These are some of my latest projects and research I am working on. If you have any question about any of them, email me at firstname.lastname@example.org.
2012-Present - Work on a different type of WAF (managed security service for web sites). Some details here:
2011-Present, The goal of the Malware Labs is to share the latest malware samples and domains we are seeing in the wild. We process and parse thousands of compromised and malicious domains every day. It also has links to our latest notes:
2012-Present - A “Internet” scan project to better identify how sites are relating to each other and the usage of outdated software.
Some of our very initial work was published here:
And it also lead to the Apache server-status release that affected many top web sites:
2012-Present - We see many types of PHP malware in the wild and we built a PHP decoder to help users decode some of them online (still in beta, but already very useful):
2008-Present, The sitecheck scanner was an experimental work developed between 2008/2009 to try to identify anomaly on web sites. This research lead to the creation of Sucuri and our free scanner that is widely used with millions of scans done per month:
Some of my old (open source) projects that I am not actively involved anymore.
- 2004-2012, Lead developer of the OSSEC project [OSSEC.net]
- 2010, Fingerprinting web applications [http://dcid.me/texts/fingerprinting-web-apps.html]
- 2003-2009, Collecting log samples from multiple devices, servers and applications. Now on the OSSEC docs [OSSEC log samples]
- 2006-2007, SSH honeypots [Remote Password Guessing - Follow-up]
- 2002-2006, Rootcheck rootkit detection, now part of OSSEC [Rootcheck]
- 2006, Remote Log Injection [Log analysis for intrusion detection]
- 2004, OWL Web monitor - partially merged into Sucuri [dead link]
- 2003, OS-HIDS Log monitor, re-wrote as OSSEC [http://oshids.sourceforge.net/]