To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.

Blogs

The search for open VoIP gateways intensifies!

Got several calls from customers today. Their end-customers were calling them telling that their phone is ringing in the middle of the night. When some of them answers, there is no one there. We do some traces on it from our VoIP platform but can not find anything, and concludes there is random SIP INVITES beeing sent directly to the adapter.

This is a common way of searching for open VoIP gateways. They send a SIP INVITE with a real number that they control. If the SIP INVITE is making a successful call to this destination, the traffic suddenly increases after a while.

HeX LiveCD to be 2.0-RC2 soon.

As effort of the Honeynet Project Malaysian chapter and the RawPacket team initiative, HeX LiveCD was created. It is a Network Security Monitoring (NSM) centric Live CD, built based on the principles of NSM, for analysts, by analysts. This project will be eventually forked to Hex Sensor and Hex Server to complete the cycle of NSM processes. Besides, HeX LiveCD is the blueprint for HornyD. HornyD and HoneySuckle are the toolkits for the Malaysia Distributed Honeynet Project.

New blog space at HP

Just received account details from the HP. New blog space for me to post some stuff. ;-)

No more emulation!

Emulation is an important technology in honeypots and honeynets. It's not always what we want, though, and here's why. As you might know, most bots perform attacks in multiple stages, i.e., they

  • send some exploit code to the victim that opens a shell,
  • connect to that shell or let the shell connect back,
  • invoke commands to download the actual malware binary,
  • execute the malware.

Catching the exploit and providing a fake shell isn't too hard, as shown in this post. But we certainly don't want a malware to get executed on our honeypot, not even in an emulated environment. Instead, we want to do different things with it, e.g., submit it to a central service for automated analysis.

Our New Website

Greetings! First I want to start off by thanking Steve Mumford, Christine Kilger, Jamie Riden, David Watson and Markus Koetter, they are the people that made our new website possible. Second, I wanted to share with you how excited I am about this. One of the challenges we have had for years is coordinating all the different research projects are members are doing. This site will allow each person to share as much as they want, however they want. Expect things like individual blogs, special interest groups and other research areas.

Content formatting for beginners

  • Allowed HTML tags:
    <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Embedding preformatted code, such as sourcecode:
    <code lang=text|php|c|cpp|java|mysql|...> <//code>

    if no lang is provided, rendering uses lang=text.
    If lang is given, the code will be highlighted.

    example

    int main(int argc, const char *argv[])
    {
         return foo(argc-1,argv+1);
    }

  • Embedding Images:
Syndicate content