Iranian Chapter Status Report For 2014

Current chapter members:

  • Adel Karimi (Chapter Lead; Research on new attack trends, Honeypot deployment, Presenting Honeypot related materials)
  • Shahriyar Jalayeri (Lead Developer; Research, Honeypot development, Malware and attack analysis)
  • Amirreza Aminsalehi (Development, Honeypot deployment, Malware analysis and RCE)
  • Vahid Ghayoumi (Research on Web-based attacks and web honeypots, WAF)
  • Mehdi Mousavi (PhD Student; Research guide)
  • Ali Zand (PhD Student @UCSB; Research guide)


  • Pwnypot HoneyClient (Integrated with Cuckoo)
  • Bro-IDS Sensor
  • Dionaea Sensor x 3
  • Kippo Sensor x 3
  • Glastopf Sensor x 3
  • Central Monitoring and Visualization System (based on ELK)


      • SDBT – A Novel Shellcode Detection Technique
      • Accurate Polymorphic Shellcode detection using static binary translation and fault isolation without relying on any static signature. However it’s a little bit slow, the detection rate is high and reliable. Source Code:

  • Embedded Device Honeypot
  • We decided to modify the OpenWRT and use it as a simple MIPS-base honeypot. We use it to find and analyze malwares that infect network devices such as ADSL modems, routers or access points. It’s currently under the development, so we will add a link to source later.


  • This year we didn't have any special publication. Just an article in a Persian FOSS magazine about the Iranian Honeynet Project and the Shellshock attacks that we observed on our honeypots (
  • As usual, we had some 1-Day honeypot workshops and two unpublished papers.


- Goals the chapter met for the past year:

  • Development of new tools (SDBT and Embedded Device Honeypot)
  • Implementing the ELK for monitoring and visualizing our Honeypot and Bro sensors

- Goals for the next year:

  • Developing new tools / improving our embedded device honeypot
  • Contribute to the Honeynet annual workshop
  • Focus on data analysis and visualization