In this blog CERT.at's employees can post research and thoughts. This is done with least possible oversight, so opinions in blogposts are not necessary opinions of CERT.at

Alternatively you can receive CERT.at's blog as a feed.


Mar 28

Hobby hunter notes: PyPI under attack

When I wrap up at CERT.at, where I mostly work on our notification system (if you’re a network operator in Austria and got a misassigned notification about some security issues – I might have been involved in that), I sometimes change my hat and explore other “cyber”-security areas, especially looking for malicious packages in PyPI, a standard Python package repository. The short summary is: there are a lot of them – but also, don’t panic.

Written by: Kamil Mankowski

Sep 12

The European Cyber Shield

The EU has been pushing the concept of the "European Cyber Shield" within  the Digital Europe Programme as well as with the proposed "Cyber Solidarity Act".

I've written a paper on how I see this idea and how the Act could be improved.

Written by: Otmar Lendl

Sep 06

A classification of CTI Data feeds

We at CERT.at process and share a wide selection of cyber threat intelligence (CTI) as part of our core mission as Austria’s hub for IT security information. Right now, we are involved in two projects that involve the purchase of commercial CTI. I encountered some varying views on what CTI is and what one should do with the indicators of compromise (IoCs) that are part of a CTI feed.

This blog post describes my view on this topic.

Written by: Otmar Lendl

Aug 29

IntelMQ 3.2.1 bug fix released

IntelMQ, an open-source security feeds processing tools, has just got a new release to fix two recently discovered bugs.

Written by: Kamil Mankowski

Jul 25

IntelMQ 3.2.0 released: Run bots as a library

We are continuing to support IntelMQ, an open-source solution for collecting and processing security feeds. Recently, the IntelMQ Community announced the release of new version 3.2.0.

Written by: Kamil Mankowski

Jul 07

A Network of SOCs?

Some thoughts from 2021 on the ideas of how to get SOCs to collaborate.

Written by: Otmar Lendl

Nov 16

An update on the state of the NIS2 draft

This is a TLP:WHITE summary of my presentation at the 15th CSIRTs Network meeting in Ljubljana on November 11th 2021. This is not a complete review of the current state of the NIS2 discussions.

Written by: Otmar Lendl

Sep 13

IntelMQ 3.0.2 improves the performance of high-load data collection

The latest maintenance release for the incident-management toolbox IntelMQ brings few changes, but notable performance increases for high-load data collection processes.

Written by: Sebastian Wagner

Sep 02

IntelMQ 3.0.1 release

The IntelMQ 3.0.1 release batch fixes some issues in IntelMQ, the API and the Manager.

Written by: Sebastian Waldbauer, Sebastian Wagner

Sep 02

Tuency - Constituency Portal for CERTs

"Tuency" is a new Open-Source constituency management portal with capabilities for self-management and managing abuse-contacts for network objects. With Keycloak, the database can be used for authenticating users on other applications. Nowadays, managing your own constituency in terms of security incidents is very important and challenging, but with Tuency you are able to do so with ease. Tuency has been built from scratch to address this issue and furthermore you're able query data via the Tuency API. Additionally, Tuency offers a special API to query the correct abuse contact for a network object (ASN, IP-Address, Domain) including hierarchical inheritance and notification rules!

Written by: Sebastian Waldbauer