Podcasts about honeynet

Quelques lignes de code en vert sur un écran noir c'est fini : le système a été hacké. En tout cas dans la fiction. La réalité semble bien plus fertile car pirater un système, cela peut aussi ressembler à la prise de contrôle d'imprimantes, de capteurs ou de machines industrielles. Une activité lucrative ! Action contre la cybermalveillance, le groupement monté par l'État pour l'assistance et la prévention en cybersécurité, recensait 2 782 attaques avec rançons en 2023. Aujourd'hui, nous nous penchons sur la cybersécurité et ses enjeux, avec nos deux invités: Mathis Durand travaille sur la conception de pots de miel (honeypot) les plus alléchants possibles pour les cybercriminels. Hugo Bourreau utilise des jumeaux numériques pour l'analyse de la cybersécurité d'un système. Tous deux sont doctorants à l'Institut Mines Télécom (IMT) Atlantique, au sein de la chaire CyberCNI. Leurs thèses sont menées en collaboration avec la chaire de recherche en cyberdéfense de l'UQAC, l'Université du Québec à Chicoutimi. Une émission préparée et animée par Jérémy Freixas et Sophie Podevin. Ressources A review of Digital Twins and their application in Cybersecurity based on Artificial IntelligenceHow to Mock a Bear: Honeypot, Honeynet, Honeywall & Honeytoken: A Survey

Interview with Honeynet.org President Lance Spitzner.File Info: 12MB, 26min.

Contacts: lvdeijk@gmail.com angelo.dellaera@gmail.com They can also be reached on twitter: @ProjectHoneynet @angelodellaera @lvdeijk

Hosts Chris Gerling – @secbitchris Chris Mills - @thechrisam Andrew Borel – @andrew_secbit Mike Bailey – @mpbailey1911 Guests Brad Luyster - Louisville LVL1 Hackerspace Topics Encrypting your stuff Files http://www.truecrypt.org/ and https://www.dropbox.com/ https://www.jungledisk.com/ https://spideroak.com/ Passwords http://keepass.info/ https://lastpass.com/ https://agilebits.com/onepassword Web Browsing https://www.eff.org/https-everywhere http://www.tunnelbear.com/ News Items DARPA-Funded Radio HackRF Aims To Be A $300 Wireless Swiss Army Knife For Hackers http://www.forbes.com/sites/andygreenberg/2012/10/19/darpa-funded-radio-hackrf-aims-to-be-a-300-wireless-swiss-army-knife-for-hackers/ Real-Time Cyber-Attack Map http://map.honeynet.org/ via http://it.slashdot.org/story/12/10/19/2344253/real-time-cyber-attack-map Russian Anti-Virus Firm Plans Secure Operating System to Combat Stuxnet http://www.wired.com/threatlevel/2012/10/kaspersky-operating-system/ SMARTPHONE USERS SHOULD BE AWARE OF MALWARE TARGETING MOBILE DEVICES AND SAFETY MEASURES TO HELP AVOID COMPROMISE http://www.ic3.gov/media/2012/121012.aspx State-Sponsored Malware ‘Flame’ Has Smaller, More Devious Cousin http://www.wired.com/threatlevel/2012/10/miniflame-espionage-tool/ DOING INFOSEC RIGHT http://www.doinginfosecright.com/ Use Our Discount Codes Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats. FREE OnDemand Bundle with corresponding course purchase for SANS Network Security 2012 with code SecuraBit_NS12OD Use code 36449 for 20% off your Syngress order! Upcoming events http://www.secore.info https://secore.info/upcoming_conferences_feed.rss Links http://www.gh0st.net Chat with us on IRC at irc.freenode.net #securabitiTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

An enterprise IT infrastructure is a complex and a dynamic environment that is generally described as a black hole by its IT managers. The knowledge about an enterprise network's layout (topology), resources (availability and usage), elements residing on the network (devices, applications, their properties and the interdependencies among them) as well as the ability to maintain this knowledge up-to-date, are all of critical for managing and securing IT assets and resources. Unfortunately, the current available network discovery technologies (active network discovery and passive network discovery) suffer from numerous technological weaknesses which prevent them from providing with complete and accurate information about an enterprise IT infrastructure. Their ability to keep track of changes is unsatisfactory at best. The inability to "know" the network directly results with the inability to manage and secure the network in an appropriate manner. This is since it is impossible to manage or to defend something, or against something, its existence is unknown or that only partial information about it exists. The first part of the talk presents the current available network discovery technologies, active network discovery and passive network discovery, and explains their strengths and weaknesses. The talk highlights technological barriers, which cannot be overcome, with open source and commercial applications using these technologies. The second part of the talk presents a new hybrid approach for infrastructure discovery, monitoring and control. This agent-less approach provides with real-time, complete, granular and accurate information about an enterprise infrastructure. The underlying technology of the solution enables maintaining the information in real-time, and ensures the availability of accurate, complete and granular network context for other network and security applications. During the talk new technological advancements in the fields of infrastructure discovery, monitoring and auditing will be presented. Ofir Arkin is the CTO and Co-founder of Insightix, which pioneers the next generation of IT infrastructure discovery, monitoring and auditing systems for enterprise networks. Ofir holds 10 years of experience in data security research and management. He has served as a CISO of a leading Israeli international telephone carrier, and worked as a Managing Security Architect at @stake, a US-based security consultancy company. In addition, Ofir has consulted and worked for multinational companies in the financial, pharmaceutical and telecommunication sectors. Ofir conducts cutting edge research in the information security field and has published several research papers, advisories and articles in the fields of information warfare, VoIP security, and network discovery, and lectured in a number of computer security conferences about the research. The best known papers he had published are: "ICMP Usage in Scanning", "Security Risk Factors with IP Telephony based Networks", "Trace-Back", "Etherleak: Ethernet frame padding information leakage", etc. He is co-author of the remote active operating system fingerprinting tool Xprobe2. Ofir is an active member with the Honeynet project and co-authored the team's books, "Know Your Enemy" published by Addison-Wesley. Ofir is the founder of Sys-Security Group, a computer security research group.

A Honeypot is a information gathering system, designed for attackers to interact with. A honeynet, simply put, is a network of honeypots. The key component of a honeynet is the honeywall. The honeywall is used to provide the following capabilities: * Data Capture. The ability to collect information about the attack. * Data Control. The ability to restrict the amount of damage that can be done from one of your honeypots to another network. * Data Analysis. The ability to conduct limited forensics analysis on the network traffic or compromised honeypots in order to discover the attackers methodology. * Data Alerting. The ability to alert an analyst as to suspicious activity. In 2001, Honeynet.org released a honeywall, called eeyore, which allowed for Gen II honeynets and improved both Data Capture and Data Control capabilities over the Gen I honeynets. In the summer of 2005, Honeynet.org released a new honeywall, called roo, which enables Gen III honeynets. The new roo has many improvements over eeyore: * Improved installation, operation, customization * Improved data capture capability by introducing a new hflow database schema and pcap-api for manipulating packet captures. * Improved data analysis capability by introducing a new web based analysis tool called walleye. * Improved user interfaces and online documentation The purpose of this presentation is to describe the new capabilities of Gen III honeynets and demonstrate the new roo. In addition, a road ahead will be discussed to describe a global honeygrid of connected honeynets. Allen Harper is a Security Engineer for the US Department of Defense in Northern Virginia. He holds a MS in Computer Science from the Naval Post Graduate School. For the Honeynet Project, Allen leads the development of the GEN III honeywall CDROM, now called roo. Allen was a co-author of Gray Hat, the ethical hackers handbook published by McGraw Hill and served on the winning team (sk3wl of root) at last year's DEFCON Capture the Flag contest. Edward Balas is a security researcher within the Advanced Network Management Laboratory at Indiana University. As a member of the Honeynet Project, Edward leads the development of Sebek and several key GenIII Honeynet data analysis components. Prior to joining Indiana Unviersity, Edward worked for several years as a network engineer developing tools to detect and manage network infrastructure problems.>

An enterprise IT infrastructure is a complex and a dynamic environment that is generally described as a black hole by its IT managers. The knowledge about an enterprise network's layout (topology), resources (availability and usage), elements residing on the network (devices, applications, their properties and the interdependencies among them) as well as the ability to maintain this knowledge up-to-date, are all of critical for managing and securing IT assets and resources. Unfortunately, the current available network discovery technologies (active network discovery and passive network discovery) suffer from numerous technological weaknesses which prevent them from providing with complete and accurate information about an enterprise IT infrastructure. Their ability to keep track of changes is unsatisfactory at best. The inability to "know" the network directly results with the inability to manage and secure the network in an appropriate manner. This is since it is impossible to manage or to defend something, or against something, its existence is unknown or that only partial information about it exists. The first part of the talk presents the current available network discovery technologies, active network discovery and passive network discovery, and explains their strengths and weaknesses. The talk highlights technological barriers, which cannot be overcome, with open source and commercial applications using these technologies. The second part of the talk presents a new hybrid approach for infrastructure discovery, monitoring and control. This agent-less approach provides with real-time, complete, granular and accurate information about an enterprise infrastructure. The underlying technology of the solution enables maintaining the information in real-time, and ensures the availability of accurate, complete and granular network context for other network and security applications. During the talk new technological advancements in the fields of infrastructure discovery, monitoring and auditing will be presented. Ofir Arkin is the CTO and Co-founder of Insightix, which pioneers the next generation of IT infrastructure discovery, monitoring and auditing systems for enterprise networks. Ofir holds 10 years of experience in data security research and management. He has served as a CISO of a leading Israeli international telephone carrier, and worked as a Managing Security Architect at @stake, a US-based security consultancy company. In addition, Ofir has consulted and worked for multinational companies in the financial, pharmaceutical and telecommunication sectors. Ofir conducts cutting edge research in the information security field and has published several research papers, advisories and articles in the fields of information warfare, VoIP security, and network discovery, and lectured in a number of computer security conferences about the research. The best known papers he had published are: "ICMP Usage in Scanning", "Security Risk Factors with IP Telephony based Networks", "Trace-Back", "Etherleak: Ethernet frame padding information leakage", etc. He is co-author of the remote active operating system fingerprinting tool Xprobe2. Ofir is an active member with the Honeynet project and co-authored the team's books, "Know Your Enemy" published by Addison-Wesley. Ofir is the founder of Sys-Security Group, a computer security research group.

A Honeypot is a information gathering system, designed for attackers to interact with. A honeynet, simply put, is a network of honeypots. The key component of a honeynet is the honeywall. The honeywall is used to provide the following capabilities: * Data Capture. The ability to collect information about the attack. * Data Control. The ability to restrict the amount of damage that can be done from one of your honeypots to another network. * Data Analysis. The ability to conduct limited forensics analysis on the network traffic or compromised honeypots in order to discover the attackers methodology. * Data Alerting. The ability to alert an analyst as to suspicious activity. In 2001, Honeynet.org released a honeywall, called eeyore, which allowed for Gen II honeynets and improved both Data Capture and Data Control capabilities over the Gen I honeynets. In the summer of 2005, Honeynet.org released a new honeywall, called roo, which enables Gen III honeynets. The new roo has many improvements over eeyore: * Improved installation, operation, customization * Improved data capture capability by introducing a new hflow database schema and pcap-api for manipulating packet captures. * Improved data analysis capability by introducing a new web based analysis tool called walleye. * Improved user interfaces and online documentation The purpose of this presentation is to describe the new capabilities of Gen III honeynets and demonstrate the new roo. In addition, a road ahead will be discussed to describe a global honeygrid of connected honeynets. Allen Harper is a Security Engineer for the US Department of Defense in Northern Virginia. He holds a MS in Computer Science from the Naval Post Graduate School. For the Honeynet Project, Allen leads the development of the GEN III honeywall CDROM, now called roo. Allen was a co-author of Gray Hat, the ethical hackers handbook published by McGraw Hill and served on the winning team (sk3wl of root) at last year's DEFCON Capture the Flag contest. Edward Balas is a security researcher within the Advanced Network Management Laboratory at Indiana University. As a member of the Honeynet Project, Edward leads the development of Sebek and several key GenIII Honeynet data analysis components. Prior to joining Indiana Unviersity, Edward worked for several years as a network engineer developing tools to detect and manage network infrastructure problems.>

"The Internet industry is currently riding a new wave of investor and consumer excitement, much of which is built upon the promise of "Web 2.0" technologies giving us faster, more exciting, and more useful web applications. One of the fundamentals of "Web 2.0" is known as Asynchronous JavaScript and XML (AJAX), which is an amalgam of techniques developers can use to give their applications the level of interactivity of client-side software with the platform-independence of JavaScript. Unfortunately, there is a dark side to this new technology that has not been properly explored. The tighter integration of client and server code, as well as the invention of much richer downstream protocols that are parsed by the web browser has created new attacks as well as made classic web application attacks more difficult to prevent. We will discuss XSS, Cross-Site Request Forgery (XSRF), parameter tampering and object serialization attacks in AJAX applications, and will publicly release an AJAX-based XSRF attack framework. We will also be releasing a security analysis of several popular AJAX frameworks, including Microsoft Atlas, JSON-RPC and SAJAX. The talk will include live demos against vulnerable web applications, and will be appropriate for attendees with a basic understanding of HTML and JavaScript. Alex Stamos is a founding partner of iSEC Partners, LLC, a strategic digital security organization. Alex is an experienced security engineer and consultant specializing in application security and securing large infrastructures, and has taught multiple classes in network and application security. He is a leading researcher in the field of web application and web services security and has been a featured speaker at top industry conferences such as Black Hat, CanSecWest, DefCon, SyScan, Microsoft BlueHat and OWASP App Sec. He holds a BSEE from the University of California, Berkeley. Zane Lackey is a Security Consultant with iSEC Partners, LLC, a strategic digital security organization. Zane regularly performs application penetration testing and code review engagements for iSEC, and his research interests include web applications and emerging Win32 vulnerability classes. Prior to iSEC, Zane focused on Honeynet research at the University of California, Davis Computer Security Research Lab under noted security researcher Dr. Matt Bishop. "

The Internet industry is currently riding a new wave of investor and consumer excitement, much of which is built upon the promise of "Web 2.0" technologies giving us faster, more exciting, and more useful web applications. One of the fundamentals of "Web 2.0" is known as Asynchronous JavaScript and XML (AJAX), which is an amalgam of techniques developers can use to give their applications the level of interactivity of client-side software with the platform-independence of JavaScript. Unfortunately, there is a dark side to this new technology that has not been properly explored. The tighter integration of client and server code, as well as the invention of much richer downstream protocols that are parsed by the web browser has created new attacks as well as made classic web application attacks more difficult to prevent. We will discuss XSS, Cross-Site Request Forgery (XSRF), parameter tampering and object serialization attacks in AJAX applications, and will publicly release an AJAX-based XSRF attack framework. We will also be releasing a security analysis of several popular AJAX frameworks, including Microsoft Atlas, JSON-RPC and SAJAX. The talk will include live demos against vulnerable web applications, and will be appropriate for attendees with a basic understanding of HTML and JavaScript. Alex Stamos is a founding partner of iSEC Partners, LLC, a strategic digital security organization. Alex is an experienced security engineer and consultant specializing in application security and securing large infrastructures, and has taught multiple classes in network and application security. He is a leading researcher in the field of web application and web services security and has been a featured speaker at top industry conferences such as Black Hat, CanSecWest, DefCon, SyScan, Microsoft BlueHat and OWASP App Sec. He holds a BSEE from the University of California, Berkeley. Zane Lackey is a Security Consultant with iSEC Partners, LLC, a strategic digital security organization. Zane regularly performs application penetration testing and code review engagements for iSEC, and his research interests include web applications and emerging Win32 vulnerability classes. Prior to iSEC, Zane focused on Honeynet research at the University of California, Davis Computer Security Research Lab under noted security researcher Dr. Matt Bishop. "