Brazilian Chapter Status Report 2011/2012

ORGANIZATION
Current chapter members and their activities:

Antonio Montes, PhD, Chapter Lead
Luiz Otavio Duarte, MSc, Data Capture and Collection Tools
Ricardo Makino, Data Collection Infrastructure

Current chapter collaborators:

Fernando Amatte, Malware Analysis Tools
Rodrigo Ruiz, Data Collection and Analysis Infrastructure
Bruna de Oliveira Martins, Database Analyst

Changes in the structure of your chapter:

The Chapter undergo an abrupt change in September 2011, due to the withdrawal of Cert.br's members and the interruption of the data mirroring from the joint Distributed Honeypots Project. This lead us to reappraise our approach based on malicious activities collection and concentrate on malware collection. Therefore a new distributed honeypots network is being setup, mostly in federal universities and research labs only this time based on dionaea honeypots and surfids.

DEPLOYMENTS

Distributed Honeypots Network (since 2009).
Pandora Sandbox (since 2008).
http://www.cti.gov.br/NUCAM/
Discussing partnership with Brazilian Research Network to host honeypots in their state's PoP.

RESEARCH AND DEVELOPMENT

Limited to improvements in our automated malware analysis tool, particularly improving reliability and performance.

FINDINGS

No remarkable finding.

PAPERS, PRESENTATIONS AND COMMUNITY ENGAGEMENTS

Kil Jin Brandini Park, Rodrigo Ruiz, Antonio Montes, BinStat - Detection of Packed Binaries, Proceedings of the 7th International Conference on Forensics Computer Science, pg. 173-181, 2011.

GOALS

Past year: regroup.
Next year: deploy honeeeboxes and upload data to hpfeed. Publish realtime honeypot data visualization.