What’s worse than an applicative denial of service (DDoS) attack? Answer: having to explain how it works to others. If you are reading this article, there’s a big chance you are stuck in either of the following situations:

  • trying to persuade someone to invest resources in an applicative firewall;
  • being in search of a clear explanation how applicative (L7) DDoS differs from its volumetric (L3) variant;
  • trying to understand the danger of applicative DDoS.

Either way, let me help you. Here’s a little analogy you can use to (make others) understand it. …

What’s got 4 wheels, allows you to drive at insane speeds and offers the guarantee that you will never (ever) get into any accident? No? The answer is simple: nothing at all. By stepping into a car, you don’t necessarily assume that you will get involved in an accident, but deep down you know that there’s always a chance it might happen. It’s like that in cyber security too. But for some reason, we tend to believe that some systems are 100% hack-proof.

Photo by Tim Trad on Unsplash

“Whether it’s your USB stick, laptop at home, your iPhone or your multi-million state-of-the art AI firewall…

Photo by Jon Toney on Unsplash

Here are your instructions. You’ve got 24 hours to complete them and another 24 hours to report back to us. It was hot that morning. The thermometer quickly leveled at 25°C, which, luckily enough for me, was 10 degrees shy of the temperatures we’d had endured earlier that month in Belgium. I had 24 hours ahead of me to pass my OSCP exam, not knowing what challenges I’d face over the next day. A few hours later, I had passed the exam and officially became a hacker. At least on paper. I had a couple of years of hands-on experience…

Photo by Chang Hsien on Unsplash

“The thing with sensitive information is that often people do not fully realize how sensitive it can be”

“So, how’s your week been so far?” “Oh you know, the usual. Actualy, did you know that I just heard that the are going to sack 100 people over in Paris? I mean, keep this for you, but I got it from Eric over at HR”

This is just one out of many corporate secrets I have had the opportunity of eavesdropping into. Despite having an OSCP certificate that would otherwise allow me to actively hunt for sensitive data, this one was…

Every project I’ve worked on in the past, be it as a developer or an analyst, has one thing in common. A seemingly small detail that carries great danger. It’s a thing called “koffiekoeken”. A “koffiekoek” is a Flemish word that describes a sweet pastry that one would eat on a sunday morning with a cup of coffee. It’s also a common thing to bring to the office as a treat. A bit like donuts, but in a truly Belgian way. Now, you might wonder what a piece of puff pastry has to do with ninja’s, right? Read on…

“coffee beside baked bread on tabletop” by Basil Samuel Lade on Unsplash


Nicolas Sonnet

Information Security Officer during the day, one lab accident away from becoming a super villain at night. I mostly write about cyber security.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store