New KYE paper: Malicious Web Servers

Tuesday, August 14. 2007
The Honeynet Project & Research Alliance are excited to announce the release of a new paper in our Know Your Enemy series, "KYE: Malicious Web Servers". In this paper, we take an in-depth look at malicious web servers that attack web browsers, and we evaluate several defensive strategies that can be employed to counter this threat of client-side attacks. All the malicious web servers identified in this study were found with our client honeypot Capture-HPC.

Besides providing the information of this paper, we also publish the complete data set. We hope that Capture-HPC and the data enable the security community to easily become involved in studying the phenomenon of malicious servers.
Posted by Thorsten Holz in administrativa, honeynets, paper at 20:04 | Comments (0) | Trackbacks (0)

ArsGeek Review of "Virtual Honeypots"

Tuesday, August 7. 2007
virtual-honeypots
ArsGeek posted yesterday a review of the book by Niels and me:

Title: Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Author(s): Niels Provos & Thorsten Holz
ISBN10: 0-321-33632-1
ISBN13: 978-0-321-33632-1
Publisher: Addison-Wesley
Cost: $49.99
Format: Paperback, 440 pages.
Published: July 16, 2007

Here is a concise, step by step guide to creating virtual honeypots. Honeypots are sweetened servers or services made available to the public where those seeking to compromise systems (either bots, malware or actual human beings taking a gander) can find vulnerabilities and then exploit them. Honeypots serve to either track and collect information about such attacks or serve as literal traps, netting the bad guys and tracing back to their origins.

Topics in the book range from full fledged virtual OS instances to attract malware and wrongdoers, creating low interaction honeypots to simulate single instances of vulnerabilities (rather than an entire system to compromise) to using various pre-packed tools to attract and trap malware, bots and hackers.

Continue reading "ArsGeek Review of "Virtual Honeypots""

Posted by Thorsten Holz in administrativa, virtual-honeypots at 14:41 | Comments (2) | Trackbacks (0)

WOOT'07

Monday, August 6. 2007
The First USENIX Workshop on Offensive Technologies (WOOT '07) takes place today and the workshop has a really nice schedule.This is the first workshop I am aware of that deals with mostly offensive techniques - good to see that also this field now has its own workshop :)
Posted by Thorsten Holz in administrativa at 19:58 | Comments (0) | Trackbacks (0)
(Page 1 of 1, totaling 3 entries)