leon.van.der.eijk's blog

SSH honeypot workshop Bsides London 2013

At the last BruCON conference in Ghent last year I had the pleasure to talk to Soraya (Iggi), Bsides London co-organizer. She convinced me into submitting a workshop proposal for the Bsides London 2013.

And guess what, it got accepted.

So I will be doing a workshop on setting up a basic kippo SSH honeypot from Upi Tamminen (http://code.google.com/p/kippo/) and if time permits, using Ioannis Koniaris (Ion) kippo visualization tool kippo-graph (http://bruteforce.gr/kippo-graph).
Bsides London will be held on April 24th 2013 at Kensington and Chelsea Town Hall

Identifying unknown files by using fuzzy hashing

Identifying unknown files by using fuzzy hashing

Over the last couple of years I have captured about 2 gigabytes of malware using the Dionaea honeypot. Analysing and identifying those files can mostly be done by sites as Virustotal, Anubis or CWsandbox. By modifying the ihandler section in the dionaea.conf this can be done fully automated.
Every now and then even these excellent analysis sites come up with nothing. No result or whatsoever. This could be because its a brand new sample of malware which simply isn't recognised yet or it is a morphed sample of a known and existing one.

Syndicate content