RoT-1 Chapter - 2011 Status Report
ORGANIZATION
The RoT-1 Chapter of the Honeynet Project was founded in November 2010. The members include:
- Ryan Smith
- Adam Pridgen
- Daniel Herrera
- Ralph Logan
- Kirby Kuehl
- Jed Haile
- George Chamales
Areas of research conducted by the members:
- Mobile Honeynets
- Honeypot technology
- Memory Forensics
- Distributed Processing
- Large-Scale Data Analysis
DEPLOYMENTS
Currently, there are two Honeeebox sensors deployed at Rice University and at a members home in Houston, Tx.
RESEARCH AND DEVELOPMENT
Adam Pridgen augmented a the Volatility 2.0 Framework so that JSON output could be acquired from the frameworks tools when analyzing memory images. This functionality could then be used to store and mine the resulting output with using a NoSQL database like CouchDB or MongoDB. After noting a shortcoming in the acquisition, he has started investigating a more complete method of acquisition by modifying VirtualBox and capturing modified memory pages when they are paged out of physical memory. The ultimate goal is to be able to run virtual honeypots for extended periods with the ability to capture and reconstruct memory using periodic full memory snapshots and the captured pages in-between each memory snapshot to capture a more complete forensic picture of the honeypots memory.
FINDINGS
- A previously unidentified piece of malware/attack was discovered, and the characteristics and configuration material were reported to the appropriate parties.
PAPERS, PRESENTATIONS AND COMMUNITY ENGAGEMENTS
- Ryan and Adam published a paper on distributed Android application processing at HICSS which Ryan presented. STAAF: Scaling Android Application Analysis with a Modular Framework
- Ryan attended and participated in the 2012 GSOC Google Summer of Code
GOALS
- Establish a cooperative group project to better encorporate and activate new members
- Bring on new members from the northern Bay Area
- Hold quarterly remote collaboration meetings
MISC ACTIVITIES
- Adam Pridgen helped the CuckooBox with some minor contributions and testing.
- Both Ryan and Kirby got new positions that are malware-centric, which should lead to an increase in activity and collaboration.
MENTORING
Adam Pridgen and Ryan Smith were HPGSOC '12 mentors. Adam Pridgen co-mentored Oğuz Yarımtepe along with Nicolas Collery on the Network Analyzer Project. Ryan Smith stepped in to mentor Weilin Xu who was selected to work on the IPv6 Honeypot.
We are a 501c3 non-profit, all volunteer organization. Consider donating to support our forensic challenges, tools development, and research.