HoneyNED Status Report For 2014

Organisation

HoneyNED is a Dutch community of IT Security enthusiasts with a shared interest in Honeypot technology. Goals of this chapter include but are not limited to:

    • Blog about IT security topics concerning .NL
      • Collect and analyze honeypot data and publish the results
        • Organize workshops
          • Explore and develop new honeypot technology
          • In 2014 we have been struggling with how to organize our chapter. It was difficult to meetup each other on a regular base and we have changed our chapter lead. In quarter four '14 we decided to schedule every two months a physical meeting and month in between with a videoconferencing. This helps to monitor project progress and to jointly discuss new ideas.

The current members are:

            • Rogier Spoor (chapter lead)
            • Ernest Neijenhuis
            • Dave Woutersen
            • Gert Vliek
            • Tarik El Yassem
            • Wim Biemolt
            • Leon van der Eijk
            • Jop van der Lelie (*)
            • Ivo van der Elzen (*)
            • Johan Romkes (*)

            (*) new members in 2014 Our aim is to have members from important IT security organizations in the Netherlands. This will help us experimenting with honeypot technology in various industrial sectors and deploying honeypots in the whole country. At this moments we've members form banks, national research network, ISP's, defense sector and national cyber security on board.

Research and Development

            • We have put seven students on a project about how to redefine the SURFids database and analysis structure. The students will finish their work in January 2015. They've already advised to start using the ELK stack (elastic search, logstash and kibana dashboard) in order to easily process the amounts of data. monitoring.
            • Spamhattan project is started. This project aims on analyzing spam emails via ELK stack. Target is to collect SPAM by filling in known phishing sites and therefore receiving large amounts of SPAM/phishing emails.

Goals 2015

          • Malware sample analysis (dropper analysis, .. etc)
          • Various honeypot deployments and create a malware lab environment based on Openstack. Openstack enables us to (amazon-like) easy deploy test machines.
          • ELK stack (elastic search, logstash and kibana dashboard) analysis setup for our honeypots
          • Scale-up the Spamhattan project. Try collecting emails from other sources like de-registered domainnames.