Secure Information Sharing Sensor Delivery Event Network

Latest Blog Posts

Oracle WebLogic 0-day analysis

Introduction Several days ago, information about new Oracle WebLogic Server 0day vulnerability was published - Vulnerability in Deserialization component leading to the Remote Code Execution (RCE). More details about vulnerability can be found here, here and here. Recently, CVE-2019-2725 has...


Honeypot types deployed in SISSDEN architecture

The SISSDEN sensor network is composed of VPS provider hosted nodes (procured at a cost from the VPS providers) and nodes donated to the project by third-parties acting as endpoints. These VPS nodes are not the actual honeypots themselves. Instead, they act as transparent layer 2 tunnels to the SISS...


T-Pot integration to SISSDEN collaboration

Running the latest T-Pot as a vetted SISSDEN user? You can now contribute your data to SISSDEN! For the last couple of years, T-Pot , the docker-based open source honeypot platform developed by our partner Deutsche Telekom (DTAG), evolved as one of the most successful honeypot platforms, not on...



SISSDEN will improve the cybersecurity posture of EU organisations and citizens through the development of increased situational awareness and the effective sharing of actionable information. SISSDEN builds on the experience of The Shadowserver Foundation, a non-profit organisation well known in the security community for its successful efforts in the mitigation of botnets and fighting malware propagation. SISSDEN will provide free-of-charge victim notification services, and work in close collaboration with Law Enforcement Agencies, national CERTs, network owners, service providers, small and medium-sized enterprises (SMEs) and individual citizens.

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 700176. More info..

Project Overview

SISSDEN is a Horizon 2020 project aimed at improving the cybersecurity posture of EU entities and end users through the development of situational awareness and sharing of actionable information. It builds on the experience of The Shadowserver Foundation, a non-profit organization well known in the security community for its efforts in mitigation of botnet and malware propagation, free of charge victim notification services, and close collaboration with Law Enforcement Agencies, national CERTs, and network providers. Check out the architecture overview.

Contact and Collaborations

The project addresses the security concerns of wide range of stakeholders, such as National CERTs, Internet Service Providers (ISPs), Law Enforcement Agencies, EU and non-EU Citizens, Academic and Private Industry Researchers, The European Commission, and Industry partners (large and small).

One of the main goals of the project is community collaboration.

We are seeking partners interested in:

  • Deploying sensors, providing IP space, VMs or physical servers in support of the project
  • Willing to contribute new honeypot/sensor technologies that can be deployed as part of the project
  • Providing third party feeds that could be integrated with SISSDEN or help enrich curated data
  • Collaborating on academic research on the curated data set

We are open to colaboration with Law Enforcement initiatives with data on malware and botnet activity. An example of one such current initiative is the Criminal Use of Information Hiding Initiative.

Interested partners should send a mail to

We are also open to any other collaboration proposals and will be happy to answer any questions about the project.