Frédéric Guihéry

We have just released vminer: a virtual machine introspection tool. Unlike icebox our previous project, it is not tied to any specific hypervisor, and can also run on memory images! Built with ♥️and 🦀 github.com/thalium/vminer

25 ans d'évolution de la connectivité des data centers Google. cloud.google.com/blog/products/…

Legend🙌

A new scenario, performing supply-chain attack on Windows update delivery, has been added to M&NTIS Platform

We're pleased to announce that 𝐬𝐞𝐯𝐞𝐫𝐚𝐥 𝐟𝐞𝐚𝐭𝐮𝐫𝐞𝐬 have recently been added to 𝐌&𝐍𝐓𝐈𝐒 𝐏𝐥𝐚𝐭𝐟𝐨𝐫𝐦: ✨ Capability to personalize lab nodes with ansible playbooks. ✨ Capability to control execution of attack scenarios.

You want to emulate realistic attack scenarios to challenge your defensive product/team? 👀

This summer, our research work on attack paths discovery in Windows environments was presented at USENIX WOOT Conference @wootsecurity during a demo session by our PhD student Manuel linkedin.com/in/manuel-pois…

Hi Twitter/X! For our first tweet, you can look at our summer work on Suricata NIDS packet analysis with Fragscapy and M&NTIS Platform mantis-platform.io/blog/2024/08/0…

We released D3FEND a little over two years ago. With community contributions and feedback, the graph has nearly tripled in size. We outline our goals for the next chapter of D3FEND here, D3FEND: Getting to 1.0: d3fend.mitre.org/blog/getting-d…

Heres a rant on #MITRE Evals and how they work. I've worked on these evals myself a few years back and theres a thin line between evals being useful and a gimmick. These 100% scores, are for visibility and not for detection or prevention. But just because you have visibilty, doesnt mean you will detect it. The best example is spawning a thread from an RX region with spoofed callstacks. Is it visible? Yes, ofcourse due to kernel callbacks. Can you categorize it as malicious? No. Almost all EDRs put primary focus on visbility so that they can have a 100% tag. But the question is what does 100% visibility mean? It means the EDR can track process creation, thread creation, Dll loads, http traffic and all other sorts of telemetry, BUT, in a controlled environment. EDRs enable everything in their arsenal to capture these telemetry, but in a real life scenario, enabling all of these will simply prevent several legit softwares from working. Also, all the samples used to test these telemetry are basic POCs without any actual evasion attempt. The moment you unhook the ETW APIs, half the telemetry disappears. The other 25% of telemetry disappears when you unhook the userland DLLs. But you wont see these tests in the Evals. So, is MITRE eval just a gimmick? Not really. You still get to know if your EDR can capture and store most telemetry when dealing with an IR case which requires jumping to older logs to check the extent of damage. But can you just trust #MITRE evals? Nope. Its one part of the test, but certainly not how EDRs will work in the real world. ✌️

The SupSec Blueteam CTF write-up has been published. See amossys.fr/fr/ressources/… for an explanation of the dataset generation process with mantis-platform.io, and malizen.com/post/supsec-ch… for the investigation part with Malizen. Thanks to all the students who participated!

Netzob is back with its v2.0.0 major release. New datatypes, new relationships, and a brand new fuzzing module for message format and state machine! #ProtocolModelization #TrafficGeneration #ReverseEngineering Release: github.com/netzob/netzob/… New doc: netzob.github.io/netzob/

C'est en ligne ! #AdversaryEmulation

Boostez les capacités de #défense de vos équipes #SOC et #CERT : immergez-les dans un environnement simulé réaliste face à des scénarios d’attaque automatisés. Assistez à la démo de M&NTIS Platform, une plateforme de simulation reposant sur #MitreAttack👉Stand D1 au #FIC2022 !

Présent au #FIC2022 ? Venez compléter votre collection de stickers ! Et profitez-en pour voir une démo de M&NTIS Platform, solution d' #AdversaryEmulation. #FIC #AttackSimulation #MitreAttack

AMOSSYS participe avec @diateam_labs @IRT_BCom à la conception d'un #CyberRange pour détecter les failles de #cybersécurité au sein des SI de #santé. Objectif : tester les dispositifs médicaux et logiciels de santé. Zoom sur le projet👉amossys.fr/fr/a-propos/ac…

📚 #MustRead #Ransomware Publication par les autorités US d'un rapport d'investigation sur l'attaque des hôpitaux Irlandais 🇮🇪 #HSE lnkd.in/gdbexcWA ➡️ Blocage +80% de l'IT, exfiltration de 700 GB de données, interruptions d'opérations critiques 🔥, procès patients...

RESTler API fuzzing is now on Github (finally ? github.com/microsoft/rest…

🎉To celebrate the release of the Free Edition, here's a thread of some cool stuff you can do with REVEN ⬇️

Le Forum #Innovation #Défense @Agence_ID ouvre ses portes aujourd'hui ! 👀 Assistez à la présentation du projet DALID mené avec @sekoia_fr qui permet d’observer les modes opératoires attaque/défense. 👉Découvrez notre solution de simulation d'attaques M&NTIS Platform. #FID2021