Czech Chapter Report 2014

ORGANIZATION
 
1) Changes in the structure of your organization.
 
We have four new members and one user is gone due own activities.
 
2) List current chapter members and their activities

  • David Vorel - Chapter lead, honeypots deployments and principles
  • Matej Zuzčák - University of Ostrava, Faculty of Sience, Department of Informatics and Computers - honeypots deployments and principles
  • Pavol Sokol - Institute of Computer science, Faculty of Science, Pavol Jozef Šafárik University in Košice - honeypots deployments and principles
  • Viliam Lisý - Czech Technical University in Prague - honeypots deployments and principles
  • Katarína Ďurechová - CZ.NIC, maintainig and developing honeypots https://gitlab.labs.nic.cz/groups/honeynet
  • Martin Husák - CSIRT-MU, Institute of Computer Science, Masaryk University - honeypots deployments and principles
  • Ondřej Šrámek - GovCERT.CZ, National Cyber Security Centre - honeypots deployments and principles
  • Stanislav Bárta - GovCERT.CZ, National Cyber Security Centre - honeypots deployments and principles

DEPLOYMENTS
 
1) List current technologies deployed.

  • 7x Kippo
  • 7x Dionae
  • 6x Conpo
  • 6x Glastop
  • 2x Cucko
  • 2x Capture-HPC
  • 1x HoneyForum

2) Activity timeline: Highlight attacks, compromises, and interesting information collected.
 
No special highlights.
 
RESEARCH AND DEVELOPMENT
 
1) List any new tools, projects or ideas you are currently researching or developing.
 
No new tool developed by Czech Chapter within 2014. Working on improvement existing deployments. Automation in analysis for HoneyForum. Testing platforms for big data analysis aka "HIEM" as acronym for "SIEM" (based on ELK + Hadoop).
 
2) List tools you enhanced during the last year
 
No tool enhanced by Czech Chapter. Katarina released fixes and functions for Dionaea and Kippo as part of her work in CZ.NIC.

  • https://github.com/CZ-NIC/kippo - integration Kippo with the Virustotal
  • http://honeynet.org/node/1195 - other improvements
  • https://github.com/CZ-NIC/dionaea - fixes in the code

3) Would you like to integrate this with any other tools, or you looking for help or collaboration with others in testing or developing the tool?
 
In progress.
 
4) Explain what kind of help or tools or collaboration you are interested in.
 
Open to new occasions.
 
FINDINGS
 
1) Highlight any unique findings, attacks, tools, or methods.
 
No special highlihts.
 
2) Any trends seen in the past year?
 
CnC uses more sofisticated channels for conntroling (ie: JSON/AJAX, social medias). Propagation of malware via HTTP uses advertising.
 
3) What are you using for data analysis?
 
We use ELK for log analysis.
 
4) What is working well, and what is missing, what data analysis functionality would you like to see developed?
 
Missing social media based honeypots.
 
PAPERS AND PRESENTATIONS
 
Members released several papers as part of their work or research.
 
- P.Sokol, M. Zuzčák, T. Sochor: Definition of Attack in the Context of Low-Level Interaction Server Honeypots In: Computer Science and Its Applications. Ubiquitous Information Technologies : 6th FTRA International Conference : 17. - 19. december 2014, Guam, USA. - Berlin Heidelberg : Springer-Verlag, 2015. - ISBN 9783662454015. - S. 499-504.
 
- P.Pisarčík, P. Sokol: Framework for distributed virtual honeynets. In: SIN´14 : Proceedings of the 7th International Conference on Security of Information and Networks : 9. - 11. september 2014, Glasgow. - New York : ACN, 2014. - ISBN 9781450330336. - S. 324-329.
 
- P.Sokol : Legal Issues of Honeynet's generations. In: ECAI-2014 : Proceedings of the International Conference on Electronics, Computers and Artificial Intelligence, vol. 6, no. 5 : 23. - 25. október 2014, Bucharest. - Pitesti : University of Pitesti, 2014. - ISBN 9781479954797. - S. 63-70.
 
- P.Sokol, P. Pisarčík: Data capture in virtual honeynet based on operating system level virtualization. In: ICTIC 2014 : Proceedings in Conference of Informatics and Management Sciences : The 3rd International Conference : 24. - 28. marec 2014, Žilina. - Žilina : Publishing Institution of the University of Žilina, 2014. - ISBN 9788055408651. - ISSN 1339-231X. - S. 285-290.
 
- K. Durechova: Presentation about Honeypots - "Užitočne zraniteľné servery" in CTJB 2014 https://ctjb.net/2014 and in conference "Internet a Technologie" 14.2 http://www.nic.cz/it14.2/
 
- Study of Internet Threats and Attack Methods Using Honeypots and Honeynets Tomas Sochor, Matej Zuzcak - University of Ostrava, Ostrava, Czech Republic Computer Networks (CN) 2014 - Brunów Palace, Brunów Poland Springer Verlag - Computer Networks Communications in Computer and Information Science Volume 431, 2014, pp 118-127, DOI: 10.1007/978-3-319-07941-7_12; ISSN: 18650929, ISBN: 978-331907940-0
 
- HUSÁK, Martin a Jakub ČEGAN. PhiGARo: Automatic Phishing Detection and Incident Response Framework. In Availability, Reliability and Security (ARES), 2014 Ninth International Conference on. Fribourg, Switzerland: IEEE, 2014. pp. 295-302. ISBN 978-1-4799-4223-7.
 
- Christopher Kiekintveld, Viliam Lisý, Radek Píbil: Game-Theoretic Foundations for the Strategic Use of Honeypots in Network Security. Book chapter in Cyber Warfare: Building the Scientific Foundation. Springer International Publishing. 2015. pp. 81-101. ISBN: 978-3-319-14038-4
 
- Karel Durkota, Viliam Lisy, Christopher Kiekintveld, Branislav Bosansky: Game-Theoretic Algorithms for Optimal Nework Security Hardening Using Attack Graphs. In Proceeding of 14th International Conference on Autonomous Agents and Multiagent Systems. AAMAS 2015.
 
- Karel Durkota, Viliam Lisy, Christopher Kiekintveld, Branislav Bosansky: Optimal Network Security Hardening Using Attack Graph Games. In Proceedings of the Twenty-Fourth International Joint Conference on Artificial Intelligence. IJCAI 2015.
 
- Application of honeypots in IPv6 networks Tomas Sochor, Matej Zuzcak - University of Ostrava, Ostrava, Czech Republic, ICNAAM 2014 - Rhodes, Greece
 
- Definition of attack in context of high level interaction honeypots, Pavol Sokol, Matej Zuzcak, Tomas Sochor, Institute of Computer Science, Faculty of Science Pavol Jozef Šafárik University in Košice, Jesenná 5, 040 01 Kosice, Slovakia and Department of Informatics and Computers, Faculty of Science, University of Ostrava, 30. dubna 22, 701 03 Ostrava, Czech Republic, CSOC 2015 - Zlin, Czech Republic
 
- Attractiveness Study of Honeypots and Honeynets in Internet Threat Detection, Tomas Sochor, Matej Zuzcak - University of Ostrava, Ostrava, Czech Republic, Computer Networks (CN) 2015 - Brunów Palace, Brunów Poland
 
GOALS
 
1) Which of your goals did you meet for the past year?
 
Recovering the Chapter activities, bring new members to the project.
 
2) Goals for the next year.
 
Deploy and develop internal infrastructure for maintaining and share knowledge inside czech community. Improvements on our deployments.
 
MISC ACTIVITIES
 
-

Groups: