The 2nd WOMBAT workshop took place on the 22th and 23rd of September. The workshop took place in Saint Malo, France. The agenda focused on the WOMBAT API (WAPI), an API for exchanging data over the SOAP protocol using SSL connections. The keynote talks and the presentations focused on explaining the reasons why the WAPI was created and the problems it is designed to solve.
Highlights of Day 1
The first day started with the official welcome and introduction to the WOMBAT workshop by Herve Debar. Marc Dacier presented the WOMBAT datasets and then the audience had a chance to introduce themselves to each other. The workshop continued with Corrado Leita’s presentation which focused on giving further information about the WAPI and especially about the idea, the implementation and the use of this new way of exchanging data. The first day presentations closed with Herbert Bos and Piotr Kijewski talking about SHELIA and HSN client honeypot datasets.
The presentations were followed by the first WAPI demonstration. Attendees were given the opportunity for a hands-on experimentation with WAPI by being given access to live client and a realistic scenario. The scenario was about an investigation of bank fraud and the participants were asked to extract as much information they could from the datasets, following specific steps.
Highlights of Day 2
The second day started with a brief presentation of Paolo M. Comparetti about clustering malware with ANUBIS and SGNET and interaction with the WAPI. The workshop continued with the second WAPI demonstration. Attendes now were asked to monitor a network. They played the role of network security staff of an ISP or an enterprise network, who were interested in querying their alert sources (like logs and such) to get information about infected machines in their network.
The workshop concluded with closing remarks by Herve Debar.
