In this blog CERT.at's employees can post research and thoughts. This is done with least possible oversight, so opinions in blogposts are not necessary opinions of CERT.at
Alternatively you can receive CERT.at's blog as a feed.
Jul 16
Topinambour & Windows event logs
TL;DR:
* Block outgoing SMB traffic if you can.
* Hunt or Monitor for event ID 106 in "Microsoft-Windows-TaskScheduler%4Operational.evtx". ...
* Block outgoing SMB traffic if you can.
* Hunt or Monitor for event ID 106 in "Microsoft-Windows-TaskScheduler%4Operational.evtx". ...
Mar 14
MeliCERTes Training in Vienna
From March 11th to March 13th CERT.at hosted an introductory MeliCERTes Training which covered the basic functionalities of the applications used in MeliCERTes as well as the topic of CSIRT maturity as laid down in the SIM3 model and covered by the CSIRT maturity self-assessment survey by ENISA.Together ...
Mar 13
New PGP-Keys
Since our "old" (2014 vintage) PGP-keys are near their expiry date, we have generated a new set of keys. They are available via our usual CERT.at PGP keyring.A transition-document, (inline) signed with both old & new keys, can be found at key-transition-2019.txt.Author: Robert Waldner
Jan 16
IntelMQ 1.1.1 released
On Tuesday we have released IntelMQ version 1.1.1 which is a pure maintenance release with bugfixes only. The documentation for the version 1.1.1 and the installation instructions can be found on our github repository.The development of the next minor release 1.2.0 including new features is ...
Nov 26
CEF-2018-3 project submitted
CERT.at submitted a proposal under objective 1 for the CEF-TC-2018-3 call. We hope we will get funding, since this will allow us to improve the MeliCERTes platform and also work on a set of nice new cool features for IntelMQ, which is maintained at CERT.at and widely used throughout the community.
Written by: Admin
Aug 01
"National CERT" vs. "National CSIRTs"
The NIS Directive built upon previous work in the space of network and information security and also tried to use the established language of the field. This worked - up to a point. I'm trying to summarize the differences and pitfalls regarding the term "national CSIRT"."CERT" vs. "CSIRT"Initially, ...
May 14
Mac OS X tip: how to protect your mail client
Based on some background knowledge that we received (update 2018/5/14 14:00 UTC+1: we now know it's the efail.de bug. The researchers went forward with the public release today), I am taking the liberty to document a setup which protects an Apple Mail installation that I have.The security measure ...
Feb 20
Successful MISP workshop
Last week, Alexandre and Andras from CIRCL.lu gave a MISP workshop to a packed crowed of ~ 60-70 people in Vienna.Infosharing FTW!MISP stands for "Malware Information Sharing Platform". See also misp-project.org. It allows us to synchronise IoCs with those who need the relevant information ...
Jan 27
Heartbleed: (Almost) three years later
Shodan recently published a report on the state of Heartbleed which was picked up by lots of media outlets.I took this as an opportunity to have a look at our statistics. Shodan performs its scan based on IP-addresses and makes the results searchable. CERT.at also runs daily scans, but these are ...
Apr 11
DROWN update
As I wrote in our initial DROWN blogpost, we're scanning .at for mail- and web-servers which are still supporting SSLv2. We're notifying our constituency and we see a steady drop in the number of servers (as measured by IP-Addresses) that are vulnerable:
So it is slowly getting better.Looking ...