youzhi.bao's blog
AxMock is released for your review
Fri, 08/19/2011 - 16:50 — youzhi.baoWe build up a project in google code, you can browse AxMock by the link
http://code.google.com/p/axmock
AxMock is a detection tool for malicious webpage attacking ActiveX controls. It runs in Internet Explorer 7 and the formal version.
It is tested in Visual Studio 2008 and Python 2.6 with pywin32 package, though I believe that you can also compile it in later version.
For more using information, please check out Wiki in my project google code page.
Implementation: the whole hooking and some modules
Thu, 08/11/2011 - 17:25 — youzhi.baoThe whole implementation is mainly consisted of 4 modules: central controller, emulator, dummy control and list. Central controller is a dynamic link library written in C++. Emulator and dummy control are COM components written in python and registered into registry by win32com.server.register.UseCommandLine. List is a text file in a certain format to read and modify.
Midterm Report: The sniffer and emulator for COM components
Fri, 07/08/2011 - 19:30 — youzhi.baoBy now, what I have done for Capture-HPC is:
GSoC2011-THP Project 1 - Improve our high interaction client honeypot Capture-HPC
Thu, 05/05/2011 - 05:31 — youzhi.baoProject Description:
Proposed Capture-HPC Description
Capture-HPC is a high-interaction client honeypot that is capable of seeking out and identifying client-side attacks. It identifies these attacks by driving a vulnerable client to open a file or interact with a potentially malicious server. As it processes the data, Capture-HPC monitors the system for unauthorized state changes that indicate a successful attack has occurred. It is regularly used in surveys of malicious websites that launch drive-by-download attacks.
We are a 501c3 non-profit, all volunteer organization. Consider donating to support our forensic challenges, tools development, and research.