Publications and Presentations

Publications

Description Last update
TR-88 - Motivation, procedure and rational for leaked credential notifications 30 August 2024
Learning from the Recent Windows/Falcon Sensor Outage: Causes and Potential Improvement Strategies in Linux Using Open Source Solutions 23rd July 2024
TR-87 - CrowdStrike Agent causing BSOD loop on Windows - Faulty Update on Falcon Sensor 19th July 2024
TR-86 - Check Point VPN Information Disclosure (CVE-2024-24919) - Actively Exploited 31st May 2024
TR-85 - Three vulnerabilities in Cisco ASA software/applicance and FTD software being exploited 25th April 2024
TR-84 - PAN-OS (Palo Alto Networks) OS Command Injection Vulnerability in GlobalProtect Gateway - CVE-2024-3400 12th April 2024
TR-83 - Linux Boot Hardening HOWTO 3rd April 2024
TR-82 - backdoor discovered in xz-utils - CVE-2024-3094 30th March 2024
TR-81 - Critical FortiOS vulnerabilities in sslvpnd and fgfmd 9 February 2024
TR-80 - Targeted SMS and fake phone center call targeting financial/banking services 7 February 2024
TR-79 - AnyDesk Incident and Potential Associated Supply Chain Attack 5 February 2024
TR-78 - CVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure Gateways 11 January 2024
TR-77 - Spear phishing and voice call scams targeting corporate executives and their accounting department 30 August 2023
TR-76 - Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS 14 August 2023
TR-75 - Unauthenticated remote code execution vulnerability in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) - CVE-2023-3519 21 July 2023
TR-74 - A heap-based buffer overflow vulnerability (CWE-122) in FortiOS - CVE-2023-27997 5 July 2023
TR-73 - Ransomware FAQ 7 March 2023
TR-72 - Vulnerable Microsoft Exchange server metrics leading to alarming situation 21 February 2023
TR-71 - FortiOS - heap-based buffer overflow in sslvpnd (exploited) - FortiOS SSL-VPN - CVE-2022-42475 13 December 2022
TR-70 - Vulnerabilities in Microsoft Exchange CVE-2022-41040 - CVE-2022-41082 30 September 2022
TR-69 - How to choose an ICT supplier from a security perspective 13 June 2022
TR-68 - Best practices in times of tense geopolitical situations 28 February 2022
TR-67 - local privilege escalation vulnerability in polkit’s pkexec utility 26 January 2022
TR-66 - Webservers with mod_status like debug modules publicly available leak information 15 December 2021
TR-65 - Vulnerabilities and Exploitation of Log4j (Remote code injection in Log4j) 10 December 2021
TR-64 - Exploited Exchange Servers - Mails with links to malware from known/valid senders 10 November 2021
TR-63 - Vulnerabilities and Exploitation of Pulse Connect Secure 21 April 2021
TR-62 - Leak of Facebook Data from 533 Million Users 6 April 2021
TR-61 - Critical vulnerabilities in Microsoft Exchange 12 March 2021
TR-60 - Phishing - Effects and precautions 26 June 2020
TR-59 - Remote Work - In times of a crisis 18 March 2020
TR-58 - CVE-2020-0796 - Critical vulnerability in Microsoft SMBv3 - status and mitigation 11 March 2020
TR-57 - Ransomware - Effects and precautions 10 December 2019
TR-56 - HTTP Strict Transport Security 19 March 2019
TR-55 - SquashFu - an alternate Open Source Backup solution, resilient to Crypto Ransomware attacks 12 September 2018
TR-54 - Sextortion scam emails - I know your password 3 August 2018
TR-53 - Statement about WHOIS and GDPR 12 April 2018
TR-52 - Forensic Analysis of an HID Attack 5 February 2018
TR-51 - How to react to fraudulent acts of third party invoicing or requesting funds without showing any purchase order 23 November 2017
TR-50 - WPA2 handshake traffic can be manipulated to induce nonce and session key reuse 16 October 2017
TR-49 - CVE-2017-7494 - A critical vulnerability in Samba - remote code execution from a writable share 26 May 2017
TR-48 - Cyber-Threats Indicators Sharing, security-related actionable information and future of Personal Data Protection framework in the EU - MISP and GDPR 6 March 2017
TR-47 - Recommendations regarding Abuse handling for ISPs and registrars 23 February 2017
TR-46 - Information Leaks Affecting Luxembourg and Recommendations 17 February 2017
TR-45 - Data recovery techniques 12 May 2016
TR-44 - Information security - laws and specific rulings in the Grand Duchy of Luxembourg 15 March 2016
TR-43 - Installing MPSS 3.6.1 to use a Intel Xeon Phi Coprocessor on Ubuntu Trusty 14.04 LTS 11 January 2016
TR-42 - CVE-2015-7755 - CVE-2015-7756 - Critical vulnerabilities in Juniper ScreenOS 21 December 2015
TR-41 (de) - Crypto Ransomware - Vorsichtsmaßnahmen und Verhalten im Infektionsfall 19 May 2016
TR-41 (fr) - Crypto Ransomware - Défenses proactives et de réponse sur incident 19 May 2016
TR-41 - Crypto Ransomware - Proactive defenses and incident response 13 May 2017
TR-40 - Allaple worm activity in 2015 and long-term persistence of worm (malware) in Local Area Networks 24 September 2015
TR-39 - CIRCL-SOPs Standard Operational Procedures 30 July 2015
TR-38 - Attacks targeting enterprise banking solutions - recommendations and remediations 9 May 2017
TR-37 - VENOM / CVE-2015-3456 - Critical vulnerability in QEMU Floppy Disk Controller (FDC) emulation 14 May 2015
TR-36 - Example setup of WordPress with static export 28 April 2015
TR-34 - How to view and extract raw messages in common email clients 13 March 2015
TR-33 - Analysis - CTB-Locker / Critroni 17 February 2015
TR-32 - key-value store and NoSQL security recommendations 10 February 2015
TR-31 - GHOST / CVE-2015-0235 - glibc vulnerability - gethostbyname 29 January 2015
TR-30 - Acquisition Support Tools for Local Incident Response Teams (LIRT) 16 December 2020
TR-29 - NTP (Network Time Protocol) daemon - ntpd - critical vulnerabilities 2 January 2015
TR-28 - The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, are vulnerable to critical padding oracle attack - CVE-2014-3566 15 October 2014
TR-27 - GNU Bash Critical Vulnerability - CVE-2014-6271 - CVE-2014-7169 10 October 2014
TR-26 - Security Recommendations for Web Content Management Systems and Web Servers 28 April 2015
TR-25 - Analysis - Turla/Pfinet/Snake/Uroburos/Pfinet 10 July 2014
TR-24 - Analysis - Destory RAT family 3 June 2014
TR-23 - Analysis - NetWiredRC malware 26 November 2014
TR-22 - Practical Recommendations for Readiness to Handle Computer Security Incidents 15 December 2020
TR-21 - OpenSSL Heartbeat Critical Vulnerability 17 April 2014
TR-20 - Port evolution: a software to find the shady IP profiles in Netflow  18 February 2014
Training And Technical Courses Catalogue 2014  29 January 2014
TR-19 - UDP Protocols Security - Recommendations To Avoid or Limit DDoS amplification  8 July 2015
TR-18 - PBX and VoIP Security - Recommendations  19 February 2014
TR-17 - Java.Tomdep (Apache Tomcat Malware) - Information, Detection and Recommendation  22 November 2013
TR-16 - HoneyBot Services - Client Data Collection  14 October 2013
TR-15 - Hand of Thief/Hanthie Linux Malware - Detection and Remediation  29 August 2013
TR-14 - Analysis of a stage 3 Miniduke malware sample  3 July 2014
TR-13 - Malware analysis report of a Backdoor.Snifula variant 29 May 2013 
TR-12 - Analysis of a PlugX malware variant used for targeted attacks 17 January 2014
TR-11 - Security Flaws in Universal Plug and Play (UPnP) 30 January 2013
TR-10 - Red October / Sputnik malware 16 January 2013
TR-09 - Malware Discovery and potential Removal (Windows 7) 31 August 2012
CIRCL 2011 trend report 29 August 2012
TR-08 - CIRCL automatic launch object detection for Mac OS X 23 January 2015
TR-07 - HOWTO find SMTP headers in common Email clients 13 March 2015
TR-06 - DigiNotar incident and general SSL/TLS security consequences 7 September 2011
TR-05 - SSL/TLS Security of Servers in Luxembourg 22 August 2011

Presentations

Description Last update
CSIRT Tooling: Best Practices in Developing, Maintaining and Distributing Open Source Tools 8th November 2018
Fail frequently to avoid disaster or how to organically build a threat intel sharing standard 7th December 2017
How to better understand DDoS attacks from a post-mortem analysis perspective using backscatter traffic Luxembourg Internet Days 2017 15th November 2017
DDoS and Attribution: Observations of Attacks against North Korea 15th November 2017
IoT dinosaurs - don’t die out 24 October 2017
An extended analysis of an IoT malware from a blackhole network 1st June 2017
Challenges for law firms: IT security threats and incidents for law firms - practical examples 12 May 2017
Honeypots Observations and Their Usefulness 15 March 2017
Introduction to Forensic at the #cybersecurity4success conference 3 October 2016
Data Mining in Incident Response - Challenges and Opportunities 13 May 2016
Experiences with Paste-Monitoring 18 March 2016
Four years of practical information sharing MISP - Malware Information Sharing Platform & Threat Sharing 25th February 2016
Information Sharing and Taxonomies Practical Classification of Threat Indicators using MISP 26th January 2016
Improving Data Sharing to Increase Security Research Opportunities 2nd November 2015
cve-search - a free software to collect, search and analyse common vulnerabilities and exposures in software 9th October 2015
Protect your data, protect your life. Data Destruction Day 22nd September 2015
New ZeroMQ functionality in MISP 2nd July 2015
Sharing Threat Indicators and Security Ranking, an opportunity for the Internet Community 18 November 2014
Attackers benefit from sharing information. How can you benefit, too? at ICTSpring 4 July 2014
The void - An interesting place for network security monitoring Cynthia Wagner, Marc Stiefer (RESTENA), Alexandre Dulaunoy, Gérard Wagener (CIRCL) at TNC 2014 19 May 2014
Information Sharing Cornerstone in Incident Detection and Handling at DBIR presentation in Paris 15 May 2014
Darknet and Black Hole Monitoring a Journey into Typographic Errors at Honeynet Project Workshop in Warsaw 12 May 2014
An Overview of Security Incidents Targeting Citizen How the Attackers Are Deceiving Us? 15 March 2014
Passive DNS - Common Output Format 14 February 2014
Who targets the journalists? and how? A review of the attack surface in our digital society 7 February 2014
Malware Information Sharing Platform or How to Share Efficiently IOCs Within a Country 26 July 2013
BGP Ranking Scoring ASNs Based on Their Potential Maliciousness 23 June 2013
ASMATRA: Ranking ASs Providing Transit Service to Malware Hosters 29 May 2013
Another Perspective to IP-Darkspace Analysis 29 January 2013

The Digital First Aid Kit

The Digital First Aid Kit aims to provide preliminary support for people facing the most common types of digital threats. The Kit offers a set of self-diagnostic tools for citizen, human rights defenders, bloggers, activists and journalists fac ing attacks themselves, as well as providing guidelines for digital first responders to assist a person under threat.

Description Last update
Digital First Aid Kit - Account Hijacking 2nd September 2014
Digital First Aid Kit - DDoS Mitigation 2nd September 2014
Digital First Aid Kit - Devices Lost? Stolen? Seized? 2nd September 2014
Digital First Aid Kit - Glossary 2nd September 2014
Digital First Aid Kit - Malware 2nd September 2014
Digital First Aid Kit - Secure Communication 2nd September 2014

The Digital First Aid Kit (German Edition)

Description Last update
Digital First Aid Kit - Konto-Diebstahl 18th March 2015
Digital First Aid Kit - Devices Lost? Stolen? Seized? 26th March 2015

Security Advisories

Description Last update
CVE-2017-13671 - Vulnerability in MISP (Malware Information Sharing Platform) and Threat Sharing - potential persistent cross site scripting vulnerability in the comments 25th August 2017
CVE-2015-5721 - Vulnerability in MISP (Malware Information Sharing Platform) - potential PHP Object injection vulnerability 4th August 2015
CVE-2015-5720 - Vulnerability in MISP (Malware Information Sharing Platform) - XSS in template creation 4th August 2015
CVE-2015-5719 - Vulnerability in MISP (Malware Information Sharing Platform) - Incorrect validation of temporary filenames 4th August 2015
CVE-2015-4096 - Vulnerability in CIRCLean where security measure can be bypassed with polyglot files 30th June 2015
CVE-2015-1035 - Vulnerability in HRIS software (HRMS product) - Reflective XSS 30th June 2015
CVE-2015-1036 - Vulnerability in HRIS software (HRMS product) - SQL injection (as an authenticated user) 30th June 2015
CVE-2015-4099 - SysAid “Service Desk” - security advisory 02 - Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) 30th June 2015

Other publications

Description Last update
CIRCL Taxonomy - Schemes of Classification in Incident Response and Detection 15th March 2018
Responsible Vulnerability Disclosure 10th January 2015
Traffic Light Protocol (TLP) - Classification and Sharing of Sensitive Information March 2014
CIRCL - Request for Proposals Regularly Updated