By understanding how they
attack and what they are looking for, you can better protect your systems
and network.
Know Your Enemy: II - Tracking the blackhat's moves. How to determine what
the enemy is doing by analyzing your system log files. Includes examples
based on two commonly used scanning tools, sscan and nmap.
Know Your Enemy: III - What happens after the script kiddie gains root. Specifically,
how they cover their tracks while they monitor your system.
The paper
goes through step by step on a system that was compromised, with system
logs and keystrokes to verify each step.
Know Your Enemy: Worms at
War - The Not so Friendly World of Cyberspace. See how worms probe for and compromise vulnerable Microsoft Windows systems. Based
on the first Microsoft honeypot compromised in the Honeynet Project.
Know Your Enemy:
Honeynets - What a Honeynet is, its value, how it works, and risk/issues involved. This paper is an overview of the concepts, values, risks, and issues
of Honeynets. This paper does not discuss the technical
details of Honeynet technologies.
Know Your Enemy: GenII Honeynets - This papers describes step-by-step how to build, deploy, and test a
2nd generation (GenII) Honeynet using the latest technologies. GenII
Honeynets are easier to deploy, harder to detect, and safer
to maintain than original GenI technologies.
This paper
explains step-by-step how to build a GenII Virtual Honeynet using the
commercial software VMware. Deploy a complete Honeynet with multiple
honeypots on a single computer.
Know Your Enemy: Learning with User-Mode Linux - Building Virutal Honeynets using User-Mode Linux (UML).
This paper explains step-by-step how to build a GenI Virtual Honeynet
using OpenSource software. Deploy a complete Honeynet using nothing
more than an old 486 computer and free software!
Know Your Enemy: Passive
Fingerprinting - Identifying remote hosts, without them knowing. This paper details how
to passively learn about the enemy, without them knowing about it.
Specifically,
how to determine the operating system of a remote host using passive
sniffer traces only. NOTE: This paper is no longer actively maintained.
This paper analyzes eleven months of data collected by the
Honeynet Project. Based on this data, we demonstrate just how active
the blackhat community is. We also demonstrate that it may be possible
to predict future attacks.
Know Your Enemy: A Forensics
Analysis - The Study of an Attack. This paper studies step-by-step
a successful attack of a system. However, instead of focusing on the
tools and tactics used, we focus on our analysis techniques and how
we pieced the information together.
The purpose is to give you the skills
necessary to analyze and learn on your own the threats your organization
faces. MSNBC has released an interesting, interactive, online
video (42-MB) of the this paper.
Know Your Enemy: Sebek - A kernel-based data capture tool. A detailed look into one of the Project's
primary tools for an attacker's activity on a honeypot, even encrypted
activity, such as SSH, burneye, and IPSec.
This paper covers what Sebek is, its value, how it works, strengths and weaknesses, and how to analyze
data recovered by Sebek.