2012
05.30
05.30
We are actually working on:
Developing a new multiplatform drone
Project started on :
- September 2009
Current Developers:
- Patrizia Martemucci (Chapter Member)
- Domenico Chiarito (Chapter Member)
- Marco Riccardi (Chapter Member)
- Luigi Favaro (UNIMI Graduating student)
Past Developers:
- Marco Doldi (UNIMI Graduated Student – 2012)
- Giampaolo Dedola (UNIMI Graduated Student – 2011)
- Andrea Cavenago (UNIMI Graduating Student)
JDrone Features:
- Multiplatform – Totally written in Java
- Distributed and scalable architecture – Not only for the drones, but also for the back-end servers
- Centralized log management – every log are sent to a central server by using mutual authentication implemented in syslog-ng
- Authentication and encryption between each drone and the servers (Authetincation server, and log server) applied by a PKI
- Synchronized log insertion
- All the operation are totally transparent to the jdrone user
- Support IRC / HTTP connection
- Multi-grammar support – Compatible with non-RFC botnets
- Splunk plug-in for JDrone log analysis
Outcomes:
- Financial Botnet Analisi del Zeus Crimeware Toolkit e sviluppo di un modulo di infiltrazione con supporto di comunicazioni cifrate – Giampaolo Dedola [pdf ITA]
- Analisi della Botnet Zeus 2.0.8.9 e integrazione del modulo di monitoraggio in JDrone – Marco Doldi [pdf ITA]
- JDrone 2.0 The evolution of the Dorothy’s Botnet Infiltration Module – Domenico Chiarito [pdf ENG]
- JDrone 3.0 Beyond standard botnet monitoring – Luigi Favaro [pdf ITA]
Dorothy 2.0
Project started on :
- November 2010
Current Developers:
- Marco Riccardi (Chapter Member)
Past Developers:
- Marco Addario Giampaolo Dedola (UNIMI Graduated Student – 2011)
- Andrea Valerio (UNIMI Graduated Student – 2013)
Dorothy 2.0 Features:
- Totally written in Ruby / Ruby on Rails
- Support for VMWare ESXi for malware analysis
- Interactive console
- Pcapr-local implementation as Network Analysis Module
- Data are now stored in a Postegres database
- WebGUI module developed in Ruby on Rails
Outcomes:
Honeypot dissemination
Project started on:
- November 2011
Current Developers:
- Marco Riccardi (Chapter Member)
- Calogero Lupo (Chapter Member)
Past Developers:
- Stefano Fornara (UNIMI Graduated Student – 2011)
- Pierluca Zangari (Former Chapter Member)
- Francesco Milito (UNIMI Graduated Student – 2012)
Honeynet development:
- Implementation of honeeebox+hpfeed
- Implementation of SurfIDS for honeypot analysis
- Design&Implementation of high interaction honey-pharm
- Honeypot data analysis.
Outcomes:
- Un’Ordinaria Giornata di Attacchi Informatici – Rilevamento, Monitoraggio e Analisi con Sistemi di Honeypot e SURFids – Stefano Fornara [pdf ITA]
- Tool e tecnologie per realizzare una honeynet – Francesco Milito [pdf ITA]
- Alla ricerca del malware perduto Progettazione e realizzazione di una Virtual Honeypot distribuita – Calogero Lupo [pdf ITA]
Pending Projects
We are looking for new contributors that could be able to work on these projects:
- Improving Visualization Techniques
- Improving Dorothy2
- Honeypot data analysis
If you are interested in contributing in our pending projects, or in knowing more about the current ones, please send us an email to : info at honeynet.it
If you are a student of UNIMI-DTI, and want to prepare your final degree project with us, please get in touch with Marco Cremonini