2012
05.30

Research

We are actually working on:

Developing a new multiplatform drone

Project started on :

  • September 2009

Current Developers:

  • Patrizia Martemucci (Chapter Member)
  • Domenico Chiarito (Chapter Member)
  • Marco Riccardi (Chapter Member)
  • Luigi Favaro (UNIMI Graduating student)
Past Developers:
  • Marco Doldi (UNIMI Graduated Student – 2012)
  • Giampaolo Dedola (UNIMI Graduated Student – 2011)
  • Andrea Cavenago (UNIMI Graduating Student)

JDrone Features:

  • Multiplatform – Totally written in Java
  • Distributed and scalable architecture – Not only for the drones, but also for the back-end servers
  • Centralized log management – every log are sent to a central server by using mutual authentication implemented in syslog-ng
  • Authentication and encryption between each drone and the servers (Authetincation server, and log server) applied by a PKI
  • Synchronized log insertion
  • All the operation are totally transparent to the jdrone user
  • Support IRC / HTTP connection
  • Multi-grammar support – Compatible with non-RFC botnets
  • Splunk plug-in for JDrone log analysis
Outcomes:
  • Financial Botnet Analisi del Zeus Crimeware Toolkit e sviluppo di un modulo di infiltrazione con supporto di comunicazioni cifrate – Giampaolo Dedola [pdf ITA]
  • Analisi della Botnet Zeus 2.0.8.9 e integrazione del modulo di monitoraggio in JDrone – Marco Doldi [pdf ITA]
  • JDrone 2.0 The evolution of the Dorothy’s Botnet Infiltration Module – Domenico Chiarito [pdf ENG]
  • JDrone 3.0 Beyond standard botnet monitoring – Luigi Favaro [pdf ITA]

Dorothy 2.0 

Project started on :

  • November 2010

Current Developers:

  • Marco Riccardi (Chapter Member)

Past Developers:

  • Marco Addario Giampaolo Dedola (UNIMI Graduated Student – 2011)
  • Andrea Valerio (UNIMI Graduated Student – 2013)

Dorothy 2.0 Features:

  • Totally written in Ruby / Ruby on Rails
  • Support for VMWare ESXi for malware analysis
  • Interactive console
  • Pcapr-local implementation as Network Analysis Module
  • Data are now stored in a Postegres database
  • WebGUI module developed in Ruby on Rails
Outcomes:
  • Botnet Protocol Analysis – Marco Addario [pdf ITA]
  • WGUI Dorothy 2.0 Tecniche di visualizzazione dei dati per la sicurezza informatica – Andrea Valerio [pdf ITA]

Honeypot dissemination

Project started on:

  • November 2011

Current Developers:

  • Marco Riccardi (Chapter Member)
  • Calogero Lupo (Chapter Member)
Past Developers:
  • Stefano Fornara (UNIMI Graduated Student – 2011)
  • Pierluca Zangari (Former Chapter Member)
  • Francesco Milito  (UNIMI Graduated Student – 2012)

Honeynet development:

  • Implementation of honeeebox+hpfeed
  • Implementation of SurfIDS for honeypot analysis
  • Design&Implementation of high interaction honey-pharm
  • Honeypot data analysis.
Outcomes:
  • Un’Ordinaria Giornata di Attacchi Informatici – Rilevamento, Monitoraggio e Analisi con Sistemi di Honeypot e SURFids – Stefano Fornara [pdf ITA]
  • Tool e tecnologie per realizzare una honeynet – Francesco Milito [pdf ITA]
  • Alla ricerca del malware perduto Progettazione e realizzazione di una Virtual Honeypot distribuita – Calogero Lupo [pdf ITA]

Pending Projects

We are looking for new contributors that could be able to work on these projects:

  • Improving Visualization Techniques
  • Improving Dorothy2
  • Honeypot  data analysis 

If you are interested in contributing in our pending projects, or in knowing more about the current ones, please send us an email to : info at honeynet.it

If you are a student of UNIMI-DTI, and want to prepare your final degree project with us, please get in touch with Marco Cremonini 

Comments are closed.