Singapore Honeynet Chapter Report for 2013

ORGANISATION

The Singapore Honeynet Chapter currently consists of the following members:

• Cecil Su: Chapter Lead, Early Warning System, Honeypots deployment, Data Analysis.
• Nicolas Collery: Development, Malware analysis and RCE, Honeypots deployment, Data analysis.
• Vicky Khan: Development, Malware analysis, Research
• Vijay Vikram: Center Manager, Research, Development, Honeypots deployment.
• Eugene Teo: Research, Malware analysis and RCE, Data analysis.
• Emil Jingwei: Research guide.
• Rong Hwa: Development, Malware analysis and RCE, Honeypots deployment, Data analysis.

The Chapter members are interested in research projects covering the following topics:

1. Malware Evasive Techniques
2. Security Analytics
3. Intrusion Detection
4. Threat Intelligence
5. Web and client-based honeypots

DEPLOYMENTS

Listed here is the deployment of tools related to honeynet project and information security in general:
• Raspberry Pi deployment (2x units) for capturing malware at the public network (via M1 telco). One of the Raspberry Pi runs Dionaea and another unit runs Kippo. Both are collecting live samples at the moment.
An archive of 30GB+ was collected over the last couple of months and the captures have been archived for analysis.

PUBLICATIONS

Publications by Ronghwa Chong
24 October 2013, Evasive Tactics: Terminator RAT,
http://www.fireeye.com/blog/technical/malware-research/2013/10/evasive-tactics-terminator-rat.html

18 June 2013, Trojan.APT.Seinup Hitting ASEAN,
http://www.fireeye.com/blog/technical/malware-research/2013/06/trojan-apt-seinup-hitting-asean.html

1 April 2013, Trojan.APT.BaneChant: In-Memory Trojan That Observes for Multiple Mouse Clicks,
http://www.fireeye.com/blog/technical/malware-research/2013/04/trojan-apt-banechant-in-memory-trojan-that-observes-for-multiple-mouse-clicks.html

1 Feb 2013, Hackers Targeting Taiwanese Technology Firm,
http://www.fireeye.com/blog/technical/malware-research/2013/02/hackers-targeting-taiwanese-technology-firm.html

RESEARCH AND DEVELOPMENT

Researched on malware evasion, network protocol and encryption techniques.

PAPERS, PRESENTATIONS AND COMMUNITY ENGAGEMENTS

01 April 2013, Kippo SSH Honeypot Tutorial
19 July 2013, HITCON, Advance Malware Evasion and Hiding Techniques
13 May 2013, SingCERT Seminar, Modern APT Malware (Awareness)
03 October 2013, GovernmentWare 2013, Alternatives in Security Analytics to Detect Advanced Threats and Breaches
15 November 2013, James Cook University, Advanced e-Security with Honeypots Seminar

GOALS

Going forward in 2014, we would like to outreach to more academic institutions and collaborate with other chapters to fuel and drive our initiatives.