HomeChaptersTunisian Chapter

Tunisian (Saherhoneynet) Chapter Status Report For 2012

Tue, 11/13/2012 - 11:58 — marwen.it

Tunisian (Saherhoneynet) Chapter Status Report For 2012
 
ORGANIZATION
All team members belong to the staff of the National Agency for Computer Security and the Tunisian CERT; our chapter is opened for volunteers based on a special agreement, such as students, researchers, professional and partners.
List current chapter members and their activities:

  • Hafidh EL Faleh                               Tunisian Honeynet chapter lead.Cyber early warning system Team Manager.
  • Haythem EL MIR                            IT cyber-Security Consultant (Professional).
  • Hassen Bahri                                    tunCERT Manager
  • Marwen Ben Rached                    Cyber early warning system team member – Programmer
  • Jihene Ksiksi                                    Cyber early warning system team member – Support

List changes in the structure:

  • Tarek mouhamed                          CTO of  NACS /tunCERT. (New members)
  • Amine Rached                                 CSIRT (incident team) manager. (New members)
  • Amine Abid                                      CSIRT (incident team) support. ( New members)

 
DEPLOYMENTS
From the starting of the project, the team tried to be up-to-date in term of used technologies; they tested all detection and honyepotting tools and tried to choose the most reliable ones.
This a list current technology deployed:

  • SurfIDS
  • SMTP-HP
  • Kippo
  • Kippo-Graph
  • Dionaea
  • Glastopf
  • Honeynet Webviz
  • Cuckoo
  • HonEeeBox
  • Architecture:   http://www.honeynet.tn/rep/clip_image002.jpg

    • RESEARCH AND DEVELOPMENT

    Developed Projects

    • Conception a tool for analyzing URL and binaries founded in SSH input using result of kippo ssh-honeypot.

     

    Projects currently under research

    IP Reputation Dadabase

    • Designing and specifying a tool to interface with a lot of honeypot tools (dionaea, glastopf, kippo ..) and provide an update database to cheeck a reputation of any IP address related with her historic logs.
    • Provide an web access (web services) to this tool, automatic getting Ip source and providing information related her reputation historic and sending necessary instructions for cleanning process.

    Black-List Generator

    • Create an updated list for malicious domains and hosts from malwares offred.
    • Select Profile of equipments to generate ACL (Firewall, IDS/IPS, Proxy ..) .
    • Designing and specifying techniques for black-list tool.
    • Online sharing of black-list.

    FINDINGS

    Presentations:

    • HP Workshop 2012: Tunisian Chapter Update:

    Link: http://www.honeynet.tn/node/60

    • ITU Regional Workshop on “IMPACT Alert - Cyber Drill for Partner Countries”, Amman-Jordan, 15-17 July 2012

    The National Platform for Tracking Cyber Attacks "SAHER"
    http://www.itu.int/ITU-D/arb/ARO/2012/CyberDrill/Documents/doc10-Saher2012.pptx

    Workshop

     

    List possibilities to interact with Tunisian Chapter

    EMail:honeynet@ansi.tn

    WebSite:http://www.honeynet.tn

    Twitter:http://twitter.com/SaherHoneyNet

    LinkedIn: http://www.linkedin.com/groups/The-Honeynet-Project-Tunisia-chapter-4142905

    chapter page :http://www.honeynet.org/chapters/tunisian

    GOALS

    The main goals of Saher-HoneyNet are:

    • Detecting malicious activities and reporting to the relevant parties; by deploying a network of honeypot sensors and setting up secure communication channel for reporting. 
    • Providing assistance to the Tunisian users to clean their infected computers by providing all technical resources, online assistance and even on-site assistance in coordination with the incident response team of the tunCERT. 
    • Providing technical materials for the awareness activity in order to educate the national community on malware threat and how the mitigate infections.
    • Providing data and technical resources for the research activities in collaboration with universities. 
    • Developing technical guides for malware analysis, detection technologies and best practices to mitigate malware infections in coordination with the malware research centre of tunCERT. 
    • Coordinating with international security networks to share information related to malicious activities.

    MENTORING

    Supervision of trainees for students in universities:

    • Final project: solutions to detect viral attacks (Honeynet).
    • Final project: Development of a generation blacklist console.
    • Traineeship: deployment of sandbox platform..