Honey Inspector Mike Clark Honeynet Project. Honeynet Inspector Background.
Charles Lim - Honeynet Indonesia Chapter
-
Upload
indonesia-honeynet-chapter -
Category
Technology
-
view
651 -
download
0
description
Transcript of Charles Lim - Honeynet Indonesia Chapter
Honeynet Indonesia ChapterHoneynet – Indonesia Chapter
Honeynet Seminar & Workshop Honeynet Seminar & Workshop Jakarta, 18 June 2013
Agenda• Introduction to HoneynetIntroduction to Honeynet• Introduction to Honeynet - Indonesia
ChapterChapter• What’s Up?
Wh t’ N t?• What’s Next?• About the Workshop• Conclusion
THANK YOU – SOLD OUT
THANK YOU
• To the Ministry of Communication and Informatics, especially Directorate Information SecuritySecurity
• To Swiss German University team, support toTo Swiss German University team, support to organize and make this event possible
• To all the speakers and sponsors
T ll d h f h• To all attendees that come for these events
Introduction to The Honeynet Introduction to The Honeynet Project
• Volunteer open source computer security research organization since 1999 (US 501c3
fit)non-profit)
Mi i ¨l th t l t ti d ti• Mission: ¨learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned¨ -share the lessons learned -http://www.honeynet.org
Introduction to The Honeynet Introduction to The Honeynet Project
Introduction to The Honeynet Introduction to The Honeynet Project
• Goal: Improve security of Internet at no cost to the public
• Awareness: Raise awareness of the threats th t i tthat exist
• Information: For those already aware, teach and inform about latest threatsand inform about latest threats
• Research: Give organizations the capabilities to learn more on their own
Introduction to The Honeynet Introduction to The Honeynet Project
• Global membership of volunteers with diverse• Global membership of volunteers with diverse skills and experiences
• Deploys networks of computer systems around the p y p yworld with the explicit intention of being hacked
• Share all of our tools, research and findings, at no t t th blicost to the public
• Members release regular activity status reports¨K Y E ¨ (KYE) hit l l• Know Your Enemy (KYE) white papers regularly published on current research topics
• Committed to open source and creative commonsCommitted to open source and creative commons• Partially funded by sponsors, nothing to sell!
Introduction to The Honeynet Introduction to The Honeynet Project
Brief Introduction to The Brief Introduction to The Honeynet Project
46 Chapters and 28 countries
Brief Introduction to The Honeynet Project
Honeynet Workshop 2013 @ The Address Dubai
Brief Introduction to The Honeynet Project
Honeynet Workshop 2012 @ Facebook HQ
Indonesia Chapter• 25 November 2011, about 15
people from academia, security professionals and government made the declaration duringmade the declaration during our yearly malware workshop at SGU (Swiss German University)University)
• 19 January 2012 accepted as part of Honeynet Chapterp y p
• Members: 70 (today)
Indonesia Chapter
• Indonesia Honeynet Project
• Id_honeynet
• http://www.honeynet.or.id
htt // l / /id h t• http://groups.google.com/group/id-honeynet
Introduction to The Honeynet Introduction to The Honeynet Project
Introduction to The Honeynet Introduction to The Honeynet Project
Indonesia Honeynet ProjectIndonesia Honeynet ProjectSeminar & Workshop
Honeynet Workshop 5-6 Juni 2012, Jakarta
Indonesia Honeynet ProjectIndonesia Honeynet ProjectSeminar & Workshop
Honeynet Workshop 20 Nop 2012, Surabaya
How we start?
• Four students of SGU in 2010 wanted to• Four students of SGU in 2010 wanted to explore how to use Data Mining to understand Cyber Security Threats:y y• 2 students focusing on Malware Threats• 2 students focusing on Cyber Terrorismg y
• 1 Student SGU focused on capturing malware using Honeypots (Nepenthes)
• We also invited Malware Expert, Pak Aat to share his experience
Road Mapp
20
Randy Anthony-SGU-
Amien H Rosyandino-ID SIRTII-
Michael-SGU-
Stewart-SGU-
Glenn-SGU-
Mario-SGU-
Road Mapp
Mario-SGU-
Andrew-SGU-
Tommy-SGU-
21
Michael-SGU-
Stewart-SGU-
Glenn-SGU-
SGU Honeypots• SGU Honeypot Network Designyp g
Live Demo
SGU HoneypotSGU Honeypot
Live Demo
National Malware Monitoring
• Central Repository for Malware captured by all• Central Repository for Malware captured by all universities sensors in Indonesia that participatep p
Previous Works
• Nano PC with Atom processors• Nano PC with Atom processors• Price Rp 3 million
Work in Progress
• Raspberry PI• Raspberry PI• ARM processor• RAM 512 MB 8 GB SD Card• RAM 512 MB, 8 GB SD Card
• Push Protocol
What’s Next?• Call for more participation from universities• Call for more participation from universities,
industry and government
• Requirements:• A commitment from the top management• At least 1 public IP address to start• Willing to submit malware samples to central
repositoryrepository
• You will get:g• 1 Nano PC to be installed in your infra
Our Previous Dashboard
W b I t f (2013)Web Interface (2013)
Thanks to Jonathan & Tommy (SGU IT Batch 2011)
Web Interface (2013)
Thanks to Jonathan & Tommy (SGU IT Batch 2011)
Web Interface (2013)
Thanks to Jonathan & Tommy (SGU IT Batch 2011)
Web Interface (2013)Web Interface (2013)
Thanks to Jonathan & Tommy (SGU IT Batch 2011)
Web Interface (2013)Web Interface (2013)
Thanks to Jonathan & Tommy (SGU IT Batch 2011)
Web Interface (2013)Web Interface (2013)
Thanks to Jonathan & Tommy (SGU IT Batch 2011)
What’s Next?
• Improving Stats Reporting• Improving Stats Reporting
• Sharing malware and stats• Sharing malware and stats
Adding more honeypots such as honeytrap• Adding more honeypots such as honeytrap, Glastopf, Kippo, etc.
• All raspberry honeypots
• Data Cleansing and Clustering Data Mining
Last Year Workshop
• We have one track with morning session and• We have one track with morning session and afternoon session
• Morning Session – Dionaea & Malware Analysis
• Afternoon Session – Capture The Flag
This Year WorkshopWaktu Track #1 Track #2 Track #3
08:15 – 08:30 Registrasi & Persiapan Seminar
08:30 – 09:00 Kata Sambutan (Kementerian KOMINFO)
09:05 – 10:00 Honeypot – Dionaea (Charles & Mario) Malware Analysis (Ricky) Memory Forensic (Mada)
10:00 – 10:15 Break
10:15 – 12:30 Honeypot Back End (Mario) Malware Analysis (Ricky) Memory Forensic (Mada)
12:30 – 13:15 ISOMA
13:15 – 14:45 Honeypot – Glastopf, Kippo (Amien) Botnet (Charles) ACAD-CSIRT
(Mantra & Greg)
14:45 – 15:00 Break
15:00 – 16:30 Developing Malware Lab (Digit) Botnet (Charles) Android Forensic (Feri)
Track #1• Morning Session – Dionaeag
• Speaker: Charles Lim and Mario Marcello• How to setup and configure Dionaea• How to create stats report for the captured traffic
• Afternoon Session I• Speaker: Amien Harisen• How to setup and configure Kippo and Glastopf
• Afternoon Session II• Speaker: Digit Oktavianto• How to setup your own Malware Lab
Track #2• Morning Session – Malware Analysis
• Speaker: Ricky Prajoyo• How to perform Reverse Engineering• How to perform Analysis of executable malware
samples
• Afternoon Session – BotnetS k Ch l Li• Speaker: Charles Lim
• Understanding Botnets• Analyzing Botnet activities• Analyzing Botnet activities
Track #3• Morning Session – Memory Forensics
• Speaker: Mada R. Perdhana• How to perform Memory Forensics• Forensic Stuxnet Malware samples• Forensic Stuxnet Malware samples
• Afternoon Session I – Java SecurityAfternoon Session I Java Security• Speaker: Gregorius Hendy• Secure Coding using Java
• Afternoon Session II – Android Forensics• Speaker: Feri Lauw• How to Perform Android Forensics
Further Information
• The Honeynet Project (http://www.honeynet.org)
• Indonesia Honeynet Project (http://www.honeynet.or.id) ( p y )
• Swiss German University (http://www.sgu.ac.id) ( p g )
• My Blog (http://people.sgu.ac.id/charleslim) ( p //peop e sgu ac d/c a es )
Honeynet - Indonesia Chapter
• Indonesia Honeynet Project
• Id_honeynet
• http://www.honeynet.or.id
htt // l / /id h t• http://groups.google.com/group/id-honeynet
Questions ???