This week, UNSW is hosting workshops with two of the world's most respected experts on honeypots and other deception techniques, Piotr Kijewski and Lukas Rist.
Fresh from their talks at the Honeynet Project Workshop hosted at UNSW Canberra earlier this week (sponsored by SECedu), Lukas and Piotr are flying to Sydney to deliver talks and workshops starting Monday 20th of November.
UNSW students can register their interest here
A brief description of each of the talks is below:
Shadowserver has been collecting network threat information on a large scale for many years with a mission to make the Internet a more secure environment for all. The collected data is sent to National CERTs and network owners via the Shadowserver free daily remediation feed and used to support various law enforcement investigations. Data collection on such a scale is a big challenge - the talk will give an overview of how Shadowserver operates, what data it collects, how the information is being shared and how Shadowserver has supported various botnet takedowns.
Piotr is the Strategic Programmes Manager at Shadowserver. He has a strong CERT background, working in incident response at a national level for 14 years in the CERT Polska (CERT.PL) team. He managed the team for nearly 7 years, building up its various security data gathering and analysis projects as well as managing its anti-malware operations, including numerous botnet disruptions. Piotr currently serves on the Board of Directors of the Honeynet Project, a well-known and respected non-profit that is committed to the development of honeypot technologies and threat analysis. Piotr is also the author of many papers and reports on security topics and a frequent speaker at conferences worldwide.
This talk will be an introduction in deception, honeypot technology and how to build a honeypot. Lukas will teach you how to build your own honeypot, understand the attack surface, and interaction with the honeypot and how to read and understand the data collected. He will do a deep dive into Conpot and take a close look at the protocols supported and the templating engine. This should prepare you to be able to customise a honeypot so it can mimick the look and feel of an appropriate system of your choice.
Lukas Rist is a contributing member of the Honeynet Project since 2009, two year member of the board of directors, volunteers as its Chief Research Officer these days. Most of his engagement is focused on working with students, providing project management and incubating ideas. He always had a strong interest in honeypot development, which started in the field of web applications (Glastopf), shifted then into industrial security (Conpot) and focuses currently on generic honeypots (Glutton) and detection technologies (go-dpi) and some reborn love for web apps (Snare). He worked in the security industry on the detection of malicious samples by sandboxing their execution and classification of their behavior, and ventured recently into the startup world, making sure those (mathematical) tensors keep flowing.