SISSDEN
SISSDEN

Secure Information Sharing Sensor Delivery Event Network

Latest Blog Posts

Oracle WebLogic 0-day analysis

Introduction Several days ago, information about new Oracle WebLogic Server 0day vulnerability was published - Vulnerability in Deserialization component leading to the Remote Code Execution (RCE). More details about vulnerability can be found here, here and here. Recently, CVE-2019-2725 has...

Read more...

Honeypot types deployed in SISSDEN architecture

The SISSDEN sensor network is composed of VPS provider hosted nodes (procured at a cost from the VPS providers) and nodes donated to the project by third-parties acting as endpoints. These VPS nodes are not the actual honeypots themselves. Instead, they act as transparent layer 2 tunnels to the SISS...

Read more...

T-Pot integration to SISSDEN collaboration

Running the latest T-Pot as a vetted SISSDEN user? You can now contribute your data to SISSDEN! For the last couple of years, T-Pot , the docker-based open source honeypot platform developed by our partner Deutsche Telekom (DTAG), evolved as one of the most successful honeypot platforms, not on...

Read more...

Finding Perpetrators behind DDoS Attacks

Finding Perpetrators behind DDoS Attacks Reflective Amplification Denial-of-Service attacks continue to be a serious threat. We measured roughly 10,000 attacks per day in a post last year, and the numbers have not gone down since: In the first two months of 2019 our honeypot network already saw...

Read more...

An overview of the SISSDEN honeypot sensor network architecture

The primary data collection mechanism at the heart of the SISSDEN project is a sensor network of honeypots. The sensor network is composed of VPS provider hosted nodes and nodes donated to the project by third-parties acting as endpoints. These VPS nodes/endpoints are not the actual honeypots themse...

Read more...

Enriching existing SISSDEN reports report type

The primary objective of the SISSDEN project is to offer National CERTs, ISPs and network owners free reports on malicious activity detected on their networks. This is achieved through the establishment of a network of honeypots. As of the 20th of December 2018, SISSDEN is offering 5 new report ty...

Read more...

Darknet report report type

The primary objective of the SISSDEN project is to offer National CERTs, ISPs and network owners free reports on malicious activity detected on their networks. One of the methods data is collected is through darknets, also known as network telescopes. Darknets are unused sets of IP addresses, which...

Read more...

Customer Portal opened to public announcement

The SISSDEN team is happy to announce that the Customer Portal has been opened to the public since mid-October 2018. This portal aims to provide access to the data sets, applications, and APIs resulting from the SISSDEN platform. It is linked to the SISSDEN website via a button in the banner: ...

Read more...

About

SISSDEN will improve the cybersecurity posture of EU organisations and citizens through the development of increased situational awareness and the effective sharing of actionable information. SISSDEN builds on the experience of The Shadowserver Foundation, a non-profit organisation well known in the security community for its successful efforts in the mitigation of botnets and fighting malware propagation. SISSDEN will provide free-of-charge victim notification services, and work in close collaboration with Law Enforcement Agencies, national CERTs, network owners, service providers, small and medium-sized enterprises (SMEs) and individual citizens.

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 700176. More info..

Project Overview

SISSDEN is a Horizon 2020 project aimed at improving the cybersecurity posture of EU entities and end users through the development of situational awareness and sharing of actionable information. It builds on the experience of The Shadowserver Foundation, a non-profit organization well known in the security community for its efforts in mitigation of botnet and malware propagation, free of charge victim notification services, and close collaboration with Law Enforcement Agencies, national CERTs, and network providers. Check out the architecture overview.

Contact and Collaborations

The project addresses the security concerns of wide range of stakeholders, such as National CERTs, Internet Service Providers (ISPs), Law Enforcement Agencies, EU and non-EU Citizens, Academic and Private Industry Researchers, The European Commission, and Industry partners (large and small).

One of the main goals of the project is community collaboration.

We are seeking partners interested in:

  • Deploying sensors, providing IP space, VMs or physical servers in support of the project
  • Willing to contribute new honeypot/sensor technologies that can be deployed as part of the project
  • Providing third party feeds that could be integrated with SISSDEN or help enrich curated data
  • Collaborating on academic research on the curated data set

We are open to colaboration with Law Enforcement initiatives with data on malware and botnet activity. An example of one such current initiative is the Criminal Use of Information Hiding Initiative.

Interested partners should send a mail to admin@sissden.eu

We are also open to any other collaboration proposals and will be happy to answer any questions about the project.