adulau

adulau, 8 months ago to infosec

I maintain some notes about HTTP/2 ‘Rapid Reset’ DDoS attack - CVE-2023-44487

🔗 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088

#rapidreset #http2 #infosec #ddos #vulnerability #CVE-2023-44487

adulau, 11 months ago to infosec

There is a significant increase of phishing/spear phishing using IPFS and their persistance is quite annoying.

#phishing #infosec #ipfs

https://lookyloo.circl.lu/tree/3f5f07d4-c4e1-4fba-afc2-feb7e503093f

adulau, 7 months ago to random

Pretty and nifty nice tool and format to describe and visualize binary files/format by Corkami (Ange Albertini)

http://corkami.github.io/sbud/hexii.html

The output is in SVG format.

Presentation at @hack_lu cti summit

#infovis #reversing #visualization

adulau, 11 months ago to opensource

We (@terrtia and myself) are at the @leHACK to present the AIL project at the OSINT village today!

Feel free to join us and discuss about data mining for threat intelligence.

https://www.ail-project.org/

#opensource #threatintelligence #threatintel #lehack

adulau, 6 months ago to llm

Extracting Training Data from ChatGPT

I’m wondering if OpenAI requested a CVE for the disclosure of this vulnerability.

#llm #llms #openai #vulnerability #chatgpt

🔗 https://not-just-memorization.github.io/extracting-training-data-from-chatgpt.html

🔗 https://arxiv.org/abs/2311.17035

adulau, 9 months ago to privacy

Digging a little bit in the some ICC profiles added in signal-app, I updated the original issue and there is clearly an issue where new ICC profiles are created from the Google skia library.

https://github.com/signalapp/Signal-Desktop/issues/6031#issuecomment-1702432836

This issue only appears when the media-quality is to high. Maybe an allow-list strategy like the mat2 tool written by @jvoisin would be better to be sure that new metadata created are discarded by default.

@signalapp

#privacy #signal #signalapp #metadata

adulau, 7 months ago to llm

You want to detect the probability if a text was generated by a LLM. ZipPy can help (it's fast).

https://github.com/thinkst/zippy

"ZipPy: Fast method to classify text as AI or human-generated"

A nifty tool presented by Jacob Torrey at @hack_lu 2023

@Jacob

#hacklu #llm #opensource #chatgpt

adulau, 5 months ago to opensource

I think the @jwz famous quote about regular expressions can be applicable to docker nowadays.

Some people, when confronted with a problem, think "I know, I'll use docker." Now they have two problems.

#docker #opensource #quote #unix

adulau, 5 months ago to opensource

In recent years, we have strived to update the MISP standard to ensure it remains stable, simple, and extensible. This effort benefits not only the MISP project but also other threat intelligence tools that utilise this format.

Our commitment is to maintain a stable long-term format that allows users to actively reuse the MISP standard without encountering disruptive changes. We are pleased to announce that our standard format is now being used by numerous software applications worldwide. Recently, we have made minor updates to various formats to incorporate necessary changes while ensuring that our current users are not adversely affected.

For more detailed information, please refer to the following links:

🔗 Core format https://www.misp-standard.org/rfc/misp-standard-core.html
🔗 Object template format https://www.misp-standard.org/rfc/misp-standard-object-template-format.html
🔗 Taxonomy format https://www.misp-standard.org/rfc/misp-standard-taxonomy-format.html
🔗 Galaxy format https://www.misp-standard.org/rfc/misp-standard-galaxy-format.html

🔗 For further details, visit our main website MISP standard website https://www.misp-standard.org/

The MISP standards are also published as I-Ds at the IETF for further dissemination.core, galaxy, object and taxonomy.

#threatintel #threatintelligence #opensource #openstandards #misp #infosec

@misp

adulau, 1 year ago to opensource

We are developing vulnerability-lookup which is a rewrite of cve-search to support and improve various requirements which came during the past years:

• Improve the NVD NIST feeders to support the new API v2
• Allow multiple source of vulnerability feeds to be ingested even if there is no associated CVE id
• Support of GSD feeds (mainly where the Linux kernelvulnerabilities are described) and GitHub security vulnerabilities (more to come very soon)
• Easily find the overlaps or differences between vulnerabilities allocated
• A very fast API (we got rid of MongoDB and replaced it with kvrocks) to get the original vulnerability description from the different feeds

This is still pretty alpha but an initial release is coming in the next weeks.

If you want to contribute, test or have any ideas of additional feeds to add, let us know.

#opensource #threatintel #cvd #vulnerability #cve

🔗 https://github.com/cve-search/vulnerability-lookup

bert_hubert, 4 months ago to random

"To be good with technology requires actually doing technology" - it is so sad that we have to point this out today. You can't outsource all the things you do and assume you'll continue to be in control of what you do. (from https://www.techpolicy.press/the-dangers-of-moving-key-internet-governance-functions-to-amazons-cloud-the-case-of-the-netherlands/)

adulau, 5 months ago to opensource

I released a new version of the DomainClassifier python library with improved performance and built-in caching. Thanks to @terrtia for the contribution.

DomainClassifier is a simple Python library to extract and classify Internet domains/hostnames/IP addresses from raw unstructured text files following their existence, localization or attributes.

DomainClassifier can be used to extract Internet hosts from any free texts or collected unstructured information. It's for example used in @ail_project to guess all potential hostname/domain from any text.

#opensource #infosec #datamining #python #osint

🔗 https://github.com/adulau/DomainClassifier
🔗 PyPi https://pypi.org/project/DomainClassifier/

adulau, 6 months ago to opensource

Why many open source OSINT tools have this bad practice of outputting non parseable text with blinking or crappy ANSI character set? Is this because of TV series?

#opensource #osint

adulau, 4 months ago to opensource

The @misp project's extensive knowledge base, available at misp-galaxy.org, now features an interactive and dynamic graph. This new addition showcases graph relationships, enhancing your browsing experience with visible, dynamic connections. Plus, you can easily filter through these relationships to find exactly what you need.

#misp #threatintelligence #threatintel #threatactors #opensource #opendata

🔗 An example with the PROMETHIUM threat actor https://www.misp-galaxy.org/microsoft-activity-group/relations/5744f91a-d2d8-4f92-920f-943dd80c578f/
🔗 Threat actor galaxy https://www.misp-galaxy.org/threat-actor/

adulau, 6 months ago to opensource

It seems my old blog post from 2016 about OpenPGP - « OpenPGP really works » still stands the current discussions.

#openpgp #opensource #standards

https://www.foo.be/2016/12/OpenPGP-really-works

adulau, 7 months ago to infosec

I finally updated the old @circl Passive DNS API to version 2.0. The idea is to have a backward compatible API with the standard Common Output Format which was designed years ago. The switch will take over next month in November. If you have an existing access, nothing will change (beside new features and fresher intelligence).

The key features of the new API include support for pagination, making it suitable for handling large data sets, and the ability to filter data based on DNS RR types. This ensures that legacy tools can continue to function seamlessly, while new ones can take advantage of pagination to access larger sets of passive DNS data.

Notably, the back-end infrastructure has also undergone significant changes, providing users with enhanced insights.

The streaming API for contributors will be available at a later stage via CocktailParty.

#passivedns #infosec #stream #threatintel #threatintelligence

Thanks to @gallypette for the collaboration and contribution in the new back-end infrastructure.

Feedback and ideas are more than welcome.

🔗 Draft documentation for version 2.0

adulau, 7 months ago to infosec

If you are registered to CTI summit and/or @hack_lu for next week, you should have received an email for proposing lightning talks. Don’t be shy and submit your proposal ;-)

See you there.

#conference #infosec #lightningtalks

adulau, 6 months ago to opensource

If you wrote scripts using tshark, there are some changes in version 4.2.0 of wireshark for the -e option...

🔗 https://www.wireshark.org/docs/relnotes/wireshark-4.2.0.html

#dfir #networkanalysis #wireshark #opensource

adulau, 6 months ago to random

A good summary in LaTeX about the illogical part of the TLP:CLEAR concept.

#tlp

adulau, 6 months ago to random

If you want to host a phishing website, don’t use a cheap ISP or cloud provider. They might take it down in less than 48 hours. Take Amazon, it’s up for more than two weeks. 🤦🏼‍♂️

adulau, 4 months ago to music

"Hacker’s Paradise: Analysing music in a cybercrime
forum"

🎼 #cybercrime #music #paper #research

Remind me to add this functionality in @ail_project ;-)

🔗 https://api.repository.cam.ac.uk/server/api/core/bitstreams/646224d4-9d69-45ee-9892-a70b8bbd7024/content

adulau, 5 months ago to random

Cyber Toufan was finally added in the @misp MISP galaxy as a threat-actor.

#threatintel #threatactors #cybertoufan #misp

Thanks to Mathieu Béligon for the recent contribution.

🔗 https://www.misp-galaxy.org/threat-actor/?h=cyber+toufan#cyber-toufan
🔗 if you want to contribute or update the thret-actor MISP galaxy https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json

adulau, 4 months ago to infosec

What happened to pastebin.com ? It has been down for the past 12 hours.

:blobcatpeekaboo:​

#pastebin #cti #infosec

adulau, 4 months ago to infosec

Recapping the state of vendors' VPN appliances:

• They don't maintain their software
• They accept money from their customer for maintenance
• They don't provide patch or update for their customer
• Don't proactively review the code

Yet organisations question open source?

#ivanti #vpnappliance #infosec #vulnerability

adulau, 5 months ago to bbs

Nowadays those BBS are pretty neat with 2.8TB of free space. In the early nineties, it was more 20MB of free space.

#bbs #oldbutnew