charles lim - honeynet indonesia chapter
DESCRIPTION
Charles Lim - Honeynet Indonesia ChapterTRANSCRIPT
![Page 1: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/1.jpg)
Honeynet Indonesia ChapterHoneynet – Indonesia Chapter
Honeynet Seminar & Workshop Honeynet Seminar & Workshop Jakarta, 18 June 2013
![Page 2: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/2.jpg)
Agenda• Introduction to HoneynetIntroduction to Honeynet• Introduction to Honeynet - Indonesia
ChapterChapter• What’s Up?
Wh t’ N t?• What’s Next?• About the Workshop• Conclusion
![Page 3: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/3.jpg)
THANK YOU – SOLD OUT
![Page 4: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/4.jpg)
THANK YOU
• To the Ministry of Communication and Informatics, especially Directorate Information SecuritySecurity
• To Swiss German University team, support toTo Swiss German University team, support to organize and make this event possible
• To all the speakers and sponsors
T ll d h f h• To all attendees that come for these events
![Page 5: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/5.jpg)
Introduction to The Honeynet Introduction to The Honeynet Project
• Volunteer open source computer security research organization since 1999 (US 501c3
fit)non-profit)
Mi i ¨l th t l t ti d ti• Mission: ¨learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned¨ -share the lessons learned -http://www.honeynet.org
![Page 6: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/6.jpg)
Introduction to The Honeynet Introduction to The Honeynet Project
![Page 7: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/7.jpg)
Introduction to The Honeynet Introduction to The Honeynet Project
• Goal: Improve security of Internet at no cost to the public
• Awareness: Raise awareness of the threats th t i tthat exist
• Information: For those already aware, teach and inform about latest threatsand inform about latest threats
• Research: Give organizations the capabilities to learn more on their own
![Page 8: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/8.jpg)
Introduction to The Honeynet Introduction to The Honeynet Project
• Global membership of volunteers with diverse• Global membership of volunteers with diverse skills and experiences
• Deploys networks of computer systems around the p y p yworld with the explicit intention of being hacked
• Share all of our tools, research and findings, at no t t th blicost to the public
• Members release regular activity status reports¨K Y E ¨ (KYE) hit l l• Know Your Enemy (KYE) white papers regularly published on current research topics
• Committed to open source and creative commonsCommitted to open source and creative commons• Partially funded by sponsors, nothing to sell!
![Page 9: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/9.jpg)
Introduction to The Honeynet Introduction to The Honeynet Project
![Page 10: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/10.jpg)
Brief Introduction to The Brief Introduction to The Honeynet Project
46 Chapters and 28 countries
![Page 11: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/11.jpg)
Brief Introduction to The Honeynet Project
Honeynet Workshop 2013 @ The Address Dubai
![Page 12: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/12.jpg)
Brief Introduction to The Honeynet Project
Honeynet Workshop 2012 @ Facebook HQ
![Page 13: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/13.jpg)
Indonesia Chapter• 25 November 2011, about 15
people from academia, security professionals and government made the declaration duringmade the declaration during our yearly malware workshop at SGU (Swiss German University)University)
• 19 January 2012 accepted as part of Honeynet Chapterp y p
• Members: 70 (today)
![Page 14: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/14.jpg)
Indonesia Chapter
• Indonesia Honeynet Project
• Id_honeynet
• http://www.honeynet.or.id
htt // l / /id h t• http://groups.google.com/group/id-honeynet
![Page 15: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/15.jpg)
Introduction to The Honeynet Introduction to The Honeynet Project
![Page 16: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/16.jpg)
Introduction to The Honeynet Introduction to The Honeynet Project
![Page 17: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/17.jpg)
Indonesia Honeynet ProjectIndonesia Honeynet ProjectSeminar & Workshop
Honeynet Workshop 5-6 Juni 2012, Jakarta
![Page 18: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/18.jpg)
Indonesia Honeynet ProjectIndonesia Honeynet ProjectSeminar & Workshop
Honeynet Workshop 20 Nop 2012, Surabaya
![Page 19: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/19.jpg)
How we start?
• Four students of SGU in 2010 wanted to• Four students of SGU in 2010 wanted to explore how to use Data Mining to understand Cyber Security Threats:y y• 2 students focusing on Malware Threats• 2 students focusing on Cyber Terrorismg y
• 1 Student SGU focused on capturing malware using Honeypots (Nepenthes)
• We also invited Malware Expert, Pak Aat to share his experience
![Page 20: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/20.jpg)
Road Mapp
20
Randy Anthony-SGU-
Amien H Rosyandino-ID SIRTII-
Michael-SGU-
Stewart-SGU-
Glenn-SGU-
Mario-SGU-
![Page 21: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/21.jpg)
Road Mapp
Mario-SGU-
Andrew-SGU-
Tommy-SGU-
21
Michael-SGU-
Stewart-SGU-
Glenn-SGU-
![Page 22: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/22.jpg)
SGU Honeypots• SGU Honeypot Network Designyp g
![Page 23: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/23.jpg)
Live Demo
SGU HoneypotSGU Honeypot
![Page 24: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/24.jpg)
Live Demo
![Page 25: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/25.jpg)
National Malware Monitoring
• Central Repository for Malware captured by all• Central Repository for Malware captured by all universities sensors in Indonesia that participatep p
![Page 26: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/26.jpg)
Previous Works
• Nano PC with Atom processors• Nano PC with Atom processors• Price Rp 3 million
![Page 27: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/27.jpg)
Work in Progress
• Raspberry PI• Raspberry PI• ARM processor• RAM 512 MB 8 GB SD Card• RAM 512 MB, 8 GB SD Card
• Push Protocol
![Page 28: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/28.jpg)
What’s Next?• Call for more participation from universities• Call for more participation from universities,
industry and government
• Requirements:• A commitment from the top management• At least 1 public IP address to start• Willing to submit malware samples to central
repositoryrepository
• You will get:g• 1 Nano PC to be installed in your infra
![Page 29: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/29.jpg)
Our Previous Dashboard
![Page 30: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/30.jpg)
W b I t f (2013)Web Interface (2013)
Thanks to Jonathan & Tommy (SGU IT Batch 2011)
![Page 31: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/31.jpg)
Web Interface (2013)
Thanks to Jonathan & Tommy (SGU IT Batch 2011)
![Page 32: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/32.jpg)
Web Interface (2013)
Thanks to Jonathan & Tommy (SGU IT Batch 2011)
![Page 33: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/33.jpg)
Web Interface (2013)Web Interface (2013)
Thanks to Jonathan & Tommy (SGU IT Batch 2011)
![Page 34: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/34.jpg)
Web Interface (2013)Web Interface (2013)
Thanks to Jonathan & Tommy (SGU IT Batch 2011)
![Page 35: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/35.jpg)
Web Interface (2013)Web Interface (2013)
Thanks to Jonathan & Tommy (SGU IT Batch 2011)
![Page 36: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/36.jpg)
What’s Next?
• Improving Stats Reporting• Improving Stats Reporting
• Sharing malware and stats• Sharing malware and stats
Adding more honeypots such as honeytrap• Adding more honeypots such as honeytrap, Glastopf, Kippo, etc.
• All raspberry honeypots
• Data Cleansing and Clustering Data Mining
![Page 37: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/37.jpg)
![Page 38: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/38.jpg)
![Page 39: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/39.jpg)
Last Year Workshop
• We have one track with morning session and• We have one track with morning session and afternoon session
• Morning Session – Dionaea & Malware Analysis
• Afternoon Session – Capture The Flag
![Page 40: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/40.jpg)
This Year WorkshopWaktu Track #1 Track #2 Track #3
08:15 – 08:30 Registrasi & Persiapan Seminar
08:30 – 09:00 Kata Sambutan (Kementerian KOMINFO)
09:05 – 10:00 Honeypot – Dionaea (Charles & Mario) Malware Analysis (Ricky) Memory Forensic (Mada)
10:00 – 10:15 Break
10:15 – 12:30 Honeypot Back End (Mario) Malware Analysis (Ricky) Memory Forensic (Mada)
12:30 – 13:15 ISOMA
13:15 – 14:45 Honeypot – Glastopf, Kippo (Amien) Botnet (Charles) ACAD-CSIRT
(Mantra & Greg)
14:45 – 15:00 Break
15:00 – 16:30 Developing Malware Lab (Digit) Botnet (Charles) Android Forensic (Feri)
![Page 41: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/41.jpg)
Track #1• Morning Session – Dionaeag
• Speaker: Charles Lim and Mario Marcello• How to setup and configure Dionaea• How to create stats report for the captured traffic
• Afternoon Session I• Speaker: Amien Harisen• How to setup and configure Kippo and Glastopf
• Afternoon Session II• Speaker: Digit Oktavianto• How to setup your own Malware Lab
![Page 42: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/42.jpg)
Track #2• Morning Session – Malware Analysis
• Speaker: Ricky Prajoyo• How to perform Reverse Engineering• How to perform Analysis of executable malware
samples
• Afternoon Session – BotnetS k Ch l Li• Speaker: Charles Lim
• Understanding Botnets• Analyzing Botnet activities• Analyzing Botnet activities
![Page 43: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/43.jpg)
Track #3• Morning Session – Memory Forensics
• Speaker: Mada R. Perdhana• How to perform Memory Forensics• Forensic Stuxnet Malware samples• Forensic Stuxnet Malware samples
• Afternoon Session I – Java SecurityAfternoon Session I Java Security• Speaker: Gregorius Hendy• Secure Coding using Java
• Afternoon Session II – Android Forensics• Speaker: Feri Lauw• How to Perform Android Forensics
![Page 44: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/44.jpg)
Further Information
• The Honeynet Project (http://www.honeynet.org)
• Indonesia Honeynet Project (http://www.honeynet.or.id) ( p y )
• Swiss German University (http://www.sgu.ac.id) ( p g )
• My Blog (http://people.sgu.ac.id/charleslim) ( p //peop e sgu ac d/c a es )
![Page 45: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/45.jpg)
Honeynet - Indonesia Chapter
• Indonesia Honeynet Project
• Id_honeynet
• http://www.honeynet.or.id
htt // l / /id h t• http://groups.google.com/group/id-honeynet
![Page 46: Charles Lim - Honeynet Indonesia Chapter](https://reader036.vdocuments.mx/reader036/viewer/2022081515/554fb70fb4c9057b298b5467/html5/thumbnails/46.jpg)
Questions ???