Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Italian Honeynet Chapter Status Report. Agenda The Italian HP chapter Goals achieved Ongoing progress Expected goals 3D-Problems Conclusion.

Published byMorgan Clark Modified over 8 years ago

Similar presentations

Presentation on theme: "The Italian Honeynet Chapter Status Report. Agenda The Italian HP chapter Goals achieved Ongoing progress Expected goals 3D-Problems Conclusion."— Presentation transcript:

1 The Italian Honeynet Chapter Status Report

2 Agenda The Italian HP chapter Goals achieved Ongoing progress Expected goals 3D-Problems Conclusion

3 The Italian HP Chapter Founded in 2009 Built around the Dorothy project – A framework for tracking botnets Currently composed by 4 volounteers – Marco Riccardi : R&D Researcher @ Barcelona Digital – Marco Cremonini : Assistant Professor @ University of Milan – Davide Cavalca : Information Security Advisor, Freelancer – Luigi D’Amato : CTO @ Partner Security Lab / Member @ Zone-H

4 Goals achieved during 2010

5 Goals achieved 1/3 Java Dorothy Drone Improvement (JDrone) – Tool for (IRC) botnet infiltration – Totally rewritten in Java totally multiplatform – yes, even on windows! – Distribuited infrastructure Distribuited drone instances One central Log Server One Authentication server

6 The JDrone how does it work?

7 C&C #1 C&C #2 JD-Drone Authentication Server JDDrone Log Server C&CIP: 11.11.11.11:666 6 Command#1 Command#2 Command#3 C&CIP: 11.11.11.11:666 6 Command#1 Command#2 Command#3 C&CIP: 11.11.11.11:666 6 Command#1 Command#2 Command#3 C&CIP: 11.11.11.11:666 6 Command#1 Command#2 Command#3 JD-Drone Dorthy Web GUI

8 Goals achieved 2/3 Relationship formed – Telecom Italia, Security Lab (Honeypot implementation, knoledge sharing) – Barcelona Digital (Server hosting, knowledge sharing) Graduating student support – Five graduating students of the University of Milan (DTI) are currently doing their final Thesis on Dorothy related sub-projects. The JDrone Project - Patrizia Martemucci, Andrea Cavenago Botnet Protocol Analysis - Marco Addario – 04/2011 Zeus analysis/detection module - Giampaolo Dedola – 02/2011 Low-Interaction Honeypot Implementation - Stefano Fornara – Stage in Telecom Italia Labs – 04/2011

9 Goals achieved 3/3 Attended confereces – Italian Security Summit 2010, Milan, IT – inBot 2010, Bonn, DE – APWG 2010, Dallas, USA* (paper presented) Two IEEE publications – “The Dorothy Project: An Open Botnet Analysis Framework for Automatic Tracking and Activity Visualization” - Cremonini M., Riccardi M. – “A framework for financial botnet analysis” - Riccardi M., Cremonini M., Oro D.,Vilanova M., Luna J. Awards: Second placed at “Best italian thesis on information security” Clusit 2010 “IEEE eCrime Fighters Scholarship Award”, APWG 2010* *Paper presented by Barcelona Digital. However the proposed system heavly relies on a customized version of Dorothy.

10 Ongoing progress

11 Ongoing progress 1/2 Porting to Ruby – (+ Rails...I wish..) Porting the virtualization module to VMWare ESXi Testing the first beta of the JDrone – any volounteers for betatesting? Compatibility with HTTP botnets (Zeus+SpyEye as first) – For Zeus 1.x almost done

12 Ongoing progress 2/2 Database migration to Postgres - almost done Improving visualization techniques (FlashCharts) – almost done Improving the Web GUI – Improving “real time” data visualization (AJAX) – Improving its interactiveness –...still waiting to kick off this task 

13 Future Goals “ What are we going to do tonight, Brain?”

14 Tactical goals Tool improvements – Implement the new Dorothy framework Finish the database implementation Finish the ruby porting phase Finish the new visualization module Execute Dorothy 24hx7d – Relase the first beta of the JDRONE Honeypot Implementation – Implement at least 10 new low interaction honeypots (dionaea+mwcollectd) among USA, EU, ASIA

15 Strategic goals Presentations 2011 – Honeynet Project Annual workshop – Paris (Done! ) Presentation about the JDRone as soon as a stable version is relased …as more than possible! Publications One about data gathered from the new version of the framework (JDrone included) ….others will depend on the development progress Improve relationships Italian/Spanish universities Italian/Spanish CERTS Italian/Spanish LEAs

16 3D-Problems

17 – Resources($) Dorothy needs a big server for its malware analysis module – After 3 years, finally we found it! – Time (dT) The big majority of the people involved are currently working for private companies (even the graduating students)... The whole project is totally developed during spare time (very low!)  – Space (dS) 4 members, 4 cities, 4 companies, 3 countries Coordination lack Slow development 

18 Conclusion Almost two years of development – So far so good… Ongoing work – Dorothy improvement, second version close to be relased Expectations – Clear and concrete goals Problems – Our 3D problem vision

19 Lets - Demo! The Dorothy WGUI The JDRone

20 Questions?

21 Thank you marco riccardi – marco.riccardi@honeynet.it – mriccardi@bdigital.org – skype: m4rco- Website: – www.honeynet.it

Download ppt "The Italian Honeynet Chapter Status Report. Agenda The Italian HP chapter Goals achieved Ongoing progress Expected goals 3D-Problems Conclusion."

Similar presentations

CRM project. Agenda Introduction About Project Modules.

CRM project. Agenda Introduction About Project Modules.
WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
MIGRATION MIGR-09. How to Run Your Next Implementation... Don't Let It Run You! Patricia Johnson Senior Systems Consultant Strategic Systems Group, Inc.

MIGRATION MIGR-09. How to Run Your Next Implementation... Don't Let It Run You! Patricia Johnson Senior Systems Consultant Strategic Systems Group, Inc.
This project is funded by the EUAnd implemented by a consortium led by MWH Amman – 23 April 2012 RCBI ‘handover’ meeting Jordan.

This project is funded by the EUAnd implemented by a consortium led by MWH Amman – 23 April 2012 RCBI ‘handover’ meeting Jordan.
BalaBit Shell Control Box

BalaBit Shell Control Box
A COMMON AGENDA FOR INTEGRATION

A COMMON AGENDA FOR INTEGRATION
SmartER Semantic Cloud Sevices Karuna P Joshi University of Maryland, Baltimore County Advisors: Dr. Tim Finin, Dr. Yelena Yesha.

SmartER Semantic Cloud Sevices Karuna P Joshi University of Maryland, Baltimore County Advisors: Dr. Tim Finin, Dr. Yelena Yesha.
ICT and Civil ProtectionSenigallia, 18-19 June 2007 A Service-Oriented Middleware for EU Civil Protection cooperation Regione Marche.

ICT and Civil ProtectionSenigallia, June 2007 A Service-Oriented Middleware for EU Civil Protection cooperation Regione Marche.
Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.

Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.
Chapter 9: Moving to Design

Chapter 9: Moving to Design
IN THE NEW PARADIGMS OF BUSINESS MANAGEMENT. ENTERPRISE RESOURCE PLANNING What is ERP? Business Challenges Today Why purchase an ERP solution ? Intway.

IN THE NEW PARADIGMS OF BUSINESS MANAGEMENT. ENTERPRISE RESOURCE PLANNING What is ERP? Business Challenges Today Why purchase an ERP solution ? Intway.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Administering Your.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Administering Your.
ESSnet on SDMX phase II Dario Camol

ESSnet on SDMX phase II Dario Camol
1 Lal Shanker Ghimire Joint Secretary FACD, Ministry of Finance Joint Evaluation in Nepal: Experience Sharing from the Paris Declaration Evaluation.

1 Lal Shanker Ghimire Joint Secretary FACD, Ministry of Finance Joint Evaluation in Nepal: Experience Sharing from the Paris Declaration Evaluation.
Web Project Methodology Move It Up Marketing Web Project Methodology in six steps to ensure quality and efficient projects.

Web Project Methodology Move It Up Marketing Web Project Methodology in six steps to ensure quality and efficient projects.
“”Capacity and services to road users” Task descriptions Paul van der Kroon, Paris November 2005.

“”Capacity and services to road users” Task descriptions Paul van der Kroon, Paris November 2005.
Introduction to Honeypot, Botnet, and Security Measurement

Introduction to Honeypot, Botnet, and Security Measurement
Systems Design. Systems Design Skills People skill (25%) - Listening, understanding others, understanding between two lines, conflict resolution, handling.

Systems Design. Systems Design Skills People skill (25%) - Listening, understanding others, understanding between two lines, conflict resolution, handling.
EPM Live – Positioning for Enterprise Project Management Presented by: Sasha Lomas, PMP ASL InfoTech inc. March 3, 2010.

EPM Live – Positioning for Enterprise Project Management Presented by: Sasha Lomas, PMP ASL InfoTech inc. March 3, 2010.
Lixin Tao, Li-Chiou Chen & Chienting Lin Pace University

Lixin Tao, Li-Chiou Chen & Chienting Lin Pace University

Similar presentations

Ads by Google