French Chapter Status Report 2012


Active members:
- Sébastien Tricaud
- Guillaume Arcas
- Anthony Desnos
- Franck Guénichot
- François-René Hamelin
- Christophe Grenier

We have following technologies deployed:

- Kippo on honeycloud. Goal of this deployment is to provide a centralized instance of Kippo & share findings, logs, collected data.
- HoneyProxy on honeycloud.
- Honeeebox


* New tools
=> HoneyProxy as part of GSoC 2012.
=> FAUP (formerly furl)
=> OpenNormalizer
=> PhotoRec/TestDisk
=> A.R.E. / AndroGuard

Enhanced tools:
=> minor HPfeeds patches.
=> TestDisk & PhotoRec: Too many improvements to list them (More than 150 commits)
=> minor (not-yet-committed) modifications for Kippo: make kippo randomly accept/reject login/passwords & work without prepopulated password database.


=> Centralized Kippo Honeypot
This project's goal is to provide members with a standard Kippo server and allow them to redirect incoming SSH scan to this server instead of dropping them.


=> Analysis of country wide DNS Traffic
=> Analysis of HTTP usage by malware


=> S. Tricaud - 2011 - How Visualization makes it possible
=> S. Tricaud - HES - Capture me if you can
=> S. Tricaud / CIRCL LU - CanSecWest 2012 - Scrutinizing a country using passive DNS and PicViz
=> Honeynet Worksho, Network Training, Visualization Training
=> S. Tricaud, FIRST Malte 2012
=> A. Desnos, Android: Static Analysis Using Similarity Distance (HICSS)
=> A. Desnos,Android : from reversing to decompilation (Blackhat Abu Dhabi)
=> A. Desnos,Analyzing Android Applications (Computer Security Congress - Mexico City)
=> A. Desnos,Android Malwares: is it a dream ? (EICAR)


=> GSoC mentoring
=> Workshop
=> Enhancing tools

=> Focus on analysis: OSINT, dedicated tools including Timeline Builder.
=> "HoneyCIF" based on HPFeeds. As described here[], "CIF allows you to run queries against many data sources at once. If you have other private data sources available, particularly via XML (RSS), JSON, or in a file (e.g. CSV), you can incorporate those, as well as additional OSINT sources."


=> A.R.E. / AndroGuard funded by Rapid7
=> Franck Guénichot co-authored Forensic Challenge #9 (Mobile malware)
=> ongoing discussion with french community on collaboration on specific areas
=> new website, twitter account


=> HoneyProxy - G. Arcas - GSoC 2012
=> Automated Attack Community Graph Construction #1 & #2 - F.Guénichot (Backup mentor) - GSoC 2012