Description

This course shows how to use honeypot technologies as a concrete improvement to your organisations security defences. This course will concentrate on low-interaction honeynet technology.

• honeyd

• workings of honeyd

• routing traffic to honeyd

• simulation

• simulation tcp/ip stacks

• simulation of network infrastructure

• simulation of applications

• advanced honeyd configuration

• centralized data collection with honeyd

• traditional methods

• honeyd collectorr/mustard

• writing honeyd plugins

• honeyd to protect cooperate infrastructure

• malware collection

• Collecting malware with honeypots

• Techniques used

• mwcollect / nepenthes

• How they work

• Writing own modules

• Analyzing the received shellcodes

• Analyzing the captured binaries

• Results

• Bots/Botnets

• Intro to bots and demo

• Reverse engineering of bot

• Basic techniques

• Sandboxes

• Ollydbg and/or IDA

• Botnet 101

• How they work

• What you need to know

• Observing them

• Live botnet observation

• Results

Prerequisites

Students should be familiar with honeypot concepts and have a good understanding of TCP/IP networking and analysis tools like Ethereal.

Prerequisite material

Students need to bring a computer configured with VMWare and powerful enough to run two VMware sessions at once. The computer also should have an wired ethernet interface. Students also need to have an IRC client and the Python programming language installed. They also should have a Windows installation (native or in vmware) with OllyDbgr (http://www.ollydbg.de/) installed.