Posts by adulau@infosec.exchange
(DIR) Post #ARXB9S0g18Gy4QGkVc by adulau@infosec.exchange
2023-01-11T12:57:35Z
0 likes, 0 repeats
@bortzmeyer @jpmens I was wondering if you watched the DNS4EU "Online Press Conference"https://www.youtube.com/watch?v=Lj8ePGKfQtM
(DIR) Post #ARXBlT56TxImOhT48u by adulau@infosec.exchange
2023-01-11T13:06:38Z
0 likes, 0 repeats
@bortzmeyer @jpmens Do you understand more what will be the outcome? Around 19:00, they mention a full compliance of legal/national blocking. Compared to the main existing public recursive services in US, it sounds like a bit more restrictive.
(DIR) Post #ARfovU4401wAiqTS52 by adulau@infosec.exchange
2023-01-14T16:17:37Z
2 likes, 0 repeats
@r000t I don’t get the issue with indexing public content especially it’s the design of such service in the fediverse being indexable.
(DIR) Post #ARg0BzGsq9SBdaXh56 by adulau@infosec.exchange
2023-01-15T19:09:13Z
0 likes, 0 repeats
@r000t@ligma.pro @r000t Reading https://gitlab.com/spritely/ocappub/blob/master/README.org it reminds me of those crazy ideas to create an “open source DRM”.
(DIR) Post #AUIhwKRhn5324drLUW by adulau@infosec.exchange
2023-04-04T06:59:19Z
1 likes, 0 repeats
We did a Markdown version of the TLP:UNCLEAR proposal. Pull requests are welcome.🔗 https://github.com/adulau/tlp-unclear🔗 https://adulau.github.io/tlp-unclear/#infosec #tlp
(DIR) Post #AXG4Hf9unbuCmsznma by adulau@infosec.exchange
2023-07-01T07:54:37Z
0 likes, 1 repeats
We (@terrtia and myself) are at the @leHACK to present the AIL project at the OSINT village today! Feel free to join us and discuss about data mining for threat intelligence.https://www.ail-project.org/#opensource #threatintelligence #threatintel #lehack
(DIR) Post #AY1LF9Tu9qjyHAEn6u by adulau@infosec.exchange
2023-07-24T13:26:55Z
0 likes, 0 repeats
@bortzmeyer What can you expect from media relying on the ads networks from proprietary social networks?
(DIR) Post #AaF5dig0Job6u4k6bY by adulau@infosec.exchange
2023-09-28T15:35:11Z
0 likes, 1 repeats
In the past, we had a lot discussions with other open source projects to avoid overlaps. But during the past years, some open source projects decided to change strategies, relicensed their software or even go full proprietary. We had some bad surprises and were missing critical components for a full open source digital forensic, incident response and threat intelligence pipelines. Also some users and organisations were kept captive due to this change of strategy from different software developers or projects.So nowadays, I have a different strategy. Filling the gaps with open source software only maintained where contributions remain open and if it’s not available, creating new open source projects where contributors can be co-authors and co-owners at the same time.You have been warned and you might see new open source tools appearing soon 😉#opensource #infosec
(DIR) Post #Ab5T0e9jtXple8TIzQ by adulau@infosec.exchange
2023-10-23T09:46:40Z
1 likes, 0 repeats
@RGB_Lights It's a great incentive for organisation to patch and/or conduct an incident response procedure on their publicly facing infrastructure which is vulnerable.
(DIR) Post #Ac6XKJ7w7ZgbqTYEoi by adulau@infosec.exchange
2023-11-23T17:04:06Z
0 likes, 0 repeats
@bortzmeyer Un blindicide est un nom de produit pour un type particulier de « Bazooka » fabriqué par Mecar, une société belge, dans les années 50. Le nom du produit est resté un peu dans la littérature technique militaire en Belgique à cause cet historique. Mais on utilise plus souvent « bazooka » en Belgique comme terminologie ;-)
(DIR) Post #Ac9tISrlikp7wCOYQi by adulau@infosec.exchange
2023-11-25T07:52:59Z
0 likes, 0 repeats
@mjg59 I love the idea. Did the quote come from a paper or a publication?
(DIR) Post #AcLXxKiz1uYNSst5CS by adulau@infosec.exchange
2023-11-29T06:46:02Z
0 likes, 0 repeats
Extracting Training Data from ChatGPTI’m wondering if OpenAI requested a CVE for the disclosure of this vulnerability.#llm #llms #openai #vulnerability #chatgpt 🔗 https://not-just-memorization.github.io/extracting-training-data-from-chatgpt.html🔗 https://arxiv.org/abs/2311.17035
(DIR) Post #AcyE10Z3Vt9kGfiJEW by adulau@infosec.exchange
2023-12-18T22:10:27Z
0 likes, 0 repeats
Always intriguing to witness conspiracy theorists diving into our open-source projects, weaving together connections that are more creative fiction than reality. #fun #opensource #threatintel #threatintelligence
(DIR) Post #AvEVQFgKOAYUq3OUGu by adulau@infosec.exchange
2025-06-17T19:46:46Z
0 likes, 1 repeats
Something that’s been bothering me for years in the security world: why do researchers demand bug bounties for vulnerabilities in open source projects, when the very contributors maintaining and fixing those issues get nothing, just goodwill?It feels deeply unfair. The burden falls on unpaid maintainers, yet bounty hunters get rewarded. If you want a paid bounty, maybe help fund the people who actually fix the mess too.#opensource #security #bugbounty
(DIR) Post #AwDeKq9f1JTXWcRqvQ by adulau@infosec.exchange
2025-07-16T05:27:24Z
0 likes, 1 repeats
« Cloudflare 1.1.1.1 Incident on July 14, 2025 »Perhaps it’s time to return to DNS’s original distributed design.#dns #distributed #cloudflare https://blog.cloudflare.com/cloudflare-1-1-1-1-incident-on-july-14-2025/
(DIR) Post #Awj3JN58LE3Fp1IsFc by adulau@infosec.exchange
2025-08-01T09:14:32Z
1 likes, 0 repeats
When I added the threat-actor @misp galaxy type on Mar 4, 2016, I didn’t expect that, years later, vendors would still invent new names for already known threat actors, avoid using UUIDs, reuse similar names for different actors, and create confusing names by mixing tools or software used by the actors.That’s why we continue the tedious work of maintaining a proper threat-actor database, with relationships to other galaxies such as MITRE ATT&CK, Malpedia, and more.After years of this monastic effort, we’re seeing the benefits—many open-source and proprietary tools now rely on the MISP galaxy, which serves as both an open standard and a public knowledge base.We also maintain a dedicated website for all MISP galaxies. Here’s an example from the threat-actor database:https://www.misp-galaxy.org/threat-actor/relations/fa80877c-f509-4daf-8b62-20aba1635f68/:github: Repository https://github.com/MISP/misp-galaxy/🌐 Public website https://www.misp-galaxy.org/threat-actor/If you’d like to become a monk (just kidding!) and contribute, feel free to open an issue or submit a pull request on the misp-galaxy repo.In MISP, you can directly benefit from all the galaxies, and you also have advanced functionalities like forking and maintaining an up-to-date private version of the threat-actor database.#threatintel #threatintelligence #opensource #tip #cti #misp
(DIR) Post #B2W6iIj7VdDnxA4JzE by adulau@infosec.exchange
2026-01-20T20:59:08Z
0 likes, 1 repeats
GNU InetUtils Security Advisory: remote authentication by-pass in telnetd🔗 https://vulnerability.circl.lu/vuln/gcve-1-2026-0007#telnet #telnetd #cybersecurity #vulnerability @gcve GCVE-1-2026-0007
(DIR) Post #B2o7gr2MHsBxtzlXyy by adulau@infosec.exchange
2026-01-29T16:45:09Z
0 likes, 1 repeats
So the original #SBOM requirement for federal agencies in US was just removed."OMB Memorandum M-22-18, Enhancing the Security of the Software Supply Chainthrough Secure Software Development Practices (M-22-18), imposed unproven and burdensome software accounting processes that prioritized compliance over genuine security investments.This policy diverted agencies from developing tailored assurance requirements for software andneglected to account for threats posed by insecure hardware. Accordingly, 0MB Memoranda M-22-18 and M-23-16, a companion policy, are hereby rescinded."#sbom #cybersecurity🔗 https://www.whitehouse.gov/wp-content/uploads/2026/01/M-26-05-Adopting-a-Risk-based-Approach-to-Software-and-Hardware-Security.pdf
(DIR) Post #B2sh1szIVJBB3qwCxs by adulau@infosec.exchange
2026-02-01T15:13:11Z
0 likes, 0 repeats
@bortzmeyer Je me souviens de magicpoint et je demande si je peux encore voir mes vieux slides http://member.wide.ad.jp/wg/mgp/ #retroslidedeck
(DIR) Post #B2shUybwfwPAtpt21Y by adulau@infosec.exchange
2026-02-01T15:18:03Z
0 likes, 0 repeats
@bortzmeyer Ah ah. Je viens de retrouver des slides de 2004 pour les RMLL.https://www.foo.be/rmll2004/legal/AlexandreDulaunoy-FreeArchive/