These papers are a result of the Honeynet Project. You can find the papers online at
http://project.honeynet.org.They discuss the
tools, tactics, and motives of the blackhat community. Feel free to copy / link / distribute
any of the papers. Foreign language speakers, you can find translations online at
Deutsch, suomi, Slovinsko, Korean, Russian)
Know Your Enemy - 21 July, 2000
The tools and methodology of the most common
black-hat threat on the Internet, the Script Kiddie. By understanding
how they attack and what they are looking for, you can better protect your
systems and network.
Your Enemy: II - 7 July, 2000
How to determine what the enemy is doing by
analyzing your system log files. Includes examples based on two commonly
used scanning tools, sscan and nmap.
Your Enemy: III - 27 March, 2000
What happens after the script kiddie gains
root. Specifically, how they cover their tracks while they monitor
your system. The paper goes through step by step on a system that
was compromised, with system logs and keystrokes to verify each step.
Your Enemy: A Forensics Analysis - 23 May, 2000
This paper studies step by step a successful
attack of a system. However, instead of focusing on the tools and tactics
used, we focus on our analysis techniques and how we pieced the information
together. The purpose is to give you the skills necessary to analyze
and learn on your own the threats your organization faces. MSNBC has released
an interactive, online video
of the this paper.
Your Enemy: Motives - 27 June, 2000
This paper studies the motives and psychology
of the black-hat community, in their own words.
Your Enemy: Worms at War - 7 November, 2000
See how worms probe for and compromise vulnerable
Microsoft Windows systems. Based on the first Microsoft honeypot compromised
in the Honeynet Project.
Know Your Enemy: Passive Fingerprinting - 24 May, 2000
This paper details how to passively learn
about the enemy, without them knowing about it. Specifically, how to
determine the operating system of a remote host using passive sniffer traces only.
Build a Honeypot - 7 June, 2000
One method of building your own honeypot to
learn more about the black-hat community. The tools and methods discussed
are some of the original methods for the "Know Your Enemy" series. This paper
is out of date, the Honeynet Project will be releasing a new paper on their
techniques developed over the past two years.