-
May 27, 2024
Back in 2017, I shared a detailed post about the configuration of my Linux laptops on my blog (you can find it here). Since then, not only has my tech setup evolved, but my understanding and awareness of security and… read more »
-
May 25, 2024
Welcome, dear readers, to the frenetic world of modern work, where the rush is glorified and the only thing that matters is the end result. Ah, the culture of results! It’s as if we’re all running on a hamster wheel,… read more »
-
May 21, 2024
The world of work today if full of tasks, emails, meetings, and personal projects: In this situation, you may feel overwhelmed. But the Getting Things Done (GTD), a productivity system developed by David Allen, may helps you! GTD is not… read more »
-
May 20, 2024
For several years I have been using Jekyll as a platform for my site, and for publication I use a simple GitHub Action which converts an issue into a markdown file which is then processed by Jekyll (in one of… read more »
-
May 13, 2024
In the past I have often spoken (1,2) about Pegasus, the spyware originally produced and distributed by the Israeli company NSO, which has been used by various states to spy on activists, opponents and journalists. Now, with the upcoming European… read more »
-
Apr 26, 2024
The Wayback Machine is a digital archive of the internet, maintained by the Internet Archive. It allows you to view past versions of websites, which can be a valuable tool for OSINT investigations. For example, you can use the Wayback… read more »
-
Apr 3, 2024
Google recently disclosed two critical vulnerabilities (CVE-2024-29745 and CVE-2024-29748) affecting Pixel smartphones that are being actively exploited by forensic companies. These zero-day flaws, which haven’t yet been patched, could potentially allow unauthorised access to user data. The news comes more… read more »
-
Mar 31, 2024
On March 29, 2024, a serious security vulnerability was discovered in the XZ Utils library. This library is used by many Linux distributions for data compression. The vulnerability, which has been assigned the CVE identifier CVE-2024-3094, is a backdoor that… read more »
-
Mar 26, 2024
Procrastination is the act of delaying or postponing a task or set of tasks. So, how do you stop procrastinating? Here are eight tips: The 2-Minute Rule If a task takes less than two minutes to complete, do it right… read more »
-
Jan 28, 2024
Today I’d like to show you my setup for integrate the pass password manager into the i3 desktop environment using a Bash script. The script is designed to automatically fill in the user and password fields in login forms, and… read more »
-
Dec 8, 2023
In a letter to the Department of Justice, Senator Ronnie Wyden reveals that foreign governments have been spying on how American citizens use their iPhones and Android phones through push notifications. Most people don’t think much of them, but some… read more »
-
Nov 19, 2023
The Russian cyber espionage group Gamaredon, affiliated with Russia’s Federal Security Service (FSB), has been observed using a worm called LitterDrifter, which spreads through USB devices in targeted attacks against Ukrainian entities. This tactic signifies an evolution in the group’s… read more »
-
Nov 12, 2023
At first glance, the relationship between privacy on Android phones may seem complicated. Given Google’s prominent role in the advertising business, where the bulk of its revenue is generated, it can be challenging to reconcile the idea of data collection… read more »
-
Oct 29, 2023
Microsoft has monitored the actions of a group named Octo Tempest (identified by Crowdstrike as Scattered Spider and my Mandiant as UNC3944), which has targeted multiple firms to extort money. The cybercriminals, linked to the BlackCat group (ALPHV), use a… read more »
-
Oct 20, 2023
What’s the difference between IoA and IOC, and why is it crucial to incorporate them into a security strategy? TL;DR Courtesy of CrowdStrike IoC IoA Artifacts that suggest a system has been breached. Patterns of behavior that indicate that an… read more »
-
Oct 8, 2023
Ransomware groups are constantly evolving their tactics and techniques to stay ahead of defenders. Cybersecurity firm Red Sense collected some information on major ransomware groups this summer, and created this useful chart showing the main changes they made to their… read more »
-
Oct 7, 2023
Personally, I am a big fan of NextDNS, a DNS service that (similar to PiHole) allows you to block traffic to advertising circuits, tracking and telemetry systems. This is why I have always been fascinated by the possibility of reproducing… read more »
-
Sep 26, 2023
RansomedVC is a recent ransomware collective, which was initially detected by Malwarebytes and SocRadar in August 2023 after publishing information about nine victims on its dark web page: It gained notoriety after announcing that it had violated SONY: The singular… read more »
-
Sep 24, 2023
Stealth Falcon APT (aka Project Raven or FruityArmor), a state-sponsored hacking group from the United Arab Emirates (UAE), is mainly known for targeting activists, journalists, and dissidents in the Middle East. Cybersecurity researchers from ESET have discovered a previously undocumented… read more »
-
Sep 15, 2023
UNC3944, a financially motivated threat group, has been leveraging SMS phishing (smishing) campaigns to target organizations and gain unauthorized access to their systems. According to a detailed report by Mandiant, the group uses phone-based social engineering and smishing to obtain… read more »