July 9, 2018 (Monday)
These are the scheduled briefings of the The Honeynet Project Workshop 2018.
| Time | Title | Abstract | Speaker |
|---|---|---|---|
| 08:00 - 09:00 | Registration | ||
| 09:00 - 09:20 | Welcome to Taiwan from CSA and Taiwan Chapter | Yi-Lang Tsai | |
| 09:20 - 09:40 | Honeynet Project CEO opening talk | Introduction to The Honeynet Project and Trends in Honeypots Technology | Faiz Shuja |
| 09:40 - 10:00 | A generic approach to low interaction server honeypots | In this talk we are presenting a generic approach to server side honeypots. Our solution provides an easy way to handle arbitrary traffic, get insight into novel attack vectors and provides a platform for more advanced interactions. | Lukas Rist |
| 10:00 - 10:20 | Google Summer of Code Research and Development at the Honeynet Project | Since 2009, Google has sponsored students to work on security tools and research at the Honeynet Project. In this session, Max will briefly explain the Google Summer of Code program and show recent achievements. Finally, we discuss how you can get involved and work with students on cutting-edge research! | Maximilian Hils |
| 10:20 - 10:40 | Break | ||
| 10:40 - 11:20 | T-Pot, PEBA, Sicherheitstacho – Fighting evil forces by running a large scale honeypot installation | Deutsche Telekom AG is running one of the bigger honeypot networks globally. In this talk the developers (T-Pot, backend, ...) will share their experiences over the past years. | Marco Ochse & Markus Schmall |
| 11:20 - 11:40 | Writing honeypots in a snap of fingers | This talk will share how anyone can reliably create a network based honeypot. As protocols can vary, a lot of work is redundant anytime one want to start a new honeypot for a particular use case. How about reusing work already done and just add the things that are specific to what you need? | Sebastien Tricaud |
| 11:40 - 12:20 | honeyTLS: Profiling and Clustering SSL/TLS Scans with JA3 | Identifying groups of attackers with similar tools or behaviors is useful for profiling and discovering the connections between them. This talk will explore how I collect JA3, a SSL/TLS client fingerprint, to profile attackers and internet-wide SSL/TLS scans. The talk will provide some interesting observations and probably the first identified attempt to evade JA3! | Adel Karimi |
| 12:20 - 13:30 | Lunch Break | ||
| 13:30 - 13:50 | Honeypots for employee information security awareness and education training | Based on the publication Honeypots for employee information security awareness and education training: A conceptual EASY training model (reference: https://arxiv.org/abs/1706.08043) This talk explore how honeypot can be used in employee information security awareness and education training. | Christopher Lek |
| 13:50 - 14:30 | Cybercriminals, TCOs and Facilitating Access to Weapons of Mass Destruction | Transnational criminal organizations (TCOs) have been making connections with the cybercrime community. This talk examines a particular national security threat–the synergy between TCOs and cybercriminals in obtaining knowledge and materials of weapons of mass destruction. This talk discusses these issues in my latest book chapter in the recent book The Handbook of Technology, Crime and Justice. | Max Kilger |
| 14:30 - 15:10 | Proactive Honeypoting: Real-time monitoring of Necurs botnet | What could be more fun that pro-active interactive honeypots? In this presentation, the researchers will share their experience and findings on proactively interacting with one of the largest SPAM botnets. This unique ability gave the researchers a unique insight on inner workings of the Necurs botnet, including the distribution, conducted operations, node software updates and targets as well as some of the interesting insights from day-to-day ops of the botnet herders. | Rubio Wu & Anita Hsieh |
| 15:10 - 15:30 | Tea Break | ||
| 15:30 - 15:50 | IoT Army — Poking Botnets with a Honeypot | Internet of Things attacks on the rise. In this session, we will share interesting stories about battling IoT Botnets with a home-based honeypot. With the mark and stains, we traced the attacks to different bot herders behind the scene, discovered interesting command and control interfaces and leak of source code file. We observed sneaky evasive tricks, funny commands, mis-configured Botnet, etc. | Tan Kean Siong |
| 15:50 - 16:10 | Development of Honeynet Projects in APCERT | APCERT, which is the largest international CERT organization in Asia Pacific region, has a vision to create a safe, clean and reliable cyber space in the Asia Pacific region through global collaboration. To achieve the goal, APCERT initialed numerous working groups to develop the ability within CERTs. TSUBAME WG and Malware Mitigation WG are working groups which deployed honeypot in APCERT member’s country. The two WGs focus on different perspective, but both of them help to find the potential or existed threats of the region. In this presentation, a brief introduction and the achievement of the WGs will be introduced. | Lo Wen-Ling |
| 16:10 - 16:50 | The Application of Physical and Low-interaction Honeypot | Nowadays, hackers combine many existing network scanning services (such as Shodan) with reconnaissance stage. New-style cyber-attacks become more difficult to be trapped. The low-interaction honeypot can trap a large scale of attacks in safe but the detailed information in advanced attacks. Therefore, we have designed and deployed a physical honeypot to overcome the disadvantages of low-interaction honeypots. In this talk, we will discuss (1) physical honeypot access control, and (2) correlated data analysis with the low-interaction honeypot, finally (3) a case study in physical honeypot. | Cheng Yi Lin & Chia Hung Lin |
| 16:50 - 17:00 | Closing remarks | Yi-Lang Tsai |