Alexandre Dulaunoy

You just found the messy place of Alexandre Dulaunoy who enjoys when human are using machines in unexpected ways. I break stuff and I do stuff.


My interest primarily revolves around the elegance of computer science, especially the concept of “simple and surprisingly effective” as described by Edsger W. Dijkstra in EWD896. I actively apply these principles in practice through free software crafting, information security, and information representation.

When I want to take a break from computers, I engage in photography, attempting to convey my photographic emotions through a photo blog and artistic works. I also have an interest in understanding the tough realities of biology and ecological systems, which I explore through gardening.


My day job is located in the information security field and especially in incident response, threat intelligence and security research.

Beside my day job, I’m also an intermittent security researcher in various organizations. Organizing a security conference called (it’s the 18th edition in 2024) and lecturing in various universities about information security (like An introduction to network forensic, system forensic, memory forensic and malware analysis) are also part of my regular activities.

If you’re curious, you can check out a collection of my live activities on this page.


In my quest of free software crafting, I regularly release or contribute to free software projects. My GitHub project page includes some current projects and contributions.


Forban is a link-local opportunistic p2p free software. You can share files with everyone in your proximity without Internet connectivity. The implementation is written in Python but can be easily implemented as the protocol is minimal.


hotp-js - A JavaScript HOTP implementation (HMAC-Based One-Time Password Algorithm) as described in RFC4226.


netbeacon is a set of free software tools to send beacons over the network to test the accuracy and the precision of your network capture framework.

Passive DNS framework and standards

I implemented multiple Passive DNS frameworks including pdns-qof-server and an experimental storage backend in memory Passive DNS visualization and Passive DNS server toolkit . I also co-designed “Passive DNS - Common Output Format” to help the integration of different Passive DNS infrastructures.

Passive SSL framework

In the same scope of Passive DNS, historical monitoring of X.509 certificate per IP address is useful to better understand the current and past use of Internet resources. Code is available in crl-monitor. I also maintain the modern ssldump version.

I co-develop and co-maintain cve-search, a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs. The main objective of the software is to avoid doing direct and public lookup into the public CVE database. cve-search supports multiple sources and feeds of vulnerability database to aggregate the information about software vulnerabilities.


Being part of the core team of the MISP Project, I’m involved in the development of the project from the early beginning and contribute on various aspects with a wonderful team. I’m also the co-author of the various Internet-Draft for the MISP standard format.

Other software

DomainClassifier, misp-modules, url-archiver… and some more on GitHub.

Information classification, representation and sharing

While being an avid reader, I’m always interested in the topics where information classication plays a role to support readers or writers in making information more accessible. I did some work on machine tag usage and also maintains a specific JSON machine tags database for information sharing like MISP taxonomies.