UAE Honeynet Chapter Status for 2011

ORGANIZATION

There were no changes in the structure of our chapter in 2011.

Current chapter members:

Ahmad Hassan: Chapter Lead
Majid Al Ali: Intelligence Analyst

There are other 5 members, but not as active so they haven't been officially listed. We are looking into having members from the faculty and research studetns.

DEPLOYMENTS

Current Deployments focus on collecting malware meta data using Nepenthes. We are working replacing it with dionaea.

RESEARCH AND DEVELOPMENT

We developed a system called HoneyPharm, which is based on the open source implementation of Nepenthes Pharm, to ease the distribution nepenthes and data collection. We are working on making it compitable with dionaea. We start started looking into wireless honeypots but it didn't seem feasible for the time being.

From research perspective, we are looking into security threats and vulnerabilities of smart phones, to aid raising awareness on this subject.

FINDINGS

Since we only have nepenthes, we didn't catch any unique samples after 2009. Our beta deployment of dionaea captured a recently identified malware, which is a good indication of our direction.

PAPERS AND PRESENTATIONS

We wrote an IEEE paper titled "Collecting malware from distributed honeypots — Honeypharm" in 2010, and presented it at the IEEE GCC conference in Dubai in 2011. We started preparing a KYT paper and publish, but decided to put it on hold since we are changing the code this year. We will resume once the changes are done.

GOALS

Our goal is the gather intelligence through deploying differt types of honeypots. We stepped recently into the development of aiding tools.

MISC ACTIVITIES

We recently got the chapter website up: http://www.uaehoneynet.ae/. It will be updated from time to time.
We touched base with one of the universities in the UAE in order advise on several security and honeynet-related projects in order to develop security tools that are not yet developed.