Honeynet Project Blog Top Posts in February 2011

FYI, I won’t be posting these here all the time (they are written for The Honeynet Project blog – original location for this post), but I figured I’d post the first one here just to tell people about all the fun stuff from the Honeynet blog that I now take care of as a project PR officer..
The following are the Top 5 popular blog posts from The Honeynet Project blog this month.
  1. Observing Botnets” talks about tools to observe bot traffic on the network; it is an excerpt from “Know Your Enemy: Tracking Botnets” paper (fun quote: ‘"A botnet is comparable to compulsory military service for windows boxes" – Stromberg’)
  2. The Honeynet Project Releases New Tool: Cuckoo” covers Cuckoo, a binary analysis sandbox, designed and developed with the general purpose of automating the analysis of malware.
  3. First-ever Honeynet Project Public Conference–Paris 2011” announces the first-ever Honeynet Project Public Conference, held alongside with the traditional Honeynet Project Annual Workshop.
  4. Client Side Attacks” is a brief primer on client-side attacks where a server attacks a client that connects to it; it is an excerpt from “Know Your Enemy: Malicious Web Servers” paper
  5. Use of Botnets” is also an excerpt from “Know Your Enemy: Tracking Botnets” paper. It talks about the malicious use for botnets.
Look for more of such Honeynet blog highlights in the future!
Possibly related posts:
Enhanced by Zemanta

Comments

Post a Comment

Popular posts from this blog

Monthly Blog Round-Up – August 2018

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts based on last month’s visitor data  (excluding other monthly or annual round-ups): “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010 – much ancient!) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our research on developing security monitoring use cases here – and that we updated for 2018 . A lot more SIEM use case discussion is coming, here is a new post for 2018 SIEM use cases. “ Simple Log Review Checklist Released! ” is often at the top of this list – this rapidly aging checklist is still a useful tool for many people. “ On Free Log Management Tools ” (also aged quite a bit by now) is a companion to the checklist ( updated version ) “ Why No Open Source SIEM, EVER? ” contains some...
Read more

Got A Pile of Logs from an Incident: What to Do?

Image
As I am going through my backlog of topics I wanted to blog about (but didn’t have time for the last 4-6 months), this is the one I really wanted to explore. Here is the scenario: Something blows up, hits the fan, starts to smell bad, <insert your favorite incident metaphor> … either in your IT environment or at one of your clients’ Logs (mostly) and other evidence is taken from all the components of the affected system and packaged for offline analysis You get a nice 10MB-10GB pile of juicy log data – and they wants “ answers ” What do you do FIRST? With what tools? Let’s explore this situation. I know most of you would say “ just pile’em into splunk ”  and, of course, I will do that. However, that is not a full story. As I point out in this 2007 blog post (“ Do You Enjoy Searching? ”), to succeed with search you need to know what to search for. At this point of our incident investigation, we actually don’t! Meanwhile, the volume of log data beyond a few megabytes makes “tri...
Read more

How to Replace a SIEM?

Image
Note : this has been written for “Cisco MARS blog” as a guest post and is reposted here for posterity. Ouch! That “Venus” SIEM   appliance that we got with routers has finally croaked. That piece of PHP brilliance that pre-pre-previous security engineer wrote has been buried under the thick pile of XML. That managed SIEM provider has annoyed us one last time. What do the above situations have in common? The unfortunate time to replace your SIEM has come. What to expect, apart from copious amounts of pain? This post will shed some light on this conundrum, based on author’s experiences. First, it goes without saying that it is better to choose the right SIEM the first time (e.g. see “ On Choosing SIEM ” and other posts mentioned below) than to migrate from a SIEM that has been collecting logs (and dust) for a few years. However, you might not have any say in the matter – you might have inherited it, your “evil boss” might have procured the previous SIEM without asking you or ...
Read more