Alexandre Dulaunoy
@adulau.infosec.exchange.ap.brid.gy
Enjoy when humans are using machines in unexpected ways. I break stuff and I do stuff.
The other side is at @a (photography, art and free software at large) […]
[bridged from https://infosec.exchange/@adulau on the fediverse by https://fed.brid.gy/ ]
The other side is at @a (photography, art and free software at large) […]
[bridged from https://infosec.exchange/@adulau on the fediverse by https://fed.brid.gy/ ]
BRICKSTORM Backdoor
"The Cybersecurity and Infrastructure Security Agency (CISA) analyzed eight BRICKSTORM samples obtained from victim organizations. BRICKSTORM is a custom Executable and Linkable Format (ELF) Go-based backdoor. "
MISP standard and STIX files available at the following […]
"The Cybersecurity and Infrastructure Security Agency (CISA) analyzed eight BRICKSTORM samples obtained from victim organizations. BRICKSTORM is a custom Executable and Linkable Format (ELF) Go-based backdoor. "
MISP standard and STIX files available at the following […]
Original post on infosec.exchange
infosec.exchange
December 13, 2025 at 9:49 AM
BRICKSTORM Backdoor
"The Cybersecurity and Infrastructure Security Agency (CISA) analyzed eight BRICKSTORM samples obtained from victim organizations. BRICKSTORM is a custom Executable and Linkable Format (ELF) Go-based backdoor. "
MISP standard and STIX files available at the following […]
"The Cybersecurity and Infrastructure Security Agency (CISA) analyzed eight BRICKSTORM samples obtained from victim organizations. BRICKSTORM is a custom Executable and Linkable Format (ELF) Go-based backdoor. "
MISP standard and STIX files available at the following […]
If you want a quick way to install misp-modules, the installation via ‘uv’ is super easy.
#misp #cti #opensource #threatintel
@misp
https://misp.github.io/misp-modules/install/
#misp #cti #opensource #threatintel
@misp
https://misp.github.io/misp-modules/install/
December 10, 2025 at 1:08 PM
If you want a quick way to install misp-modules, the installation via ‘uv’ is super easy.
#misp #cti #opensource #threatintel
@misp
https://misp.github.io/misp-modules/install/
#misp #cti #opensource #threatintel
@misp
https://misp.github.io/misp-modules/install/
Reposted by Alexandre Dulaunoy
React2Shell blog update 🚨 compromised Next.js nodes are rapidly being enlisted into botnets; threat actor activity reaches ~80 source countries; and more […]
Original post on infosec.exchange
infosec.exchange
December 9, 2025 at 5:20 PM
React2Shell blog update 🚨 compromised Next.js nodes are rapidly being enlisted into botnets; threat actor activity reaches ~80 source countries; and more […]
# GCVE-BCP-02 Published - Version 1.3 (2025-12-09)
We’re pleased to announce the publication of **GCVE-BCP-02 – Practical Guide to Vulnerability Handling and Disclosure** , now available in its **version 1.3**.
This Best Current Practice document provides actionable guidance for organisations […]
We’re pleased to announce the publication of **GCVE-BCP-02 – Practical Guide to Vulnerability Handling and Disclosure** , now available in its **version 1.3**.
This Best Current Practice document provides actionable guidance for organisations […]
Original post on infosec.exchange
infosec.exchange
December 9, 2025 at 9:12 AM
# GCVE-BCP-02 Published - Version 1.3 (2025-12-09)
We’re pleased to announce the publication of **GCVE-BCP-02 – Practical Guide to Vulnerability Handling and Disclosure** , now available in its **version 1.3**.
This Best Current Practice document provides actionable guidance for organisations […]
We’re pleased to announce the publication of **GCVE-BCP-02 – Practical Guide to Vulnerability Handling and Disclosure** , now available in its **version 1.3**.
This Best Current Practice document provides actionable guidance for organisations […]
We’ve updated the draft GCVE BCP-05 standard to introduce flexible record types, making it easier to extend, enrich, and structure security advisories.
Comments are more than welcome!
#gcve #cve #vulnerability #openstandard
@gcve
@circl
🔗 […]
Comments are more than welcome!
#gcve #cve #vulnerability #openstandard
@gcve
@circl
🔗 […]
Original post on infosec.exchange
infosec.exchange
December 6, 2025 at 4:18 PM
We’ve updated the draft GCVE BCP-05 standard to introduce flexible record types, making it easier to extend, enrich, and structure security advisories.
Comments are more than welcome!
#gcve #cve #vulnerability #openstandard
@gcve
@circl
🔗 […]
Comments are more than welcome!
#gcve #cve #vulnerability #openstandard
@gcve
@circl
🔗 […]
Reposted by Alexandre Dulaunoy
FML we have daft 10 IPs slinging the RSC/Next.js exploit along with one of the oddest JA4t hashes I've seen in a while.
someone(s) burned new infra to do so, too.
if any org gets compromised from an opportunistic campaign (like this) they fully deserve the […]
[Original post on mastodon.social]
someone(s) burned new infra to do so, too.
if any org gets compromised from an opportunistic campaign (like this) they fully deserve the […]
[Original post on mastodon.social]
December 5, 2025 at 6:20 AM
FML we have daft 10 IPs slinging the RSC/Next.js exploit along with one of the oddest JA4t hashes I've seen in a while.
someone(s) burned new infra to do so, too.
if any org gets compromised from an opportunistic campaign (like this) they fully deserve the […]
[Original post on mastodon.social]
someone(s) burned new infra to do so, too.
if any org gets compromised from an opportunistic campaign (like this) they fully deserve the […]
[Original post on mastodon.social]
ML-KEM Mythbusting
"There have been some recent concerns about ML-KEM, NIST’s standard for encryption with Post-Quantum Cryptography, related standards of the IETF, and lots of conspiracy theories about malicious actors subverting the standardization process. "
#pqc #pqcrypto #cybersecurity […]
"There have been some recent concerns about ML-KEM, NIST’s standard for encryption with Post-Quantum Cryptography, related standards of the IETF, and lots of conspiracy theories about malicious actors subverting the standardization process. "
#pqc #pqcrypto #cybersecurity […]
Original post on infosec.exchange
infosec.exchange
December 5, 2025 at 5:30 AM
ML-KEM Mythbusting
"There have been some recent concerns about ML-KEM, NIST’s standard for encryption with Post-Quantum Cryptography, related standards of the IETF, and lots of conspiracy theories about malicious actors subverting the standardization process. "
#pqc #pqcrypto #cybersecurity […]
"There have been some recent concerns about ML-KEM, NIST’s standard for encryption with Post-Quantum Cryptography, related standards of the IETF, and lots of conspiracy theories about malicious actors subverting the standardization process. "
#pqc #pqcrypto #cybersecurity […]
“A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes […]
Original post on infosec.exchange
infosec.exchange
December 3, 2025 at 7:58 PM
“A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes […]
Always look at the credits in CVE records, they’re full of insightful details.
I particularly enjoyed this one. By the way, in Vulnerability Lookup we also have a nice display of the actual credits: finder, coordinator, and so on.
🔗 […]
[Original post on infosec.exchange]
I particularly enjoyed this one. By the way, in Vulnerability Lookup we also have a nice display of the actual credits: finder, coordinator, and so on.
🔗 […]
[Original post on infosec.exchange]
December 3, 2025 at 5:30 AM
Always look at the credits in CVE records, they’re full of insightful details.
I particularly enjoyed this one. By the way, in Vulnerability Lookup we also have a nice display of the actual credits: finder, coordinator, and so on.
🔗 […]
[Original post on infosec.exchange]
I particularly enjoyed this one. By the way, in Vulnerability Lookup we also have a nice display of the actual credits: finder, coordinator, and so on.
🔗 […]
[Original post on infosec.exchange]
Reposted by Alexandre Dulaunoy
"Cornell Tech has received more than $7 million from Schmidt Sciences and NASA to upgrade arXiv, an open-access research repository of more than 2.8 million articles. "
It's great news for arXiv. I'm just wondering why they want actually move to the cloud:
"finish migrating to cloud […]
It's great news for arXiv. I'm just wondering why they want actually move to the cloud:
"finish migrating to cloud […]
Original post on paperbay.org
paperbay.org
December 3, 2025 at 5:05 AM
"Cornell Tech has received more than $7 million from Schmidt Sciences and NASA to upgrade arXiv, an open-access research repository of more than 2.8 million articles. "
It's great news for arXiv. I'm just wondering why they want actually move to the cloud:
"finish migrating to cloud […]
It's great news for arXiv. I'm just wondering why they want actually move to the cloud:
"finish migrating to cloud […]
End-of-Year Threat Intelligence Sightings Forecast
This report presents an analysis of Threat Intelligence (TI) Sightings aggregated from several key data sources, including social platforms, code repositories, and specialized TI feeds. The primary objective is to visually track historical […]
This report presents an analysis of Threat Intelligence (TI) Sightings aggregated from several key data sources, including social platforms, code repositories, and specialized TI feeds. The primary objective is to visually track historical […]
Original post on infosec.exchange
infosec.exchange
December 2, 2025 at 9:19 PM
End-of-Year Threat Intelligence Sightings Forecast
This report presents an analysis of Threat Intelligence (TI) Sightings aggregated from several key data sources, including social platforms, code repositories, and specialized TI feeds. The primary objective is to visually track historical […]
This report presents an analysis of Threat Intelligence (TI) Sightings aggregated from several key data sources, including social platforms, code repositories, and specialized TI feeds. The primary objective is to visually track historical […]
Reposted by Alexandre Dulaunoy
RE: https://infosec.exchange/@adulau/115622293588547967
If any research team wants to do this on-the-regular (we get scads of unsolicited SNMP every day — see next post in thread) lemm know.
If any research team wants to do this on-the-regular (we get scads of unsolicited SNMP every day — see next post in thread) lemm know.
We’ve published new research from the EU co-funded project NGSOTI: “Learning from large-scale IPv4 blackhole: Behavioral analysis of SNMP traffic”.
Over a 12-month period (Nov 2024–Oct 2025), our network telescope captured ~634 million unsolicited SNMP queries from more than 153,000 unique IPv4 […]
Over a 12-month period (Nov 2024–Oct 2025), our network telescope captured ~634 million unsolicited SNMP queries from more than 153,000 unique IPv4 […]
Original post on infosec.exchange
infosec.exchange
November 27, 2025 at 6:39 PM
RE: https://infosec.exchange/@adulau/115622293588547967
If any research team wants to do this on-the-regular (we get scads of unsolicited SNMP every day — see next post in thread) lemm know.
If any research team wants to do this on-the-regular (we get scads of unsolicited SNMP every day — see next post in thread) lemm know.
Reposted by Alexandre Dulaunoy
We’ve published new research from the EU co-funded project NGSOTI: “Learning from large-scale IPv4 blackhole: Behavioral analysis of SNMP traffic”.
Over a 12-month period (Nov 2024–Oct 2025), our network telescope captured ~634 million unsolicited SNMP queries from more than 153,000 unique IPv4 […]
Over a 12-month period (Nov 2024–Oct 2025), our network telescope captured ~634 million unsolicited SNMP queries from more than 153,000 unique IPv4 […]
Original post on infosec.exchange
infosec.exchange
November 27, 2025 at 3:10 PM
We’ve published new research from the EU co-funded project NGSOTI: “Learning from large-scale IPv4 blackhole: Behavioral analysis of SNMP traffic”.
Over a 12-month period (Nov 2024–Oct 2025), our network telescope captured ~634 million unsolicited SNMP queries from more than 153,000 unique IPv4 […]
Over a 12-month period (Nov 2024–Oct 2025), our network telescope captured ~634 million unsolicited SNMP queries from more than 153,000 unique IPv4 […]
We’ve published new research from the EU co-funded project NGSOTI: “Learning from large-scale IPv4 blackhole: Behavioral analysis of SNMP traffic”.
Over a 12-month period (Nov 2024–Oct 2025), our network telescope captured ~634 million unsolicited SNMP queries from more than 153,000 unique IPv4 […]
Over a 12-month period (Nov 2024–Oct 2025), our network telescope captured ~634 million unsolicited SNMP queries from more than 153,000 unique IPv4 […]
Original post on infosec.exchange
infosec.exchange
November 27, 2025 at 3:10 PM
We’ve published new research from the EU co-funded project NGSOTI: “Learning from large-scale IPv4 blackhole: Behavioral analysis of SNMP traffic”.
Over a 12-month period (Nov 2024–Oct 2025), our network telescope captured ~634 million unsolicited SNMP queries from more than 153,000 unique IPv4 […]
Over a 12-month period (Nov 2024–Oct 2025), our network telescope captured ~634 million unsolicited SNMP queries from more than 153,000 unique IPv4 […]
MISP core format has been updated with a new field to track first-time publication, and a new IETF Internet-Draft has been published.
This minor, fully backward-compatible addition reinforces the long-term stability and extensibility of the MISP standard format.
#cti #opensource #openstandard […]
This minor, fully backward-compatible addition reinforces the long-term stability and extensibility of the MISP standard format.
#cti #opensource #openstandard […]
Original post on infosec.exchange
infosec.exchange
November 26, 2025 at 9:11 PM
MISP core format has been updated with a new field to track first-time publication, and a new IETF Internet-Draft has been published.
This minor, fully backward-compatible addition reinforces the long-term stability and extensibility of the MISP standard format.
#cti #opensource #openstandard […]
This minor, fully backward-compatible addition reinforces the long-term stability and extensibility of the MISP standard format.
#cti #opensource #openstandard […]
Reposted by Alexandre Dulaunoy
I have more like a "confuse @neurovagrant" thing today.
Was staring into the expanse that is the untagged sessions in our fleet and eventually plotted a course towards the ICMP system, which eventually led me to a planet that was beaconing with some oddly […]
[Original post on mastodon.social]
Was staring into the expanse that is the untagged sessions in our fleet and eventually plotted a course towards the ICMP system, which eventually led me to a planet that was beaconing with some oddly […]
[Original post on mastodon.social]
November 22, 2025 at 11:47 AM
I have more like a "confuse @neurovagrant" thing today.
Was staring into the expanse that is the untagged sessions in our fleet and eventually plotted a course towards the ICMP system, which eventually led me to a planet that was beaconing with some oddly […]
[Original post on mastodon.social]
Was staring into the expanse that is the untagged sessions in our fleet and eventually plotted a course towards the ICMP system, which eventually led me to a planet that was beaconing with some oddly […]
[Original post on mastodon.social]
Matching Algorithm with Recursively Implemented StorAge (MARISA) is a space-efficient, fairly fast, and static trie data structure. MARISA serves as a dictionary structure, and by definition, it supports exact match lookup, which is the basic operation of dictionary. In addition, MARISA supports […]
Original post on infosec.exchange
infosec.exchange
November 20, 2025 at 9:48 PM
Matching Algorithm with Recursively Implemented StorAge (MARISA) is a space-efficient, fairly fast, and static trie data structure. MARISA serves as a dictionary structure, and by definition, it supports exact match lookup, which is the basic operation of dictionary. In addition, MARISA supports […]
November 18, 2025 at 9:08 PM
While testing some new misp-modules, such as the OpenAPI interface, I discovered a strange behavior in Firefox when trying to reach TCP port 6666, which is the default port used by misp-modules.
It seems Firefox blocks access to a predefined list of TCP ports, and this has been in place for […]
It seems Firefox blocks access to a predefined list of TCP ports, and this has been in place for […]
Original post on infosec.exchange
infosec.exchange
November 18, 2025 at 11:29 AM
While testing some new misp-modules, such as the OpenAPI interface, I discovered a strange behavior in Firefox when trying to reach TCP port 6666, which is the default port used by misp-modules.
It seems Firefox blocks access to a predefined list of TCP ports, and this has been in place for […]
It seems Firefox blocks access to a predefined list of TCP ports, and this has been in place for […]
Reposted by Alexandre Dulaunoy
Seeing open source and privacy companies having Discord as there support channel feels like a vegan community meeting at a steak house for events.
November 7, 2025 at 1:30 PM
Seeing open source and privacy companies having Discord as there support channel feels like a vegan community meeting at a steak house for events.
GCVE-BCP-05 - GCVE Vulnerability Format (Updated CVE Record Format) has been published as DRAFT and ready for public review.
The standard is similar to the @cve record format with some extensions (via the `X_` prefixes) for GCVE format and the reference implementation vulnerability-lookup. This […]
The standard is similar to the @cve record format with some extensions (via the `X_` prefixes) for GCVE format and the reference implementation vulnerability-lookup. This […]
Original post on infosec.exchange
infosec.exchange
November 11, 2025 at 6:57 AM
GCVE-BCP-05 - GCVE Vulnerability Format (Updated CVE Record Format) has been published as DRAFT and ready for public review.
The standard is similar to the @cve record format with some extensions (via the `X_` prefixes) for GCVE format and the reference implementation vulnerability-lookup. This […]
The standard is similar to the @cve record format with some extensions (via the `X_` prefixes) for GCVE format and the reference implementation vulnerability-lookup. This […]
We presented “Advancing Vulnerability Tracking and Disclosure Through an Open and Distributed Platform” at the excellent @UYBHYS
#cve #vulnerability #opensource #vulnerabilitymanagement #cybersecurity
🔗 https://www.vulnerability-lookup.org/2025/11/08/unlock-your-brain-2025/
#cve #vulnerability #opensource #vulnerabilitymanagement #cybersecurity
🔗 https://www.vulnerability-lookup.org/2025/11/08/unlock-your-brain-2025/
Advancing Vulnerability Tracking and Disclosure Through an Open and Distributed Platform at Unlock Your Bain conference
Slides: Advancing Vulnerability Tracking and Disclosure Through an Open and Distributed Platform We presented “Advancing Vulnerability Tracking and Disclosure Through an Open and Distributed Platform” at the excellent Unlock Your Brain conference. A well-organised and welcoming event, Unlock Your Brain brings together a great mix of researchers, practitioners, and open-source enthusiasts—making it a perfect place to exchange ideas on vulnerability tracking and disclosure. Download the slides: https://www.vulnerability-lookup.org/files/events/2025/presentation-unlockyourbrain.pdf
www.vulnerability-lookup.org
November 8, 2025 at 2:25 PM
We presented “Advancing Vulnerability Tracking and Disclosure Through an Open and Distributed Platform” at the excellent @UYBHYS
#cve #vulnerability #opensource #vulnerabilitymanagement #cybersecurity
🔗 https://www.vulnerability-lookup.org/2025/11/08/unlock-your-brain-2025/
#cve #vulnerability #opensource #vulnerabilitymanagement #cybersecurity
🔗 https://www.vulnerability-lookup.org/2025/11/08/unlock-your-brain-2025/
Reposted by Alexandre Dulaunoy
py5sig build automatically 5G signalling messages and fuzz SBI interfaces
Pretty cool stuff seen at the @UYBHYS workshop
#5g #fuzzing #opensource #cybersecurity
🔗 https://github.com/ANSSI-FR/py5sig
Pretty cool stuff seen at the @UYBHYS workshop
#5g #fuzzing #opensource #cybersecurity
🔗 https://github.com/ANSSI-FR/py5sig
GitHub - ANSSI-FR/py5sig: py5sig build automatically 5G signalling messages and fuzz SBI interfaces
py5sig build automatically 5G signalling messages and fuzz SBI interfaces - ANSSI-FR/py5sig
github.com
November 7, 2025 at 2:42 PM
py5sig build automatically 5G signalling messages and fuzz SBI interfaces
Pretty cool stuff seen at the @UYBHYS workshop
#5g #fuzzing #opensource #cybersecurity
🔗 https://github.com/ANSSI-FR/py5sig
Pretty cool stuff seen at the @UYBHYS workshop
#5g #fuzzing #opensource #cybersecurity
🔗 https://github.com/ANSSI-FR/py5sig
py5sig build automatically 5G signalling messages and fuzz SBI interfaces
Pretty cool stuff seen at the @UYBHYS workshop
#5g #fuzzing #opensource #cybersecurity
🔗 https://github.com/ANSSI-FR/py5sig
Pretty cool stuff seen at the @UYBHYS workshop
#5g #fuzzing #opensource #cybersecurity
🔗 https://github.com/ANSSI-FR/py5sig
GitHub - ANSSI-FR/py5sig: py5sig build automatically 5G signalling messages and fuzz SBI interfaces
py5sig build automatically 5G signalling messages and fuzz SBI interfaces - ANSSI-FR/py5sig
github.com
November 7, 2025 at 2:42 PM
py5sig build automatically 5G signalling messages and fuzz SBI interfaces
Pretty cool stuff seen at the @UYBHYS workshop
#5g #fuzzing #opensource #cybersecurity
🔗 https://github.com/ANSSI-FR/py5sig
Pretty cool stuff seen at the @UYBHYS workshop
#5g #fuzzing #opensource #cybersecurity
🔗 https://github.com/ANSSI-FR/py5sig
The MISP Galaxy now includes an updated knowledge base of UAVs and drones covering both civilian and military models.
It comes with detailed attributes such as manufacturer, cost, and technical specs.
You can now easily classify, model, and share […]
[Original post on infosec.exchange]
It comes with detailed attributes such as manufacturer, cost, and technical specs.
You can now easily classify, model, and share […]
[Original post on infosec.exchange]
November 6, 2025 at 4:45 PM
The MISP Galaxy now includes an updated knowledge base of UAVs and drones covering both civilian and military models.
It comes with detailed attributes such as manufacturer, cost, and technical specs.
You can now easily classify, model, and share […]
[Original post on infosec.exchange]
It comes with detailed attributes such as manufacturer, cost, and technical specs.
You can now easily classify, model, and share […]
[Original post on infosec.exchange]