Singapore Chapter Status Report For 2011

1. Changes in the structure of your organization.
No changes

2. List current chapter members and their activities
• Cecil Su: Chapter Lead, Early Warning System, Honeypots deployment, Data Analysis.
• Nicolas Collery: Development, Malware analysis and RCE, Honeypots deployment, Data analysis.
• Vicky Khan: Development, Malware analysis, Research
• Vijay Vikram: Center Manager, Research, Development, Honeypots deployment.
• Eugene Teo: Research, Malware analysis and RCE, Data analysis.
• Emil Jingwei: Research guide.

1. List current technologies deployed.
During the last year we took down our honeynet setup from the National University of Singapore’s IT Security Lab as the system owner had wanted to install the “great NUS firewall”.

We recently found a new home with the blessing of the Dean from the local James Cook University (Singapore campus), but have yet to re-instate back our boxes. We are fortunate to have James Cook University donate the rack space as well as a range of public routable IPs for our honeynet deployment.

2. Activity timeline: Highlight attacks, compromises, and interesting information collected.
We had been advisors to the local IHLs (Institutes of Higher Learning), and currently have two polytechnics running with their own honeynets.

They have collected some sample malware and are willing to share the samples if needed.

1. List any new tools, projects or ideas you are currently researching or developing.
The Chapter members have been working with two tertiary institutions, Singapore Polytechnic and Temasek Polytechnic.

Singapore Polytechnic:
The Chapter members have been mentors to the final year project students for the last 3 years. Over the course of 2010/2011, the following projects were completed with our mentorship:
1. hBot – Instant Messaging Honeynet (2010)
2. Honeynet Sinkhole Project (2011)

The projects were also showcased in “SPinnovex 2010/2011” events and received “Gold Award” for their achievement. We hoped the students have benefited from the projects and gained a much greater depth of understanding in IT security domain, particularly in the area of Honeynet technologies.

The first generation of honeebox have also been deployed over here at SP’s IT Security Lab.

Temasek Polytechnic:
We have been asked to give an introductory presentation on the current threat landscape and we spoke on honeynet technologies and botnets.

Temasek Polytechnic had also recently deployed their honeynet infrastructure to support their new diploma studies in CyberSecurity.

2. Explain what kind of help or tools or collaboration you are interested in.
We are interested to cooperate in Honeywall development/improvement and learning about new Malware attack vectors.

To work with polytechnics and universities to extend the reach and promote honeynet-related technologies.
Collaboration in Malware and Botnet-related research (Fast-flux tracking, Botnet tracking and so on).

Not from our honeypots – as we have yet to get them re-instated at our new home, JCU.
Although a number of our members do run some of their pots at home as well via their broadband networks.

1. Are you working on or did you publish any papers or presentations, such as KYE or academic papers? If yes, please provide a description and link (if possible)

“Introduction to Honeynets” at JCU
“Honeynets & Botnets” at TP

2. Where did you present honeypot-related material? ( selected publications )
Half-Day Security Workshop, February 2011, James Cook University
Security Day 2011, Temasek Polytechnic

1. Which of your goals did you meet for the past year?
 We have been rather quiet last year and would like to make amends for it.
 Nicolas worked with other chapters on one of the forensics challenges
 Locating a sponsor for housing our honeypots

2. Goals for the next year.
 Presenting more honeypot-related materials at local polytechnics, universities and conferences
 Collaborate with local government agencies or commercial entities to work together on honeynet activities
 Help evaluate tools written by chapter members
 Have useful contents on our new local website
 Deploy (and improve on) our honeypots and data analysis system
 Publish a forensic challenge on “covert channels forensics”