Enjoy when humans are using machines in unexpected ways. I break stuff and I do stuff.
The other side is at @a (photography, art and free software at large)
#infosec #opensource #threatintelligence #fedi22 #threatintel #searchable
| Website | https://www.foo.be |
| GitHub | https://github.com/adulau |
| Matrix | @adulau:matrix.circl.lu |
| ORCID | https://orcid.org/0000-0002-5437-4652 |
| PGP FP | 6BB5 6353 1D99 F112 4C00 8C4F 815D 4786 1ECB 73D5 |
| Other Mastodon | https://paperbay.org/@a |
Security Intelligence Repository with RULEZET
Building a Trusted Community for Detection Rules
First workshop presented at @firstdotorg CTI 2026 in Munich
đ source code https://github.com/rulezet/
đ online version https://rulezet.org/
#rulezet #cti #threatintelligence #threathunting #opensource #cybersecurity
@lord Ce qui y ressemble le plus, c'est le "passive DNS", que j'ai d'ailleurs utilisé pour mon article. https://datatracker.ietf.org/doc/draft-dulaunoy-dnsop-passive-dns-cof/
Mais ça peut juste enregistrer les réponses vues par la sonde. On ne peut pas récupérer les zones, la grande majorité des serveurs ne le permet pas.
This document describes a common output format of Passive DNS servers that clients can query. The output format description also includes a common semantic for each Passive DNS system. By having multiple Passive DNS Systems adhere to the same output format for queries, users of multiple Passive DNS servers will be able to combine result sets easily.
Life is full of paradoxes. We spend countless time discussing threat actors using AI and in 2026 some are still relying on PlugX.
AIs have been finding bugs and vulnerabilities in #curl for some time.
Is it work to fix those? Yes.
Has someone paid for this? Partially (wolfSSL and @sovtechfund)
Are the AIs annoying? Yes, very.
Could humans find the same bugs? Yes, if theyâd somehow avoid being bored to death through it.
Was there something âheartbleedâ like? No.
Were there lots of C mistakes? No, logic bugs mostly.
Do AIs run out of steam? Yes. After a while a model stops finding things. Findings differ per model.
VulnMCP can now leverage multiple skills to classify vulnerability descriptions written in English, Russian, or Chinese.
https://github.com/vulnerability-lookup/VulnMCP
#AI #Orchestration #NLP #MCP #VulnerabilityLookup #Vulnerability #CVE #GCVE #Agentic #Python #OpenSource #Transformers
GCVE is not only designed for distributed vulnerability publication and correlation across multiple sources. It already provides automatic vulnerability classification capabilities through the broader Vulnerability-Lookup ecosystem. In particular, GCVE can rely on VL-AI to automatically estimate vulnerability severity from historical data, giving defenders an immediate first-pass assessment even when no manually curated score is yet available.
đ https://gcve.eu/2026/04/17/automatic-vulnerability-intelligence/
Tiens, le NIST a décidé, à partir d'aujourd'hui, d'enrichir uniquement les vulns du KEV et des logiciels critiques pour focaliser la qualité du travail sur les failles à grand impact potentiel.
Le reste sera toujours tracé mais pas enrichie et finalement privé du tant discuté score d'appréciation CVSS
đ
https://www.nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-cve-growth
Fun fact : Vulnerability-Lookup et donc aussi la Global CVE Allocation System (GCVE) a automatisé cette tùche chronophage d'évaluation de sévérité grùce à un modÚle entraßné sur les données historiques, avec une précision estimée à 82,9 %.
đ
https://www.vulnerability-lookup.org/files/events/2025/Vuln4Cast-Cambridge-2025.pdf
đ
https://arxiv.org/abs/2507.03607
Heureux de lire un article qui comprend bien les enjeux de la gestion des vulnérabilités et qui reflÚte bien notre démarche avec le projet GCVE.
"Le Global CVE Allocation System, soutenu par lâUE, a Ă©tĂ© lancĂ© dĂ©but janvier. Cet Ă©vĂ©nement fait suite aux problĂ©matiques de financement du programme CVE, opĂ©rĂ© par MITRE Corporation et soutenu par le gouvernement amĂ©ricain. Lâinitiative illustre la maniĂšre dont lâUE affirme son influence normative tout en attĂ©nuant sa dĂ©pendance aux infrastructures non europĂ©ennes. Cette dimension prend toute son importance Ă lâheure du retour de la compĂ©tition entre grandes puissances."
#gcve #cve #europe #vulnerabilitymanagement #opensource #opendata
Le Global CVE Allocation System, soutenu par lâUE, a Ă©tĂ© lancĂ© dĂ©but janvier. Cet Ă©vĂ©nement fait suite aux problĂ©matiques de financement du programme CVE, opĂ©rĂ© par MITRE Corporation et soutenu par le gouvernement amĂ©ricain. Lâinitiative illustre la maniĂšre dont lâUE affirme son influence normative tout en attĂ©nuant sa dĂ©pendance aux infrastructures non europĂ©ennes. Cette dimension prend toute son importance Ă lâheure du retour de la compĂ©tition entre grandes puissances.
Brocards for vulnerability triage
https://blog.yossarian.net/2026/04/11/Brocards-for-vulnerability-triage
Ransomlook 2.0 "Mira" Released - Observability, Crypto Traceability, and a Cleaner Core.
Thanks to all the contributors who helped and worked on this release. A huge thanks to @F_kZ_ for his continuous commitment to make ransomlook always better.
Ransomlook remains firmly committed to an open-source codebase and to keeping it that way. We believe security tools are most valuable when they are transparent, auditable, and usable by the community, not when âopenâ quietly turns into âsource-visible for marketing purposes.â As always, anyone can run their own ransomlook instance and stay fully in control of their deployment. For those who prefer not to operate and maintain it themselves, an online version is also available at ransomlook.io.
đ Release notes https://github.com/RansomLook/RansomLook/releases/tag/2.0.0
đ GitHub https://github.com/RansomLook/RansomLook/
#opensource #ransomware #cti #threatintel #threatintelligence
Stéphane Bortzmeyer
Stefan Eissing
Cedric
gcve.eu
decio
yossarian (1.3.6.1.4.1.55738)