CanSecWest PWN2OWN 2008

Tuesday, March 18. 2008
Announcing CanSecWest PWN2OWN 2008.
===================================

Three targets, all patched. All in typical client configurations with typical user configurations. You hack it, you get to keep it.

Each has a file on them and it contains the instructions and how to claim the prize.

Targets (typical road-warrior clients):
  • VAIO VGN-TZ37CN running Ubuntu 7.10
  • Fujitsu U810 running Vista Ultimate SP1
  • MacBook Air running OSX 10.5.2

This year's contest will begin on March 26th, and go during the presentation hours and breaks of the conference until March 28th. The main purpose of this contest is to present new vulnerabilities in these systems so that the affected vendor(s) can address them. Participation is open to any registered attendee of CanSecWest 2008.
Posted by Thorsten Holz in administrativa at 09:18 | Comments (0) | Trackbacks (0)

Program for LEET'08 & Storm Paper

Tuesday, March 18. 2008
The tentative program for the First USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET'08) is now available.

We also have a paper accepted: "Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm"
We still need to revise the paper based on the reviewer's feedback, as a teaser the preliminary abstract:

"Botnets, i.e., networks of compromised machines under a common control infrastructure, are commonly controlled by an attacker with the help of a central server: all compromised machines connect to the central server and wait for commands.
However, the first botnets that use peer-to-peer (P2P) networks for remote control of the compromised machines appeared in the wild recently. In this paper, we introduce a methodology to analyze and mitigate P2P botnets. In a case study, we examine in detail the Storm Worm botnet, the most wide-spread P2P botnet currently propagating in the wild. We were able to infiltrate and analyze in-depth the botnet, which allows us to estimate the total number of compromised machines. Furthermore, we present two different ways to disrupt the communication channel between controller and compromised machines in order to mitigate the botnet and evaluate the effectiveness of these mechanisms."
Posted by Thorsten Holz in administrativa at 01:29 | Comments (0) | Trackbacks (0)

Call for Paper: EuroSec 2008

Friday, February 1. 2008
EuroSec is a new workshop associated with the Annual ACM SIGOPS EuroSys conference. The workshop aims to bring together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks. The focus of the workshop is on novel, practical, systems-oriented work.

EuroSec explicitly encourages members of the systems community to explore leading-edge topics and ideas before they are presented at a major conference. All submissions will be reviewed by the Program Committee. Only original, novel work will be considered for publication. Accepted papers will be published in the proceedings of EuroSec in the ACM Digital Library

You are hereby invited to submit papers of 6-8 single-spaced pages (including figures, tables and references). Font size should be 10pt.

Important Dates:
Deadline for paper submission: February 4th, 2008 (firm deadline)
Notification of acceptance or rejection: March 1st, 2008
Final paper camera ready copy: March 14th, 2008
Workshop dates: March 31st, 2008

You can find more information at http://www.cs.vu.nl/eurosec08/
Posted by Thorsten Holz in administrativa at 14:23 | Comments (0) | Trackbacks (0)

UCSB iCTF Results

Saturday, December 8. 2007
The 2007 UCSB International Capture The Flag contest finished a few minutes ago. The guys from the UCSB had organized an awesome contest with seven different services and many interesting challenges. The team from our lab had much fun and at the end, we scored second place - just the team from Milano (Chocolate Makers) beat us. Looking forward to next year's contest :-)

Info:
The UCSB International Capture The Flag (also known as the iCTF) is a distributed, wide-area security exercise, whose goal is to test the security skills of the participants from both the attack and defense viewpoints.

The Capture The Flag contest is a multi-site, multi-team hacking contest in which a number of teams compete independently against each other.

Each team is given a virtualized network installation (for example, a Linux host and/or a Windows host). The hosts provide a number of services. The services have a number of undisclosed vulnerabilities, which have been included in the servers' software by the contest organizers.

The goal of each team is to maintain the set of services available and uncompromised throughout the contest phase. Each team can (and should) attempt to compromise other teams' services. Since all the teams receive an identical copy of the virtual network, the task of each team is to find vulnerabilities in their copy of the hosts and possibly fix the vulnerabilities without disrupting the services. At the same time, the teams have to leverage their knowledge about the vulnerabilities they found to compromise the servers run by other teams. Compromising a service will allow a team to bypass the service's security mechanisms and to "capture the flag" associated with the service.

During the contest a scoring system keeps track, for each team, of which services are available, and which services have been compromised.

More info: http://www.cs.ucsb.edu/~vigna/CTF/
Posted by Thorsten Holz in administrativa at 02:28 | Comments (0) | Trackback (1)

Call for Paper: Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'08)

Sunday, December 2. 2007
The Call for Papers for the 5th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'08) is available since a couple of days. Since I am a member of the program committee, I would love to see some submission from the readers of my blog.

About the conference:
The annual DIMVA conference serves as a premier forum for advancing the state of the art in intrusion detection, malware detection, and vulnerability assessment. Each year DIMVA brings together international experts from academia, industry and government to present and discuss novel research in these areas. DIMVA is organized by the special interest group Security - Intrusion Detection and Response of the German Informatics Society (GI). In 2008, the conference takes place July 10-11th, 2008 in Paris, France.

DIMVA solicits submission of high-quality, original scientific work. This year we invite two types of paper submissions:
  • Full papers, presenting novel and mature research results. Full papers are limited to 20 pages, prepared according to the instructions provided below. They will be reviewed by the program committee, and papers accepted for presentation at the conference will be included in the proceedings.

  • Short papers (extended abstracts), presenting original, still ongoing work that has not yet reached the maturity required for a full paper. Short papers are limited to 10 pages, prepared according to the instructions provided below. They will also be reviewed by the program committee, and papers accepted for presentation at the conference will be included in the proceedings (containing Extended Abstract in the title).

Important Dates:
Deadline for paper submission: February 4th, 2008 (firm deadline)
Notification of acceptance or rejection: April 8th, 2008
Final paper camera ready copy: April 25th, 2008
Conference dates: July 10-11th, 2008

Full Call for Papers is available at http://www.dimva2008.org/cfp2008.html
Posted by Thorsten Holz in administrativa at 11:53 | Comments (0) | Trackbacks (0)

Network Visualization

Friday, November 30. 2007
Best comic of the year related to my previous post and worm visualization in general: http://xkcd.com/350/

Posted by Thorsten Holz in administrativa at 11:26 | Comments (3) | Trackback (1)

Call for Paper: 1st Workshop on Large-scale Exploits and Emergent Threats (LEET '08)

Monday, November 5. 2007
The Call for Papers for the First USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET '08) is available since a couple of days. I am very proud to be one of the members of the program committee and hope that some readers of this blog also submit a paper to the workshop. LEET '08 will focus on the underlying mechanisms used to compromise and control hosts, the large-scale "applications" being perpetrated upon this framework, and the social and economic networks driving these threats.

Important dates:
  • Paper submissions due: February 11, 2008, 11:59 p.m. EST

  • Notification to authors: March 24, 2008

  • Final papers due: April 4, 2008

  • Workshop: April 15, 2008 - San Francisco, CA, USA

The workshop will be will be co-located with the 5th USENIX Symposium on Networked Systems Design & Implementation (NSDI '08), which will take place April 16–18, 2008, and Usability, Psychology, and Security 2008, which will take place on April 14, 2008.

Overview:
As the Internet has become a universal mechanism for commerce and communication, it has also become an attractive medium for online criminal enterprise. Today, widespread vulnerabilities in both software and user behavior allow miscreants to compromise millions of hosts (worms, viruses, drive-by exploits, etc.), conceal their activities with sophisticated system software (rootkits), and manage these resources via a distributed command and control framework (botnets). This platform in turn provides economics of scale for a wide range of criminal activities including spam, phishing, DDoS, click fraud, and so on.


Continue reading "Call for Paper: 1st Workshop on Large-scale Exploits and Emergent Threats (LEET '08)"

Posted by Thorsten Holz in administrativa at 14:39 | Comments (0) | Trackbacks (0)

New KYE paper: Malicious Web Servers

Tuesday, August 14. 2007
The Honeynet Project & Research Alliance are excited to announce the release of a new paper in our Know Your Enemy series, "KYE: Malicious Web Servers". In this paper, we take an in-depth look at malicious web servers that attack web browsers, and we evaluate several defensive strategies that can be employed to counter this threat of client-side attacks. All the malicious web servers identified in this study were found with our client honeypot Capture-HPC.

Besides providing the information of this paper, we also publish the complete data set. We hope that Capture-HPC and the data enable the security community to easily become involved in studying the phenomenon of malicious servers.
Posted by Thorsten Holz in administrativa, honeynets, paper at 20:04 | Comments (0) | Trackbacks (0)

ArsGeek Review of "Virtual Honeypots"

Tuesday, August 7. 2007
virtual-honeypots
ArsGeek posted yesterday a review of the book by Niels and me:

Title: Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Author(s): Niels Provos & Thorsten Holz
ISBN10: 0-321-33632-1
ISBN13: 978-0-321-33632-1
Publisher: Addison-Wesley
Cost: $49.99
Format: Paperback, 440 pages.
Published: July 16, 2007

Here is a concise, step by step guide to creating virtual honeypots. Honeypots are sweetened servers or services made available to the public where those seeking to compromise systems (either bots, malware or actual human beings taking a gander) can find vulnerabilities and then exploit them. Honeypots serve to either track and collect information about such attacks or serve as literal traps, netting the bad guys and tracing back to their origins.

Topics in the book range from full fledged virtual OS instances to attract malware and wrongdoers, creating low interaction honeypots to simulate single instances of vulnerabilities (rather than an entire system to compromise) to using various pre-packed tools to attract and trap malware, bots and hackers.

Continue reading "ArsGeek Review of "Virtual Honeypots""

Posted by Thorsten Holz in administrativa, virtual-honeypots at 14:41 | Comments (2) | Trackbacks (0)

WOOT'07

Monday, August 6. 2007
The First USENIX Workshop on Offensive Technologies (WOOT '07) takes place today and the workshop has a really nice schedule.This is the first workshop I am aware of that deals with mostly offensive techniques - good to see that also this field now has its own workshop :)
Posted by Thorsten Holz in administrativa at 19:58 | Comments (0) | Trackbacks (0)
(Page 1 of 3, totaling 30 entries) » next page