To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.

Blogs

WORKSHOP NEWS - May 12-14 in Warsaw, Poland

Wed 5 March 2014 : : APPLYING STUDENT SCHOLARSHIP NOW
As a part of our educational mission in the field of information security, the Honeynet Project will offer 5 free seats and additional 5 seats with 50% discount to excellent students who are studying in this field. Students that get the scholarship can attend the workshop Briefing and a Hands-on Training session for free or with a 50% discount. Scholarship is awarded on a first come, first served basis so contacting us now for further details. Mailto: events@honeynet.org

Tue 25 Feb 2014 : : SPONSORSHIP WANTED !
Downloading sponsorship brochure at http://warsaw2014.honeynet.org/images/sponsorshipdoc.pdf Sponsoring the workshop gives you a good opportunity to both meet top security researchers from all over the world and also be highly visible as a sponsor for efforts in promoting your brand. Interested in sponsorship, contact events@honeynet.org now !

Tue 18 Feb 2014 : : REGISTER FOR THE WORKSHOP NOW
Registration for the 2014 Honeynet Project Workshop is now open. The Workshop is a 3-day event that features 2 full days of briefing sessions along with live demonstrations and 1 full day of hands-on training sessions. Check out more details at http://warsaw2014.honeynet.org. Early bird registration rates is available from now to April 10th, 2014. SAVE MONEY, REGISTRATION NOW !

GSoC 2014 Mentoring Organization Applications

Over the past five years, The Honeynet Project has been had the pleasure of mentoring over 70 lucky bachelors, masters and PhD students from all over the world through Google Summer of Code (GSoC), Google's ongoing programme of support for international students working on free open source software (FOSS). Together we have worked on a large number of information security tools, including some that have gone on to be the leading examples of tools in their chosen field.

Malware-serving theaters for your android phones - Part 2

In this post I will analyze the Android APK files that my friend Pietro Delsante from the Honeynet Project Sysenter Chapter talks about in his previous post (thank you Pietro). The files are all named "video.apk" and these are the MD5 and SHA256 hashes:

Is Android malware served in theatres more sophisticated?

Pietro wrote a nice post about him finding Android malware while visiting the theatre. Thanks to Thug (thank you Angelo) and HoneyProxy, he was able to get some interesting details about their infrastructure. I was curious what kind of malware you find in a theatre, so I quickly looked at one of the samples that he mentioned: f6ad9ced69913916038f5bb94433848d.

Malware-serving theaters for your android phones - Part 1

Some nights ago I was heading to a local theater with some (non-nerd) friends. We did not recall very well the address, so I brought out my phone (LG Nexus 4 with Android 4.4.2 and Google Chrome) and googled for it. I found the theater's official site and started looking for the contact info, when Chrome suddenly opened a popup window pointing me to a Russian web site (novostivkontakte.ru) urging me to update my Flash Player. I laughed loudly and showed them to my (again, totally non-nerd) friends saying that the site had been owned. One of them went on and opened the site with her own phone (Samsung Galaxy S Advance with Android 4.4.1 and the default Android WebKit browser). To make a long story short, after a few instants her phone was downloading a file without even asking her for confirmation. So: Chrome on my Nexus 4 was using social engineering to have me click on a link and manually download the file; Android's WebKit on her Galaxy S Advance was instead downloading the file straight away: interesting! However, we were a bit late and we had to run for the comedy, so I did not even bother to see what the heck she had downloaded, I only made sure she hadn't opened it. I thought it was just the usual exploit kit trying to infect PCs by serving fake Flash Player updates, seen tons of those. While waiting for the comedy to begin, I quickly submitted the compromised site to three different services, the first three ones that came to my mind: HoneyProxy Client, Wepawet and Unmask Parasites, then turned off my phone and enjoyed the show.

2014 Honeynet Project Security Workshop in Warsaw!

The Honeynet Project would like to cordially invite you to attend the 2014 Honeynet Project Security Workshop , held in Adgar Plaza Conference Center in Warsaw, Poland from 12-14 May 2014. The workshop is organized by The Honeynet Project and coordinating with CERT Polska under NASK. Interested in sponsoring the workshop, download the workshop brochure now !

New project CEO

Last week it was announced that Angelo Dell'Aera is elected as our new CEO. Here is a brief description about Angelo.

Hide and go seek, not hide and go tweak

On July 31, 2013, Jason Geffner of CrowdStrike discussed a new tool called "Tortilla" that allows incident responders and computer security researchers to hide behind the Tor network as they poke and prod malicious software infrastructure. Were I there, I would have asked Jason this question: What things should I not do while using Tortilla, and why shouldn't I do them? I know Jason and respect his technical skills, but if he and CrowdStrike don't have a good answer, that will say a lot about our field's collective ability to reason about actions along the Active Response Continuum. [D. Dittrich and K. E. Himma. Active Response to Computer Intrusions. Chapter 182 in Vol. III, Handbook of Information Security, 2005. http://ssrn.com/abstract=790585.]

MalwareZ: visualizing malware activity on earth map

MalwareZ is a visualization project that is started as a YakindanEgitim (YE) project. YE is a startup that me and some collegues mentor young people on specific projects, remotely. It is announced as a local fork of Google Summer of Code, except neither mentors nor mentees are paid.

Gürcan Gerçek was the main developer for the MalwareZ project and my role was mentoring him.

Syndicate content