Home

Welcome!

I’m Koen . I live in Bruges (Belgium), a splendid medieval city also known as the Venice of the North.

I’m involved with computer security and I work as a freelancer in incident response, incident coordination, threat intelligence, vulnerability management and security best practices. Basically all tasks related to managing a CSIRT / CERT (Computer Emergency Response Team).

My main interests in computers are security, web applications (PHP, MySQL, Apache), system administration and free software.

This site hosts a blog and I have a photo collection at Flickr.

I also have a site with (outdated) Linux information.

Instagram

Latest posts

Hack of Polish Financial Supervision Authority and Polish banks

A couple of days back the financial sector in Poland was shocked by the news that the Polish financial supervision authority was hacked and was used as an attack vector to get access to other (mostly Polish) banks.

This is a very short summary with some IOCs (Indicator of Compromise) that you can use to check your logs and verify if you are affected.

Note that most of this information is composed from information foundRead more.

Calendar invite spam

I received some unusual calendar invite spam. In total in consisted of 4 messages :

a calendar invite quickly followed by the cancellation of the invite a new calendar invite the cancellation of the last invite

Calendar invite spam isn’t that uncommon but compared to the total amount of spam the amount of calendar invite spam is still fairly low.

In this case I found the series of messages (invite – cancelRead more.

Don’t Let Remote Management Software Contribute to Building Botnets

I published an article on IBM Security Intelligence on Don’t Let Remote Management Software Contribute to Building Botnets.

MISP EcoSystem : Threat Intelligence, VMRay and MISP

I made a slide-deck on integrating MISP and VMRay in your incident management workflow.

MISP EcoSystem – Threat Intelligence, VMRay, MISP from Koen Van Impe

Submit malware samples to VMRay via MISP

I’m a happy user of MISP, Malware Information Sharing Platform & Threat Sharing. MISP core already contains a lot of features to satisfy your needs when it concerns threat and information sharing. But there’s always room for improvement. If you submit a feature request, MISP can be extended with your request. However changing the core is not always desirable. Also sometimes you want some feature to work just the way you want it, this doesn’tRead more.