Foreign propagandists are getting a strong foothold in France, and the traditional media can’t fight it — I already talked about psychological operations against France through social networks such as Twitter. This time foreign propagandists are leveraging current events (the yellow vests protests) to further their political agenda to a new level. Here is some part of my current investigation I wanted to share.

How to create the perfect anonymizing botnet by abusing UPnP features — and without any infection — Inception Framework In March 2018, Symantec reported about the Inception Framework abusing vulnerable UPnP services to hide themselves. The Inception APT, a cyber espionage group from an unknown origin used this since 2014 to launch stealthy attacks. …

Can this feature get abused for OSINT discovery? — According to Signal, “Profiles allow you to add a picture and display name that will be shown alongside your existing phone number when communicating with other users. Conversations will feel more personal. Group threads will be less confusing. …

An inside look at a cyber psychological operation against France — Where it all started: first link In June 2018, a mostly inactive Twitter account @viepepere (archived link) sent a threat message to @_rabbindesbois_ (French individual known for being a former Dark Net vendor according to his recent book). The now deleted tweet read, in Russian, “ Мы знаем, что вы делаете. Вы не должны были говорить…

The slides of the talk I gave at ESE last week.

Using Twitter as an entropy source: the Internet is a chaotic mess, which happens to be a good source of entropy — Hey, what’s entropy? Looking at Wikipedia: entropy is the randomness collected by an operating system or application for use in cryptography or other uses that require random data. Basically, when you’re generating keys (let’s say RSA 2048) you need true random numbers. You don’t want them to be deterministic (based on a timestamp…

Paypal phishing, paypal phishing everywhere — Let’s catch some phishing domain names using CertStream! What is Certificate Transparency? Certificate authorities (CA) get hacked (it already happened), and sometimes they mistakenly issue rogue certificates… That is why Google’s Certificate Transparency project try to fix several structural flaws in the SSL certificate system by providing an open framework for monitoring and auditing…

Quick guide on how to preserve a .onion anonymity — While browsing the darknet (Onion websites), it’s quite stunning to see the number of badly configured Hidden Services that will leak directly or indirectly the underlying clearnet IP address. Thus canceling the server anonymity protection that can offer Tor Hidden Services. Here are a few rules you should consider following…

Most instant messaging applications are providing enriched link summaries (as shown next with Telegram link previews), including description and a preview image of the website. Depending on the implementation these nice-to-have features could become privacy intrusive: indeed, it might force your client into downloading some remote content from an untrusted…