Carl Pulley, a loyal follower of our Forensic Challenges, has written up an analysis on how could one determine the Apache version that generated the logs. His analysis can be found at http://acme-labs.org.uk/news/2011/01/20/apache2-version-analysis/ and http://acme-labs.org.uk/news/2011/01/21/apache2-version-analysis-data-visualisation/. Check it out!
Folks, holiday greetings from forensic challenge headquarter in Seattle. Mahmud and Ahmad from the Malaysian Chapter have judged all submissions and results have been posted on the challenge web site. The winners are:
Vos from Russia with perfect score! Codrut from Romania Mike from Canada Congratulations!
We received a total of 21 submissions and they were very competitive. The top three submissions came within a point of a perfect score and Vos from Russia actually received a perfect score.
The deadline for the Forensic Challenge 2010/5 - Log Mysteries is quickly approaching. It seems like this challenge is a hard nut to crack as we only received a few submissions so far. If you like a challenge, give it a try. The deadline is September 30th 2010. You can access the challenge at https://honeynet.org/challenges/2010_5_log_mysteries. Did I mention there are prizes?
The 4th Forensic Challenge on VoIP has come to an end. We had a total of 21 submissions with several submissions from Chinese speakers which has been made possible by Julia, Jianwei and Roland from the Chinese speaking chapters.
The winners of the 4th Forensic Challenge 2010 VoIP are:
Franck Guenichot (France) Fabio Panigatti (Italy) Shaun Zinck (USA) We have posted their submissions onto the challenge web site so you can see what top notch submissions they provided.
Folks, the submission deadline for our Forensic Challenge 4 - VoIP is quickly approaching. The deadline is this Wednesday and so you have another 4 days to submit your solution.
The challenge is quite different than our previous challenges. It was provided by Ben Reardon from the Australian and Sjur Eivind Usken from Norwegian Chapter - and takes you into the realm of voice communication on the Internet. Thanks to our Chinese speaking chapters, it is also available in simplified Chinese and traditional Chinese.
The Honeynet Project 是一個國際知名的開源資訊安全研究團隊,致力於提升Internet的安全。鑑識分析挑戰(Forensic Challenge)是 The Honeynet Project 向安全社區推出的一個重要專案,其目的是讓安全社區有機會能夠分析從 Internet 上捕獲的實際攻擊並分享他們的調查結果,通過參與鑑識分析挑戰,安全人士和團隊不僅可以瞭解最新的 Internet 安全威脅,也能學習到如何對它們進行分析,更好的是,他們還可以從其他提交者的分析結果和過程中,學習到分析攻擊的新工具和新技術。而最好的是,鑑識分析挑戰中的攻擊都是在我們的成員從 Internet 上野外捕獲到的真實攻擊。
The Honeynet Project 在幾年前成功舉辦Scan of the month 鑑識分析挑戰之後,在2010年開始重啟鑑識分析挑戰項 目,將包含對最新的作業系統和服務的伺服器端攻擊、用戶端攻擊、VoIP攻擊、Web應用攻擊等一系列的攻擊場景。鑑識分析挑戰歡迎安全社區人士積極參與,並將對最好的3個提交解答送出獎品。 我們的成員也將提供一份解答樣例,以公開的最新工具來分析挑戰內容。
然而可能由於語言壁壘的問題,華語世界安全社區很少參與到 The Honeynet Project 的鑑識分析挑戰中。在墨西哥的 The Honeynet Project 年會之後,我們來自華語世界的分支團隊(臺灣團隊的Julia Cheng,中國大陸團隊的諸葛建偉,香港團隊的Roland Cheung,新加坡團隊的Eugene Teo)將聯合推出The Honeynet Project鑑識分析挑戰中文版,與英文版採用同樣的時間安排並行,提供簡體中文版和繁體中文版的鑑識分析挑戰內容,也將接受以中文撰寫的提交解答(當然我們還是推薦華語世界的安全人士用英語參與 The Honeynet Project 鑑識分析挑戰),對中文提交的解答,我們也將評出最佳解答, 並提供獎勵。我們希望借此機會讓華語世界的安全人士更積極的參與 The Honeynet Project 以及世界開源安全社區的活動,獲得更多的收穫。
2010 年第四次挑戰(中文版的第一次)已於6月1日在我們的鑑識分析挑戰網站上發佈,我們將有1個月的時間接受提交解答,提交截止時間為香港時間 2010年6月30日23:59。我們預計將在2010年7月21日發佈結果,The Honeynet Project 將對最好的3個英文提交解答進行獎勵,也將對最好的中文提交解答進行獎勵。
期待香港及華語世界的人士參與,謝謝!
Folks, the submission deadline for the Forensic Challenge 3 – “Banking Troubles” has passed. We have received 22 submissions and will be announcing results on Wednesday, May 12th 2010. With the 3rd challenge coming to an end, we would love to get your feedback on the challenges: Which challenge did you enjoy in particular and why? Do you have any suggestions on how to improve the challenge? Is there a particular challenge you would like to see in the future?
Folks, we have decided to extend the submission deadline of the Forensic Challenge 2010/3 - “Banking Troubles” for another week (deadline is now April 26th 2010.) Seems like this challenge is a bit tougher and we would like to give you all the opportunity to submit your results. For those folks that have already submitted, you can resubmit via the web form in case you would like to make changes to your solution.
Challenge 3 of the Honeynet Project Forensic Challenge - titled “Banking Troubles” - is now online and we invite you to participate. Challenge 3 - provided by Josh Smith and Matt Cote from The Rochester Institute of Technology Chapter, Angelo Dell’Aera from the Italian Chapter and Nicolas Collery from the Singapore Chapter - is a bit different from our previous challenges in that we do not ask you to analyze a pcap network trace, but rather a memory image from a virtual machine.