Security on Teddy Ferdinand

Why `curl | bash` is a dangerous bad habit

Wed, 29 Apr 2026 09:42:21 +0000

Recently, I stumbled again upon an old bad habit from the Linux/DevOps/Cloud world: installing a tool with a command like:

curl -sSL https://example.com/install.sh | bash

Or worse:

curl -sSL https://example.com/install.sh | sudo bash

We have all seen it before.
We have probably all used it at some point.

And let’s be honest for a minute: in many official documentations, this is still presented as the “simple” way to install a tool.

Attack techniques: understanding ARP poisoning

Fri, 21 Oct 2022 05:37:16 +0000

Disclaimer

As often on this kind of post, I would like to remind you that the content you will find here is for educational purposes only.

Unauthorized intrusion in an information system is punishable by fine and/or imprisonment.

Understanding attacks means knowing how to avoid them. In this post, I propose you see a common network attack model: ARP poisoning.

What is ARP?

To understand the attack, we must already understand what it is based on.

For an effective security posture

Mon, 01 Feb 2021 06:57:00 +0000

I’ve been working in the IT field for more than 10 years now and I’ve worked with a lot of “security” teams within the companies I’ve been in. I’ve been a security guy (Cloud Security Architect) for a little over a year now.

During these years, I often noticed a blocking posture of the security teams, sometimes even disconnected from the field, leading to slowdowns and tensions in the projects.

The danger of Grey IT in companies

Mon, 18 Jan 2021 07:48:00 +0000

Confined spaces have changed our work habits a lot. Telecommuting has become something more common than it was just a year ago.

With the implementation of telecommuting very quickly, new risks have appeared. Today, I suggest talking about Grey IT.

What is Grey IT?

In a company, in a classical way, the applications used are referenced in a service catalog.

For example, if your company uses Slack, the office service knows it, and will configure this application so that it works with the company’s security and confidentiality standards.

Test your antivirus with a cryptolocker (mastered)

Fri, 04 Dec 2020 06:00:00 +0000

Computer attack patterns have evolved in recent years. Cryptolockers have become the spearhead of many hackers.

Does your antivirus vendor promise you that you are protected against these new threats? OK, prove it before you get stuck by a real attack.

Let’s talk about cryptolocker

The principle of a cryptolocker is quite simple: encrypt target files (often.doc, .txt, . odt, etc.) and then demand a ransom. A ransomware has nothing to gain by destroying the underlying OS, so system files are rarely touched.

Being a hacker isn't like being in the movies!

Sun, 23 Aug 2020 18:19:46 +0000

Hackers … we often see them in movies and TV shows. These experts are able to hijack NSA satellites with a string and a nail clipper (#MacGyver)! (Cover image from the movie Die hard 4)

I decided today to tell you about hacking in “real life”. I consider myself to be a white hat (an ethical hacker) and I’m going to tell you about the common methods a hacker uses. I will focus here on the simplest part: websites.

What the Twitter hack teaches us (or reminds us of)

Fri, 17 Jul 2020 22:00:00 +0000

A few days ago, Twitter was the target of a hack inviting, via “verified accounts”, users to send BitCoins to receive double the amount. I suggest a small post on what we can learn from this attack, from a computer security point of view.

Disclaimer

The purpose of this article is not to make an umpteenth analysis of this attack, but rather to recall some basic rules of computer security that this attack reminds me of.

Turn your AWS DevSecOps Pipeline into bunker - Part 1

Thu, 18 Jun 2020 20:02:35 +0000

This post was co-authored by Victor Grenu. Who is working as Cloud Architect

Introduction

In this series, we will talk about the emergence of the DevSecOps movement, and more especially, what are the benefits of introducing a DevSecOps approach on your existing CI/CD Pipelines.

CI/CD Pipeline

To give you some context, you will find in the diagram below a standard CI/CD Pipeline.

DevSecWhat?

DevSecOps could be defined as a shift from a central internal security team to the inclusion of security practices into the existing DevOps teams: DevSecOps

The difficulty of antibot fight on the web

Wed, 03 Jun 2020 06:36:01 +0000

Robots, more commonly known as bots, are now plentiful on the Internet. They account for a significant share of global Internet traffic.

Today, I propose you to discover the world of Internet bots.

Bots… but what for?

The first question one might ask would be why bots are roaming freely on the Internet.

You use, sometimes unknowingly, bots every day when you surf the Internet. You have run a search on a search engine, a bot has indexed it before for you. A large part of the messages from companies on social networks come from bots that publish them in their name.

What are the differences between end-to-end encryption and encryption in transit?

Mon, 20 Apr 2020 15:34:51 +0000

With the coronavirus crisis, the use of external technologies is necessary.

For this post, I will talk (among others) about Zoom, the trendy application for video conferencing that plays on the terms for securing their solution.

Encrypting exchanges, why?

Why do we do encryption? There can be many reasons, the most obvious is to avoid data interception.

In the case of an encrypted exchange, even if my data stream were intercepted, the impact would be nil, since the attacker would be unable to read this stream, assuming of course that I have set up a strong enough encryption.

I got phished, but its for science!

Mon, 30 Mar 2020 05:00:00 +0000

We often hear about scam, phising.

Today, I have a special note for you: I was deliberately phished to show you the other side of the world!

Point VERY important!

The manipulations that you will see below (and in particular the fact of voluntarily going on a phishing site) can be dangerous for your system and/or your personal data. They have been made in a sandbox environment and must not be reproduced without prior protection.

Containment: Danger to SI

Mon, 23 Mar 2020 07:49:00 +0000

For a week now, many of us have been housebound. Telework has been the weapon that many companies have drawn to keep their business going, so many do not understand why some companies that used to do little or no telework are now able to operate full telework. Similarly, some do not understand that even in the IT field, there are still people who have to work on-site. A brief overview…

No, the padlock next to your address bar doesn't mean a site is "reliable."

Sat, 21 Sep 2019 07:27:39 +0000

I regularly see this message on shopping sites, and I see that confusion is often made about what a secure connection is.

Securing the exchange with the web server

The presence of a lock near the address bar means that this site is using a TLS certificate to exchange data with you. This ensures that the data exchanged with you is encrypted. The primary purpose of a TLS certificate is to prevent “man in the middle” attacks.

Security: A major new challenge for companies

Fri, 31 May 2019 07:11:54 +0000

Security is a term we often hear these days, yet behind this simple word lie many aspects.

This article contains many links to sources or definitions of certain terms, feel free to click on them. (Several links are in french language)

LinkedIn, WhatsApp, iCloud, Renault : What do these companies have in common? They have all been victims at one time or another of a compromise of their information system.