youzhi.bao's blog

AxMock is released for your review

We build up a project in google code, you can browse AxMock by the link
http://code.google.com/p/axmock

AxMock is a detection tool for malicious webpage attacking ActiveX controls. It runs in Internet Explorer 7 and the formal version.

It is tested in Visual Studio 2008 and Python 2.6 with pywin32 package, though I believe that you can also compile it in later version.

For more using information, please check out Wiki in my project google code page.

Implementation: the whole hooking and some modules

The whole implementation is mainly consisted of 4 modules: central controller, emulator, dummy control and list. Central controller is a dynamic link library written in C++. Emulator and dummy control are COM components written in python and registered into registry by win32com.server.register.UseCommandLine. List is a text file in a certain format to read and modify.

Midterm Report: The sniffer and emulator for COM components

By now, what I have done for Capture-HPC is:

GSoC2011-THP Project 1 - Improve our high interaction client honeypot Capture-HPC

Project Description:
Proposed Capture-HPC Description

Capture-HPC is a high-interaction client honeypot that is capable of seeking out and identifying client-side attacks. It identifies these attacks by driving a vulnerable client to open a file or interact with a potentially malicious server. As it processes the data, Capture-HPC monitors the system for unauthorized state changes that indicate a successful attack has occurred. It is regularly used in surveys of malicious websites that launch drive-by-download attacks.

Syndicate content