The Honeynet Project Annual Workshop 2019
Innsbruck, Austria — July 1st–3rd, 2019
The Honeynet Project Annual Workshop 2019
Ross Anderson’s mission is to develop the discipline of security engineering, which investigates how systems can be made robust in the face of malice, error and mischance. He has made pioneering contributions to many subdisciplines, including peer-to-peer-networks, hardware tamper resistance and cryptographic protocols. Ross was a designer of the block cipher Serpent, and he has worked on many applications with diverse protection requirements such as payment networks, power-line communications, goods vehicle tachographs and clinical information systems.
Miguel Bautista was part of the UNAM-CERT (from 2011 to 2014), a CERT in the largest University in Latin America located in Mexico City, where he was part of the incident response team that was in charge of taking care of all the information security incidents affecting the network of the university.
In July of 2017 he transitioned to the Detection Response Team with Cisco Talos. As part of his daily job he works closely with Snort on the development of detection rules for this popular IDS and also with the development of antivirus signatures for ClamAV, among other Cisco security features, resources and products.
Katherine Carpenter (Esq. JD, MA) is a business consultant in risk management strategy with a focus on information security, privacy, health(care), and ethics. She has served on an IRB, has published in a variety of academic and popular media venues, is the founder of Zerzura Advisors, LLC and a CA-licensed attorney. Katherine is CFO of the Honeynet Project.
David Dittrich got his start in the 1990s helping Unix admins clean their hacked systems. Dave first publicly described Distributed Denial of Service (DDoS) attacks tools, precursors to today’s botnets, in 1999. He was an original member of the Honeynet Project, currently its Chief Legal & Ethics Officer. He maintains an applied focus to his INFOSEC and ethics research, striving to teach others.
Ulrich Fourier is a second semester informatics master student at the Technical University of Munich. He used DRAKVUF for his bachelor thesis, implementing a dynamic malware analysis framework. During the summer of 2018 he worked for the Honeynet Project as a GSOC student, contributing to DRAKVUF and LIBVMI by implementing support for hosts running on the ARM architecture.
Thomas Gloe is co-founder and managing director of dence GmbH. He is specialized on new, innovative tools to detect and analyse traces in the digital world. Special interests include virtual currency forensics to support victims of cyber criminals and the detection of image manipulations to combat insurance fraud. He received a Phd in computer science for ground-breaking research in multimedia forensics from TU Dresden and an award for his thesis from SAP. Since 2009 he has worked as an expert witness for courts in the area of digital forensics.
Hugo Gonzalez graduated from University of New Brunswick in 2017, alumni of Canadian Institute for Cybersecurity. His PhD work was about authorship attribution on Android malware. Currently, he is a faculty member of the Polytechnics University of San Luis Potosi, he is also collaborating with law enforcement through the cyber crime unit at the University. He is member of different professional organizations such as ACM, IEEE and The Honeynet Project. He is a frequent speaker and trainer in several local and international events related with Information Security.
Nex (Claudio Guarnieri) is a security researcher and a free software developer. He researches the use of technology as a mean for repression, and provides assistance to human rights organizations, journalists, and activists with issues of computer security, privacy and surveillance. He works as a Senior Technologist and Researcher at Amnesty International, and he’s an Adviser to the Citizen Lab, University of Toronto, and a core member of The Honeynet Project. Nex also co-founded Security Without Borders.
In recent years Nex devoted his attention especially to issues of privacy and surveillance and he published numerous articles on surveillance vendors such as FinFisher and HackingTeam with the Citizen Lab as well as on NSA/GCHQ and Five Eyes surveillance capabilities with The Intercept and Der Spiegel. Nex is also an opinion writer and columnist and some of his work has been published by Die Zeit, Slate, Deutsche Welle and Motherboard. He has also spoken to numerous conferences including BlackHat, Chaos Communication Congress, Re:publica and many more.
He has been selected among the 50 persons of the year 2014 by Wired Italy, he received with the Citizen Lab the EFF Pioneer Award 2015, and he’s been selected by Forbes among the 30 Under 30 honorees for 2016.
Jakob Hasse is a forensic engineer for virtual currencies and a co-founder of dence. He started working on forensics in 2010 in the area of multimedia forensics and mobile phone forensics. During his study he showed how mobile phones can be passively identified based on characteristics of the RF hardware. Since 2014 he specialized in data analytics of public ledgers, clustering technologies and privacy enhancing technologies for virtual currencies.
Brian Hay is a member of the Honeynet Project, a researcher at Security Works, and a faculty member at the Hume Center at Virginia Tech. He has an interest in virtualization, machine learning, and systems programming. He is a frequent speaker at conferences, and an instructor on a variety of topics in commercial and academic venues.
Maximilian Hils is a PhD student at the University of Innsbruck, Austria. He is one of the main developers of mitmproxy and actively contributes to several other high-profile open-source projects. Starting as a Google Summer of Code (GSoC) student at The Honeynet Project in 2012, he now leads Honeynet’s GSoC program and helps to organize the workshop in Innsbruck.
Adel Karimi is a lead detection engineer at a cloud-computing company. He has been an active member and chapter lead at the Honeynet Project, and has spoken at several conferences such as AusCERT, BSides Canberra and Honeynet Workshops. Adel is the developer of FATT, honeyλ and a couple more open-source projects. He has recently co-developed a new SSH profiling method, called HASSH!
Piotr Kijewski works at the non-profit Shadowserver Foundation, where amongst others he helps drive initiatives related to honeypot technologies. Piotr has extensive experience in developing and deploying honeypot based sensor networks on a large scale, which also included installations at a national level in his previous roles at CERT.PL. Active in the worldwide incident response community for the last 15 years, he has orchestrated various botnet disruptions and takedowns. Piotr is the founder of the Polish Chapter of the Honeynet Project.
Felix Leder leads the detection technology research at Symantec. Taking things apart has been a life time passion for him. His hobbies, like collecting bugs in malware and botnet takeovers, have resulted in successful take-downs of large malicious networks. As a member of The Honeynet Project, he is heavily involved in open source security and has been instrumental in developing a number of malware analysis solutions, including Cuckoo box, Norman’s Malware Analyzer G2, Blue Coat’s MAA, and Symantec’s Content Analysis.
Kara Nance is a Professor of Computer Science and the founder of Security Works, a computer security consulting firm. Her research interests include digital forensics, data systems, security fundamentals, visualization, and computer security. She serves on the Honeynet Project Board of Directors and is a frequent speaker on cybersecurity and associated issues with an emphasis on national security.
Marco Ochse is working as a Senior Security Expert for T-Systems International’s Telekom Security Division. His work focuses on enterprise mobility and office communication security especially with regard to new innovations and technologies.
Marco started working on the DT honeypot initiative shortly after joining the DT Group Security back in 2011. Before signing on for Deutsche Telekom Marco was working as a security consultant specializing in internal and perimeter security with customers mainly from within the finance and insurance sector.
Sergej Proskurin is a PhD candidate at the Technical University of Munich. His research covers low level and IT security related topics focusing at dynamic malware analysis through virtual machine introspection. Sergej explores modern cross-architectural hardware features that enable stealthy analysis of guest VMs. In addition to his research, he contributes to the open source Xen hypervisor.
After spending a couple of years studying Math and Physics, Lukas ventured out to work with Microsoft’s Bing on making the web a safer place, got payed by DARPA to hunt hackers and taught students in Taiwan. His passion for security and open source got nurtured by The Honeynet Project which lead to a five year stint with Norman, Blue Coat and Symantec working on large scale malware analysis and behavioral detection systems. Looking for higher purpose he ended up as Senior Software Engineer at Corti, striving to build a great engineering team and making sure those tensors keep flowing.
Stewart Sentanoe is a PhD student at the University of Passau, Germany. He joined Honeynet’s GSoC program in 2018. Stewart developed the high interaction SSH honeypot Sarracenia, which improves the stealthiness of monitoring by using virtual machine introspection (VMI) based tracing.
Faiz Shuja is a security expert who brings a tremendous amount of designing, implementing, and managing secure infrastructure expertise. He has been involved in intrusion detection/prevention systems, firewalls, honeypots/honeynets, penetration testing, vulnerability analysis, incident handing, and forensics analysis. His specific research interests include enterprise security monitoring and data analysis. Faiz is a well-established entrepreneur with a long track record of success. He’s the CEO of Rewterz, a specialized information security company. He’s also the CEO of The Honeynet Project, a non-profit, all-volunteer organization dedicated to Honeynet research, and the is president of PAKCON, a non-profit organization which organizes yearly cyber security conventions in Pakistan. He has spoken at various conferences and organizations, including US NSA (National Security Agency), US DoD (Department of Defense), IEEE (Institution of Electronic Engineers), FIA (Federal Investigation Agency), and many more.
Natalia Stakhanova is an Associate Professor at the University of Saskatchewan. Prior to joining UofS, she was the NB Innovation Research Chair in Cybersecurity at the University of New Brunswick. Her work revolves around building secure systems. Working closely with industry on a variety of R&D projects, she developed a number of technologies that resulted in 3 patents in the field of computer security and have been adopted by high-tech companies. Natalia Stakhanova is the recipient of the UNB Merit Award, the McCain Young Scholar Award and the Anita Borg Institute Faculty Award. She is a strong advocate of Women in IT and co-founder of CyberLaunch Academy, an initiative that aims to promote science and technology among children.
Marcin Szymankiewicz is a Lead Cyber Analyst at major global organization. His responsibilities include defending against targeted attacks, incident response and threat hunting. His area of expertise are network forensics, network traffic anomaly detection, scripting and deep log inspection. He joined the Polish Chapter of The Honeynet Project in 2015.
Evgeniia Tokarchuk is a second-year M.Sc. Software Systems Engineering Student in RWTH Aachen University. Her first degree is Information Security of Automated Systems. Because of her studies she was interested in a computer security and in 2016 Evgeniia spent a summer working with The Honeynet Project as a GSoC student (SNARE/TANNER project). In 2017 and 2018 she became a GSoC mentor for SNARE/TANNER project.
André Vorbach is working as Senior Security Expert at Telekom Security with the focus on penetration testing and web application security. When he joined Deutsche Telekom in 2010, he immediately got involved in the setup of DT's honeypot sensor network. Prior to working for Deutsche Telekom/T-Systems, he was working at the German Governmental CERT, located at the Federal Office for Information Security (BSI).
David Watson was the Chief Research Officer and a Director of the Honeynet Project from 2006-2016, helping to co-ordinate and promote the development and deployment of honeynet related security tools worldwide, including organising annual participation in Google Summer of Code (GSoC). He has build and operated many large scale distributed honeynet sensor systems over the past 18 years. David has been a member of the Shadowserver Foundation since 2008, is one of their Directors, and leads their Special Projects Team in support of international Law Enforcement operations. David regularly presents and teaches hands on training classes at information security events, and is passionate about helping network owners and cybercrime victims to defend themselves using tools and information sources that do not necessarily come with strings attached, or huge price tags.
Ben Whitham is a cyber security engineer and an entrepreneur. He has worked in building security operation centres for over 10 years. During that time he has developed a passion for employing cyber traps to detect and trap sophisticated adversaries. He co-founded several cybersecurity companies. He’s now with his new venture, Penten (recently named Australian Business of the Year) and waiting the results of his PhD on cyber deception.