- About us
- Code of Conduct
- Google SoC
- Recent posts
- Security Workshops
The South African (ZA) honeynet project consists of members from Academia, Science Councils and the Private Sector. Our interests are in better understanding the threats against ZA IP space in particular. Much of our expertise lies in passive traffic analysis and very low interaction honeypot systems.
The chapters home page is at http://www.honeynet.org.za.
At the last BruCON conference in Ghent last year I had the pleasure to talk to Soraya (Iggi), Bsides London co-organizer. She convinced me into submitting a workshop proposal for the Bsides London 2013.
And guess what, it got accepted.
So I will be doing a workshop on setting up a basic kippo SSH honeypot from Upi Tamminen (http://code.google.com/p/kippo/) and if time permits, using Ioannis Koniaris (Ion) kippo visualization tool kippo-graph (http://bruteforce.gr/kippo-graph).
Bsides London will be held on April 24th 2013 at Kensington and Chelsea Town Hall
The ZA chapter has faced a busy year (non HNP) work wise. As a relatively young chapter, organisation and recruitment is still very much on the agenda. Much of the work being done is also within the Security and Networks Research Group (SNRG) at Rhodes University, of which a number of us are members.
Identifying unknown files by using fuzzy hashing
Over the last couple of years I have captured about 2 gigabytes of malware using the Dionaea honeypot. Analysing and identifying those files can mostly be done by sites as Virustotal, Anubis or CWsandbox. By modifying the ihandler section in the dionaea.conf this can be done fully automated.
Every now and then even these excellent analysis sites come up with nothing. No result or whatsoever. This could be because its a brand new sample of malware which simply isn't recognised yet or it is a morphed sample of a known and existing one.
As we are a new chapter in the HoneyNet Project, there have been no changes to the organizational structure. Barry and I are working on expanding the network within South Africa in an attempt to gain more sensor nodes and hopefully track attacks over a larger area within the country.
Welcome to the South African Chapter.
We're starting off small with a couple of pots in South African IP space. Our focus is on malware delivered via SMB services which aren't a variant of Conficker. We also monitor SSH attacks and any malicious software originating from these compromises.
We're currently busy with completing the setup of our hosting infrastructure so the Wordpress site is just temporary.
South African Chapter Member