French Language

I’ve finished the first course for the B1 level in French language last week. I’m glad to say I passed the exam. However, this course has been a little bit more difficult than the last course. Obviously!! It’s an intermediate level instead of basic level. I think it has been more difficult because I didn’t spend enough time studying. This year, I’ve had less time to study French language than the last year. Therefore, I haven’t trained very well the writing, listening, speaking and reading skills. Nevertheless, I got good marks. Not very good marks but good marks.

I got 8,5 in the listening skill which is very good. I keep listening the France Info radio each time I’m taking a shower. In addition, I’ve done many listening exercises in the website apprendre.tv5monde.com as well as I downloaded lots of listening exercises and exam examples from Official Schools of Languages such as the school of Andalusia, Canary Islands or Galicia. What’s more, I’m not used to listening the radio while I’m driving my car but I listen tracks about how to say some sentences in French language. All of these have been enough to pass the listening skill.

I think speaking in French language is one of the most difficult skill because it’s hard to train and it’s difficult to know if you are speaking well or you are making lots of mistakes. It’s also difficult because I usually speak in Spanish language with everybody and I only speak in French language when I’m at school or I meet up with my classmates. Finally, I’ve passed the speaking skill with the score of 7,5 thanks to Vaughan Bonjour! where I spoke alone in my house. Yes, it’s true. I’ve spoken and repeated alone everything I heard from Vaughan Bonjour!

The reading skill is an easy skill due to the fact that understanding all words and sentences are not needed. In addition, there are French words which are written similar in the Spanish language. Therefore, it’s usually easy to understand texts in French language. In fact, it’s an skill almost everybody passes. I haven’t read a lot for this course. I’ve only read a few documents such as the Revue Stratégique Cyberdéfense de France, which is really interesting. However, it has been enough for passing the exam with an 8 score.

The most difficult skill for me is the writing skill and this is the main reason why I’m writing in this blog. When I was studying English language, I wasn’t able to pass the writing exam properly. Sometimes, I had to retake the exam. As a result, I opened this blog for improving the writing skill. Thanks to this blog and all the documents I’ve written, I’ve got an score of 6,75.

This year, there has been a new skill which is about mediation. For instance, we have a document with pictures and texts where we have to write and explain to someone what are the best dates for buying flights or how to arrive somewhere. I got an score of 7. Not bad!!

Regards my friends. Keep learning languages because it also improves your brain!!

What’s new in FortiOS 6.2

You already know that I like reading and testing new features. I wrote about What’s new in FortiOS 5.6, What’s new in FortiOS 6.0 as well as What’s new in BIG-IP version 14.0. Therefore, I’m going to write about What’s new in FortiOS 6.2 where there are lots of new features and interesting enhancements for security engineers. Right now, I usually install FortiOS 6.0 for production firewalls but I think it’s good to know the new features and enhancements because, maybe, we’ll require these new features in the future.

Security Fabrics are increasingly useful when we have more than one Fortinet appliance. For example, FortiOS 6.0 was already able to integrate the firewall with many Fortinet appliances. Consequently, we can see interesting information from FortiView. However, FortiOS 6.2 is also able to integrate the firewall with more Fortinet appliances such as FortiMail and FortiWeb. In addition, there are more FabricConnectors available such as connectors for IP Addresses, Malware hashes and Multi-Cloud.

Security Fabric

SD-WAN is another feature which is getting better. We can already configure an IPsec VPN tunnel with more than one WAN interface against another FortiGate to make an Overlay Tunnel. Therefore VPN bandwidth can be increased easily with multiple Internet links. Traffic Shaping is also improved where we can configure shaping profiles with network requirements for applications such as maximum bandwidth or priority.

SD-WAN - Per Packet WAN Path Steering

 

There are another feature I really like. We can configure only one inspection mode in FortiOS 6.0. we have to choose between Flow-based mode or Proxy-based mode. However, if we want to enable the Web Application Firewall, we’ll need to enable the Proxy-based mode but if we want to configure firewall policies by applications, we’ll need to enable the Flow-based mode. Therefore, we can not have both features, WAF and firewall policies by applications at the same time. FortiOS 6.2 supports both inspection modes at the same time.

Inspection Mode

 

Wireless and Switching improvements have been included in FortiOS 6.2. This new version supports WPA3 and WIFI 6 (802.11ax). For instance, we’ll be able to configure the Transition WPA3 mode which will be useful for wireless networks where there mobile devices that support WPA2 but not WPA3. What’s more, security enhancements have been included to FortiSwitch such as maximum bandwidth and priorities for quarantine VLANs.

Twenty-year timeline of 802.11 standards

 

FortiOS 6.2 have lots of new security features and enhancements which will be very interesting for most companies and security engineers. Today, most FortiGate firewalls run with FortiOS 6.0 but they will run FortiOS 6.2 in the near future.

Regards my friends. Have a nice day ;-)

Operation Sharpshooter

I would like to learn more and more about how latest malware work. In fact, from time to time, I read about what are the techniques they are using to exploit operating systems and get the information they are looking for. I like this kind of information because I think it’s useful for my job. Firstly, it’s useful because we are updated about the latest vulnerabilities and this is a best practice. Secondly, it’s useful because we can protect services better when we know how attacks work. Finally, it’s funny and rewarding to know how malware work.

Today, I’m going to write about the Operation Sharpshooter which is one of the latest malware campaign. This operation uses the malware Rising Sun against critical infrastructures, government and finance such as nuclear power stations, banking, electrical companies and the army. This malware is similar to the backdoor Duuzer because both decode and exfiltrate the information in the same way. Security researchers think the Operation Sharpshooter come from the Lazarus Group.

How this operation work? Firstly, they get lots of information about people who work in the company they want to attack. Secondly, they send a malicious document to victims about a new and better job. Thirdly, victims open the malicious document which execute a shellcode. This shellcode download the malware Rising Sun and a decoy document. Finally, the malware get lots of information, such as operating system, computer name, IP address, and send this information encrypted to the control server.

Infection flow of the Rising Sun implant, which eventually
sends data to the attacker’s control servers

Actually, I’ve seen many operations like this where social engineering and spear phishing are the ways of inserting malware in the organization. However, this kind of operations are increasingly persistent and directed to some companies. Therefore, it’s more difficult to detect these campaign. For instance, we already know about this operation, against some critical infrastructures, but we don’t know yet what is the goal of getting and exfiltrate this information.

Thanks for reading my blog!! If you know books about malware, write it down in the comments!

Les Voyages

Je peux me rappeler très bien de la première fois que j’ai voyagé à autre pays. J’avais 20 ans et j’étudiais dans l’Université à Mérida. J’ai eu l’opportunité d’aller en Angleterre pour apprendre l’anglais. Donc, je suis y allé ! D’abord, c’était très difficile parce que je ne parlais rien d’anglais. Finalement, c’était très amusant parce que j’ai appris l’anglais et j’ai connu beaucoup de gens. Comme le voyage a été génial, je suis allé à Malte l’année suivante pour améliorer l’anglais.

Ces deux voyages ont changé le regard que je porte sur les langues. Ensuite, j’ai continué à voyager. D’abord, j’ai aidé à nettoyer un école à Istanbul. Après, je suis allé à Moscou pour travailler dans un camp d’enfants pendant l’été. Enfin, j’ai aussi été à Prague en nettoyant la forêt. Alors, j’ai amélioré beaucoup mon anglais mais aussi j’ai appris un tas de choses culturelles et de la gastronomie.

Un souvenir de Turquie

Tous ces voyages ont changé le regard que je porte sur le monde. En premier lieu, les langues ont changé mon mode de vie. Finalement, travailler comme bénévole a changé le regard que je porte sur le monde.

Salut !