Security White Papers

Security White Paper 2017-002_Detecting Lateral Movements in Windows Infrastructure External link

Lateral movement techniques are widely used in sophisticated cyber-attacks in particular in Advanced Persistent Threats (APTs). An adversary uses these techniques to access other hosts from a compromised system and get access to sensitive resources, such as mailboxes, shared folders, or credentials. This white-paper provides guidelines to detect the lateral movements exploiting NTLM and Kerberos protocols in a Windows 7 and 2008 based environments.

  Tuesday, April 18, 2017 4:27:00 PM CEST

UPDATED - Security White Paper 2017-001_v1_2 - DMARC — Defeating E-Mail Abuse External link

DMARC is a mechanism to define a coherent e-mail policy that can effectively be used by both the sender and the receiver of the e-mail messages. The senders can list the authentication mechanisms they have put in place, and the receivers are informed what the sender suggests them to do, if the authentication fails on any message that claims to originate from them.

  Wednesday, January 11, 2017 11:13:00 AM CET

Security White Paper 2016-003 - Authentication Methods External link

"Lately, protecting data has become increasingly difficult task. Cyber-attacks have become one of the most serious threats to any organization. Companies and organizations are taking measures in order to defend their assets, and the authentication methods are an increasingly important security measure. Authentication is the security term for verifying that the user is indeed who he claims to be. The procedure of confirming a user’s authenticity, is the action of comparing the provided credentials of the user against an existing database of validated identities. However, since depending only on the use of simple credentials – or a single method of authentication in general – have lately proven to be highly unreliable, the use of multiple factors for the authentication process is highly recommended.

  Wednesday, January 11, 2017 10:56:00 AM CET

Security White Paper 2016-002 - Weaknesses in Diffie-Hellman Key External link

This white paper offers you a guidline for the minimum key length in publickey cryptography – more precisely in the Diffie-Hellman (DH) protocol – in order to be considered secure.

  Monday, August 8, 2016 9:36:00 AM CEST

Security White Paper 2016-001 - Improved Security with HTTPS v1.0 External link

This white paper presents in a simple way the advantages of using HTTPS over HTTP. Nowadays, with the increasing popularity and availability of web-based applications, it becomes very important to ensure a secure way for accessing them. Security could be significantly improved by moving from using HTTP to HTTPS protocol.

  Tuesday, April 26, 2016 4:23:00 PM CEST

UPDATED - Security White Paper 2014-007 - Pass The Golden Ticket v1.4 External link

This white-paper provides the required steps to prevent and block attacks based on the golden-ticket.

  Monday, February 16, 2015 5:01:00 PM CET

UPDATED - Security White Paper 2012-04 - Guideline Data Acquisition for Investigation Purposes External link

This document is aimed at general IT staff that may be in the position of being required to take action in response to an IT security incident, and who does not have specific training in the area of computer forensics.

  Tuesday, May 26, 2015 12:06:00 PM CEST

Security White Paper 2014-011 - Guidelines dataprotection notification External link

In a number of EU institutions, bodies and agencies, processes have been established to respond to cyber-security incidents. Such processes involve the handling of personal data and therefore they must be subject to a formal notification to the relevant Data Protection Officer. The present document offers a model and recommendations for such a notification. It is intended to be used by cyber-security incident response teams of EU institutions, bodies and agencies

  Tuesday, January 6, 2015 4:44:00 PM CET

Security White Paper 2014-009 - DDoS Overview and Incident Response Guide External link

This White Paper provides high-level guidelines to help IT staff responding to DDoS incident

  Tuesday, July 22, 2014 1:47:00 PM CEST

UPDATED - Security White Paper 2014-008 - Cisco IOS Risk Mitigation External link

This White-paper presents the risks related to CISCO IOS running on CISCO network equipement. A CISCO IOS could be potentially modified offline or malicious code could be executed during runtime. This paper presents the main infection methods, the detection procedures, and the prevention mechanisms that networks administrators should put in practice.

  Monday, June 30, 2014 2:36:00 PM CEST

Security White Paper 2014-006 - Handling of Potentially Malicious Emails External link

As a user of email, you may at some point receive a malicious email designed to steal information or cause damage to your information.

  Tuesday, May 13, 2014 4:04:00 PM CEST

Security White Paper 2014-005 - E-mail Sender Address Forgery External link

This White Paper provides guidelines on the implementation of a Sender Framework (SPF), which is designed to prevent e-mail spam and detect e-mail spoofing, by verifying sender IP addresses.

  Tuesday, April 15, 2014 4:27:00 PM CEST

Security White Paper 2011-003 - Windows Malware Detection (Incident Response Methodology) External link

This White Paper contains the first of a series of Incident Response Methodologies that CERT-EU intends to publish as part of the Security White Papers publications. Incident Response Methodologies are cheat sheets dedicated to handlers investigating on a precise security issue. This first Incident Response Methodologies presents a how to detect and recover from Malware on Windows systems. The first version which was published in December 2011 has been updated in May 2012.

  Thursday, November 10, 2011 6:52:00 PM CET

Security White Paper 2011-002 - CERT-EU Services - Fundamentals External link

The present paper lays down guidance for participating actively in the services of CERT-EU, for the benefit of all EU Institutions, Agencies and Bodies.

  Wednesday, October 26, 2011 4:53:00 PM CEST

Security White Paper 2011-001 - Additional Malware Protection with MSS External link

This white paper offers you a guideline for integrating Microsoft Safety Scanner (MSS) in you defence in depth strategy against malware.

  Tuesday, September 27, 2011 8:26:00 AM CEST


This website is managed by CERT-EU. Find out more about us.



For questions or comments, please contact us at:


PGP Fingerprint:  C9B2 0BAB 2C37 35AD FF79 7949 AFBD 579A 5DDA 8E13

Emergency phone: +32 229 52100




Load latest edition

Monday, January 24, 2022

8:15:00 PM CET


Tuesday, June 10, 2014 10:18:00 AM CEST

Edition: 1

Select another edition