Turkish Chapter Status Report for 2012-2013

ORGANIZATION:

  • Ali İKİNCİ
  • Bâkır EMRE
  • Oguz YARIMTEPE
  • Fatih Ekrem GENÇ
  • Necati Ersen ŞİŞECİ

DEPLOYMENTS:

  • Cuckoo Sandbox
  • Thug Low Interaction Client Honeypot
  • Dionaea
  • Windows XP as high interaction server and client honeypots

RESEARCH AND DEVELOPMENT:

Mentoring GSoC2013 projects:

Presentations

  • Local Honeynet Workshop about various topics around the HP and it’s tools. Nov 2012 Link
  • Various Presentations of Chapter Members around Cyber Security and HP topics at a career day at the Firat University in Elazig. Feb 2013 Link
  • “Introduction to the Honeynet Project” at Turkish Cyber Security Conference May 2013 Link

Webcast

Interview with Ali Ikinci and Bâkır EMRE about the Turkish Honeynet Project and the Honeynet Project in general at a turkish Cyber Security Webcast GuvenlikTV Link

Papers

  • [Turkish] “Distributed malware collection and analysis framework” EMRE Bâkır, MANTAR Haci Ali, ISITES 2013 1st International Symposium on Innovative Technologies in Engineering and Science June 2013 Link
  • Case Study: Malicious Activity in the Turkish Network (February 2013) SysSec Project report, SISECI N. E., Emre B, TIRLI H. Link

Members which attended the Dubai Workshop in 2013:

  • Ali İKİNCİ
  • Bâkır EMRE
  • Oguz YARIMTEPE
  • Necati Ersen ŞİŞECİ

FINDINGS:

  • Conficker is still very active in Turkey
  • Our honeypots have detected lots of DNS Amplification attacks and SNMP Public queries
  • We have collected more than 3.000 unique malware samples
  • Our high interaction server honeypots have been infected more than 500.000 times

GOALS:

Established goals in 2012-2013:

  • We have been able to promote the HP and spread the word about it
  • We have organized a successful local Workshop
  • We have deployed a couple of various Honeypot sensor in Turkey

Future goals for 2014:

  • Presenting more honeynet related materials at local universities
  • Encouraging and mentoring student’s thesis in related research fields
  • Improving awareness and publicity of the HP in the turkish cyber security community to improve global collaboration
    • MISC:

      We have been active in the infrastructure group and were maintaining various servers of the HP including the multisite WordPress server, the Gallery photo sharing server, the OpenLDAP server and the main Drupal server.