Hong Kong Chapter Status Report for 2014

ORGANIZATION
 
Hong Kong Chapter is a special interest group under local IT security professional association named PISA.
Major infrastructure is hosting at HoneyCloud and Member’s owned network.
Our interested research area including: malware, botnet, client-side attack and webapp attack etc.
 
Current chapter members
Alan Tam
Alan Lam
Anthony Lai
Daniel Luo
Eric Fan
Frankie Li
Frankie Wong
Peter Cheung
Roland Cheung
WS Lam
 
List changes in the structure of your chapter
Kelvin Lo (new member)
  
DEPLOYMENTS
Hong Kong Chapter deployed the following tools to collecting data for security trend analysis
    1 x Modern Honey Network (MHN)
    1 x Cuckoo Sandbox
    1 x Nepenthes
    3 x Dionaea
    2 x Kippo
    2 x HonEeeBox device
and published:
    Over 500MB data submitted to HPFriends
 
[By Alan Lam, Anthony Lai, Eric Fan, Peter Cheung, Roland Cheung, WS Lam] 
 
 
RESEARCH AND DEVELOPMENT
1. Study the Linux DDoS attack malware sample, e.g. Billgate botnet malware
[By Alan Lam]
 
2. Deployed Cuckoo Sandbox to collect samples and target attack analysis
[By Anthony Lai]
 
3. Investigate Android security and vulnerability, and examine advanced DoS attacks.
[By Daniel Luo]
 
4. Deployed Modern Honey Network (MHN) to manage the honeypots
5. Study the automatic honeypot deployment through Vagrant and Docker
[By Peter Cheung, Roland Cheung]
 
PAPERS, PRESENTATIONS AND COMMUNITY ENGAGEMENTS
[Presentations]
Feb 2015, organized a free private workshop “Honeynet Workshop 2015” to learn Honeypot management platform and installation of Honeypots in Raspberry Pi and Virtualbox with Ubuntu Linux
https://www.pisa.org.hk/past-events/402-honeynet-sig-workshop-2015
[By Eric Fan, Frankie Wong, Peter Cheung, Kelvin Lo, Roland Cheung]
 
Jan 2015, organized a private sharing session to CityU Bachelor Student and How RasberryPi can use for HoneyPot and Kippo Data Sharing.
[By Eric Fan]
 
Dec 2014, organized a free private seminar “App Security On Android” to learn the security threat and protection on Android device
https://www.pisa.org.hk/past-events/393-app-security-on-android
[By Frankie Wong]
 
Sep 2014, organized a free private seminar "Honeynet of Things (HoT)" to learn how to collaborate the deployed honeypot sensors in the Internet and make the attack visible
https://www.pisa.org.hk/past-events/377-honeynet_of_things_hot_make_the_attack_visible
[By Frankie Wong, Peter Cheung, Kelvin Lo, Roland Cheung]
 
Jul 2014, presented a topic "Discovery the Attack Clues by Visualization Tools" in HoneyCon 2014 Conference to illustrate the use of visualization tool to discover some hidden attack clues
http://honeynet.kktix.cc/events/honeycon2014
[By Peter Cheung, Roland Cheung]
 
June 2014, organized a free private workshop “Android App Reverses Engineering” to learn the tools and technique to conduct Android app reverse engineering
https://www.pisa.org.hk/past-events/366-android-app-reverses-engineering
[By Frankie Wong]
 
May 2014, presented a topic "How "Heartbleed" was being discovered? & How serious the "bleeding" in Hong Kong" seminar to learn the Heartbleed impact of top alexa ranking website found in Hong Kong
https://www.pisa.org.hk/past-events/365-how-heartbleed-was-being-discovered-how-serious-the-bleeding-in-hong-kong
[By Peter Cheung, Roland Cheung]
 
Mar 2014, presented a topic "Security Incident Investigation" in Master course of The Hong Kong Polytechnic University to use Honeypot intrusion case to illustrate the tools and technique on security incident investigation
[By Roland Cheung]
 
May 2014, presented a topic “Vulnerability Discovery for Android Applications” in CNCERT/CC Annual Conference
[By Daniel Luo]
 
[Papers]
Y. Shao, X. Luo, C. Qian, P. Zhu, and L. Zhang,”Towards a Salable Resource-driven Approach for Detecting Repackaged Android Applications”, Proc. of the 30th Annual Computer Security Applications Conference (ACSAC), 2014.
L. Xue, X. Luo, E. Chan, and X. Zhan, “Towards Detecting Target Link Flooding Attack”, Proc. of the 28th USENIX Large Installation System Administration (LISA) conference, Nov., 2014.
Y. Shao, X. Luo, and C. Qian, “RootGuard: Protecting Rooted Android Phones”, IEEE Computer, June, 2014.
C. Qian, X. Luo, Y. Shao, and A. Chan, “On Tracking Information Flows through JNI in Android Apps”, Proc. of the 44th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2014.
[By Daniel Luo and his students]
 
Y. Tang, X. Luo, Q. Hui, and R. Chang, “Modeling the Vulnerability of Feedback-Control Based Internet Services to Low-Rate Dos Attacks,” IEEE Transactions on Information Forensics and Security (TIFS), 9(3), 2014.
J. Zhang, R. Perdisci, W. Lee, X. Luo, and U. Sarfraz, “Building A Scalable System For Stealthy P2P-Botnet Detection,”  IEEE Transactions on Information Forensics and Security (TIFS), 9(1), 2014.
[By Daniel Luo and his collaborators]
 
Building a Home Honeypot using Raspberry Pi, PISA Journal issue 20, September 2014
https://www.pisa.org.hk/images/PISA_publication_journal/issue20/pisa_j20.pdf
[By Frankie Wong]
 
[Community engagements]
Plan to set up honeypots in non-profit organization in 2015
[By Anthony Lai]
 
Propose the HoneyPot session and abstract to HKNoG program committe for sharing session on April 2015 event
[By Eric Fan]
 
GOALS
Goal of 2015:
1. To promote using low power consumption device such as Raspberry Pi  to deploy honeypots
2. To study the security attack/malware targeted Internet device such as home router, TV Box and IPcam etc. 
3. To analysis security attack and malware through visualization tool such as Maltego and ELK etc
 
MISC ACTIVITIES
NIL
 
 
MENTORING
NIL