Alexandre Dulaunoy
@adulau.infosec.exchange.ap.brid.gy
Enjoy when humans are using machines in unexpected ways. I break stuff and I do stuff.
The other side is at @a (photography, art and free software at large) […]
[bridged from https://infosec.exchange/@adulau on the fediverse by https://fed.brid.gy/ ]
The other side is at @a (photography, art and free software at large) […]
[bridged from https://infosec.exchange/@adulau on the fediverse by https://fed.brid.gy/ ]
Reposted by Alexandre Dulaunoy
I have more like a "confuse @neurovagrant" thing today.
Was staring into the expanse that is the untagged sessions in our fleet and eventually plotted a course towards the ICMP system, which eventually led me to a planet that was beaconing with some oddly […]
[Original post on mastodon.social]
Was staring into the expanse that is the untagged sessions in our fleet and eventually plotted a course towards the ICMP system, which eventually led me to a planet that was beaconing with some oddly […]
[Original post on mastodon.social]
November 22, 2025 at 11:47 AM
I have more like a "confuse @neurovagrant" thing today.
Was staring into the expanse that is the untagged sessions in our fleet and eventually plotted a course towards the ICMP system, which eventually led me to a planet that was beaconing with some oddly […]
[Original post on mastodon.social]
Was staring into the expanse that is the untagged sessions in our fleet and eventually plotted a course towards the ICMP system, which eventually led me to a planet that was beaconing with some oddly […]
[Original post on mastodon.social]
Matching Algorithm with Recursively Implemented StorAge (MARISA) is a space-efficient, fairly fast, and static trie data structure. MARISA serves as a dictionary structure, and by definition, it supports exact match lookup, which is the basic operation of dictionary. In addition, MARISA supports […]
Original post on infosec.exchange
infosec.exchange
November 20, 2025 at 9:48 PM
Matching Algorithm with Recursively Implemented StorAge (MARISA) is a space-efficient, fairly fast, and static trie data structure. MARISA serves as a dictionary structure, and by definition, it supports exact match lookup, which is the basic operation of dictionary. In addition, MARISA supports […]
November 18, 2025 at 9:08 PM
While testing some new misp-modules, such as the OpenAPI interface, I discovered a strange behavior in Firefox when trying to reach TCP port 6666, which is the default port used by misp-modules.
It seems Firefox blocks access to a predefined list of TCP ports, and this has been in place for […]
It seems Firefox blocks access to a predefined list of TCP ports, and this has been in place for […]
Original post on infosec.exchange
infosec.exchange
November 18, 2025 at 11:29 AM
While testing some new misp-modules, such as the OpenAPI interface, I discovered a strange behavior in Firefox when trying to reach TCP port 6666, which is the default port used by misp-modules.
It seems Firefox blocks access to a predefined list of TCP ports, and this has been in place for […]
It seems Firefox blocks access to a predefined list of TCP ports, and this has been in place for […]
Reposted by Alexandre Dulaunoy
Seeing open source and privacy companies having Discord as there support channel feels like a vegan community meeting at a steak house for events.
November 7, 2025 at 1:30 PM
Seeing open source and privacy companies having Discord as there support channel feels like a vegan community meeting at a steak house for events.
GCVE-BCP-05 - GCVE Vulnerability Format (Updated CVE Record Format) has been published as DRAFT and ready for public review.
The standard is similar to the @cve record format with some extensions (via the `X_` prefixes) for GCVE format and the reference implementation vulnerability-lookup. This […]
The standard is similar to the @cve record format with some extensions (via the `X_` prefixes) for GCVE format and the reference implementation vulnerability-lookup. This […]
Original post on infosec.exchange
infosec.exchange
November 11, 2025 at 6:57 AM
GCVE-BCP-05 - GCVE Vulnerability Format (Updated CVE Record Format) has been published as DRAFT and ready for public review.
The standard is similar to the @cve record format with some extensions (via the `X_` prefixes) for GCVE format and the reference implementation vulnerability-lookup. This […]
The standard is similar to the @cve record format with some extensions (via the `X_` prefixes) for GCVE format and the reference implementation vulnerability-lookup. This […]
We presented “Advancing Vulnerability Tracking and Disclosure Through an Open and Distributed Platform” at the excellent @UYBHYS
#cve #vulnerability #opensource #vulnerabilitymanagement #cybersecurity
🔗 https://www.vulnerability-lookup.org/2025/11/08/unlock-your-brain-2025/
#cve #vulnerability #opensource #vulnerabilitymanagement #cybersecurity
🔗 https://www.vulnerability-lookup.org/2025/11/08/unlock-your-brain-2025/
Advancing Vulnerability Tracking and Disclosure Through an Open and Distributed Platform at Unlock Your Bain conference
Slides: Advancing Vulnerability Tracking and Disclosure Through an Open and Distributed Platform We presented “Advancing Vulnerability Tracking and Disclosure Through an Open and Distributed Platform” at the excellent Unlock Your Brain conference. A well-organised and welcoming event, Unlock Your Brain brings together a great mix of researchers, practitioners, and open-source enthusiasts—making it a perfect place to exchange ideas on vulnerability tracking and disclosure. Download the slides: https://www.vulnerability-lookup.org/files/events/2025/presentation-unlockyourbrain.pdf
www.vulnerability-lookup.org
November 8, 2025 at 2:25 PM
We presented “Advancing Vulnerability Tracking and Disclosure Through an Open and Distributed Platform” at the excellent @UYBHYS
#cve #vulnerability #opensource #vulnerabilitymanagement #cybersecurity
🔗 https://www.vulnerability-lookup.org/2025/11/08/unlock-your-brain-2025/
#cve #vulnerability #opensource #vulnerabilitymanagement #cybersecurity
🔗 https://www.vulnerability-lookup.org/2025/11/08/unlock-your-brain-2025/
Reposted by Alexandre Dulaunoy
py5sig build automatically 5G signalling messages and fuzz SBI interfaces
Pretty cool stuff seen at the @UYBHYS workshop
#5g #fuzzing #opensource #cybersecurity
🔗 https://github.com/ANSSI-FR/py5sig
Pretty cool stuff seen at the @UYBHYS workshop
#5g #fuzzing #opensource #cybersecurity
🔗 https://github.com/ANSSI-FR/py5sig
GitHub - ANSSI-FR/py5sig: py5sig build automatically 5G signalling messages and fuzz SBI interfaces
py5sig build automatically 5G signalling messages and fuzz SBI interfaces - ANSSI-FR/py5sig
github.com
November 7, 2025 at 2:42 PM
py5sig build automatically 5G signalling messages and fuzz SBI interfaces
Pretty cool stuff seen at the @UYBHYS workshop
#5g #fuzzing #opensource #cybersecurity
🔗 https://github.com/ANSSI-FR/py5sig
Pretty cool stuff seen at the @UYBHYS workshop
#5g #fuzzing #opensource #cybersecurity
🔗 https://github.com/ANSSI-FR/py5sig
py5sig build automatically 5G signalling messages and fuzz SBI interfaces
Pretty cool stuff seen at the @UYBHYS workshop
#5g #fuzzing #opensource #cybersecurity
🔗 https://github.com/ANSSI-FR/py5sig
Pretty cool stuff seen at the @UYBHYS workshop
#5g #fuzzing #opensource #cybersecurity
🔗 https://github.com/ANSSI-FR/py5sig
GitHub - ANSSI-FR/py5sig: py5sig build automatically 5G signalling messages and fuzz SBI interfaces
py5sig build automatically 5G signalling messages and fuzz SBI interfaces - ANSSI-FR/py5sig
github.com
November 7, 2025 at 2:42 PM
py5sig build automatically 5G signalling messages and fuzz SBI interfaces
Pretty cool stuff seen at the @UYBHYS workshop
#5g #fuzzing #opensource #cybersecurity
🔗 https://github.com/ANSSI-FR/py5sig
Pretty cool stuff seen at the @UYBHYS workshop
#5g #fuzzing #opensource #cybersecurity
🔗 https://github.com/ANSSI-FR/py5sig
The MISP Galaxy now includes an updated knowledge base of UAVs and drones covering both civilian and military models.
It comes with detailed attributes such as manufacturer, cost, and technical specs.
You can now easily classify, model, and share […]
[Original post on infosec.exchange]
It comes with detailed attributes such as manufacturer, cost, and technical specs.
You can now easily classify, model, and share […]
[Original post on infosec.exchange]
November 6, 2025 at 4:45 PM
The MISP Galaxy now includes an updated knowledge base of UAVs and drones covering both civilian and military models.
It comes with detailed attributes such as manufacturer, cost, and technical specs.
You can now easily classify, model, and share […]
[Original post on infosec.exchange]
It comes with detailed attributes such as manufacturer, cost, and technical specs.
You can now easily classify, model, and share […]
[Original post on infosec.exchange]
Good example why open sources projects should self-publish or even counter-publish as a GNA in @gcve
Distributed publishing is not weakening the security advisory publication but it’s providing additional valuable sources.
#gcve #cve
🔗 https://www.openwall.com/lists/oss-security/2025/10/27/1
Distributed publishing is not weakening the security advisory publication but it’s providing additional valuable sources.
#gcve #cve
🔗 https://www.openwall.com/lists/oss-security/2025/10/27/1
oss-security - Questionable CVE's reported against dnsmasq
www.openwall.com
November 5, 2025 at 8:14 PM
Good example why open sources projects should self-publish or even counter-publish as a GNA in @gcve
Distributed publishing is not weakening the security advisory publication but it’s providing additional valuable sources.
#gcve #cve
🔗 https://www.openwall.com/lists/oss-security/2025/10/27/1
Distributed publishing is not weakening the security advisory publication but it’s providing additional valuable sources.
#gcve #cve
🔗 https://www.openwall.com/lists/oss-security/2025/10/27/1
Reposted by Alexandre Dulaunoy
New UI to RansomLook.io
The open source project providing real-time ransomware intelligence.
Thanks to @F_kZ_ for the incredible work.
#ransomware #threatintelligence #threatintel #opensource
🔗 https://www.ransomlook.io/
The open source project providing real-time ransomware intelligence.
Thanks to @F_kZ_ for the incredible work.
#ransomware #threatintelligence #threatintel #opensource
🔗 https://www.ransomlook.io/
November 5, 2025 at 6:43 AM
New UI to RansomLook.io
The open source project providing real-time ransomware intelligence.
Thanks to @F_kZ_ for the incredible work.
#ransomware #threatintelligence #threatintel #opensource
🔗 https://www.ransomlook.io/
The open source project providing real-time ransomware intelligence.
Thanks to @F_kZ_ for the incredible work.
#ransomware #threatintelligence #threatintel #opensource
🔗 https://www.ransomlook.io/
New UI to RansomLook.io
The open source project providing real-time ransomware intelligence.
Thanks to @F_kZ_ for the incredible work.
#ransomware #threatintelligence #threatintel #opensource
🔗 https://www.ransomlook.io/
The open source project providing real-time ransomware intelligence.
Thanks to @F_kZ_ for the incredible work.
#ransomware #threatintelligence #threatintel #opensource
🔗 https://www.ransomlook.io/
November 5, 2025 at 6:43 AM
New UI to RansomLook.io
The open source project providing real-time ransomware intelligence.
Thanks to @F_kZ_ for the incredible work.
#ransomware #threatintelligence #threatintel #opensource
🔗 https://www.ransomlook.io/
The open source project providing real-time ransomware intelligence.
Thanks to @F_kZ_ for the incredible work.
#ransomware #threatintelligence #threatintel #opensource
🔗 https://www.ransomlook.io/
I think the best summary until now about Post-quantum cryptography
is from Peter Gutmann in the cryptography mailing-list.
Given that after 20 years and hundreds of millions of dollars spent
researchers have yet to demonstrate a single legitimate […]
[Original post on infosec.exchange]
is from Peter Gutmann in the cryptography mailing-list.
Given that after 20 years and hundreds of millions of dollars spent
researchers have yet to demonstrate a single legitimate […]
[Original post on infosec.exchange]
November 3, 2025 at 5:46 AM
I think the best summary until now about Post-quantum cryptography
is from Peter Gutmann in the cryptography mailing-list.
Given that after 20 years and hundreds of millions of dollars spent
researchers have yet to demonstrate a single legitimate […]
[Original post on infosec.exchange]
is from Peter Gutmann in the cryptography mailing-list.
Given that after 20 years and hundreds of millions of dollars spent
researchers have yet to demonstrate a single legitimate […]
[Original post on infosec.exchange]
Sometimes I understand why people design new standards or formats when the existing ones can’t be extended (whether due to practical constraints, authority, or bureaucracy) or simply aren’t flexible enough to evolve. I think the XKCD comic doesn’t include […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
November 2, 2025 at 11:46 AM
Sometimes I understand why people design new standards or formats when the existing ones can’t be extended (whether due to practical constraints, authority, or bureaucracy) or simply aren’t flexible enough to evolve. I think the XKCD comic doesn’t include […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
Imagine a threat intelligence report that concludes, ‘The target is three hops away, therefore it is the correct one.’ This is the method the Pentagon reportedly uses today: not only to identify targets, but also to justify and execute strikes.
🔗 […]
[Original post on infosec.exchange]
🔗 […]
[Original post on infosec.exchange]
November 2, 2025 at 7:06 AM
Imagine a threat intelligence report that concludes, ‘The target is three hops away, therefore it is the correct one.’ This is the method the Pentagon reportedly uses today: not only to identify targets, but also to justify and execute strikes.
🔗 […]
[Original post on infosec.exchange]
🔗 […]
[Original post on infosec.exchange]
Reposted by Alexandre Dulaunoy
If you look at topics you actually know on #grokipedia, it becomes obvious how this whole thing was put together:
- Poorly scraped #wikipedia pages, sometimes even merging unrelated disambiguation content
- A single-pass LLM prompted without care or validation
The result is a pile of […]
- Poorly scraped #wikipedia pages, sometimes even merging unrelated disambiguation content
- A single-pass LLM prompted without care or validation
The result is a pile of […]
Original post on paperbay.org
paperbay.org
October 28, 2025 at 1:02 PM
If you look at topics you actually know on #grokipedia, it becomes obvious how this whole thing was put together:
- Poorly scraped #wikipedia pages, sometimes even merging unrelated disambiguation content
- A single-pass LLM prompted without care or validation
The result is a pile of […]
- Poorly scraped #wikipedia pages, sometimes even merging unrelated disambiguation content
- A single-pass LLM prompted without care or validation
The result is a pile of […]
RE: https://infosec.exchange/@ministraitor/115430049959447776
This talk from @wr is a masterpiece if you want to dive into all the gory details of the X.509 certificate format.
#hacklu #cybersecurity #certificate #threatintel
This talk from @wr is a masterpiece if you want to dive into all the gory details of the X.509 certificate format.
#hacklu #cybersecurity #certificate #threatintel
infosec.exchange
October 25, 2025 at 8:29 AM
RE: https://infosec.exchange/@ministraitor/115430049959447776
This talk from @wr is a masterpiece if you want to dive into all the gory details of the X.509 certificate format.
#hacklu #cybersecurity #certificate #threatintel
This talk from @wr is a masterpiece if you want to dive into all the gory details of the X.509 certificate format.
#hacklu #cybersecurity #certificate #threatintel
Vulnerability Lookup and GCVE: A Decentralized Approach to Vulnerability Publishing and Management Workshop at Hack.lu 2025
We published all the materials from the workshop given at #hacklu 2025
#gcve #vulnerabilitymanagement #opensource #cybersecurity […]
[Original post on infosec.exchange]
We published all the materials from the workshop given at #hacklu 2025
#gcve #vulnerabilitymanagement #opensource #cybersecurity […]
[Original post on infosec.exchange]
October 24, 2025 at 9:02 AM
Vulnerability Lookup and GCVE: A Decentralized Approach to Vulnerability Publishing and Management Workshop at Hack.lu 2025
We published all the materials from the workshop given at #hacklu 2025
#gcve #vulnerabilitymanagement #opensource #cybersecurity […]
[Original post on infosec.exchange]
We published all the materials from the workshop given at #hacklu 2025
#gcve #vulnerabilitymanagement #opensource #cybersecurity […]
[Original post on infosec.exchange]
Reposted by Alexandre Dulaunoy
Second up today is Maxine Escourbiac breaking into Palo Alto GlobalProtect clients in “Palo Alto GlobalProtect: Remote full compromise exploit chain” at #hacklu2025
October 24, 2025 at 6:45 AM
Second up today is Maxine Escourbiac breaking into Palo Alto GlobalProtect clients in “Palo Alto GlobalProtect: Remote full compromise exploit chain” at #hacklu2025
Reposted by Alexandre Dulaunoy
On stage now is another set of repeat #hacklu speakers -> @ddu and @cvandeplas are on stage with “Building a pipeline to analyse iOS devices at scale”
#hacklu2025
#hacklu2025
October 23, 2025 at 10:07 AM
On stage now is another set of repeat #hacklu speakers -> @ddu and @cvandeplas are on stage with “Building a pipeline to analyse iOS devices at scale”
#hacklu2025
#hacklu2025
RE: https://infosec.exchange/@ministraitor/115420393928205564
Curious about a developer’s vibe-coding journey? @iglocska is sharing his experiments and insights at hack.lu 2025!
#vibecoding #ai #cybersecurity #hacklu
Curious about a developer’s vibe-coding journey? @iglocska is sharing his experiments and insights at hack.lu 2025!
#vibecoding #ai #cybersecurity #hacklu
infosec.exchange
October 23, 2025 at 6:08 AM
RE: https://infosec.exchange/@ministraitor/115420393928205564
Curious about a developer’s vibe-coding journey? @iglocska is sharing his experiments and insights at hack.lu 2025!
#vibecoding #ai #cybersecurity #hacklu
Curious about a developer’s vibe-coding journey? @iglocska is sharing his experiments and insights at hack.lu 2025!
#vibecoding #ai #cybersecurity #hacklu
Seeing a presentation of the Kaitai project.
If you need to document or describe or decode binary format, Kaitai is clearly there to help.
https://kaitai.io/ @kaitai
#hacklu #kaitai #dfir #cybersecurity
If you need to document or describe or decode binary format, Kaitai is clearly there to help.
https://kaitai.io/ @kaitai
#hacklu #kaitai #dfir #cybersecurity
October 22, 2025 at 5:09 PM
Seeing a presentation of the Kaitai project.
If you need to document or describe or decode binary format, Kaitai is clearly there to help.
https://kaitai.io/ @kaitai
#hacklu #kaitai #dfir #cybersecurity
If you need to document or describe or decode binary format, Kaitai is clearly there to help.
https://kaitai.io/ @kaitai
#hacklu #kaitai #dfir #cybersecurity
Reposted by Alexandre Dulaunoy
Next up at #hacklu2025 is Paul Rascagneres with a talk about threat actors that use blockchains. Taking us through what smart contracts to get to the malware and exploitation
Smart contracts can directly store malware!
Smart contracts can directly store malware!
October 22, 2025 at 7:44 AM
Next up at #hacklu2025 is Paul Rascagneres with a talk about threat actors that use blockchains. Taking us through what smart contracts to get to the malware and exploitation
Smart contracts can directly store malware!
Smart contracts can directly store malware!
Following a discussion with @ddu about a cybersecurity format that uses YAML, I’ve come to the conclusion that the acronym really stands for “Yet Another Misaligned Language.
#yaml #cybersecurity #hacklu
#yaml #cybersecurity #hacklu
October 22, 2025 at 7:26 AM
Following a discussion with @ddu about a cybersecurity format that uses YAML, I’ve come to the conclusion that the acronym really stands for “Yet Another Misaligned Language.
#yaml #cybersecurity #hacklu
#yaml #cybersecurity #hacklu