Hugo Gonzalez - Full Member, Chapter Leader
The Chapter members are interested in research projects covering the following topics:
1. Low-interaction/high-interaction client honeypots
2. Distributed honeynet deployment, operation and data analysis
3. Automated malware collection and analysis systems
* We have some boxes with dionaea.
* Skynet on the latin america domains.
* Parse some production webserver logs looking for RFI attacks.
RESEARCH AND DEVELOPMENT
* Working on the malicious PDF analysis. (Mahmud has been advising us)
We will release a light PDF analysis service on the web, based only in the characteristics of the PDF file and some IA stuff.
* Testing cuckoo sandbox, we will release soon a detailed Spanish docs on installation and configuration.
* IPv6 (in)security.
* Working on a "massive password analysis framework". (We could use this for the list of ssh attacks, if the attackers use the same lists or personalized ones for example)
* Web interface for visualization on the RFI's analysis. (Jose Narario is sharing a lot of RFI data with us)
The RFI attackers are not always web servers as we assumed.
PAPERS AND PRESENTATIONS
*Does virus work on IPv6 only network?
Summer research 2010 on the UPSLP.
*Characteristics of a malicius PDF file.
*Hands on lab on structured network analysis
BugCon Security Conferences 2010.
*Improve our capacities on malware analysis.
*Began to analysis android malware.
*Implement an easy way to interpret cuckoo reports.
*Implement an easy way to send virus to cuckoo, like a web interface.
*Contribute to the cuckoo sandbox project
*Contribute to dionaea project.
*Cooperation with other chapters.
*Run a forensics challenge on IPv6
Help on forensics challenge 1 and 7.
Participate in the annual committee.
Work on education campaigns for information security.