Using WebDAV features as a covert channel

I’ve recently been looking into a fancy covert channel, targeting Windows familly operating systems, for either:

  • deliver various malicious payloads (shellcode, binaries, scripts, whatever…)
  • use it as a C2 communication channel

This is what this blog post is all about. Let’s dig into it.

Lire la suite


Configure Fail2Ban for permanent and persistent bans

NB: This article is not about how Fail2Ban works or how to install it.

If you’re running an Internet facing server, you probably know its exposed services are constantly being probed and attacks are being attempted against it. Fortunately, an extremely useful, nice and nifty tool is here to help: Fail2Ban.

Fail2Ban scans service’s log files for patterns defined as regular expressions and, if an offending pattern is found a certain number of times within a given timeframe, the corresponding source IP is banned (ie: blocked) for a configurable time, using local firewall rules such as iptables.

I’m very touchy when it comes to my server security so I’m using Fail2Ban to perform permanent bans of involved source IPs and I’m going to show you how. The problem however is that those bans do not persist across a Fail2ban server restart or a server reboot.

In this article I will show you how to add two simple lines in Fail2Ban configuration file in order to add persistency across restart.

Lire la suite

Hacking voice over IP communications

Corporate voice network, also known as Voice over IP (VoIP) network, turns out to be an interesting target for those looking for confidential and private information. In my experience though, this target is often underestimated both by intruders or ethical hackers during their engagement, but also by company security officers.

In this article, I will go through a very practical case, using some well known tools to demonstrate the potential lack of security on VoIP networks. I’ll explain, step by step, how I’ve been using these tools, sometimes not exactly how they’re supposed to be used but that’s just how I managed to make it work altogether.

This example focuses on a specific VoIP technical environment and setup, and serves the only purpose of raising awareness on how easy it is to hack VoIP communications.

Lire la suite

End-to-end email encryption – A case study on ProtonMail design limits and security flaws

In the wake of Edward Snowden revelations on the NSA program, focus progressively increased on various tools aiming at escaping governments and various intelligence agencies mass surveillance. It also brought to light the general matter of online privacy at stake in a GAFAM world (GAFAM = Google Apple Facebook Amazon Microsoft). These are however two different topics: in the first case people want to avoid being watched by their governments, and in the second case people want to take control back over their digital life, a control they willingly relinquished to some companies that do not have privacy protection in their genes. Still, both share a common thing: the sake of privacy for which some tools try to propose a solution to.

These tools might be new, but the actual technology has been around for a while, essentially solid encryption standards such as PGP, RSA, AES and so on. Some other applications are meant to ease self-hosting services such as email, cloud file storage, calendar, which definitely is a good way of protecting one’s privacy. And this has become something possible at an affordable price (VPS, Raspberry Pi at home, etc.). The whole point being to offer people proper tools, ie tools anyone can use, as well as lower the complexity of using such technologies, if not making it transparent to the end-user.

Lire la suite

Contourner le SafeSearch forcé par les proxy Bluecoat


Les serveurs mandataires HTTP, plus communément appelés « serveurs proxy web » , ou « proxy HTTP », ou plus sobrement « proxy » , sont devenus des éléments incontournables de la sécurité périmétrique des réseaux d’entreprise. La société américaine Bluecoat est un des leaders du marché avec ses modèles ProxySG.

Les proxys, s’ils participent à l’amélioration de la sécurité, en assurant une rupture de protocole, une inspection et un filtrage des URL ainsi qu’une analyse virale du contenu téléchargé et visité, peuvent également être utilisés pour filtrer du contenu jugé inapproprié (violence, pornographie, éthique douteuse etc.).

En ce sens, une des fonctionnalités proposée par les proxy Bluecoat, est de forcer un mode appelé SafeSearch pour un certain nombre de sites, et en particulier les vidéos présentes sur YouTube.

Cet article montre comment il est possible de contourner cette limitation de manière assez simple par une petite manipulation dans le navigateur web du poste client.

Lire la suite

Authentification forte pour votre site web


Ça faisait un petit moment que je n’avais pas publié d’article pour cause de vacances, mais aussi parce que j’ai passé un peu de temps ces derniers jours à développer la petite application web que je vais vous présenter maintenant.
Il s’agit d’un portail d’authentification web, écrit en PHP, qui offre une authentification double facteur (terme consacré en sécurité informatique: 2FA = 2 Factor Authentication) basé sur un mot de passe doublé d’un code à usage unique (terme consacré en sécurité informatique: OTP = One Time Password) généré par l’application « Google Authenticator » ou tout autre application compatible, que l’on installe sur son téléphone portable ou une tablette.

Pour les pressés, c’est ici que ça se passe: TwoFactorAuth sur GitHub.

Lire la suite