First WOMBAT workshop
Jamie and myself from the UK Honeynet Project plus Max Kilger and Thorsten Holz from the UNCC and German Honeynet Project Chapters were in Amsterdam this week for the first workshop held by the European Commission’s 7th Framework WOMBAT project (see previous posts for more details).
The workshop was held at Vrije University south of the city centre and included members of the WOMBAT consortium and invited guests who were active in the fields of honeynet deployments, malware analysis and large scale data collection. Over two days we were introduced to the three year WOMBAT project, its goals and members and a number of short presentations were given by the invited guests from the EU, US, Asia and Australia. David spoke about the Honeynet Project’s various data collection initiatives, including the Global Distributed Honeynet Project (GDH), and Max spoke about attacker profiling models. The proceedings will be published in the journals of IEEE Computer Society later in the year and we’ll post them when we are able to.
Overall an interesting event with lots of opportunity for collaboration and information sharing that will hopefully come to fruition. Of particular interest was the honeyclient work that the Polish CERT NASK were involved in, which was remarkably similar to our own recent activity on Evil Javascript and SpamMonkey that I gave a lightning talk on at CanSecWest08 last month. Like us, they hope to release their code as open source in the coming weeks and months, so we are look forward to seeing it.