- About us
- Code of Conduct
- Google SoC
- Recent posts
- Security Workshops
The UNAM Chapter is part of UNAM-CERT, an organization established within the National Autonomous University of Mexico (UNAM).
Current chapter members:
We're using the following infrastructure as an early warning and intrusion detection system to feed into our incident response process, and also to identify emerging threats in the Internet and share this knowledge with the community.
We have 15 brand new Raspberry Pi’s and 3 HonEeeBox, divided into 5 Pi’s running Conpot, 5 Pi’s running Thug with direct shares to hpfeeds and the last are for mobile and Linux malware analysis.
One server with 8970 public IP addresses running Kippo, Dionaea and Glastopf, all data is being sharing data to hpfeeds.
Also we're running a centralized and staggered architecture for network monitoring based on snort, argus, tcpflow and several other tools for data capture and analysis.
A central system called “UNAM Security Telescope” to process all the information gathered by our honeypots and the centralized monitoring architecture.
RESEARCH AND DEVELOPMENT
We’ve developed a DNS Sinkhole in order to track and identify potential malicious PC’s hosting malware and bots within University’s network.
Working on the development of a spampot tool for collect and analysis of spam content like URL, attachments, source IP address, as well a Botnet tracking tool, for logging the activities of malware infected machines analyzing the commands sent by the C&C via IRC protocol.
A distributed sandbox based on Cuckoo platform to automate malware analysis for Windows XP, 7 and for Windows 8 is in development.
PAPERS, PRESENTATIONS AND COMMUNITY ENGAGEMENTS
At November we taught honeypot training to the community interested in honeypots and intrusion detection in Mexico City as a part of UNAM’s Security Congress 2013.
As part of UNAM-CERT one of our main activities is incident detection and handling within our University and Mexico, that’s why we are in close contact with CSIRTs of the main ISPs of Mexico, and sharing them information about security incidents coming from their networks that we are detecting on the University network.
No particular findings yet.
Every year we organize a Computer Security Congress. It's a balanced meeting which includes technical and non-technical talks. Main purposes are: to share experiences, to discuss trends and to give attendees a better perspective of computer security around Mexican networks and the world.
Our web page: