Podcasts about honeynet project

Send us a textIn this conversation, Lance Spitzner shares his unique journey from a military tank officer to a pioneer in cybersecurity, detailing the evolution of his career and the inception of the Honeynet Project. He emphasizes the importance of understanding the human element in security, advocating for a shift from mere security awareness to fostering a robust security culture within organizations. Spitzner discusses practical steps for security teams to enhance their approach, including leveraging AI to improve communication and engagement. He concludes by reflecting on the impact of his work and the growing recognition of the human side of cybersecurity.TakeawaysThe Honeynet Project was born from a need for cyber threat intelligence.Security culture is broader than security awareness; it encompasses attitudes and beliefs.Changing the environment is key to changing organizational culture.AI can be leveraged to enhance communication and simplify security policies.Positive interactions with security teams build a stronger security culture.Chapters00:00 From Military to Cybersecurity Pioneer03:04 The Birth of the Honeynet Project05:59 Understanding the Human Element in Security09:13 Security Culture vs. Security Awareness11:51 Changing Organizational Culture for Security14:46 Practical Steps for Security Teams17:55 Leveraging AI in Security Culture21:11 Measuring Success in Cybersecurity Training

"Security Awareness" is a slippery topic for a lot of people. It's a well known phrase -- and, let's face it, it's a phrase that can be very misleading. In this episode, Perry sits down with Dr. Jessica Barker (author and co-CEO at Cygenta), Cassie Clark (Security Awareness Lead Engineer at Brex), John Scott (Head of Security Education at Bank of England), and Lance Spitzner (Director, SANS Institute: Founder, Honeynet Project) to discuss what is currently being done well and, more importantly, where it needs to grow over the next few years. Spoiler alert: it's all about managing human risk. Guests: Dr. Jessica Barker (LinkedIn) (Twitter) Cassie Clark (LinkedIn) (Twitter) John Scott (LinkedIn) (Twitter) Lance Spitzner (LinkedIn) (Twitter) Books and Resources: 8Li S1 E9: Security ABCs Part 1: Make Awareness Transformational 8Li S1 E10: Security ABCs Part 2: 8th Layer Insights and the Quest for Security Culture Cybersecurity ABCs: Delivering awareness, behaviours and culture change by Jessica Barker, Adrian Davis, Bruce Hallas, & Ciarán Mc Mahon A Data-Driven Computer Defense: A Way to Improve Any Computer Defense by Roger A. Grimes Security Awareness Program Builder: Practical guidelines for building your Information Security Awareness Program & prep guide for the Security Awareness and Culture Professional (SACP)™ by Mark Majewski People-Centric Security: Transforming Your Enterprise Security Culture by Lance Hayden Start with Why: How Great Leaders Inspire Everyone to Take Action by Simon Sinek (Amazon affiliate link) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter (Amazon affiliate link) The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer (Amazon affiliate link) Production Credits: Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks. Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: hello [at] 8thLayerInsights [dot] com

Lukas Rist authored several open source honeypot projects. After spending a couple of years studying mathmatics and physics, Lukas ventured out to work with Bing and Microsoft Research on making the web a safer place, got payed by DARPA to hunt hackers and taught students in Taiwan open source security.His passion for security and open source got nurtured by The Honeynet Project which lead to a five year stint with Norman Shark, Blue Coat, and Symantec, working on large scale malware analysis and behavioral detection systems.Looking for more purpose, he worked as Senior Software Engineer at Corti, doing real time emergency call classification, striving to build a great engineering team and making sure those tensors keep flowing in order to classify life threatening situations.Currently Lukas is working as Lead Software Engineer with the world largest online wine retail platform Vivino. His team build personalization, recommendation, and prediction systems. In his free time he is working on various open source projects.For more SecTools podcast episodes, visit https://infoseccampus.com

Hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 59 today we're going to discuss about Honeypots and honeynets.Honeypots and honeynets are used to attract and trap potential attackers to counteract any attempts at unauthorized access to your organization's network.Now, a honeypot is generally a single computer,but it could also be a file, a group of files, or an area of unused IP address space that might be considered attractive to a would-be attacker.A honeynet, on the other hand,is one or more computers, servers,or an area of the network.And often, this is used when a single honeypot is not deemed to be sufficient for your purposes.Now, why would we use honeynets and honeypots in our network?Well, this is usually used as a form of research,to try to learn about attackers.For example, the Honeynet Project at honeynet.org is a well-known honeynet that's in use today.It's used to learn the tools, tactics,and motives involved in computer and network attacks.And then they share what they learned with all of the different organizations out there.Your organization likely isn't going to put up a honeypot on it's own, unless you're part of a security operation center for a large company who's trying to develop better countermeasures.For example, security researchers at companies like Microsoft, Google, and Apple might run a honeypot or a honeynet to try to better be prepared in the defense of their systems,and better understand the bad guys' techniques and tactics.But for most of us,honeypots and honeynets are just something we have to memorize.

In this Episode of Beers & Bytes, we caught up with Joseph Mlodzianowski, Co-Founder of the Texas Cyber Summit and Red Team Village, to discuss the upcoming conference, his experiences as a conference attendee and the ups and downs of being a conference organizer.The Texas Cyber Summit is being held this year in person at the Marriott River Center in San Antonio Texas and will be held virtually for those who aren't ready to come in person. The conference begins with training sessions which run October 25th-28th, 2021 and the conference takes place October 29 - 30, 2021. The in-person keynote speakers include Yatia (Tia) Hopkins, VP Global Solutions Architecture at eSentire, Inc. and Ping Look from Microsoft.  Special guests include Camille J Singleton, Senior Strategic Cyber Threat Lead at IBM, Bob Kalka, VP at IBM Security and Texas Senator José Menéndez.The virtual keynote speaker is Ben Sadeghipour from Nahamsec. Special guests include Alexis Ahmed, Founder & CTO @HackerSploit and Lance Spitzner,  Director at SANS Institute and Founder, Honeynet Project.Beverages:Power Moves IPA - https://www.aslinbeer.com/Watermelon Gose - https://shop.terrapinbeer.com/products/watermelon-goseWriters Tears - https://www.walshwhiskey.comW00TSTOUT - https://www.stonebrewing.com/Enjoy by 04.20.21 - https://www.stonebrewing.com/Sauza Tequila - https://www.tresgeneraciones.com/1942 - https://www.donjulio.com/Boombox DBL IPA - https://www.boomboxbrewing.com/More Information:Texas Cyber Summit - https://texascyber.com/Beers & Bytes - https://beersandbytespodcast.comFortify 24x7 - https://fortify24x7.comFluency Security - https://fluencysecurity.comSupport the show (https://beersandbytespodcast.com)

Back again with another episode of the HackableYou Podcast. This time it's just Ed and Alex while Will is away. In our Cyber News we talk about the recent Law Enforcement involvement in taking down the Emotet Botnet, the Washington State Audit Office data breach leaking 1.6million records of employment claims and a recent update to Agent Tesla RAT including new evasion techiques. Topic of The Weeks looks at HoneyPots, HoneyNets and Deception Technology and the role they play acorss a security fuction. Go and have a look at Canary Tokens and the Honeynet Project. In our exclusive segment Secrets from The SOC we dive into the topic of Typosquatting and associated threats behind a simple milseplt domain name. We really hope you enjoy the Podcast and we would love to hear from you! Get in touch at info@hackableyou.com ---- Timestamps ---- CyberNews: 01:29 Topic of The Week: 15:46 SFTS: 24:49

démico y privado en México, España y Colombia, en donde ha dirigido equipos de consultoría en ciberseguridad y de respuesta a incidentes cibernéticos, como UNAM-CERT y MNEMO-CERT. Ha colaborado con diversos grupos y asociaciones de interés en ciberseguridad como Honeynet Project, Proyecto Amparo (LACNIC) y la Asociación Mexicana de Internet. Directora y presentadora: ◼️ Yolanda Corral (https://twitter.com/yocomu). Periodista. Formadora freelance especializada en ciberseguridad de tú a tú y competencias digitales (https://www.yolandacorral.com/servicios-formacion). Fundadora del canal Palabra de hacker. _____ Sigue Palabra de hacker tu canal de #ciberseguridad de tú a tú: 🔴 Canal de YouTube, suscríbete para no perderte ningún vídeo: https://www.youtube.com/c/Palabradehacker-ciberseguridad 🎙 Suscríbete y escucha todos los podcasts en: ✔️ Ivoox: http://www.ivoox.com/podcast-palabra-hacker_sq_f1266057_1.html ✔️ iTunes: https://itunes.apple.com/es/podcast/palabra-de-hacker/id1114292064 ✔️ Spotify: https://open.spotify.com/show/1xKmNk9Gk5egH6fJ9utG86 ✔️ Google Podcast: https://podcasts.google.com/?feed=aHR0cDovL3d3dy5pdm9veC5jb20vcGFsYWJyYS1oYWNrZXJfZmdfZjEyNjYwNTdfZmlsdHJvXzEueG1s - Toda la información en la web https://www.yolandacorral.com/palabra-de-hacker - Canal en Telegram: t.me/palabradehacker - Twitter: https://twitter.com/palabradehacker - Facebook: https://www.facebook.com/Palabradehacker

Miroslav Stampar is an IT Security Advisor - Expert at Croatian Government's CERT, part of the Information Systems Security Bureau (ZSIS). Born in 1982., writing and breaking computer code for as long as I can remember. A PhD candidate with Master's Degree in Computer Science at Faculty of Electrical Engineering and Computing (FER), University of Zagreb, Croatia.Hacker, challenge solver, occasional CTF-er and an author of sqlmap, open source project for automated detection and exploitation of SQL injection vulnerabilities, along with numerous other offensive and defensive information security tools (e.g. Maltrail, DSSS, DSXS, DSVW, tsusen, etc.). Also, Croatian Chapter Lead for The Honeynet Project.SQLmap was initially by Daniele Bellucci in 2006, the project was soon taken over by Bernardo Damele who developed and promoted it. Later in 2009, Miroslav Stampar answered a call for developers and joined the project.

For those looking to get some real world hands-on experience in DFIR to build up or expand your skill set, check out honeynet.org. The non-profit offers information and challenges to help sharpen your skills.

F*ck the attribution, show us your .idb! Morgan Marquis-Boire Senior Researcher, Citizen Lab Marion Marschalek Malware reverse engineer, Cyphort Inc Claudio Guarnieri Creator and lead developer, Cuckoo Sandbox Over the past few years state-sponsored hacking has received attention that would make a rockstar jealous. Discussion of malware has shifted in focus from ‘cyber crime’ to ‘cyber weapons’, there have been intense public debates on attribution of various high profile attacks, and heated policy discussion surrounding regulation of offensive tools. We’ve also seen the sale of ‘lawful intercept’ malware become a global trade. While a substantial focus has revolved around the activities of China, Russia, and Iran, recent discoveries have revealed the capabilities of Western nations such as WARRIORPRIDE aka. Regin (FVEY) and SNOWGLOBE aka. Babar (France). Many have argued that digital operations are a logical, even desirable part of modern statecraft. The step from digital espionage to political persecution is, however, a small one. Commercially written, offensive software from companies like FinFisher and Hacking Team has been sold to repressive regimes under the guise of ‘governmental intrusion’ software. Nation state hacking operations are frequently well-funded, difficult to attribute, and rarely prosecuted even if substantive evidence can be discovered. While efforts have been made to counter this problem, proof is hard to find and even more difficult to correctly interpret. This creates a perfect storm of conditions for lies, vendor lies, and flimsy attribution. In this talk we will unveil the mess happening backstage when uncovering nation state malware, lead the audience on the track of actor attribution, and cover what happens when you find other players on the hunt. We will present a novel approach to binary stylometry, which helps matching binaries of equal authorship and allows credible linking of binaries into the bigger picture of an attack. After this session the audience will have a better understanding of what happened behind the scenes when the next big APT report surfaces. Morgan Marquis-Boire is a Senior Researcher at the Citizen Lab, University of Toronto. He is the Director of Security for First Look Media and a contributing writer for The Intercept. Prior to this, he worked on the security team at Google. He is a Special Advisor to the Electronic Frontier Foundation in San Francisco and an Advisor to the United Nations Inter-regional Crime and Justice Research Institute. In addition to this, he serves as a member of the Freedom of the Press Foundation advisory board and as an advisor to Amnesty International. Marion is a malware reverse engineer on duty for Cyphort Inc., focussing on the analysis of emerging threats and exploring novel methods of threat detection. She teaches malware analysis at University of Applied Sciences St. Pölten and frequently appears as speaker at international conferences. Two years ago Marion won Halvar Flake's reverse engineering challenge for females, since then she set out to threaten cyber criminals. She practices martial arts and has a vivid passion for taking things apart. Preferably, other people's things. Claudio is a security researcher mostly specialized in the analysis of malware, botnets and computer attacks in general. He's a core member of The Honeynet Project and created the open source malware analysis software Cuckoo Sandbox and Viper and runs the Malwr free service. Claudio published abundant research on botnets and targeted attacks and presented at conferences such as Hack In The Box, BlackHat, Chaos Communication Congress and many more. In recent years he devoted his attention especially on issues of privacy and surveillance and published numerous articles on surveillance vendors such as FinFisher and HackingTeam with the Citizen Lab as well as on NSA/GCHQ and Five Eyes surveillance capabilities with The Intercept and Der Spiegel. Claudio also contributes to Global Voices Advocacy. He continuously researches and writes on government surveillance and threats to journalists and dissidents worldwide and supports human rights organisations with operational security and emergency response.

Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Mark-Ryan-Talabis-The-Bieber-Project.pdf The Bieber Project: Ad Tech 101, Fake Fans and Adventures in Buying Internet Traffic Mark Ryan Talabis Chief Security Scientist, zVelo In the past year, I found myself immersed in the multi-billion dollar digital advertising industry. This gave me the opportunity to investigate the unique security challenges and issues facing the industry. It was a shock to me at first how complex the advertising ecosystem was particularly in the advent of programmatic advertising. But I dove in head first and learned a lot which I would like to share with my fellow security professionals. During this time, I got involved with unscrupulous publishers, apathetic ad networks, angry advertisers and activist malware researchers. I encountered self proclaimed experts with fantastic claims, vendors using scare tactics, and a glaring disconnect between the security and ad tech worlds. In this presentation, I would like to be able to provide the audience with my experience plus a number of things. Among which are: Provide security professionals a 101 type of introduction to the world of digital advertising ecosystem. Among the things we will tackle is what is programmatic advertising, what the roles are of the different players like ad networks are and how money is made off all this interplay. Provide the audience a perspective on what security challenges the advertising industry is facing and opportunities for us security professionals to be involved. We all know about malvertising and its a big deal to us security guys but there are bigger, and in an advertisers perspective, more relevant issues that needs to be taken care of first. All of this will be discussed in this talk. An introduction about the different and creative ways unscrupulous publishers can pad their earnings. We will be talking about hidden ads, ad stacking, intrusive ads, auto-refreshes, popups, popunders, blackhat SEO techniques and dirty inventory. An in depth discussion on the problems caused by non-human traffic (NHT). We will talk about what it is, why is it a problem, how it is generated, and more importantly, how do we catch it? In fact, this presentation is named the “Bieber Project” which is the experiment which I leveraged to understand non-human traffic and determine how we can identify it. Mark Ryan Talabis is the Chief Security Scientist for zVelo Inc where he conducts research on advertising fraud and non-human traffic. He is also formerly the Director of the Cloud Business Unit of FireEye. He is an alumni member of the Honeynet Project and a member of the anti-malware working group of the Interactive Advertising Bureau (IAB) where he is contributing in the promotion of threat intel sharing across the advertising industry. His current work focuses on helping the advertisers and ad networks in finding ways to identify non-human traffic through various browser impression and behavioral based anomaly detection techniques. This also includes work on detecting various impression and click padding techniques by unscrupulous publishers. He is a graduate of Harvard University and is a co-author of two books from Elsevier Syngress: "Information Security Analytics: Finding Security Insights, Patterns, and Anomalies in Big Data" (2014) and "Information Security Risk Assessment Toolkit: Practical Assessments through Data Collection and Data Analysis" (2012). Techniqies He has presented in various security and academic conferences and organizations around the world including Blackhat, DEF CON, Shakacon, INFORMS, INFRAGARD, ISSA, and ISACA.

Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Leder/DEFCON-22-Felix-Leder-NinjaTV.pdf NinjaTV - Increasing Your Smart TV’s IQ Without Bricking It Felix Leder DIRECTOR, MALWARE RESEARCH, BLUE COAT NORWAY Smart TVs are growing in popularity. Set-top boxes like Apple TV, Roku, or WD TV can make your “normal” TV "smart" and Smart TVs even smarter. Despite their functionality, they’re often missing interesting features, like bit-torrent, VPN and even specific TV channels. This presentation is about how to hack into WD TV set-top boxes and how to add experimental functionality without the risk of bricking it. Whether you want to add exotic TV channels, watch right from bit-torrent, or are crazy enough to do bitcoin mining on your TV – you are in charge. We will demonstrate several methods to become root using everything from remote exploits to hardware hacking. Unfortunately, just becoming root isn’t sufficient to make persistent changes. Because stronger modifications put your device at risk of bricking or of losing specific services, you must dig deeper. We are going to present and release our "adjusted" firmware that keeps all the manufacturer's encryption and service DRM keys intact. The firmware is minimally invasive and enables customization without risk. Patching becomes as easy as an SMB software upload. For those who want get deeper and dirtier, we will explain the firmware structure, how to extract the relevant encryption keys, and discuss the protected software modules. This includes a short overview of relevant tools to do hot-patching, live-debugging, and pointers to get started on reverse engineering core applications. Felix Leder leads the mobile threat research at Blue Coat. Taking things apart has been a life time passion for him. His hobbies, like collecting bugs in malware and botnet takeovers, have resulted in successful take-downs of large malicious networks. As a member of The Honeynet Project he is heavily involved in open source security and has been instrumental in developing a number of malware analysis solutions, including Cuckoo box, Norman's Malware Analyzer G2, and Blue Coat's MAA.

Honeypots, used to detect cyber attacks, have been around information security for a long time. The non-profit Honeynet Project is dedicated to investigating the latest attacks and working to improve the utility of honeypots in today's changing network environment. In this podcast Vic Wheatman speaks with Gartner VP of Research Dr. Anton Chuvakin about this sticky issue. They look at the benefits of Low-interaction honeypots, which simulate only the services frequently requested by attackers, versus High-interaction honeypots that imitate the activities of the production systems that host a variety of services, and, therefore, an attacker may be allowed a lot of services to waste time.

As with most sizable organizations it is near impossible to uninstall or completely disable Java which sent us on a hunt for a feasible way to contain Java based attacks. What we came up with was restricting it to run only in trusted zones. This worked for APPLET tags when encountered in IE. What this does is block any applet from running if it is not part of a trusted internet zone. First thing is to identify all the internal trusted zones and add them. Next allow the user to trust their own zones. Most of the time it seemed they knew when there was an applet they wanted to run. The Honeynet Project is a lnon-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools to improve Internet security. With Chapters around the world, our volunteers have contributed to fight again malware (such as Confickr), discovering new attacks and creating security tools used by businesses and government agencies all over the world. The organization continues to be on the cutting edge of security research by working to analyze the latest attacks and educating the public about threats to information systems across the world. Why would use use HTTP Comments displayer? This nmap script makes use of patterns to extract HTML comments from HTTP responses. There are times sensitive information may be present within these comments. While this does not necessarily represent a breach in security, this information can be leveraged by an attacker for exploitation.

Welcome to our very special episode 350! We have a very special episode, all in support of wounded veterans in our armed services. Please take the time to donate using the links above. We've got an epic day in store for you, including contests, panel discussions, technical segments and more! Active Defense: Taking The Fight To Attackers: Should We? We've all heard the term "Hacking Back". We all have mixed feelings about this term. Lets be clear, its not about feelings! The revenge-based "hacking back" was doomed for failure from the beginning. On the flip side, we're losing the battle against attackers on many fronts. What can we do? Setting traps, tracking attackers, luring them into areas of the network and systems deemed "honeypots" is on the table, or is it? What are the legal ramifications to this activity? Benjamin Wright is the author of several technology law books, including Business Law and Computer Security, published by the SANS Institute. With over 25 years in private law practice, he has advised many organizations, large and small, private sector and public sector, on privacy, computer security, e-mail discovery, outsourcing contracts and records management. Nothing Mr. Wright says in public is legal advice for your particular situation. If you need legal advice or a legal opinion, you should retain a lawyer. Joshua Corman is the Director of Security Intelligence for Akamai. Mr. Corman’s cross-domain research highlights adversaries, game theory and motivational structures. His analysis cuts across sectors to the core security challenges plaguing the IT industry, and helps to drive evolutionary strategies toward emerging technologies and shifting incentives. Dave Dittrich is an Affiliated Research Scientist with the Office of the Chief Information Security Officer at the University of Washington. He is also a member of the Honeynet Project and Seattle's "Agora" computer security group. Robert Graham is the co-founder and CTO of Errata Security, a firm specializing in cybersecurity consulting and product verification. Mr. Graham learned hacking as a toddler from his grandfather, a WW-II codebreaker. His first IDS was written more than 10 years ago designed to catch Morris-worm copycats.

The Identity-Based Internet Protocol (IBIP) Network project is experimenting with a new enterprise oriented network architecture using standard Internet Protocol to encode identity (ID) information into the IP packet by a new edge security device referred to as the IBIP policy enforcement point (PEP). This is a variant of a network admission control process that establishes user and host identities as well as provides optional information on host visibility, organizational affiliation, current role, and trust metric (associated with the user and host endpoints). Our motivation is to increase our security posture by leveraging identity, reducing our threat exposure, enhancing situational understanding of our environment, and simplifying network operations. In addition to authentication, we leverage strong anti-spoofing technology to improve accountability. We reduce our threat surface by "hiding" our client hosts and making all infrastructure devices inaccessible. Any attempt to access a hidden host or infrastructure device results in a policy violation attributable to the user/host that caused the violation and provides enhanced situational awareness of such activities. Our servers can also have a "permissible use" policy that ensures that the server only operates across the network per that policy. Finally, as users log in and servers are added to the network, all dynamic configurations for access control initiated by such changes are automatically carried out without manual intervention, thereby reducing potential vulnerabilities caused by human errors.11.Extracted from "Nakamoto, G.; Durst, R.; Growney, C.; Andresen, J.; Ma, J.; Trivedi, N.; Quang, R.; Pisano, D., "Identity-Based Internet Protocol Networking," MILITARY COMMUNICATIONS CONFERENCE, 2012 - MILCOM 2012 , vol., no., pp.1,6, Oct. 29 2012-Nov. 1 2012. About the speaker: David Pisano is a Senior Network Engineer at the MITRE Corporation, where he has been employed for the last two and a half years. David has devoted most of this time working on networking and networking security challenges. He has been a contributor to The Honeynet Project since 2009. Prior to joining MITRE David earned a Masters in Networking and Systems Administration at the Rochester Institute of Technology (R.I.T.) David completed his undergraduate degree in Applied Networking and Systems Administration with a minor in Criminal Justice, also at R.I.T. David is coauthor on two papers on networking and networking security published in peer-reviewed journals.

Our guest this week is Lance Spitzner, co-founder of the Honeynet Project and former tank operator :) Full Show Notes Direct Audio Download Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez

This will be a practical and theoretical tutorial on legal issues related to computer security practices. In advance of the talk, I will unscientifically determine the "Top Ten LegalQuestions About Computer Security" that Black Hat attendees have and will answer themas clearly as the unsettled nature of the law allows. While the content of the talk is audience driven, I expect to cover legal issues related to strike-back technology,vulnerability disclosure, civil and criminal liability for maintaining insecure computersystems, reverse engineering, the Digital Millennium Copyright Act, trade secret law and licensing agreements. Jennifer Stisa Granick joined Stanford Law School in January 2001, as Lecturer in Law and Executive Director of the Center for Internet and Society (CIS). She teaches, speaks and writes on the full spectrum of Internet law issues including computercrime and security, national security, constitutional rights, and electronic surveillance, areas in which her expertise is recognized nationally. Granick came to Stanford after almost a decade practicing criminal defense law in California. Her experience includes stints at the Office of the State Public Defender and at a number of criminal defense boutiques, before founding the Law Offices of Jennifer S. Granick, where she focused on hacker defense and other computer law representations at the trial and appellate level in state and federal court. At Stanford, she currently teaches the Cyberlaw Clinic, one of the nation's few public interest law and technology litigation clinics. Granick continues to consult on computer crime cases and serves on the Board of Directors of the Honeynet Project, which collects data on computer intrusions for the purposes of developing defensive tools and practices and the Hacker Foundation, a research and service organization promoting the creative use of technological resources. She was selected by Information Security magazine in 2003 as one of 20 "Women of Vision" in the computer security field. She earned her law degree from University of California, Hastings College of the Law and her undergraduate degree from the New College of the University of South Florida.

A Honeypot is a information gathering system, designed for attackers to interact with. A honeynet, simply put, is a network of honeypots. The key component of a honeynet is the honeywall. The honeywall is used to provide the following capabilities: * Data Capture. The ability to collect information about the attack. * Data Control. The ability to restrict the amount of damage that can be done from one of your honeypots to another network. * Data Analysis. The ability to conduct limited forensics analysis on the network traffic or compromised honeypots in order to discover the attackers methodology. * Data Alerting. The ability to alert an analyst as to suspicious activity. In 2001, Honeynet.org released a honeywall, called eeyore, which allowed for Gen II honeynets and improved both Data Capture and Data Control capabilities over the Gen I honeynets. In the summer of 2005, Honeynet.org released a new honeywall, called roo, which enables Gen III honeynets. The new roo has many improvements over eeyore: * Improved installation, operation, customization * Improved data capture capability by introducing a new hflow database schema and pcap-api for manipulating packet captures. * Improved data analysis capability by introducing a new web based analysis tool called walleye. * Improved user interfaces and online documentation The purpose of this presentation is to describe the new capabilities of Gen III honeynets and demonstrate the new roo. In addition, a road ahead will be discussed to describe a global honeygrid of connected honeynets. Allen Harper is a Security Engineer for the US Department of Defense in Northern Virginia. He holds a MS in Computer Science from the Naval Post Graduate School. For the Honeynet Project, Allen leads the development of the GEN III honeywall CDROM, now called roo. Allen was a co-author of Gray Hat, the ethical hackers handbook published by McGraw Hill and served on the winning team (sk3wl of root) at last year's DEFCON Capture the Flag contest. Edward Balas is a security researcher within the Advanced Network Management Laboratory at Indiana University. As a member of the Honeynet Project, Edward leads the development of Sebek and several key GenIII Honeynet data analysis components. Prior to joining Indiana Unviersity, Edward worked for several years as a network engineer developing tools to detect and manage network infrastructure problems.>

This will be a practical and theoretical tutorial on legal issues related to computer security practices. In advance of the talk, I will unscientifically determine the "Top Ten LegalQuestions About Computer Security" that Black Hat attendees have and will answer themas clearly as the unsettled nature of the law allows. While the content of the talk is audience driven, I expect to cover legal issues related to strike-back technology,vulnerability disclosure, civil and criminal liability for maintaining insecure computersystems, reverse engineering, the Digital Millennium Copyright Act, trade secret law and licensing agreements. Jennifer Stisa Granick joined Stanford Law School in January 2001, as Lecturer in Law and Executive Director of the Center for Internet and Society (CIS). She teaches, speaks and writes on the full spectrum of Internet law issues including computercrime and security, national security, constitutional rights, and electronic surveillance, areas in which her expertise is recognized nationally. Granick came to Stanford after almost a decade practicing criminal defense law in California. Her experience includes stints at the Office of the State Public Defender and at a number of criminal defense boutiques, before founding the Law Offices of Jennifer S. Granick, where she focused on hacker defense and other computer law representations at the trial and appellate level in state and federal court. At Stanford, she currently teaches the Cyberlaw Clinic, one of the nation's few public interest law and technology litigation clinics. Granick continues to consult on computer crime cases and serves on the Board of Directors of the Honeynet Project, which collects data on computer intrusions for the purposes of developing defensive tools and practices and the Hacker Foundation, a research and service organization promoting the creative use of technological resources. She was selected by Information Security magazine in 2003 as one of 20 "Women of Vision" in the computer security field. She earned her law degree from University of California, Hastings College of the Law and her undergraduate degree from the New College of the University of South Florida.

A Honeypot is a information gathering system, designed for attackers to interact with. A honeynet, simply put, is a network of honeypots. The key component of a honeynet is the honeywall. The honeywall is used to provide the following capabilities: * Data Capture. The ability to collect information about the attack. * Data Control. The ability to restrict the amount of damage that can be done from one of your honeypots to another network. * Data Analysis. The ability to conduct limited forensics analysis on the network traffic or compromised honeypots in order to discover the attackers methodology. * Data Alerting. The ability to alert an analyst as to suspicious activity. In 2001, Honeynet.org released a honeywall, called eeyore, which allowed for Gen II honeynets and improved both Data Capture and Data Control capabilities over the Gen I honeynets. In the summer of 2005, Honeynet.org released a new honeywall, called roo, which enables Gen III honeynets. The new roo has many improvements over eeyore: * Improved installation, operation, customization * Improved data capture capability by introducing a new hflow database schema and pcap-api for manipulating packet captures. * Improved data analysis capability by introducing a new web based analysis tool called walleye. * Improved user interfaces and online documentation The purpose of this presentation is to describe the new capabilities of Gen III honeynets and demonstrate the new roo. In addition, a road ahead will be discussed to describe a global honeygrid of connected honeynets. Allen Harper is a Security Engineer for the US Department of Defense in Northern Virginia. He holds a MS in Computer Science from the Naval Post Graduate School. For the Honeynet Project, Allen leads the development of the GEN III honeywall CDROM, now called roo. Allen was a co-author of Gray Hat, the ethical hackers handbook published by McGraw Hill and served on the winning team (sk3wl of root) at last year's DEFCON Capture the Flag contest. Edward Balas is a security researcher within the Advanced Network Management Laboratory at Indiana University. As a member of the Honeynet Project, Edward leads the development of Sebek and several key GenIII Honeynet data analysis components. Prior to joining Indiana Unviersity, Edward worked for several years as a network engineer developing tools to detect and manage network infrastructure problems.>

This talk examines formal concepts of digital forensic investigations. To date, the field has had an applied focus and little theory exists to formally define analysis techniques and requirements. This work defines an extended finite state machine (FSM) model and uses it to describe a computer's history, which contains the primitive and abstract states and events that existed and occurred. Using this model, categories of analysis techniques can be defined. This talk describes the model, describes the categories of analysis techniques, and compares the existing tools to the analysis technique categories. About the speaker: Brian Carrier is the author of "File System Forensic Analysis" and several digital forensic analysis tools, including The Sleuth Kit and the Autopsy Forensic Browser. He is completing his Ph.D. in computer science at Purdue University. Previously, Brian was a Research Scientist at @stake in Boston, MA, and the lead for the @stake Response Team and Digital Forensic Labs. Brian has been involved with the European Commission's CTOSE project on Digital Evidence, is a member of the Honeynet Project, a referee for the Journal of Digital Investigation, and on the committees of several conferences, workshops, and technical working groups.

Digital investigations have occurred in some form or another for many years, yet there is no scientific model of the process. After all, there are multiple ways and sequences in which evidence may be found. An investigator does not necessarily need a model to solve a case, but a scientific model is useful for developing investigation tools and technology because it allows us to define requirements and identify what areas need more attention. Further, there are guidelines for entering technical evidence into a U.S. court that may require the technical procedure to be published and have known error rates. In this talk, I will present an overview of existing process models that an investigator can use. I will then present our initial findings on a more scientific model that is based on how digital evidence is created and will show how it can be applied to the process models used by practitioners. Our event-based model allows us to more clearly define requirements for investigation tools, which will help in the development and testing process. About the speaker: Brian Carrier is a Research Assistant at CERIAS and a Computer Science Ph.D. candidate. Previously, Brian was a Research Scientist at @stake in Boston, MA, and the lead for its incident response team and digital forensic lab. Brian is the author of the File System Forensic Analysis book and has authored several digital forensic tools, including The Sleuth Kit and the Autopsy Forensic Browser. Brian has taught forensics and incident response at SANS, FIRST, the @stake Academy, and SEARCH and is a co-author for the 2nd edition of the Honeynet Project's Know Your Enemy book. He has also presented at The Digital Forensics Research Workshop (DFRWS), the High Technology Crime Investigation Association (HTCIA), and the American Academy of Forensic Sciences (AAFS). Brian has been involved with the European Commission's CTOSE project on Digital Evidence and a referee for the Journal of Digital Investigation.