Malaysian Honeynet Chapter Report for 2013

ORGANISATION

The Malaysian Honeynet Chapter was founded in August 2013 and currently consists of the following members:

1. Adli Abdul Wahid
2. Adnan Mohd Shukor
3. Ahmad Azizan Idris
4. Alip Aswalid
5. Kamal Hilmi Othman
6. Mahmud Ab Rahman

We're previously part of active members from different chapter before decided to form our chapter.

The Chapter members are interested in research projects covering the following topics:

1. Web Application Security
2. Exploit Kits Analysis and Identification
3. Intrusion Detection
4. Android Malware
5. Client-based honeypot

DEPLOYMENTS

Listed here is the deployments of tools related to honeynet project and information security in general:

1. Dionaea deployment for catching malware spreading within internal network for several universities in Malaysia

RESEARCH AND DEVELOPMENT

1. We spent some of our time looking into Exploit Kits and analyzed exploits used within the Exploit Kits. Details analysis of CVE2011-3402 (Duqu and Malicous Font, Dexter) and CVE-2011-2110 (Flash Vulnerability) attack vectors analyzed and published here [1] from The Cool Exploit Kits
2. We also look into how attacker is abusing malicious documents by inspecting their methodologies (For example, the usage of ActiveX object to fill up heap allocation to make exploitation more reliable)
3. Understanding the details of how Flash is used by attacker for APT attack
4. Analysis on Android malware based on new samples found in-the-wild

PAPERS, PRESENTATIONS AND COMMUNITY ENGAGEMENTS
1. Honeynet Project Annual Workshop 2013, Dubai: Reverse Engineering Malicious Flash
2. Taiwan Honeynet Project Workshop 2013, Taipei: Analyzing Malicious Flash
3. I-Hack UITM 2013, Kuala Lumpur: Exploit Kit Identification
4. First Security Conference, Bangkok: Blackhole, the hidden stuff beyond the spotlight

GOALS

In 2014 we would like to improve to produce new tools and to contribute to any security related projects.

[1] http://yomuds.blogspot.com/2012/11/cve-2011-3402-and-cool-exploit-kit_28.html