Learn, hack!

URL

http://events.ccc.de/congress/2005/fahrplan/attachments/686-slides_honeymonkeys.pdf

File name

686-slides_honeymonkeys.pdf

File size

2.1 MB

MD5

7c7f670aee0e1c43b4f8031756dd1afb

SHA1

f49b6527ec90433b4b7b16a250707e925c2d5ad3

As part of their ongoing efforts to secure the use of the web for Windows-based systems Microsoft recently launched a new research initiative called Honeymonkeys. This talk will introduce the basic concepts and ideas behind this initiative and will present the speakers' latest research project to gain more knowledge about implementing client-based honeypots. According to Symantec's Internet Security Threat Report VIII (September 2005) attackers these days tend to move away from large-scale attacks towards smaller but precisely focused attacks on client-side targets. Equipped with a certain "exploiting a windows box for fun and profit" mindset and supported by browser bugs, bot networks and all sorts of malicious code, attacks seem to be more and more motivated by a deep desire for money and profit ultimately marking a true shift in the today’s threat landscape. Based on this development and as part of their ongoing efforts to secure the use of the web for Windows-based systems Microsoft recently launched a new research initiative called Honeymonkeys. This talk will introduce the basic concepts and ideas behind this initiative and will compare honeymonkeys to honeypots highlighting both the similarities as well as differences between those two technologies. It will also feature the speakers’ efforts and experiences in implementing, monitoring and analyzing such client-based honeypots with a step-by-step howto for starting your own honeymonkey project. Experiences and catches will be presented in a real environment, so kids please try this at home!