Lateral movement techniques are widely used in sophisticated cyber-attacks in particular in Advanced Persistent Threats (APTs). An adversary uses these techniques to access other hosts from a compromised system and get access to sensitive resources, such as mailboxes, shared folders, or credentials. This white-paper provides guidelines to detect the lateral movements exploiting NTLM and Kerberos protocols in a Windows 7 and 2008 based environments.
DMARC is a mechanism to define a coherent e-mail policy that can effectively be used by both the sender and the receiver of the e-mail messages. The senders can list the authentication mechanisms they have put in place, and the receivers are informed what the sender suggests them to do, if the authentication fails on any message that claims to originate from them.
"Lately, protecting data has become increasingly difficult task. Cyber-attacks have become one of the most serious threats to any organization. Companies and organizations are taking measures in order to defend their assets, and the authentication methods are an increasingly important security measure. Authentication is the security term for verifying that the user is indeed who he claims to be. The procedure of confirming a user’s authenticity, is the action of comparing the provided credentials of the user against an existing database of validated identities. However, since depending only on the use of simple credentials – or a single method of authentication in general – have lately proven to be highly unreliable, the use of multiple factors for the authentication process is highly recommended.
This white paper offers you a guidline for the minimum key length in publickey cryptography – more precisely in the Diffie-Hellman (DH) protocol – in order to be considered secure.
This white paper presents in a simple way the advantages of using HTTPS over HTTP. Nowadays, with the increasing popularity and availability of web-based applications, it becomes very important to ensure a secure way for accessing them. Security could be significantly improved by moving from using HTTP to HTTPS protocol.
This white-paper provides the required steps to prevent and block attacks based on the golden-ticket.
This document is aimed at general IT staff that may be in the position of being required to take action in response to an IT security incident, and who does not have specific training in the area of computer forensics.
In a number of EU institutions, bodies and agencies, processes have been established to respond to cyber-security incidents. Such processes involve the handling of personal data and therefore they must be subject to a formal notification to the relevant Data Protection Officer. The present document offers a model and recommendations for such a notification. It is intended to be used by cyber-security incident response teams of EU institutions, bodies and agencies
This White Paper provides high-level guidelines to help IT staff responding to DDoS incident
This White-paper presents the risks related to CISCO IOS running on CISCO network equipement. A CISCO IOS could be potentially modified offline or malicious code could be executed during runtime. This paper presents the main infection methods, the detection procedures, and the prevention mechanisms that networks administrators should put in practice.
As a user of email, you may at some point receive a malicious email designed to steal information or cause damage to your information.
This White Paper provides guidelines on the implementation of a Sender Framework (SPF), which is designed to prevent e-mail spam and detect e-mail spoofing, by verifying sender IP addresses.
This White Paper contains the first of a series of Incident Response Methodologies that CERT-EU intends to publish as part of the Security White Papers publications. Incident Response Methodologies are cheat sheets dedicated to handlers investigating on a precise security issue. This first Incident Response Methodologies presents a how to detect and recover from Malware on Windows systems. The first version which was published in December 2011 has been updated in May 2012.
The present paper lays down guidance for participating actively in the services of CERT-EU, for the benefit of all EU Institutions, Agencies and Bodies.
This white paper offers you a guideline for integrating Microsoft Safety Scanner (MSS) in you defence in depth strategy against malware.
This website is managed by CERT-EU. Find out more about us.
For questions or comments, please contact us at:
PGP Fingerprint: CBD6 07BA 59AC 4462 B98F 8DB2 32AB 2903 830D ACB8
Emergency phone: +3222990005
Saturday, September 26, 2020
3:09:00 AM CEST
Tuesday, June 10, 2014 10:18:00 AM CEST
Select another edition