Join us for the Honeynet Workshop 2024: May 27th–29th, Copenhagen, Denmark

Revitalizing a Centralised Honeypot Framework

19 Nov 2015 Rogier Spoor framework-honeypot
Bringing the dead back to life In early 2005 the SURFids Framework, later renamed to SURFcert IDS, was developed (http://ids.surfnet.nl/wiki/doku.php). The unique concept was the centralised detection approach, based on honeypots, with decentralised sensors running OpenVPN. From a marketing perspective ‘IDS’ was chosen in the name, in that age a popular term. Many organisations worldwide have used this open-source framework, however with a last update on the code in 2011, the project slowly died.

Conpot 0.5.0 released

13 Nov 2015 Lukas Rist conpot honeypot ics scada
The Conpot development team is proud to announce the 0.5.0 release. Highlights of this release are the support for two new protocols and one additional device. Peter Soóky did a major contribution with support for the BACnet protocol, which is used for building automation and control networks, and support for IPMI, which is used an interface to a computer subsystem that provides management and monitoring capabilities independently of the host system’s CPU, firmware and operating system (consider the insights you can get from someone exploiting this).

Cuckoo Sandbox meets Mac OS X

10 Nov 2015 Jurriaan Bremer
Posting this blogpost on behalf of Dmitry Rodionov. Hi there! I’m Dmitry Rodionov and this summer I’ve been working on an OS X analyzer for Cuckoo Sandbox project. Cuckoo Sandbox First things first: what is Cuckoo Sandbox? Imagine a box you can put any suspicious program or script into and immediately receive a complete description of what this program is and what it does. Well, that’s Cuckoo! Cuckoo launches every program in a separate virtual machine (a sandbox), so there is no risk for your own computer to be infected with a virus or to leak private information.

Interview with our new CEO Andre Ludwig

22 Oct 2015 Leon van der Eijk meet-our-new-ceo-andre
1. Hello Andre and congratulations on getting the CEO job ! Can you please tell us a bit more about yourself. What is your background for instance ? Oh where to start? I have been in the security field for the last 15 or so years, doing various things like running IT/security for small mortgage companies, being a pentester/audit consulting type, doing front line IDS/IR work for large global infrastructure providers, as well as building custom detection systems and analysis tools for large commercial orgs.

Gas Tank Monitoring System Honeypot

09 Sep 2015 Lukas Rist conpot honeypot ics
The Conpot team is following closely the latest developments in Honeypot research and the methods and technologies used. If you look at the topics presented on security conferences, you might have also noticed an increased interest in ICS security and honeypot technologies in the last two years. One presentation from this years Blackhat’15 conference caught my attention also knowing previous research done by Kyle and Stephen: “The little pump gauge that could: Attacks against gas pump monitoring systems” [link] If you are interested in their findings, I recommend their white paper: “The GasPot Experiment: Unexamined Perils in Using Gas-Tank-Monitoring Systems“ [link, pdf] by Kyle Wilhoit and Stephen Hilt from Trend Micro’s Forward-Looking Threat Research team.

Low Interaction Honeypots Revisited

06 Aug 2015 David Watson
TL;DR: Low interaction honeypots are designed to emulate vulnerable services and potentially detect attacks without exposing full operating system functionality. Although they have evolved in many ways over the past 15 years, understanding their limitations and sometimes inherent design weaknesses is important when you consider deploying them. Understanding the history of attempted honeypot detection and evasion allows system defenders to improve their continued use of honeypots and hopefully helps makes all of our networks safer.

Interview with Marie Moe, research scientist at SINTEF ICT and Security Diva at Honeynet Workshop in Stavanger

17 May 2015 Roberto Tanara workshop
Marie has a Ph. D. in information security and is passionate about incident handling and information sharing. She has experience as a team leader at NSM NorCERT, the Norwegian national CERT. Marie also teaches a class on incident management and contingency planning at Gjøvik University College. What was your motivation to enter Information Security field, and who inspired and helped you along the way? I didn’t intend to become an infosec professional, I just let my interest, talent and curiosity lead me along the way.

Interview with Francesca Bosco, UNICRI Project Officer and speaker at the Honeynet Workshop 2015

29 Apr 2015 Roberto Tanara workshop
Francesca Bosco earned a law degree in International Law and joined UNICRI in 2006 as a member of the Emerging Crimes Unit. She is responsible for cybercrime prevention projects, and in conjunction with key strategic partners, has developed new methodologies and strategies for researching and countering computer related crimes. Welcome to the Honeynet Workshop Francesca, can you share what was your motivation to enter Information Security field, and who inspired and helped you along the way?

Interview with Lukas Rist, creator of Conpot ICS honeypot and speaker at the Honeynet Workshop 2015

24 Apr 2015 Leon van der Eijk conpot workshop
Lukas Rist is a software engineer with Blue Coat Norway where he develops behavioral malware analysis systems. In his spare time, he works on web application and ICS/SCADA honeypots and botnet monitoring tools under the umbrella of the Honeynet Project where he is also a Director. He recently developed an interest in deployment automation, ephemeral file systems and exotic industrial communication protocols. 1) What was your motivation to enter Information Security field, and who inspired and helped you along the way?