[ :: mainpage :: register :: conference :: training :: call for papers (CFP) :: the venue ]
[ :: capture the flag (CTF) :: press/media :: conference agenda :: contact us ]
[ :: forum :: sponsors :: past conferences :: conference kit (PDF) ]

Michael Davis (Member, The Honeynet Project)

Filed under: Main Page — Administrator @ 9:32 am

March 2, 2006

Presentation Title: Client Honeypots - It’s Not Only The Network
Presentation Details:

The Client Honeypot is a new implementation of the classic honeypot concept. Honeypots create an environment that is unknown and monitored, therefore, all data entering the environment is suspect as the environment should not receive any data. Honeypots have generally been targeted at researching and analyzing network and operating system level attacks, however, New attacks, such as phishing, have exploited vulnerabilities within client applications such as web browsers in order to increase propagation, perform identity theft, fraud, or general mayhem.

Client honeypot are being developed to solve the need of the research community. The community needs a set of tools to help analyze what sources of information are disseminating these threats, what the threats do, and ultimately devise ways to protect users from these threats. The initial implementation of the client honeypot focuses on providing data for use within analysis not automated analysis of the data.

A Client Honeypot is a collection of applications that collectively help researchers and end users determine where threats are coming from, by actively searching or scraping the Internet, what those threats exploit to install themselves on the target system, and what information the malware collects. Information such as what files, registry keys, or sockets are accessed or created, in addition to lower level information such as what sites the malware communicates with and how the malware functions can also be obtained.

About Michael Davis

He is an active developer and deployer of intrusion detection systems, with contributions to the Snort Intrusion Detection System. Michael is also a member of the Honeynet project where he is working to develop data and network control mechanisms for windows based honeynets.

Michael also works with McAfee, Inc. a leader in anti-virus protection and vulnerability management, as a Special Projects Research Scientist where he performs confidential and cutting edge security research. Michael has also worked for companies such as 3com and managed two Internet Service Providers.

Lastly, Michael is an active developer in the Open Source community and has ported many popular network security applications to the Windows platform including snort and honeyd. Currently, Michael is a contributing author to Hacking Exposed, the number one book on hacker methodology.


. Author of “Hacking Exposed”, the definitive Computer Security book
. Speaker and trainer at security conferences including: Defcon, NSA/NIC Honeynet Security Conference, and FINSEC
. Taught a Secure Programming course at Moraine Valley Community College
. Porting Sebek, the HoneyNet kernel monitoring tool, to Windows NT/2000/XP
. Ported the Snort Intrusion Detection System to Windows NT/2000/XP
. Architected, Developed and deployed a secure 801.11 Wireless network covering Northern Illinois and parts of Texas

Event Organizer

Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By

Malaysian Communications and Multimedia Commission (MCMC)

Malaysian Administrative Modernisation & Management Planning Unit

Platinum Sponsors

Foundstone - A division of McAfee Inc.

Microsoft Corporation

Main Sponsors

Cisco Systems

Lucent Technologies - Bell Labs Innovations

Official Airline Partner

Internet Bandwidth Sponsor

AIMS - Malaysia's Telecommunications Hub

Official Hotel

Westin Kuala Lumpur

CTF Sponsor


CTF Prize Sponsor

Scan Associates Berhad.

Our Speakers Are Supported By:

Bellua Asia Pacific

Core Security Technologies

Media Partners:

InfoSec News

(ISN) InfoSec News

Virus Bulletin online magazine is dedicated exclusively to reporting and analysing malicious computer programs and spam. The annual Virus Bulletin conference is cited by many in the industry as the anti-malware event of the year.

Insecure Magazine

Phrack Magazine

Hakin9 Magazine

Supporting Organizations


ISECOM - Insititue for Security and Open Methodologies

IT Underground

Chaos Computer Club (Germany)

X-Focus China

Zone-H Defacement Mirror

Xatrix Security


Special Interest Group in Security & Information InteGrity Singapore