Realtime analysis and visualization of internet status presented at BsideSLisbon 2013

by Tiago Balgan Henriques, Tiago Martins, João Gouveia,

Summary : Nowadays, nearly everyday we see a new botnet going up and another one being brought down, looking at this fact the presenters of this talk decided that they needed a way to constantly know and visualize different botnet status. Then we decided we needed to go one step further, and, not only understand how they were growing or shrinking, but to also capture patterns between the different machines that have been compromised and multiple proprieties of different botnets:
Which port(s) does a certain botnet use?
Which type of protocol?
What type of machine is it?
Is it a personal machine or a gateway with multiple machines behind it?
Is that machine affected by one or more botnets?
After we achieved this, we decided to create a fast and useful way to use this data, so we created what we call The Cyberfeed and Project Hyperion, which we will also be doing live demos of.On the cyberfeed side you can access all of our data of all types from sinkholes, to portscans, and even honeypots and do different types of queries, allowing you to access only the data you need and want, combining all this it can provide you with useful information that can even be used in defense.On Hyperion, is where our visual modules are located, you can easily get visual geospatial information about different botnets and search for information on our portscans.