Alexandre Dulaunoy

@[email protected]
2.8K Followers
3.4K Following
2.2K Posts

Enjoy when humans are using machines in unexpected ways. I break stuff and I do stuff.

The other side is at @a (photography, art and free software at large)

#infosec #opensource #threatintelligence #fedi22 #threatintel #searchable

Websitehttps://www.foo.be
GitHubhttps://github.com/adulau
Matrix@adulau:matrix.circl.lu
ORCIDhttps://orcid.org/0000-0002-5437-4652
PGP FP6BB5 6353 1D99 F112 4C00 8C4F 815D 4786 1ECB 73D5
Other Mastodonhttps://paperbay.org/@a
Alexandre Dulaunoy47m ago
circl48m ago

Checkpoint - User Authentication Bypass in VPN Remote Access and Mobile Access

#checkpoint #vulnerabilitymanagement #vulnerability

https://vulnerability.circl.lu/vuln/CVE-2026-50751

Vulnerability-Lookup

Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.

Alexandre Dulaunoy1d ago
gcve.eu1d ago

Introducing CPE.GCVE.EU: A collaborative catalog for vendors, products, CPEs and PURLs

#cve #cpe #gcve #opendata #opensource
#cybersecurity #vulnerabilitymanagement

https://gcve.eu/2026/06/02/introducing-cpe.gcve.eu-a-collaborative-catalog-for-vendors-products-cpes-and-purls/

Introducing CPE.GCVE.EU: A collaborative catalog for vendors, products, CPEs and PURLs

CPE.GCVE.EU provides a browsable, searchable and collaborative catalog of vendors, products, CPEs and their relationships with GCVE and PURL data.

Alexandre Dulaunoy2d ago

Sovereignty Is Engineered, Not Procured

Europe often asks whether it can build a company like Palantir: a software champion capable of serving intelligence, defence, law enforcement, crisis response, cyber defence, and public-sector decision-making at scale.

The usual answer is that Europe lacks data, capital, talent, or legal room. I do not think this is the full story.

The capacity is there. The data is there. The technical talent is there. The public-sector problems are real, urgent, and interesting. What is often missing is the will to tackle complex programmes seriously, over time, with teams that are allowed to build, fail, iterate, and take responsibility.

Europe does not need a Palantir clone. It needs the capacity to build strategic software for intelligence and security missions without outsourcing the core of its thinking.

#opensource #intelligence #cybersecurity #palantir #europe #sovereignty #intelligence

🔗 My full blog post about the topic https://foo.be/2026/06/Sovereignty-Is-Engineered-Not-Procured

Sovereignty Is Engineered, Not Procured

Personal webpage of Alexandre Dulaunoy - from information security to open source and art

Alexandre Dulaunoy - adulau - Home Page
Alexandre Dulaunoy4d ago

What’s the difference between an API and an agent?

An API is consistent, deterministic, and scoped.
An agent is probabilistic, non-deterministic, and occasionally chaotic.

An agent adds some spice to your life.

Will you choose the boring, predictable life or the cool, chaotic one?

#ai #ia

Alexandre Dulaunoy5d ago

Not sure I’m allowed to leak this yet, but the new MISP dashboard is kind of crazy.

We didn’t just refresh the old one, we rewrote it completely, and it comes with a whole set of new features and capabilities that change the game quite a bit.

#misp #cti #dashboard #opensource

@misp

Alexandre Dulaunoy6d ago
gcve.euJun 1

GCVE released cpe.gcve.eu - a collaborative CPE editing platform for transparent vulnerability data.

The service is still in beta and feedback is more than welcome.

🔗 https://cpe.gcve.eu/

#cpe #cve #vulnerabilitymanagement #vulnerability #gcve

Alexandre DulaunoyMay 31
jose lopes estevesMay 31
European GNURadio days to be held in France in 2026 https://gnuradiodays.sciencesconf.org/?lang=en
European GNU Radio Days 2026 - Sciencesconf.org

Sciencesconf.org

Alexandre DulaunoyMay 31

I’m wondering why @dnsoarc is limiting potential new contributions to their project just because they are AI-assisted.

Many valuable tools support development today, including code review and security review. The copyright argument feels similar to the one behind CLAs: an unsuccessful attempt to control the origin of the code, or even the author’s ability to re-implement a specific idea with or without external tools.

#ai #opensource #copyright

https://codeberg.org/DNS-OARC#artificial-intelligence-and-large-language-model-contributions-policy

Alexandre DulaunoyMay 30

IETF I-D updated - Programming Methodology Framework aka PMF

This update includes "Swearwords and Software Engineering"

#update #computerscience #methodology #programming

🔗 https://datatracker.ietf.org/doc/draft-dulaunoy-programming-methodology-framework/

Programming Methodology Framework aka PMF

This document describes the Programming Methodology Framework, also known as the PMF methodology. The methodology is based on the manifesto written by Zed A. Shaw [PROGRAMMING-MF-MANIFESTO], which describes a natural approach to software engineering with a strong focus on the act of programming. The PMF methodology uses a neutral name to provide a non-partisan reference for official engineering or project documents describing one of the most widely used software engineering methodologies.

IETF Datatracker
Alexandre DulaunoyMay 29

The synthetic exercise world format now includes a nice map.

So no one can blame us when you conduct an exercise: everything is fictional ;-) Yes, we’ve had cases like this during threat intelligence exercises.

All Synthetic Exercise World - Self-contained fictional world dataset for cyber exercises and standards documents are available at https://github.com/MISP/Synthetic-Exercise-World-Format

#cti #cyberexercise #exercise #threatintelligence #opensource