RoT-1 Chapter - 2011 Status Report

ORGANIZATION

The RoT-1 Chapter of the Honeynet Project was founded in November 2010. The members include:

  • Ryan Smith
  • Adam Pridgen
  • Daniel Herrera
  • Ralph Logan
  • Kirby Kuehl
  • Jed Haile
  • George Chamales

Areas of research conducted by the members:

  • Mobile Honeynets
  • Honeypot technology
  • Memory Forensics
  • Distributed Processing
  • Large-Scale Data Analysis

DEPLOYMENTS

Currently, there are two Honeeebox sensors deployed at Rice University and at a members home in Houston, Tx.

RESEARCH AND DEVELOPMENT

Adam Pridgen augmented a the Volatility 2.0 Framework so that JSON output could be acquired from the frameworks tools when analyzing memory images. This functionality could then be used to store and mine the resulting output with using a NoSQL database like CouchDB or MongoDB. After noting a shortcoming in the acquisition, he has started investigating a more complete method of acquisition by modifying VirtualBox and capturing modified memory pages when they are paged out of physical memory. The ultimate goal is to be able to run virtual honeypots for extended periods with the ability to capture and reconstruct memory using periodic full memory snapshots and the captured pages in-between each memory snapshot to capture a more complete forensic picture of the honeypots memory.

FINDINGS

  • A previously unidentified piece of malware/attack was discovered, and the characteristics and configuration material were reported to the appropriate parties.

PAPERS, PRESENTATIONS AND COMMUNITY ENGAGEMENTS

GOALS

  • Establish a cooperative group project to better encorporate and activate new members
  • Bring on new members from the northern Bay Area
  • Hold quarterly remote collaboration meetings

MISC ACTIVITIES

  • Adam Pridgen helped the CuckooBox with some minor contributions and testing.
  • Both Ryan and Kirby got new positions that are malware-centric, which should lead to an increase in activity and collaboration.

MENTORING

Adam Pridgen and Ryan Smith were HPGSOC '12 mentors. Adam Pridgen co-mentored Oğuz Yarımtepe along with Nicolas Collery on the Network Analyzer Project. Ryan Smith stepped in to mentor Weilin Xu who was selected to work on the IPv6 Honeypot.

Groups: