Presentation Material

Abstract

This talk is not about describing what honeypots are, their types, their installation or risks associated with them. Rather, author would talk about post installation steps towards capturing data and extracting meaningful information out of it. On behalf of Indian Honeynet Project (IHN), a ready-to-deploy *nix based distribution – HoneySense, comprising of set of open-source honeypots will be released. The distribution aims at gathering information about the motives and tactics of attacks launched either automatically by botnets or manually by malicious individuals against various well known services. Capabilities of honeypots included in distribution allows researcher to analyze the attack vectors, capture malicious binaries used during attacks, detect controllers commanding web shells on servers and guiding malwares on networks etc. In general lots of attack data and information can be captured using honeypots but lots of time this effort fails when it comes to extract value out of such data. The talk will emphasize on handling, correlating and visualizing the collected data so that meaningful information (such as 0 Day samples, C&C; information, attacker details), can be extracted.