Jul 21 2015

Honeypots workshop at BSidesLV 2015!

I am very happy to announce that a honeypots workshop will take place during BSides Las Vegas for a 2nd year in a row! BSides is a fantastic community driven InfoSec convention and Las Vegas is the best place to be in August!

The workshop is titled “You Hack, We Capture: Attack Analysis with Honeypots“, lasts half a day (4 hours) and will be presented by me.

It takes place on Wednesday the 5th of August, from 8.30AM to 12.25PM.

Spots are numbered and limited! If you want to reserve a seat, you can do so via this page: https://www.bsideslv.org/registration/workshop-sign-ups/ (second to last)

Here is the workshop’s description:

Honeypots are systems aimed at deceiving malicious users or software that launch attacks against the infrastructure of various organizations. They can be deployed as protection mechanisms for an organization’s real systems, or as research units to analyze the methods employed by human hackers or malware. In this workshop we will study the operation of two research honeypots. A honeypot system will undertake the role of a web trap for attackers who target the SSH service. Another one will undertake the role of a malware collector, usually deployed by malware analysts to gather and store malicious binary samples. We will also talk about post-capturing activities and further analysis techniques. Furthermore, visualization tools and techniques will be presented, plus a honeypot bundle Linux distribution that contains pre-configured versions of the above tools and much more related utilities, which can make the deployment of honeypots an easy task.

BSidesLV

Hope to see you all in Vegas!

Jun 21 2015

Kippo-Graph 1.5.1 released!

This is the release of another version of Kippo-Graph, now at 1.5.1.

Kippo-Graph 1.5.1 fixes various small but important issues with Kippo-Graph, and upgrading is highly recommended!

Download: kippo-graph-1.5.1 or clone/pull from GitHub: https://github.com/ikoniaris/kippo-graph

MD5 Checksum: eefc421717c043fefb3dd9615b1e27b4
SHA-1 Checksum: 11711647728bb275e45b787f40bf90a84c7a66df

CHANGES:

Version 1.5.1:
+ Various important fixes.

For comments, suggestions, fixes, please use the Kippo-Graph page: http://bruteforce.gr/kippo-graph

Jun 07 2015

Easy importing of HoneyDrive to VMware Fusion

Hello honeypot enthusiasts, I was playing around with VMware Fusion today and I accidentally found out that it’s now super easy to create a VM using the HoneyDrive 3 OVA file. Note: I’m using VMware Fusion Professional Version 6.0.6 on OS X.

After downloading the OVA file from SourceForge, just go to VMware Fusion’s “File” (or “Add” button in the Virtual Machine Library) –> “Import…” –> “Choose File…” –> (Select the OVA file) –> “Continue…” –> (Save the vmwarevm file). VMware Fusion will try to use the OVA file but you will get a pop-up telling you that importing failed because the file didn’t pass OVF specification conformance or virtual hardware compliance tests. No worries, pressing the “Retry” button on that dialog will relax the OVF checks and retry the import, and this time it will work fine. Click “Finish” when it’s done. VMware Fusion will then try to start the VM and again you will get another pop-up telling you that it can’t connect to a virtual device. Just press “No” and ignore this message. That’s it, HoneyDrive 3 is ready to be used!

Of course the OVA file was created by VirtualBox so it has some leftover artifacts there. Remove them with:

sudo aptitude purge -P virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11
sudo reboot

After that, you probably want to install the VMware Tools by going to “Virtual Machine” –> “Install VMware Tools” –> “Install”. A DVD will be mounted inside the VM. Then do the following:

cp /media/VMware\ Tools/VMwareTools-9.6.6-2649738.tar.gz /tmp/ # the file version might be different in your case
cd /tmp
tar zxvf VMwareTools-9.6.6-2649738.tar.gz
cd vmware-tools-distrib/
sudo ./vmware-install.pl # accepting the defaults is fine
sudo reboot

Enjoy HoneyDrive 3 in VMware Fusion :)

Video

#Honeynet2014 – Gadi Evron – Cyber Counter Intelligence: An attacker-based approach

Video

Honeypots for Active Defense: A Practical Guide to Deploying Honeynets Within the Enterprise

Mar 10 2015

Cybersecurity and the Age of Privateering: A Historical Analogy

Download (PDF, 573KB)

Status update

Dear Kippo-Graph users, please git pull origin master inside your Kippo-Graph directory to get a commit that was pushed some days ago. It solves a bug that makes the Kippo-Geo component not display its maps if geolocation failed for any of the top 10 IP addresses.

Page 1 of 3012345...102030...Last »