Despite recent takedowns of multiple CnCs related to dridex, we still see a significant amount of Dridex samples. To facilitate triage and extraction of IOCs, we
Crisis vs. Risk Management – know the difference and account for the unforeseeable
Account for non-obvious and unidentified risks Risk identification is mostly a mental process, which from data analysis (i.e., processes, past events, financials figures, logs,
Hacking Arista appliances for fun and profit
I have been playing a lot with Arista hardware lately, as we’re mainly using their products in our data center’s as Tor or Spine switches,
Machine learning and security: who should care?
Machine learning has been the new hot thing for a while now, and yet it’s still unclear what it’s good for in information security, if
How to crack Ubuntu encryption and passwords
During Positive Hack Days V, I made a fast track presentation about eCryptfs and password cracking. The idea came to me after using one feature
Defcon 2015 CTF finals
Following the Blackhat conference, I participated to Defcon CTF finals as part of the 0daysober team which qualified in 10th position last June. This event