The assessment of new vulnerabilities and weaknesses are a constant issue for Cyber Emergency Response Teams (CERTs). In order to be able to quickly assess how many affected devices are affected by a arising issue DT CERT has developed a simple yet generic tool for scanning a large number of IP addresses. Heartbleed, Shellshock, open $SERVICE resolver, House-of-Keys, Juniper telnet/ssh backdoor (CVE-2015-7755) are examples of recent problems which demanded the capability of scanning a large number of IP addresses for those weaknesses, so that the situation can be assessed quickly and handled accordingly. The developed tool has basically two main components, one responsible for the management of parallel tasks, the other being weakness-specific part. With this tool, DT CERT was able to scan its main AS (AS3320) for $PROBLEM within $TIME.
João is an Incident Handler/Security Analyst at Deutsche Telekom Cyber Defense Center since 2010. He is mainly focused on network-based incident detection and build-up of incident handling know-how across Deutsche Telekom Group.
Andreas is an Security Analyst at Deutsche Telekom Cyber Defense Center since 2009. He is mainly focused on Vulnerability and Advisory Management and rapid prototyping of incident detection and response tools.