< Potemkin Honeyfarm System | Automatically Analyzing Malware >

EUSecWest: Security Masters Dojo on Honeynets

An announcement from me: Maximillian Dornseif and I will teach a security masters dojo entitled Advanced Honeypot Tactics during EUSecWest in February. In this one day seminar we will focus on low-interaction honeynets: Maximillian will talk about honeyd and its uses, and I will teach you how to use nepenthes / mwcollect. Moreover, we show how honeypots can be used to protect the infrastructure of a company and several other applied techniques. The seminar will be a hands-on course with lots of exercises. The planned schedule for the course is the following:


  • honeyd

    • workings of honyd
    • routing traffic to honeyd
    • simulation

      • simulation tcp/ip stacks
      • simulation of network infrastructure
      • simulation of applications
      • advanced honeyd configuration

    • centralized data collection with honeyd

      • traditional methods
      • honeyd collectorr/mustard

    • writing honeyd plugins
    • honeyd to protect cooperate infrastructure

  • Collecting malware with honeypots

    • Techniques used
    • mwcollect / nepenthes

      • How they work
      • Writing own modules
      • Analyzing the received shellcodes
      • Analyzing the captured binaries
      • How to protect your infrastructure

    • Results

  • Bots/Botnets

    • Intro to bots and demo
    • Reverse engineering of bot

      • Basic techniques
      • Sandboxes
      • Ollydbg and/or IDA


  • Botnet 101

    • How they work
    • What you need to know
    • Observing them
    • Live botnet observation


This entry was posted by Thorsten Holz on Friday, January 13. 2006 at 07:13. and is filed under administrativa. You can leave a response, or trackback from your own blog.

Trackbacks

Trackback specific URI for this entry

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

    No comments


Add Comment


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA