Blog

Laravel & Vue.js: Quickstart

Vue.js is an open-source JavaScript framework that lets you extend HTML elements with embedded JS and CSS to easily create complex user interfaces and single page applications. Easy to integrate with Laravel, this is the perfect combination to draw a line between the front and the back ends while making them both powerful.

Read more
Welcome to our new researcher!

Today we are welcoming a new colleague! He will work on phishing prevention techniques.

Read more
Pwndrop - Self-hosting payloads

A tedious step for all red-teamers is set up a system to upload payloads on the victim's machine. Kuba Gretzky, the author of Evilginx, released a nice tool to simplify this task.

Read more
Dockerize your Laravel app - part 2 : GitLab and multi-stage build

When dockerizing an application, the main goal is to keep images small. Hence the build process should be split in 2 steps:

Read more
Press review

The magazine Athena mentioned us in edition 347 of May-June 2020.

Read more
Dockerize your Laravel app

For this tutorial we will start with a very simple Laravel app that has no database, or that uses a sqlite database located in the storage directory. The main goal is to show you the main pitfalls to keep in mind when dockerizing a Laravel application.

Read more
Setting up a watering hole attack with metasploit

In recent years we have witnessed multiple organised attacks against countries and companies using malicious code that was distributed via a legitimate website. These types of attacks are called "watering hole attacks" as they target well known and used websites and compromising them. You could compare this to dumping poison or other dangerous chemicals in a pond or well, where your intentions are to target any and all that use that source. One of the more famous such attacks was the CCleaner Watering Hole attack, which used the well-known tool CCleaner to distribute its malicious code.

Read more
Static code analysis for Laravel

In a previous blog post we presented PHPStan, a static code analyzer for PHP. If you are developing a Laravel application, you can of course use PHPStan to validate your code. However, Laravel has a lot of subtleties and auto-magic that make static code analysis challenging. This is where Larastan comes into play: a wrapper around PHPStan that adds support specifically for Laravel.

Read more
Simulate user activity with the GHOSTS framework: Client set-up and Timelines

In part I of our look into the GHOSTS framework, we managed to set up the GHOSTS servers on our computer and connect a simple Windows VM, running the client code, to the GHOSTS API server. The next step is to configure properly our Windows Client to simulate the activity of a real user. To do that we will set up multiple programs and tools that can be run automatically and define their behaviour.

Read more
OWASP Dependency Check for Java

Besides avoiding bug and vulnerabilities in your own code base, creating a secure app requires you make sure that your app doesn't rely on a library that contains vulnerabilities. In any modern project, you will have hundreds of them! Here comes OWASP dependency check to the rescue!

Read more
MASFAD 2 at EDA CapTech Cyber

Today we are proud to present the Multi-Agent System for APT Detection project (MASFAD 2) at the first meeting of the Capability Technology Area Cyber (CapTech Cyber) of the European Defense Agency (EDA).

Read more
Publish GitLab notifications to Mattermost

Mattermost is a wonderful messaging and collaboration tool for developer teams. It is also a great open source alternative to Slack. In this short blog post we show how to connect Mattermost and GitLab together.

Read more
We are hiring!

We are looking for a new colleague to help us on a project related to social engineering.

Read more
Detect unused composer dependencies

If you are using composer to manage the dependencies of your PHP project (and you certainly should), it is very easy to end up using a lot of dependencies. And if your project lives long enough, some (or lots of them) will not be used anymore.

Read more
COVID-19 Tracking Application

Most of the countries around the world are in a more or less hard lockdown. In Europe, some countries are gradually starting to allow certain sports outings, visiting family or opening certain stores. An important fear is a possible second wave of contamination. To prevent that, some governments provide a mobile application to track the virus spreading.

Read more
How to aggregate scores in a multi-heuristic detection system : A comparison between WOWA and Neural Networks

Cyber-attacks are becoming increasingly complex and therefore require more sophisticated detection systems. A lot of these are actually combine multiple detection algorithms. A crucial step is then to aggregate all detection scores correctly.

Read more
COVID-19 Android Malware

During each crisis, some people use the fear of the population to make benefit. Unfortunately, the COVID-19 crisis is not an exception. There are a lot of different scams related to COVID-19. And a place where it is easy to perform these scams is on the Internet. Globally, the methods used are the same as before the crisis, but currently, the word, Coronavirus, COVID-19,... inspire fear. Fear lowers the level of caution for a lot of people. The possibility that a phishing campaign works is greater now than a few months ago, for example.

Read more
Simulate user activity with the GHOSTS framework : Introduction

When we want to test some detection algorithm we are developing, or we want to prepare a nice in-depth exercise for our students, we need to set up an ecosystem that closely resembles that of the real world. This can lead to some difficulties as in a real network we have multiple users, each with the own computer, surfing the net, working with files, or typing commands and sending requests to the network's centralized server. It could pose a big challenge to model this if we don't have a group of people available who we can task with sitting behind a computer and clicking on their mouse every so often to simulate real computer behaviour. There are tools available that help automate that, but in most cases they can be quite rudimentary.

Read more
Implement CRUD operations in Laravel, and automatic code generation

When working with model objects in Laravel, you will typically have to implement the CRUD operations: Create, Read, Update and Delete objects from the database. To support these operations you will need to write:

Read more