The past month has been busy for the CIRCL team as Alexandre Dulaunoy attended FIRST in Puerto Rico giving two presentations, and Raphael Vinot gave a talk at the ‘Rencontres Mondiales du Logiciel Libre’ in France.
FIRST (Forum of Incident Response and Security Teams) is an international not-for-profit organization bringing together a variety of security and incident response teams. It is made of 300 member teams from over 70 countries representing government agencies, academia, commercial enterprises, and financial corporations.
- Alexandre presented the AIL, a modular framework to analyse potential information leaks from unstructured data sources like pastes from Pastebin, “darkweb” or similar services or unstructured data streams. AIL framework is flexible and can be extended to support other functionalities to mine sensitive information. CIRCL regularly discovers information leaks using AIL. The presentation can be found here: https://www.first.org/resources/papers/conf2017/AIL-Framework-Analysis-Information-Leak-Framework.pdf
- Alexandre also tackled honeypots and blackhole networks. Honeypots on one side are resources designed to be attacked, are popular to measure attacks. On the other side there are blackhole networks, which are monitored announced unused IP-address-spaces, which are currently popular for measuring botnet activities as recently, the activities of the Mirai IoT botnet. Different metrics are discussed in this work to assess misconfigured systems in raw packet captures. In this experimental research activity, a framework was presented to measure these misconfigurations in near real time. A survey of information leak categories was also presented, pinpointing the protocols that need special care while being configured. In addition, an evaluation of the various detection techniques with major focus on pcap processing tools was covered. See the presentation here: https://www.first.org/resources/papers/conf2017/Blackhole-Networks-an-Underestimated-Source-for-Information-Leaks.pdf
The ‘Rencontres Mondiales du Logiciel Libre’ were held in St Etienne on July 1-7. A specific stream was organised around Information Security, titled “security: between transparency and opacity”.
The aim of these talks is to tackle the problems engineers and hackers have to solve; the tools are available for finding, reporting and patching vulnerabilities, and how Free Software may make our world safer when even our desktop ou smartphone becomes our enemy?
Raphael Vinot from CIRCL presented the “MISP project and how we are changing the Security information sharing landscape”. To see the full presentation, go here: https://prog2017.rmll.info/programme/securite-entre-transparence-et-opacite/les-objets-misp-et-comment-nous-changeons-le-paysage-du-partage-d-informations?lang=en