South African Chapter

The South African (ZA) honeynet project consists of members from Academia, Science Councils and the Private Sector. Our interests are in better understanding the threats against ZA IP space in particular. Much of our expertise lies in passive traffic analysis and very low interaction honeypot systems.

The chapters home page is at

ZA Honeynet Chapter report 2014


SSH honeypot workshop Bsides London 2013

At the last BruCON conference in Ghent last year I had the pleasure to talk to Soraya (Iggi), Bsides London co-organizer. She convinced me into submitting a workshop proposal for the Bsides London 2013.

And guess what, it got accepted.

So I will be doing a workshop on setting up a basic kippo SSH honeypot from Upi Tamminen ( and if time permits, using Ioannis Koniaris (Ion) kippo visualization tool kippo-graph (
Bsides London will be held on April 24th 2013 at Kensington and Chelsea Town Hall Read more »

South Africa Chapter Status Report for 2012


The ZA chapter has faced a busy year (non HNP) work wise. As a relatively young chapter, organisation and recruitment is still very much on the agenda. Much of the work being done is also within the Security and Networks Research Group (SNRG) at Rhodes University, of which a number of us are members. Read more »

Identifying unknown files by using fuzzy hashing

Identifying unknown files by using fuzzy hashing

Over the last couple of years I have captured about 2 gigabytes of malware using the Dionaea honeypot. Analysing and identifying those files can mostly be done by sites as Virustotal, Anubis or CWsandbox. By modifying the ihandler section in the dionaea.conf this can be done fully automated.
Every now and then even these excellent analysis sites come up with nothing. No result or whatsoever. This could be because its a brand new sample of malware which simply isn't recognised yet or it is a morphed sample of a known and existing one. Read more »

South Africa Chapter Status Report for 2011


As we are a new chapter in the HoneyNet Project, there have been no changes to the organizational structure. Barry and I are working on expanding the network within South Africa in an attempt to gain more sensor nodes and hopefully track attacks over a larger area within the country.

Chapter Members:

Matt Erasmus
Matt Erasmus is in charge of the South African chapter pages on both and

Barry Irwin Read more »

South African Chapter

Welcome to the South African Chapter.

We're starting off small with a couple of pots in South African IP space. Our focus is on malware delivered via SMB services which aren't a variant of Conficker. We also monitor SSH attacks and any malicious software originating from these compromises.

We're currently busy with completing the setup of our hosting infrastructure so the Wordpress site is just temporary.

Matt Erasmus
South African Chapter Member

Syndicate content