Learn, hack!

URL

http://dewy.fem.tu-ilmenau.de/CCC/22C3/audio/mp3/22C3-871-en-honeymonkeys.mp3

File name

22C3-871-en-honeymonkeys.mp3

File size

21.0 MB

MD5

c892f8bca5a75c708509ac347f6c6cf1

SHA1

eb3ce1b54fe2890a53c6d741ac039781c3b93f48

As part of their ongoing efforts to secure the use of the web for Windows-based systems Microsoft recently launched a new research initiative called Honeymonkeys. This talk will introduce the basic concepts and ideas behind this initiative and will present the speakers' latest research project to gain more knowledge about implementing client-based honeypots. According to Symantec's Internet Security Threat Report VIII (September 2005) attackers these days tend to move away from large-scale attacks towards smaller but precisely focused attacks on client-side targets. Equipped with a certain "exploiting a windows box for fun and profit" mindset and supported by browser bugs, bot networks and all sorts of malicious code, attacks seem to be more and more motivated by a deep desire for money and profit ultimately marking a true shift in the today’s threat landscape. Based on this development and as part of their ongoing efforts to secure the use of the web for Windows-based systems Microsoft recently launched a new research initiative called Honeymonkeys. This talk will introduce the basic concepts and ideas behind this initiative and will compare honeymonkeys to honeypots highlighting both the similarities as well as differences between those two technologies. It will also feature the speakers’ efforts and experiences in implementing, monitoring and analyzing such client-based honeypots with a step-by-step howto for starting your own honeymonkey project. Experiences and catches will be presented in a real environment, so kids please try this at home!