Alexandre Dulaunoy
LightNews LightNews
banner
adulau.infosec.exchange.ap.brid.gy
Alexandre Dulaunoy
@adulau.infosec.exchange.ap.brid.gy
120 followers 11 following 200 posts
Enjoy when humans are using machines in unexpected ways. I break stuff and I do stuff.

The other side is at @a (photography, art and free software at large) […]

[bridged from https://infosec.exchange/@adulau on the fediverse by https://fed.brid.gy/ ]
Posts Replies Media Videos
adulau.infosec.exchange.ap.brid.gy
After #cloudflare , GitHub seems to have also some issues tonight.

#github #internet
After #cloudflare , GitHub seems to have also some issues tonight.
November 18, 2025 at 9:08 PM
adulau.infosec.exchange.ap.brid.gy
The MISP Galaxy now includes an updated knowledge base of UAVs and drones covering both civilian and military models.

It comes with detailed attributes such as manufacturer, cost, and technical specs.
You can now easily classify, model, and share […]

[Original post on infosec.exchange]
Updated MISP galaxy with more than 480+ UAVs/. One entry of an UAV in the MISP galaxy.
November 6, 2025 at 4:45 PM
adulau.infosec.exchange.ap.brid.gy
New UI to RansomLook.io

The open source project providing real-time ransomware intelligence.

Thanks to @F_kZ_ for the incredible work.

#ransomware #threatintelligence #threatintel #opensource

🔗 https://www.ransomlook.io/
New UI of RansomLook.io
November 5, 2025 at 6:43 AM
adulau.infosec.exchange.ap.brid.gy
I think the best summary until now about Post-quantum cryptography
is from Peter Gutmann in the cryptography mailing-list.

Given that after 20 years and hundreds of millions of dollars spent
researchers have yet to demonstrate a single legitimate […]

[Original post on infosec.exchange]
iang via cryptography <cryptography at metzdowd.com> quotes: >The problem in a nutshell. Surveillance agency NSA and its partner GCHQ are >trying to have standards—development organizations endorse weakening ECC+PQ >down to just PQ. Given that after 20 years and hundreds of millions of dollars spent researchers have yet to demonstrate a single legitimate cryptanalysis result using a quantum physics experiment, it's a bit like arguing over which brand of unicorn repellent is the most cromulent. The current state of things in terms of pure vs. hybrid systems seems to be: Governments = Pure: “We're putting all our eggs in one basket and hoping that the dial stops spinning at ‘not broken’” Everyone else = Hybrid: “We trust this new stuff so little that we're requiring you use the crypto that we claim is broken alongside it” Peter.
November 3, 2025 at 5:46 AM
adulau.infosec.exchange.ap.brid.gy
Sometimes I understand why people design new standards or formats when the existing ones can’t be extended (whether due to practical constraints, authority, or bureaucracy) or simply aren’t flexible enough to evolve. I think the XKCD comic doesn’t include […]

[Original post on infosec.exchange]
Sometimes I understand why people design new standards or formats when the existing ones can’t be extended (whether due to practical constraints, authority, or bureaucracy) or simply aren’t flexible enough to evolve. I think the XKCD comic doesn’t include that aspect. And yes, maybe new standards will appear. #nocontext #threatintelligence #threatintel #standards
November 2, 2025 at 11:46 AM
adulau.infosec.exchange.ap.brid.gy
Imagine a threat intelligence report that concludes, ‘The target is three hops away, therefore it is the correct one.’ This is the method the Pentagon reportedly uses today: not only to identify targets, but also to justify and execute strikes.

🔗 […]

[Original post on infosec.exchange]
The Pentagon has acknowledged 14 strikes so far, killing 61 people. But the administration does not know their identities, Rep. Sara Jacobs (D-Calif.) told reporters after the briefing. “They said that they do not need to positively identify individuals on the vessel to do the strikes,” only “prove a connection” to one of the drug gangs Trump has targeted, even if that connection is “as much as three hops away.”
November 2, 2025 at 7:06 AM
adulau.infosec.exchange.ap.brid.gy
Vulnerability Lookup and GCVE: A Decentralized Approach to Vulnerability Publishing and Management Workshop at Hack.lu 2025

We published all the materials from the workshop given at #hacklu 2025

#gcve #vulnerabilitymanagement #opensource #cybersecurity […]

[Original post on infosec.exchange]
Overview of vulnerability-lookup
October 24, 2025 at 9:02 AM
adulau.infosec.exchange.ap.brid.gy
Seeing a presentation of the Kaitai project.

If you need to document or describe or decode binary format, Kaitai is clearly there to help.

https://kaitai.io/ @kaitai

#hacklu #kaitai #dfir #cybersecurity
Kaitai web IDE
October 22, 2025 at 5:09 PM
adulau.infosec.exchange.ap.brid.gy
We added a workshop at @hack_lu 2025 about the rulezet.org project.

Collaborative Detection Engineering with Rulezet: Building a Trusted Community for Detection Rules

https://2025.hack.lu/agenda/

@suricata @cert_eu @misp @circl
Collaborative Detection Engineering with Rulezet: Building a Trusted Community for Detection Rules
October 15, 2025 at 2:33 PM
adulau.infosec.exchange.ap.brid.gy
One year, I had a chat with the fine people @suricata during the @cert_eu conference, and they were wondering why we didn't create an open source website for all the different rules (YARA, Suricata, and many others) — a place to allow comments, reviews […]

[Original post on infosec.exchange]
rulezet.org screenshot of a Suricata rule. rulezet.org screenshot of a list of rules.
October 14, 2025 at 3:06 PM
adulau.infosec.exchange.ap.brid.gy
We are pleased to announce the release of CTI-Transmute.org, a new free and open-source service designed to facilitate conversions between MISP and STIX 2.x formats.

The service is available both through a web interface and an API, allowing users to convert […]

[Original post on infosec.exchange]
Conversion example with CTI-Transmute.org -
October 9, 2025 at 4:34 PM
adulau.infosec.exchange.ap.brid.gy
@hrbrmstr Indeed good point. We see the same on bgpranking. I'll ping CERT-BUND.
Output of https://bgpranking.circl.lu/asn - ASN200373
October 8, 2025 at 2:49 PM
adulau.infosec.exchange.ap.brid.gy
Seeing is Deceiving: Mirror-Based LiDAR Spoofing for Autonomous Vehicle Deception

https://arxiv.org/pdf/2509.17253

#car #safety #lidar
Seeing is Deceiving: Mirror-Based LiDAR Spoofing for Autonomous Vehicle Deception
September 24, 2025 at 12:05 PM
adulau.infosec.exchange.ap.brid.gy
I’m sad about Robert Redford’s passing. I’ve always loved the movie Sneakers, it even inspired two references in our open-source software. One is hidden in the official MISP documentation, and the other is in the tool’s very name. I’ll let you guess which […]

[Original post on infosec.exchange]
Setec astronomy in misp book
September 16, 2025 at 3:31 PM
adulau.infosec.exchange.ap.brid.gy
After seeing a workshop using a crappy pseudo/proprietary forensic web capture toolkit for law enforcement, I was disappointed by the lack of open source tooling to have a sane forensic collection for web capture. Following a discussion with @rafi0t he did […]

[Original post on infosec.exchange]
Lookyloo interface for web forensic acquisition.
September 9, 2025 at 8:59 PM
adulau.infosec.exchange.ap.brid.gy
Draugnet is a lightweight, open-source tool for anonymous cyber threat reporting. Built for the MISP ecosystem, it lets users submit and track reports — no accounts, no logins, just a simple token. Supports plain text, MISP JSON, and object templates. ideal […]

[Original post on infosec.exchange]
Draugnet is a lightweight, open-source tool for anonymous cyber threat reporting. Built for the MISP ecosystem, it lets users submit and track reports — no accounts, no logins, just a simple token. Supports plain text, MISP JSON, and object templates. ideal for CSIRTs, ISACs, and trusted communities. 🔐 Built for anonymity 🧩 Easy MISP integration .
September 2, 2025 at 8:44 AM
adulau.infosec.exchange.ap.brid.gy
I’ve refreshed the “General Methodologies for Intelligence Analysis” section on threat-intelligence.eu

The page was a bit dated, so it now has cleaner references, better structure, and direct links to practical models (including MISP taxonomies).

🔗 […]

[Original post on infosec.exchange]
General Methodologies for Intelligence Analysis - from https://threat-intelligence.eu/methodologies/
August 30, 2025 at 2:50 PM
adulau.infosec.exchange.ap.brid.gy
@jtk I bet it's because this time, it's not only Amazon's own infrastructure...
Amazon's disruption efforts Amazon remains committed to protecting the security of the intemet by actively hunting for and disrupting sophisticated threat actors. We will continue working with industry partners and the security community to share intelligence and mitigate threats. Upon discovering this campaign, Amazon worked quickly to isolate affected EC2 Instances, partner with Cloudfiare and other providers to disrupt the actor's domains, and share relevant information with Microsoft. Despite the actor's attempts to migrate to new infrastructure, including a move off AWS to another cloud provider, our team continued tracking and disrupting their operations. After our intervention, we observed the actor register additional domains such as cloudflare[.Jredirectpartners[.Jcom, which again attempted to lure victims into Microsoft device code authentication workflows.
August 29, 2025 at 2:24 PM
adulau.infosec.exchange.ap.brid.gy
GCVE-BCP-04 - Recommendations and Best Practices for ID Allocation version 1.1 published.

BCP Document https://gcve.eu/bcp/gcve-bcp-04/

PDF https://gcve.eu/files/bcp/gcve-bcp-04.pdf

Comments and feedback […]

[Original post on infosec.exchange]
GCVE-BCP-04 - Recommendations and Best Practices for ID Allocation version 1.1 published.
August 29, 2025 at 2:14 PM
adulau.infosec.exchange.ap.brid.gy
By the way, we’ve never managed to get any hashes or urls from the so-called non-profit organisations that claim to share CSAM material hashes or links for detection. We’ve come to assume we’ll never receive any, so supporting actual detection was out of […]

[Original post on infosec.exchange]
onion-lookup is a service for checking the existence of Tor hidden services and retrieving their associated metadata. onion-lookup relies on an private AIL instance to obtain the metadata.
August 18, 2025 at 1:32 PM
adulau.infosec.exchange.ap.brid.gy
Finally a useful magic quadrant

Thanks to @wendynather for the discovery.

#cybersecurity #vulnerability
Funny magic cadrant ;-)
August 11, 2025 at 6:21 AM
adulau.infosec.exchange.ap.brid.gy
Anyone having issue with Tor for the past few days?

It seems one of the Snowflake bridge is down (but should not impact obfs4):

https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40475

but from the number of relays […]

[Original post on infosec.exchange]
"This graph shows the fraction of timeouts and failures when downloading static files of different sizes over Tor, either from a server on the public internet or from an onion server. A timeout occurs when a download does not complete within the scheduled time, in which case it is aborted in order not to overlap with the next scheduled download. A failure occurs when the download completes, but the response is smaller than expected." There is an increase from one source for some failures and time-out.
August 10, 2025 at 9:27 AM
adulau.infosec.exchange.ap.brid.gy
When I added the threat-actor @misp galaxy type on Mar 4, 2016, I didn’t expect that, years later, vendors would still invent new names for already known threat actors, avoid using UUIDs, reuse similar names for different actors, and create confusing names […]

[Original post on infosec.exchange]
misp-galaxy website - Threat-actor galaxy and relationships with other galaxy clusters. Seeing all the synonyms from a threat-actor on the misp-galaxy.org website Threat-actor database in MISP
August 1, 2025 at 9:14 AM
adulau.infosec.exchange.ap.brid.gy
I love the @github Security Advisory Database because they actually preserve the data from rejected advisories including the original information and the reason for rejection.

It’s clearly much more insightful than just having a bare ID marked as "rejected […]

[Original post on infosec.exchange]
This advisory has been withdrawn because users of Axios 1.10.0 have the flexibility to use a patched version of form-data, the software in which the vulnerability originates, without upgrading Axios to address GHSA-fjxv-7rqg-78g4.
July 25, 2025 at 8:29 AM
adulau.infosec.exchange.ap.brid.gy
Curious about all the open source and projects developed by @circl ?

CIRCL Open Source tools powering SOC & CSIRT teams.

#opensource #cybersecurity #soc #csirt #threatintel #threatintelligence

🔗 https://hdoc.cnw.circl.lu/JJKFoeHrS9Wf28L4tAyCNg?view#
CIRCL Open Source tools and SOC/CSIRT eco-system
July 18, 2025 at 2:10 PM