HackFest Series: Roo HoneyNet LiveCD [& Conflicter Infection Test from HoneyNet.org]
Lisa Kachold
lisakachold at obnosis.com
Mon May 4 11:17:03 MST 2009
Joe Stewart is currently "Director of Malware Research" at SecureWorks (a
private securityconsultancy) [read reverse engineering, highly trained lab
dog & sec-con hobo]. Joe has participated in development for:
http://www.joestewart.org/?page_id=5
and submitted extensive virus content contributions and research to various
projects. Most of the top level reverse engineers nationally interact either
via test venues, information sharing or conferences.
http://www.joestewart.org/
http://blog.fireeye.com/research/2009/03/cimbot---a-technical-analysis.html
www.isotf.org/isoi3.html
So, yea, he's a Honeywell project contributer (or reverse engineer).
On Mon, May 4, 2009 at 9:06 AM, Dazed_75 <lthielster at gmail.com> wrote:
>
>
> On Sun, May 3, 2009 at 2:35 PM, Lisa Kachold <lisakachold at obnosis.com>wrote:
>
>> The Honeynet project (sponsoring 9 projects in Google's Summer of Code
>> this year) has a really great LiveCD called Roo, that creates an immediate
>> trap of magnificent proportions:
>>
>> https://projects.honeynet.org/honeywall/attachment/wiki/WikiStart/roo-1.4.hw-20090425114542.iso
>>
>> Roo, like Knoppix Tools on a USB key, is one of those must have items for
>> everyone. Be careful however of the legal implications, which include
>> liability (you built it insecure, knowingly - what is someone uses it as a
>> jumping off place?), complicity, entrapment and more. If you are game, it's
>> exceedingly fun; rather like a Cracker SimCity?
>>
>> Honeynet reverse engineers also built a very amusing "Eye Chart" for
>> determining immediate infection with the worm:
>> http://www.confickerworkinggroup.org/infection_test/cfeyechart.html
>
>
> According to
> http://www.confickerworkinggroup.org/wiki/pmwiki.php/Main/HomePage this
> was created by Joe Stewart from SecureWorks. I just wondered if he is part
> of what you referred to as "Honeynet reverse engineers"?
>
>>
>>
>> www.obnosis.com (503)754-4452
>> "Contradictions do not exist." A. Rand
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> Dazed_75 a.k.a. Larry
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
www.obnosis.com (503)754-4452
"Contradictions do not exist." A. Rand
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20090504/ec409478/attachment.htm
More information about the PLUG-discuss
mailing list