Home

Welcome!

I’m Koen . I live in Bruges (Belgium), a splendid medieval city also known as the Venice of the North.

I’m involved with computer security and I work as a freelancer in incident response, incident coordination, threat intelligence, vulnerability management and security best practices. Basically all tasks related to managing a CSIRT / CERT (Computer Emergency Response Team).

My main interests in computers are security, web applications (PHP, MySQL, Apache), system administration and free software.

This site hosts a blog and I have a photo collection at Flickr.

I also have a site with (outdated) Linux information.

Instagram

Latest posts

Don’t Let Remote Management Software Contribute to Building Botnets

I published an article on IBM Security Intelligence on Don’t Let Remote Management Software Contribute to Building Botnets.

MISP EcoSystem : Threat Intelligence, VMRay and MISP

I made a slide-deck on integrating MISP and VMRay in your incident management workflow.

MISP EcoSystem – Threat Intelligence, VMRay, MISP from Koen Van Impe

Submit malware samples to VMRay via MISP

I’m a happy user of MISP, Malware Information Sharing Platform & Threat Sharing. MISP core already contains a lot of features to satisfy your needs when it concerns threat and information sharing. But there’s always room for improvement. If you submit a feature request, MISP can be extended with your request. However changing the core is not always desirable. Also sometimes you want some feature to work just the way you want it, this doesn’tRead more.

The Krebs Attack: Sign Of A Game Changer

I published an article on The Krebs Attack: Sign Of A Game Changer on the Ipswitch blog.

This article lists the new wave of large scale DDoS attacks against KrebsOnSecurity and OVH and how the release of the Mirai botnet source code can leverage new attacks. I describe how this influences the risks you have to take into account when protecting your infrastructure.

Mail image trap

For a recent engagement I had to check if an e-mail was opened (or viewed) by a user. The idea was to get a notification if an e-mail was read, without having access to the e-mail infrastructure.

There are different ways and tools to do this. The available time was limited and because the target environment has HTML e-mail set as default I choose a very straightforward approach : “include a 1 pixel image withRead more.