +RT @doegox: Our 10 years old EMV-CAP emulator is now republished on Github under GPL3+, use it responsibly! https://github.com/doegox/EMV-CAP https:/… + +(Originally on Twitter: [Thu Jan 27 11:07:29 +0000 2022](https://twitter.com/adulau/status/1486657105566355456)) +---- +RT @GossiTheDog: Something some ransomware groups have been doing lately - when their post their victim disclosures, they include invoices… + +(Originally on Twitter: [Thu Jan 27 17:39:44 +0000 2022](https://twitter.com/adulau/status/1486755818976468997)) +---- +RT @OpenDataLU: New reuse: mmdb-server is an open source fast API server to lookup IP addresses for their geographic location. +https://t.co… + +(Originally on Twitter: [Thu Jan 27 22:20:26 +0000 2022](https://twitter.com/adulau/status/1486826458412720132)) +---- +@Aristot73 an unmaintained software stack in the sea. + +(Originally on Twitter: [Fri Jan 28 06:44:08 +0000 2022](https://twitter.com/adulau/status/1486953218697580546)) +---- +@openfacto Awesome work. I encoded as @MISPProject event and tried to find the appropriate "misinformation patterns" as described in https://www.misp-project.org/galaxy.html#_misinformation_pattern - if you have some ideas or improvement le me know. ![](media/1486980193440960514-FKLQOeRWYAMZ1_k.png) + +(Originally on Twitter: [Fri Jan 28 08:31:19 +0000 2022](https://twitter.com/adulau/status/1486980193440960514)) +---- +@le_krogoth @snort @irnbru Remote display(s) controlled like airtame (handy when an analyst want to show something to the whole SOC), a sofa (when there is a crisis, relaxing is cool) and good chairs/adjustable tables. + +(Originally on Twitter: [Fri Jan 28 12:20:47 +0000 2022](https://twitter.com/adulau/status/1487037941696405508)) +---- +RT @cerebrateproje1: Cerebrate version 1.4 released including OpenAPI support, many improvements and bugs fixed (including @MISPProject int… + +(Originally on Twitter: [Fri Jan 28 12:43:07 +0000 2022](https://twitter.com/adulau/status/1487043562109902849)) +---- +RT @KevTheHermit: Just added ~200 @volatility Linux Symbol packs (profiles) to my Symbol server, which now includes ubuntu-aws and ubuntu-a… + +(Originally on Twitter: [Sun Jan 30 10:17:12 +0000 2022](https://twitter.com/adulau/status/1487731617556844546)) +---- +RT @botherder: I wrote a short introduction to getting started with forensic analysis of Android devices in order to identify traces of com… + +(Originally on Twitter: [Sun Jan 30 10:46:29 +0000 2022](https://twitter.com/adulau/status/1487738986219118594)) +---- +RT @cudeso: I published a set of Python scripts that I use to integrate @dfir_iris , @MISPProject and @TimesketchProj #DFIR #CSIRT https:… + +(Originally on Twitter: [Mon Jan 31 16:52:07 +0000 2022](https://twitter.com/adulau/status/1488193386398068741)) +---- +A kind reminder for French speakers "taxidermie n'est pas taxonomie" but you can use a taxonomy to label dead animals if you like. + +(Originally on Twitter: [Mon Jan 31 16:55:07 +0000 2022](https://twitter.com/adulau/status/1488194143427960840)) +---- +@Aristot73 Don’t go to the pub with the classified documents. + +(Originally on Twitter: [Tue Feb 01 21:15:16 +0000 2022](https://twitter.com/adulau/status/1488621998347800576)) +---- +RT @circl_lu: "InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM" + +Rules for searching UEFI vulnerabilities including the… + +(Originally on Twitter: [Wed Feb 02 09:48:57 +0000 2022](https://twitter.com/adulau/status/1488811670071820294)) +---- +Seeing more and more EU-funded projects adding distributed ledgers for limiting distribution of information, a system relying on scarcity on digital information is an expensive way for our societies to come back to pen and paper. + +(Originally on Twitter: [Thu Feb 03 06:34:49 +0000 2022](https://twitter.com/adulau/status/1489125200650248195)) +---- +RT @MISPProject: "Overcoming information-sharing challenges in cyber defence exercises" by Agnė Brilingaitė - a very good insight and lesso… + +(Originally on Twitter: [Thu Feb 03 11:18:16 +0000 2022](https://twitter.com/adulau/status/1489196533027414028)) +---- +For the ones using OpenSearch (yep the fork of @elastic), there is a cleaner and updated Ansible playbook to properly deploy it and which works on Debian too 🥳 +https://github.com/remil1000/opensearch-ansible-playbook #CTI #DFIR #OpenSource + +(Originally on Twitter: [Thu Feb 03 15:05:18 +0000 2022](https://twitter.com/adulau/status/1489253670646472724)) +---- +@Sebdraven Il y a des échanges entre certains opérateurs via MISP. Il y a plusieurs soucis de FP avec les spoofed caller-id, les allocations fixes par des opérateurs virtuels et quelques autres bricoles… + +(Originally on Twitter: [Thu Feb 03 17:48:27 +0000 2022](https://twitter.com/adulau/status/1489294728952795144)) +---- +@exundhop Thank you very much, it’s really appreciated. @AdulauA is my other side on Twitter. For the curious, I upload some on flickr https://www.flickr.com/photos/adulau/ + +(Originally on Twitter: [Thu Feb 03 19:58:16 +0000 2022](https://twitter.com/adulau/status/1489327398155919361)) +---- +If you add "information sharing" in your slide deck, I expect at least: + +- How the information will be shared? +- How the information will be structured? +- When you will start to share information? +- How can I be part of the sharing? + +If it's not there, it's vaporware. + +(Originally on Twitter: [Fri Feb 04 21:57:34 +0000 2022](https://twitter.com/adulau/status/1489719809646415877)) +---- +@cudeso I never understood it especially when you look at the roots of the word in French and English. It’s basically « whole » so it would mean « the whole information sharing ». My guess is « all type of information sharing » which basically means chatting somewhere, email to someone.. ![](media/1489865759744483330-FK0PME8XMAItjkn.jpg) + +(Originally on Twitter: [Sat Feb 05 07:37:32 +0000 2022](https://twitter.com/adulau/status/1489865759744483330)) +---- +RT @circl_lu: We published open source metrics about @circl_lu contributions to projects that we maintain or co-maintain such as @MISPProj… + +(Originally on Twitter: [Sat Feb 05 10:11:58 +0000 2022](https://twitter.com/adulau/status/1489904623792140289)) +---- +RT @alexanderjaeger: @adulau Thank you for asking Alexandre, here is a example of how we will share (as an image in a PDF obv): https://t.c… + +(Originally on Twitter: [Sat Feb 05 17:10:12 +0000 2022](https://twitter.com/adulau/status/1490009876176814080)) +---- +@alexanderjaeger + + +media/1490010266515476480-FK2Ub3JXEAYXH3L.mp4 + +(Originally on Twitter: [Sat Feb 05 17:11:45 +0000 2022](https://twitter.com/adulau/status/1490010266515476480)) +---- +I just released version 0.5 of mmdb-server which now includes the ability to load multiple MMDB files. A new GeoOpen MMDB files has been included to give AS number and AS description in addition to geolocation. #opensource #cti + +https://github.com/adulau/mmdb-server + +(Originally on Twitter: [Sun Feb 06 11:13:19 +0000 2022](https://twitter.com/adulau/status/1490282452589465600)) +---- +Thanks to @JeroenPinoy who already managed to write a @MISPProject module to use mmdb-server to add geolocation objects for IP addresses expanded. + +https://github.com/MISP/misp-modules/pull/551 ![](media/1490356301444136968-FK7O-AMWUAEnhLH.jpg) + +(Originally on Twitter: [Sun Feb 06 16:06:46 +0000 2022](https://twitter.com/adulau/status/1490356301444136968)) +---- +@U039b @cryptax @malwrhunterteam I often use tcpflow from @xchatty https://github.com/simsong/tcpflow when something is needed in pure Python then one of numerous forks of pynids (relying on the vintage libnids). + +(Originally on Twitter: [Sun Feb 06 17:19:14 +0000 2022](https://twitter.com/adulau/status/1490374539867566082)) +---- +@xchatty @U039b @cryptax @malwrhunterteam I like the unix philosophy of tcpflow compared to tshark/wiretap library (You often finish by doing some lua script in tshark... to split streams) . Maybe supporting community-id in tcpflow from @corelight_inc https://github.com/corelight/community-id-spec/ would be great. + +(Originally on Twitter: [Sun Feb 06 21:30:04 +0000 2022](https://twitter.com/adulau/status/1490437661374521348)) +---- +@xchatty @U039b @cryptax @malwrhunterteam @corelight_inc My last test with large pcaps, tshark was pretty slow but not sure about the error rate. I didn't redo what we did years ago for testing the stream reassembly code but we should give a try again. http://www.foo.be/papers/wagener-dulaunoy-engel-networkforensicaccuracy.pdf + +(Originally on Twitter: [Mon Feb 07 05:54:31 +0000 2022](https://twitter.com/adulau/status/1490564611606732802)) +---- +@xchatty @U039b @cryptax @malwrhunterteam @corelight_inc IMHO, I think this should be really optional. As the dissectors are usually a source of issues (from parsing bugs to more severe vulnerabilities). For DFIR, extracting the flow as binary streams without errors is already awesome. + +(Originally on Twitter: [Mon Feb 07 05:57:08 +0000 2022](https://twitter.com/adulau/status/1490565269160448002)) +---- +RT @gallypette: @DFIRScience @Hexacorn If you are interested into NSRL and speeding it up, it may be worth checking out hashlookup and its… + +(Originally on Twitter: [Tue Feb 08 09:35:57 +0000 2022](https://twitter.com/adulau/status/1490982723674157056)) +---- +RT @MISPProject: The MISP cheat sheet has been updated with a representation overview showing how MISP is used to model a security incident… + +(Originally on Twitter: [Thu Feb 10 21:34:29 +0000 2022](https://twitter.com/adulau/status/1491888327741648899)) +---- +RT @xchatty: Bulk_extractor V2.0.0 is finished! +Download the current source code from GitHub. https://github.com/simsong/bulk_extractor/releases/tag/v2.0.0 + +I'm presenting at @T… + +(Originally on Twitter: [Sun Feb 13 06:31:33 +0000 2022](https://twitter.com/adulau/status/1492748260242513920)) +---- +When designing and preparing practical training materials for an open source project, it's usually a great opportunity to improve your software. We discovered some new improvement ideas during the CyberEx project (@ecteg) to be implemented at the same time for @MISPProject... + + +media/1492965869848305666-FLgUisQXoAAtXAc.mp4 + +(Originally on Twitter: [Sun Feb 13 20:56:15 +0000 2022](https://twitter.com/adulau/status/1492965869848305666)) +---- +"Leveraging Google’s Publisher-specific IDs to Detect Website Administration" - https://arxiv.org/abs/2202.05074 + +A graph-based methodology to detect administration of websites on the Web, by exploiting the ad-related publisher-specific IDs. + +Maybe usable for Tor hidden services? + +(Originally on Twitter: [Tue Feb 15 05:42:17 +0000 2022](https://twitter.com/adulau/status/1493460634754818048)) +---- +RT @onyphe: Perfect timing to announce we now have searchable fields for Google Analytics & Google Tag Manager. We will add Google Pub next… + +(Originally on Twitter: [Tue Feb 15 09:31:37 +0000 2022](https://twitter.com/adulau/status/1493518348788903936)) +---- +@onyphe Nice! + +(Originally on Twitter: [Tue Feb 15 09:31:46 +0000 2022](https://twitter.com/adulau/status/1493518387263197185)) +---- +@Aristot73 Race condition + +(Originally on Twitter: [Tue Feb 15 12:11:49 +0000 2022](https://twitter.com/adulau/status/1493558667454697473)) +---- +RT @circl_lu: hashlookup Bloom filter updated with 316+ millions hashes. It can be downloaded from https://circl.lu/services/hashlookup/#querying-hashlookup-without-online-queries and can be used… + +(Originally on Twitter: [Tue Feb 15 15:30:41 +0000 2022](https://twitter.com/adulau/status/1493608712967184385)) +---- +@notareverser More readable than compressed regular expressions. We are using YARA for @ail_project https://github.com/ail-project/ail-yara-rules and it's also cleaner for diff files ;-) + +(Originally on Twitter: [Wed Feb 16 15:56:46 +0000 2022](https://twitter.com/adulau/status/1493977665182879744)) +---- +RT @circl_lu: New release (0.9) of hashlookup-forensic-analyser which includes improvement in the analysis and report. +The tool can be use… + +(Originally on Twitter: [Fri Feb 18 10:21:43 +0000 2022](https://twitter.com/adulau/status/1494618120350318593)) +---- +"A Method for Decrypting Data Infected with Hive Ransomware" + +https://arxiv.org/abs/2202.08477 ![](media/1494619674725822464-FL30nmQXMAAlxlC.png) + +(Originally on Twitter: [Fri Feb 18 10:27:53 +0000 2022](https://twitter.com/adulau/status/1494619674725822464)) +---- +@ValeryMarchive Feelings and software vulnerabilities must be separated to ensure a peaceful life ;-) + + +media/1494636315824033796-FL4DzaTWQAM0h7j.mp4 + +(Originally on Twitter: [Fri Feb 18 11:34:01 +0000 2022](https://twitter.com/adulau/status/1494636315824033796)) +---- +RT @pmelson: Here's a neat trick for #100DaysOfYara: In x86 ASM, when an IP address and port are pushed onto the stack, 'push eax' is execu… + +(Originally on Twitter: [Fri Feb 18 21:01:07 +0000 2022](https://twitter.com/adulau/status/1494779033585913860)) +---- +misp-wireshark - une extension Wireshark (en beta) pour intégrer dans @MISPProject vos analyses réseaux/pcap. #DFIR #ThreatIntelligence + +Désolé pour le screencast/la vidéographie, c'est à l'arrache. + +https://www.youtube.com/watch?v=B7xs5SwhlTA +https://github.com/MISP/misp-wireshark + +(Originally on Twitter: [Sat Feb 19 17:35:26 +0000 2022](https://twitter.com/adulau/status/1495089659118071808)) +---- +RT @wakatono: Wiresharkでの解析結果(PCAPデータ)を、MISP形式に変換するためのLuaスクリプトですか。 +これは面白い。 +This tool written in Lua adds Wireshark function to export (filt… + +(Originally on Twitter: [Sat Feb 19 18:32:37 +0000 2022](https://twitter.com/adulau/status/1495104047505887233)) +---- +@pchestek @_msw_ The « remove » is pretty clear in the AGPL or did the court assume it was a new license per se with the additional common clause from Neo4j? ![](media/1495371517303078917-FMCfVyhXwAEsf3N.jpg) + +(Originally on Twitter: [Sun Feb 20 12:15:27 +0000 2022](https://twitter.com/adulau/status/1495371517303078917)) +---- +@da_667 @ET_Labs Congrats! + +(Originally on Twitter: [Sun Feb 20 21:42:08 +0000 2022](https://twitter.com/adulau/status/1495514128722579458)) +---- +I just noticed mansplaining is also applicable against open source authors. It’s painful to watch and gives no hope in humanity. + + +media/1495647523746336768-FMGbfbsXMAI3zdx.mp4 + +(Originally on Twitter: [Mon Feb 21 06:32:12 +0000 2022](https://twitter.com/adulau/status/1495647523746336768)) +---- +When a real Unix user is trying to find where Python is installed on a MacBook and you discover there are 4+ Python installed via 4 different ways. + + +media/1495800967438249987-FMInDHHWQAIaNMV.mp4 + +(Originally on Twitter: [Mon Feb 21 16:41:55 +0000 2022](https://twitter.com/adulau/status/1495800967438249987)) +---- +@cudeso Yep, it sounds like the redundancy of the government(s) in Belgium. You can burn two or three government(s) and we can still find two or three ministers from other governments. + +(Originally on Twitter: [Mon Feb 21 17:21:26 +0000 2022](https://twitter.com/adulau/status/1495810908416888836)) +---- +@theodoros377 ![](media/1495821295216439299-FMI5hLDXsAcPARP.jpg) + +(Originally on Twitter: [Mon Feb 21 18:02:42 +0000 2022](https://twitter.com/adulau/status/1495821295216439299)) +---- +@martijn_grooten @Internews Great news! It’s an awesome challenge. + +(Originally on Twitter: [Mon Feb 21 21:06:14 +0000 2022](https://twitter.com/adulau/status/1495867483345068044)) +---- +RT @MISPProject: MISP-wireshark version 1.0 is released - quickly import analysis from Wireshark into MISP. + +#DFIR #ThreatIntelligence #ne… + +(Originally on Twitter: [Mon Feb 21 22:39:03 +0000 2022](https://twitter.com/adulau/status/1495890841767927816)) +---- +@Ray_Sdj @MISPProject Sure for external files you can configure local filesystem mounted (such as nfs) but also any s3 compatible interface like @Minio . You can configure it in the plugin settings of misp. + +(Originally on Twitter: [Tue Feb 22 12:30:00 +0000 2022](https://twitter.com/adulau/status/1496099956955959303)) +---- +@Ray_Sdj @MISPProject @Minio if you use the local dir. When using s3 backend it’s only the plugin configuration. + +(Originally on Twitter: [Tue Feb 22 13:19:03 +0000 2022](https://twitter.com/adulau/status/1496112299169521667)) +---- +@alexanderjaeger I would add self-hosted solution such as @matrixdotorg it's really useful especially that a federated set of servers tend to be more resilient than a single centralised operator. I see more security teams going for Matrix. + +(Originally on Twitter: [Tue Feb 22 16:25:56 +0000 2022](https://twitter.com/adulau/status/1496159332685262850)) +---- +RT @MISPProject: New geo location expansion modules added in @MISPProject modules using @circl_lu free GeoOpen + +https://misp.github.io/misp-modules/expansion/#mmdb_lookup + +Th… + +(Originally on Twitter: [Wed Feb 23 08:17:29 +0000 2022](https://twitter.com/adulau/status/1496398795520757764)) +---- +RT @victordorneanu: tmp.out #2 released! "We like messing with ELF binaries. This is our zine about that. This is the +second issue." This… + +(Originally on Twitter: [Wed Feb 23 12:37:15 +0000 2022](https://twitter.com/adulau/status/1496464167464845320)) +---- +RT @lorenzo2472: Dans le prochain @MISCRedac #120, la 1ère partie d'un article sur l'analyse statique des binaires Windows (un aperçu) avec… + +(Originally on Twitter: [Thu Feb 24 05:36:33 +0000 2022](https://twitter.com/adulau/status/1496720686202732548)) +---- +@POST_Luxembourg @FranzFayot + + +media/1497598016043245580-FMiJdDIWQAcp5x6.mp4 + +(Originally on Twitter: [Sat Feb 26 15:42:45 +0000 2022](https://twitter.com/adulau/status/1497598016043245580)) +---- +RT @circl_lu: "TR-68 - Best practices in times of tense geopolitical situations" - https://www.circl.lu/pub/tr-68/ + +Feedback and ideas are also mo… + +(Originally on Twitter: [Mon Feb 28 18:11:00 +0000 2022](https://twitter.com/adulau/status/1498360099320041481)) +---- +RT @John_Fokker: Comparison analysis between hosts mentioned in the #contileaks and data we have in our @MISPProject instance. Various hits… + +(Originally on Twitter: [Tue Mar 01 15:01:35 +0000 2022](https://twitter.com/adulau/status/1498674820522860546)) +---- +@John_Fokker @MISPProject @TrellixLabs @ChristiaanBeek Very interesting! Thanks for sharing. By the way, have you seen some references to the Global Socket Relay Network (gsocket) mentioned in some of their discussions? + +(Originally on Twitter: [Tue Mar 01 15:03:25 +0000 2022](https://twitter.com/adulau/status/1498675278612209677)) +---- +@Sebdraven Je peux garder l’expression « blabla de PMU » c’est assez marrant pour replacer dans des discussions ;-) + + +media/1498710444198047750-FMx9M2CWYAAS6L6.mp4 + +(Originally on Twitter: [Tue Mar 01 17:23:09 +0000 2022](https://twitter.com/adulau/status/1498710444198047750)) +---- +RT @F_kZ_: I am glad and proud to welcome the new OSS from @circl_lu : Pandora ! +« Pandora is an analysis framework to discover if a file i… + +(Originally on Twitter: [Tue Mar 01 20:37:13 +0000 2022](https://twitter.com/adulau/status/1498759282782838790)) +---- +RT @F_kZ_: So much thanks to @rafi0t and @adulau to maintain this project ! (And the easy way to add new worker) +Thanks all the people whic… + +(Originally on Twitter: [Tue Mar 01 20:37:43 +0000 2022](https://twitter.com/adulau/status/1498759410499440650)) +---- +@F_kZ_ @rafi0t Thanks a lot for your support too! pandora main feature is also to ease the preview of potentially suspicious documents. It makes easier for users to directly spot out of context document without risks. ![](media/1498769592499515395-FMyw9CNWYAE0ADE.jpg) + +(Originally on Twitter: [Tue Mar 01 21:18:11 +0000 2022](https://twitter.com/adulau/status/1498769592499515395)) +---- +RT @SecEvangelism: Update from #Romania +URGENT +Can anyone build out quickly a map tracking website which tracks over over 400 people via th… + +(Originally on Twitter: [Wed Mar 02 06:15:42 +0000 2022](https://twitter.com/adulau/status/1498904863828234242)) +---- +RT @PaulWebSec: Le CERT #Michelin recrute un(e) analyste sécurité : +➡️ https://michelinhr.wd3.myworkdayjobs.com/fr-FR/Michelin/job/Cataroux/Emploi---Analyste-Scurit---Security-Analyst-CERT---Clermont-Ferrand--H-F-_R-2022005333-1 + +(Originally on Twitter: [Thu Mar 03 07:46:21 +0000 2022](https://twitter.com/adulau/status/1499290066396528641)) +---- +RT @lcheylus: Geo Open - IP address Geolocation per country in MMDB format (MaxMind DB File Format) by the Luxembourgish data platform - Bu… + +(Originally on Twitter: [Thu Mar 03 08:32:35 +0000 2022](https://twitter.com/adulau/status/1499301701035167753)) +---- +RT @MISPProject: A huge thanks to @CERT_FR to share information in structured standard MISP format. The events are now also available in th… + +(Originally on Twitter: [Thu Mar 03 10:14:25 +0000 2022](https://twitter.com/adulau/status/1499327327834152962)) +---- +RT @gallypette: Analyzing conti jabber chat with @ail_project gives really neat results. ![](media/1499789397989990414-FNA7A2-XwAQn4QN.jpg) + +(Originally on Twitter: [Fri Mar 04 16:50:31 +0000 2022](https://twitter.com/adulau/status/1499789397989990414)) +---- +RT @InQuest: We are sharing this visual for tracking threat actors/groups related to the current #ukraine conflict. The content was collect… + +(Originally on Twitter: [Fri Mar 04 21:34:16 +0000 2022](https://twitter.com/adulau/status/1499860804186910727)) +---- +Many people, groups, organisations, countries and alliances are running @MISPProject to support sharing, a new improvement (to be fully released in 2.4.156) is the sharing group blueprint to easily create large maintainable sharing groups from their meta-data. #ThreatIntelligence ![](media/1500052630277705729-FNFBMsIXEAEZIrc.png) + +(Originally on Twitter: [Sat Mar 05 10:16:31 +0000 2022](https://twitter.com/adulau/status/1500052630277705729)) +---- +RT @digihash: This is such a great improvement that will make it easier for us to manage overlapping sharing groups. Thanks a lot @MISPProj… + +(Originally on Twitter: [Sat Mar 05 11:47:18 +0000 2022](https://twitter.com/adulau/status/1500075478245425158)) +---- +RT @solardiz: Back to the tech, any recommendations for a dedicated server provider in Europe for moving Openwall resources out of Russia?… + +(Originally on Twitter: [Sat Mar 05 17:37:52 +0000 2022](https://twitter.com/adulau/status/1500163702041026572)) +---- +@mcohmi https://github.com/hashlookup/hashlookup-forensic-analyser to quickly triage files on a forensic acquisition. + +(Originally on Twitter: [Sun Mar 06 06:57:02 +0000 2022](https://twitter.com/adulau/status/1500364817646993408)) +---- +@digihash @EFF Thanks for sharing. It's indeed a very good article to show some of the issues from Telegram. I'm wondering why @matrixdotorg is never mentioned or listed by @EFF as an alternative to @signalapp especially to run decentralized and resilient infrastructures. + +(Originally on Twitter: [Sun Mar 06 08:53:41 +0000 2022](https://twitter.com/adulau/status/1500394174553935875)) +---- +RT @circl_lu: Pandora is an analysis framework to discover if a file (mainly office files) is suspicious and conveniently show the results.… + +(Originally on Twitter: [Mon Mar 07 17:08:20 +0000 2022](https://twitter.com/adulau/status/1500881045448798209)) +---- +When I was young, I read @GreatDismal books in the hope we will have a better world. Now I’m dreaming of those dystopias being better than reality. + +(Originally on Twitter: [Mon Mar 07 18:33:40 +0000 2022](https://twitter.com/adulau/status/1500902520247533573)) +---- +RT @ail_project: The evolution of PHP shell/obfuscation seen from various sources (forum, Tor hidden services and pasties website) show a s… + +(Originally on Twitter: [Tue Mar 08 11:23:43 +0000 2022](https://twitter.com/adulau/status/1501156707396952074)) +---- +RT @ail_project: The AIL project workshop is online on YouTube. + +This includes new features from AIL project and an introduction to #darkwe… + +(Originally on Twitter: [Wed Mar 09 09:20:50 +0000 2022](https://twitter.com/adulau/status/1501488168918466560)) +---- +@JusticeRage Thanks for sharing! The situation is really hard for all human beings. It’s impressive to see you taking the human angle. + +(Originally on Twitter: [Wed Mar 09 19:35:16 +0000 2022](https://twitter.com/adulau/status/1501642795093831691)) +---- +RT @plusvic: YARA 4.2.0 is officially released! Check out the release notes. https://github.com/VirusTotal/yara/releases/tag/v4.2.0 + +(Originally on Twitter: [Thu Mar 10 17:37:06 +0000 2022](https://twitter.com/adulau/status/1501975445650214912)) +---- +RT @Purp1eW0lf: As a security investigator, what are your thoughts when you see this result in your SIEM? 🚨 + +Bad, right? + +Let’s discuss ho… + +(Originally on Twitter: [Sat Mar 12 08:35:47 +0000 2022](https://twitter.com/adulau/status/1502563993977860098)) +---- +@gbillois La partie exportation pour le « dual-use » est déjà precise en Europe vers la RU puisque les logiciels CNE sont clairement interdits sauf pour la réponse sur incident ou « digital forensic » https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32022R0328&from=EN + +(Originally on Twitter: [Mon Mar 14 06:32:54 +0000 2022](https://twitter.com/adulau/status/1503257845470535680)) +---- +RT @ail_project: AIL Framework version 4.1 released with a new investigation/case handling, improved @MISPProject export and many improvem… + +(Originally on Twitter: [Mon Mar 14 16:51:07 +0000 2022](https://twitter.com/adulau/status/1503413424801435654)) +---- +RT @sTeamTraen: When you ask the authors of articles in Science® to share their data, which the journal told you was mandatory when you sub… + +(Originally on Twitter: [Wed Mar 16 06:16:30 +0000 2022](https://twitter.com/adulau/status/1503978495990452225)) +---- +Our societies rely on code and data, we are still at that stage in various areas to not share for dubious reasons. The day open source and open data will become the norm, we will step our societies to the next advancement. + +https://mobile.twitter.com/sTeamTraen/status/1503864395935408128 + +(Originally on Twitter: [Wed Mar 16 06:23:49 +0000 2022](https://twitter.com/adulau/status/1503980336652464128)) +---- +RT @passthesaltcon: REMINDER You have 1 month to submit a talk or a workshop to our 5th edition #pts22 CFP! + +REQUIRED: Security AND Free S… + +(Originally on Twitter: [Wed Mar 16 14:05:51 +0000 2022](https://twitter.com/adulau/status/1504096609025634305)) +---- +RT @ail_project: First release of AIL typo squatting library - a generic library in Python supporting various typo-squatting algorithms eas… + +(Originally on Twitter: [Wed Mar 16 15:47:56 +0000 2022](https://twitter.com/adulau/status/1504122300777603079)) +---- +@FrankMcG I’m wondering the rational for going with proprietary solutions which needs a lot of financial investment without the independence of a security team with their tooling. Especially when open source solutions are there and just need similar investment and you become autonomous. + +(Originally on Twitter: [Thu Mar 17 06:16:05 +0000 2022](https://twitter.com/adulau/status/1504340779547996160)) +---- +@fredraynal + + +media/1504342304617807877-FOB_WS6XMAYcZqM.mp4 + +(Originally on Twitter: [Thu Mar 17 06:22:09 +0000 2022](https://twitter.com/adulau/status/1504342304617807877)) +---- +@fredraynal rofl je parie que tu dois te tenir à 5 mètres du cadeau pour compter les bougies 🔎 + +(Originally on Twitter: [Thu Mar 17 06:31:11 +0000 2022](https://twitter.com/adulau/status/1504344576420634631)) +---- +@remi_laurent @Iglocska do you really think people pressing F5 are nice? Time to do the revolution and apply the same for command line. + + +media/1504499266752065540-FOEOGqVX0AY4FXb.mp4 + +(Originally on Twitter: [Thu Mar 17 16:45:52 +0000 2022](https://twitter.com/adulau/status/1504499266752065540)) +---- +RT @MISPProject: MISP 2.4.154 released (2nd of March) with a host of new features and fixes, including some new tools that help us navigate… + +(Originally on Twitter: [Fri Mar 18 12:35:03 +0000 2022](https://twitter.com/adulau/status/1504798535333654528)) +---- +I don't get why we still ask people to travel for meetings when we experienced the same meetings remotely during the past two years and everything went fine. + + +media/1504801361594048513-FOIg2r2XIAY8YBu.mp4 + +(Originally on Twitter: [Fri Mar 18 12:46:17 +0000 2022](https://twitter.com/adulau/status/1504801361594048513)) +---- +RT @treyka: @Iglocska @adulau @DavidHasselhoff @MISPProject This is the coolest thing I've seen all week! Today this new core MISP primiti… + +(Originally on Twitter: [Fri Mar 18 18:09:37 +0000 2022](https://twitter.com/adulau/status/1504882733809610753)) +---- +RT @MISPProject: https://www.misp-project.org/2022/03/18/MISP.2.4.156.released.html/ + +MISP 2.4.156 released including a new synchronisation event signing mechanism, many new features… + +(Originally on Twitter: [Fri Mar 18 20:40:36 +0000 2022](https://twitter.com/adulau/status/1504920728797429763)) +---- +RT @digihash: So many amazing new features jn @MISPProject. Signing your events to prevent tampering, extra contextual exports, warnings fo… + +(Originally on Twitter: [Sat Mar 19 00:35:35 +0000 2022](https://twitter.com/adulau/status/1504979865979740167)) +---- +RT @MISPProject: "SmartValidator: A Framework for Automatic Identification and Classification of Cyber Threat Data" + +An interesting paper u… + +(Originally on Twitter: [Sat Mar 19 11:11:54 +0000 2022](https://twitter.com/adulau/status/1505139997350973440)) +---- +cve-search (@cve_search) version 4.2 has been released. Many improvements and bugs fixed. Thanks to all the contributors especially @oh2fih @PaulTikken @DocArmoryTech #opensource #Security #CVE + +https://github.com/cve-search/cve-search/releases/tag/v4.2 + +(Originally on Twitter: [Mon Mar 21 10:34:34 +0000 2022](https://twitter.com/adulau/status/1505855380785664001)) +---- +RT @s4n7h0: It was impossible for me to cover every projects from +@circl_lu in one episode. There are many kick ass tools here - https://t… + +(Originally on Twitter: [Mon Mar 21 15:45:18 +0000 2022](https://twitter.com/adulau/status/1505933577044869124)) +---- +RT @InfoSecCampus: SecTools Podcast – Episode #38: Conversations with Alexandre Dulaunoy (@AdulauA) and Raphaël Vinot (@rafi0t) about Pando… + +(Originally on Twitter: [Mon Mar 21 15:45:38 +0000 2022](https://twitter.com/adulau/status/1505933661778108420)) +---- +@alexanderjaeger @s4n7h0 @circl_lu @rafi0t + + +media/1505988091126984715-FOZYLqEXsAgVICT.mp4 + +(Originally on Twitter: [Mon Mar 21 19:21:55 +0000 2022](https://twitter.com/adulau/status/1505988091126984715)) +---- +@_msw_ Indeed it’s more clearer than the dangerous « Commons Clause » gadget. It sounds like very close to a CC-BY-NC. Just the title is confusing, it’s sustainable from one perspective only ;-) + +(Originally on Twitter: [Sat Mar 26 06:18:51 +0000 2022](https://twitter.com/adulau/status/1507602964508291075)) +---- +RT @BushidoToken: Update on one of the IOCs in @prevailion's report: disneycareers[.]net + +⚠️Google TAG says disneycareers[.]net was a DPRK-… + +(Originally on Twitter: [Sun Mar 27 14:31:01 +0000 2022](https://twitter.com/adulau/status/1508089212087771138)) +---- +For people using NSRL, they change the format from flat files to RDSv3 (sqlite-based). The modern RDS file is around 223GB. So I did a first import script for the hashlookup-server https://github.com/hashlookup/hashlookup-nsrl - I'll publish the Bloom filters in the next days. #dfir #forensics + +(Originally on Twitter: [Sun Mar 27 16:30:45 +0000 2022](https://twitter.com/adulau/status/1508119343766331400)) +---- +I see a new incident detection product for @Microsoft to do some data mining of the regular queries against Bing search engine based on source IPs. Then the owner of the IP get notified of suspicious activities ;-) + +https://mobile.twitter.com/BillDemirkapi/status/1508527487655067660 + +(Originally on Twitter: [Tue Mar 29 04:46:37 +0000 2022](https://twitter.com/adulau/status/1508666917409771526)) +---- +@belathoud It remembers me how difficult it is (was?) to do inventory at the Belgian army… + +(Originally on Twitter: [Tue Mar 29 19:47:16 +0000 2022](https://twitter.com/adulau/status/1508893574166978560)) +---- +@belathoud Indeed the safety procedure was there ;-) + + +media/1508903627808776204-FPCz2MxXMAw_oNF.mp4 + +(Originally on Twitter: [Tue Mar 29 20:27:13 +0000 2022](https://twitter.com/adulau/status/1508903627808776204)) +---- +@heymingwei @bgpkit @internetsociety This is great! Keep the good work. + +(Originally on Twitter: [Wed Mar 30 16:13:48 +0000 2022](https://twitter.com/adulau/status/1509202241202401294)) +---- +@CyberStatecraft @likethecoins Congrats! + + +media/1509552335885897738-FPMBvV_XoAEOx0u.mp4 + +(Originally on Twitter: [Thu Mar 31 15:24:57 +0000 2022](https://twitter.com/adulau/status/1509552335885897738)) +---- +We have products claiming 100% coverage in ATT&CK evaluation and but the same products are confused when the filename of a binary is renamed (T1036.003). Maybe the 100% doesn’t apply to sub-techniques 🤣 + +(Originally on Twitter: [Fri Apr 01 05:23:44 +0000 2022](https://twitter.com/adulau/status/1509763422518489096)) +---- +RT @angealbertini: It's a great date to have your request to work remotely rejected because it's "not aligned with your team or organisatio… + +(Originally on Twitter: [Fri Apr 01 09:40:20 +0000 2022](https://twitter.com/adulau/status/1509827996080914470)) +---- +"Delays have Dangerous Ends: Slow HTTP/2 DoS attacks into the Wild and their Real-Time Detection using Event Sequence Analysis" #dos #infosec + +Ref: https://arxiv.org/abs/2203.16796 ![](media/1509903230876233737-FPRA2LNWUAMST6-.png) + +(Originally on Twitter: [Fri Apr 01 14:39:17 +0000 2022](https://twitter.com/adulau/status/1509903230876233737)) +---- +@_Sn0rkY + + +media/1510584079191875584-FPasNIkXwAMQyi2.mp4 + +(Originally on Twitter: [Sun Apr 03 11:44:44 +0000 2022](https://twitter.com/adulau/status/1510584079191875584)) +---- +RT @MISPProject: misp-grafana - a new real-time Grafana dashboard using MISP ZeroMQ message queue and InfluxDB. An easy way to integrate MI… + +(Originally on Twitter: [Mon Apr 04 12:44:23 +0000 2022](https://twitter.com/adulau/status/1510961479951990785)) +---- +@r00tbsd @Volexity Congrats! + +(Originally on Twitter: [Mon Apr 04 18:12:30 +0000 2022](https://twitter.com/adulau/status/1511044051671437320)) +---- +@malmoeb @pastebin Can you share in DM the Paste Id? + +(Originally on Twitter: [Tue Apr 05 06:08:50 +0000 2022](https://twitter.com/adulau/status/1511224321678753796)) +---- +I search in @github a way to automatically import existing CVEs as GitHub security advisory but it seems to be missing. If you know a way to do it, let me know. It could save time for many open source projects having already security disclosure processes. + +https://github.com/github/feedback/discussions/14321 + +(Originally on Twitter: [Tue Apr 05 11:56:15 +0000 2022](https://twitter.com/adulau/status/1511311752499273735)) +---- +RT @UYBHYS: cc @ojhayogesh11 @enovella_ @as0ler @luigifrag @virtualabs @MaliciaRogue @adulau @PatriceAuffret @nono2357 @palenath @kotzebued… + +(Originally on Twitter: [Wed Apr 06 11:41:29 +0000 2022](https://twitter.com/adulau/status/1511670425574686725)) +---- +RT @MISPProject: Glad to see @ServiceSsu and @NATO working together to share information and threat intelligence using MISP. + +https://t.co/… + +(Originally on Twitter: [Wed Apr 06 12:31:11 +0000 2022](https://twitter.com/adulau/status/1511682933773504518)) +---- +@ValeryMarchive @Sebdraven @Cigref @CESIN_France @Microsoft Les « bug bounties » sont utiles pour une seule chose: créer un marché pour les vulnérabilités. C’est simplement la démonstration de l’offre et de la demande. + +(Originally on Twitter: [Wed Apr 06 17:24:28 +0000 2022](https://twitter.com/adulau/status/1511756737853988866)) +---- +@Sebdraven @ValeryMarchive @Cigref @CESIN_France @Microsoft les bug bounties ne sont qu’un vecteur pour la prolifération d’autres vendeurs… surtout quand un vendeur le fait. Cela facilite le double paiement et aussi les acteurs « proxy ». Cela fait des années que je ne vois rien de positif. Mais bon on ne peut pas le dire… + +(Originally on Twitter: [Wed Apr 06 17:38:14 +0000 2022](https://twitter.com/adulau/status/1511760205209653249)) +---- +RT @VeteranInfosec: Excellent Workshop by @adulau and Sami Mokaddem on the @MISPProject from @circl_lu : understanding the fundamentals of… + +(Originally on Twitter: [Thu Apr 07 07:32:18 +0000 2022](https://twitter.com/adulau/status/1511970103667171336)) +---- +RT @jfslowik: For giggles, updated #Cyberwar #APT ![](media/1512172864019050502-FPxMPyeUYAA4tqV.png) + +(Originally on Twitter: [Thu Apr 07 20:58:00 +0000 2022](https://twitter.com/adulau/status/1512172864019050502)) +---- +RT @ecteg: Shoutout to our #CyberEx Project Leader @policefederale and their collaborators @circl_lu and @HogskolanHstd for their efforts i… + +(Originally on Twitter: [Fri Apr 08 14:47:09 +0000 2022](https://twitter.com/adulau/status/1512441925588115456)) +---- +Everything can be super nice on a whiteboard until you are actually doing the work and make it real. I hope one day our societies will understand how difficult is to be a doer. + + +media/1512449834200018944-FP1NGn7WUAEenDn.mp4 + +(Originally on Twitter: [Fri Apr 08 15:18:35 +0000 2022](https://twitter.com/adulau/status/1512449834200018944)) +---- +RT @0xrawsec: @adulau Even more difficult is to do the both, many times I have to force myself to stop thinking and actually start doing th… + +(Originally on Twitter: [Fri Apr 08 18:37:41 +0000 2022](https://twitter.com/adulau/status/1512499942736244738)) +---- +RT @_CERT_UA: Russian related #UAC0082 (#Sandsworm) cyberattacks on Ukrainian power grid using #INDUSTROYER2 and #CADDYWIPER variants +More… + +(Originally on Twitter: [Tue Apr 12 08:31:48 +0000 2022](https://twitter.com/adulau/status/1513797018002542597)) +---- +RT @FDezeure: Call for user contributions at the EU ATT&CK Workshop. https://attack-community.org/event/. Share with the community what works well for… + +(Originally on Twitter: [Wed Apr 13 13:35:27 +0000 2022](https://twitter.com/adulau/status/1514235821389402119)) +---- +I used and enjoyed http://del.icio.us until Yahoo acquired it and kill it. Feeling young again with @elonmusk doing it again. + +(Originally on Twitter: [Thu Apr 14 18:32:42 +0000 2022](https://twitter.com/adulau/status/1514673014868226050)) +---- +RT @fr0gger_: Microsoft DART team described a new malware named Tarrask attributed to Hafnium. This malware creates hidden scheduled tasks,… + +(Originally on Twitter: [Sat Apr 16 19:48:02 +0000 2022](https://twitter.com/adulau/status/1515416746173382657)) +---- +RT @jon96179496: Google Maps has stopped hiding Russia’s secret military & strategic facilities. Allowing anyone in the public to view.… + +(Originally on Twitter: [Mon Apr 18 13:58:56 +0000 2022](https://twitter.com/adulau/status/1516053668507836424)) +---- +RT @citizenlab: NEW REPORT + +CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru + +https://t.co/yuy… + +(Originally on Twitter: [Mon Apr 18 14:58:10 +0000 2022](https://twitter.com/adulau/status/1516068577316589568)) +---- +@nicoladiaz @AymericPM C'est plus simple quand le vote est obligatoire. Cela fonctionne plutôt bien en Belgique ;-) + +(Originally on Twitter: [Mon Apr 18 16:06:46 +0000 2022](https://twitter.com/adulau/status/1516085838643449862)) +---- +@nicoladiaz @AymericPM On a des bureaux de votes papiers. Heureusement le vote électronique a été supprimé en région wallonne pour des raisons de sécurités/coûts... https://www.parlement-wallonie.be/pwpages?p=interp-questions-voir&type=28&iddoc=103389 - Pour plus d'info https://www.poureva.be + +(Originally on Twitter: [Mon Apr 18 16:30:21 +0000 2022](https://twitter.com/adulau/status/1516091775462653954)) +---- +RT @lcheylus: Industrialize the tracking of Botnet operations, a practical case with large Coin-Mining Threat-Actors - Presentation at FIR… + +(Originally on Twitter: [Tue Apr 19 09:12:14 +0000 2022](https://twitter.com/adulau/status/1516343908711731202)) +---- +RT @MISPProject: MISP 2.4.158 has been released including multiple security fixes, bugs fixed and improvements. We strongly recommend every… + +(Originally on Twitter: [Wed Apr 20 10:35:27 +0000 2022](https://twitter.com/adulau/status/1516727236308738050)) +---- +RT @virustotal: VirusTotal's MISP module get a fresh upgrade by @thetravelr +https://blog.virustotal.com/2022/04/virustotals-misp-modules-get-fresh.html ![](media/1516818747931119625-FQzRPzfX0AU7b3T.jpg) + +(Originally on Twitter: [Wed Apr 20 16:39:05 +0000 2022](https://twitter.com/adulau/status/1516818747931119625)) +---- +There is a little secret about a three letter company selling a SIEM for a significant pricing and then you have many customers asking for integration with a well-known open source TIP. And obviously to who they ask to do it for free? the open source volunteers… + +(Originally on Twitter: [Thu Apr 21 05:51:35 +0000 2022](https://twitter.com/adulau/status/1517018186666979330)) +---- +@matte_lodi @intel_owl We had many good experiences with many companies except this organisation which doesn't get that their customers want integration with open source tooling. + +(Originally on Twitter: [Thu Apr 21 07:54:09 +0000 2022](https://twitter.com/adulau/status/1517049034154065920)) +---- +RT @MISPProject: We updated our security page with the latest assigned CVEs. +We would like to thank all the security researchers and organi… + +(Originally on Twitter: [Fri Apr 22 10:16:36 +0000 2022](https://twitter.com/adulau/status/1517447267795435521)) +---- +RT @dawiddczarnecki: @MISPProject I truly recommend the coordinated vulnerability disclosure with MISP team. They are professionals that re… + +(Originally on Twitter: [Fri Apr 22 11:25:41 +0000 2022](https://twitter.com/adulau/status/1517464653315641347)) +---- +RT @patrickwardle: 📚 After several years of hard work, volume 0x1: "The Guide to Analyzing Malicious Software" of my "The Art of Mac Malwar… + +(Originally on Twitter: [Fri Apr 22 12:43:08 +0000 2022](https://twitter.com/adulau/status/1517484143982088198)) +---- +@Iglocska Yep I'm one of those guys monitoring logs on Friday ;-) + +(Originally on Twitter: [Fri Apr 22 13:28:44 +0000 2022](https://twitter.com/adulau/status/1517495620919083008)) +---- +@zmanion @taladrane @GHSecurityLab 100% ! + +It would be nice if @github could include the import of existing CVEs in the interface. + +https://twitter.com/adulau/status/1511311752499273735 + +(Originally on Twitter: [Mon Apr 25 14:56:37 +0000 2022](https://twitter.com/adulau/status/1518604899751186432)) +---- +RT @MITREattack: We're releasing ATT&CK on the perfect date! Put on your light jacket and jump into structured detections, subs for mobile… + +(Originally on Twitter: [Mon Apr 25 16:22:23 +0000 2022](https://twitter.com/adulau/status/1518626484197412864)) +---- +RT @taladrane: @adulau @zmanion @GHSecurityLab @github thank you for the feedback!! we auto-import new CVEs into the DB now, and we are act… + +(Originally on Twitter: [Mon Apr 25 19:06:27 +0000 2022](https://twitter.com/adulau/status/1518667775136391169)) +---- +Discussing with a colleague of mine about the fiber cuts in France and looking at the pictures, he just told me "if they use good tools for cutting the cable ducts and the fibers, it's clearly not French people." + + +media/1519335692727431168-FRXDwW0XEAEHY0D.mp4 + +(Originally on Twitter: [Wed Apr 27 15:20:31 +0000 2022](https://twitter.com/adulau/status/1519335692727431168)) +---- +I updated the @ail_project twitter feeder to generate @MISPProject twitter-post objects in MISP standard format. + +https://github.com/ail-project/ail-feeder-twitter + +and you can easily add these results in MISP with the populate from JSON objects into an existing MISP event (a recent feature). #OSINT ![](media/1519341067065307136-FRXHAkvXIAIUUCR.jpg) + +(Originally on Twitter: [Wed Apr 27 15:41:53 +0000 2022](https://twitter.com/adulau/status/1519341067065307136)) +---- +@MoBustami @ail_project @MISPProject Black tea as usual ;-) + +(Originally on Twitter: [Wed Apr 27 17:36:49 +0000 2022](https://twitter.com/adulau/status/1519369994152427520)) +---- +RT @cudeso: A @MISPProject tip of the week: Use MISP as a web scraper. Convert HTML to Markdown and extract threat tactics, techniques and… + +(Originally on Twitter: [Fri Apr 29 06:57:14 +0000 2022](https://twitter.com/adulau/status/1519933812142190592)) +---- +@cudeso @MISPProject Lovely. This tip and the sample script would be an awesome blog post for @MISPProject ;-) + +(Originally on Twitter: [Fri Apr 29 06:58:02 +0000 2022](https://twitter.com/adulau/status/1519934013917605888)) +---- +@MaximeReynie Oui je ne comprends pas trop le point sur l’acquisition via NSPA. C’est simplement du procurement, un service accessible aux membres de l’OTAN. https://www.nspa.nato.int/resources/site1/General/business/procurement/General%20info/4200_e.pdf + +(Originally on Twitter: [Fri Apr 29 15:36:54 +0000 2022](https://twitter.com/adulau/status/1520064592172535808)) +---- +@framaka Il y a aussi la partie API et streaming vendu par Twitter qui représente 20% de revenu (les 80% restant sont de la pub). Je suppose que sur un modèle économique à la RedHat, on garde cela. Mais sans cela, comment maintenir l’infrastructure et couvrir les coûts opérationnels ? + +(Originally on Twitter: [Sat Apr 30 06:17:10 +0000 2022](https://twitter.com/adulau/status/1520286115445547011)) +---- +@felixaime @Avisp0n La « copie » est en logiciel libre ? ou c’est propriétaire ? + +(Originally on Twitter: [Sat Apr 30 15:53:42 +0000 2022](https://twitter.com/adulau/status/1520431204918607874)) +---- +RT @tylabs: For the past 6 months @Mandiant has been tracking a stealthy espionage actor that hides a Dropbear based backdoor we call QUIET… + +(Originally on Twitter: [Mon May 02 16:15:27 +0000 2022](https://twitter.com/adulau/status/1521161455072169992)) +---- +@Melanie_Vogel_ Doing such agreement with LFI seems really counter productive for long-term relationships with other EU green political parties and your position at the EP. LFI is against many EU directives or regulations voted the EU EP & LFI was clearly a supporter of Putin’s dictatorship. + +(Originally on Twitter: [Mon May 02 16:28:10 +0000 2022](https://twitter.com/adulau/status/1521164657666445314)) +---- +It’s quite interesting to see that some social medias forbid the selling of their data for security use-cases but as long you are a marketing company to purchase the data streams, it’s fine. I’m wondering how many security companies have subsidiaries doing “marketing”. + +(Originally on Twitter: [Tue May 03 05:45:50 +0000 2022](https://twitter.com/adulau/status/1521365396867235840)) +---- +@ddurvaux To get useful data streams, I can love everything ;-) + +(Originally on Twitter: [Tue May 03 05:52:27 +0000 2022](https://twitter.com/adulau/status/1521367060969893889)) +---- +@princertitude Au plus bas? ![](media/1521723604995559425-FR4_ZfGXwAAK_IC.jpg) + +(Originally on Twitter: [Wed May 04 05:29:14 +0000 2022](https://twitter.com/adulau/status/1521723604995559425)) +---- +RT @jtkristoff: RPKI RP software, like any software, needs to be maintained. There are varying degrees of risk, but we tend to worry the mo… + +(Originally on Twitter: [Wed May 04 14:01:10 +0000 2022](https://twitter.com/adulau/status/1521852439741280257)) +---- +@josquindebaz Je vois quelques excellents éditeurs… je suppose que tu connais cet éditeur “anthropologique” http://www.zones-sensibles.org/ ;-) + +(Originally on Twitter: [Thu May 05 19:57:27 +0000 2022](https://twitter.com/adulau/status/1522304486177398784)) +---- +@Sebdraven Tu veux dire que c'est une pratique empirique qui n'est pas validée par une approche académique ou scientifique ? + +(Originally on Twitter: [Fri May 06 13:56:50 +0000 2022](https://twitter.com/adulau/status/1522576123229573121)) +---- +@Sebdraven My favorite definition of OSINT is from NATO: + +"Open Source Intelligence, or OSINT, is unclassified +information that has been deliberately discovered, discriminated, distilled and disseminated to a select +audience in order to address a specific question." + +(Originally on Twitter: [Fri May 06 14:26:19 +0000 2022](https://twitter.com/adulau/status/1522583542198329346)) +---- +Version 1.0 of the hashlookup-forensic-analyser is released and includes a support for live analysis of a Linux system to find known or unknown processes from @circl_lu hashlookup service. #dfir + +https://github.com/hashlookup/hashlookup-forensic-analyser ![](media/1522970972256677893-FSKtgNCXsAE2wpa.png) + +(Originally on Twitter: [Sat May 07 16:05:49 +0000 2022](https://twitter.com/adulau/status/1522970972256677893)) +---- +@juliaferraioli I see multiple ones but the release of the GPL version 3, the release of git (making forking, merging easy), the release of Markdown (make writing pleasant for documentation) and obviously the release of the Linux kernel. + +(Originally on Twitter: [Sat May 07 16:32:39 +0000 2022](https://twitter.com/adulau/status/1522977724905799684)) +---- +@malmoeb Thanks a lot for sharing. Nice ideas. I was also wondering if passing a known detected pattern into AmsiScanBuffer could also help to detect the hook. + +https://docs.microsoft.com/en-us/windows/win32/api/amsi/nf-amsi-amsiscanbuffer + +(Originally on Twitter: [Sun May 08 07:34:55 +0000 2022](https://twitter.com/adulau/status/1523204784425119745)) +---- +RT @malmoeb: 1/ #ThreatHunting: @Avast mentions in its Q1 Threat Report that one-third of their observed rootkit activity are due to the Ri… + +(Originally on Twitter: [Sun May 08 07:35:03 +0000 2022](https://twitter.com/adulau/status/1523204821851176961)) +---- +@clevybencheton This is crazy… I have seen a tendency in some major large suppliers of SOC as a service/MSSP to squeeze people like hell. They see it as a highly profitable business but with a huge human cost. + +(Originally on Twitter: [Sun May 08 12:21:57 +0000 2022](https://twitter.com/adulau/status/1523277020939325441)) +---- +My colleague @chrisred_68 did an incredible job in misp-stix. An independant library to produce any version of STIX (1.1.1, 1.2, 2.0, 2.1) from the @MISPProject standard format. You just need to add MISP standard format in your tools & everything is nice. +https://github.com/misp/misp-stix + + +media/1523304060895432704-FSPc90fXEAAoHJs.mp4 + +(Originally on Twitter: [Sun May 08 14:09:24 +0000 2022](https://twitter.com/adulau/status/1523304060895432704)) +---- +The complete mapping is documented for all the version supported and available at the following location: + +https://github.com/MISP/misp-stix/tree/main/documentation + +It was a crazy hard work. Thanks to @chrisred_68 and all the contributors who provided feedback such as @MITREcorp @CISAgov and many more. + +(Originally on Twitter: [Sun May 08 14:09:25 +0000 2022](https://twitter.com/adulau/status/1523304064301551617)) +---- +RT @MISPProject: misp-stix is a convenient converter. It allows any software which has been developed to support the MISP Standard format (… + +(Originally on Twitter: [Sun May 08 14:28:27 +0000 2022](https://twitter.com/adulau/status/1523308856449040384)) +---- +@passthesaltcon @circl_lu lol. I wanted to leave the spot free for new and young people joining the community. + +(Originally on Twitter: [Sun May 08 15:51:42 +0000 2022](https://twitter.com/adulau/status/1523329805961338881)) +---- +@bortzmeyer Tu es encore positif avec « j'ai montré mes papiers » je dirais plutôt « j'ai trouvé des papiers sur un coin de table qui pourraient me dire que ce client existe et semble légitime » + +(Originally on Twitter: [Mon May 09 14:02:19 +0000 2022](https://twitter.com/adulau/status/1523664667440463873)) +---- +@cudeso Aie... take care. + + +media/1524038723180150785-FSZ5IyKX0AEWiDR.mp4 + +(Originally on Twitter: [Tue May 10 14:48:41 +0000 2022](https://twitter.com/adulau/status/1524038723180150785)) +---- +So there is EU proposal to weaken end-to-end encryption, and the most "funny" part, they ask the operators to protect the weaken part from abuse and it's the responsibility of the operator. + +https://alecmuffett.com/alecm/tmp/eu-csam-e2ee.pdf + +An easy way to avoid the risk, don't do such regulation. ![](media/1524129015015092225-FSbJFazX0AItQdO.png) + +(Originally on Twitter: [Tue May 10 20:47:28 +0000 2022](https://twitter.com/adulau/status/1524129015015092225)) +---- +RT @circl_lu: Updates and bug fixed from our colleague @righelx for the @nmap script to detect a Microsoft Exchange instance version with… + +(Originally on Twitter: [Wed May 11 04:42:54 +0000 2022](https://twitter.com/adulau/status/1524248660602769408)) +---- +@xme It’s a character in Sanskrit. Symbol interpretation is often linked to our cultural background and history ;-) + +(Originally on Twitter: [Thu May 12 15:41:24 +0000 2022](https://twitter.com/adulau/status/1524776767323521034)) +---- +RT @MISPProject: A new taxonomy to describe domain-generation algorithms - DGA has been added in MISP. Thanks to @push_pnx for the continuo… + +(Originally on Twitter: [Fri May 13 08:44:14 +0000 2022](https://twitter.com/adulau/status/1525034171244199936)) +---- +@jfslowik From an European perspective, I always think it's a stand-up comedian extracting some text from their last show. But wait it's not a comedy? + +(Originally on Twitter: [Fri May 13 09:01:00 +0000 2022](https://twitter.com/adulau/status/1525038387224248321)) +---- +@SecEvangelism @OkamiShiro4 Oh take care. I hope you have enough wine for next days ;-) + +(Originally on Twitter: [Sat May 14 05:48:15 +0000 2022](https://twitter.com/adulau/status/1525352268593340417)) +---- +RT @CyberSecRicki: Come get some @caseyjohnellis swag 😂 at the #auscert2022 Careers Village. + +Mens and Womens tees. Limited supply. + +@AusC… + +(Originally on Twitter: [Sat May 14 07:16:56 +0000 2022](https://twitter.com/adulau/status/1525374589370507264)) +---- +@UnleashedOsint Thanks for sharing. Have you tried @lookyloo_app is giving interesting results and it’s also open source. https://lookyloo.circl.lu/ + +(Originally on Twitter: [Sat May 14 20:11:58 +0000 2022](https://twitter.com/adulau/status/1525569630256996352)) +---- +@xchatty Maybe it’s saying a lot about Twitter when a social platform try to avoid forensic analysts or people who contribute significantly to the digital forensic field. I give you the dfir medal 🥇;-) + +(Originally on Twitter: [Sun May 15 05:24:57 +0000 2022](https://twitter.com/adulau/status/1525708794906529792)) +---- +@digihash Happy birthday! It seems that everyone got their birthday this week-end ;-) + +(Originally on Twitter: [Sun May 15 16:29:54 +0000 2022](https://twitter.com/adulau/status/1525876132393934856)) +---- +If you need to analyse VMware cloud or vCenter Server logs, there is a good resource on GitHub done by @lamw - an exhaustive resource for #DFIR. + +https://github.com/lamw/vcenter-event-mapping + +(Originally on Twitter: [Mon May 16 13:03:57 +0000 2022](https://twitter.com/adulau/status/1526186694520754176)) +---- +I'll be at the EU @MITREattack community workshop + +https://www.attack-community.org/event/ (the agenda has been published). + +To present some new features in @MISPProject about workflow and how ATT&CK can be used to improve decision pipeline in a TISP like MISP. @FDezeure @circl_lu @CERTEU + +(Originally on Twitter: [Tue May 17 16:48:58 +0000 2022](https://twitter.com/adulau/status/1526605706631303170)) +---- +@DCSecuritydk @circl_lu @MITREattack @MISPProject @FDezeure @CERTEU Lol you gave me an idea, maybe we should do a real metal ring with a mantra engraved on it like “Collect, Structure, Analyse and Share” + +(Originally on Twitter: [Tue May 17 18:32:24 +0000 2022](https://twitter.com/adulau/status/1526631738117595145)) +---- +@eastdakota @Cloudflare At least assign an UUID and push to threat actor information to the @MISPProject threat actor database https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json ;-) Thanks a lot + +(Originally on Twitter: [Wed May 18 05:33:44 +0000 2022](https://twitter.com/adulau/status/1526798167630565376)) +---- +RT @FrCyberMaritime: [#Recrutement] +Mettez du sel dans votre cyber ! 🌊 + +💼 France Cyber Maritime recrute à Brest (Finistère). + +Consultez les… + +(Originally on Twitter: [Wed May 18 07:05:02 +0000 2022](https://twitter.com/adulau/status/1526821145659457538)) +---- +Investing into regulatory compliance won't protect you from cyber security incidents. Investing into staff and resources doing the implementation of technical measures such as patching and maintaining software but also collecting, reviewing and analysis logs is key. + + +media/1526953894617694208-FTDUeILXwAAg9IT.mp4 + +(Originally on Twitter: [Wed May 18 15:52:32 +0000 2022](https://twitter.com/adulau/status/1526953894617694208)) +---- +@notshenetworks Maybe in some rare cases (known model or patterns of DNS encapsulation/tunnels) when the DPI is active and also assuming the DNS packets is readable by the DPI (DoT/DoH). But I suppose the probability of detection would be low (0.2) so is it significant enough to prevent tunnel? + +(Originally on Twitter: [Thu May 19 05:24:30 +0000 2022](https://twitter.com/adulau/status/1527158232728363012)) +---- +@_msw_ In the replies, there is someone proposing the fork at the latest free version and apply the AGPL on the fork. It’s a nice turn for the community… + +(Originally on Twitter: [Thu May 19 05:39:39 +0000 2022](https://twitter.com/adulau/status/1527162045711384578)) +---- +RT @0xrawsec: Testing out #Sysmon installation and update, all managed from a central #EDR manager. In other words, you push once a Sysmon… + +(Originally on Twitter: [Thu May 19 09:19:30 +0000 2022](https://twitter.com/adulau/status/1527217370858758144)) +---- +RT @circl_lu: JTAN Hackathon (2nd and 3rd June 2022) in hybrid format (hybrid and/or local) - Open Source Security Software Hackathon dedic… + +(Originally on Twitter: [Thu May 19 15:18:52 +0000 2022](https://twitter.com/adulau/status/1527307811268403200)) +---- +Those ransomware groups are just like rock band. They never really split up. They just do new personal projects. + +(Originally on Twitter: [Thu May 19 19:32:49 +0000 2022](https://twitter.com/adulau/status/1527371719027044352)) +---- +@Sebdraven Sometime it's better. Just look at Sting ;-) + +(Originally on Twitter: [Thu May 19 19:44:43 +0000 2022](https://twitter.com/adulau/status/1527374714087190535)) +---- +Glad to see our monk work of collecting synonyms of threat-actor in @MISPProject galaxies for the past years to be used by researchers. + +"Software Updates Strategies: a Quantitative Evaluation against Advanced Persistent Threats" +https://arxiv.org/abs/2205.07759 #threatintelligence ![](media/1527400042520256518-FTJp-PoWAAMdKH4.png) + +(Originally on Twitter: [Thu May 19 21:25:22 +0000 2022](https://twitter.com/adulau/status/1527400042520256518)) +---- +@_msw_ What does it mean for the involvement of AWS in @OpenSearchProj ? + +(Originally on Twitter: [Sat May 21 08:11:17 +0000 2022](https://twitter.com/adulau/status/1527924979911860225)) +---- +When reading and answering questions on GitHub for some open source tools used by the infosec community. There is still a huge knowledge gap about programming in the field of infosec. + +Yes, programming skills can be important in infosec... + +(Originally on Twitter: [Sat May 21 10:42:25 +0000 2022](https://twitter.com/adulau/status/1527963016611905537)) +---- +@_msw_ @OpenSearchProj Indeed, it's fair. I just hope the fork was not used as a trigger to begin a relationship with @elastic and drop or reduce the contribution from Amazon to the great @OpenSearchProj + +(Originally on Twitter: [Sat May 21 16:19:55 +0000 2022](https://twitter.com/adulau/status/1528047949820968960)) +---- +I released hashlookup-server v1.3 which includes the ability to paginate over children/parents of file hashes. Nifty when the dataset contains a huge set of software packages/distribution. It's also enabled on @circl_lu hashlookup public instance. #dfir + +https://github.com/adulau/hashlookup-server ![](media/1528050402683412482-FTS33EoXwAQTYV7.jpg) + +(Originally on Twitter: [Sat May 21 16:29:40 +0000 2022](https://twitter.com/adulau/status/1528050402683412482)) +---- +@dtaivpp @_msw_ @OpenSearchProj @elastic Awesome! + +(Originally on Twitter: [Sun May 22 05:45:04 +0000 2022](https://twitter.com/adulau/status/1528250571597258752)) +---- +RT @r00tbsd: @lorenzo2472 @Sebdraven Il est intéressant de valider que sa règle ne fait pas de FP. Je ne connais pas d'autre dataset de bin… + +(Originally on Twitter: [Sun May 22 06:46:48 +0000 2022](https://twitter.com/adulau/status/1528266105541775360)) +---- +@r00tbsd @lorenzo2472 @Sebdraven Oui en effet. On travaille pour exposer une partie du dataset goodware de hashlookup https://hashlookup.circl.lu/ et peut-être faire une interface pour pusher des règles YARA contre ce dataset. L'idée c'est de facilement repérer les FP lors du design de règles. + +(Originally on Twitter: [Sun May 22 06:51:10 +0000 2022](https://twitter.com/adulau/status/1528267207477690370)) +---- +@r00tbsd @lorenzo2472 @Sebdraven On fait un hackathon le 2 et le 3 juin prochain https://hdoc.csirt-tooling.org/lQyw0H02QKaHmq7Z-V5S1A?view# cela serait peut-être une bonne occasion. + +Je vais préparer un dataset de tests pour le hackathon. + +(Originally on Twitter: [Sun May 22 06:56:17 +0000 2022](https://twitter.com/adulau/status/1528268492868403200)) +---- +@adammchugh Lol, you are an incredible contributor. It’s always a pleasure to review and merge your contributions. + +(Originally on Twitter: [Sun May 22 21:08:32 +0000 2022](https://twitter.com/adulau/status/1528482970113396736)) +---- +I love when a 0-day vendor tries to claim and show off that they *sometime* contact the software vendors. + +You can easily translate "six months" into "when our 0-day is burnt and we want to protect our ass if something goes wrong" #outofcontext + +https://blog.exodusintel.com/2021/03/17/2021-disclosure-policy/ ![](media/1528981234591965184-FTdA_vsXwAAN3X-.jpg) + +(Originally on Twitter: [Tue May 24 06:08:28 +0000 2022](https://twitter.com/adulau/status/1528981234591965184)) +---- +RT @DelanoMagazine: 💻 Delano spoke to team leader @circl_lu Alexandre Dulaunoy (@adulau) about darknets, ransomware and pursuing threat ac… + +(Originally on Twitter: [Tue May 24 08:56:39 +0000 2022](https://twitter.com/adulau/status/1529023561691717632)) +---- +RT @lookyloo_app: Finally, Lookyloo v1.12 is here! It uses @playwrightweb, which means the captures are a lot more reliable, faster, and le… + +(Originally on Twitter: [Tue May 24 15:22:54 +0000 2022](https://twitter.com/adulau/status/1529120763219005440)) +---- +Thanks to @gallypette for the ongoing work on integration hashlookup into @certlv graphoscope project https://github.com/cert-lv/graphoscope/pull/6 - The idea behind graphoscope is an interesting concept for merging diverses data sources https://github.com/cert-lv/graphoscope + +(Originally on Twitter: [Tue May 24 20:12:16 +0000 2022](https://twitter.com/adulau/status/1529193585840644099)) +---- +@gdbassett @gallypette @certlv The API has a kind of JSON graph format per relationships with edge, source, from, to and everything is stored in a MongoDB backend. The format from the API is described there https://github.com/cert-lv/graphoscope/blob/master/docs/search.md + +(Originally on Twitter: [Tue May 24 20:28:13 +0000 2022](https://twitter.com/adulau/status/1529197600318136320)) +---- +@cyb3rops Relax and enjoy 🎉 + +(Originally on Twitter: [Wed May 25 15:59:32 +0000 2022](https://twitter.com/adulau/status/1529492369032335366)) +---- +@trashp4ndasec Black tea and dark chocolate too… + + +media/1529492701900640256-FTnZgC6XsAAuP9b.mp4 + +(Originally on Twitter: [Wed May 25 16:00:51 +0000 2022](https://twitter.com/adulau/status/1529492701900640256)) +---- +@x04steve Awesome! It's really a nice work. Are the slides available somewhere? + +(Originally on Twitter: [Thu May 26 05:34:34 +0000 2022](https://twitter.com/adulau/status/1529697481684144128)) +---- +I read the interview in @lesoir from a lawyer mentioning the GDPR has a positive outcome especially on hiring a DPO. Imagine all those organisations having to hire a legal person with limited budget. Do you think they will invest into ICT security? ![](media/1529708722456494080-FTqcwJPXEAIJpIP.jpg) + +(Originally on Twitter: [Thu May 26 06:19:14 +0000 2022](https://twitter.com/adulau/status/1529708722456494080)) +---- +A bit of OSS clean-up today, I just released ssldump version 1.5 and 1.4. Thanks to all the contributors especially @___wr___ for the great contributions! #infosec #dfir + +https://github.com/adulau/ssldump + +(Originally on Twitter: [Thu May 26 13:13:19 +0000 2022](https://twitter.com/adulau/status/1529812928215523330)) +---- +As an example, you can dump in JSON the TLS handshake showing ja3, ja3s and also extracting X.509 certificate if available. + +./ssldump -i <YOURinterface> -j -ANH | jq . ![](media/1529812934569906176-FTr79RfXwAERTAi.jpg) + +(Originally on Twitter: [Thu May 26 13:13:20 +0000 2022](https://twitter.com/adulau/status/1529812934569906176)) +---- +@a_z_e_t @___wr___ Maybe one day, we should do a book "the dirty craft of open source software maintenance and how to survive without becoming a junkie" + +(Originally on Twitter: [Thu May 26 16:11:03 +0000 2022](https://twitter.com/adulau/status/1529857656416092161)) +---- +@a_z_e_t @___wr___ True... sometime I do reverse image search on the GitHub profile to figure out. Very often it's obscure manga or even Chinese comics. Last time, the profile picture was linked to an advertising for sponges. + +(Originally on Twitter: [Thu May 26 16:23:16 +0000 2022](https://twitter.com/adulau/status/1529860733311324168)) +---- +I wrote a quick document on how to remove keys from the Hockeypuck OpenPGP key server. It seems many operators of PGP key servers received some kind of "friendly" requests due to GDPR. This might help a bit to avoid any drama. + +https://gist.github.com/adulau/e3127df8b3c61e2faacbebd746519408 ![](media/1530098044569632769-FTwABlkXoAATWkD.jpg) + +(Originally on Twitter: [Fri May 27 08:06:16 +0000 2022](https://twitter.com/adulau/status/1530098044569632769)) +---- +RT @OpenSearchProj: 🚀 #OpenSearch 2.0 now available! +We’re grateful for the collaborative effort of the community to build this release. Ne… + +(Originally on Twitter: [Fri May 27 10:23:21 +0000 2022](https://twitter.com/adulau/status/1530132542623449088)) +---- +cve-search v4.2.1 released including multiple bugs fixed and improvements. A huge kudos to all the contributors. + +https://github.com/cve-search/cve-search/releases/tag/v4.2.1 + +(Originally on Twitter: [Fri May 27 10:25:12 +0000 2022](https://twitter.com/adulau/status/1530133010950987776)) +---- +@gl4cierBlue I generate a v4/v6 mapping for +mmdb-server + +https://github.com/adulau/mmdb-server +under geo open and it’s a compatible maxmind format + +https://cra.circl.lu/opendata/geo-open/ + +If you have any feedback on the v6 accuracy let me know + +(Originally on Twitter: [Sun May 29 14:47:56 +0000 2022](https://twitter.com/adulau/status/1530923905220853763)) +---- +RT @nolimitsecu: #Podcast #Cybersécurité + +Épisode #369 consacré au projet Open Source "Pandora" pour la détection de fichiers malveillants,… + +(Originally on Twitter: [Mon May 30 06:50:02 +0000 2022](https://twitter.com/adulau/status/1531166025437282305)) +---- +RT @MISPProject: We are pleased to announce the immediate availability of MISP v2.4.159. This releases includes many improvements, bugs fix… + +(Originally on Twitter: [Mon May 30 17:08:53 +0000 2022](https://twitter.com/adulau/status/1531321764537671694)) +---- +@c3rb3ru5d3d53c Keep the good work! Thanks again for your great open source contributions too! + +(Originally on Twitter: [Mon May 30 17:11:08 +0000 2022](https://twitter.com/adulau/status/1531322328591777793)) +---- +@belathoud I love this. It's a great initiative. I hope hornet and wasp nests will be protected like that in a near future. + +(Originally on Twitter: [Mon May 30 17:23:08 +0000 2022](https://twitter.com/adulau/status/1531325350466265088)) +---- +I have the impression that everyone rediscovered the state of software vendors and how they deal with vulnerability disclosure. Don’t forget, bug bounties program are often just green washing. + +(Originally on Twitter: [Tue May 31 20:10:12 +0000 2022](https://twitter.com/adulau/status/1531729782085505030)) +---- +@MaliciaRogue @FIC_eu + + +media/1531732469766053888-FUHOjw2XoAE2jj8.mp4 + +(Originally on Twitter: [Tue May 31 20:20:53 +0000 2022](https://twitter.com/adulau/status/1531732469766053888)) +---- +RT @MISPProject: We (MISP Project) will be at @FIC_eu with @chrisred_68 and @adulau from @circl_lu . Don't hesitate to join us at booth D7… + +(Originally on Twitter: [Wed Jun 01 06:23:23 +0000 2022](https://twitter.com/adulau/status/1531884094908518402)) +---- +RT @circl_lu: CIRCL in collaboration with the JTAN Consortium is organising the 1st JTAN hackathon (JTAN Open Source Security Software Hack… + +(Originally on Twitter: [Wed Jun 01 16:08:21 +0000 2022](https://twitter.com/adulau/status/1532031306737102848)) +---- +Just presented at EU @MITREattack Community the forthcoming in @MISPProject to create workflows and automate more your threat intelligence pipelines. + +Thanks to @mokaddem_sami for the incredible work on the topic. #ThreatIntelligence + +📚Slides: https://github.com/MISP/misp-training/blob/main/events/20220602-EU-ATTACK/misp-workflow-eu-attack-community-20220602.pdf ![](media/1532341463257948164-FUPUoeeWUAYEC5-.png) + +(Originally on Twitter: [Thu Jun 02 12:40:49 +0000 2022](https://twitter.com/adulau/status/1532341463257948164)) +---- +@lorenzo2472 @r00tbsd @Sebdraven Première indexation des binaires vus par hashlookup avec mquery. On doit travailler sur une interface d’authentification pour mquery... mais cela semble dans la bonne direction pour avoir une interface YARA pour tester les FP potentiels. ![](media/1532686941577220097-FUUvfggWAAEIThb.jpg) + +(Originally on Twitter: [Fri Jun 03 11:33:37 +0000 2022](https://twitter.com/adulau/status/1532686941577220097)) +---- +RT @FDezeure: The presentations of the ninth EU ATT&CK community workshop have been released on our wensite https://www.attack-community.org/event/. @MITRE… + +(Originally on Twitter: [Fri Jun 03 13:25:16 +0000 2022](https://twitter.com/adulau/status/1532715038397673477)) +---- +RT @Joseliyo_Jstnk: Something I really love to do in @MISPProject is to be as granular as possible. Whenever I can, I add tags related to t… + +(Originally on Twitter: [Fri Jun 03 15:11:57 +0000 2022](https://twitter.com/adulau/status/1532741887681085440)) +---- +I updated the old and unmaintained python-bloomfilter for my own needs. It includes a myriad of patches and fixes. If you search for a pure Python implementation of Bloom Filter or Scalable Bloom Filter. This might be useful for you. #opensource + +https://github.com/adulau/python-bloomfilter ![](media/1533001269278920704-FUZQLC4XwAAqZ1H.jpg) + +(Originally on Twitter: [Sat Jun 04 08:22:39 +0000 2022](https://twitter.com/adulau/status/1533001269278920704)) +---- +RT @Regiteric: Pour en savoir plus sur le Suricata Language Server que j'ai présenté à #SSTIC. Ce webinaire donné en Anglais pour l'OISF +ht… + +(Originally on Twitter: [Sat Jun 04 08:33:45 +0000 2022](https://twitter.com/adulau/status/1533004065860370432)) +---- +@bagder No worries. Take care! + +(Originally on Twitter: [Sat Jun 04 17:52:45 +0000 2022](https://twitter.com/adulau/status/1533144741424025602)) +---- +RT @SergioRocks: Meetings are the worst! + +They burn people out and nothing gets done. + +My tweet on meetings and burn out last week hit a ne… + +(Originally on Twitter: [Sat Jun 04 19:30:00 +0000 2022](https://twitter.com/adulau/status/1533169215066210304)) +---- +@m4khno_ @Glacius_ @Sebdraven + + +media/1534070061190856705-FUoclhsWAAIadv5.mp4 + +(Originally on Twitter: [Tue Jun 07 07:09:38 +0000 2022](https://twitter.com/adulau/status/1534070061190856705)) +---- +Everything will be fine, just a PoS of a hotel next to the @FIC_eu + +I saw too many times the 0xc0000022 when running some code ;-) ![](media/1534073791495737344-FUoeAR_XEAATfvY.jpg) + +(Originally on Twitter: [Tue Jun 07 07:24:28 +0000 2022](https://twitter.com/adulau/status/1534073791495737344)) +---- +RT @ldap389: Very pleased to release DFIR4vSphere at #CoRIIN2022 today: A PowerShell module to help the #DFIR analyst investigate #VMWare v… + +(Originally on Twitter: [Wed Jun 08 04:32:20 +0000 2022](https://twitter.com/adulau/status/1534392861113864192)) +---- +RT @Anna_cybersec: The @VARIoT_project will be presented by me and Gregory @cloudgravity at the @FIC_eu tomorrow at 11:00 a.m. We invite… + +(Originally on Twitter: [Wed Jun 08 06:29:30 +0000 2022](https://twitter.com/adulau/status/1534422345485537281)) +---- +@H_Miser I have seen cases where it was useful (at least postmortem). Especially if some infrastructure of an attacker is seized at some stage and you need to figure out if the sample used was part of an existing infrastructure to recover the proper key materials. + +(Originally on Twitter: [Wed Jun 08 07:14:25 +0000 2022](https://twitter.com/adulau/status/1534433650326089728)) +---- +RT @taladrane: @adulau @zmanion @GHSecurityLab @github @adulau we've done it!! the advisory DB now has all existing CVEs in the unreviewed… + +(Originally on Twitter: [Thu Jun 09 15:49:45 +0000 2022](https://twitter.com/adulau/status/1534925728109699077)) +---- +RT @cerebrateproje1: Cerebrate 1.5 (and 1.6) released with a collection of improvements including directory improvement to support CSIRTs u… + +(Originally on Twitter: [Fri Jun 10 07:33:19 +0000 2022](https://twitter.com/adulau/status/1535163185354907653)) +---- +@Sebdraven @sekoia_io TAXII (toutes les versions) est vraiment un protocole de BDSM. J’ai décidé d'arrêter de me faire mal et de faire mal aux autres. + + +media/1535284468319195136-FU5tFNQX0AYRLeg.mp4 + +(Originally on Twitter: [Fri Jun 10 15:35:16 +0000 2022](https://twitter.com/adulau/status/1535284468319195136)) +---- +@digihash I’m always impressed by @Koen_Security and especially how he grasps the complexity and makes it more easier for everyone 🙏🏻 + +(Originally on Twitter: [Fri Jun 10 15:38:47 +0000 2022](https://twitter.com/adulau/status/1535285356186071040)) +---- +Digging the various fuzzy hashes algorithms but finding good and stable implementations in C or Python is always a challenge beside the original academic one. + +For example, is there a good implementation of mvHash-B and mvHash-L available? ![](media/1535528354945826818-FU9Js31WAAA1bIu.png) + +(Originally on Twitter: [Sat Jun 11 07:44:23 +0000 2022](https://twitter.com/adulau/status/1535528354945826818)) +---- +If you are curious about mvHash-* https://ntnuopen.ntnu.no/ntnu-xmlui/bitstream/handle/11250/144008/KPAstebol.pdf "mvHash - a new approach for fuzzy hashing" the original Master's thesis. + +(Originally on Twitter: [Sat Jun 11 07:50:02 +0000 2022](https://twitter.com/adulau/status/1535529777435639811)) +---- +@digihash @Koen_Security It works for both ;-) @cudeso and @Koen_Security + +(Originally on Twitter: [Sat Jun 11 11:12:01 +0000 2022](https://twitter.com/adulau/status/1535580607337594881)) +---- +What’s the trend of #osint open source tools to have crazy colorful output and no parseable output? I don’t mind the funky and blinking text output but having parseable text (JSON, CSV) make your open source more accessible and useful to others. + +(Originally on Twitter: [Sat Jun 11 12:02:00 +0000 2022](https://twitter.com/adulau/status/1535593186004983809)) +---- +@ancailliau Indeed very good point! + +(Originally on Twitter: [Sat Jun 11 12:49:38 +0000 2022](https://twitter.com/adulau/status/1535605174609268736)) +---- +@redrapids Take regular showers. + +(Originally on Twitter: [Sun Jun 12 07:11:38 +0000 2022](https://twitter.com/adulau/status/1535882500664328193)) +---- +RT @jtkristoff: Hah, adulau++ + +I'd add: go for long walks, read longer works (research papers and books) on any subject, and have lengthy i… + +(Originally on Twitter: [Sun Jun 12 14:11:12 +0000 2022](https://twitter.com/adulau/status/1535988087888683011)) +---- +RT @ninoseki: Here is my new weekend project to help my daily (boring) @MISPProject operations. +https://github.com/ninoseki/misp-gateway + +(Originally on Twitter: [Mon Jun 13 10:37:54 +0000 2022](https://twitter.com/adulau/status/1536296798599499776)) +---- +Reading the disclosure process https://github.com/andyperlitch/jsbn/issues/43 It’s clearly more important to have a PSIRT/CSIRT than any bug bounty platforms or programs. + +(Originally on Twitter: [Wed Jun 15 05:18:00 +0000 2022](https://twitter.com/adulau/status/1536941067064512512)) +---- +@Andrew___Morris @GreyNoiseIO Impressive! Keep the great work! + +(Originally on Twitter: [Wed Jun 15 16:42:04 +0000 2022](https://twitter.com/adulau/status/1537113219147390983)) +---- +@xme It’s a pretty good one. Maybe one strategy is missing, it’s waiting for the actual leak. + +(Originally on Twitter: [Thu Jun 16 13:35:45 +0000 2022](https://twitter.com/adulau/status/1537428720364814337)) +---- +RT @circl_lu: hashlookup service updated which also includes the @NISTcyber NSRL June dataset. + +API is openly and freely accessible. For fa… + +(Originally on Twitter: [Thu Jun 16 16:44:25 +0000 2022](https://twitter.com/adulau/status/1537476201203257345)) +---- +RT @felixaime: Maybe can be interesting to take a look in pDNS at icc-cpi-int[.]com, domain registered on sept 2021, using Monovm. ⤵️ + +(Originally on Twitter: [Thu Jun 16 18:42:30 +0000 2022](https://twitter.com/adulau/status/1537505914416160770)) +---- +Kudos to @github security team to be transparent about incidents and especially describing the overall vulnerability, impact and state of exploitation. I hope other SaaS will be so open in the future... + + +media/1537538945826922496-FVZvhMQWQAAWDIq.mp4 + +(Originally on Twitter: [Thu Jun 16 20:53:45 +0000 2022](https://twitter.com/adulau/status/1537538945826922496)) +---- +@DCSecuritydk I usually do in one sentence « a reverse historical directory of names resolved » + +(Originally on Twitter: [Fri Jun 17 19:46:59 +0000 2022](https://twitter.com/adulau/status/1537884532623302658)) +---- +@DCSecuritydk @PhilHagen This sounds sane. Nowadays the collection are often at various places including recursive resolvers internal using dnstap or similar approaches. + +(Originally on Twitter: [Fri Jun 17 19:49:40 +0000 2022](https://twitter.com/adulau/status/1537885207805587469)) +---- +@clevybencheton I remember many panel discussions about this from late nineties until today how everything will be solved automagically by law and legal enforcement. + + +media/1538049677253300224-FVhABosWAAAWaPV.mp4 + +(Originally on Twitter: [Sat Jun 18 06:43:13 +0000 2022](https://twitter.com/adulau/status/1538049677253300224)) +---- +@gvissac J’adore votre blog, cette porte ouverte depuis les réseaux sociaux marchandisés vers la richesse perdue d’Internet des années nonantes. L’espoir de revoir cette vie culturelle connectée me laisse espérer un monde libre et créatif. + +(Originally on Twitter: [Sat Jun 18 07:18:43 +0000 2022](https://twitter.com/adulau/status/1538058611393454080)) +---- +RT @xkcd: Red Line Through HTTPS http://xkcd.com/2634 ![](media/1538058707069808640-FVgVbraUYAMSrpR.jpg) + +(Originally on Twitter: [Sat Jun 18 07:19:06 +0000 2022](https://twitter.com/adulau/status/1538058707069808640)) +---- +@PrincipeDebase @zotero Dans l’objet misp report, on n’a pas arrêté de se poser la question sur les bonnes catégories. On est arrivé à cela https://www.misp-project.org/objects.html#_report mais on va ajouter les types de Zotero aussi ![](media/1538073986512429058-FVhVcb0WQAEbRIa.jpg) + +(Originally on Twitter: [Sat Jun 18 08:19:49 +0000 2022](https://twitter.com/adulau/status/1538073986512429058)) +---- +@mattlynley What will be the future open source strategy for the new components produced by Google? + +(Originally on Twitter: [Sun Jun 19 07:33:29 +0000 2022](https://twitter.com/adulau/status/1538424716528066561)) +---- +Folks we pimp up a bit the @MISPProject summit into a two days CTI summit. It will be in Luxembourg (19-20 October). You can already register and the call for talks/papers will be open soon. + +https://cti-summit.org/ + +#ThreatIntelligence + +(Originally on Twitter: [Tue Jun 21 15:20:59 +0000 2022](https://twitter.com/adulau/status/1539267141324660737)) +---- +I'm baffled to see so many TOTP/HTOP/2FA libraries are using remote services to generate QR code. + +https://github.com/RobThree/TwoFactorAuth/blob/master/lib/Providers/Qr/QRServerProvider.php + +So it means that this service got the PSK of all the web services using this 2FA library. Ah yes, it's a default feature in many libraries. ![](media/1539516943388008449-FV12QxFWYAAfHGp.png) + +(Originally on Twitter: [Wed Jun 22 07:53:36 +0000 2022](https://twitter.com/adulau/status/1539516943388008449)) +---- +@aevavoom Being credited is indeed nice and cool. But what can you do when you are not? I mean it’s how it works. Ideas are percolating and can be freely reused by everyone. + +(Originally on Twitter: [Wed Jun 22 16:23:21 +0000 2022](https://twitter.com/adulau/status/1539645226817667073)) +---- +@binarly_io @WarrenWeiss1 @MikeReiner @joachimlqr @MandelAngel @michaelawsutton @brysonbort @jamierbutler @rpermeh @halvarflake @pedramamini @ChrisUeland Well done! + +(Originally on Twitter: [Wed Jun 22 19:17:28 +0000 2022](https://twitter.com/adulau/status/1539689043914530816)) +---- +I'll be in Dublin next week to present "How to Secure Your Software Supply Chain and Speed-Up DFIR with Hashlookup". Many improvements in the hashlookup project were done by @gallypette and myself in the past months. #FIRSTCON22 + +https://www.hashlookup.io/ + +https://twitter.com/FIRSTdotOrg/status/1539146705081352194 + +(Originally on Twitter: [Thu Jun 23 09:31:30 +0000 2022](https://twitter.com/adulau/status/1539903966070423552)) +---- +@cbrocas @gallypette It seems the CDNs of GitHub are not updated everywhere... + +(Originally on Twitter: [Thu Jun 23 09:38:00 +0000 2022](https://twitter.com/adulau/status/1539905603719634944)) +---- +@jtkristoff If there is no colliding agenda, count me in. I'm sure we could help with @MISPProject and/or @d4_project . + + +media/1539965738378616832-FV8OrCgUsAIBSv3.mp4 + +(Originally on Twitter: [Thu Jun 23 13:36:57 +0000 2022](https://twitter.com/adulau/status/1539965738378616832)) +---- +RT @jtkristoff: If you are attending #FIRSTCON22, consider dropping into the DDoS and Routing Security BoF on Tuesday. It is time to renew… + +(Originally on Twitter: [Thu Jun 23 13:37:03 +0000 2022](https://twitter.com/adulau/status/1539965760910462976)) +---- +The @Cybersec_ECCC is looking for an executive director. It might be a good opportunity to support cyber security at EU level in the right direction especially in term of funding in the field. + +Application: https://epso.europa.eu/job-opportunities/temporary/9854-com-2022-20080-eccc_en + +https://twitter.com/secin_lu/status/1539968043178020868 + +(Originally on Twitter: [Thu Jun 23 13:54:24 +0000 2022](https://twitter.com/adulau/status/1539970126392356864)) +---- +RT @MISPProject: We are glad to announce and co-organise the two days Cyber and Threat Intelligence Summit (CTIS-2022) in Luxembourg (Octob… + +(Originally on Twitter: [Thu Jun 23 15:11:28 +0000 2022](https://twitter.com/adulau/status/1539989523396005891)) +---- +@VV_X_7 but dreaming of what? + +(Originally on Twitter: [Thu Jun 23 18:44:40 +0000 2022](https://twitter.com/adulau/status/1540043175083098112)) +---- +@VV_X_7 Joseph Curwen was lost somewhere between spaces and became floating fragments + +(Originally on Twitter: [Thu Jun 23 18:54:40 +0000 2022](https://twitter.com/adulau/status/1540045691665383424)) +---- +@Tailscale If the adversary is within your Tailscale network, what is the risk? compared to a bastion with auth key per internal host + +(Originally on Twitter: [Thu Jun 23 20:12:32 +0000 2022](https://twitter.com/adulau/status/1540065288103858177)) +---- +https://harvardnsj.org/wp-content/uploads/sites/13/2022/06/Vol13Iss2_Kostyuk-Landau_Dual-EC-DRGB.pdf + +When access to standardisation bodies is limited, cumbersome, costly or/and only for national bodies. This causes a series of issues including the limited public examination which can cause significant security implications. ![](media/1540267598541193218-FWAgySbXkAAEAXw.png) + +(Originally on Twitter: [Fri Jun 24 09:36:26 +0000 2022](https://twitter.com/adulau/status/1540267598541193218)) +---- +RT @digihash: Unfortunately I can't go to this conference as I will be teaching the @SANSInstitute #FOR578 Cyber Threat Intelligence course… + +(Originally on Twitter: [Sat Jun 25 06:00:41 +0000 2022](https://twitter.com/adulau/status/1540575690508189697)) +---- +RT @MISPProject: We (@Iglocska @adulau @mokaddem_sami @rafi0t) will be at @FIRSTdotOrg #firstcon22 - join one of our sessions about MISP o… + +(Originally on Twitter: [Sat Jun 25 08:01:03 +0000 2022](https://twitter.com/adulau/status/1540605979875856384)) +---- +I extracted from @CommonCrawl the disallow seen in many robots.txt file. This can be useful to review security of various websites and improve reconnaissance tools. It's also a good security reminder that the robots.txt is just a wish ;-) + +💾 https://cra.circl.lu/opendata/robots-txt/ ![](media/1540640774928449536-FWF0IjfXEAA6eyb.jpg) + +(Originally on Twitter: [Sat Jun 25 10:19:19 +0000 2022](https://twitter.com/adulau/status/1540640774928449536)) +---- +@BB27000 Le truc le plus étonnant c’est le gros cigare en bas à droite de la photo ;-) + +(Originally on Twitter: [Mon Jun 27 05:12:18 +0000 2022](https://twitter.com/adulau/status/1541288290216812544)) +---- +Mention of the copine scale taxonomy about CSAM labelling at #FIRSTCON22 + +if you are interested about the classification, it’s in the MISP taxonomies library https://www.misp-project.org/taxonomies.html#_copine_scale + +(Originally on Twitter: [Mon Jun 27 08:36:40 +0000 2022](https://twitter.com/adulau/status/1541339718561964038)) +---- +RT @Iglocska: Excellent talk about csam as an insider threat @FIRSTdotOrg. The difficulty of forensic investigations on highly virtualized,… + +(Originally on Twitter: [Mon Jun 27 09:05:08 +0000 2022](https://twitter.com/adulau/status/1541346885016981505)) +---- +Great points from @mickmoran and Romain Wartel about the need to lookup for CSAM content while doing forensic analysis. Now the question, are the hashes of CSAM freely accessible? If these are available they could be accessible for everyone doing analysis in MISP. + +(Originally on Twitter: [Mon Jun 27 09:33:26 +0000 2022](https://twitter.com/adulau/status/1541354006773174273)) +---- +We could even create Bloom filters to make it easily accessible to enroll it by default in the MISP warning lists. + +(Originally on Twitter: [Mon Jun 27 09:35:00 +0000 2022](https://twitter.com/adulau/status/1541354398084890624)) +---- +@__weirdnik__ @mickmoran That’s exactly the issue. Creating freely Bloom filter would help everyone without the need to sign NDA or confidentiality agreement. I don’t even understand the reasoning of keeping those datasets (containing only hashes) private. It doesn’t help the detection and notification. + +(Originally on Twitter: [Mon Jun 27 10:08:50 +0000 2022](https://twitter.com/adulau/status/1541362915135086592)) +---- +Very nice improvements for TLP except one. Can you spot the change which will cause issues to many legacy systems and processes? #FIRSTCON22 ![](media/1541410503439880192-FWQwTXmXgAYslX_.jpg) + +(Originally on Twitter: [Mon Jun 27 13:17:56 +0000 2022](https://twitter.com/adulau/status/1541410503439880192)) +---- +LookyLoo presented by @quinnnorton and @rafi0t - the web forensic tool to see what really happens when nice or dangerous websites are browsed. #FIRSTCON22 +Open source project: https://github.com/Lookyloo/lookyloo +Online version: +http://lookyloo.circl.lu ![](media/1541435922931191813-FWRGuqOXoAEu5eH.jpg) + +(Originally on Twitter: [Mon Jun 27 14:58:57 +0000 2022](https://twitter.com/adulau/status/1541435922931191813)) +---- +RT @bobmcardle: Today at #FIRSTCON22 Vladimir Kropotov and @blackswanburst presented an excellent collaborative talk on applying Data Analy… + +(Originally on Twitter: [Tue Jun 28 05:39:17 +0000 2022](https://twitter.com/adulau/status/1541657468098469888)) +---- +Looks like we (incident responders) are left alone without the CSAM indicators… so the idea of having something working sounds now more difficult. Any idea? ![](media/1541675969815117824-FWUhu6bXEAES-8b.jpg) + +(Originally on Twitter: [Tue Jun 28 06:52:48 +0000 2022](https://twitter.com/adulau/status/1541675969815117824)) +---- +If you want to play around with Bloom filters + +https://github.com/adulau/python-bloomfilter and check how it works internally. + +I used it for http://hashlookup.io using the dcso library https://github.com/DCSO/bloom + +(Originally on Twitter: [Tue Jun 28 07:14:51 +0000 2022](https://twitter.com/adulau/status/1541681515590975488)) +---- +« open source isn’t free if you need people to run it » + +But buying proprietary software has cost too and especially lowering the capabilities and autonomy of your team. #FIRSTCON22 ![](media/1541707117110956032-FWU99tUX0AEqFdM.jpg) + +(Originally on Twitter: [Tue Jun 28 08:56:34 +0000 2022](https://twitter.com/adulau/status/1541707117110956032)) +---- +RT @ancailliau: From #FIRSTCON22 opening talk of today by @wendynather, OSS needs better UI and UX. May be, big corporations can help the c… + +(Originally on Twitter: [Tue Jun 28 10:04:07 +0000 2022](https://twitter.com/adulau/status/1541724115731681280)) +---- +@__weirdnik__ I tend to agree on the specific aspects of acquiring feeds which are usually costly to produce. + +(Originally on Twitter: [Tue Jun 28 11:07:27 +0000 2022](https://twitter.com/adulau/status/1541740051184422914)) +---- +If you have only one presentation to see to structure your threat hunting, the talk of @jfslowik at #FIRSTCON22 is a piece of art. Clear, practical… just perfect. ![](media/1541741225006571521-FWVdaKjXoAAnsN5.jpg) + +(Originally on Twitter: [Tue Jun 28 11:12:06 +0000 2022](https://twitter.com/adulau/status/1541741225006571521)) +---- +RT @cerebrateproje1: We (@Iglocska @mokaddem_sami) presented at #FIRSTCON22 the use-cases of Cerebrate and how it can be used to manage sh… + +(Originally on Twitter: [Tue Jun 28 14:12:29 +0000 2022](https://twitter.com/adulau/status/1541786617991536641)) +---- +RT @CERT_FR: 🆕🛠🛡 For a simpler and faster integration, CERT-FR announces the availability of its public MISP feed for already shared IOC an… + +(Originally on Twitter: [Tue Jun 28 14:54:47 +0000 2022](https://twitter.com/adulau/status/1541797265026826241)) +---- +@CERT_FR @MISPProject Great stuff. We will add it in the default feed of MISP. + +(Originally on Twitter: [Tue Jun 28 14:56:26 +0000 2022](https://twitter.com/adulau/status/1541797678220206080)) +---- +@CynicLib @ex_raritas @cyb3rops There are options when the TA is expressed with objects and relationships. If it’s directly in the galaxy, we need to see what’s possible. If you have some examples to share with us, my DM is open. Thanks! + +(Originally on Twitter: [Tue Jun 28 16:50:31 +0000 2022](https://twitter.com/adulau/status/1541826388008865792)) +---- +@DataIsStrange @juanandres_gs ah ah that’s exactly our pain for http://hashlookup.io - a huge kvstore with billions of hash values from md5 to tlsh. Just for pivot because everyone use a different hash ;-) + +(Originally on Twitter: [Wed Jun 29 06:44:09 +0000 2022](https://twitter.com/adulau/status/1542036180748963845)) +---- +I see a pattern. The organisations talking publicly about "information sharing" are often the ones not practically doing it. + +(Originally on Twitter: [Wed Jun 29 08:45:10 +0000 2022](https://twitter.com/adulau/status/1542066635443507200)) +---- +@clevybencheton In a PDF with images containing rules to push into a proprietary tool for detection ;-) and before signing two NDAs to be sure that you won't use the PDF file. + +(Originally on Twitter: [Wed Jun 29 08:51:05 +0000 2022](https://twitter.com/adulau/status/1542068124685684736)) +---- +RT @cudeso: @adulau Unfortunately sharing often remains a one-way street. Sometimes/often because of imagined commercial or legislative con… + +(Originally on Twitter: [Wed Jun 29 10:25:41 +0000 2022](https://twitter.com/adulau/status/1542091928266854400)) +---- +RT @MISPProject: Very interesting talk from @CharityW4CTI about narrative warfare at #FIRSTCON22 with a mention to the AM!TT framework. She… + +(Originally on Twitter: [Wed Jun 29 11:08:14 +0000 2022](https://twitter.com/adulau/status/1542102636329160705)) +---- +I love when we can be productive at #FIRSTCON22 by actually improving from the shared knowledge by the participants during @FIRSTdotOrg conferences. + +https://twitter.com/MISPProject/status/1542114143733424128 + +(Originally on Twitter: [Wed Jun 29 12:00:11 +0000 2022](https://twitter.com/adulau/status/1542115712784801793)) +---- +RT @circl_lu: Pandora v1.0 released - First stable release + +https://github.com/pandora-analysis/pandora/releases/tag/v1.0.0 + +Pandora is an analysis framework to discover if a file… + +(Originally on Twitter: [Wed Jun 29 17:11:11 +0000 2022](https://twitter.com/adulau/status/1542193976933064704)) +---- +@DCSecuritydk @elastic Congrats! They are lucky to have you. + +(Originally on Twitter: [Thu Jun 30 13:30:45 +0000 2022](https://twitter.com/adulau/status/1542500891604897792)) +---- +RT @ancailliau: Wonder what files on disk are well known? Really nice tool for DFIR presented by @adulau at #FIRSTCON22 https://t.co/dzbiC2… + +(Originally on Twitter: [Thu Jun 30 15:09:08 +0000 2022](https://twitter.com/adulau/status/1542525650275164168)) +---- +The slides of our talk at @FIRSTdotOrg #FIRSTCON22 "How to Secure Your Software Supply Chain and Speed-Up DFIR with Hashlookup" are available + +Slides -> https://raw.githubusercontent.com/hashlookup/hashlookup.io/main/slides/20220630-FIRSTCON22-hashlookup.pdf + +#dfir + +https://hashlookup.io/ + +(Originally on Twitter: [Thu Jun 30 15:55:54 +0000 2022](https://twitter.com/adulau/status/1542537421203570690)) +---- +Thanks again to @FIRSTdotOrg CTI SIG for the ICS/OT MISP taxonomy https://www.misp-project.org/taxonomies.html#_ics - many users rely on it to label threat intelligence related to industrial infrastructure. #firstcon22 + +(Originally on Twitter: [Fri Jul 01 07:50:49 +0000 2022](https://twitter.com/adulau/status/1542777731733241856)) +---- +RT @ancailliau: Did you already get 8.8.8.8 in your CTI feeds? Really excellent talk by @coenemichel and @BartParys from @NVISO_Labs about… + +(Originally on Twitter: [Fri Jul 01 08:55:53 +0000 2022](https://twitter.com/adulau/status/1542794107269091329)) +---- +RT @_aaron_kaplan_: @adulau I think the aspect of keeping and fostering good capabilities *locally* in your org is often underrated. Remind… + +(Originally on Twitter: [Fri Jul 01 10:24:37 +0000 2022](https://twitter.com/adulau/status/1542816436774649856)) +---- +RT @gallypette: @adulau @FIRSTdotOrg https://github.com/hashlookup/hashlookup-gui And here is an early release of the clicky version of hashlookup if anyone fan… + +(Originally on Twitter: [Fri Jul 01 10:24:42 +0000 2022](https://twitter.com/adulau/status/1542816457108717569)) +---- +RT @circl_lu: @DCSecuritydk @cyb3rops Thanks a lot for the reference! and the implementation in @MISPProject has been in 2019. + +https://t.… + +(Originally on Twitter: [Fri Jul 01 10:32:28 +0000 2022](https://twitter.com/adulau/status/1542818413059383296)) +---- +The risk of insider threat for many bug bounties platform is real. Organisations acquiring such service should really consider this threat seriously and maybe in source or improve their PCSIRTs. + +https://hackerone.com/reports/1622449 + +(Originally on Twitter: [Sat Jul 02 11:48:17 +0000 2022](https://twitter.com/adulau/status/1543199879606013954)) +---- +RT @0xtosh: Bug bounty programs are an attack vector that should be part of your threat model. + +(Originally on Twitter: [Sat Jul 02 13:14:37 +0000 2022](https://twitter.com/adulau/status/1543221607170203650)) +---- +@droethlisberger For sure but it sounds more manageable when you control the hiring process… and the focus is mainly the security of your product and not the dividend of a bug bounty business. + +(Originally on Twitter: [Sat Jul 02 13:16:39 +0000 2022](https://twitter.com/adulau/status/1543222117767970816)) +---- +@MaliciaRogue @SNCFConnect ah ah tu auras alors une bonne raison pour venir au Luxembourg… + +(Originally on Twitter: [Sun Jul 03 08:02:36 +0000 2022](https://twitter.com/adulau/status/1543505473395167232)) +---- +It was great to meet all the folks during @FIRSTdotOrg #firstcon22 during a crazy week. Seeing how can the security community can work together and *do* things collectively, it’s impressive. Thank you! + + +media/1543678775279362052-FWw_qPwXkAA0tV7.mp4 + +(Originally on Twitter: [Sun Jul 03 19:31:14 +0000 2022](https://twitter.com/adulau/status/1543678775279362052)) +---- +@conservancy Until there is no federated approach of Git forges, people and organisations won’t move. It’s starting slowly with Gitea federation supports + +https://nlnet.nl/project/Gitea/ + +Why many of us are still on GitHub it’s just because of the number of users. Moving to an island doesn’t help. + +(Originally on Twitter: [Mon Jul 04 06:25:03 +0000 2022](https://twitter.com/adulau/status/1543843311848460289)) +---- +If you need something simple, efficient to make cyber security and network security training, MI-LXC is really nifty https://github.com/flesueur/mi-lxc + +Thanks to @FLesueur for this work and especially your dedication to make it better each day. + +https://twitter.com/FLesueur/status/1543849841981276161 + +(Originally on Twitter: [Mon Jul 04 07:46:59 +0000 2022](https://twitter.com/adulau/status/1543863929817923585)) +---- +Tomorrow we might have a minor magnetic storm. If you do RF you might see some impacts… + +https://www.swpc.noaa.gov/ ![](media/1544359641685139457-FW6qwv0WYAABk2J.jpg) + +(Originally on Twitter: [Tue Jul 05 16:36:46 +0000 2022](https://twitter.com/adulau/status/1544359641685139457)) +---- +@__weirdnik__ This year we just do the http://hack.lu CTF online and the http://cti-summit.org conference in 2022. If all is fine it will be 2023. + +(Originally on Twitter: [Tue Jul 05 17:52:29 +0000 2022](https://twitter.com/adulau/status/1544378699465752576)) +---- +RT @Shadowserver: Over 4100 accessible Apache CouchDB servers found worldwide in our new daily IPv4 scan (port 5984/TCP). Needless to say,… + +(Originally on Twitter: [Tue Jul 05 20:12:32 +0000 2022](https://twitter.com/adulau/status/1544413943585800194)) +---- +@y0m @Sebdraven @PrincipeDebase J’ai peur que ces tweets deviennent une clique et il se peut que les utilisateurs deviennent une biclique rapidement. + +(Originally on Twitter: [Wed Jul 06 16:10:32 +0000 2022](https://twitter.com/adulau/status/1544715430685806597)) +---- +I love to see people doing new stuff from existing open source projects. Nice idea reusing Pandora to make an USB scanning station with upcycled hardware. Thanks @dbarzin + +https://github.com/dbarzin/pandora-box + +(Originally on Twitter: [Thu Jul 07 06:18:04 +0000 2022](https://twitter.com/adulau/status/1544928719894040576)) +---- +RT @passthesaltcon: #pts22 CONFERENCE IS OVER +A huge thank to all speakers and attendees! A particular thought to @cdpointpoint 😘 + +All talk… + +(Originally on Twitter: [Thu Jul 07 08:14:27 +0000 2022](https://twitter.com/adulau/status/1544958005900464128)) +---- +@FLesueur @citi_lab @insadelyon @passthesaltcon @_fval_ @nicolas_stouls Interesting maybe I could add it to MMDB https://github.com/adulau/mmdb-server + +(Originally on Twitter: [Thu Jul 07 09:21:15 +0000 2022](https://twitter.com/adulau/status/1544974819514523652)) +---- +@FLesueur @citi_lab @insadelyon @passthesaltcon @_fval_ @nicolas_stouls Working on it ;-) ![](media/1545027114092617728-FXEJ48LXwAAFwa3.jpg) + +(Originally on Twitter: [Thu Jul 07 12:49:03 +0000 2022](https://twitter.com/adulau/status/1545027114092617728)) +---- +RT @circl_lu: "Efficient Collective Action for Tackling Time-Critical Cybersecurity Threats" - investigate how joining & contributions dyna… + +(Originally on Twitter: [Thu Jul 07 13:10:38 +0000 2022](https://twitter.com/adulau/status/1545032542067331072)) +---- +Looking into NX queries on http://hashlookup.io and I found that the 4th most queried one is winexesvc.exe (https://www.joesandbox.com/analysis/604361/1/html) not sure why it's commonly checked. It was often used by Sofacy. ![](media/1545052830179868673-FXEdAmSVUAAGg8f.png) + +(Originally on Twitter: [Thu Jul 07 14:31:15 +0000 2022](https://twitter.com/adulau/status/1545052830179868673)) +---- +I enjoyed the comment from my colleague "All people which like to see us in the office decide to do home office, today." + +(Originally on Twitter: [Fri Jul 08 09:06:31 +0000 2022](https://twitter.com/adulau/status/1545333498613059585)) +---- +hashlookup-forensic-analyser version 1.1 released including the ability to load multiple Bloom filters. #DFIR + +Thanks to @___wr___ for the contribution. + +https://hashlookup.github.io/hashlookup-forensic-analyser/ ![](media/1545676034766405633-FXNYEd4XgAUH1uj.jpg) + +(Originally on Twitter: [Sat Jul 09 07:47:38 +0000 2022](https://twitter.com/adulau/status/1545676034766405633)) +---- +RT @0xDroogy: @ScottMcGready MISP - i've been championing the tool at work for a while and constantly amazed by the flexibility + +(Originally on Twitter: [Sat Jul 09 08:08:11 +0000 2022](https://twitter.com/adulau/status/1545681204527202310)) +---- +@whtaguy @LitMoose @8x5clPW2 @SummerC0n Is the complete slide deck available somewhere? + +(Originally on Twitter: [Sun Jul 10 21:38:29 +0000 2022](https://twitter.com/adulau/status/1546247512650047490)) +---- +@cudeso @xorlgr Nice to see some +people finally looking at the comments on the original leak ;-) + +(Originally on Twitter: [Mon Jul 11 05:48:56 +0000 2022](https://twitter.com/adulau/status/1546370940258361344)) +---- +If you want to have a welcoming model for your open source project, forget about the CLAs. It's really the last thing that you would like to do and sign when you are a contributor. #getridofcla ![](media/1546949783973253120-FXfc-B_WYAEYv0i.jpg) + +(Originally on Twitter: [Tue Jul 12 20:09:04 +0000 2022](https://twitter.com/adulau/status/1546949783973253120)) +---- +RT @Iglocska: Just had @mokaddem_sami show me the latest revision of the next great thing(tm) coming to @MISPProject. To say that I'm super… + +(Originally on Twitter: [Wed Jul 13 12:37:21 +0000 2022](https://twitter.com/adulau/status/1547198496922603520)) +---- +RT @cudeso: A @MISPProject tip of the week: Quality is more important than quantity in threat intelligence. MISP warns you if you add redun… + +(Originally on Twitter: [Fri Jul 15 10:19:54 +0000 2022](https://twitter.com/adulau/status/1547888681830060032)) +---- +I finally updated the original @d4_project Passive DNS analyser into an independent Passive DNS which can have collection from COF web-socket streams. A sample COF stream is provided with the newly seen AAAA records. + +https://github.com/D4-project/analyzer-d4-passivedns ![](media/1547890572240728064-FXs08eJUcAIepXr.jpg) + +(Originally on Twitter: [Fri Jul 15 10:27:25 +0000 2022](https://twitter.com/adulau/status/1547890572240728064)) +---- +RT @RandoriSec: Nous étions à @passthesaltcon la semaine dernière. +Voici notre retour sur quelques présentations: +https://www.randorisec.fr/passthesalt-2022/… + +(Originally on Twitter: [Fri Jul 15 11:20:09 +0000 2022](https://twitter.com/adulau/status/1547903843559559168)) +---- +RT @cybsecurity_org: 🆕🔊The 239th episode of the Cyber, Cyber… podcast is unique in many ways. During the 34th FIRST Conference, Miroslaw Ma… + +(Originally on Twitter: [Fri Jul 15 15:14:44 +0000 2022](https://twitter.com/adulau/status/1547962876006043649)) +---- +RT @ail_project: https://www.ail-project.org/blog/2022/07/16/AIL-v4.2.released/ + +AIL Framework version 4.2 released including typo squatting tracker, improved AIL2AIL sync, zerob… + +(Originally on Twitter: [Sat Jul 16 09:03:15 +0000 2022](https://twitter.com/adulau/status/1548231777163960323)) +---- +RT @sayashk: @random_walker In our deep-dive into 20 papers that find errors in ML-based science, we were startled by how similar the theme… + +(Originally on Twitter: [Sat Jul 16 09:33:59 +0000 2022](https://twitter.com/adulau/status/1548239513138262020)) +---- +Various people asked me about the ethics behind some OSINT/open source tools I wrote... I found this recent paper. + +"Creating a Code of Ethics for Open-Source Intelligence Applications" + +https://ojs.victoria.ac.nz/wfeess/article/view/7648/6831 + +It seems everything is still mainly "wishful thinking"... ![](media/1548315528120242177-FXy3__HUUAIsayl.png) + +(Originally on Twitter: [Sat Jul 16 14:36:02 +0000 2022](https://twitter.com/adulau/status/1548315528120242177)) +---- +RT @decodebytes: dream in years, plan in months, evaluate in weeks, ship daily. + +(Originally on Twitter: [Sat Jul 16 17:01:09 +0000 2022](https://twitter.com/adulau/status/1548352044548796418)) +---- +@d0xygen @ail_project @circl_lu @gallypette @Terrtia @cruciani_david Next release will rely on kvrocks instead of ardb. The branch is there https://github.com/ail-project/ail-framework/tree/KVROCKS and the migration will be automatic for the existing users. + +(Originally on Twitter: [Sun Jul 17 04:24:22 +0000 2022](https://twitter.com/adulau/status/1548523985503014915)) +---- +@d0xygen @ail_project @circl_lu @gallypette @Terrtia @cruciani_david Thanks. Which part/solution? The concept is to have the processing/crawling in AIL and then the push of investigation to MISP as event. The integration is already quite complete. + +(Originally on Twitter: [Sun Jul 17 09:22:01 +0000 2022](https://twitter.com/adulau/status/1548598889426690049)) +---- +@d0xygen @ail_project @circl_lu @gallypette @Terrtia @cruciani_david It’s indeed a good point and it’s slowly moving towards k/v for some elements. It’s difficult because there is a complex acl system due to many different use-cases. There is an ongoing work on the correlation engine to support different storage. + +(Originally on Twitter: [Mon Jul 18 07:22:07 +0000 2022](https://twitter.com/adulau/status/1548931103897145345)) +---- +@starsandrobots I saw a lot of discussions about this. There is maybe something more fundamental, when the use of straws was introduced, is this something common in different cultures or societies? + +(Originally on Twitter: [Mon Jul 18 10:27:23 +0000 2022](https://twitter.com/adulau/status/1548977728958889984)) +---- +@NovalisDMT Good luck with your new adventures! + +(Originally on Twitter: [Mon Jul 18 17:50:30 +0000 2022](https://twitter.com/adulau/status/1549089240679649280)) +---- +@projectsigstore A small question, why the SBOM is not containing the hash value of each file/resource published in complement to the signature? + +(Originally on Twitter: [Tue Jul 19 07:03:12 +0000 2022](https://twitter.com/adulau/status/1549288728874696705)) +---- +@CyberSquarePeg + + +media/1549500903715229698-FYDu2uvXgAAsdWM.mp4 + +(Originally on Twitter: [Tue Jul 19 21:06:18 +0000 2022](https://twitter.com/adulau/status/1549500903715229698)) +---- +@zmanion @certcc @SEI_CMU @CarnegieMellon @analygence Thanks for the incredible work during the past years. Good luck for your new adventures. + + +media/1549765036494782466-FYHfFQjWQAAAZob.mp4 + +(Originally on Twitter: [Wed Jul 20 14:35:52 +0000 2022](https://twitter.com/adulau/status/1549765036494782466)) +---- +When you discover an interesting project on GitHub with all the fancy frameworks for integration. Then you remove everything and at the end it’s a nifty 20 lines python script. Maybe add where the core code is in your README file ;-) This can save some time. + + +media/1549783629559201794-FYHv_lAXwAMeXGM.mp4 + +(Originally on Twitter: [Wed Jul 20 15:49:45 +0000 2022](https://twitter.com/adulau/status/1549783629559201794)) +---- +If you are looking for a C implementation of the @DCSO_CyTec Bloom filter - @gallypette just released fleur, a first version which is fully compatible with the original one. The http://hashlookup.io database is in the same format😎 #DFIR +https://github.com/hashlookup/fleur + +(Originally on Twitter: [Fri Jul 22 10:41:32 +0000 2022](https://twitter.com/adulau/status/1550430838994657282)) +---- +@Cobra4Crypto @TheFigen sundial and log keeping. https://en.m.wikipedia.org/wiki/Sundial + +(Originally on Twitter: [Sat Jul 23 06:12:16 +0000 2022](https://twitter.com/adulau/status/1550725463303143424)) +---- +RT @4ndur1n: Using #OpenSearch? Collecting Security related logs? Want to profit from @sigma_hq? +Try and open issues to let it grow. +https:… + +(Originally on Twitter: [Sun Jul 24 09:41:55 +0000 2022](https://twitter.com/adulau/status/1551140611125907456)) +---- +@framaka Il y a aussi quelques documents sur https://theanarchistlibrary.org/category/topic/anti-technology et il me semble qu’il avait aussi un document plus théorique avec quelques références à Jacques Ellul. + +(Originally on Twitter: [Sun Jul 24 12:56:33 +0000 2022](https://twitter.com/adulau/status/1551189591805362177)) +---- +@PrincipeDebase @NellyB1080 @maxfreenews C'est vraiment beau. L'ambiance sonore est parfaite ! + +(Originally on Twitter: [Tue Jul 26 08:15:49 +0000 2022](https://twitter.com/adulau/status/1551843721632686083)) +---- +Wired Norms: Inscription, resistance, and subversion in the governance of the Internet infrastructure by @nielstenoever at #mch2022 - very good overview of the Internet history and evolution. Maybe the IETF part is a bit more complex than explained. + +https://media.ccc.de/v/mch2022-18-wired-norms-inscription-resistance-and-subversion-in-the-governance-of-the-internet-infrastructure#t=2294 + +(Originally on Twitter: [Tue Jul 26 10:39:05 +0000 2022](https://twitter.com/adulau/status/1551879775488196609)) +---- +RT @gallypette: Natural follow-up to porting @DCSO_CyTec bloom filter lib to C: a yara module. Barely tested, I found it cute so I made it… + +(Originally on Twitter: [Tue Jul 26 10:45:35 +0000 2022](https://twitter.com/adulau/status/1551881410448953344)) +---- +RT @tmaillart: ☝️@MISPProject is much more than a piece of open source software. It is an incredible enabler of collective action for #cybe… + +(Originally on Twitter: [Wed Jul 27 07:59:37 +0000 2022](https://twitter.com/adulau/status/1552202032894943232)) +---- +I'm wondering how some big organisations are actually working while evaluating and deploying open source software. + +We regularly receive emails from large corporations "Can you do a private demo of your open source tools and sign this NDA?" + + +media/1552204690112319489-FYqJ71qX0AAj3dd.mp4 + +(Originally on Twitter: [Wed Jul 27 08:10:11 +0000 2022](https://twitter.com/adulau/status/1552204690112319489)) +---- +@BiologistDan I think any boat observation next to whales done for commercial purposes should be forbidden and only allowed for researchers. + +(Originally on Twitter: [Wed Jul 27 09:58:52 +0000 2022](https://twitter.com/adulau/status/1552232042364125184)) +---- +@benkow_ @fumik0_ @Glacius_ @AZobec Enjoy! + + +media/1552306994379476999-FYrm-vxXkAU1Nu7.mp4 + +(Originally on Twitter: [Wed Jul 27 14:56:42 +0000 2022](https://twitter.com/adulau/status/1552306994379476999)) +---- +RT @malmoeb: 1/ We analyzed a breached server and found the IP address and domain from which the TA downloaded additional tools onto the se… + +(Originally on Twitter: [Thu Jul 28 05:39:54 +0000 2022](https://twitter.com/adulau/status/1552529259436163072)) +---- +@Andrew___Morris @GreyNoiseIO Great! Just one little thing @MISPProject is a TIP. Thanks a lot. + +(Originally on Twitter: [Thu Jul 28 14:48:28 +0000 2022](https://twitter.com/adulau/status/1552667311378661387)) +---- +RT @MISPProject: A new module to query @circl_lu public hashlookup service has been added to MISP. You can now enrich and find out if any o… + +(Originally on Twitter: [Thu Jul 28 16:37:30 +0000 2022](https://twitter.com/adulau/status/1552694748481294337)) +---- +What Facebook and Google have done for us? I can clearly say LevelDB and RocksDB. Obviously not the aqueduct. + + +media/1552740738210926595-FYxxd8GXoAIgq0T.mp4 + +(Originally on Twitter: [Thu Jul 28 19:40:15 +0000 2022](https://twitter.com/adulau/status/1552740738210926595)) +---- +I really like the idea @NoiseTotal to collect more details about false positive detections in security tools. + +It could be super useful to generate @MISPProject warning-lists out of NoiseTotal. https://github.com/MISP/misp-warninglists + +(Originally on Twitter: [Fri Jul 29 09:02:18 +0000 2022](https://twitter.com/adulau/status/1552942581738360834)) +---- +"Institutional Privacy Risks in Sharing DNS Data" + +https://dl.acm.org/doi/pdf/10.1145/3472305.3472324 + +Some examples (like the one with Palantir) of finding back sources using the DNSBL lookups even when aggregation above recursive is done. Nice review list when doing passive dns collection & sharing. ![](media/1552956088324161536-FY0zNgzX0AEuTbu.png) + +(Originally on Twitter: [Fri Jul 29 09:55:58 +0000 2022](https://twitter.com/adulau/status/1552956088324161536)) +---- +@alexanderjaeger @digihash @NoiseTotal @MISPProject Indeed (;-), I did a quick scrapper but there are issues to solve before pushing the code such as: + +- A lot of text doesn't contain any indicators (hashes, path) and barely a filename. +- There is no API to @NoiseTotal (but I bet they are working on it ;-). + +(Originally on Twitter: [Fri Jul 29 14:16:22 +0000 2022](https://twitter.com/adulau/status/1553021621178437633)) +---- +@dsi_at_heaume @Alexdessinateur @LCI C'est la disparation du pâturage, des taillis alternés, l'intensification de la silviculture en monoculture industrielle, l'augmentation de la prédation (dont la chasse), la reduction du milieu herbé à cause des infrastructures... la chasse est bien un facteur négatif. + +(Originally on Twitter: [Fri Jul 29 14:51:57 +0000 2022](https://twitter.com/adulau/status/1553030576290103298)) +---- +@jfslowik I’m even willing to give a full cradle of Orval beers if it’s open source. + +(Originally on Twitter: [Fri Jul 29 20:52:33 +0000 2022](https://twitter.com/adulau/status/1553121324297601025)) +---- +@jfslowik It will be in 2023 but in the meantime, we will have https://www.cti-summit.org/ - CfP will open very soon. + +(Originally on Twitter: [Fri Jul 29 21:11:43 +0000 2022](https://twitter.com/adulau/status/1553126144475627522)) +---- +@HackingLZ Don't tell him that some people used Zeek (bro) to conduct automatic exploitation by finding vulnerable endpoints with the cool Zeek scripting. + +(Originally on Twitter: [Fri Jul 29 21:17:58 +0000 2022](https://twitter.com/adulau/status/1553127719986143233)) +---- +@y0m I just have one question, where are the banks located in this mess for the Russian oligarchs? This sound very complicated for registering your boats and assets ;-) + +(Originally on Twitter: [Sat Jul 30 08:00:22 +0000 2022](https://twitter.com/adulau/status/1553289382685286400)) +---- +@deresz666 There is a twist there ;-) and obviously don't make any YARA rule to search for CHM_FW or diuXxobB you might be surprised. + +(Originally on Twitter: [Sat Jul 30 15:26:00 +0000 2022](https://twitter.com/adulau/status/1553401532514766848)) +---- +@jfslowik The pack of 10 bottles with a glass is ready. I will keep these aging for some weeks or months until the solution is available ;-) ![](media/1553735407254249473-FY_5cJ8XkAEuq3g.jpg) + +(Originally on Twitter: [Sun Jul 31 13:32:42 +0000 2022](https://twitter.com/adulau/status/1553735407254249473)) +---- +RT @MISPProject: MISP projects next events participation and online public trainings updated. Feel free to join us! + +https://www.misp-project.org/events/ + +(Originally on Twitter: [Mon Aug 01 07:39:40 +0000 2022](https://twitter.com/adulau/status/1554008950177255424)) +---- +@jfslowik The CfP/talk/presentation is open https://cfp.cti-summit.org/ ;-) + +(Originally on Twitter: [Mon Aug 01 13:41:03 +0000 2022](https://twitter.com/adulau/status/1554099896873099264)) +---- +Call for papers and/or talks for Cyber and Threat Intelligence Summit 2022 (CTIS) is now open. + +https://cfp.cti-summit.org/ + +The CfP deadline is 31st August 2022. The conference will take place in Luxembourg (19-20 October 2022). + +Don't be shy and submit a proposal! ![](media/1554113450854547457-FZFRJQAWYAMeuSC.png) + +(Originally on Twitter: [Mon Aug 01 14:34:55 +0000 2022](https://twitter.com/adulau/status/1554113450854547457)) +---- +A cool stuff from @LibraryThing you can see your Dewey Decimal Charts for your personal library. I knew I was a bit eclectic for library but not as much. Still a lot to encode... + +https://www.librarything.com/stats/adulau/ddc ![](media/1554200761722085376-FZGgn9DWAAA_Hst.jpg) + +(Originally on Twitter: [Mon Aug 01 20:21:51 +0000 2022](https://twitter.com/adulau/status/1554200761722085376)) +---- +@Altimor @corny_stripes Those metrics don’t account the fact of delocalizing the production in other countries where the emissions are increasing. + +(Originally on Twitter: [Tue Aug 02 07:23:03 +0000 2022](https://twitter.com/adulau/status/1554367155650584577)) +---- +@eevee The 38 « Be not lazy. » is hilarious when you are programming. + +(Originally on Twitter: [Tue Aug 02 07:38:03 +0000 2022](https://twitter.com/adulau/status/1554370930100633602)) +---- +"GoodFATR: A Platform for Automated Threat Report +Collection and IOC Extraction" This platforms seems to beat Jager, ioc-finder, ioc-extractor... great but where is the code of GoodFATR? Is it open source? Can we reproduce the experiment? +https://arxiv.org/pdf/2208.00042.pdf + +(Originally on Twitter: [Tue Aug 02 08:51:05 +0000 2022](https://twitter.com/adulau/status/1554389310438350848)) +---- +Do you think blocking the cloning until it's fixed @GitHubSecurity should not be a way to go? Having such option in the repo settings might be useful and especially if it's activated by default. + +https://github.com/promonlogicalis/asn1/blob/7bdca06d0edf895069dc25fb60a49c6dae27b916/context.go#L231 ![](media/1554729939362103296-FZOCb1tXoAEKH9l.jpg) + +(Originally on Twitter: [Wed Aug 03 07:24:37 +0000 2022](https://twitter.com/adulau/status/1554729939362103296)) +---- +@cyb3rops Thank you! It seems the attackers used different ways to commit code including compromised accounts, funky pull-requests. Have you seen a common pattern? + +(Originally on Twitter: [Wed Aug 03 07:36:31 +0000 2022](https://twitter.com/adulau/status/1554732933600116736)) +---- +@cyb3rops Thanks! I did some changes including Sigma and YARA objects. I also added the Passive DNS entry found for the DNS record. I also added some tags and put the magic tag to have included in the @circl_lu OSINT feed. It's not published but if it's fine, just click publish. + +(Originally on Twitter: [Wed Aug 03 09:59:50 +0000 2022](https://twitter.com/adulau/status/1554768998318866432)) +---- +@cyb3rops @circl_lu At the same time, I discovered that we were missing a Sigma object template (we had already a Sigma attribute). Now it's fixed too and available in MISP: + +https://github.com/MISP/misp-objects/commit/734d85337d22470ed3e77c154c8305149b23fa53 + +So the exercise was super useful ;-) Thanks again + +(Originally on Twitter: [Wed Aug 03 10:01:51 +0000 2022](https://twitter.com/adulau/status/1554769505783627776)) +---- +RT @blubbfiction: Sigma CLI 0.4.8 is out and can now has support for Elasticsearch and OpenSearch. Get it on GitHub: + +https://t.co/UTiebrj5… + +(Originally on Twitter: [Wed Aug 03 10:26:06 +0000 2022](https://twitter.com/adulau/status/1554775609112494080)) +---- +@wargonm Quand je vois la photo de profil avec son téléphone, je pense toujours à la personne obligée d'écouter ses bêtises au téléphone. + + +media/1554816664939761665-FZPRgy_WIAIil5C.mp4 + +(Originally on Twitter: [Wed Aug 03 13:09:14 +0000 2022](https://twitter.com/adulau/status/1554816664939761665)) +---- +FIRST (@FIRSTdotOrg) Standards Definitions and Usage Guidance (TLP) - Version 2.0 has been released. + +So we updated the @MISPProject TLP taxonomy to version 2.0. + +https://github.com/MISP/misp-taxonomies/commit/856d303ee453570202a71a380cbbf814b15da5d4 + +We took great care of ensuring backward compatibility with tools using the taxonomy. ![](media/1554828080694185984-FZPbYvqVQAUTNMw.png) + +(Originally on Twitter: [Wed Aug 03 13:54:36 +0000 2022](https://twitter.com/adulau/status/1554828080694185984)) +---- +RT @Regiteric: I've just submitted support for Landlock based sandboxing in Suricata https://github.com/OISF/suricata/pull/7688 One more layer of security for… + +(Originally on Twitter: [Wed Aug 03 14:13:49 +0000 2022](https://twitter.com/adulau/status/1554832917116776451)) +---- +@craignewmark @JonKBateman Some disinformation groups/researchers are actually using the open source @MISPProject to collect and share intelligence. The tool actually includes the existing models and can be extended. https://www.misp-project.org/galaxy.html https://www.misp-project.org/taxonomies.html +https://www.misp-project.org/objects.html + +(Originally on Twitter: [Thu Aug 04 06:20:15 +0000 2022](https://twitter.com/adulau/status/1555076128058097664)) +---- +While I applaud the initiative from @elastic to have a repository of detection rules. The fact that the repository is not released under an open source license is limiting contribution. + +I open an issue https://github.com/elastic/protections-artifacts I hope they will make it more accessible. + +(Originally on Twitter: [Thu Aug 04 07:28:08 +0000 2022](https://twitter.com/adulau/status/1555093211064008704)) +---- +@Cyb3rMonk @elastic I see, you mean the goal of the repository is to share their EDR rules for public auditing but not to engage into collaboration and sharing with others ? + +(Originally on Twitter: [Thu Aug 04 07:38:26 +0000 2022](https://twitter.com/adulau/status/1555095803886288896)) +---- +"CCTV-Exposure: An open-source system for +measuring user’s privacy exposure to mapped +CCTV cameras based on geo-location (Extended +Version)" #privacy + +Source and dataset: https://github.com/Fuziih/cctv-exposure +https://arxiv.org/pdf/2208.02159.pdf + +(Originally on Twitter: [Thu Aug 04 07:56:41 +0000 2022](https://twitter.com/adulau/status/1555100397488013312)) +---- +@cyb3rops @dez_ The Elastic License is not an open source license and it's basically incompatible with all the other licenses. + +(Originally on Twitter: [Thu Aug 04 15:18:05 +0000 2022](https://twitter.com/adulau/status/1555211476452925447)) +---- +I was wondering how profitable the infosec certification business is (such as CISSP). + +It’s quite impressive… + +https://www.open990.org/org/043064434/international-information-system-security-certification-consortium/ ![](media/1555238877425803264-FZVRY_NWAAA8sBj.jpg) + +(Originally on Twitter: [Thu Aug 04 17:06:57 +0000 2022](https://twitter.com/adulau/status/1555238877425803264)) +---- +@treyka @ISC2 IMHO some certifications are bringing as much value to the society as the NFTs do nowadays + +(Originally on Twitter: [Thu Aug 04 17:21:09 +0000 2022](https://twitter.com/adulau/status/1555242448393306113)) +---- +@dawiddczarnecki I was comparing with the @TheASF foundation and how much value their bring to society https://www.apache.org/foundation/docs/FY2021AnnualReport.pdf + +(Originally on Twitter: [Thu Aug 04 17:31:40 +0000 2022](https://twitter.com/adulau/status/1555245097536655360)) +---- +@Dnucna Lol, I'm glad that I have nothing to renew. + +(Originally on Twitter: [Fri Aug 05 13:46:41 +0000 2022](https://twitter.com/adulau/status/1555550865393606657)) +---- +If you say Google doc supports Markdown, you never tried a real collaborative Markdown editor such as @HedgeDocOrg which supports all the markup, extension like the incredible mermaid ( https://mermaid-js.github.io/mermaid/#/ ) and a real history. + +(Originally on Twitter: [Sat Aug 06 06:28:07 +0000 2022](https://twitter.com/adulau/status/1555802884947804160)) +---- +@UnleashedOsint 48.5819° N, 7.7510° E ? + +(Originally on Twitter: [Sat Aug 06 16:04:12 +0000 2022](https://twitter.com/adulau/status/1555947861543686145)) +---- +@y0m @HedgeDocOrg Somehow there is the « user journey » one which is pretty good for timeline overview is not as detailed as the misp timeline. But it does the job. + +(Originally on Twitter: [Sun Aug 07 06:18:54 +0000 2022](https://twitter.com/adulau/status/1556162950100140034)) +---- +@PolBegov Ce n’est pas si simple. C’est normal pour un système écologique ouvert de voir de nouvelles espèces et que cela évolue. La nature n’est figée sauf pour certains qui en tirent des profits. + +(Originally on Twitter: [Sun Aug 07 09:31:12 +0000 2022](https://twitter.com/adulau/status/1556211347574112257)) +---- +@miekeschauv Ecology is not destroying a specie. All ecosystems are dynamic and changing over time. The role of politics is to support diversity and avoid funding initiative limiting such stability. Social wasps, hornets, solitary bees and hymenoptera need space not destruction programs. + +(Originally on Twitter: [Sun Aug 07 11:41:10 +0000 2022](https://twitter.com/adulau/status/1556244053154463744)) +---- +RT @QKaiser: Today marks the official public release of "unblob", a firmware extraction tool we've developed internally and used in product… + +(Originally on Twitter: [Mon Aug 08 09:12:13 +0000 2022](https://twitter.com/adulau/status/1556568958291087360)) +---- +RT @Iglocska: We have released @MISPproject 2.4.160 as of yesterday - it's a rather hefty update with a bunch of new major features. Go to… + +(Originally on Twitter: [Tue Aug 09 11:33:21 +0000 2022](https://twitter.com/adulau/status/1556966862365261826)) +---- +@jfslowik It always remembers me to look at computer just outside the SCIF. Just like the VSAT for the military staff and personal communications… all the good stuff are there. + + +media/1556991117480058883-FZuLKWFWQAEmio0.mp4 + +(Originally on Twitter: [Tue Aug 09 13:09:44 +0000 2022](https://twitter.com/adulau/status/1556991117480058883)) +---- +RT @MISPProject: A new blog post from the amazing @cudeso about MISP web scraper. A brand new open source tool to scrap website/rss automat… + +(Originally on Twitter: [Tue Aug 09 16:15:11 +0000 2022](https://twitter.com/adulau/status/1557037788347916293)) +---- +RT @MISPProject: MISP 2.4.160 has been released with a new workflow feature, a new correlation engine and many major improvements. + +#info… + +(Originally on Twitter: [Tue Aug 09 16:54:53 +0000 2022](https://twitter.com/adulau/status/1557047776474808320)) +---- +We use quite a lot Markdown markup during investigation and analysis to share human-readable details with MISP events. Now the MISP event report in 2.4.160 supports Mermaid JS so you have no more excuse to not make diagrams in your #DFIR reports ;-) + +https://twitter.com/MISPProject/status/1557044889937920006 + +(Originally on Twitter: [Tue Aug 09 16:57:48 +0000 2022](https://twitter.com/adulau/status/1557048513833336832)) +---- +@bortzmeyer J'ai adoré les discussions sur le sujet Base58 vs Base45 avec les fans "cryptobrol" . Pour au final, voir ceci: + +https://gist.github.com/confiks/8fcb480d87a50cf1bb5e40e2f0930fad + +(Originally on Twitter: [Wed Aug 10 06:08:19 +0000 2022](https://twitter.com/adulau/status/1557247450288721921)) +---- +Non mais @lesoir c’est quoi cet article qui recommande d’arroser sa pelouse ? en pleine crise climatique. Il y a aussi des solutions plus simples, ne plus tondre sa pelouse pendant un été sec. ![](media/1557293279649071105-FZydfU-WYAAKLWj.jpg) + +(Originally on Twitter: [Wed Aug 10 09:10:25 +0000 2022](https://twitter.com/adulau/status/1557293279649071105)) +---- +@BlueTeamJK It’s always the DNS ;-) + +(Originally on Twitter: [Wed Aug 10 15:00:18 +0000 2022](https://twitter.com/adulau/status/1557381331700654084)) +---- +@nbareil @rchrdwss Love the pastebin post! It might trigger a lot of pattern matching engine ;-) + +(Originally on Twitter: [Thu Aug 11 06:10:34 +0000 2022](https://twitter.com/adulau/status/1557610405215850498)) +---- +RT @nbareil: My team is looking for Incident Responders, Threat Intelligence peeps and Threat hunters. +We have an awesome playground and se… + +(Originally on Twitter: [Thu Aug 11 06:10:38 +0000 2022](https://twitter.com/adulau/status/1557610423221948416)) +---- +@lukOlejnik I have seen a trend in such payment. Often it seems to be driven by the risk of fine. In some negotiations, the adversary shows a comparison table between paying the ransom versus potential penalty. + +(Originally on Twitter: [Thu Aug 11 07:32:16 +0000 2022](https://twitter.com/adulau/status/1557630965303975941)) +---- +@lukOlejnik I suppose there is the hope of the victim to reduce the leak visibility… + +(Originally on Twitter: [Thu Aug 11 07:37:03 +0000 2022](https://twitter.com/adulau/status/1557632170335813633)) +---- +@MaliciaRogue @jbledevehat +1 + +(Originally on Twitter: [Thu Aug 11 11:02:17 +0000 2022](https://twitter.com/adulau/status/1557683820471746560)) +---- +@_saadk Paper and books can act as very good insulation in cold or warm weathers. There are so many factors to CBAD nowadays. We cannot control those so we should love and enjoy the disease. + +(Originally on Twitter: [Thu Aug 11 14:01:21 +0000 2022](https://twitter.com/adulau/status/1557728883424006144)) +---- +RT @Iglocska: Number of days since TLP:CLEAR caused confusion again: 0 + +(Originally on Twitter: [Thu Aug 11 14:03:10 +0000 2022](https://twitter.com/adulau/status/1557729341160960001)) +---- +@jfslowik @thomasschreck_ looks like 4GHCON + +(Originally on Twitter: [Thu Aug 11 14:14:20 +0000 2022](https://twitter.com/adulau/status/1557732149364948992)) +---- +The nocode concept is just the old 4GL concept in hipster mode. + +(Originally on Twitter: [Thu Aug 11 14:22:28 +0000 2022](https://twitter.com/adulau/status/1557734195551948802)) +---- +RT @Shadowserver: Great finding from @Volexity on Zimbra CVE-2022-27925, which turns out to be an authentication bypass RCE. We first saw r… + +(Originally on Twitter: [Fri Aug 12 05:23:37 +0000 2022](https://twitter.com/adulau/status/1557960980084162560)) +---- +Funding open source projets is hard but eventually you will get the funding to solve specific problems. The open source aspect is just an additional argument for the funding entities. When filling funding application, be clear in what you want to solve & the benefit for society. + +(Originally on Twitter: [Fri Aug 12 06:00:45 +0000 2022](https://twitter.com/adulau/status/1557970324121165828)) +---- +“All those books you haven’t read are indeed a sign of your ignorance. But if you know how ignorant you are, you’re way ahead of the vast majority of other people,” Jessica Stillman + +Special dedication to @_saadk + + +media/1558035359476375554-FZ9A5dxXkAEZNqD.mp4 + +(Originally on Twitter: [Fri Aug 12 10:19:11 +0000 2022](https://twitter.com/adulau/status/1558035359476375554)) +---- +RT @quarkslab: Attacking Titan M with Only One Byte +Code execution and exfiltration of encryption keys from Google Pixel phone's Secure Ele… + +(Originally on Twitter: [Fri Aug 12 13:49:25 +0000 2022](https://twitter.com/adulau/status/1558088268645863424)) +---- +RT @bettersafetynet: Folks, PLEASE add a rule like this! + +if ntdsutil runs outside your backup or maintenance schedule, ALERT AT MAX CRITIC… + +(Originally on Twitter: [Fri Aug 12 14:53:25 +0000 2022](https://twitter.com/adulau/status/1558104372042686465)) +---- +RT @FIRSTdotOrg: The #FIRSTCON22 content continues! This #FIRSTImpressions podcast episode features con speakers Raphaël Vinot and Quinn No… + +(Originally on Twitter: [Sat Aug 13 07:40:28 +0000 2022](https://twitter.com/adulau/status/1558357805547274240)) +---- +Is there someone maintaining a list of all git repositories seen or shared during #DEFCON or #BlackHat ? + +(Originally on Twitter: [Sat Aug 13 11:46:39 +0000 2022](https://twitter.com/adulau/status/1558419759275941892)) +---- +@JeromeNotin @EA_FRA @EA_Group Courage à toute la famille ❤️ + +(Originally on Twitter: [Sun Aug 14 11:25:10 +0000 2022](https://twitter.com/adulau/status/1558776741530943488)) +---- +@hyc_symas It’s hard for the academic community to grasp open source project and really review those (as it takes time). I have seen many papers mentioning @MISPProject where you see that they didn’t even run the software. + +(Originally on Twitter: [Sun Aug 14 20:16:08 +0000 2022](https://twitter.com/adulau/status/1558910361625051136)) +---- +RT @mavam: VAST's Sigma frontend is the best example for why we need something like @IbisData (= standardized query plan representation) fo… + +(Originally on Twitter: [Mon Aug 15 06:40:44 +0000 2022](https://twitter.com/adulau/status/1559067549987479552)) +---- +Just received an old photo of me taken in 1995… nothing really changed beside the computers. ![](media/1559299601777180672-FaO9WMQWIAQA0t1.jpg) + +(Originally on Twitter: [Mon Aug 15 22:02:50 +0000 2022](https://twitter.com/adulau/status/1559299601777180672)) +---- +@_msw_ @MISPProject https://www.misp-project.org/ core is AGPL and we are DCO. Copyright is shared among all the contributors. We have a mixed model of funding including professional services https://www.misp-project.org/professional-services/ + +(Originally on Twitter: [Tue Aug 16 06:03:40 +0000 2022](https://twitter.com/adulau/status/1559420608101990400)) +---- +@_msw_ @MISPProject Ah I see. For what I saw, it's for all OSS licenses, CLAs are mainly used to privatize the software under a different licensing scheme or even for some companies/organisations/foundations to keep the opportunity of profits in the future. + +(Originally on Twitter: [Tue Aug 16 06:57:07 +0000 2022](https://twitter.com/adulau/status/1559434060908400641)) +---- +RT @cudeso: Down the Chainsaw path to analyse Windows Event logs #dfir #ir https://www.vanimpe.eu/2022/08/16/down-the-chainsaw-path-to-analyse-windows-event-logs/ + +(Originally on Twitter: [Tue Aug 16 07:34:43 +0000 2022](https://twitter.com/adulau/status/1559443523962916864)) +---- +I remembered this argumentation "Please outsource the authentication aspect, they can do better than you." but consolidation and monoculture are again beating us. + + +media/1559455344665022464-FaRMXdwX0AIj7kN.mp4 + +(Originally on Twitter: [Tue Aug 16 08:21:42 +0000 2022](https://twitter.com/adulau/status/1559455344665022464)) +---- +@edarchis ah ah, excellent. Thanks for sharing. + +(Originally on Twitter: [Tue Aug 16 10:57:33 +0000 2022](https://twitter.com/adulau/status/1559494566083952641)) +---- +@4ndur1n Obviously not me. I remember chasing memory or additional hdd on a regular basis and also moving hdd from one machine to another ;-) + +(Originally on Twitter: [Tue Aug 16 19:33:39 +0000 2022](https://twitter.com/adulau/status/1559624446863970310)) +---- +I did some updates to the http://threat-intelligence.eu website and especially the methodology part. + +https://www.threat-intelligence.eu/methodologies/ + +Feel free to contribute if you have some ideas or updates, it's in a git repository https://github.com/adulau/threat-intelligence.eu + +#ThreatIntelligence ![](media/1559808449655050241-FaWNGxuXEAIaJhi.jpg) + +(Originally on Twitter: [Wed Aug 17 07:44:48 +0000 2022](https://twitter.com/adulau/status/1559808449655050241)) +---- +@joshbressers @allanfriedman I still don't get why the SBOM are not including the full hashes of all the files in a release. I was told "it's not a forensic tool" but when you have to investigate, it's the only way to go further. For example, a GPG signature on RPM is usually the last thing we check in DFIR. + +(Originally on Twitter: [Wed Aug 17 13:50:35 +0000 2022](https://twitter.com/adulau/status/1559900500585287682)) +---- +@joshbressers @allanfriedman It would even more than happy that the format we designed for http://hashlookup.io is bundled within any SBOM. + +(Originally on Twitter: [Wed Aug 17 13:52:19 +0000 2022](https://twitter.com/adulau/status/1559900936797130753)) +---- +@allanfriedman @joshbressers I see the point. I would be glad to even update our current format https://datatracker.ietf.org/doc/draft-dulaunoy-hashlookup-format/ to clearly describe how the hash should be calculated. Is there a discussion platform or a github repository to discuss this? That would be great. + +(Originally on Twitter: [Wed Aug 17 14:01:10 +0000 2022](https://twitter.com/adulau/status/1559903164509392898)) +---- +RT @cudeso: A @MISPProject tip of the week: Use correlation exclusions (Administration > Top correlations) to avoid unnecessary or irreleva… + +(Originally on Twitter: [Fri Aug 19 08:47:18 +0000 2022](https://twitter.com/adulau/status/1560548952562335748)) +---- +« Agile Projects Have Become Waterfall Projects With Sprints » + +The blog post is just perfect. + +Years ago, we did the PMF model with @Iglocska it’s the only remaining methodology which is not polluted by bureaucracy. + +https://www.ietf.org/archive/id/draft-dulaunoy-programming-methodology-framework-01.html + +https://itnext.io/agile-projects-have-become-waterfall-projects-with-sprints-536141801856 + +(Originally on Twitter: [Fri Aug 19 14:24:13 +0000 2022](https://twitter.com/adulau/status/1560633741864681473)) +---- +@FlUxIuS Congrats to all the family! + +(Originally on Twitter: [Fri Aug 19 15:05:47 +0000 2022](https://twitter.com/adulau/status/1560644200793665536)) +---- +In one tweet you can see how poor the culture of reading is becoming, a bookshelf of personal development books. + +Diversity is key to personal development from art book, philosophy, fiction, comics, journal/biography, novels to technical & science books. + +https://mobile.twitter.com/librarymindset/status/1560515657841590274 + +(Originally on Twitter: [Fri Aug 19 15:25:55 +0000 2022](https://twitter.com/adulau/status/1560649269261914113)) +---- +@_saadk @stfn42 That’s a mild case. You still have the second hand for another stack of books ;-) + +(Originally on Twitter: [Fri Aug 19 22:55:54 +0000 2022](https://twitter.com/adulau/status/1560762507916152834)) +---- +RT @MISPProject: The excellent initiative Azure Threat Research Matrix (ATRM) from @Haus3c is now included in @MISPProject as an additional… + +(Originally on Twitter: [Sat Aug 20 10:00:25 +0000 2022](https://twitter.com/adulau/status/1560929739845550082)) +---- +RT @cyb3rops: Weekend project : TinyCheck setup +by @kaspersky + +It took me some time to fix all dependancies, get the LCD running, and fix… + +(Originally on Twitter: [Sat Aug 20 11:25:23 +0000 2022](https://twitter.com/adulau/status/1560951123799851009)) +---- +@floorter Sounds like an improved Sky ECC business model. The pre-agreement with LEA is done before and ensure a smooth operation of the whole network ;-) + +(Originally on Twitter: [Sat Aug 20 15:25:55 +0000 2022](https://twitter.com/adulau/status/1561011654221041664)) +---- +@DrunkBinary @felixaime ![](media/1561301519915536384-Farbc-qWAAAtCQS.jpg) + +(Originally on Twitter: [Sun Aug 21 10:37:44 +0000 2022](https://twitter.com/adulau/status/1561301519915536384)) +---- +@sergedroz @_saadk She is wise. + +(Originally on Twitter: [Mon Aug 22 10:06:59 +0000 2022](https://twitter.com/adulau/status/1561656166891098113)) +---- +@Aristot73 @_saadk + + +media/1561770862319222787-FayGUVEWIAIZ6Jz.mp4 + +(Originally on Twitter: [Mon Aug 22 17:42:44 +0000 2022](https://twitter.com/adulau/status/1561770862319222787)) +---- +This year we don't do @hack_lu but we do a #CTI conference Cyber and Threat Intelligence Summit 2022 (CTIS) (October 19 - 20 2022)) - There is a call for paper or presentation open (9 days left). So you know what to do ;-) + +https://cfp.cti-summit.org/ + + +media/1561800330698006528-FayhHm-XEAMJuQz.mp4 + +(Originally on Twitter: [Mon Aug 22 19:39:50 +0000 2022](https://twitter.com/adulau/status/1561800330698006528)) +---- +@simonpetitjean @hack_lu Yep multiple issues including location booking and some covid-19 related challenges + +(Originally on Twitter: [Tue Aug 23 04:44:40 +0000 2022](https://twitter.com/adulau/status/1561937442139246592)) +---- +@CyberRaiju Maybe you want to have a look at http://hashlookup.io if you want to search for known hashes. There is an integration in @MISPProject and many others + +(Originally on Twitter: [Tue Aug 23 15:10:06 +0000 2022](https://twitter.com/adulau/status/1562094840275521536)) +---- +I see journalists in Belgium still putting at the same level the information provided by the Russian government or their controlled entities versus reviewed & analysed information. Journalism is not putting one info next to the other. It’s called media aggregation not journalism. + +(Originally on Twitter: [Tue Aug 23 15:48:38 +0000 2022](https://twitter.com/adulau/status/1562104533882478593)) +---- +RT @ancailliau: Many thanks are due to colleagues and @adulau @Iglocska for their repeated call to open source! + +(Originally on Twitter: [Tue Aug 23 16:28:25 +0000 2022](https://twitter.com/adulau/status/1562114546227085313)) +---- +RT @cbrocas: BLOGPOST +After 15 years serving as volunteer conference founder and organizer, I would like to share some #doubts I crossed an… + +(Originally on Twitter: [Wed Aug 24 07:52:12 +0000 2022](https://twitter.com/adulau/status/1562347027115171840)) +---- +@Sebdraven Lol. J'espère que la partie federation “à la matrix” de @giteaio sera le début de l’interoperabilité entre les forges git libre ou non. https://gitea.com/Ta180m/gitea/issues/3 + +(Originally on Twitter: [Thu Aug 25 05:36:39 +0000 2022](https://twitter.com/adulau/status/1562675301540560896)) +---- +Fleur implements a full Bloom Filter library in C to allow the find known files in different model such as in YARA library. + +https://github.com/hashlookup/fleur + +(Originally on Twitter: [Thu Aug 25 08:59:48 +0000 2022](https://twitter.com/adulau/status/1562726426242977792)) +---- +The past year, we worked on http://hashlookup.io - an open source project with tools and standards to lookup known files for #DFIR. + +The video of our talk at @FIRSTdotOrg is available: + +https://www.youtube.com/watch?v=B-cvOPG51_s&list=PLBAUUhONOrO_RJVUf_0-BCvY_REqyQ763&index=28 + +Today we released new version of the Bloom filter tools. + +(Originally on Twitter: [Thu Aug 25 08:59:48 +0000 2022](https://twitter.com/adulau/status/1562726423239897088)) +---- +We welcome contributions, bug reports and ideas. + +@circl_lu public hashlookup instance is updated constantly with known sources. You are a software vendor or publisher, ping us to include your software releases. #SBOM + +https://hashlookup.circl.lu/ + +(Originally on Twitter: [Thu Aug 25 08:59:49 +0000 2022](https://twitter.com/adulau/status/1562726431120969728)) +---- +a-ray-grass is a YARA module that provides support for http://hashlookup.io bloom filters in YARA rules. + +In the context of hashlookup, it allows quickly discard known files "pour séparer le grain de l'ivraie". + +https://github.com/hashlookup/a-ray-grass + +(Originally on Twitter: [Thu Aug 25 08:59:49 +0000 2022](https://twitter.com/adulau/status/1562726428730605571)) +---- +@tomchop_ @circl_lu It's a good idea. Do you think it would be possible to get a hashR JSON from the public images used in Google cloud to feed the hashlookup public database? This could be useful for IR. + +(Originally on Twitter: [Thu Aug 25 09:47:07 +0000 2022](https://twitter.com/adulau/status/1562738334212173831)) +---- +If you want to follow the ongoing work on hashlookup project, we just created a twitter account @hashlookup_io + +(Originally on Twitter: [Thu Aug 25 10:00:44 +0000 2022](https://twitter.com/adulau/status/1562741757837975556)) +---- +RT @matte_lodi: @adulau @hashlookup_io cool! followed! :) we have integrated this service to @intel_owl since the very start of the service… + +(Originally on Twitter: [Thu Aug 25 10:48:23 +0000 2022](https://twitter.com/adulau/status/1562753750896234497)) +---- +I propose the use of reverse bug-bounties, next time I have a "security researcher" reporting an Index directory with public documents. They have to pay me for the cost of handling the report. + + +media/1562789844639551488-FbAlE49WYAAixii.mp4 + +(Originally on Twitter: [Thu Aug 25 13:11:48 +0000 2022](https://twitter.com/adulau/status/1562789844639551488)) +---- +RT @Sebdraven: I am really proud to announce that I am participating in the cti-summit PC. The conference will take place on October 19 and… + +(Originally on Twitter: [Thu Aug 25 13:37:22 +0000 2022](https://twitter.com/adulau/status/1562796278605443073)) +---- +@cyb_detective Nice thread! Maybe something to add is the HAR to WARC converter as a HAR files are also available in many forensic cases + +https://github.com/webrecorder/har2warc + +(Originally on Twitter: [Fri Aug 26 05:38:05 +0000 2022](https://twitter.com/adulau/status/1563038049260343296)) +---- +RT @cudeso: A @MISPProject tip of the week: The 'Event Graph' helps analysts in understanding details of an event by visually representing… + +(Originally on Twitter: [Fri Aug 26 07:01:18 +0000 2022](https://twitter.com/adulau/status/1563058992321941505)) +---- +Nice to see some new framework to test TCP stream reassembly such as this one + +https://github.com/jonathan-dev/tcp_reassembly_testing + +We still have a lot of challenges (read bugs) with TCP stream reassembly in 2022. + +Our original paper in 2008 about the issues: +https://www.foo.be/papers/wagener-dulaunoy-engel-networkforensicaccuracy.pdf + +#DFIR + +(Originally on Twitter: [Fri Aug 26 07:05:58 +0000 2022](https://twitter.com/adulau/status/1563060167184306178)) +---- +@maximilianhils I knew it could only come from great people like you ;-) + +(Originally on Twitter: [Fri Aug 26 13:53:14 +0000 2022](https://twitter.com/adulau/status/1563162658232483840)) +---- +@maximilianhils I let you guess but I suppose you know ;-) it's my bad habit of monitoring @github activities... + + +media/1563163501090127872-FbF46hnaQAAWj0G.mp4 + +(Originally on Twitter: [Fri Aug 26 13:56:35 +0000 2022](https://twitter.com/adulau/status/1563163501090127872)) +---- +@_saadk Maybe one day, I should do a blog post about all the abuses of Ikea furnitures to overflow the allowed capacity. But it doesn’t block us to have a castle too… we can gain space on both sides 😜 + +(Originally on Twitter: [Fri Aug 26 15:38:52 +0000 2022](https://twitter.com/adulau/status/1563189241903218690)) +---- +I love when clever people work together to improve the threat-actor galaxy in MISP (@MISPProject). A huge thank to Mathieu Béligon and @r0ny_123 for the recent work, contribution and discussions. + +https://github.com/MISP/misp-galaxy/pull/755 +https://github.com/MISP/misp-galaxy/pull/749 + +(Originally on Twitter: [Sat Aug 27 06:34:09 +0000 2022](https://twitter.com/adulau/status/1563414548773625856)) +---- +@tunguz Not sure what you mean with « real » tabular dataset. We have billions of rows in @hashlookup_io using open source kvrocks https://kvrocks.apache.org/ @gallypette + +(Originally on Twitter: [Sat Aug 27 08:12:27 +0000 2022](https://twitter.com/adulau/status/1563439285369712641)) +---- +RT @therealdreg: Bochs its now in github https://github.com/bochs-emu/Bochs we will be glad to see your contribution, Looking for new devs :D + +(Originally on Twitter: [Sat Aug 27 11:56:58 +0000 2022](https://twitter.com/adulau/status/1563495786070962176)) +---- +@marcrebillet @DFasquelle @EmmanuelMacron @TMBfestival Keep the good work Marc ❤️ + +Seeing the reaction of the « mayor », I know where I will not go in vacation. + +(Originally on Twitter: [Sun Aug 28 17:56:28 +0000 2022](https://twitter.com/adulau/status/1563948644696555522)) +---- +@mikko Even if you contribute open source software and have public references or academic papers, you won’t be verified. + +(Originally on Twitter: [Mon Aug 29 19:31:45 +0000 2022](https://twitter.com/adulau/status/1564335012773773314)) +---- +@grumpy4n6 @mikko Usually the verified people are not based on factual information but on ads-based source to feed the advertising business. Verified means you get traction not that the information you convey is meaningful. + +(Originally on Twitter: [Mon Aug 29 19:42:24 +0000 2022](https://twitter.com/adulau/status/1564337692846030849)) +---- +@cyb3rops That’s the only way to do it. + + +media/1564675518368194561-FbbYFgwXwAE9I8C.mp4 + +(Originally on Twitter: [Tue Aug 30 18:04:48 +0000 2022](https://twitter.com/adulau/status/1564675518368194561)) +---- +@jfslowik I was wondering too. The only "old" version remaining is available at https://irp.fas.org/doddir/dod/jp2_0.pdf maybe the @thejointstaff can explain why the latest doctrine "JP 2-0, Joint Intelligence, " is no more publicly available? + +(Originally on Twitter: [Wed Aug 31 04:47:05 +0000 2022](https://twitter.com/adulau/status/1564837152516702209)) +---- +@FLesueur @IUTVANNES En anglais tu n’aurais pas ces soucis 🤣 + +(Originally on Twitter: [Wed Aug 31 13:02:16 +0000 2022](https://twitter.com/adulau/status/1564961769222815747)) +---- +A lot of people and organisations always ask me about commercial VPNs, my answer is + + +media/1565050700370935808-FbgtUB3WYAIl9_X.mp4 + +(Originally on Twitter: [Wed Aug 31 18:55:38 +0000 2022](https://twitter.com/adulau/status/1565050700370935808)) +---- +@asfakian Lovely collection of stickers ;-) + +(Originally on Twitter: [Thu Sep 01 08:46:58 +0000 2022](https://twitter.com/adulau/status/1565259912674000896)) +---- +Do you know if @GitHubCopilot can leak JSON key from private repositories? We have a strange feeling. + +Our colleague @righelx is writing a new MISP application and copilot propose the exact good syntax from a MISP taxonomy which is not public. + +(Originally on Twitter: [Thu Sep 01 09:52:50 +0000 2022](https://twitter.com/adulau/status/1565276486050975745)) +---- +@louispilfold @GitHubCopilot @righelx We know but it seems that is not coming from any public repo or anything like that. It seems the source is somewhere: either a private repository or input from the users using the platform. + +(Originally on Twitter: [Fri Sep 02 05:43:22 +0000 2022](https://twitter.com/adulau/status/1565576092899057665)) +---- +RT @cudeso: A @MISPProject tip of the week: You can change the event notification e-mail template by dropping a custom 'alert.ctp' in 'app/… + +(Originally on Twitter: [Fri Sep 02 11:51:52 +0000 2022](https://twitter.com/adulau/status/1565668829857980418)) +---- +RT @gallypette: %s/code/telemetry/g + +(Originally on Twitter: [Fri Sep 02 12:03:11 +0000 2022](https://twitter.com/adulau/status/1565671680021827589)) +---- +@chrissanders88 RFC 6302 would be one. Many systems cannot even meet RFC 6302 to log a source TCP port. + +(Originally on Twitter: [Sat Sep 03 07:32:45 +0000 2022](https://twitter.com/adulau/status/1565966007788781569)) +---- +RT @hashlookup_io: In the @hashlookup_io database all the @NIST NSRL RDS datasets of September 2022 are now also included. + +We also includ… + +(Originally on Twitter: [Sun Sep 04 10:03:02 +0000 2022](https://twitter.com/adulau/status/1566366215999823872)) +---- +@KentGruber @lorenc_dan CPEs are indeed challenging and it's very difficult to deduce the CPE uri from product name. I did a guesser to help finding back CPE names https://github.com/cve-search/cpe-guesser but it's far from being perfect. Ideas are welcome. + +(Originally on Twitter: [Sun Sep 04 10:13:57 +0000 2022](https://twitter.com/adulau/status/1566368962497085442)) +---- +@MaliciaRogue Mais revenir sur l’indexation du prix gros de l’électricité sur le prix du gaz n’est toujours pas à l’agenda de l’UE. + +(Originally on Twitter: [Mon Sep 05 07:26:21 +0000 2022](https://twitter.com/adulau/status/1566689175772037122)) +---- +@y0m @MaliciaRogue Si je me souviens plusieurs pays avaient peur du coût d’exploitation des centrales thermiques versus d’autres sources. C’est surement un compromis législatif… je vous laisse deviner les pays. + +(Originally on Twitter: [Mon Sep 05 08:18:56 +0000 2022](https://twitter.com/adulau/status/1566702406280384514)) +---- +RT @Sebdraven: We release a tool in python to do dataset in #Suricata to pull and do sightings with @MISPProject ! + +You can test this tool… + +(Originally on Twitter: [Mon Sep 05 18:16:46 +0000 2022](https://twitter.com/adulau/status/1566852858036772866)) +---- +When an open source project rejects all pull-requests and rewrite every single pr, it’s usually a sign that they might change the open source license to a propriety model very soon. + +(Originally on Twitter: [Mon Sep 05 18:21:37 +0000 2022](https://twitter.com/adulau/status/1566854078432526339)) +---- +@AlecStapp Assuming global warming is more important than toxicity, marine pollution and polluting food chain. + +(Originally on Twitter: [Mon Sep 05 19:56:57 +0000 2022](https://twitter.com/adulau/status/1566878070291570690)) +---- +RT @MISPProject: The false-positive taxonomy in MISP has been updated. + +This can help to define and describe the risks of false-positive in… + +(Originally on Twitter: [Wed Sep 07 08:11:49 +0000 2022](https://twitter.com/adulau/status/1567425392042033153)) +---- +@Sebdraven @MISCRedac Alcasar le NAC? Tu as demandé à @follc @MISCRedac est une équipe ouverte aux discussions. + +(Originally on Twitter: [Wed Sep 07 17:07:26 +0000 2022](https://twitter.com/adulau/status/1567560186587500544)) +---- +In the series, I have wonderful colleagues. « Lacus, where crawling is the only way to find something » @rafi0t @Terrtia +It’s already the name for a new open source which will power @ail_project and @lookyloo_app and maybe more. + + +media/1567587830733340680-FcEw0b2XgAAY0pn.mp4 + +(Originally on Twitter: [Wed Sep 07 18:57:17 +0000 2022](https://twitter.com/adulau/status/1567587830733340680)) +---- +@F_kZ_ @rafi0t @Terrtia @ail_project @lookyloo_app or the series “we have awesome supporters and contributors” + +(Originally on Twitter: [Wed Sep 07 19:07:15 +0000 2022](https://twitter.com/adulau/status/1567590336460898307)) +---- +https://alexn.org/blog/2022/09/07/akka-is-moving-away-from-open-source/ + +This is key. Avoid contributing to FOSS projects which require copyright assignment. We know how this ends. + +Thanks to @alexelcu for the required reminder. ![](media/1567604848295641090-FcE_6wrWQAAnrzc.jpg) + +(Originally on Twitter: [Wed Sep 07 20:04:55 +0000 2022](https://twitter.com/adulau/status/1567604848295641090)) +---- +@MaiaMazaurette Je dirais un chat. Il y a en effet le territoire et un chat peut devenir dominant sur un autre pour diverses raisons. Un chat seul est souvent plus heureux comme il ne doit pas se “battre” pour maintenir son espace de liberté. Le temps de présence humaine n’est pas important ;-) + +(Originally on Twitter: [Thu Sep 08 15:06:13 +0000 2022](https://twitter.com/adulau/status/1567892066352435200)) +---- +Thanks for sharing. I enjoyed all the previous commercial blabla from some Microsoft “governmental” sales guys about “attribution is not our role”. But now it’s the opposite or is attribution variable depending of the threat actor geographical origin? + +https://mobile.twitter.com/MsftSecIntel/status/1567891998681726978 + +(Originally on Twitter: [Thu Sep 08 15:17:30 +0000 2022](https://twitter.com/adulau/status/1567894908454768641)) +---- +Open source maintainers often receive hilarious emails from corporate legal departments. + +The one from today is "Do you have any confidentiality policy?" + +I'm close to answer "Yes, the open source project is not confidential as you can read on our website.". + + +media/1567983051199713283-FcKYRVtX0AI02S3.mp4 + +(Originally on Twitter: [Thu Sep 08 21:07:45 +0000 2022](https://twitter.com/adulau/status/1567983051199713283)) +---- +https://home.treasury.gov/news/press-releases/jy0941 + +(Originally on Twitter: [Fri Sep 09 15:15:08 +0000 2022](https://twitter.com/adulau/status/1568256697965199361)) +---- +If you take the time to make materials for a training, creating a git repository and make the training open source is less than 10% of the total time. But those 10% are the most rewarding ones for you and others on the long-term. ![](media/1568523386283761666-FcSDQR2XoAAu3Mw.jpg) + +(Originally on Twitter: [Sat Sep 10 08:54:51 +0000 2022](https://twitter.com/adulau/status/1568523386283761666)) +---- +@Ministraitor Happy birthday! + +(Originally on Twitter: [Sat Sep 10 13:51:55 +0000 2022](https://twitter.com/adulau/status/1568598143435948040)) +---- +@jtkristoff 😘 + +(Originally on Twitter: [Sat Sep 10 14:19:56 +0000 2022](https://twitter.com/adulau/status/1568605193574424582)) +---- +@smaffulli @jachiam0 The license is clearly violating the rule 6 “ No Discrimination Against Fields of Endeavor” with the use restrictions. + +Concerning the law applicability and the violation, it’s even a bigger can of worms due to the variability of legal systems. ![](media/1569198131400658945-FcboqehWAAIDBQk.jpg) + +(Originally on Twitter: [Mon Sep 12 05:36:03 +0000 2022](https://twitter.com/adulau/status/1569198131400658945)) +---- +why @PyTorch didn’t use a DCO instead of a CLA as they moved to the @linuxfoundation ? + +https://pytorch.org/blog/a-contributor-license-agreement-for-pytorch/ + +(Originally on Twitter: [Tue Sep 13 05:23:56 +0000 2022](https://twitter.com/adulau/status/1569557471198330880)) +---- +RT @MISPProject: misp-guard has been released which is a @mitmproxy add-on that inspects MISP synchronisations. + +A complementary tool to… + +(Originally on Twitter: [Tue Sep 13 11:14:53 +0000 2022](https://twitter.com/adulau/status/1569645789684682752)) +---- +That’s the reality. The testing in SaaS is done on and by the users. I’m curious about the percentage of companies doing it like that. Wild guess is 80% + +https://mobile.twitter.com/ericgeller/status/1569696618563215360?t=xu4A39sbesZq75SpYwbHoQ&s=09 + +(Originally on Twitter: [Tue Sep 13 15:26:49 +0000 2022](https://twitter.com/adulau/status/1569709192725897217)) +---- +@tenzir_company @mavam You guys are just impressive in clever and smart data structures 👍🏻 + +(Originally on Twitter: [Wed Sep 14 10:00:33 +0000 2022](https://twitter.com/adulau/status/1569989468886646787)) +---- +@ValeryMarchive @thomasfld @cryptax @H_Miser @cbrocas @felixaime Les termes de remboursement sur ses assurances sont souvent très limités à des actions précises comme reinstaller de l'équipements, demander du support technique mais le paiement de rançon n’est jamais dans ces clauses. + +(Originally on Twitter: [Wed Sep 14 10:05:28 +0000 2022](https://twitter.com/adulau/status/1569990707720425472)) +---- +@ValeryMarchive @thomasfld @cryptax @H_Miser @cbrocas @felixaime Alors comment sont payées ces rançons? et remboursées? tout simplement par des tiers qui facturent des services « techniques ». + +(Originally on Twitter: [Wed Sep 14 10:06:25 +0000 2022](https://twitter.com/adulau/status/1569990945894207488)) +---- +@ValeryMarchive @thomasfld @cryptax @H_Miser @cbrocas @felixaime Oui la compatibilité peut être très creative dans ce genre de situation. + +(Originally on Twitter: [Wed Sep 14 11:00:57 +0000 2022](https://twitter.com/adulau/status/1570004669287768066)) +---- +@6vis_pacem Je sens que personne n’a expliqué comment une licence logiciel libre fonctionnait ;-) ![](media/1570286204460965889-FcrF2eYXwAETnmk.jpg) + +(Originally on Twitter: [Thu Sep 15 05:39:40 +0000 2022](https://twitter.com/adulau/status/1570286204460965889)) +---- +@MarmotRespecter Because simple access for web crawlers became more complicated over the past years. The only way is nowadays emulating browsers with complex technology like @playwrightweb it’s slower and source of challenges. + +(Originally on Twitter: [Thu Sep 15 18:11:58 +0000 2022](https://twitter.com/adulau/status/1570475527378698241)) +---- +@mikko Usually I only see Russian bots and trolls being verified nowadays ;-) + +(Originally on Twitter: [Fri Sep 16 07:58:34 +0000 2022](https://twitter.com/adulau/status/1570683546620276736)) +---- +@thomasfld @ValeryMarchive @cryptax @H_Miser @cbrocas @felixaime Souvent c'est pour l'exclusion de la couverture. + +Mais si vous avez des exemples avec des clauses pour inclure le remboursement des rançons, je suis curieux sur la légalité des preuves du paiement de la rançon. + +(Originally on Twitter: [Sun Sep 18 08:55:58 +0000 2022](https://twitter.com/adulau/status/1571422770327703552)) +---- +@thomasfld @ValeryMarchive @cryptax @H_Miser @cbrocas @felixaime Ah ok. Il me semble que cela ne couvre que les frais techniques ou de support logistique/psy. Souvent la rançon est soit « cachée » dans ces frais et les contrats sont assez précis sur les preuves de paiement. Si tu as un extrait de contrat je suis curieux du « wording » ;-) ![](media/1571468406926483457-Fc74QkXWQAAH3L3.jpg) + +(Originally on Twitter: [Sun Sep 18 11:57:19 +0000 2022](https://twitter.com/adulau/status/1571468406926483457)) +---- +Twenty years ago we were doing packet filtering with ACL, firewalling, having DMZ, bastion hosts, segregation between networks, least privilege and users in chroot. Nowadays it’s mainly flat networks with an unpatched VPN gateway and an MFA if it’s supported. + +(Originally on Twitter: [Sun Sep 18 18:23:34 +0000 2022](https://twitter.com/adulau/status/1571565612433903618)) +---- +Why is it like this? It’s simple. Economics are driving everything including security. Running a proper logged, monitored infrastructure is costly and many organisations don’t want to increase the costs. + +(Originally on Twitter: [Sun Sep 18 18:23:35 +0000 2022](https://twitter.com/adulau/status/1571565614472495105)) +---- +@npua This indeed a significant factor where the solution seemed to be the check boxing instead of securing the infrastructure. + +(Originally on Twitter: [Sun Sep 18 19:26:46 +0000 2022](https://twitter.com/adulau/status/1571581515628433409)) +---- +@6vis_pacem Indeed, vendors proposed solution to fire or get rid of humans from security department by replacing them with cheaper magical boxes. + +(Originally on Twitter: [Sun Sep 18 19:28:18 +0000 2022](https://twitter.com/adulau/status/1571581902137753600)) +---- +@FredLB @cbrocas I think we are still not losing enough money, when a security incident takes place, to change the current direction. + +(Originally on Twitter: [Sun Sep 18 19:57:21 +0000 2022](https://twitter.com/adulau/status/1571589211421032449)) +---- +@thomasschreck_ I tend to agree but this inherent complexity did help sometime to contain or detect early ongoing attacks. Another point, we removed the rule 'least common mechanism' described by Saltzer & Schroeder (1975) and jump into a monoculture of authentication mechanisms. + +(Originally on Twitter: [Mon Sep 19 04:39:08 +0000 2022](https://twitter.com/adulau/status/1571720522685104128)) +---- +RT @mrd0x: Stealing Access Tokens From Office Desktop Applications + +https://mrd0x.com/stealing-tokens-from-office-applications/ + +(Originally on Twitter: [Mon Sep 19 04:43:56 +0000 2022](https://twitter.com/adulau/status/1571721731823239168)) +---- +@edarchis It’s a special services for « semaine de la mobilité » it’s not a bug, it’s a feature. + +(Originally on Twitter: [Tue Sep 20 05:24:17 +0000 2022](https://twitter.com/adulau/status/1572094273604194304)) +---- +@craiu @nullparasite https://github.com/MISP/misp-warninglists might help for many cases when exporting to NIDS or even doing manual analysis in MISP. + +(Originally on Twitter: [Tue Sep 20 16:05:01 +0000 2022](https://twitter.com/adulau/status/1572255518843969536)) +---- +RT @brainwane: Finally wrote a post that's been stewing for a while: What You Miss By Only Checking GitHub + +Many researchers, entrepreneurs… + +(Originally on Twitter: [Wed Sep 21 05:21:36 +0000 2022](https://twitter.com/adulau/status/1572455986912235520)) +---- +Merci à @ATrapenard pour son humanisme et son intelligence pour cette interview à la @GrandeLibrairie ![](media/1572675564212977664-FdNDkQpX0AEzgbX.jpg) + +(Originally on Twitter: [Wed Sep 21 19:54:08 +0000 2022](https://twitter.com/adulau/status/1572675564212977664)) +---- +@_msw_ Is FOSSology https://www.fossology.org/ able to use the full history beside the current "check-out"? https://github.com/fossology/fossology + +(Originally on Twitter: [Thu Sep 22 04:16:56 +0000 2022](https://twitter.com/adulau/status/1572802101629095937)) +---- +RT @ex_raritas: I just want to take a moment to thank Cisco and their researcher team for their transparency and for their willingness to a… + +(Originally on Twitter: [Fri Sep 23 05:45:11 +0000 2022](https://twitter.com/adulau/status/1573186698284044288)) +---- +. @lesoir pourriez-vous expliquer comment vous choisissez vos interlocuteurs pour les interviews par exemple comme Monsieur Andreï Kortounov ? ![](media/1573330829132140545-FdWX5d4XgAAP2aB.jpg) + +(Originally on Twitter: [Fri Sep 23 15:17:55 +0000 2022](https://twitter.com/adulau/status/1573330829132140545)) +---- +I just released git-vuln-finder v1.3 released. It's a bug fixes release. Finding potential software vulnerabilities from git commit messages. #infosec + +https://github.com/cve-search/git-vuln-finder/releases/tag/v1.3 ![](media/1573563359617761281-FdZrBqWXoAAA2xF.png) + +(Originally on Twitter: [Sat Sep 24 06:41:54 +0000 2022](https://twitter.com/adulau/status/1573563359617761281)) +---- +@thomasschreck_ Filtering badly designed systems is often the only way to protect systems were complexity is the new standard. + +(Originally on Twitter: [Sat Sep 24 11:23:00 +0000 2022](https://twitter.com/adulau/status/1573634098236637185)) +---- +Vous ne faites pas de Netflow/sFlow en France ? C'est l'occasion de commencer, c'est pas mal pour la sécurité et la réponse sur incident ;-) + +https://twitter.com/SouveraineTech/status/1573759431296294915 + +(Originally on Twitter: [Sun Sep 25 09:18:00 +0000 2022](https://twitter.com/adulau/status/1573965028725854209)) +---- +@MaliciaRogue @CNIL Je dois être inculte dans les procédures des associations "Zero Track Online" en France mais le siège social c'est l'adresse de la mairie à Nice ? + +https://www.journal-officiel.gouv.fr/pages/associations-recherche/?disjunctive.source&sort=cronosort&q=W062018075&q.titre=#resultarea ![](media/1573968931370450946-Fdfb8CXXwAEXg1T.jpg) + +(Originally on Twitter: [Sun Sep 25 09:33:30 +0000 2022](https://twitter.com/adulau/status/1573968931370450946)) +---- +RT @MISPProject: MISP 2.4.163 released with improved periodic notification system and many improvements. +#threatintel #tip #CTI #opensourc… + +(Originally on Twitter: [Mon Sep 26 14:29:45 +0000 2022](https://twitter.com/adulau/status/1574405870796021760)) +---- +@lux_hur J’ai une signature « custom » pour ces situations. + +"quit whining you haven't done anything wrong because frankly you haven't done much of anything" + +(Originally on Twitter: [Mon Sep 26 17:30:23 +0000 2022](https://twitter.com/adulau/status/1574451328482525185)) +---- +@SpywareSpeaks @MISPProject @miscmag We mainly tweet in English but sometime we tweet in different languages ;-) + +(Originally on Twitter: [Wed Sep 28 16:23:42 +0000 2022](https://twitter.com/adulau/status/1575159325261283331)) +---- +@maximilianhils Congrats! + +(Originally on Twitter: [Thu Sep 29 16:53:16 +0000 2022](https://twitter.com/adulau/status/1575529152438063105)) +---- +The president of the honeypot project « we will stop our project we have too much competition with Exchange nowadays » + +(Originally on Twitter: [Thu Sep 29 20:55:56 +0000 2022](https://twitter.com/adulau/status/1575590222393245696)) +---- +RT @cudeso: A @MISPProject tip of the week: The MISP modules can also be used outside MISP. Query the module server for its enabled modules… + +(Originally on Twitter: [Fri Sep 30 08:17:26 +0000 2022](https://twitter.com/adulau/status/1575761727240605698)) +---- +RT @xme: This made my day! @sans_isc, we should register http://exshield.org to replace http://dshield.org 😝 + +(Originally on Twitter: [Fri Sep 30 15:18:05 +0000 2022](https://twitter.com/adulau/status/1575867587832840193)) +---- +@vajkat CISSP is often the golden ticket for a crappy job. If an employer relies on a certification to understand the capabilities of a person, it’s maybe the wrong place to work. + +(Originally on Twitter: [Sun Oct 02 07:09:59 +0000 2022](https://twitter.com/adulau/status/1576469526996140033)) +---- +@leak_ix @PatriceAuffret That’s an interesting question. Mapping software before vulnerability discovery could produce a proper exclusion set for newly discovered software? + +(Originally on Twitter: [Sun Oct 02 08:08:50 +0000 2022](https://twitter.com/adulau/status/1576484336651882496)) +---- +@framaka Je ne comprends même pas comme cela peut fonctionner. Par exemple, un logiciel libre (qui par essence peut avoir une utilisation commerciale) intègre une oeuvre du domaine public. Qui est taxé sur quel bénéfice ? Comment c’est calculé ? + +(Originally on Twitter: [Sun Oct 02 15:05:59 +0000 2022](https://twitter.com/adulau/status/1576589318226731009)) +---- +@framaka De plus, je ne vois pas comment cela peut s’appliquer sans entrer en conflit avec la convention de Berne et l’article 18. + +(Originally on Twitter: [Sun Oct 02 15:15:16 +0000 2022](https://twitter.com/adulau/status/1576591652273418240)) +---- +RT @circl_lu: CIRCL TR-70 - Vulnerabilities in Microsoft Exchange CVE-2022-41040 - CVE-2022-41082 + +https://www.circl.lu/pub/tr-70/ + +Page will be up… + +(Originally on Twitter: [Mon Oct 03 10:13:46 +0000 2022](https://twitter.com/adulau/status/1576878164919218177)) +---- +RT @cudeso: See you all at CTIS-2022 in Luxembourg. https://cti-summit.org/ #CTI ![](media/1576892136410165248-FeIy5NGWQAsBtYQ.png) + +(Originally on Twitter: [Mon Oct 03 11:09:17 +0000 2022](https://twitter.com/adulau/status/1576892136410165248)) +---- +@cyb3rops Forensic and IR wise it makes sense as finding the proper location of logs in Microsoft Exchange is hard and assuming logs integrity is there. Reading Exchange Server logs is more voodoo nowadays than proper log parsing. + +(Originally on Twitter: [Tue Oct 04 04:41:45 +0000 2022](https://twitter.com/adulau/status/1577156997644181504)) +---- +@maldr0id @josejolivas I think the guy will be disappointed with the reality at @FIRSTdotOrg by the way, we are still searching for volunteers and contributor for the SIGs. but it won’t be like the gif below ;-) + + +media/1577724995119288321-FeU0hEkXkAg1r6b.mp4 + +(Originally on Twitter: [Wed Oct 05 18:18:46 +0000 2022](https://twitter.com/adulau/status/1577724995119288321)) +---- +RT @engelsjk: Here's a visualization tool I've been working on to explore the global swath coverage of 1+ million declassified spy satellit… + +(Originally on Twitter: [Thu Oct 06 04:44:32 +0000 2022](https://twitter.com/adulau/status/1577882475497508864)) +---- +@_msw_ On the forensic side when a software distribution is compromised, we would expect to be able which file is part of a distribution or not. A lot of SBOM approaches are just container signing until now. We did http://hashlookup.io and there is a public database available. + +(Originally on Twitter: [Thu Oct 06 05:19:45 +0000 2022](https://twitter.com/adulau/status/1577891339789901824)) +---- +@librairesecache J’imagine « dirty sexy valley » oui c’est à droite dans la partie fiction gore mais non je demandais « la grande vallée » de Steinbeck + +(Originally on Twitter: [Thu Oct 06 16:44:35 +0000 2022](https://twitter.com/adulau/status/1578063681694437382)) +---- +@carenes Au final avec cet exemple, la RGPD est bien plus simple pour la recherche que la situation précédente avec une demande d’autorisation. + +(Originally on Twitter: [Thu Oct 06 19:44:07 +0000 2022](https://twitter.com/adulau/status/1578108864951730176)) +---- +Which version of cpio is vulnerable to CVE-2015-1197. GNU project released version 2.13 in 2019 which includes the fix and other fixes. Many distribution are still using 2.12 some with patches and some without. + +cpio binaries patches known @hashlookup_io https://hashlookup.circl.lu/lookup/sha1/8275f12d744c2a1a1d0586a81b090f14f369dc1f ![](media/1578277131842424832-Feco8IAWIAAtf_H.jpg) + +(Originally on Twitter: [Fri Oct 07 06:52:45 +0000 2022](https://twitter.com/adulau/status/1578277131842424832)) +---- +It's another good example how difficult is to track upstream patches, how these are fixes and how long patches percolates back into distribution and software releases. + +(Originally on Twitter: [Fri Oct 07 06:52:46 +0000 2022](https://twitter.com/adulau/status/1578277133989953537)) +---- +@S_N_I It depends. In this case, the upstream release a patched version some years later and some distro were more reactive and applies fixes before. I'm not blaming a specific free software dev, just showing how difficult it is to find out what is patched or not ;-) + +(Originally on Twitter: [Fri Oct 07 07:27:10 +0000 2022](https://twitter.com/adulau/status/1578285792048205825)) +---- +@IanColdwater The adversary was directly responding to the emails for the forensic acquisition requested by us as CSIRT. + +(Originally on Twitter: [Fri Oct 07 16:19:52 +0000 2022](https://twitter.com/adulau/status/1578419849688403968)) +---- +RT @jfslowik: My VirusBulletin 2022 paper is available, covering the #XENOTIME threat actor and responsibility for the #TRITON/#TRISIS/#Hat… + +(Originally on Twitter: [Fri Oct 07 20:16:40 +0000 2022](https://twitter.com/adulau/status/1578479443273601024)) +---- +@PrincipeDebase Quelques valeurs empiriques de mes experiences sac à dos : + +- Thule Chasm 26 (super solide, deux laptops sans soucis) +- Everki ekp 133 (pratique mais des lacunes sur la solidité des lanières mais une pochette dure pour lunettes++) +- Booq (rock solide mais espace moins pratique) + +(Originally on Twitter: [Sun Oct 09 15:34:11 +0000 2022](https://twitter.com/adulau/status/1579133128303869952)) +---- +I recently summarised in a presentation the advantages of going open source for CSIRTs and SOCs. If there is an interest, I might do a more complete document. #infosec #opensource ![](media/1579182065425473537-FephdP5WIAI3E88.png) + +(Originally on Twitter: [Sun Oct 09 18:48:38 +0000 2022](https://twitter.com/adulau/status/1579182065425473537)) +---- +@cudeso That's indeed a very good point. It seems I need to make a document summarizing all. Thanks for the idea! + +(Originally on Twitter: [Sun Oct 09 20:32:57 +0000 2022](https://twitter.com/adulau/status/1579208316110409728)) +---- +No need of Theodore Kaczynski in France, they have the minister of digital transition which proposes a remote kill switch by the ISP during the night for the home routers… to limit electrical consumption. + +https://mobile.twitter.com/Europe1/status/1579341116620447745 + +(Originally on Twitter: [Mon Oct 10 15:27:06 +0000 2022](https://twitter.com/adulau/status/1579493733321830403)) +---- +@verac_m Je vois déjà les machines sans connectivités qui utilisent plus d’energie pour garder une connexion, les mobiles qui passent en 2G/4G en pleine campagne et je passe la question des pointes le matin lors du redémarrage… + +(Originally on Twitter: [Mon Oct 10 15:37:02 +0000 2022](https://twitter.com/adulau/status/1579496234280443904)) +---- +@JevyLux2 I always wonder why the offshore wind farm is so less deployed in France (looking at the size of the coast). This could be also an incentive to protect some marine area with the inability to do industrial fishing. + +(Originally on Twitter: [Mon Oct 10 15:39:23 +0000 2022](https://twitter.com/adulau/status/1579496826742648832)) +---- +RT @digihash: @adulau Totally agree. A possible addition: "Any money, time, or resources spend by a CSIRT/SOC, especially a governmental CS… + +(Originally on Twitter: [Mon Oct 10 15:39:45 +0000 2022](https://twitter.com/adulau/status/1579496918098776064)) +---- +@FLesueur Je pensais que la Belgique avait des politiques qui fumaient la moquette mais en France la moquette semble d’excellente qualité ;-) + +(Originally on Twitter: [Mon Oct 10 15:41:04 +0000 2022](https://twitter.com/adulau/status/1579497248865800194)) +---- +@verac_m En effet, en plus les 15W c’est la consommation maximum et c’est rarement ces valeurs en moyenne la nuit. + +(Originally on Twitter: [Mon Oct 10 16:13:07 +0000 2022](https://twitter.com/adulau/status/1579505316626329600)) +---- +RT @embee_research: 🟥#BruteRatel: Static detection via API hashes + +Very similar to the Havoc C2 Detector. Looks for API hashes used to reso… + +(Originally on Twitter: [Wed Oct 12 06:32:08 +0000 2022](https://twitter.com/adulau/status/1580083880488763393)) +---- +RT @docintelapp: Come and join me, DocIntel will make his first baby steps on Oct 20 at 2PM in the wild world of Cyber Threat Intelligence… + +(Originally on Twitter: [Wed Oct 12 18:12:02 +0000 2022](https://twitter.com/adulau/status/1580260016564539392)) +---- +RT @circl_lu: Cyber and Threat Intelligence Summit (CTIS-2022) +Kirchberg, Luxembourg - October 19 - 20 2022 + +Agenda Day 1 https://t.co/9HPI… + +(Originally on Twitter: [Thu Oct 13 15:12:47 +0000 2022](https://twitter.com/adulau/status/1580577296846815239)) +---- +RT @naglinagli: We have successfully managed to replicate and confirm the public PoC for CVE-2022-40684. which grants SSH access without an… + +(Originally on Twitter: [Fri Oct 14 05:24:43 +0000 2022](https://twitter.com/adulau/status/1580791691782410240)) +---- +I'm anxiously waiting for the talk @yodresh at CTIS summit about mobile operators and SS7 abuses. + +https://cti-summit.org/talks/alexandre-de-oliveira.html + +https://twitter.com/yodresh/status/1580474008809525248 + +(Originally on Twitter: [Fri Oct 14 06:35:39 +0000 2022](https://twitter.com/adulau/status/1580809544116375552)) +---- +@SwitHak @circl_lu @yodresh The speaker can decide if the recording will be online or not. I let @yodresh decides ;-) + +(Originally on Twitter: [Fri Oct 14 06:42:03 +0000 2022](https://twitter.com/adulau/status/1580811153386573824)) +---- +A community is just a cartel without money. + +(Originally on Twitter: [Fri Oct 14 11:11:16 +0000 2022](https://twitter.com/adulau/status/1580878901404131330)) +---- +@Sebdraven @AliceCliment Sauf si on s’appelle Marcel Duchamp ou Pierre Pinoncelli ;-) + +(Originally on Twitter: [Fri Oct 14 16:18:57 +0000 2022](https://twitter.com/adulau/status/1580956334228242437)) +---- +@Sebdraven @AliceCliment Le procès est une oeuvre d’art. + +Mais je ne crois pas que ces bricoleurs du dimanche comprennent la portée de leurs actes sur cette œuvre qui n’est pas du « ready made à la duchamp ». + +(Originally on Twitter: [Fri Oct 14 16:25:50 +0000 2022](https://twitter.com/adulau/status/1580958066081955840)) +---- +RT @circl_lu: We release a new public service to find potential typo-squatted domains. + +https://typosquatting-finder.circl.lu/ relying on our open source… + +(Originally on Twitter: [Fri Oct 14 21:11:49 +0000 2022](https://twitter.com/adulau/status/1581030037364801537)) +---- +@ddurvaux Lol. Maybe the only common point is the love of Italian food. + +(Originally on Twitter: [Sat Oct 15 06:34:56 +0000 2022](https://twitter.com/adulau/status/1581171747990093825)) +---- +@bortzmeyer Mon chat (Gizmo) a son propre script bash pour publier son site web + +find . -name \*.md -type f -exec pandoc -B inc/gizmohead -A inc/gizmotail -o {}.html {} \; + +et il n'aime pas les usines à gaz. + + +media/1581190048258539521-FfGD9vVWYAE8duI.mp4 + +(Originally on Twitter: [Sat Oct 15 07:47:39 +0000 2022](https://twitter.com/adulau/status/1581190048258539521)) +---- +Just released version 1.1 of the mmdb-server (open source fast API for IP geolocation) which includes small bugs fixed and update of the Geo Open database. + +https://github.com/adulau/mmdb-server/releases/tag/v1.1 + +Thanks to the @VARIoT_project partners for the tests and feedback on the tool. + +#ThreatIntel ![](media/1581201207129169920-FfGNpzpWAAAdHuK.jpg) + +(Originally on Twitter: [Sat Oct 15 08:31:59 +0000 2022](https://twitter.com/adulau/status/1581201207129169920)) +---- +I see a regular comment when you release a new open source software. + +"I did the same, it's not difficult to do." + +Then you ask where the open source release is. + +"Oh, it's not open sourced..." + +I'm wondering about the psychological approach behind such feedback. + +(Originally on Twitter: [Sun Oct 16 16:56:34 +0000 2022](https://twitter.com/adulau/status/1581690577628037120)) +---- +@MaliciaRogue Un camp de nudiste... + +(Originally on Twitter: [Sun Oct 16 17:05:59 +0000 2022](https://twitter.com/adulau/status/1581692945731768320)) +---- +@SuperCowPowers It’s indeed very weird. I have the perception it’s like some people going to the museum and saying « I could have done this » + +(Originally on Twitter: [Sun Oct 16 17:19:58 +0000 2022](https://twitter.com/adulau/status/1581696465658728448)) +---- +You know how difficult is to monitor ransomware groups. + +@F_kZ_ just released RansomLook - an awesome open source software to simplify and automate the tracking. + +https://github.com/RansomLook/RansomLook + +I heard that a @MISPProject integration will follow. + +#threatintel + +(Originally on Twitter: [Sun Oct 16 18:52:25 +0000 2022](https://twitter.com/adulau/status/1581719731483967488)) +---- +RT @F_kZ_: @adulau @MISPProject Public instance is available there : + +https://www.ransomlook.io + +(Originally on Twitter: [Sun Oct 16 18:56:40 +0000 2022](https://twitter.com/adulau/status/1581720801291620354)) +---- +RT @MISPProject: Don't forget to join us at the Cyber and Threat Intelligence Summit (CTIS-2022) Kirchberg, Luxembourg +October 19 - 20 2022… + +(Originally on Twitter: [Sun Oct 16 19:59:51 +0000 2022](https://twitter.com/adulau/status/1581736699977424897)) +---- +RT @ancailliau: @blubbfiction @adulau This is *so* underestimated. Releasing something OSS that works for others is much more work than hav… + +(Originally on Twitter: [Sun Oct 16 20:20:52 +0000 2022](https://twitter.com/adulau/status/1581741990651121664)) +---- +@Sebdraven @y0m @ValeryMarchive @PatriceAuffret It will be recorded by the master @Ministraitor and if the speaker agrees, it will be online later. + +(Originally on Twitter: [Mon Oct 17 07:42:56 +0000 2022](https://twitter.com/adulau/status/1581913639757312000)) +---- +RT @ancailliau: The day has come. 4y+ of work shared back with #ThreatIntelligence community. Many thanks to all that supported the effort!… + +(Originally on Twitter: [Mon Oct 17 18:50:15 +0000 2022](https://twitter.com/adulau/status/1582081574157266944)) +---- +@ancailliau I’m really impressed by the work you did and your perseverance to release it. We are all waiting for the demo at the http://cti-summit.org ;-) + +(Originally on Twitter: [Tue Oct 18 06:27:39 +0000 2022](https://twitter.com/adulau/status/1582257081616171008)) +---- +RT @docintelapp: DocIntel is now freely available 🎉 +GitHub ✅ DockerHub ✅ Slack ✅ + +Ready for the week, and the CTI Summit 👀! + +https://t.co/… + +(Originally on Twitter: [Tue Oct 18 06:27:53 +0000 2022](https://twitter.com/adulau/status/1582257140026134528)) +---- +RT @circl_lu: Everything is ready - Cyber and Threat Intelligence Summit (CTIS-2022) October 19 - 20 2022 - +https://www.cti-summit.org/ + +Thank… + +(Originally on Twitter: [Tue Oct 18 13:01:38 +0000 2022](https://twitter.com/adulau/status/1582356228205776897)) +---- +@ChatNoirduRail @Infrabel_FR Il y a une raison particulière pourquoi les lignes « marchandises » sont plus avancées ? + +(Originally on Twitter: [Tue Oct 18 15:03:33 +0000 2022](https://twitter.com/adulau/status/1582386911691227136)) +---- +Discovered some funky operational impact of the TLP:WHITE -> TLP:CLEAR changes. I still don't get why they decided to do this change even if the community was not in favour. So update your scripts, configuration or filtering based on TLP tags. and I bet the 2 tags will coexist. + + +media/1582449719632007168-FfX9n-KXEAAx5Cl.mp4 + +(Originally on Twitter: [Tue Oct 18 19:13:08 +0000 2022](https://twitter.com/adulau/status/1582449719632007168)) +---- +RT @Volexity: Don't miss @r00tbsd & Robert Jan Mora at #CTI Summit, Thurs, 20 Oct @ 11:30AM! Hear details of @Volexity #threatintel investi… + +(Originally on Twitter: [Wed Oct 19 03:26:49 +0000 2022](https://twitter.com/adulau/status/1582573961669672961)) +---- +RT @Iglocska: The first CTI summit has begun, kicking it off is @PatriceAuffret with a talk on ethical hacking! ![](media/1582631206298210305-FfaiKGgWAAA8BVu.jpg) + +(Originally on Twitter: [Wed Oct 19 07:14:18 +0000 2022](https://twitter.com/adulau/status/1582631206298210305)) +---- +RT @xme: Interesting fact about #ransomware attacks in 2021-2022: “51.6% of initial access was via RDP/VPN credentials” 🤦‍♂️ #CTIS2022 + +(Originally on Twitter: [Wed Oct 19 09:44:44 +0000 2022](https://twitter.com/adulau/status/1582669065545715712)) +---- +RT @Sebdraven: Little détail at #ctisummit ![](media/1582669329510064128-FfbEuoYX0AEtMuo.jpg) + +(Originally on Twitter: [Wed Oct 19 09:45:47 +0000 2022](https://twitter.com/adulau/status/1582669329510064128)) +---- +@Sebdraven You are observed ;-) + + +media/1582669736181370880-FfbFu2cWAAA5cm3.mp4 + +(Originally on Twitter: [Wed Oct 19 09:47:24 +0000 2022](https://twitter.com/adulau/status/1582669736181370880)) +---- +@jfslowik @xme @circl_lu I'll share the date for the next edition in the next weeks and you'll be forced to do a keynote ;-) + +(Originally on Twitter: [Wed Oct 19 14:21:35 +0000 2022](https://twitter.com/adulau/status/1582738738920435712)) +---- +@jfslowik @Iglocska @xme @circl_lu Now I know how to get a great keynote for the next editions. Just change the headers to quarantaine the mail of accepted papers ;-) + +(Originally on Twitter: [Wed Oct 19 14:29:46 +0000 2022](https://twitter.com/adulau/status/1582740798575378432)) +---- +Ok @rafi0t is not physically with us at #CTIS2022 but he just did the release 1.0 of Lacus which simplify the use @playwrightweb for threat intelligence crawling. It’s used in @lookyloo_app soon in @ail_project + +Crawling for threat intelligence, check it + +https://github.com/ail-project/lacus/releases/tag/v1.0.0 + +(Originally on Twitter: [Wed Oct 19 14:35:25 +0000 2022](https://twitter.com/adulau/status/1582742220624756736)) +---- +RT @C0nel: Very Good day 1 of the #CTIS2022 thx to @adulau and his Team + +(Originally on Twitter: [Wed Oct 19 17:51:08 +0000 2022](https://twitter.com/adulau/status/1582791470322372608)) +---- +@C0nel Thank you very much 🤩 + +(Originally on Twitter: [Wed Oct 19 17:52:15 +0000 2022](https://twitter.com/adulau/status/1582791752087261184)) +---- +@Ministraitor + + +media/1582801603471364099-Ffc9qj8XwAUGmKL.mp4 + +(Originally on Twitter: [Wed Oct 19 18:31:23 +0000 2022](https://twitter.com/adulau/status/1582801603471364099)) +---- +@alexanderjaeger The 1st January I will release findings under TLP:WHITE. As it will not exist anymore, you can choose its definition. + + +media/1582809241642860544-FfdEnJoXkAMr8oV.mp4 + +(Originally on Twitter: [Wed Oct 19 19:01:45 +0000 2022](https://twitter.com/adulau/status/1582809241642860544)) +---- +There are still two 5min slots left for the lightning talks of tomorrow at #ctisummit #ctis2022. + + +media/1582816707735060480-FfdLZwUWAAEP7ut.mp4 + +(Originally on Twitter: [Wed Oct 19 19:31:25 +0000 2022](https://twitter.com/adulau/status/1582816707735060480)) +---- +@S_N_I Sorry, it can only be done locally. + +(Originally on Twitter: [Wed Oct 19 19:41:54 +0000 2022](https://twitter.com/adulau/status/1582819346480758784)) +---- +RT @Requiem_fr: 1st paper from my friend and @mandiant colleague @fumik0_ ! 🥰 +From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind. 👇 +https… + +(Originally on Twitter: [Wed Oct 19 20:19:56 +0000 2022](https://twitter.com/adulau/status/1582828917479481345)) +---- +RT @lorenc_dan: @_msw_ I'll take the other side and argue that there's a strong positive correlation between CVEs and quality. + +(Originally on Twitter: [Thu Oct 20 07:14:39 +0000 2022](https://twitter.com/adulau/status/1582993683775119361)) +---- +and people tell us to do unit test… #ctis2022 ![](media/1582997070944038919-FffvLaeWIAEQTkj.jpg) + +(Originally on Twitter: [Thu Oct 20 07:28:07 +0000 2022](https://twitter.com/adulau/status/1582997070944038919)) +---- +RT @PatriceAuffret: @GossiTheDog As correctly stated on @GreyNoiseIO, this IP address belongs to @onyphe, a company I founded. + +You may be… + +(Originally on Twitter: [Thu Oct 20 08:21:35 +0000 2022](https://twitter.com/adulau/status/1583010528066404353)) +---- +RT @Sebdraven: to share events MISP from SFTP ! a tool develop on @ANSSI_FR ! +https://github.com/ANSSI-FR/sftp2misp + +#CTIS2022 + +(Originally on Twitter: [Thu Oct 20 09:36:23 +0000 2022](https://twitter.com/adulau/status/1583029353687834626)) +---- +@DCSecuritydk @Iglocska Nowadays the trend is to use YouTube videos for sharing a long list of indicators. + +(Originally on Twitter: [Thu Oct 20 09:37:25 +0000 2022](https://twitter.com/adulau/status/1583029613038424064)) +---- +@alexanderjaeger I’m sure the master @_saadk will recall an afterparty where we end up in a cozy jazz bar to avoid a too loud party. + +(Originally on Twitter: [Thu Oct 20 09:44:53 +0000 2022](https://twitter.com/adulau/status/1583031492220854272)) +---- +RT @Iglocska: Misp-guard, presented by @righelx for the first time, if you ever wanted a safety net for your @MISPProject synchronization i… + +(Originally on Twitter: [Thu Oct 20 11:59:09 +0000 2022](https://twitter.com/adulau/status/1583065281873989632)) +---- +RT @Ministraitor: LT: http://Ransomlook.io by Alexandre Dulaunoy @adulau +https://youtu.be/ArWugnh7ESc + +(Originally on Twitter: [Thu Oct 20 13:29:57 +0000 2022](https://twitter.com/adulau/status/1583088129363173376)) +---- +@pstirparo @Iglocska @MISPProject @circl_lu It was great to see you again. I hope you'll come to the 2023 edition and even make a talk ;-) + +(Originally on Twitter: [Thu Oct 20 14:16:25 +0000 2022](https://twitter.com/adulau/status/1583099823929970689)) +---- +@BinksJar007 @MISPProject @Iglocska @mokaddem_sami It was a pleasure to have you at the conference. + +(Originally on Twitter: [Thu Oct 20 17:25:13 +0000 2022](https://twitter.com/adulau/status/1583147338897321985)) +---- +RT @cudeso: A @MISPProject tip of the week: Picked up during #CTIS2022: Use 'mail_to_misp' to connect your mail infrastructure to MISP and… + +(Originally on Twitter: [Fri Oct 21 07:06:32 +0000 2022](https://twitter.com/adulau/status/1583354030474289152)) +---- +We are reviewing our @MISPProject warning lists and we are looking for a maintained list of hosts which are domain parking. Do you know someone doing such thing? or should we start to build one from scratch? #threatintelligence + +(Originally on Twitter: [Fri Oct 21 14:42:00 +0000 2022](https://twitter.com/adulau/status/1583468649053945858)) +---- +RT @circl_lu: The typosquatting-finder has been improved and now support @MISPProject event export and feed export to automatically ingest… + +(Originally on Twitter: [Fri Oct 21 15:30:27 +0000 2022](https://twitter.com/adulau/status/1583480842164514816)) +---- +@LuigiLenguito @John_Fokker @MISPProject @BforeAi Thanks. Would you mind if the results (the stable parking ones) end up in the misp warning lists to help the community? https://github.com/MISP/misp-warninglists + +(Originally on Twitter: [Sat Oct 22 07:08:45 +0000 2022](https://twitter.com/adulau/status/1583716975607681025)) +---- +@lorisguemart En fait, il semble que les journalistes ont la mémoire courte et sélective. Google a été poursuivi par plusieurs medias français et belge sur la rémunération dans le cadre des droits voisins. Donc la sélection est basée sur les éditeurs et medias souvent restant… + +(Originally on Twitter: [Sun Oct 23 07:06:30 +0000 2022](https://twitter.com/adulau/status/1584078798148243456)) +---- +Wondering what the outcome of such statement? Do we have an offline Wikipedia on proprietary watches? Does this help anyone to access knowledge? Is Wikipedia less accessible than 10 years ago? Is anyone doing something to make it more accessible? + +https://mobile.twitter.com/mikko/status/1583804837237379072 + +(Originally on Twitter: [Sun Oct 23 08:11:22 +0000 2022](https://twitter.com/adulau/status/1584095122282512386)) +---- +Do you remember the WikiReader? Maybe it’s time to reinvent something open, cheaper, smaller and more useable. Lowtech and simple access devices to Wikipedia still needs some work… but we don’t really need to promote proprietary Apple product. ![](media/1584095127856812032-FfvVSXUXEAEoMiM.jpg) + +(Originally on Twitter: [Sun Oct 23 08:11:24 +0000 2022](https://twitter.com/adulau/status/1584095127856812032)) +---- +RT @cudeso: Slides of my #CTIS2022 presentation on #CTI Operational Procedures with @projectjupyter Jupyter Notebooks and @MISPProject PyMI… + +(Originally on Twitter: [Sun Oct 23 08:15:40 +0000 2022](https://twitter.com/adulau/status/1584096202357755904)) +---- +strings of hope + +#streetphotography ![](media/1584135492366663680-Ffv6zEnXgAE748D.jpg) + +(Originally on Twitter: [Sun Oct 23 10:51:47 +0000 2022](https://twitter.com/adulau/status/1584135492366663680)) +---- +I know we cannot blame anyone for using crazy licenses but I just found a software on GitHub using CC BY-NC-SA 4.0. + +Maybe one day @github will put warnings next to repositories not using open source licenses. + + +media/1584237926288097280-FfxX-vJWAAYo3My.mp4 + +(Originally on Twitter: [Sun Oct 23 17:38:50 +0000 2022](https://twitter.com/adulau/status/1584237926288097280)) +---- +@GunstickULM @github Yes it is... + +(Originally on Twitter: [Sun Oct 23 20:55:51 +0000 2022](https://twitter.com/adulau/status/1584287507499212800)) +---- +RT @Iglocska: After several arguments with vendors and LEA, it looks like getting access to CSAM hash databases for public reuse in open th… + +(Originally on Twitter: [Mon Oct 24 09:14:30 +0000 2022](https://twitter.com/adulau/status/1584473395575816193)) +---- +Please don't DM about this to make meetings with some organisation. We tried and it doesn't work. The owner of the CSAM db needs to publicly disclose the hash database or at least a Bloom filter of it. + +Back to the @FIRSTdotOrg discussion at the keynote. + +https://twitter.com/Iglocska/status/1584473283348439040 + +(Originally on Twitter: [Mon Oct 24 09:17:13 +0000 2022](https://twitter.com/adulau/status/1584474080581160960)) +---- +@Ministraitor @FIRSTdotOrg Now if we can get a freely accessible list (even just as a Bloom filter). It would be good for everyone to be able to work on it and report it asap. + +(Originally on Twitter: [Mon Oct 24 09:53:32 +0000 2022](https://twitter.com/adulau/status/1584483220099280896)) +---- +@6vis_pacem @FIRSTdotOrg Yep and researchers have the exact same issue (as mentioned in this article). The database is secret… + +(Originally on Twitter: [Mon Oct 24 10:38:33 +0000 2022](https://twitter.com/adulau/status/1584494547232788480)) +---- +@6vis_pacem @FIRSTdotOrg @Europol I did with all LEAs I know and the issue they don’t want to make the list or a Bloom filter public. + +(Originally on Twitter: [Mon Oct 24 11:44:44 +0000 2022](https://twitter.com/adulau/status/1584511202029289472)) +---- +RT @syloktools: Here are the recordings from my talks at #CTIS2022! Thanks to @adulau, @Iglocska and everyone else that had a hand in this… + +(Originally on Twitter: [Mon Oct 24 15:10:53 +0000 2022](https://twitter.com/adulau/status/1584563082344353794)) +---- +RT @xme: [/dev/random] CTI-Summit 2022 Luxembourg Wrap-Up https://blog.rootshell.be/2022/10/24/cti-summit-2022-wrap-up/ #CTIS2022 + +(Originally on Twitter: [Mon Oct 24 16:19:47 +0000 2022](https://twitter.com/adulau/status/1584580424587563013)) +---- +@xme + + +media/1584580539268231168-Ff2PmHcWQAM-nzp.mp4 + +(Originally on Twitter: [Mon Oct 24 16:20:15 +0000 2022](https://twitter.com/adulau/status/1584580539268231168)) +---- +RT @mickmoran: Dear Gatekeepers, He's right you know. It's time to find a better vehicle to make CSAM hashsets available for use as IOC. +@… + +(Originally on Twitter: [Mon Oct 24 18:11:48 +0000 2022](https://twitter.com/adulau/status/1584608613313970176)) +---- +RT @RobJHeaton: How to use background electrical noise on a recording to work out exactly when it was made - a technique used to verify evi… + +(Originally on Twitter: [Tue Oct 25 12:09:38 +0000 2022](https://twitter.com/adulau/status/1584879857993150466)) +---- +@jedisct1 Take care 🙏🏻 I hope everything is better nowadays. + +(Originally on Twitter: [Tue Oct 25 17:06:46 +0000 2022](https://twitter.com/adulau/status/1584954633654439937)) +---- +Can someone explain the pricing differences between Amazon FR and new Amazon BE? especially when you are logged in. and prices also change depending of the source IP. @AmazonNewsEU Do you do geofencing to force customer to move? ![](media/1585168013476913153-Ff-lfueWIAAv7dp.jpg) + +(Originally on Twitter: [Wed Oct 26 07:14:40 +0000 2022](https://twitter.com/adulau/status/1585168013476913153)) +---- +@cbrocas @AmazonNewsEU Lol entre 5.5% en France et 6% en Belgique pour les livres, cela devrait être dans l’autre sens ;-) + +(Originally on Twitter: [Wed Oct 26 07:21:00 +0000 2022](https://twitter.com/adulau/status/1585169611179581441)) +---- +@aeris22 @AmazonNewsEU « Le prix fixe du livre » also exists in Belgium to protect bookstore. I also initially thought it was something like that but it seems to be another origin. + +(Originally on Twitter: [Wed Oct 26 07:23:04 +0000 2022](https://twitter.com/adulau/status/1585170129012555776)) +---- +@clusil_lu @dbarzin @houseofcyber_lu It's a cool open source project. The url on GitHub is available there https://github.com/dbarzin/mercator + +(Originally on Twitter: [Wed Oct 26 16:25:20 +0000 2022](https://twitter.com/adulau/status/1585306593637191685)) +---- +The @MISPProject warning-lists now include a first version of parking domains and infrastructure. Thanks to @cruciani_david for the improvements and it's also included in the http://typosquatting-finder.circl.lu services. + +Feedback and update are welcome. + +https://twitter.com/adulau/status/1583468649053945858 ![](media/1585307780285886465-FgAkRw1XwAArGFS.jpg) + +(Originally on Twitter: [Wed Oct 26 16:30:03 +0000 2022](https://twitter.com/adulau/status/1585307780285886465)) +---- +@Foone Could it be a Franklin Gothic Demi Condensed with aliasing? + +(Originally on Twitter: [Wed Oct 26 19:59:24 +0000 2022](https://twitter.com/adulau/status/1585360468356780032)) +---- +RT @MISPProject: A new MISP module has been added to support @VARIoT_project IoT exploit & vulnerability database. + +https://misp.github.io/misp-modules/expansion/#variotdbs… + +(Originally on Twitter: [Thu Oct 27 10:39:57 +0000 2022](https://twitter.com/adulau/status/1585582066229460998)) +---- +I hate when I start to look at all open source options for micro-blogging and nothing is really standing out. + +Did someone find an open source alternative to mastodon which is lightweight, simple and using ActivityPub? + + +media/1585709793750261760-FgGSph9WQAM37RS.mp4 + +(Originally on Twitter: [Thu Oct 27 19:07:30 +0000 2022](https://twitter.com/adulau/status/1585709793750261760)) +---- +RT @MISPProject: Next week @adulau @Iglocska and @mokaddem_sami will be at @FIRSTdotOrg #FIRSTCTI22 in Berlin + +Don't hesitate to pass by t… + +(Originally on Twitter: [Fri Oct 28 12:17:19 +0000 2022](https://twitter.com/adulau/status/1585968953922314242)) +---- +@emma_ducros Cela ne me semble pas si simple. + +L’inflation n’est pas le seul facteur pour influencer un vote. + +Pour la Belgique c’est 12.27% en octobre. + +(Originally on Twitter: [Fri Oct 28 18:07:35 +0000 2022](https://twitter.com/adulau/status/1586057101222330371)) +---- +Looking at the @MISPProject ticket queue, again there are some people who think that we are the Motor Insurance Service Provider (MISP) in India. So they gave us their PAN number, IIB and so on... to list/delist their motorbikes. + +(Originally on Twitter: [Sat Oct 29 07:22:53 +0000 2022](https://twitter.com/adulau/status/1586257246916599808)) +---- +New release of Lookyloo which includes the support for a new framework (Lacus) for web captures. Lacus will be also the new capture back-end for @ail_project to make web capture for threatintel more stable. Thx @rafi0t + +https://github.com/Lookyloo/lookyloo/releases/tag/v1.16.0 + +LacusCore: https://github.com/ail-project/LacusCore + +(Originally on Twitter: [Sat Oct 29 15:08:54 +0000 2022](https://twitter.com/adulau/status/1586374524907712513)) +---- +RT @jfslowik: When you're talking about a threat and someone says "selector" instead of "indicator" ![](media/1586407915409186816-FgQBzmiVUAAR3RO.png) + +(Originally on Twitter: [Sat Oct 29 17:21:35 +0000 2022](https://twitter.com/adulau/status/1586407915409186816)) +---- +@Iglocska @MISPProject Ah you mean the questions about …. + + +media/1586618906709467145-FgTNe26XEAIlxpH.mp4 + +(Originally on Twitter: [Sun Oct 30 07:19:59 +0000 2022](https://twitter.com/adulau/status/1586618906709467145)) +---- +@Iglocska @MISPProject I obviously remember when … requested… + + +media/1586620199477956609-FgTOqHVXEAcJre3.mp4 + +(Originally on Twitter: [Sun Oct 30 07:25:08 +0000 2022](https://twitter.com/adulau/status/1586620199477956609)) +---- +@_saadk @martijn_grooten @maldr0id Thanks for this insidious idea which will percolate in my dreams. @haniaranimusic becoming a colleague of us while composing her next album in our office space. + + +media/1586622439735296000-FgTQsh9XwAAz-yw.mp4 + +(Originally on Twitter: [Sun Oct 30 07:34:02 +0000 2022](https://twitter.com/adulau/status/1586622439735296000)) +---- +@_saadk @Iglocska @martijn_grooten @maldr0id I’m the one sharing an office with this guy. + + +media/1586625154624397312-FgTTKiWWIAAFCQo.mp4 + +(Originally on Twitter: [Sun Oct 30 07:44:49 +0000 2022](https://twitter.com/adulau/status/1586625154624397312)) +---- +I received many requests for information about the recent (to be disclosed) OpenSSL vulnerability. I have zero information about it. + +Between (), reading the git commit log is quite interesting never the less. + +https://github.com/openssl/openssl/commits/master + +(Originally on Twitter: [Sun Oct 30 18:03:53 +0000 2022](https://twitter.com/adulau/status/1586780948766785538)) +---- +RT @MISPProject: While preparing the @FIRSTdotOrg MISP workflow training session, we introduced a new series of workflow modules to add enr… + +(Originally on Twitter: [Mon Oct 31 15:38:13 +0000 2022](https://twitter.com/adulau/status/1587106678943653888)) +---- +@alexanderjaeger @FIRSTdotOrg @thomasschreck_ @asfakian Kudos to @thomasschreck_ for making this possible 🙏🏻 + +(Originally on Twitter: [Tue Nov 01 20:23:40 +0000 2022](https://twitter.com/adulau/status/1587540899629875203)) +---- +Interesting talk about best practices for threat landscape reports at #FIRSTCTI22 . I think what I usually miss as a reader of such report, it's actual recommendations to limit a threat or propose common remediation. #threatintel + +(Originally on Twitter: [Wed Nov 02 11:00:40 +0000 2022](https://twitter.com/adulau/status/1587761603520466945)) +---- +@_saadk I mean a lot of organisations read the threat landscape and don't know how the other organisations responded to specific threats. Providing guidance for the responses and how to limit impact. This sounds to me logical step if we want to provide "actionable" TLR. + +(Originally on Twitter: [Wed Nov 02 12:40:39 +0000 2022](https://twitter.com/adulau/status/1587786765410226179)) +---- +@USCGSoutheast 😢I’m really sad to hear this. Your contributions and support to the community won’t be forgotten. + +(Originally on Twitter: [Wed Nov 02 21:58:26 +0000 2022](https://twitter.com/adulau/status/1587927137012846592)) +---- +During the talk of @threatray at #FIRSTCTI22 there was a mention of metame is a simple open source metamorphic code engine for arbitrary executables. + +https://github.com/a0rtega/metame + +Nice for testing your detection rules ;-) #threatintel + +(Originally on Twitter: [Thu Nov 03 09:40:44 +0000 2022](https://twitter.com/adulau/status/1588103877185998849)) +---- +RT @cudeso: A @MISPProject tip of the week: A 'soft' delete propagates to other MISPs. A 'hard' delete removes the attribute on your instan… + +(Originally on Twitter: [Fri Nov 04 08:05:53 +0000 2022](https://twitter.com/adulau/status/1588442396320489472)) +---- +RT @asoni: Amazing write-up on a dynamic emotet config extractor by @rsprooten. He uses a combination of YARA, the SMDA decompiler, @unicor… + +(Originally on Twitter: [Sat Nov 05 06:28:05 +0000 2022](https://twitter.com/adulau/status/1588780168843182083)) +---- +Just in case if the world is collapsing here, you can also reach me via @adulau@infosec.exchange + +I plan to cross-post on both sides. + + +media/1589147671754723328-Fg3JYD-WAAA2Tci.mp4 + +(Originally on Twitter: [Sun Nov 06 06:48:24 +0000 2022](https://twitter.com/adulau/status/1589147671754723328)) +---- +New @MISPProject expansion modules to easily expand URLs into MISP objects. #threatintelligence #opensource + +https://github.com/MISP/misp-modules + +The module is a good blueprint to create other modules with additional functionalities. ![](media/1589347361523761153-Fg5-uOBX0AEFf3x.jpg) + +(Originally on Twitter: [Sun Nov 06 20:01:54 +0000 2022](https://twitter.com/adulau/status/1589347361523761153)) +---- +RT @ancailliau: @EC3Europol How can I help organizations to prevent them sharing these CSAM material? I know there are list of indicators b… + +(Originally on Twitter: [Tue Nov 08 13:47:56 +0000 2022](https://twitter.com/adulau/status/1589978024367206400)) +---- +RT @TTpourTous: Chers amis frontaliers, je suis en colère. +En colère pour nous tous. +Il n'y a pas un jour sans qu'on nous dise qu'il faut c… + +(Originally on Twitter: [Tue Nov 08 16:45:18 +0000 2022](https://twitter.com/adulau/status/1590022662063296513)) +---- +RT @circl_lu: The https://typosquatting-finder.circl.lu/ typosquatting finder service has been updated, multiple bugs were fixed and some improvements add… + +(Originally on Twitter: [Wed Nov 09 11:12:01 +0000 2022](https://twitter.com/adulau/status/1590301175467106304)) +---- +I'm proud of the expertise of the deers in France. ![](media/1590302277327532033-FhHirLiWIAASmrZ.png) + +(Originally on Twitter: [Wed Nov 09 11:16:23 +0000 2022](https://twitter.com/adulau/status/1590302277327532033)) +---- +@Iglocska You don't like diversity in the nature training camps ;-) + +(Originally on Twitter: [Wed Nov 09 11:41:55 +0000 2022](https://twitter.com/adulau/status/1590308702568841216)) +---- +@Cyb3rMik3 @MISPProject @FIRSTdotOrg @mokaddem_sami @Iglocska @circl_lu @asfakian Check the ALT text ;-) you might be surprised. + +(Originally on Twitter: [Wed Nov 09 13:01:51 +0000 2022](https://twitter.com/adulau/status/1590328818254090241)) +---- +@TTpourTous @AudeForestier De plus, les jours de travails pour l'entreprise dans un autre pays sont considérés comme du télétravail. Donc pour ceux qui se déplacent pour leur employeur, ils n'ont plus de jours de télétravail autorisés... + +(Originally on Twitter: [Wed Nov 09 15:28:14 +0000 2022](https://twitter.com/adulau/status/1590365654087270402)) +---- +@quinnnorton @Iglocska + + +media/1590438542106570752-FhJfa1uX0AAGTDx.mp4 + +(Originally on Twitter: [Wed Nov 09 20:17:52 +0000 2022](https://twitter.com/adulau/status/1590438542106570752)) +---- +@ChatNoirduRail Tu nous fais une petite visite urbex de la bête ? + +(Originally on Twitter: [Thu Nov 10 16:11:41 +0000 2022](https://twitter.com/adulau/status/1590738978155548672))