1 / 21

The Italian Honeynet Chapter

The Italian Honeynet Chapter . Status Report. Agenda. The Italian HP chapter Goals achieved Ongoing progress Expected goals 3D-Problems Conclusion. The Italian HP Chapter. Founded in 2009 Built around the Dorothy project A framework for tracking botnets

xarles
Download Presentation

The Italian Honeynet Chapter

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Italian Honeynet Chapter Status Report

  2. Agenda • The Italian HP chapter • Goals achieved • Ongoing progress • Expected goals • 3D-Problems • Conclusion

  3. The Italian HP Chapter • Founded in 2009 • Built around the Dorothy project • A framework for tracking botnets • Currently composed by 4 volounteers • Marco Riccardi : R&D Researcher @ Barcelona Digital • Marco Cremonini : Assistant Professor @ University of Milan • Davide Cavalca : Information Security Advisor , Freelancer • Luigi D’Amato : CTO @ Partner Security Lab / Member @ Zone-H

  4. Goals achieved during 2010

  5. Goals achieved 1/3 • Java Dorothy Drone Improvement (JDrone) • Tool for (IRC) botnet infiltration • Totally rewritten in Java • totally multiplatform • yes, even on windows! • Distribuited infrastructure • Distribuited drone instances • One central Log Server • One Authentication server

  6. The JDrone • how does it work?

  7. C&C #2 C&C #1 C&CIP: 11.11.11.11:6666 Command#1 Command#2 Command#3 JD-Drone Authentication Server JD-Drone C&CIP: 11.11.11.11:6666 Command#1 Command#2 Command#3 JDDrone Log Server Dorthy Web GUI

  8. Goals achieved 2/3 • Relationshipformed • Telecom Italia, Security Lab (Honeypotimplementation,knoledge sharing) • Barcelona Digital (Server hosting, knowledgesharing) • Graduatingstudentsupport • Fivegraduatingstudents of the Universityof Milan (DTI) are currentlydoingtheir final Thesis on Dorothy related sub-projects. • The JDrone Project - Patrizia Martemucci, Andrea Cavenago • Botnet Protocol Analysis - Marco Addario – 04/2011 • Zeus analysis/detection module - Giampaolo Dedola – 02/2011 • Low-Interaction Honeypot Implementation - Stefano Fornara – Stage in Telecom Italia Labs – 04/2011

  9. Goals achieved 3/3 • Attended confereces • Italian Security Summit 2010, Milan, IT • inBot 2010, Bonn, DE • APWG 2010, Dallas, USA* (paper presented) • Two IEEE publications • “The Dorothy Project: An Open Botnet Analysis Framework for Automatic Tracking and Activity Visualization” - Cremonini M., Riccardi M. • “A framework for financial botnet analysis” - Riccardi M., Cremonini M., Oro D.,Vilanova M., Luna J. • Awards: • Second placed at “Best italian thesis on information security” Clusit 2010 • “IEEE eCrime Fighters Scholarship Award”, APWG 2010* *Paper presented by Barcelona Digital. However the proposed system heavly relies on a customized version of Dorothy.

  10. Ongoing progress

  11. Ongoing progress 1/2 • Porting to Ruby • (+ Rails ...I wish..) • Porting the virtualization module to VMWare ESXi • Testing the first beta of the JDrone • any volounteers for betatesting? • Compatibility with HTTP botnets (Zeus+SpyEye as first) – For Zeus 1.x almost done

  12. Ongoing progress 2/2 • Database migration to Postgres - almost done • Improving visualization techniques (FlashCharts) – almost done • Improving the Web GUI • Improving “real time” data visualization (AJAX) • Improving its interactiveness • ...still waiting to kick off this task 

  13. Future Goals “What are we going to do tonight, Brain?”

  14. Tactical goals • Tool improvements • Implement the new Dorothy framework • Finish the database implementation • Finish the ruby porting phase • Finish the new visualization module • Execute Dorothy 24hx7d • Relase the first beta of the JDRONE • Honeypot Implementation • Implement at least 10 new low interaction honeypots (dionaea+mwcollectd) among USA, EU, ASIA

  15. Strategic goals • Presentations • 2011 – Honeynet Project Annual workshop – Paris (Done!  ) • Presentation about the JDRone as soon as a stable version is relased • …as more than possible! • Publications • One about data gathered from the new version of the framework (JDrone included) • ….others will depend on the development progress • Improve relationships • Italian/Spanish universities • Italian/Spanish CERTS • Italian/Spanish LEAs

  16. 3D-Problems

  17. 3D-Problems • Resources($) • Dorothy needs a big server for its malware analysis module • After 3 years, finally we found it!  • Time (dT) • The big majority of the people involved are currently working for private companies (even the graduating students)... • The whole project is totally developed during spare time (very low!)  • Space (dS) • 4 members, 4 cities, 4 companies, 3 countries • Coordination lack Slow development 

  18. Conclusion • Almost two years of development • So far so good… • Ongoing work • Dorothy improvement, second version close to be relased • Expectations • Clear and concrete goals • Problems • Our 3D problem vision

  19. Lets - Demo! • The Dorothy WGUI • The JDRone

  20. Questions?

  21. Thank you • marco riccardi • marco.riccardi@honeynet.it • mriccardi@bdigital.org • skype: m4rco- • Website: • www.honeynet.it

More Related