Automating Forensics. 2 Speaker Passion is honeypots. President, Honeynet Project Author Honeypots: Tracking and Co-Author Know Your Enemy. 8 Years in.

Slides:

Advertisements

Similar presentations

POWER in Integrating SmartOffice 3.5X within a Hosted Environment POWER in Integrating SmartOffice 3.5X within a Hosted Environment The Wachovia Insurance.

Advertisements

Honeynet Introduction Tang Chin Hooi APAN Secretariat.

SA/EE INCOSE 7/17/00 Systems Architecting/Engineering Education at The Aerospace Corporation INCOSE Academic Forum 17 July 2000 David J. Evans Executive.

A centre of expertise in digital information managementwww.ukoln.ac.uk Approaches To E-Learning: Developing An E-Learning Strategy Brian Kelly UKOLN University.

Georgia State University 2003 A Ten Step Approach to Developing an Information Security Program Bill Paraska Director of University Computing.

Honeypots Presented by Javier Garcia April 21, 2010.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

David A. Brown Chief Information Security Officer State of Ohio

Content, Context & Capacity: large-scale collaborative digitization at TRLN ALA annual 2012, OCLC panel “The Power of Groups: Collaboration and Innovation”

Hosted at the Institute for Learning and Research Technology, University of Bristol. Technical Advisory Service for Images International Seminary on Digitisation.

Near Term Tools: Using honeynet tools and techniques for post intrusion intelligence gathering Edward G. Balas Indiana University Advanced Network Management.

Honeypots and Honeynets Source: The HoneyNet Project Book: Know Your Enemy (2 nd ed) Presented by: Mohammad.

Information Night Engineers Without Borders-Finland EWB-Finland.

1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.

Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.

Pacific North West Honeynet Project Dave Dittrich The Information School University of Washington DIMACS Large Scale Attack Workshop, Sept. 23, 2003.

Manuka project IEEE IA Workshop June 10, Agenda Introduction Inspiration to Solution Manuka Use SE Approach Conclusion.

1 The Honeynet Project: Trapping the Hackers Lance Spitzner, Sun Microsystems Presented by Vikrant Karan.

Honeynet Research Alliance “Becoming Involved” Richard Gene La Bella George Chamales.

Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.

Incident Response and Forensic Course Disk Image Cataloging Project Concepts and Deliverables.

Energy Champions Training Module 1.5 Energy Champion Program Overview.

U.S. Army Corrosion Prevention and Control Program

Program Management Methodologies and Practices in the Aegis Program Office and Its Impact on Systems Engineering, Naval Surface Warfare Center, Dahlgren.

Feasibility Study of a Wiki Collaboration Platform for Systematic Review Eileen Erinoff AHRQ Annual Meeting September 15, 2009.

Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.

OPSWAT Presentation for XXX Month Date, Year. OPSWAT & ____________ Agenda  Overview of OPSWAT  Multi-scanning with Metascan  Controlling Data Workflow.

Honeypots. Your Speaker Lance Spitzner –Senior Security Architect, Sun Microsystems –Founder of the Honeynet Project –Author of Honeypots: Tracking Hackers.

Microsoft and Community Tour 2011 – Infrastrutture in evoluzione Community Tour 2011 Infrastrutture in evoluzione.

Honeypots and Honeynets A New Response to Cybercrime Analysis NAAG Seattle 04/14/03.

Orphaned Servers and Broken Processes 2007 Security Professionals Conference April 12, 2007.

Community Action Partnership Learning Community Moving Forward with Peer Learning In Community Action September 12, 2014 Barbara Ledyard, Project Director.

Virginia Local Government IT Executives (VALGITE) April 26, 2010 Bruce Sturk & Leslie Fuentes – City of Hampton.

Honeynets Detecting Insider Threats Kirby Kuehl

The Gender Wage Equity Project Eckerd College Presenters Donna Trent, Ph.D. Sandy Bramlett Laura Ward

1Of 25. 2Of 25  Definition  Advantages & Disadvantages  Types  Level of interaction  Honeyd project: A Virtual honeypot framework  Honeynet project:

HONEYPOTS PRESENTATION TEAM: TEAM: Ankur Sharma Ashish Agrawal Elly Bornstein Santak Bhadra Srinivas Natarajan.

& Collaborating to Build an Open Access Archive of Public Policy Research Coalition for Networked Information Task Force Meeting.

KJC001 (sp2015.ppt – May 12, 2015) – Industry senior project presentation Industry-based Senior Project in the Department of Computer Science and Engineering.

A VIRTUAL HONEYPOT FRAMEWORK Author : Niels Provos Publication: Usenix Security Symposium Presenter: Hiral Chhaya for CAP6103.

1 Commonwealth Security Information Resource Center Michael Watson Security Incident Management Director 10/17/2008

An Introduction First Ever Public Honeynet Project Security Workshop 21 st of March 2011 Christian Seifert, CEO.

A Virtual Honeypot Framework Niels Provos Google, Inc. The 13th USENIX Security Symposium, August 9–13, 2004 San Diego, CA Presented by: Sean Mondesire.

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

MERLOT 101: Everything you need to know to hit the ground running Barbra Bied Sperling Manager of Technical Development and MERLOT Webmaster.

Honeypots Today & Tomorrow. Speaker Involved in information security for over 10 years, 4 with Sun Microsystems as Senior Security Architect. Founder.

1 Introduction and Definitions. 2 Purpose of the Course This course is designed to provide students with hands on experience on identifying places where.

Marv Adams Chief Information Officer November 29, 2001.

Virtually Agile Astro Sabre (Matt Ganis) IBM, Senior Technical Staff Member Hawthorne, NY - September 20, 2007.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.

Palestine KlasCement.net A source of inspiration Hans De Four (Belgium) Coordinator (ad interim) OER-network KlasCement Founder STEM-ICT-kidslab.

Forensic Computing: Tools, Techniques and Investigations Assignment 1 Seminar.

Built on the Powerful Microsoft Azure Platform, Forensic Advantage Helps Public Safety and National Security Agencies Collect, Analyze, Report, and Distribute.

UNDER THE GUIDENCE OF: Mr.M.JAYANTHI RAO,M.Tech HOD OF IT. BY: I.ADITHYA(09511A1212) HONEYPOTS.

How to Make Cyber Threat Intelligence Actionable

Effective Action Planning Strategies to Ensure Your Employee Survey Leads to Tangible Improvements Presented by: Matt Roddan ORC International’s Employee.

University Wide Vulnerability Scanning Program

Critical Security Controls

Power BI after more than 1 year in production

Wireless Network Security

Hear From Susan G. Komen About The First 3 Easy Things They Did To Start Using Fluid User Interface Larry Zagata V.P. Solutions Delivery MIPRO Consulting.

Industry-based Senior Project in the

Honeypots and Honeynets

12/6/2018 Honeypot ICT Infrastructure Sashan

Friday, December 07, 2018 Honeypot ICT Infrastructure Sashan Kantonsspital Graubunden ICT Department.

Ian Osborne, ICT KTN The Information and Communications Technology Knowledge Transfer Network Ian Osborne, ICT KTN.

Natural Disaster Experiences Gained

Honeyd Build it Create a script/program to simulate one

Discussion Government Private Business Tools for prevention Congress

Presentation transcript:

Automating Forensics

2 Speaker Passion is honeypots. President, Honeynet Project Author Honeypots: Tracking and Co-Author Know Your Enemy. 8 Years in information security, four years senior security architect Sun Microsystems. Former life an officer in Army’s Rapid Deployment Force.

3 Purpose Challenges we face in forensics and data analysis.

4 Agenda Background on Honeynet Project and our research. Forensic challenges we face.

5 Honeynet Project

6 Problem How can we defend against an enemy, when we don’t even know who the enemy is?

7 One Possible Solution To learn the tools, tactics, and motives of the blackhat community, and share the lessons learned.

8 Goals Awareness: To raise awareness of the threats that exist. Information: For those already aware, to teach and inform about the threats. Research: To give organizations the capabilities to learn more on their own.

9 Value of the Project Open Source, sharing all of our work, research and findings. Everything we capture is happening in the wild (there is no theory.) We have no agenda, no employees, nor any product or service to sell (crummy business model).

10 Project Organization Non-profit (501c3) organization Board of Directors No more then two members from any organization. Funded by the community, including the NIC. Diverse set of skills and experiences. Team works virtually, from around the world.

11 Alliance Members South Florida Honeynet Project Georia Technical Institute Azusa Pacific University Paladion Networks Honeynet Project (India) Internet Systematics Lab Honeynet Project (Greece) Mexico Honeynet (Mexico) Honeynet.BR (Brazil) Irish Honeynet Norwegian Honeynet UK Honeynet French Honeynet Project Italian Honeynet Project

12 Know Your Enemy: 2nd Edition

13 Challenge of forensics

14 Our Biggest Problems Data Overload Time to Analyze Expertise to Analyze

15 Data Overload For our research to be successful, we need to have a lot of different systems hacked around the world. That ends up being a lot of data centrally collected.

16 Distributed Capabilities

17 Bootable CDROM

18 Time Forensic Challenge - 30 hours Reverse Challenge - 80 hours

19 Expertise No single person can know it all. Even on a single compromise, require different skill sets. Network captures Host processes, activity, and file systems Reverse Engineering Language skills Profiling

20 Scan of the Month Monthly challenges, over 30 archived. No two people analyze the same data the same way.

21 Forensic Automation Method to automate as much of data collection and analysis as possible, minimizing human effort. Minimize need for different expertise.

22 Some Ideas Database of clean and hacked images (David Dittrich, University of Washington). MD5 checksums of data streams (Bill McCarty, University of Azusa). Sebek (Edward Balas of Indiana University). User Interface (Edward Balas of Indiana University) Automating Data Collection and Analysis(Brian Carrier, Purdue) Honeyd (Niels Provos, Google)

23 Conclusion Biggest challenges we face Too much data Not enough time Not enough skilled people. Solution is to automate the process as much as possible.

24