Honeybird Update

Known Your Enemy By Honeynet

posted Jun 6, 2013, 10:09 AM by Roland Cheung   [ updated Jun 6, 2013, 6:36 PM ]

Honeynet SIG of PISA organized a seminar "Known Your Enemy By Honeynet" on May 25,2013.
We talk about the latest development of honeynet and demostrate several popular honeynet tools.
Thanks for all coming and supporting!

The presentation files can be downloaded from here

Topic Speaker Resource
1. Introduction of Honeynet Peter Cheung Download
2. The latest development of Honeynet Frankie Wong N/A
3. Honeynet Tools Demostration (Using HoneyDrive) Roland Cheung Download
 
Event Snapshot
 
 
 
 

Android Analysis Tool

posted Jan 29, 2012, 1:18 AM by Peter Cheung   [ updated Jan 29, 2012, 1:48 AM ]

Android Analysis Tool developed by Daoyuan Wu, Daniel Xiapu Luo (our member), Rocky K.C. Chang (Appsec in Polyu) has identified severevulnerabilities in a number of popular Android Apps (e.g., QQ, etc.).
They have submitted the vulnerabilities to CVE. Detailed information could be found in the following link.

鑑識分析挑戰 6 - 分析惡意編碼 PDF 檔案

posted Nov 1, 2010, 6:56 PM by Roland Cheung   [ updated Nov 1, 2010, 7:20 PM ]

鑑識分析挑戰 6:分析惡意編碼 PDF 檔案 已於111日在 Honeynet 的鑑識分析挑戰網站上發佈 (英文版內容)這次是由來自馬來西亞團隊的Mahmud Ab Rahman和Ahmad Azizan Idris 提供一個利用含惡意編碼 PDF檔案進行的典型攻擊的分析挑戰。

挑戰內容:
PDF 格式是在線文件交換的業界標準 (de facto standard)。由於它的普及性,因此亦吸引了罪犯利用它來向信任的使用者傳播惡意程式。在很多攻擊工具中已經包含了建立惡意編碼 PDF檔案的功能來散播惡意程式。如果使用者對開啟 PDF 檔案缺乏警覺性,惡意編碼 PDF檔案會是一個頗成功的攻擊手段。 在網路封包記錄 lala.pcap 內藏有關於一個典型的惡意編碼 PDF檔案。

如果大家有興趣參加今次挑戰,請在2010年11月30日星期二之前在 http://www.honeynet.org/challenge2010/ 透過裡面的表格 (請使用 MS word解答範本 Open Office解答範本) 提交您的挑戰解答。結果約在12月的第三個星期公佈。)


期待香港及華語世界人士的參與,謝謝!




Challenge 5 of the Forensic Challenge 2010 - Log Mysteries

posted Sep 8, 2010, 7:15 PM by Honeybird Administrator

Challenge 5 - Log Mysteries - (provided by Raffael Marty from the Bay Area Chapter, Anton Chuvakin from the Hawaiian Chapter, Sebastien Tricaud from the French Chapter) takes you into the world of virtual systems and confusing log data. In this challenge, figure out what happened to a virtual server using all the logs from a possibly compromised server.

Please go to http://www.honeynet.org/challenges/2010_5_log_mysteries for details.

The Honeynet Project鑑識分析挑戰中文版啟航

posted Jun 1, 2010, 7:47 PM by Honeybird Administrator   [ updated Jun 2, 2010, 1:13 AM by Roland Cheung ]

The Honeynet Project 在幾年前成功舉辦 Scan of the month 鑑識分析挑戰之後,在2010年開始重啟鑑識分析挑戰(Forensic Challenge)目,將包含對最新的作業系統和服務的伺服器端攻擊、用戶端攻擊、VoIP攻擊、Web應用攻擊等一系列的攻擊場景。鑑識分析挑戰歡迎安全社區人士積極參與,並將對最好的3個提交解答送出獎品。 我們的成員也將提供一份解答樣例,以公開的最新工具來分析挑戰內容。

然而可能由於語言壁壘的問題,華語世界安全社區很少參與到 The Honeynet Project  的鑑識分析挑戰中。在墨西哥 The Honeynet Project 年會之後,我們來自華語世界的分支團隊(台灣團隊的鄭毓芹(Julia Cheng),中國大陸團隊的諸葛建偉,香港團隊的 Roland Cheung)將聯合推出 The Honeynet Project 鑑識分析挑戰中文版,與英文版採用同樣的時間安排並行,提供簡體中文版和繁體中文版的鑑識分析挑戰內容,也將接受以中文撰寫的提交解答(當然我們還是推薦華語世界的安全人士用英語參與The Honeynet Project鑑識分析挑戰),對中文提交的解答,我們也將評出最佳解答, 並提供獎勵。我們希望借此機會讓華語世界的安全人士更積極的參與The Honeynet Project以及世界開源安全社區的活動,獲得更多的收穫。

2010年第四次挑戰中文版的第一次)已於61日在我們的鑑識分析挑戰網站上發佈,我們將有1個月的時間接受提交解答,提 交截止時間為香港時間 201063023:59。我們預計將在2010721日發佈結果,The Honeynet Project 將對最好的3個英文提交解答進行獎勵,也將對最好的中文提交解答進行獎勵。

期待香港及華語世界人士的參與,謝謝!

Honeynet Workshop 2010 Sharing

posted May 31, 2010, 8:50 PM by Honeybird Administrator   [ updated Jun 1, 2010, 11:06 AM by Roland Cheung ]

Topic

Honeynet Workshop 2010 Sharing

Date 26-Jun-2010 (Saturday)
Time

14:00 - 17:00

Venue

IVE (Haking Wong) RM172

Seats

PISA Members, CISSP holders, IVE(CIM)teacher, (CIM)student, CityU Student and Invited guest

Registration Use this Registration Form
Fax:2900-8338
Email to registration@pisa.org.hkThis e-mail address is being protected from spambots. You need JavaScript enabled to view it
Speaker

Honeynet Project Members - Mr. Peter Cheung, Mr. Roland Cheung & Mr. Alan Lam

Content 1. Sharing of the Honeynet Workshop 2010
2. HoneyClient Technology
3. Tools Demo - PhoneyC, Fireshark
4. Future project and activity

 

Reference :
Honeynet Project ( www.honeynet.org )
Honeynet Project Hong Kong Chapter ( www.honeybird.hk )

Honeynet Insight follow-up...

posted Apr 15, 2010, 7:40 PM by Honeybird Administrator   [ updated Apr 15, 2010, 7:45 PM ]

The Honeynet Insight was completed and Thanks for all help.  

Here are the presentation

 

Honeynet Insight

posted Mar 23, 2010, 7:51 PM by Honeybird Administrator

opic

Honeynet Insight

Date 10 Apr 2010 (Saturday)
Time

14:00 - 17:00

Venue

IVE (Haking Wong) RM172

Seats

PISA Members, CISSP holders, IVE(CIM)teacher, (CIM)student, CityU Student and Invited guest

Registration Use this Registration Form
Fax:2900-8338
Email to registration@pisa.org.hk This e-mail address is being protected from spambots. You need JavaScript enabled to view it
Speaker

Honeynet Project Members - Mr. Peter Cheung, Mr. Roland Cheung & Mr. Alan Lam

Content

1. Honeybird 2009 review
2. Honeypot case studies : Tracking IRC Botnet
3. Malware Honeypot
4. Hands-On: Malware Honeypot (Nepenthes) setup
5. Members sharing (TBC)

 

Reference :
Honeynet Project ( www.honeynet.org )
Honeynet Project Hong Kong Chapter ( www.honeybird.hk )

Google Summer of Code 2010

posted Mar 11, 2010, 10:05 PM by Honeybird Administrator   [ updated Mar 11, 2010, 10:20 PM ]

Dr Zhuge from The Honeynet Project Chinese Chapter  had written an article on Google Summer of Code 2010 (GSoC). The article is very details from its goal, application process and worldwide status. Peter from Honeybird had translated and revised the article, added the Hong Kong students and mentors information.  We hope that more and more Hong Kong student and mentor will join this event (It will be great for honeynet project :) and contribute to the open source community. 

First challenge of the Forensic Challenge 2010

posted Jan 18, 2010, 5:50 PM by Peter Cheung

Honeynet Project just posted the First Challenge of the Forensic Challenge 2010.

The first challenge deals with a network attack. It has been provided by Tillmann Werner from the Giraffe Chapter. It is accessible at https://honeynet.org/node/504.

Submissions are due on Monday, February 1st 2010 and results will be released on Monday, February 15th 2010. The top three submissions will be awarded with small prizes. Check it out!

1-10 of 11