In this blog's employees can post research and thoughts. This is done with least possible oversight, so opinions in blogposts are not necessary opinions of

Alternatively you can receive's blog as a feed.

Nov 16

An update on the state of the NIS2 draft

This is a TLP:WHITE summary of my presentation at the 15th CSIRTs Network meeting in Ljubljana on November 11th 2021. This is not a complete review of the current state of the NIS2 discussions.

Written by: Otmar Lendl

Sep 13

IntelMQ 3.0.2 improves the performance of high-load data collection

The latest maintenance release for the incident-management toolbox IntelMQ brings few changes, but notable performance increases for high-load data collection processes.

Written by: Sebastian Wagner

Sep 02

IntelMQ 3.0.1 release

The IntelMQ 3.0.1 release batch fixes some issues in IntelMQ, the API and the Manager.

Written by: Sebastian Waldbauer, Sebastian Wagner

Sep 02

Tuency - Constituency Portal for CERTs

"Tuency" is a new Open-Source constituency management portal with capabilities for self-management and managing abuse-contacts for network objects. With Keycloak, the database can be used for authenticating users on other applications. Nowadays, managing your own constituency in terms of security incidents is very important and challenging, but with Tuency you are able to do so with ease. Tuency has been built from scratch to address this issue and furthermore you're able query data via the Tuency API. Additionally, Tuency offers a special API to query the correct abuse contact for a network object (ASN, IP-Address, Domain) including hierarchical inheritance and notification rules!

Written by: Sebastian Waldbauer

Aug 03

IntelMQ 3.0 - Configuration, Domain based workflow, IEPs

IntelMQ 3.0 provides more possibilities to process domain-based data. For this purpose, we developed new "expert" bots - building blocks written in Python - which extend or filter events based on their URL- or Domain-properties. In addition we've introduced so-called IEPs (IntelMQ Enhancement Proposals), for a better way to discuss major changes within the community. The first IEP concerned a revamped configuration system for IntelMQ, which is part of IntelMQ 3.0.

Written by: Sebastian Waldbauer & Sebastian Wagner

Jun 30

FIRST Challenge 2021 Writeup

For several years the FIRST SecLounge SIG has been organizing Capture The Flag (CTF) challenges during the annual FIRST conference and due to the pandemic this year's challenge had to move online. Three members of participated and we scored the 9. place of 42 teams. This is a writeup of the challenges we solved.

Written by: Thomas Pribitzer, Dimitri Robl, Sebastian Waldbauer

May 31

IntelMQ release 2.3.3 with support for new Shadowserver feeds

The newest IntelMQ release 2.3.3 comes with various error corrections and supports a bunch of new feeds provided by the non-profit Shadowserver.

Written by: Sebastian Wagner

Apr 07

Flexible taxonomies and new software for the tag2domain project

Domain Names are the center piece of locating services on the internet and they can be used for a variety of purposes and services. Understanding the type of services a Domain Name offers is one of the key aspects of Internet Security. In another post last year we already introduced tag2domain, our tagging / labelling framework for domain names that helps us to better understand this landscape of services and software.

Written by: Clemens Moritz

Mar 26

IntelMQ bug fix release 2.3.1

This IntelMQ version did not gain any major features and is a sole product maintenance release. It covers various minor error corrections in the IntelMQ software, and usability enhancements for the new API. We thank all contributors who participated in this release!

Written by: Sebastian Wagner

Mar 16

NIS2 Proposal: First feedback on the normative text

The first draft for the new NIS directive is a mixed bag: some points are very welcome, but a few things need to be changed.

This are my first remarks on the normative text.

Written by: Otmar Lendl