leon.van.der.eijk's blog

In-depth interview: Angelo Dell'Aera

Angelo Dell'Aera (@angelodellaera) is currently Chief Executive Officer of the Honeynet Project. His interests are botnet tracking, honeyclient technologies and malware analysis. His previous research on TCP congestion control algorithms led to the design of the TCP Westwood+ algorithm and the implementation in the official Linux kernel. He’s the lead developer of the low-interaction honeyclient Thug.

Workshop news ! Mittegating botnets allmost soldout !

The workshop held by Tillman Werner is almost sold out folks ! Register while you can at http://warsaw2014.honeynet.org/
Tillman will be talking about understanding and mitigating botnets ! Checkout http://warsaw2014.honeynet.org/trainings.html#training1

New platinum sponsor for our anual workshop !

The honeynet project is excited and proud to have Deutsche Telekom aboard as a platinum sponsor for our annual workshop in Warshaw 2014 ! DT is a 143 million mobile customer telecom operator. More information on this telecom giant can be found at www.telekom.com/company/at-a-glance/92662

New project CEO

Last week it was announced that Angelo Dell'Aera is elected as our new CEO. Here is a brief description about Angelo.

SSH honeypot workshop Bsides London 2013

At the last BruCON conference in Ghent last year I had the pleasure to talk to Soraya (Iggi), Bsides London co-organizer. She convinced me into submitting a workshop proposal for the Bsides London 2013.

And guess what, it got accepted.

So I will be doing a workshop on setting up a basic kippo SSH honeypot from Upi Tamminen (http://code.google.com/p/kippo/) and if time permits, using Ioannis Koniaris (Ion) kippo visualization tool kippo-graph (http://bruteforce.gr/kippo-graph).
Bsides London will be held on April 24th 2013 at Kensington and Chelsea Town Hall

Identifying unknown files by using fuzzy hashing

Identifying unknown files by using fuzzy hashing

Over the last couple of years I have captured about 2 gigabytes of malware using the Dionaea honeypot. Analysing and identifying those files can mostly be done by sites as Virustotal, Anubis or CWsandbox. By modifying the ihandler section in the dionaea.conf this can be done fully automated.
Every now and then even these excellent analysis sites come up with nothing. No result or whatsoever. This could be because its a brand new sample of malware which simply isn't recognised yet or it is a morphed sample of a known and existing one.

Syndicate content