I’d like to say “Congrats!” to Domenico Chiarito who has just completed his Bachelor studies in “System and Network Security” @ the University of Milan (DTI).

Domenico made his Thesis on the JDrone project. He drastically improved our botnet monitoring software by integrating a relational database  with the existing JDrone components (Client, and Server).

His work could be downloaded here.

Thank you Domenico, the Honeynet.it project was pleased to mentor you during your work, and we really hope that you will continue to help us on such project.

m4rco-

It is with great pleasure I announce the first-ever Honeynet Project Public Conference, held alongside with the traditional Honeynet Project Annual Workshop. The event will be held on March 21, 2011 in Paris. For those who just want to register now, go here.

Date: 21 March 2011 (Monday)

8:30AM ~ 18:00PM (GMT+1)

Location:

ESIEA Paris, 9 rue Vesale 75005 Paris

(Nearest subway station: Les Gobelins(line #7))

About the event:

The 2011 Project Honeynet Security Workshop brings together experts in the field of information security from around the world to share the latest advances and threats in information security research. Organized by the not-for-profit Honeynet Project and co-sponsored by the ESIEA Engineering School, this full day workshop creates opportunities for networking, collaboration and lessons-learned featuring a rare, outstanding line-up of international security professionals who will present on the latest research tools and findings in the field.

This year’s workshop will be held in Paris, France on 21 March 2011 and is the first time that the workshop has opened a day to the public. Starting at 9:00 GMT+1, the workshop program features a format that includes presentations in five sessions and two bonus hands-on activities. The bonus activities include a technically challenging capture-the-flag (CTF) session and a tough forensics challenge (FC) that will allow attendees to apply their expertise and compete for prizes. If you’re looking to attend a high quality and challenging security workshop, then we encourage you to take advantage of this rare opportunity.

More info here.

Enjoy!

These documents were also presented last week during a dedicated workshop hosted in Cologne, where different experts from various sectors has attended the event.

We are working hard for releasing the  new version  of our framework for botnet tracking(Dorothive).

Below you can find some new features:

+ Postgres database

+ the analysis coore is being developed in pure ruby language (OO oriented, easy addition of new detection rules ex. zeus,spyeyes,etc)

+ New visualization techniques : Realtime Charts (hightcharts, or opencharts), and AJAX google APIs for maps. That’s the way.

+ Drone completely coded from the scratch in Java: multi-platform, PKI based, TOR/proxy connection, IRC/HTTP compatibility.We are close to launch our first beta.  Let me know who is interested in participating as beta-tester.

+ The analysis engine will be able to detect financial botnet as presented at the APWG conference , here at Barcelona Digital we are going to begin the test phase to acquire some interesting results.

+ and lot more..

More status updates will be released more often, I promise.

stay tuned!

The title of our paper is “A Framework For Financial Botnet Analysis“  and will be presented at the Anti Phishing Working Group (APWG) conference that this year will be held in Dallas.  Our work  represents a research study that is still in progress that is  based on developing new detection and mitigation strategies to cope with financial botnets.

The proposed research partially relies on a customized version of the Dorothy Framework by improving its overall development status. The Italian Chapter of the Honeynet Project is proud to see that its work is going to be useful also for such purpose, and this publication will encourage its future research.

We would like to hope you all a nice summer holidays !

We will back at work on September  releasing new updates about our current projects .

See you there!

I would like to wish you a beautiful christmas ave!
Special wishes to our team, focusly to who is daily devoting its time contributing in our project.
Claudio Guarnieri, Andrea Cavenago, and Patrizia Martemucci recentrly worked hard for developing new modules of Dororthy framework (a malware analysis module, and the new dorothy-drone), really thanks for their support, I wish that during next year they will continue to give their fruitful contribution.

Next year we well back in action,  and relasing the new version of Dorothy (Dorothive) will be the primary project goal. So stay tuned!

Best Regards,

m4rco-

I would like to inform you all about our recent activities that we are attempting to achieve.

First of all, we have totally rebuilt our web site. This new ones aim to be a central repository of all the (external/internal) news concerning botnets (mainly) and malwares (secondary).
We will use the blog for posting about our project developments, and for commenting/reporting interesting news concerning the field that we are currently treating, so you can now add a new entry to your feeds reader
The repository section aims to maintain a complete library of all the publications redacted (by us or others) until today about botnets. Each one can be tagged and classified for giving an easy way for searching what a researcher needs.  If you have a paper/doc about botnets, we will be proud to upload it here!
The Dorothy section is the web GUI of the framework developed by me about irc-botnet tracking through interactive visualization. Maybe you have seen it before (I’ve posted the link in this mailing list some months ago), since that I’ve improved the GUI adding a “malwares” task for each C&C, and providing an afterglow graph for each malware and for each C&C .
We are also maintaining a Wiki, here you can find all information about our tools/activities: you are all invited to contribute on it. The wiki has been recently “plugged” with the GUI giving the possibility to create a new page for each C&C, in this way, every researcher can write about his own investigation about it.

Then I would like to introduce two new chapter members:  Emanuele Goldoni , and Davide Cavalca.
I’ve ask them to join in our team after reading  their research work regarding a development of an automated  framework for malware analysis and irc/web botnet tracking.
Their  tool “HIVE” is really similar to the ones developed by me , but present a more robust data architecture. Dorothy and HIVE was developed to achieve the same goal, whereas the first ones focus on the visualization methods as its straight point, the second treats the acquisition process in a more engineering manner: the data repository has been designed for being capable for receiving data for a wide sensor deployment.
We are currently defining the details of a possible collaboration between the Information Technology Department of the University of Milan  and the Networking Lab of the University of Pavia (where Emanuele works as researcher) . Both universities are current offering their graduating students for conducting their diploma thesis about the improvement of our framework.  Currently, we are following the work of three students: one is developing a new multiplatform drone for irc botnet tracking, and the others are developing a dedicated framework for malware analysis (static and dynamic).
Currently, me and Davide are developing a new integrated framework (Dorothive) that inherit all the goodness of our previous tools.
Thanks to Davide and Emanuele’s contribution, our chapter is growing fast, they are a very skilled people and they are so motivated as me to make our chapter more interesting as possible: working with them is a real pleasure.

I ask you all to view our new site, for accessing to the private sections (wiki, Dorothy) you need to register.
Currently registrations are not open to the wide public, so if you want an account please let me know and I will provide you one.

Please to give us your  feeds/comments/suggestions/criticisms/anything , we will consider it as a treasure !

Best Regars,

m4rco-

Thanks to Mark Schlößer for the registration support!

I’m apologized for the long-time of inactivity but i have been engaged with the planification about the future of this project.
The Dorothy Project is being evolving to the official Italian Honeynet Chapter, we are waiting for the correct subscription process accomplishment .
Meanwhile, we have formed the official membership of the project.
Currently this project count 5 official members, as soon as possible we will make available our profile for letting you all to meet us better .
We are defining the work to do in the next weeks, and planning the date for the official release of the web platform .

Here will be published every news about the project/chapter progress, and every interesting thing about the project research area (IT Security, Botnet, Malware Analysis, etc) so stay tunes, and post your opinions/comments!

See you soon

m4rco-