- About us
- Code of Conduct
- Google SoC
- Recent posts
- Security Workshops
Wed 9 April 2014 : : FIRST.org joins the 2014 workshop Sponsorship team
The honeynet project is proud to announce that the annual workshop in Warsaw will be sponsored by FIRST.org! The Forum of Incident Response and Security Teams (FIRST www.first.org ) is the premier organization and recognized global leader in incident response. Membership in FIRST enables incident response teams to more effectively respond to security incidents reactive as well as proactive. FIRST brings together a variety of computer security incident response teams from government, commercial, and educational organizations. FIRST aims to foster cooperation and coordination in incident prevention, to stimulate rapid reaction to incidents, and to promote information sharing among members and the community at large.
Lukas Rist (@glaslos) is a software engineer with Blue Coat Norway where he develops behavioral malware analysis systems. In his spare time, he creates web application and ICS/SCADA honeypots and botnet monitoring tools under the umbrella of the Honeynet Project. He recently developed an interest in industrial security and automated SQL statement classification. He will be giving a live demo on Conpot at the upcoming The Honeynet Project workshop in Warsaw, on May 13. Here are his answers to our questions: keep reading to get to know a bit more about him.
Maximilian Hils (@maximilianhils) is a student of Information Systems at WWU Münster, Germany. He is one of the two core developers of mitmproxy, on which he started to work on during his Honeynet Google Summer of Code project in 2012. In his spare time, he develops web applications and slays SSL dragons whereever he finds them. Recently, he developed an interest in Cloud Storage Security and Security Usability. He will be giving a live demo about "slaying SSL dragons with mitmproxy" at the upcoming annual The Honeynet Project workshop in Warsaw on May 13. Here you have a nice way to discover something more about him and his work.
Sebastian Pöplau (@poeplau) is the lead developer of the Ghost USB Honeypot, a detection system for USB malware. He is an IT security enthusiast and a full member of the Honeynet Project. He has studied in Bonn, Germany, and Santa Barbara, CA, and works with Lastline. He will be giving a live demo about code-loading techniques on Android during the annual The Honeynet Project Workshop in Warsaw on May 12. Here you have a good chance to get to know him a bit more.
The Honeynet Project will offer 4 world-class training courses for the 2014 workshop. The topics are as follows:
1. Understanding and Mitigating Botnets by Tillmann Werner: Tillmann is a specialist in botnet takeover. His talk will take the form of a comprehensive class beginning with botnet architecture introduction, ranging from old-school centralized IRC botnets to advanced P2P botnets. Learn, using hands-on exercises, the techniques used in modern botnets to improve resilience and discussed strategies to take them down.
Over the past five years, The Honeynet Project has been had the pleasure of mentoring over 70 lucky bachelors, masters and PhD students from all over the world through Google Summer of Code (GSoC), Google's ongoing programme of support for international students working on free open source software (FOSS). Together we have worked on a large number of information security tools, including some that have gone on to be the leading examples of tools in their chosen field.
In this post I will analyze the Android APK files that my friend Pietro Delsante from the Honeynet Project Sysenter Chapter talks about in his previous post (thank you Pietro). The files are all named "video.apk" and these are the MD5 and SHA256 hashes:
Pietro wrote a nice post about him finding Android malware while visiting the theatre. Thanks to Thug (thank you Angelo) and HoneyProxy, he was able to get some interesting details about their infrastructure. I was curious what kind of malware you find in a theatre, so I quickly looked at one of the samples that he mentioned: f6ad9ced69913916038f5bb94433848d.
Some nights ago I was heading to a local theater with some (non-nerd) friends. We did not recall very well the address, so I brought out my phone (LG Nexus 4 with Android 4.4.2 and Google Chrome) and googled for it. I found the theater's official site and started looking for the contact info, when Chrome suddenly opened a popup window pointing me to a Russian web site (novostivkontakte.ru) urging me to update my Flash Player. I laughed loudly and showed them to my (again, totally non-nerd) friends saying that the site had been owned. One of them went on and opened the site with her own phone (Samsung Galaxy S Advance with Android 4.4.1 and the default Android WebKit browser). To make a long story short, after a few instants her phone was downloading a file without even asking her for confirmation. So: Chrome on my Nexus 4 was using social engineering to have me click on a link and manually download the file; Android's WebKit on her Galaxy S Advance was instead downloading the file straight away: interesting! However, we were a bit late and we had to run for the comedy, so I did not even bother to see what the heck she had downloaded, I only made sure she hadn't opened it. I thought it was just the usual exploit kit trying to infect PCs by serving fake Flash Player updates, seen tons of those. While waiting for the comedy to begin, I quickly submitted the compromised site to three different services, the first three ones that came to my mind: HoneyProxy Client, Wepawet and Unmask Parasites, then turned off my phone and enjoyed the show.
The Honeynet Project would like to cordially invite you to attend the 2014 Honeynet Project Security Workshop , held in Adgar Plaza Conference Center in Warsaw, Poland from 12-14 May 2014. The workshop is organized by The Honeynet Project and coordinating with CERT Polska under NASK. Interested in sponsoring the workshop, download the workshop brochure now !