Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Do we Know our enemy? SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Do we Know our enemy?
Do We know our enemy?

I am sure that most of you already know the excellent paper series Know your Enemy , by the Honeynet Project. This serie of papers are usually "dedicated to describing the concepts and technology of the Honeynet Project and Research  Alliance and sharing the lessons we have learned." So, just to be as clear as possible, if you are
not trying to understand how the bad guys are moving, you are a step behind...because they are doing
this to us for a long time...:)

Yesterday I was checking a large bot source code repository, and found a section called papers...inside this directory I could find a paper called 'Know Your Enemy - Tracking Botnets', the paper from the 'Know your enemy series' that is dedicated to study the botnets, their tools and actions.
Doesn't it make sense?? :)

It is always the cat and mouse game, we get their tools, study them and get intelligence to fight against...in their case they are doing exaclty the same, learning how are we detecting them and trying to bypass the controls.

So, keep always in mind that they are watching us...what about you? Are you watching them as you should?

---------------------------------------------------------
Pedro Bueno ( pbueno //&&// isc. sans. org )
Pedro

155 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!