Oracle WebLogic 0-day analysis
Introduction Several days ago, information about new Oracle WebLogic Server 0day vulnerability was published - Vulnerability in Deserialization component leading to the Remote Code Execution (RCE). More details about vulnerability can be found here, here and here. Recently, CVE-2019-2725 has...
Honeypot types deployed in SISSDEN architecture
The SISSDEN sensor network is composed of VPS provider hosted nodes (procured at a cost from the VPS providers) and nodes donated to the project by third-parties acting as endpoints. These VPS nodes are not the actual honeypots themselves. Instead, they act as transparent layer 2 tunnels to the SISS...
T-Pot integration to SISSDEN collaboration
Running the latest T-Pot as a vetted SISSDEN user? You can now contribute your data to SISSDEN! For the last couple of years, T-Pot , the docker-based open source honeypot platform developed by our partner Deutsche Telekom (DTAG), evolved as one of the most successful honeypot platforms, not on...
Finding Perpetrators behind DDoS Attacks
Finding Perpetrators behind DDoS Attacks Reflective Amplification Denial-of-Service attacks continue to be a serious threat. We measured roughly 10,000 attacks per day in a post last year, and the numbers have not gone down since: In the first two months of 2019 our honeypot network already saw...
An overview of the SISSDEN honeypot sensor network architecture
The primary data collection mechanism at the heart of the SISSDEN project is a sensor network of honeypots. The sensor network is composed of VPS provider hosted nodes and nodes donated to the project by third-parties acting as endpoints. These VPS nodes/endpoints are not the actual honeypots themse...
Enriching existing SISSDEN reports report type
The primary objective of the SISSDEN project is to offer National CERTs, ISPs and network owners free reports on malicious activity detected on their networks. This is achieved through the establishment of a network of honeypots. As of the 20th of December 2018, SISSDEN is offering 5 new report ty...
Darknet report report type
The primary objective of the SISSDEN project is to offer National CERTs, ISPs and network owners free reports on malicious activity detected on their networks. One of the methods data is collected is through darknets, also known as network telescopes. Darknets are unused sets of IP addresses, which...
Customer Portal opened to public announcement
The SISSDEN team is happy to announce that the Customer Portal has been opened to the public since mid-October 2018. This portal aims to provide access to the data sets, applications, and APIs resulting from the SISSDEN platform. It is linked to the SISSDEN website via a button in the banner: ...