Blog
We are hiring!
We are looking for a new colleague to help us on a project related to social engineering.
Read moreDetect unused composer dependencies
If you are using composer to manage the dependencies of your PHP project (and you certainly should), it is very easy to end up using a lot of dependencies. And if your project lives long enough, some (or lots of them) will not be used anymore.
Read moreCOVID-19 Tracking Application
Most of the countries around the world are in a more or less hard lockdown. In Europe, some countries are gradually starting to allow certain sports outings, visiting family or opening certain stores. An important fear is a possible second wave of contamination. To prevent that, some governments provide a mobile application to track the virus spreading.
Read moreHow to aggregate scores in a multi-heuristic detection system : A comparison between WOWA and Neural Networks
Cyber-attacks are becoming increasingly complex and therefore require more sophisticated detection systems. A lot of these are actually combine multiple detection algorithms. A crucial step is then to aggregate all detection scores correctly.
Read moreCOVID-19 Android Malware
During each crisis, some people use the fear of the population to make benefit. Unfortunately, the COVID-19 crisis is not an exception. There are a lot of different scams related to COVID-19. And a place where it is easy to perform these scams is on the Internet. Globally, the methods used are the same as before the crisis, but currently, the word, Coronavirus, COVID-19,... inspire fear. Fear lowers the level of caution for a lot of people. The possibility that a phishing campaign works is greater now than a few months ago, for example.
Read moreSimulate user activity with the GHOSTS framework : Introduction
When we want to test some detection algorithm we are developing, or we want to prepare a nice in-depth exercise for our students, we need to set up an ecosystem that closely resembles that of the real world. This can lead to some difficulties as in a real network we have multiple users, each with the own computer, surfing the net, working with files, or typing commands and sending requests to the network's centralized server. It could pose a big challenge to model this if we don't have a group of people available who we can task with sitting behind a computer and clicking on their mouse every so often to simulate real computer behaviour. There are tools available that help automate that, but in most cases they can be quite rudimentary.
Read moreImplement CRUD operations in Laravel, and automatic code generation
When working with model objects in Laravel, you will typically have to implement the CRUD operations: Create, Read, Update and Delete objects from the database. To support these operations you will need to write:
Read moreMan-In-The-Middle (MITM) with arpspoof
In this post we show how to easily perform a L2 man-in-the-middle attack using arpspoof on a standard Ubuntu computer...
Read moreMobile Device Security Training
On Wednesday 15 April 2020, we are organizing a special training session dedicated to Mobile Devices Security.
Read moreDecompile and modify an Android application
Usually, Android applications are written in Java (or, now, in Javascript) and compiled in a Dalvik bytecode (DEX file). Then, the bytecode is interpreted and executed by the Dalvik Virtual Machine.
Read moreStealthy website scanning thanks to archive.org
Scanning a website is an important step of the reconnaissance phase. Different tools, like BlackWidow, can automate the process. We present here another tool that allows to scan a website without leaving traces on the target servers : waybackurls.
Read moreLaravel : Quickstart
Laravel is an extremely powerful PHP framework for building web applications, but the first steps can be quite intimidating. In this tutorial we guide you through the first steps to get you started as a breeze.
Read moreFind secret API token in Android application
In May 2019, Google announced there are 2.5 billion active Android devices. Thereby, most companies develop their own application. Not only the richest companies like Google, Facebook, Amazon,... but also a lot of smaller businesses.
Read moreStatic code analysis in PHP (and GitLab)
In the PHP toolbox for testing, you'll often find phpunit for unit testing, PHP_CodeSniffer for code style analysis, and here we present PHPStan for static code analysis.
Information gathering with BlackWidow
BlackWidow is a python script that automatically crawls a website to gather information like phone numbers, email addresses, form URL's etc. Very useful during the reconnaissance phase!
MARK release 0.0.28
Today we released version 0.0.28 of our Multi-Agent Ranking Framework (MARK).
Read moreManage VirtualBox with PHP
phpVirtualBox is a well known web interface for managing virtual machines. There is however another less known library that allows to manage virtual machines from your own PHP applications : php-vbox-api. The API allows you to do stuff like:
Understanding Laravel middleware : admin users
In Laravel, a Middleware is basically a piece of code that should be executed for every http request. Middlewares are typically used to:
Read more