Blog

We are hiring!

We are looking for a new colleague to help us on a project related to social engineering.

Read more
Detect unused composer dependencies

If you are using composer to manage the dependencies of your PHP project (and you certainly should), it is very easy to end up using a lot of dependencies. And if your project lives long enough, some (or lots of them) will not be used anymore.

Read more
COVID-19 Tracking Application

Most of the countries around the world are in a more or less hard lockdown. In Europe, some countries are gradually starting to allow certain sports outings, visiting family or opening certain stores. An important fear is a possible second wave of contamination. To prevent that, some governments provide a mobile application to track the virus spreading.

Read more
How to aggregate scores in a multi-heuristic detection system : A comparison between WOWA and Neural Networks

Cyber-attacks are becoming increasingly complex and therefore require more sophisticated detection systems. A lot of these are actually combine multiple detection algorithms. A crucial step is then to aggregate all detection scores correctly.

Read more
COVID-19 Android Malware

During each crisis, some people use the fear of the population to make benefit. Unfortunately, the COVID-19 crisis is not an exception. There are a lot of different scams related to COVID-19. And a place where it is easy to perform these scams is on the Internet. Globally, the methods used are the same as before the crisis, but currently, the word, Coronavirus, COVID-19,... inspire fear. Fear lowers the level of caution for a lot of people. The possibility that a phishing campaign works is greater now than a few months ago, for example.

Read more
Simulate user activity with the GHOSTS framework : Introduction

When we want to test some detection algorithm we are developing, or we want to prepare a nice in-depth exercise for our students, we need to set up an ecosystem that closely resembles that of the real world. This can lead to some difficulties as in a real network we have multiple users, each with the own computer, surfing the net, working with files, or typing commands and sending requests to the network's centralized server. It could pose a big challenge to model this if we don't have a group of people available who we can task with sitting behind a computer and clicking on their mouse every so often to simulate real computer behaviour. There are tools available that help automate that, but in most cases they can be quite rudimentary.

Read more
Implement CRUD operations in Laravel, and automatic code generation

When working with model objects in Laravel, you will typically have to implement the CRUD operations: Create, Read, Update and Delete objects from the database. To support these operations you will need to write:

Read more
Man-In-The-Middle (MITM) with arpspoof

In this post we show how to easily perform a L2 man-in-the-middle attack using arpspoof on a standard Ubuntu computer...

Read more
Mobile Device Security Training

On Wednesday 15 April 2020, we are organizing a special training session dedicated to Mobile Devices Security.

Read more
Decompile and modify an Android application

Usually, Android applications are written in Java (or, now, in Javascript) and compiled in a Dalvik bytecode (DEX file). Then, the bytecode is interpreted and executed by the Dalvik Virtual Machine.

Read more
Cyber Range release 0.0.22

Today we released version 0.0.22 of our Cyber Range tool.

Read more
Stealthy website scanning thanks to archive.org

Scanning a website is an important step of the reconnaissance phase. Different tools, like BlackWidow, can automate the process. We present here another tool that allows to scan a website without leaving traces on the target servers : waybackurls.

Read more
Laravel : Quickstart

Laravel is an extremely powerful PHP framework for building web applications, but the first steps can be quite intimidating. In this tutorial we guide you through the first steps to get you started as a breeze.

Read more
Find secret API token in Android application

In May 2019, Google announced there are 2.5 billion active Android devices. Thereby, most companies develop their own application. Not only the richest companies like Google, Facebook, Amazon,... but also a lot of smaller businesses.

Read more
Static code analysis in PHP (and GitLab)

In the PHP toolbox for testing, you'll often find phpunit for unit testing, PHP_CodeSniffer for code style analysis, and here we present PHPStan for static code analysis.

Read more
Information gathering with BlackWidow

BlackWidow is a python script that automatically crawls a website to gather information like phone numbers, email addresses, form URL's etc. Very useful during the reconnaissance phase!

Read more
Manage VirtualBox with PHP

phpVirtualBox is a well known web interface for managing virtual machines. There is however another less known library that allows to manage virtual machines from your own PHP applications : php-vbox-api. The API allows you to do stuff like:

Read more
Understanding Laravel middleware : admin users

In Laravel, a Middleware is basically a piece of code that should be executed for every http request. Middlewares are typically used to:

Read more