2022

May 23

Update 2022 and Current Focus - Information Security Compliance

2021

Mar 09

Microsoft Exchange Logging - Hafnium and other Attack Scenarios

Feb 10

NTP (Network Time Protocol) and Logging

Feb 07

Setting up OpenVPN Logging - including YAML Config Snippets

Feb 07

YAML Config Snippet for HyperV Audit Logging Event Locations

Feb 07

YAML Config with Event IDs of Active Directory Domain Service Events with Criticality Info

Feb 06

YAML config for the Palantir Windows Event Forwarding Guidance

Feb 06

YAML Config Snippet of JPCERT Lateral Movement Events to Monitor (Windows)

Feb 05

YAML config for NSA Events to Monitor List

Feb 05

YAML config for events from the Windows 10 and Windows Server 2016 Security auditing and monitoring reference

Feb 05

Which Windows auditing events require failure and success logging?

Feb 05

YAML config for exploit protection events based on attack surface reduction events

2020

Dec 16

Purple Team PostgreSQL - Pentesting PostgreSQL Databases and Servers

Dec 16

Purple Team PostgreSQL - Logging PostgreSQL Databases and Servers

Dec 11

DNS Log Collection 5 part series

Dec 07

Security Implementation and Assessment Plan Notes

Sep 06

DNS and IT security - Know your DNS Queries and Requests, Attacks, and SANS CSC

Sep 06

DNS Log Collection - More on DNS Queries

Jul 16

DNS Log Collection and Parsing on Windows and Linux DNS Server Series

Jun 21

From the 2015 archive: Introduction to the different types of mining

Jun 09

Reversing 2020 - Virtual con on June 30th regarding Yara

Jun 08

Link: Guide: how to discover which app is making DNS lookup requests on Windows using Sysmon & Event Viewer

May 02

APT29 Cyb3rWard0g hackathon!

Apr 26

Personal post: Participating in Coronavirus Hackathons - EU vs Virus and Berlin EasterHack

Feb 24

Who moved my DNS cheese? BIND 9 DNS Log Collection and DNS Auditing

Feb 22

Going to BSIDES DUBLIN

Feb 05

SIEM eBook - best practices for log collections and SIEM suites

Feb 02

FOSDEM2020

Jan 30

Whitepaper on Event Tracing for Windows (ETW)

Jan 28

List of Event IDs to Monitor

2019

Nov 06

DNS Event Query Monitoring with Sysmon with Metadata Sample and link to Example Rules

Nov 03

Pentesting Kubernetes with Kube-Hunter

Nov 02

On this problematic CTF

Nov 01

Cloud Native Security Workshop notes

Oct 31

MITRE ATT&CKCon 2019 - Recap

Oct 28

BSides Luxembourg 2019 and MITRE ATT&CK Community User Group Workshop

Oct 13

A short lockpicking story

Oct 13

List of HKEY_* / Windows Registry keys and subkeys to audit based on MITRE ATT&CK (and more)

Oct 09

(Ongoing) Infosec Institute: Review and Thoughts for Self-Study over 30 days

Oct 06

Thoughts: On grok and dissect (Logstash); and field extractions/field extractor and regular expressions (Splunk)

Sep 29

2019 Collection of Answers from Reddit and StackOverflow - on Active Directory, Networking, Windows Server, Windows Logging, PowerShell, InfoSec and more

Sep 25

EuroBSDCon, Lillehammer, Norway

Sep 08

Collecting of Windows EventIDs tracking Lateral Movement based on JPCERT

Aug 18

Collecting Linux Ingress Authentication Events using Rapid7 Universal Event Formats

Aug 04

Collecting Windows Ingress Authentication Events using Rapid7 Universal Event Formats

Jul 10

What are the top EventLog IDs and ID Groups to watch out for indicators of compromise or indicators of attack?

Jul 09

Top sources for better Linux log collection with NXLog

Jul 06

Whitepaper on Structured Logging

May 08

Debugging a problem through vvv (a very very verbose stdout) of an SFTP exchange

May 03

Various Notes - Incidence Response on Attacker Tricks for EventLog

May 03

Why understanding of DNS monitoring is useful for securing and hardening infrastructure

Apr 18

Video: Sending ETW Data to Splunk

Mar 16

Sending Windows PowerShell EventLog and ETW Data to Splunk

Mar 11

The perils of looking for information today when trying to get things done.

Mar 07

List of ETW Providers on Windows Server 2016

Feb 28

Logging and monitoring of FTP clients

Feb 26

Published on opensource.com: Reducing security risks with centralized logging

Feb 11

Response: On Data Manipulation Attacks and Using File Integrity Monitoring to Help Mitigate Against Them

Feb 11

Posts on Medium.com

Feb 11

How to: Collect and send logs to deploy Windows Registry Monitoring

Feb 10

Brief look at logs: SNARE vs BSD vs LEEF

Feb 10

How to: Convert Windows EventLog to Syslog

2018

Dec 17

Speaking at FOSDEM 2019 in Brussels

Dec 12

Now in Gitlab

Oct 27

Thoughts on RIPE77 overall

Oct 25

Lockpicking for the first time at a Paris hackerspace

Oct 09

SaltStack Blog Profile

Sep 17

RIPE77 - Before the event

Aug 30

DC11331 Meetup August

Jul 08

Business Continuity Planning

Jun 21

Setting up ZED Attack Proxy with a File Transfer Server

Jun 05

IPv6 support for HTTP/S, FTP/S, SFTP and SCP File Transfer Services

May 29

Trying out RETRO Forth

May 10

Intro to OWASP Zed Attack Proxy

Apr 29

Passing CompTIA Network+ - Tips and Advice

Apr 19

Data Loss Prevention - Systems, Software and Strategies

Apr 16

SFTPPlus and its relevance with the OIAC Privacy Act and ASD ISM

Mar 08

Understanding the exchange between SFTP Client and SFTP Server

Mar 02

Protecting your SFTPPlus configuration against SWEET32

Feb 18

Chromebook on dev mode; list of --crossystem parameters

Jan 21

Using secure file transfer software with third parties

Jan 21

Using secure file transfer software in high availability environments

Jan 21

Best practice in secure file transfer protocols

Jan 01

Thoughts on Chaos Communication Congress for a first-time attendee

2017

Aug 13

Primer on Ethereum - from mining on Testnet to a HelloWorld contract sample

Jul 02

Current reading list

May 28

Digital nomad (physical) accessories

Apr 16

Qubes OS on VMWare Fusion (vs VirtualBox) and first quick impressions

Mar 07

Security Tips for Remote Work Teams and Digital Nomads

Feb 25

Full List of recon-ng Modules

Feb 25

Full List of 546 MSFVENOM Payloads - Last update May 2019

Feb 18

Buffer Overflows - An Introduction - Finding the Bad Characters

Feb 16

Mail server / SMTP Enumeration

Feb 14

Operating System Fingerprinting and Active Fingerprinting using Nmap

Feb 14

Mobile Pentesting

Feb 14

Introduction to Web Browser Fingerprinting and Tools

Feb 13

Open Source Intelligence (OSINT) and LinkedIn

Feb 12

Multipurpose Internet Mail Extensions (MIME) Security with PGP or SMTP

Feb 12

Introduction to Checksums

Feb 11

Compliance and Assurance Programmes