You just found the messy place of Alexandre Dulaunoy who enjoys when human are using machines in unexpected ways. I break stuff and I do stuff.
My interest is mainly focus around elegant computer science “simple and surprisingly effective” as described by Edsger W. Dijkstra in EWD896. I’m practically experimenting the model into free software crafting, information security and information representation.
When I want to stay away from computers, I do photography and tries to express some photographic feelings in a photo blog. Facing the hard reality of biology and ecological system with gardening is also one of my interest.
My day job is located in the information security field and especially in incident response and security research.
Beside my day job, I’m also an intermittent security researcher in various organizations. Organizing a security conference called
hack.lu (it’s the 12th edition in 2016) and lecturing in various universities about information security (like An introduction to network forensic, system forensic, memory forensic and malware analysis) are also part of my regular activities.
In my quest of free software crafting, I regularly release or contribute to free software projects. My GitHub project page includes some current projects and contributions.
Forban is a link-local opportunistic p2p free software. You can share files with everyone in your proximity without Internet connectivity. The implementation is written in Python but can be easily implemented as the protocol is minimal.
netbeacon is a set of free software tools to send beacons over the network to test the accuracy and the precision of your network capture framework.
Passive DNS framework and standards
I implemented multiple Passive DNS frameworks including pdns-qof-server and an experimental storage backend in memory Passive DNS visualization and Passive DNS server toolkit . I also co-designed “Passive DNS - Common Output Format” to help the integration of different Passive DNS infrastructures.
Passive SSL framework
In the same scope of Passive DNS, historical monitoring of X.509 certificate per IP address is useful to better understand the current and past use of Internet resources. Code is available in crl-monitor.
I co-develop and co-maintain cve-search, a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs. The main objective of the software is to avoid doing direct and public lookup into the public CVE database. cve-search supports multiple sources and feeds of vulnerability database to aggregate the information about software vulnerabilities.
DomainClassifier, misp-modules, url-archiver… and some more on GitHub.
Information classification, representation and sharing
While being an avid reader, I’m always interested in the topics where information classication plays a role to support readers or writers in making information more accessible. I did some work on machine tag usage and also maintains a specific JSON machine tags database for information sharing like MISP taxonomies.