KYE

Know Your Enemy: Social Dynamics of Hacking

I am very pleased to announce the publication of another paper in our Know Your Enemy white paper series: "KYE - Social Dynamics of Hacking" authored by Thomas J. Holt and Max Kilger from our Spartan Devils Honeynet Project Chapter. In this paper, Tom and Max go to the roots of the Know Your Enemy series and shine light on the social groups that are involved in hacking.


Abstract
Though most information security research focuses on current threats, tools, and techniques to defeat attacks, it is vital to recognize and understand the humans behind attacks. Individual attackers have various skills, motives, and social relationships that shape their actions and the resources they target. In this paper we will explore the distribution of skill in the global hacker community, the influence of on and off-line social relationships, motivations across attackers, and the near-future of threats to improve our understanding of the hacker and attacker community.

Announcing the publication of Know Your Tools: Glastopf - A dynamic, low-interaction web application honeypot

Folks, I am very pleased to announce the publication of our Know Your Tools paper: Glastopf - A dynamic, low-interaction web application honeypot authored by Lukas Rist of the Chicago Honeynet Project Chaper and Sven Vetsch, Marcel Kossin, and Michael Mauer.

The paper is available from http://honeynet.org/papers/KYT_glastopf.

Paper abstract
Currently, attacks against web applications make up more than 60% of the total number of attempted attacks on the Internet. Organizations cannot afford to allow their websites be compromised, as this can result in serving malicious content to customers, or leaking customer's data. Whether the particular web application is part of a company's website, or a personal web page, there are certain characteristics common to all web applications. Most people trust in the reliability of web applications and they are often hosted on powerful servers with high bandwidth connections to the Internet. Considering the large number of attacks and knowing the potential consequences of successful break-ins, we decided to put a bit more effort into the development of honeypots to better understand these attacks.

In this paper, we introduce Glastopf, a low-interaction web application honeypot capable of emulating thousands of vulnerabilities to gather data from attacks that target web applications. The principle behind it is very simple: reply to the attack using the response the attacker is expecting from his attempt to exploit the web application. We provide an overview of the attacks on web applications, describe examples collected with Glastopf, and discuss possible usages of data collected.


Glastopf can be downloaded from http://glastopf.org/ and a mailing list for help/suggestions and advice is available at https://public.honeynet.org/mailman/listinfo/glastopf.

Know Your Tools: Qebek - Conceal the Monitoring has been published

Christian Seifert (CPRO of The Honeynet Project) has just announced publication of our Know Your Tools series: Qebek - Conceal the Monitoring, authored by Chengyu Song and Jianwei Zhuge from the Chinese Chapter and Brian Hay from the Alaskan Chapter. The paper is based on Chengyu's hard work during the GSoC 2009, Brian Hay and me acted as his mentors for the Qebek GSoC Project. Congrats to Chengyu and Chinese Chapter.

The paper is available from http://honeynet.org/papers/KYT_qebek.

Paper abstract

Announcing the publication of Know Your Tools: Qebek - Conceal the Monitoring

I am very pleased to announce another publication of our Know Your Tools series: Qebek - Conceal the Monitoring authored by Chengyu Song and Jianwei Zhuge from the Chinese Chapter and Brian Hay from the Alaskan Chapter.

The paper is available from http://honeynet.org/papers/KYT_qebek.

Paper abstract
For the last few years, while low-interaction (LI) honeypot systems like Nepenthes and PHoneyC are getting more and more powerful, the progress of high-interaction (HI) honeypot technology has been somewhat slower. This is especially true for Sebek, the de-facto HI honeypot monitoring tool. In this KYT paper, we introduce Qebek, a QEMU based HI honeypot monitoring tool which aims at improving the invisibility of monitoring the attackers’ activities in HI honeypots.

Know Your Tools: use Picviz to find attacks

We are very excited to announce the publication of our first paper in the new Know Your Tools paper series: “KYT: use Picviz to find attacks” authored by Sebastien Tricaud from the French Chapter and Victor Amaducci from the University of Campinas.

The paper can be downloaded at Know Your Tools: use Picviz to find attacks.

Paper Abstract
Picviz is a parallel coordinates plotter which enables easy scripting from various input (tcpdump, syslog, iptables logs, apache logs, etc..) to visualize data and discover interesting aspects of that data quickly. Picviz uncovers previously hidden data that is difficult to identify with traditional analysis methods.

In the first paper of our new Know Your Tools series, Sebastien Tricaud from the French Honeynet Project Chapter and Victor Amaducci from the University of Campinas, focus on Picviz. After a brief overview on parallel coordinates, Picviz architecture, and installation procedure, three real-world examples are presented that illustrate how to identify attacks from large amounts of data: Picviz is used to analyze SSH logs, Apache access logs and network traffic. With these examples, it is demonstrated how Picviz can find attacks that previously have been hidden.

Recent additions to Picviz GUI have been made by Victor Amaducci under the mentorship of Sebastien Tricaud as part of the Google Summer of Code program 2009. The most recent version of Picviz is freely available for download from its project site at http://www.wallinfire.net/picviz and support can be sought from the Picviz mailing list at http://www.wallinfire.net/cgi-bin/mailman/listinfo/picviz..

Syndicate content