Ongoing integrity check of the Enough infrastructure


It was discovered today that @fpoulain laptop was compromised earlier this month. He requested that his ssh key is removed from all servers and I did that. There has been no Enough Wazuh alert this month and there is no indication that the attacker used the privileges gained on his laptop to do something. I will keep investigating and update this topic if anything suspicious is discovered.

To be continued

I have no reason to think the Enough infrastructure was compromised at this time.

For the record I re-installed my laptop from scratch and cherry-picked the files and software to be installed. There was no indication of a compromission but I prefer to be safe, just in case there is something I did not see.