Vietnam Chapter Status Report For 2011

This report was posted on https://honeynetvn.vnsecurity.net/trac/wiki/ChapterReport/2011

ORGANIZATION

This is our first ever chapter report. The Vietnam Honeynet Project (VN-HNP) was founded in 2010 as a volunteer non-profit research organization. Our aim is to provide information surrounding security threats, vulnerabilities and Cyber Warfare attacks active in the wild on Vietnam networks today, to learn the tools, tactics, and motives of the blackhat community and to share these lessons learned with the public and the wider IT community.

Chapter Member

  • Leaders: Thanh Nguyen, Long Le
  • Members: Duong Ngoc Thai, Khiem Nguyen, Le Ngoc Hieu, Le Hong Viet, Mai Linh, Nguyen Anh Quynh, Nguyen Hong Phuc, Pham Mai Quan, Pham Van Toan, Vo Dai Chuyen
  • Others
    • In the beginning of 2011, ISeLAB ( http://www.iselab.edu.vn/) from Vietnam National University joined Vietnam Chapter (represented by Bui Thanh Phong)
    • We also have contributors who are members of Singapore and Malaysia Honeynet Projects:
      • Eugene Teo
      • Kaijern Lau

The Chapter members are interested in research projects covering the following topics

  • Botnet detection and behavior analysis
  • Automated malware collection and analysis systems
  • Automated botnet tracking
  • Low-interaction client honeypots
  • High-interaction client honeypots
  • Reverse engineering
  • Computer forensics

DEPLOYMENTS

We've deployed a low interaction honeypot systems using Honeywall at Vietnam National University by ISeLAB.

We plan to deploy a new low interaction honeypot system using Dionaea, Nepenthes, Honeytrap and a high interaction client honeypot using Capture-HPC in the next 2 months. Collected malware samples to be feeded into our automated malware and malicious documents analysis system.

MISC ACTIVITIES

  • Participate Honeynet Project workshop in March 2011
  • Participate GSOC 2010 as mentor for the Honeynet Project's Google funded GSOC 2010 initiative
  • Help HNP infrastructure committees to fix Plone issues

RESEARCH AND DEVELOPMENT

  • Analyzed the botnet and traffic logs of some high profile attacks/incidents in Vietnam
  • We're working on an automated malware and malicious documents analysis system

GOALS

Last year goals

A honeypot systems had been deployed at Vietnam National University and some of our research projects have been started. As a new chapter, we did not expect too much things to be done last year.

Next year goals

  • Capture-HPC system
  • Automated malware and malicious documents analysis system
  • Publish paper/report about security trends (collected by honeypots) in Vietnam to public
  • Establish relationship with VietCERT, other organizations and universities
  • Seek the opportunities to host HNP Workshop event in Vietnam (2012)