To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.


No, Executing Offensive Actions Against Our Adversaries Really Does Have High Risk (Deal With It)

This is a response to a CSO Online blog post by Jeff Bardin ("Caution: Not Executing Offensive Actions Against Our Adversaries is High Risk," November 2012.), which is a rebuttal to a blog post by Jody Westby on Forbes online (“Caution: Active Response to Cyber Attacks Has High Risk.”) Mr. Bardin is obviously playing on words in the title and I seriously doubt he believes that it is higher risk to not take aggressive actions than is to do so. His post does not contain a reasoned proposal for how to change or work within existing legal and ethical norms to allow aggressive actions directed at computer network attackers. It is instead a strident endorsement of a vaguely defined "new approach" of counter-attack using simplistic arguments based on emotion and a desire for retribution (an unethical position to take), lacking sufficient discussion of appropriate "rules of engagement," principle-based ethical justifications of any type beyond basic "right of self-defense" arguments, and including no oversight mechanisms to minimize the potential for abuse or collateral damage. This response is quite long, including not only Mr. Bardin's own words for context but also many references to materials apropos to the topic that Mr. Bardin does not provide in his post.

Mr. Bardin's blog post illustrates some of the problems with discussion of this topic that I have seen over and over since the first workshops I attended or lead on this topic in Seattle's Agora security group from 2001 to 2004. I have been studying and discussing these issues for over a decade and have seen the same simplistic arguments repeated in nearly every discussion. Useful analogies in this realm are really hard to find and almost always fail. Part of the problem stems from non-technical people trying to discuss extremely technical and complex issues of computer network attack and defense, combined with rushing to simple "self defense" analogies and appeals to emotion, suggesting we have to do something, anything, to get satisfaction. Frequently left out is any meaningful discussion of ethics, "rules of engagement," responsibility, or accountability.

If my response here comes across as vehement opposition, it is not intended that way. If anything, it shares Mr. Bardin's frustration that we have gotten to the point where intrusions are so widespread and pervasive, but we differ in explaining why and in proposing a viable path forward.

French Chapter Status Report 2012


Active members:
- Sébastien Tricaud
- Guillaume Arcas
- Anthony Desnos
- Franck Guénichot
- François-René Hamelin
- Christophe Grenier

We have following technologies deployed:

- Kippo on honeycloud. Goal of this deployment is to provide a centralized instance of Kippo & share findings, logs, collected data.
- HoneyProxy on honeycloud.
- Honeeebox


* New tools
=> HoneyProxy as part of GSoC 2012.
=> FAUP (formerly furl)
=> OpenNormalizer
=> PhotoRec/TestDisk
=> A.R.E. / AndroGuard

Enhanced tools:

ENISA publishes report on honeypots

ENISA (The European Network and Information Security Agency) under the leadership of CERT Polska has published report on honeypots. Its a hands-on guide on the various honeypot technologies out there looking at various operational aspects, such as extensibility, reliability, ease of deployment, etc. If you are considering running a honeypot, this is a must read! Check it out at Great job, ENISA!

Press Release: 2013 Honeynet Project Workshop

Contact: Christian Seifert
Phone: +1-206-2651944

1425 Broadway #438
Seattle, WA, 98122

9 A.M. GST, November 26th, 2012

DUBAI, 26 NOV 2012: This three-day event features an exceptional collection of international security professionals presenting the latest research tools and findings in malware analysis. The twelfth annual workshop will be held at The Address Dubai Mall Hotel on the 10th through 12th of February, 2013, with sponsorship and support from the UAE Honeynet Project chapter, United Arab Emirates Computer Emergency Response Team (aeCERT), and the Pakistan Honeynet Project chapter. The workshop includes one full day of briefings and two full days of hands-on tutorial trainings. Founded in 1999, The Honeynet Project is a non-profit international research organization dedicated to improving the security of the Internet at no cost to the public.

“Cyber security is a critical element for any nation working towards technical advancement,” said H.E. Mohamed Nasser Al Ghanim, Director General of TRA. “I am pleased the TRA and aeCERT are participating in this event; hands-on and knowledge-intensive workshops such as this are invaluable as we work towards reinforcing the nation’s cyber security.”

“Cyber security is not a ‘one-man’ job, it is dependent on the proactive collaboration of groups spanning government, industry and academia,” said Ahmad Alajail, Security Intelligence & Threat Analyst. “ This is why initiatives such as Honeynet, which provide a diverse talent base, are greatly complementary to the nation’s cyber security and to our work at aeCERT.”

The Honeynet Project is composed of 45 regional chapters and is a diverse, talented, and engaged group of hundreds of volunteer security experts who conduct open, cross disciplinary research and development into the evolving threat landscape. Registration and more information available at: or by contacting The Honeynet Project CEO Christian Seifert to request a personal interview at:

Pakistan Chapter Status Report For 2012


  • Faiz Ahmad Shuja is founder and chapter lead of Pakistan Chapter and an active member since 2003. He is responsible for the management and maintenance of HP infrastructure as Chief Infrastructure Officer.
  • Muhammad Omar Khan is an active member and assists in various Honeynet deployment efforts.
  • Rehan Ahmed is our active member. He assists in the management of Pakistan chapter and HP infrastructure.
  • Omar Khan has been involved in attacks analyses and reporting.

Alaska Chapter - Status Report 2011-2012

• Brian Hay (Chapter Lead, Full Member)
• Kara Nance (BoD Member, Full Member)
• Chris Hecker
• Clark Harshbarger
• Matt Bishop
• Wesley McGrew
• Lucas McDaniel

• 1 Honeeebox in Alaska
• Purchased multiple other Honeeeboxes available for third party deployments
• Periodic Dionaea deployments in both public and private clouds for student and demonstration use.


1. Ongoing development of hypervisor-based honeypot monitoring using virtual machine introspection (VMI) on Xen and KVM platforms.

UAE Chapter Status Report For 2012

Ahmad Alajail – Chapter Lead
Ahmad Hassan – Member
Anastasios Monachos - New Member
Andrew Marrington – New Member
Majid Al Ali - Member

we have successfully change all of our distributed Honeypots from Nepenthes to Dionaea and upgrade our honeypharm with reporting mechanism and the additional information received from Dionaea.


Canadian Chapter Status Report For 2011

Last year our chapter membership has gone through several changes: some members moved to new places and new positions and are no longer a part of the honeynet chapter, while others (Natalia Stakhanova) came back.

Our current members include Ali Ghorbani, Natalia Stakhanova, Hadi Shiravi (Unversity of New Brunswick) and Sami Guirguis (Toronto).


We currently have deployed a cluster of server honeypots and SGNET sensor. Both are primarily used for capturing botnet network traffic.


Spartan Devils Chapter Status Report For 2012

Spartan Devils Chapter Status Report For 2012


Our current membership includes: Gail Joon Ahn (Arizona State University) Tom Holt, (Michigan State University) Max Kilger, and Napoleon Paxton, We are also happy to report that we added Paul Neff to our roster in the last few months.

In addition to all tools from honeynet site, we also installed Sandboxie on Vmware ESXi to automatically test malware and reset VMs.


Syndicate content