spacer TO LEARN THE TOOLS, TACTICS, AND MOTIVES OF THE email the Honeynet Project
Home
About the Project
Research Alliance
Challenges
Presentations
Whitepapers
Tools
Our Book
Funding/Donations
Mirrors

spacer
spacer  
Whitpapers
spacer

The Know Your Enemy (KYE) series of papers is dedicated to sharing our lessons learned. The focus is capturing the activities of cyber threats, analyzing the captured data, and publishing the information in the form of our whitepapers. The goal is for this information to improve the security of the Internet. Each paper topic must be first approved by our internal Review Board, then all drafts go through a five week review process. You can download the papers and read them offline, or read translated papers here. All KYE papers are under the Creative Commons License. NOTE: The Honeynet Project makes no warranties about the concepts or content discussed in these papers.

Creative Commons License

Know Your Enemy: Phishing - 17 May, 2005
This paper documents how attackers build and use their infrastructure for Phishing based attacks. This highly technical and indepth paper is based on data captured and analyzed from the UK and German Honeynet Project.

rule Know Your Enemy: Honeywall CDROM - 17 May, 2004
This paper introduces you to the concepts of the Honeywall CDROM, a bootable Honeynet gateway. Anyone wanting to deploy a honeynet should seriously consider this solutions, as it standardizes deployments and combines all of our tools, including data control, data capture, and data analysis.

rule Know Your Enemy: Tracking Botnets - 14 March, 2005
This paper documents what Botnets are, who is using them, how, and why. It also introduces the tools 'mwcollect' and 'drone' which can be used for collecting malware and tracking Botnet activity.

rule Know Your Enemy: Trends - 21 December, 2004
This paper documents how over the past several years, the life expectancy has dramatically increased for unpatched or vulnerable Linux systems. The purpose of this paper is to make you ask "Why is no one hacking Linux anymore?".

rule Know Your Enemy: Honeynets in Universities - 26 April, 2004
This paper covers how academic institutions can deploy honeynets in their networks. We cover the lessons learned from GA Tech deploying a honeynet on their internal .edu network, how they got permission, and the successes they had. The purpose of this paper is to make it easier for any university or college to deploy a honeynet, for either research or operational activity.

rule Know Your Enemy: Sebek - 17 November, 2003
A detailed look into one of the Project's primary tools for an attacker's activity on a honeypot, even encrypted activity, such as SSH, burneye, and IPSec. This paper covers what Sebek is, its value, how it works, strengths and weaknesses, and how to analyze data recovered by Sebek.

rule Profiles - Automated Credit Card Fraud - 10 July, 2003
A look at just how easy, automated, and wide spread credit card fraud and identity theft has become, even amongst unskilled individuals.

rule Know Your Enemy: GenII Honeynets - 10 May, 2005
This papers describes step-by-step how to build, deploy, and test a 2nd generation (GenII) Honeynet using the latest technologies. GenII Honeynets are considered easier to deploy, harder to detect, and safer to maintain then the original GenI technologies.

rule Know Your Enemy: Honeynets - 10 May, 2005
This paper is an overview of the concepts, values, risks, and issues of Honeynets. This paper does not discuss the technical details of Honeynet technologies.

rule Know Your Enemy: Defining Virtual Honeynets - 27 January, 2003
This paper defines what a Virtual Honeynet is, its advantages and disadvantages, and the different way they can be deployed.

rule Know Your Enemy: Learning with User-Mode Linux - 20 December, 2002
This paper explains step by step how to build a GenI virtual Honeynet using OpenSource software. Deploy a complete Honeynet using nothing more than an old 486 computer and free software! NOTE: This paper is no longer actively maintained.

rule Know Your Enemy: Passive Fingerprinting - 04 March, 2002
This paper details how to passively learn about the enemy, without them knowing about it. Specifically, how to determine the operating system of a remote host using passive sniffer traces only. NOTE: This paper is no longer actively maintained.

rule Know Your Enemy: Motives - 27 June, 2000
This paper studies the motives and psychology of a group of simple attackers, all in their own words. NOTE: This paper is no longer actively maintained.

rule Know Your Enemy: Statistics - 23 July, 2001
This paper analyzes eleven months of data collected by the Honeynet Project. Based on this data, we demonstrate just how active the blackhat community is. We also demonstrate that it may be possible to predict future attacks. NOTE: This paper is no longer maintained and is considered out of date.

rule Know Your Enemy: A Forensics Analysis - 23 May, 2000
This paper studies step by step a successful attack of a system. However, instead of focusing on the tools and tactics used, we  focus on our analysis techniques and how we pieced the information together. The purpose is to give you the  skills necessary to analyze and learn on your own the threats your organization faces. NOTE: This paper is no longer actively maintained.

rule Know Your Enemy: Worms at War - 7 November, 2000
See how worms probe for and compromise vulnerable Microsoft Windows systems. Based on the first Microsoft honeypot compromised in the Honeynet Project. NOTE: This paper is no longer actively maintained.

rule Know Your Enemy: III - 27 March, 2000
What happens after the script kiddie gains root. Specifically, how they cover their tracks while they monitor your system.  The paper goes through step by step on a system that was compromised, with system logs and keystrokes to verify each step. NOTE: This paper is no longer maintained and is considered out of date.

rule Know Your Enemy: II - 18 June, 2001
How to determine what the enemy is doing by analyzing your system log files. Includes examples based on two commonly used scanning tools, sscan and nmap. NOTE: This paper is no longer maintained and is considered out of date.

rule Know Your Enemy - 21 July, 2000
The tools and methodology of the most common black-hat threat on the Internet, the Script Kiddie.  By understanding how they attack and what they are looking for, you can better protect your systems and network.


Back to Top