- About us
- Code of Conduct
- Google SoC
- Recent posts
- Security Workshops
1. Changes in the structure of your organization.
Davide Cavalca left the Chapter due to inactivity.
2. List current chapter members and their activities
1. List current technologies deployed.
RESEARCH AND DEVELOPMENT
During 2013 the Italian Chapter has been mainly involved in finalising and publishing the latest version of the Dorothy framework.
In addition, the Chapter continued to mentor graduating student from the Technologic Department of Univertitá di Milano, by leading their work and research on botnets related projects. During this year, one students successfully accomplished his final year projects by contributing to the overall Chapter progress.
Thanks to his work, Dorothy2 will shortly have a fully interactive web console based on Ruby On Rails.
Progress details follow
Mentored Final degree Projects @ UNIMI
An interactive web dashboard for data visualization.
All the projects are available here.
The new version of the Dorothy framework has been finally released this summer. The complete software is released under the GPL 3.0 license, and comes through a ruby Gem. The released software is quite stable, and lot of improvements are going to be introduced shortly. More info can be found here, or directly at the project's Git page.
1. Highlight any unique findings, attacks, tools, or methods.
2. Any trends seen in the past year?
3. What are you using for data analysis?
We are currently using VMWare ESXi for malware sandboxing, and Splunk for analyzing all the data coming from our sensors/drones.
4. What is working well, and what is missing, what data analysis functionality would you like to see developed?
Dorothy2 is finally up&running, however, new honeypots are needed in order to fetch and analyze as much malwares as possible.
Although a first PoC has been coded by Andrea Valerio, the final dorothy2's web interface is still missing.
PAPERS AND PRESENTATIONS
1. Are you working on or did you publish any papers or presentations, such as KYE or academic papers? If yes, please provide a description and link (if possible).
2. Are you looking for any data or people to help with your papers?
3. Where did you present honeypot-related material?
Our research was presented at:
In 2013 no presentations were made.
1.Which of your goals did you meet for the past year?
Keeping the Chapter up and running was the main one and to maintain an enlarged team around the original Dorothy project was the strictly consequence.
Furthermore, an important goal was aimed to provide full support to any undergraduate students of the UNIMI that wanted to develop their final graduation project on honeypot/botnet related technologies.
Up today, thanks to the cooperation with the Università deli Studi di Milano - DTI, we have successfully provided (and still providing) support to several students that are working on Dorothy to improve/optimize its inner functionalities.
2. Goals for the next year.
The main goal for the next year is to deploy as many honeypots as possible and to connect them the hpfeed repository.
Among low-interaction honeypots, the Chapter wants to implement high-interactions ones, like Kippo for instence. Mailpots will also heavily used in order to analyze all the threats coming from this communication channel.
Furthermore, the development of dotothy2 and it's JDrone module will continue by adding new features and functionalities. The interactive web interface will be the first lack to tackle.
The Italian project will continue to freely provide support to any Italian .gov institutions (or national ISP) about honeypot implementation and cyber attacks notification.