Detecting and Defending Your Network from Malware Using Nepenthes

Presented at The Next HOPE (2010), July 16, 2010, 10 p.m. (60 minutes).

Security analysts have a tendency to believe they are safe because the red alert light hasn’t blinked on their IDS/IPS device. This remains true even when organizations have invested the time and budget to deploy a myriad of different tools to defend against the overwhelming number of network defense issues we all tend to face. A key pain point among these issues is keeping malware and the subsequent bot herders who spread it off of your corporate network. Nepenthes is an open source honeypot that allows for the collection of malware “in the wild.” It emulates known vulnerabilities and will download and capture the malware when it is attempting to compromise the honeypot. This collection process allows for further analysis and understanding of the malware in question. This presentation introduces this powerful and flexible tool and will discuss malware collection techniques attendees will immediately be able to take home and implement within their network environment and add another layer to their “defense in depth” strategy.

Presenters:

  • Marco Figueroa
    Marco Figueroa is a senior security analyst consultant whose technical expertise includes reverse engineering of malware, incident handling, hacker attacks, tools, techniques, and defenses. He has performed numerous security assessments and responded to computer attacks for clients in various market verticals.

Links:

Similar Presentations: