Czech Chapter Report for 2010/2011

ORGANIZATION

Changes in the structure of your organization.

  • We have one new member - Jaroslav Vorlicek
  • Jan and Ales are not active (own duties..)

List current active chapter members and their activities

  • David Vorel - Honeypots deployment, data analyst, data visualization
    • DEPLOYMENTS

      List current technologies deployed.

      Low interaction

      • 10x Nepenthes allocated on 15 external IP
      • 3x Dionea
      • 5x Kojoney SSH honeypot
      • Parsers for RFI attacks (about 150 domain)
        • High interaction

          • 5x Honeyclient
          • 1x Qebek - testing to switch from Honeyclient
          • 2x Sensor aka "HoneyForum" are PHPBB based forum used for tracking web spam bots
          • 1x Native linux server used also as sandbox specific operations
          • 1x Cuckoo deployed, currently providing feedback to the project

          RESEARCH AND DEVELOPMENT

          List any new tools, projects or ideas you are currently researching or developing.

          • we have started devel HIEM interface to correlate events from various honeypots, still under devel..

          Explain what kind of help or tools or collaboration you are interested in.

          • malware analysis, high interaction honeypots
          • extensive data sharing between honeypots
          • mobile security
          • VoIP SPIT
            • FINDINGS

              Any trends seen in the past year ?

              • web and email spam become more sophisticated..

              What are you using for data analysis ?

              • sandboxing, runtime analysis on virtual environment, runtime analysis on real HW..

              What is working well, and what is missing, what data analysis functionality would you like to see developed ?

              • data sharing between all honeynets to be more organized

              PAPERS AND PRESENTATIONS

              Are you working on or did you publish any papers or presentations, such as KYE or academic papers? If yes, please provide a description and link (if possible)

              • none

              Are you looking for any data or people to help with your papers ?

              • no

              Where did you present honeypot-related material? ( selected publications )

            • Internal meetings with agencies/individuals
            • GOALS

              Which of your goals did you meet for the past year?

            • integrate most sensors from our scope to our HIEM
            • Goals for the next year.

              • switch from Nepenthes to Dionea
              • switch from Honeyclient to Qebek
              • automate some processes
              • at least 2 public presentations on Honeynet and Honeypots technology
              • HIEM visualisation module
              • HIEM analyst module

              MISC ACTIVITIES

              • We started to share ideas and cooperate with few Government Agencies
Groups: