This is a response to a CSO Online blog post by Jeff Bardin ("Caution: Not Executing Offensive Actions Against Our Adversaries is High Risk," November 2012.), which is a rebuttal to a blog post by Jody Westby on Forbes online (“Caution: Active Response to Cyber Attacks Has High Risk.”) Mr. Bardin is obviously playing on words in the title and I seriously doubt he believes that it is higher risk to not take aggressive actions than is to do so.
ORGANIZATION
Active members: - Sébastien Tricaud - Guillaume Arcas - Anthony Desnos - Franck Guénichot - François-René Hamelin - Christophe Grenier
DEPLOYMENTS We have following technologies deployed:
- Kippo on honeycloud. Goal of this deployment is to provide a centralized instance of Kippo & share findings, logs, collected data. - HoneyProxy on honeycloud. - Honeeebox
RESEARCH AND DEVELOPMENT
* New tools => HoneyProxy as part of GSoC 2012. => FAUP (formerly furl) => OpenNormalizer => PhotoRec/TestDisk => A.
The UK Chapter’s annual status report for 2011/2012 has been published at http://www.ukhoneynet.org/2012/12/04/uk-honeynet-project-chapter-annual-status-report-for-20112012/.
ENISA (The European Network and Information Security Agency) under the leadership of CERT Polska has published report on honeypots. Its a hands-on guide on the various honeypot technologies out there looking at various operational aspects, such as extensibility, reliability, ease of deployment, etc. If you are considering running a honeypot, this is a must read! Check it out at http://www.enisa.europa.eu/media/press-releases/new-report-by-eu-agency-enisa-on-digital-trap-honeypots-to-detect-cyber-attacks. Great job, ENISA!
ORGANIZATION
Faiz Ahmad Shuja is founder and chapter lead of Pakistan Chapter and an active member since 2003. He is responsible for the management and maintenance of HP infrastructure as Chief Infrastructure Officer.
Muhammad Omar Khan is an active member and assists in various Honeynet deployment efforts.
Rehan Ahmed is our active member. He assists in the management of Pakistan chapter and HP infrastructure.
Omar Khan has been involved in attacks analyses and reporting.
ORGANIZATION
• Brian Hay (Chapter Lead, Full Member)
• Kara Nance (BoD Member, Full Member)
• Chris Hecker
• Clark Harshbarger
• Matt Bishop
• Wesley McGrew
• Lucas McDaniel
DEPLOYMENTS
• 1 Honeeebox in Alaska
• Purchased multiple other Honeeeboxes available for third party deployments
• Periodic Dionaea deployments in both public and private clouds for student and demonstration use.
RESEARCH AND DEVELOPMENT
1. Ongoing development of hypervisor-based honeypot monitoring using virtual machine introspection (VMI) on Xen and KVM platforms.
ORGANIZATION
Ahmad Alajail – Chapter Lead
Ahmad Hassan – Member
Anastasios Monachos - New Member
Andrew Marrington – New Member
Majid Al Ali - Member
DEPLOYMENTS
we have successfully change all of our distributed Honeypots from Nepenthes to Dionaea and upgrade our honeypharm with reporting mechanism and the additional information received from Dionaea.
RESEARCH AND DEVELOPMENT
As we reached end of 2012 we managed to upgrade our research lab with new hardware’s that can be used for the new projects.
ORGANIZATION Last year our chapter membership has gone through several changes: some members moved to new places and new positions and are no longer a part of the honeynet chapter, while others (Natalia Stakhanova) came back.
Our current members include Ali Ghorbani, Natalia Stakhanova, Hadi Shiravi (Unversity of New Brunswick) and Sami Guirguis (Toronto).
DEPLOYMENTS
We currently have deployed a cluster of server honeypots and SGNET sensor. Both are primarily used for capturing botnet network traffic.
Spartan Devils Chapter Status Report For 2012
ORGANIZATION
Our current membership includes: Gail Joon Ahn (Arizona State University) Tom Holt, (Michigan State University) Max Kilger, and Napoleon Paxton, We are also happy to report that we added Paul Neff to our roster in the last few months.
DEPLOYMENTS
In addition to all tools from honeynet site, we also installed Sandboxie on Vmware ESXi to automatically test malware and reset VMs.