onHacks

The Hong Kong chapter of Honeynet, led by Peter Cheung and Roland Cheung, has produced two walkthroughs on their high interaction honeypot findings, windows and linux. There are not many detailed walkthrough out there, and hence I wrote one. They gave a detailed (with images!) walkthrough on how to do forensics on a honeypot. I encourage avid learners to take a step and get something out of them.

Windows

http://www.honeybird.hk/project/wp-content/uploads/2009/04/honeypot-study-windows-2008.pdf

Linux

http://www.honeybird.hk/project/wp-content/uploads/2009/02/honeypot-study-linux-2008.pdf

(Hey.. I really don’t know the Chinese term for Forensics…) I got the term from 冰血封情 on  EvilOctal .. it’s 取証. Thanks. =)

Honeypot Forensics

Large real PCAP datasets, food!

MU Dynamics released some PCAPs obtained from the SHMOO Group and wrapped the total of 15.0 GBytes, 26.3 million packets with indexing. According to SHMOO Group , “This archive contains data logged during the Capture the Flag Contest at DefCon. The Shmoo Group is publishing this data to promote the creation of more secure software and to offer data for research purposes.” For research purposes, now here comes the game to brainstorm. Go grep it if anyone needs it.

In case you don’t know, SHMOO Group’s SHMOOCON got some really high quality presentation and the best people from the security field to present each year. You should take a good look there to learn.

Testing Dataset, Forensics, PCAP