Your SlideShare is downloading. ×
Charles Lim - Honeynet Indonesia Chapter
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Charles Lim - Honeynet Indonesia Chapter

623
views

Published on

Charles Lim - Honeynet Indonesia Chapter

Charles Lim - Honeynet Indonesia Chapter

Published in: Technology

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
623
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
33
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Honeynet Indonesia ChapterHoneynet – Indonesia ChapterHoneynet Seminar & WorkshopHoneynet Seminar & WorkshopJakarta, 18 June 2013
  • 2. Agenda• Introduction to HoneynetIntroduction to Honeynet• Introduction to Honeynet - IndonesiaChapterChapter• What’s Up?Wh t’ N t?• What’s Next?• About the Workshop• Conclusion
  • 3. THANK YOU – SOLD OUT
  • 4. THANK YOU• To the Ministry of Communication andInformatics, especially Directorate InformationSecuritySecurity• To Swiss German University team, support toTo Swiss German University team, support toorganize and make this event possible• To all the speakers and sponsorsT ll d h f h• To all attendees that come for these events
  • 5. Introduction to The HoneynetIntroduction to The HoneynetProject• Volunteer open source computer securityresearch organization since 1999 (US 501c3fit)non-profit)Mi i ¨l th t l t ti d ti• Mission: ¨learn the tools, tactics and motivesinvolved in computer and network attacks, andshare the lessons learned¨ -share the lessons learned -http://www.honeynet.org
  • 6. Introduction to The HoneynetIntroduction to The HoneynetProject
  • 7. Introduction to The HoneynetIntroduction to The HoneynetProject• Goal: Improve security of Internet at no cost tothe public• Awareness: Raise awareness of the threatsth t i tthat exist• Information: For those already aware, teachand inform about latest threatsand inform about latest threats• Research: Give organizations the capabilities tolearn more on their own
  • 8. Introduction to The HoneynetIntroduction to The HoneynetProject• Global membership of volunteers with diverse• Global membership of volunteers with diverseskills and experiences• Deploys networks of computer systems around thep y p yworld with the explicit intention of being hacked• Share all of our tools, research and findings, at not t th blicost to the public• Members release regular activity status reports¨K Y E ¨ (KYE) hit l l• Know Your Enemy (KYE) white papers regularlypublished on current research topics• Committed to open source and creative commonsCommitted to open source and creative commons• Partially funded by sponsors, nothing to sell!
  • 9. Introduction to The HoneynetIntroduction to The HoneynetProject
  • 10. Brief Introduction to TheBrief Introduction to TheHoneynet Project46 Chapters and 28 countries
  • 11. Brief Introduction to TheHoneynet ProjectHoneynet Workshop 2013 @ The Address Dubai
  • 12. Brief Introduction to TheHoneynet ProjectHoneynet Workshop 2012 @ Facebook HQ
  • 13. Indonesia Chapter• 25 November 2011, about 15people from academia, securityprofessionals and governmentmade the declaration duringmade the declaration duringour yearly malware workshopat SGU (Swiss GermanUniversity)University)• 19 January 2012 accepted aspart of Honeynet Chapterp y p• Members: 70 (today)
  • 14. Indonesia Chapter• Indonesia Honeynet Project• Id_honeynet• http://www.honeynet.or.idhtt // l / /id h t• http://groups.google.com/group/id-honeynet
  • 15. Introduction to The HoneynetIntroduction to The HoneynetProject
  • 16. Introduction to The HoneynetIntroduction to The HoneynetProject
  • 17. Indonesia Honeynet ProjectIndonesia Honeynet ProjectSeminar & WorkshopHoneynet Workshop 5-6 Juni 2012, Jakarta
  • 18. Indonesia Honeynet ProjectIndonesia Honeynet ProjectSeminar & WorkshopHoneynet Workshop 20 Nop 2012, Surabaya
  • 19. How we start?• Four students of SGU in 2010 wanted to• Four students of SGU in 2010 wanted toexplore how to use Data Mining to understandCyber Security Threats:y y• 2 students focusing on Malware Threats• 2 students focusing on Cyber Terrorismg y• 1 Student SGU focused on capturing malwareusing Honeypots (Nepenthes)• We also invited Malware Expert, Pak Aat toshare his experience
  • 20. Road Mapp20RandyAnthony-SGU-Amien HRosyandino-ID SIRTII-Michael-SGU-Stewart-SGU-Glenn-SGU-Mario-SGU-
  • 21. Road MappMario-SGU-Andrew-SGU-Tommy-SGU-21Michael-SGU-Stewart-SGU-Glenn-SGU-
  • 22. SGU Honeypots• SGU Honeypot Network Designyp g
  • 23. Live DemoSGU HoneypotSGU Honeypot
  • 24. Live Demo
  • 25. National Malware Monitoring• Central Repository for Malware captured by all• Central Repository for Malware captured by alluniversities sensors in Indonesia thatparticipatep p
  • 26. Previous Works• Nano PC with Atom processors• Nano PC with Atom processors• Price Rp 3 million
  • 27. Work in Progress• Raspberry PI• Raspberry PI• ARM processor• RAM 512 MB 8 GB SD Card• RAM 512 MB, 8 GB SD Card• Push Protocol
  • 28. What’s Next?• Call for more participation from universities• Call for more participation from universities,industry and government• Requirements:• A commitment from the top management• At least 1 public IP address to start• Willing to submit malware samples to centralrepositoryrepository• You will get:g• 1 Nano PC to be installed in your infra
  • 29. Our Previous Dashboard
  • 30. W b I t f (2013)Web Interface (2013)Thanks to Jonathan & Tommy (SGU IT Batch 2011)
  • 31. Web Interface (2013)Thanks to Jonathan & Tommy (SGU IT Batch 2011)
  • 32. Web Interface (2013)Thanks to Jonathan & Tommy (SGU IT Batch 2011)
  • 33. Web Interface (2013)Web Interface (2013)Thanks to Jonathan & Tommy (SGU IT Batch 2011)
  • 34. Web Interface (2013)Web Interface (2013)Thanks to Jonathan & Tommy (SGU IT Batch 2011)
  • 35. Web Interface (2013)Web Interface (2013)Thanks to Jonathan & Tommy (SGU IT Batch 2011)
  • 36. What’s Next?• Improving Stats Reporting• Improving Stats Reporting• Sharing malware and stats• Sharing malware and statsAdding more honeypots such as honeytrap• Adding more honeypots such as honeytrap,Glastopf, Kippo, etc.• All raspberry honeypots• Data Cleansing and Clustering Data Mining
  • 37. Last Year Workshop• We have one track with morning session and• We have one track with morning session andafternoon session• Morning Session – Dionaea & Malware Analysis• Afternoon Session – Capture The Flag
  • 38. This Year WorkshopWaktu Track #1 Track #2 Track #308:15 – 08:30 Registrasi & Persiapan Seminar08:30 – 09:00 Kata Sambutan (Kementerian KOMINFO)09:05 – 10:00Honeypot – Dionaea(Charles & Mario)Malware Analysis (Ricky) Memory Forensic (Mada)10:00 – 10:15 Break10:15 – 12:30Honeypot Back End(Mario)Malware Analysis (Ricky) Memory Forensic (Mada)12:30 – 13:15 ISOMA13:15 – 14:45Honeypot – Glastopf,Kippo (Amien)Botnet (Charles)ACAD-CSIRT(Mantra & Greg)14:45 – 15:00 Break15:00 – 16:30Developing MalwareLab (Digit)Botnet (Charles) Android Forensic (Feri)
  • 39. Track #1• Morning Session – Dionaeag• Speaker: Charles Lim and Mario Marcello• How to setup and configure Dionaea• How to create stats report for the captured traffic• Afternoon Session I• Speaker: Amien Harisen• How to setup and configure Kippo and Glastopf• Afternoon Session II• Speaker: Digit Oktavianto• How to setup your own Malware Lab
  • 40. Track #2• Morning Session – Malware Analysis• Speaker: Ricky Prajoyo• How to perform Reverse Engineering• How to perform Analysis of executable malwaresamples• Afternoon Session – BotnetS k Ch l Li• Speaker: Charles Lim• Understanding Botnets• Analyzing Botnet activities• Analyzing Botnet activities
  • 41. Track #3• Morning Session – Memory Forensics• Speaker: Mada R. Perdhana• How to perform Memory Forensics• Forensic Stuxnet Malware samples• Forensic Stuxnet Malware samples• Afternoon Session I – Java SecurityAfternoon Session I Java Security• Speaker: Gregorius Hendy• Secure Coding using Java• Afternoon Session II – Android Forensics• Speaker: Feri Lauw• How to Perform Android Forensics
  • 42. Further Information• The Honeynet Project(http://www.honeynet.org)• Indonesia Honeynet Project(http://www.honeynet.or.id)( p y )• Swiss German University(http://www.sgu.ac.id)( p g )• My Blog(http://people.sgu.ac.id/charleslim)( p //peop e sgu ac d/c a es )
  • 43. Honeynet - Indonesia Chapter• Indonesia Honeynet Project• Id_honeynet• http://www.honeynet.or.idhtt // l / /id h t• http://groups.google.com/group/id-honeynet
  • 44. Questions ???