Italian Chapter Status Report 2013

ORGANIZATION
1. Changes in the structure of your organization.

Davide Cavalca left the Chapter due to inactivity.

2. List current chapter members and their activities

  • Marco Riccardi is the Chapter leader. He is mainly involved in the development/improvement of the Dorothy framework (dorothy2.), among mentoring all the graduating students of the University of Milan who decide to focus their final project Thesis on some of the Chapter's research areas.
  • Marco Cremonini is an assistant professor at the University of Milan, where he is currently teaching and researching in the field of security & privacy, economics and complex systems. He is the academic supervisor of students collaborating to the Chapter's activity and scientific advisor for the Chapter.
  • Luigi D’Amato is currently a CTO at Partner Security Lab and a member of Zone-H. He is providing support to our IT infrastructure and he is actively involved in developing/maintaining our honeynet.
  • Patrizia Martemucci is currently a former IT teacher at the high school of Imola. She is in charge of the main development of the JDrone -the Dorothy's module for botnet infiltration- as well as maintaining and improving the overall DB architecture of Dorothy. She is also mentors graduating students from the University of Milan.
  • Domenico Chiarito is a senior software architect who is mainly in charge of the DB architecture of Dorothy, among being an active developer of JDrone.

DEPLOYMENTS
1. List current technologies deployed.

  • The last release of the Dorothy monitoring and analysis framework: dorothy2.
  • Low interaction honeypots:
    Dionaea (Ubuntu) (1)
    Dionaea (honeeebox) (1)

RESEARCH AND DEVELOPMENT
During 2013 the Italian Chapter has been mainly involved in finalising and publishing the latest version of the Dorothy framework.
In addition, the Chapter continued to mentor graduating student from the Technologic Department of Univertitá di Milano, by leading their work and research on botnets related projects. During this year, one students successfully accomplished his final year projects by contributing to the overall Chapter progress.
Thanks to his work, Dorothy2 will shortly have a fully interactive web console based on Ruby On Rails.

Progress details follow

Mentored Final degree Projects @ UNIMI

  • WGUI Dorothy 2.0 Tecniche di visualizzazione dei dati per la sicurezza informatica (ITA)– Andrea Valerio
  • An interactive web dashboard for data visualization.

    All the projects are available here.

Dorothy2
The new version of the Dorothy framework has been finally released this summer. The complete software is released under the GPL 3.0 license, and comes through a ruby Gem. The released software is quite stable, and lot of improvements are going to be introduced shortly. More info can be found here, or directly at the project's Git page.

FINDINGS

1. Highlight any unique findings, attacks, tools, or methods.
None

2. Any trends seen in the past year?
None

3. What are you using for data analysis?
We are currently using VMWare ESXi for malware sandboxing, and Splunk for analyzing all the data coming from our sensors/drones.

4. What is working well, and what is missing, what data analysis functionality would you like to see developed?
Dorothy2 is finally up&running, however, new honeypots are needed in order to fetch and analyze as much malwares as possible.

Although a first PoC has been coded by Andrea Valerio, the final dorothy2's web interface is still missing.

PAPERS AND PRESENTATIONS

1. Are you working on or did you publish any papers or presentations, such as KYE or academic papers? If yes, please provide a description and link (if possible).

None

2. Are you looking for any data or people to help with your papers?

Possibly yes.

3. Where did you present honeypot-related material?
Our research was presented at:

In 2013 no presentations were made.

GOALS

1.Which of your goals did you meet for the past year?
Keeping the Chapter up and running was the main one and to maintain an enlarged team around the original Dorothy project was the strictly consequence.
Furthermore, an important goal was aimed to provide full support to any undergraduate students of the UNIMI that wanted to develop their final graduation project on honeypot/botnet related technologies.
Up today, thanks to the cooperation with the Università deli Studi di Milano - DTI, we have successfully provided (and still providing) support to several students that are working on Dorothy to improve/optimize its inner functionalities.

2. Goals for the next year.
The main goal for the next year is to deploy as many honeypots as possible and to connect them the hpfeed repository.
Among low-interaction honeypots, the Chapter wants to implement high-interactions ones, like Kippo for instence. Mailpots will also heavily used in order to analyze all the threats coming from this communication channel.
Furthermore, the development of dotothy2 and it's JDrone module will continue by adding new features and functionalities. The interactive web interface will be the first lack to tackle.

The Italian project will continue to freely provide support to any Italian .gov institutions (or national ISP) about honeypot implementation and cyber attacks notification.

MISC ACTIVITIES
NA