In this blog CERT.at's employees can post research and thoughts. This is done with least possible oversight, so opinions in blogposts are not necessary opinions of CERT.at

Alternatively you can receive CERT.at's blog as a feed.

Jul 09

Elastic Search being hacked automatically today

At the moment we are seeing a lot of automatic scanning and hacking of Elastic Search installations worldwide.  Please make sure that port 9200 is locked down in case you run ES.

IOCs:
* C&C IP address:   119.1.109.43  (China)
* C&C Port: 10991 ...

Read more
Jun 14

Transforming JSON to CSV

CERTs are all about processing information security notifications. Most of the time, these arrive in the form of CSV files. However, occasionally we do get some JSON data. While CSV is line oriented, JSON allows for more complex structures (arrays, objects, objects in objects, etc.)

So how to you ...

Read more
Mar 28

New PGP keys

At CERT.at we had to phase out some old 1024 bit DSA keys as well as create new master-signing keys.  This turned out to be a major effort. Key roll-overs are never easy.

In order to easy the key roll-over pains, we created a key transition document. This document is signed by the old keys in order ...

Read more
Dec 04

Completed: Maintenance work on Wednesday, December 4th, 2013

Because of required changes in our power-infrastructure, all Internet-reachable services of CERT.at will be unavailable for some time on Wednesday, December 4th, 2013. An "emergency" website with restricted functionality will be made available.

In urgent cases please contact us by telephone: +43 ...

Read more
Jul 30

Completed: Maintenance work on Tuesday, July 30th, 2013

Because of necessary changes in our power-infrastructure, all Internet-reachable services of CERT.at will be unavailable for some time on Tuesday (July 30th, 2013). An "emergency" website with restricted functionality will be made available.

In urgent cases please contact us by telephone: +43 1 505 ...

Read more
Jul 17

Maintainance work on Wednesday, July 17th, 2013

Because of urgent changes in our power-infrastructure, all Internet-reachable services of CERT.at will be unavailable for some time tomorrow (July 17th, 2013). An "emergency" website with restricted functionality will be made available.

In urgent cases please contact us by telephone: +43 1 505 64 ...

Read more
Jun 18

ProcDOT 1.0 released

I am happy to announce that the first release (1.0) of my visual malware analysis tool ProcDOT (I already mentioned the beta in a recent blog post) is now available.

Get it for free from our website: ProcDOT 1.0

Author: Christian Wojner

Read more
Apr 12

Lessons from the Stophaus/CloudFlare/Spamhaus DDoS for ISPs

Update: our full report on this incident is now available (in German)

No, the Internet is not breaking down, we did not have a doomsday scenario over the last week.

We did have an interesting situation, there were some disruption in some parts of the Internet, and there were a good number of ...

Read more
Mar 19

ProcDOT - Visual Malware Analysis

Dear like-minded people,

I'm very proud to announce that our latest contribution to the malware analysis community is finally available as open beta.

It's called ProcDOT - I already gave a preview of the alpha version some months ago at SANS Forensics Summit in Prague - and it is an absolute ...

Read more
Sep 21

Spikes in Austrian CCM number in Q4/2011

Microsoft's Security Intelligence Report 12 uses the computers cleaned per mille (CCM) metric to compare the infection rates over time and between countries.

This is, of course, no perfect measurement of the actual infection rates due to a number of factors, but nevertheless an interesting data-point. ...

Read more