Blog
Password guessing with Hydra
A password is like a "key" used to open a specific door or vault. In this vault, there can be different personal documents, pictures, banking information... It is obvious that a user wants its personal documents secure. If the "key", therefore the password, is easy to find, the vault can be as strong as you want, it will be easy to open it.
Read moreInstall Volatility on Debian, Ubuntu & Mint
In this blog post we show how to install the latest (GIT) version of Volatility memory forensics framework on Debian, Ubuntu or Mint.
Read moreCompute code coverage for a multi-module maven project with Jacoco
In a previous blog post, we showed how to use Jacoco to check the code coverage of your tests in a maven Java project. If your project is substantial, you will have multiple maven modules. So how can we compute the global code coverage?
Read moreTest your Laravel project with GitLab
So you have a Laravel project, and as a good programmer you are using GitLab to manage your code, and you started implementing some phpunit tests. But how to run these tests in GitLab?
Read moreMeasure ambient temperature with TEMPer and Linux
TEMPer is a temperature sensor that you can plug on the USB port of your computer or server. You can find it online for less than 10 euro, so it is quite cheap, but it is actually very accurate. And here is how to use it on a Linux system.
Read moreCompute the code coverage of your tests with java and maven
So you have a java project, and Junit tests. But which lines of your code are correctly tested, and more importantly, which lines are not tested?
Read moreBuild a bare-metal kubernetes cluster
kubernetes is a very powerful system, with a lot of available plugins to handle different situations. That's why tools like minikube exist that handle the whole configuration for you. In this blog post we show you how it works under the hood, and how to manually configure a kubernetes cluster.
Read moreLaravel & Vue.js: Quickstart
Vue.js is an open-source JavaScript framework that lets you extend HTML elements with embedded JS and CSS to easily create complex user interfaces and single page applications. Easy to integrate with Laravel, this is the perfect combination to draw a line between the front and the back ends while making them both powerful.
Read moreWelcome to our new researcher!
Today we are welcoming a new colleague! He will work on phishing prevention techniques.
Read morePwndrop - Self-hosting payloads
A tedious step for all red-teamers is set up a system to upload payloads on the victim's machine. Kuba Gretzky, the author of Evilginx, released a nice tool to simplify this task.
Read moreDockerize your Laravel app - part 2 : GitLab and multi-stage build
When dockerizing an application, the main goal is to keep images small. Hence the build process should be split in 2 steps:
Read moreDockerize your Laravel app
For this tutorial we will start with a very simple Laravel app that has no database, or that uses a sqlite database located in the storage directory. The main goal is to show you the main pitfalls to keep in mind when dockerizing a Laravel application.
Read moreSetting up a watering hole attack with metasploit
In recent years we have witnessed multiple organised attacks against countries and companies using malicious code that was distributed via a legitimate website. These types of attacks are called "watering hole attacks" as they target well known and used websites and compromising them. You could compare this to dumping poison or other dangerous chemicals in a pond or well, where your intentions are to target any and all that use that source. One of the more famous such attacks was the CCleaner Watering Hole attack, which used the well-known tool CCleaner to distribute its malicious code.
Read moreStatic code analysis for Laravel
In a previous blog post we presented PHPStan, a static code analyzer for PHP. If you are developing a Laravel application, you can of course use PHPStan to validate your code. However, Laravel has a lot of subtleties and auto-magic that make static code analysis challenging. This is where Larastan comes into play: a wrapper around PHPStan that adds support specifically for Laravel.
Read moreSimulate user activity with the GHOSTS framework: Client set-up and Timelines
In part I of our look into the GHOSTS framework, we managed to set up the GHOSTS servers on our computer and connect a simple Windows VM, running the client code, to the GHOSTS API server. The next step is to configure properly our Windows Client to simulate the activity of a real user. To do that we will set up multiple programs and tools that can be run automatically and define their behaviour.
Read moreOWASP Dependency Check for Java
Besides avoiding bug and vulnerabilities in your own code base, creating a secure app requires you make sure that your app doesn't rely on a library that contains vulnerabilities. In any modern project, you will have hundreds of them! Here comes OWASP dependency check to the rescue!
Read moreMASFAD 2 at EDA CapTech Cyber
Today we are proud to present the Multi-Agent System for APT Detection project (MASFAD 2) at the first meeting of the Capability Technology Area Cyber (CapTech Cyber) of the European Defense Agency (EDA).
Read morePublish GitLab notifications to Mattermost
Mattermost is a wonderful messaging and collaboration tool for developer teams. It is also a great open source alternative to Slack. In this short blog post we show how to connect Mattermost and GitLab together.
Read more