We think it shouldn't take 8 months for companies like Target to detect breaches, and we decided to try to take steps to detect information exfiltration and prevent log tampering. We also decided to name our project Varanus because it is the genus that Monitor Lizards belong to, and because our project is a monitoring suite, it seemed appropriate.
What it does
We wanted to build a monitoring suite to detect security breaches faster. Our monitoring suite is built to detect information exfiltration and prevent log tampering. It has several different facets- phone number, email, and user honey tokens, and a logging utility that detects tampering by using blockchain technology.
How we built it
We built our monitoring suite with python3, rust, and a Google Cloud instance that hosts the scripts that listen for alerts from our honey tokens. We also used the Cisco Spark and Twilio APIs.
Challenges we ran into
Lack of RedBull, python version problems, and many text-by-script services that didn't offer free trials (We did eventually find a trial version using Twilio).
Accomplishments that we're proud of
We managed to get our listener working autonomously to trigger on alerts and respond using 2 external APIs. We discovered an actual bug in python3 and submitted a bug report.
What we learned
We learned about the genus of monitor lizards.
What's next for Varanus
Adding web beacons to files that would be attractive to exfiltrate from our server to tell us who and where had infiltrated, as well as refining our suite to be more accessible to the less technically savvy.