Mastodawn

I had the privilege to participate in the first Rulezet workshop at #hacklu2025. https://rulezet.org/ is still early stage but it has the potential to reshape the way #cybersecurity detection methods are shared and developed for project such as #suricata, #yara or #sigma.
I had the feeling to assist an "historic" moment. Last time I had this feeling was in eBPF related discussions at the early stage of this technology.

RULEZET

udgover May 19

Pass the SALT Conference May 19

After #HW, let's dive into our #DFIR/TI session🥰:

- @tomchop will introduce you #OpenRelik a new collaborative IR invest portal 🚀

- @udgover & Matt Muir will introduce us to their e2e malwares process workflow using FLOSS ✊

- and we'll be able to learn & practice #MISP as analysts with @C00kie_two & @wr during their dedicated workshop 🛠️

🎟️GO & book your (free) seat: https://pretix.eu/passthesalt/2025/
📔program: https://cfp.pass-the-salt.org/pts2025/schedule/
📅July 1 to 3, 2025
📍Lille, FR

Relays appreciated 🙏

udgover Dec 11, 2022

Be prepared for #K8s #DFIR!

1️⃣ Enable ContainerCheckpoint gate in your cluster
2️⃣ Run CRI-O 1.25 and start with --enable-criu-support=true (containerd not supported yet)
3️⃣ curl -X POST "https://localhost:10250/checkpoint/namespace/podId/container"

More ⬇️

https://kubernetes.io/blog/2022/12/05/forensic-container-checkpointing-alpha/

Forensic container checkpointing in Kubernetes

Authors: Adrian Reber (Red Hat) Forensic container checkpointing is based on Checkpoint/Restore In Userspace (CRIU) and allows the creation of stateful copies of a running container without the container knowing that it is being checkpointed. The copy of the container can be analyzed and restored in a sandbox environment multiple times without the original container being aware of it. Forensic container checkpointing was introduced as an alpha feature in Kubernetes v1.

Kubernetes

udgover Nov 21, 2022

Nick Frichette Nov 21, 2022

New cloud security research! We found a vulnerability in AWS AppSync that allowed us to trick the AppSync service to assume roles in other accounts, allowing us to access their resources. https://securitylabs.datadoghq.com/articles/appsync-vulnerability-disclosure/

A Confused Deputy Vulnerability in AWS AppSync | Datadog Security Labs

Public disclosure of a cross-account security vulnerability in AWS AppSync.

udgover Nov 18, 2022

You can now officially send your cowrie logs to your Datadog instance!

https://cowrie.readthedocs.io/en/latest/datadog/README.html

How to send Cowrie output to Datadog Log Management — cowrie 2.3.0 documentation

udgover Nov 17, 2022

Łukasz

Nov 16, 2022

My favourite conference is @botconf - I didn't miss a single edition, it's run by wonderful people and the talks are always very interesting. Their call for papers is open until Dec 10. Submit your research!

https://www.botconf.eu/botconf-2023/call-for-papers-2023/

Call for papers 2023

Call for papers for Botconf 2023, 10th edition of the Botnet and Malware Ecosystems Fighting Conference. Please read the following CFP carefully before submitting. Important dates 10th December 2022 – Deadline for conference paper and workshop submissions 15th January 2023 – Notification t

Botconf 2023

udgover Nov 16, 2022