Recent Events for MainPageDiary (Blog)


Welcome to adulau (Alexandre Dulaunoy) messy area, this is a working area where full of useless digital experiments take place. One of the experimentation is the action to stack information (sometimes this can be called data only) in an (in)efficient way. This is clearly inefficient but it works so well… sometimes mess is better than order.

You have been warned, sometimes information contained can be useful but often it's just crap…

This wiki is running the nice free oddmuse engine.

adulau's photos

Random experiments

SandBox CypherPunk MetaTrojanDemo MalwareDatabase EmacsNotes GITNotes ListOfQuotes ListOfStuffToRead ListOfFSToEval ListOfNotes CorporateWikis GardeningStuff EventWhatTheHack WorkSheet NKS Bibliography CCG CooperativeHosting JabberNotes? NotesTrojan GNULinuxCompaqProliantIML SecMasterLux ModProxy GamesandComputers HousingProject AudioPlayersOggVorbis FreeArchiveManifeste TCPIPStackRequirements

Archiving, free digital works

Practical info for adulau


auto Index

a printable index of the wiki

Latest Bookmarks


  • 15:49 UTC Pinpointing Locations: Analyzing Regular Activities to Guess Timezones Using LLMsIn the field of threat intelligence, analyzing the time-based activities of threat actors is a routine task. This analysis can reveal their work patterns, organizational structure, practices, and sometimes even their geographic or cultural origin. Regular time series data can be extracted from various sources, such as compilation times from malicious binaries, access logs to threat actor infrastructures, and chat log activities over time. We are now incorporating extensive time-based intelligence into MISP and other tools like the AIL framework to ensure the information is accessible and usable for threat intelligence analysis. In the past years, I created numerous scripts to deduce timezone information or even location based on these indicators. While this approach is valuable, it can be time-consuming due to the need for various hypotheses, and the process is not always straightforward.


  • 16:34 UTC Dictionnaire Electronique des Synonymes (DES)Le Dictionnaire électronique des synonymes du CRISCO (DÉS) contient aujourd’hui plus de 50 000 entrées et 209 000 relations synonymiques réciproques. La base de départ a été constituée à partir de sept dictionnaires classiques. Un premier travail, réalisé par l’INALF (Institut National de la Langue Française), a permis d’en extraire les relations synonymiques. Le laboratoire ELSAP, qui est devenu par la suite le CRISCO, a ensuite concaténé, homogénéisé et symétrisé les données. Depuis 1994, un important travail de correction se perpétue par l’ajout ou la suppression de liens synonymiques et antonymiques.


  • 10:51 UTC Bienvenue sur Le Sillon Fictionnel, un espace dédié à la passion de la lecture au sein d’un club un peu atypique.Bienvenue sur Le Sillon Fictionnel, un espace dédié à la passion de la lecture au sein d’un club un peu atypique. Notre club de lecture est né d’une rencontre fortuite. Nous sommes un groupe de francophones, passionnés de littérature, qui se sont rencontrés dans l’univers fascinant des conférences de sécurité informatique. Nos discussions sur les dernières avancées technologiques ont rapidement dérivé vers un sujet qui nous passionnait bien plus : les livres et la culture. « Le Sillon Fictionnel » est plus qu’un simple club de lecture. C’est un lieu de partage, d’échange et de découverte. Nous ne nous prenons pas trop au sérieux et apprécions les œuvres pour ce qu’elles sont : un voyage dans l’imaginaire, une exploration de nouveaux mondes culturels et une fenêtre ouverte sur des perspectives insoupçonnées.


  • 21:24 UTC RSS tools Following an old idea from 2007, published in my ancient blog post titled RSS Everything?, this set of tools is designed to work with RSS (Really Simple Syndication) in a manner consistent with the Unix philosophy. The code committed in this repository was originally old Python code from 2007. It might break your PC, harm your cat, or cause the Flying Spaghetti Monster to lose a meatball. As 2024 marks the resurgence of RSS and Atom1, I decided to update my rudimentary RSS tools to make them contemporary. Forks and pull requests are more than welcome. Be warned: this code was initially created for experimenting with RSS workflows.




  • 13:59 UTC CIRCL hashlookup ( hash lookup is a public API to lookup hash values against known database of files. NSRL RDS database is included. More database will be included in the future. The API is accessible via HTTP ReST API and the API is also described as an OpenAPI. Is it a database of malicious or non-malicious hash of files? CIRCL hashlookup service only gives details about known files appearing in specific database(s). This gives you context and information about file hashes which can be discovered during investigation or digital forensic analysis.
  • 13:56 UTC MISP Galaxy Clusters (including threat actors)
  • 13:55 UTC Deciduous: A Security Decision Tree GeneratorSecurity decision trees are a powerful tool to inform saner security prioritization when designing, building, and operating software systems. But creating them has largely involved highly manual tinkering, which is why it’s understandable that I’m constantly asked, “Is there an app that my team can use to create them?” I’m delighted that I now can say “fuck yes there is!” with the release of Deciduous, a security decision tree generator. Inspired by the Security Chaos Engineering e-book and my previous blog post on creating security decision trees with Graphviz, one of my unindicted co-conspirators Ryan Petrich built a web app that handles all the annoying grunt work of building an attack tree. This lets you focus on the thinky thinky and typey typey around likely attacker actions, potential mitigations, and how attackers will respond to those mitigations as Deciduous dynamically generates an organized and styled1 graph for you.