Teaching
Stratosphere IPS
Czech Technical University in Prague’s ...

We are thrilled to announce that, for the first time, the Czech Technical University in Prague is offering the "Introduction to Security" course as a Massive Open Online Course!

Czech Technical University in Prague’s "Introduction to Security" Class is now a Free Online Course!
Stratosphere IPS
Google Summer Of Code 2024 In Stratosphere. ...

This blog covers my ongoing GSoC project 2024. It provides information about the current progress of my work, as well as my experiences and lessons learned along the way.

Google Summer Of Code 2024 In Stratosphere. Blog for the first month of Sekhar Kumar Dash
Slips, GSoC2023
Stratosphere IPS
Announcing Google Summer of Code 2023 Projects

Stratosphere is happy to announce the accepted projects in the Google Summer of Code (GSoC) 2023!

Announcing Google Summer of Code 2023 Projects
Stratosphere IPS
Winner of the International Cybercrime Research ...

After evaluating all the works sent by the candidates, at the end of the September 2022, the winner was selected! The award and money prize was given to Estelle Ruellan a master student of criminology from the Université de Montréal!

Winner of the International Cybercrime Research Summer Award 2022
Slips
Stratosphere IPS
Slips in BlackHat US 2022 Arsenal in Las Vegas!

We are happy to announce that Slips will be presented at BlackHat USA 2022 Arsenal in Las Vegas on Thursday, August 11, from 1:00 pm to 2:30 pm: https://bit.ly/SlipsBHUSA22.

Slips in BlackHat US 2022 Arsenal in Las Vegas!

Blocklist Project

Generating Your Own Blocklists with the Stratosphere AIP Framework

Generating Your Own Blocklists with the Stratosphere AIP Framework

In this blog post, we describe how to run AIP on a cloud instance server, to read from Zeek logs and generate your own blocklist feed of IPs to block. The blog is divided into five parts:  first, what is AIP; second, we describe how to set up a new cloud server in Digital Ocean; third, how to configure the cloud server with Zeek running; fourth, how to prepare the environment and configurations for AIP to run; and fifth, how to run AIP and generate your own blocklists.

The World of Malicious IPs: Creating Blocklists from Honeypot Traffic.

The World of Malicious IPs: Creating Blocklists from Honeypot Traffic.

A honeypot network is a security mechanism to detect and deflect potential cyber-attacks. It works by creating a decoy system that appears to be a valuable target for attackers. The honeypot is designed to lure attackers into interacting with it so that security researchers can monitor their activities and learn more about their tactics. By nature, the honeypots are hidden and do not form part of any production system. As they do not receive legitimate connections, all the interactions with the honeypots can be considered attacks.

,

Attacker IP Prioritizer Program

,
Attacker IP Prioritizer Program

he Attacker IP Prioritization (AIP) algorithm was created in order to sort the huge amount of attacker’s IP addresses to help block them using a blacklist.  In the Aposemat project we started a research line called “Polonium in my IoTea” were we are trying to investigate the relationship between organized cyber crime groups (e.g.  FancyBear) and their use of IoT devices. In this investigation we needed to analyze thousands of IP addresses attacking our honeypots and quickly decide which ones were the most dangerous.The idea of the AIP algorithm was born from the need to sort the IP addresses of the attackers from a statistical point of view, and then compare those rated IPs to our more technical and in-depth attack research to find out if an IP is really part of an important attacker group or not.

Protecting the civil society through high quality research