Blocking a TLD because you know… zipicious

As a blue teamer I’m working on daily basis with security and network engineers to help improve the overall posture of our customers. Thing is, I don’t have my hands in a NGFW very often, so I needed an excuse to deep dive a bit more. What better excuse than hearing a CISO shouting at […]

Google Drawings GIF phishing

So as I was aiming for bed when I just receive an email allegedly from Amazon with regards to my supposedly Amazon Prime billing information. The email says “Prime Account” but came from: Yeah sure! I could have stopped there but was just curious to see a bit more and ended up doing a complete […]

Unpacking binary 101

This is a quick blog post about how to unpack your first binary, hope you’ll learn something 🙂 I tried to make this article not too long so the techniques covered are fairly basics, but this should get you on track to discover more advanced unpacking techniques. What do we mean by “packed” binary? First […]

Which detection rules for my SOC?

Throughout my (young) career, I’ve seen many different SOC projects and I thought I should share what approaches have more chance of success. So here are some approaches that might apply well in your environment… or not. The “collect everything” approach The Business case approach The MITRE ATT&CK coverage approach The Intelligence-driven approach I also […]