Tunisian (Saherhoneynet) Chapter Status Report For 2012
All team members belong to the staff of the National Agency for Computer Security and the Tunisian CERT; our chapter is opened for volunteers based on a special agreement, such as students, researchers, professional and partners.
List current chapter members and their activities:
- Hafidh EL Faleh Tunisian Honeynet chapter lead.Cyber early warning system Team Manager.
- Haythem EL MIR IT cyber-Security Consultant (Professional).
- Hassen Bahri tunCERT Manager
- Marwen Ben Rached Cyber early warning system team member – Programmer
- Jihene Ksiksi Cyber early warning system team member – Support
List changes in the structure:
- Tarek mouhamed CTO of NACS /tunCERT. (New members)
- Amine Rached CSIRT (incident team) manager. (New members)
- Amine Abid CSIRT (incident team) support. ( New members)
From the starting of the project, the team tried to be up-to-date in term of used technologies; they tested all detection and honyepotting tools and tried to choose the most reliable ones.
This a list current technology deployed:
- Honeynet Webviz
RESEARCH AND DEVELOPMENT
- Conception a tool for analyzing URL and binaries founded in SSH input using result of kippo ssh-honeypot.
Projects currently under research
IP Reputation Dadabase
- Designing and specifying a tool to interface with a lot of honeypot tools (dionaea, glastopf, kippo ..) and provide an update database to cheeck a reputation of any IP address related with her historic logs.
- Provide an web access (web services) to this tool, automatic getting Ip source and providing information related her reputation historic and sending necessary instructions for cleanning process.
- Create an updated list for malicious domains and hosts from malwares offred.
- Select Profile of equipments to generate ACL (Firewall, IDS/IPS, Proxy ..) .
- Designing and specifying techniques for black-list tool.
- Online sharing of black-list.
- HP Workshop 2012: Tunisian Chapter Update:
- ITU Regional Workshop on “IMPACT Alert - Cyber Drill for Partner Countries”, Amman-Jordan, 15-17 July 2012
The National Platform for Tracking Cyber Attacks "SAHER"
List possibilities to interact with Tunisian Chapter
chapter page :http://www.honeynet.org/chapters/tunisian
The main goals of Saher-HoneyNet are:
- Detecting malicious activities and reporting to the relevant parties; by deploying a network of honeypot sensors and setting up secure communication channel for reporting.
- Providing assistance to the Tunisian users to clean their infected computers by providing all technical resources, online assistance and even on-site assistance in coordination with the incident response team of the tunCERT.
- Providing technical materials for the awareness activity in order to educate the national community on malware threat and how the mitigate infections.
- Providing data and technical resources for the research activities in collaboration with universities.
- Developing technical guides for malware analysis, detection technologies and best practices to mitigate malware infections in coordination with the malware research centre of tunCERT.
- Coordinating with international security networks to share information related to malicious activities.
Supervision of trainees for students in universities:
- Final project: solutions to detect viral attacks (Honeynet).
- Final project: Development of a generation blacklist console.
- Traineeship: deployment of sandbox platform..