This is a contribute by HoneyNED chapter from the Netherlands about all their 2017 activities.
As the end of the year has come, we from HoneyNED, the Dutch Honeynet chapter, want to share what has happened during the year. We have worked on several projects in the honey space and a few members represented our chapter at the annual Honeynet workshop hosted in Australia. In this post, we will discuss what honeypots have been deployed, what projects are in the pipeline and what will be the focus in 2018.
During the month of April the following information was obtained from Glastopf installations worldwide
Number of alert for the period: 1325919
Filenames (RFI) - 10 most common during the period:
Specifically newsworthy event: Ping back”
pingback.ping, which is a legit WordPress feature is misused to DoS victims using legit WordPress sites.
URL describing the issue: http://blog.sucuri.net/2014/03/more-than-162000-wordpress-sites-used-for-distributed- denial-of-service-attack.html
Method:
pingback.pinghttp://victim.com www.anywordpresssite.com/postchosenparam>' Extent:
We started monitoring this event, late into the month. But even so, the top 10 victim sites was hit with a total of 13441 requests.
ORGANIZATION
Active members: - Sébastien Tricaud - Guillaume Arcas - Anthony Desnos - Franck Guénichot - François-René Hamelin - Christophe Grenier
DEPLOYMENTS We have following technologies deployed:
- Kippo on honeycloud. Goal of this deployment is to provide a centralized instance of Kippo & share findings, logs, collected data. - HoneyProxy on honeycloud. - Honeeebox
RESEARCH AND DEVELOPMENT
* New tools => HoneyProxy as part of GSoC 2012. => FAUP (formerly furl) => OpenNormalizer => PhotoRec/TestDisk => A.
The UK Chapter’s annual status report for 2011/2012 has been published at http://www.ukhoneynet.org/2012/12/04/uk-honeynet-project-chapter-annual-status-report-for-20112012/.
ORGANIZATION
Faiz Ahmad Shuja is founder and chapter lead of Pakistan Chapter and an active member since 2003. He is responsible for the management and maintenance of HP infrastructure as Chief Infrastructure Officer.
Muhammad Omar Khan is an active member and assists in various Honeynet deployment efforts.
Rehan Ahmed is our active member. He assists in the management of Pakistan chapter and HP infrastructure.
Omar Khan has been involved in attacks analyses and reporting.
ORGANIZATION
Ahmad Alajail – Chapter Lead
Ahmad Hassan – Member
Anastasios Monachos - New Member
Andrew Marrington – New Member
Majid Al Ali - Member
DEPLOYMENTS
we have successfully change all of our distributed Honeypots from Nepenthes to Dionaea and upgrade our honeypharm with reporting mechanism and the additional information received from Dionaea.
RESEARCH AND DEVELOPMENT
As we reached end of 2012 we managed to upgrade our research lab with new hardware’s that can be used for the new projects.
ORGANIZATION Last year our chapter membership has gone through several changes: some members moved to new places and new positions and are no longer a part of the honeynet chapter, while others (Natalia Stakhanova) came back.
Our current members include Ali Ghorbani, Natalia Stakhanova, Hadi Shiravi (Unversity of New Brunswick) and Sami Guirguis (Toronto).
DEPLOYMENTS
We currently have deployed a cluster of server honeypots and SGNET sensor. Both are primarily used for capturing botnet network traffic.
Spartan Devils Chapter Status Report For 2012
ORGANIZATION
Our current membership includes: Gail Joon Ahn (Arizona State University) Tom Holt, (Michigan State University) Max Kilger, and Napoleon Paxton, We are also happy to report that we added Paul Neff to our roster in the last few months.
DEPLOYMENTS
In addition to all tools from honeynet site, we also installed Sandboxie on Vmware ESXi to automatically test malware and reset VMs.
ORGANIZATION
The Spanish Honeynet Project chapter primary areas of interest and development are wireless honeynets, web honeypots, data collecting and analyzing and research technical papers to inform the community. Our current members are:
Diego González, chapter lead, Telecommunications Engineer and IT Security Professional. Javier Fernández-Sanguino Peña, PhD in Telecommunications Engineering and project leader in Germinus XXI S.A. Raúl Siles, Masters degree in Computer Science, GSE and senior independent Security Consultant. Carlos Fragoso Mariscal, networking, systems and security engineer for Supercomputing Center of Catalonia.
=== ORGANIZATION ===
The Mexican HP Chapter members are:
Miguel Hernández y López (miguel_at_honeynet.org.mx)
Hugo Gonzalez Robledo (hugo_at_honeynet.org.mx)
=== DEPLOYMENTS ===
* Capture HP deployment and a nepenthes sensor in several networks.
* Working with different government agencies in Argentina to implement Nepenthes sensors and honeynets Nepenthes within their networks
* Implementation of several sensors and catch malware samples of many within the National Network for Electronic Banking
=== RESEARCH AND DEVELOPMENT ===