CERT / CSIRT

TEHTRIS CERT / CSIRT

Cybersecurity Incident Response

TEHTRIS CERT centralizes and coordinates the management of cybersecurity incidents. The implementation of sensors internal to the XDR Platform (EDR, EPP, SIEM, Honeypots…) allows us to establish a cybersurveillance the actions carried out on the information systems of our customers. In case of suspicion or proven attack, and in view of the scope and technologies impacted, a team is set up to provide expert profiles in all technical and legal areas of cybersecurity.

Our mission is to support our clients when they face a crisis whose origin is a cyber threat. Our expertise and our numerous feedbacks allow us to quickly qualify the nature of an incident while identifying the impact on your IT resources. The XDR Platform’s technologies enable the rapid deployment of detection and containment solutions to contain threats with the aim of eradicating them.

Incident handling cycle:

Preparation

Technology watch and preparation of tools and procedures to be used in the event of an incident

Identification

Analysis and understanding of the incident. Identification of the perimeter, realization of hypotheses

Containment

Identification of measures to stop an attacker’s progress

Eradication

Removing the threat and putting up a barrier to prevent it from happening again

Return to service

Advice on actions to be taken to restore service

Capitalisation

Reflection on areas for improvement in order to better respond to the next incident of the same type

CERT

As a CSIRT, TEHTRIS is a member of the official list of CERT-type entities [CERT TEHTRIS]

Official RFC 2350 TEHTRIS-CERT document

CONTACT

Contact CERT

Short name: CERT-TEHTRIS

Long name: CERT TEHTRI-Security

Address: 13-15 rue Taitbout, 75009, PARIS, FRANCE

Phone: +33 (0) 9-72-43-07-64

Mail : moc.sirthet@trec

ID: 19C7 677A AB9A 85E6

Fingerprint: A1F2 9BA1 2811 4E68 043C 07C5 19C7 677A AB9A 85E6

Cyber Interest Intelligence (CII)

TEHTRIS CERT collects and centralizes information of cyber interest from private, public and community partners (including COVID-19 CTI League and COVID19 CyberThreatCoalition). These information exchanges are associated with flows from open sources (OSINT) which are collected by servers based on MISP (Malware Information Sharing Platform).

The processing of collected information is carried out in accordance with the need-to-know principle. In addition, when a client sends us compromise indicators in order to check whether they are present on its information systems, we use dedicated protocols and tools that make it possible not to share or search for these indicators on other clients’ information systems. The search for compromise indicators coming from the [TLP:WHITE] reports of the ANSSI is carried out automatically on all the computer systems of our clients equipped with EDRs.

Technology watch and cybersecurity bulletins

A permanent monitoring is carried out to enable the protection of our customers’ information systems thanks to the TEHTRIS XDR Platform. The design of certain technologies such as TEHTRIS EDR makes it possible to detect or even protect vulnerabilities of editors (such as Microsoft) even before patches are available. For more information, please request a demonstration through our contact form.

EUROPEAN NETWORK SENSORS

EUROPEAN NETWORK SENSORS When reviewing logs from a company, TEHTRIS CERT found multiple instances where an IP address had been trying to contact sensitive servers. Since these servers were unknown to open source databases, an investigation was conducted to understand how a potential attacker could identify the IP addresses of

En savoir plus »

UPnP CallStranger vulnerability

UPnP CallStranger vulnerability RISKS Remote code execution Data exfiltration Involuntary participation in a DDOS attack AFFECTED SYSTEMS List being updated whose vulnerability is confirmed: Windows 10 – upnphost.dll 10.0.18362.719 Xbox One- OS Version 10.0.19041.2494 ADB TNR-5720SX Box (TNR-5720SX/v16.4-rc-371-gf5e2289 UPnP/1.0 BH-upnpdev/2.0) Asus ASUS Media Streamer Asus Rt-N11 Belkin WeMo Broadcom ADSL

En savoir plus »

RCE on PRTG Network Monitor – TEHTRIS PENTEST

RCE on PRTG Network Monitor TEHTRIS PENTEST Earlier this year, a TEHTRIS team has been mandated in order to conduct a remote pentest. The maturity level of the information system audited didn’t allow to identify any vulnerability directly exposed on the internet. TEHTRIS then decided to dig deeper into the

En savoir plus »

TEHTRIS TEAM