These papers are a result of the Honeynet Project. You can find the papers online at
http://project.honeynet.org.They discuss the
tools, tactics, and motives of the blackhat community. Feel free to copy / link / distribute
any of the papers. Foreign language speakers, you can find translations online at
Deutsch, suomi, Slovinsko, Korean, Russian)
Know Your Enemy - 21 July, 2000
The tools and methodology of the most common
black-hat threat on the Internet, the Script Kiddie. By understanding
how they attack and what they are looking for, you can better protect your
systems and network.
Your Enemy: II - 18 June, 2001
How to determine what the enemy is doing by
analyzing your system log files. Includes examples based on two commonly
used scanning tools, sscan and nmap.
Your Enemy: III - 27 March, 2000
What happens after the script kiddie gains
root. Specifically, how they cover their tracks while they monitor
your system. The paper goes through step by step on a system that
was compromised, with system logs and keystrokes to verify each step.
Your Enemy: A Forensics Analysis - 23 May, 2000
This paper studies step by step a successful
attack of a system. However, instead of focusing on the tools and tactics
used, we focus on our analysis techniques and how we pieced the information
together. The purpose is to give you the skills necessary to analyze
and learn on your own the threats your organization faces. MSNBC has released
an interactive, online video
of the this paper.
Your Enemy: Motives - 27 June, 2000
This paper studies the motives and psychology
of the black-hat community, in their own words.
Your Enemy: Worms at War - 7 November, 2000
See how worms probe for and compromise vulnerable
Microsoft Windows systems. Based on the first Microsoft honeypot compromised
in the Honeynet Project.
Know Your Enemy: Passive Fingerprinting - 24 May, 2000
This paper details how to passively learn
about the enemy, without them knowing about it. Specifically, how to
determine the operating system of a remote host using passive sniffer traces only.
Know Your Enemy: Honeynets - 20 April, 2001
This paper supersedes our previous paper "To Build a Honeypot" which has been withdrawn.
This older paper was out of date and discussed outmoded techniques. Our new paper
covers what a Honeynet is, its value, how it works, and risks/issues involved.