• Lockbit ransomware – How to recover your data
    I was recently working on a Lockbit ransomware incident and I was able to recover the data from encrypted VMDK and VHDX files.
  • How to secure WordPress
    In this post, I explain different strategies that can be use to secure WordPress. I cover the basics, the plugins and more.
  • SIEM 103 — Detect Windows bruteforce part 2
    This post is a follow up of the post “SIEM 102 — Detect Windows bruteforce” where I explained how to create a detection Use Case to detect a Windows bruteforce. In this post I will explain how we can enhance the original detection logic by having a lower False Positive rate.
  • Why I switched from Logz.io to Humio
    I recently switched to Humio and transferred all the logs and automations I have. In this post I explain why I did this transfer.
  • CIS controls – where to start in securing a medium/big enterprise
    It’s hard to decide where to put the efforts to secure this environment. The 18 CIS Controls can help us prioritize our efforts.
  • The Log4j Vulnerability Explained
    In this post I explain what is the story around the Log4j vulnerability, named Log4Shell, and why it’s on the news.
  • Cybersecurity Books and References – A Good InfoSec Reading List
    I have been asked for a reading list of cybersecurity books. I decided to document this list here so it can be used by a broader public.
  • NorthSec 2021 CTF write-up – part 2
    If you didn’t read it, I wrote a “part 1” which addresses easier challenges: https://www.tristandostaler.com/northsec-ctf-write-up-part-1/This post will be the part 2 of my write ups. Hymn This challenge was interesting for me because of my bias towards challenges of the past. As soon as I saw a CAPTCHA, my whole body fully and completely assumed… Read more: NorthSec 2021 CTF write-up – part 2
  • NorthSec 2021 CTF write-up – part 1
    A first write-up for some NorthSec CTF’s challenges
  • Why MEGA is my favorite cloud storage provider
    In this article I explain why MEGA is my favorite cloud storage provider. The main feature I like: they encrypt everything with your password!
  • Where to start in Cybersecurity for new comers
    If you Google “Cybersecurity paths”, “Cybersecurity career” and other similar terms, you’ll find an array of results with all kind of advices all addressed at people already in the field. In this post, I’ll try to explain my take on this subject, but destined for new comers.
  • The Elasticsearch license saga
    As you may know from my posts, I like Elasticsearch. However, Elastic, the Elasticsearch company, recently announced it’s decision to change the license of it’s open-source products. Since then, the community largely reacted to this. Let me explain.
  • An overview of a good InfoSec Strategy
    A friend of mine recently challenged my post SIEM 102 — Detect WordPress bruteforce where he proposed a tool that can effectively bruteforce WordPress from a lot of different IPs. My answer: you need to have a good InfoSec Strategy!
  • SIEM 102 — Detect WordPress bruteforce
    WordPress is one of the most popular CMS and website server in the world. It handles “more than 30%” of the websites on the internet. Because of this, bad actors are really interested in finding ways to get control of them. In this post I explain how to detect a WordPress bruteforve.
  • Zero Trust Architecture – What it is and what I think of it
    A Zero Trust Architecture (ZTA) is an Information Security architecture based on the idea that a network shouldn’t have inherent trust on the internal boundary. This post explain what it is and what I think of it.
  • Why the SolarWinds hack matters
    Maybe you saw the news on the SolarWinds hack. If you didn’t, you should follow me on Twitter: https://twitter.com/TristanDostaler In this post I want to explain, in a way understandable by everyone, why this hack matters.
  • Information Security synonyms
    If we try to reduce the security problem to only the technology, we’ll fail miserably.
  • SIEM Solutions 101 — Basic usage
    In this post I’ll explain the basics on using a SIEM: how to search logs and how to send alerts.
  • SIEM 201 — What is Sysmon
    In this post I’ll explain what is Sysmon, how to install it and how to use it to detect important pattern.
  • SIEM 102 — Detect Windows bruteforce
    When we have a lot of Windows machine in our environment, it can be useful to be able to detect a bruteforce on a machine.
  • SIEM 202 — Detecting remote PsExec
    In this post I’ll explain how to detect an attacker that uses PsExec to connect to your computer when you don’t have visibility over the attacker’s computer.
  • SIEM 101 — Initial setup
    In this post, I’ll explain how to initially setup a SIEM so you can receive your first logs.
  • Never receive an alert from Windows Defender? You should!
    The fact that we didn’t know Defender blocked an attack and we only learned it when we receive the report should be considered a disaster!
  • SIEM 101 — Introduction
    In the following days, I’ll write a few blog posts explaining how to easily learn to use a SIEM.
  • Your server is secure? Really?
    You’ve hardened all you could on your servers or computers, and think your secure? Think again!
  • Whoami
    Passionate about information security, development and technology in general, I like to share my experience with different technologies. I also love travel!