Early bird registration to our 2012 Honeynet Project Security Workshop ends today. The workshop will be held at the Facebook offices in the SF Bay Area. Secure your spot today for the workshop or one of the eleven hands-on training sessions we are offering. You can check out the agenda and training sessions at https://honeynet.org/SecurityWorkshops/2012_SF_Bay_Area. Hope to see you there!
CEO, The Honeynet Project
The Honeynet Project will hold its 2nd public security workshop at Facebook, Inc. in the San Francisco Bay Area. The workshop is going to be a two day event filled with technical presentations and hands-on tutorial training. On day 1 of the workshop, Honeynet Project members and Facebook will present on a wide range of information security topics: from honeypots and social networks to cybercrime and mobile malware. Day 2 will be a day of hands-on tutorial training. Our members will teach a total of 8 courses in forensics, honeypots, and visualization. For those who want to further hone their skills in a competitive setting, we will also host a capture-the-flag event on day 2.
Event details and registration information can be found at https://honeynet.org/SecurityWorkshops/2012_SF_Bay_Area. We hope to see you there!
The Honeynet Project is happy to announce the release of the Android Reverse Engineering (A.R.E.) Virtual Machine.
Do you need to analyze a piece of Android malware, but dont have all your analysis tools at hand? The Android Reverse Engineering (A.R.E.) Virtual Machine, put together by Anthony Desnos from our French chapter, is here to help. A.R.E. combines the latest Android malware analysis tools in a readily accessible toolbox.
Tools currently found on A.R.E. are:
In 2011, the Honeynet Project had once again the opportunity to participate in the Google Summer of Code program. In the last few weeks, we wrapped up all projects, beta tested the code, wrote documentation, and prepared releases.
To quickly recap: GSoc (Google Summer of Code) is an annual summer program sponsored by Google, in which Google pairs up students with organizations committed to open-source. Google supports each project with 5000USD of which the students receive the lion's share. The Honeynet Project has participated in GSoc since 2009. Visit http://honeynet.org/gsoc2009 and http://honeynet.org/gsoc2010 to get an idea on what we have accomplished through this program in the last couple of years.
This year, we were able to spin up and execute 12 projects! While there are still a couple of projects that are preparing their release as part of the larger underlying project, we would like to point you to the following links that provide a summary and references to the projects that already resulted in releases:
These projects address a wide array of security problems. APKInspector and DroidBox greatly simplify mobile malware analysis; Webviz and HoneyViz explore the space of visualization of data for the security analyst; HoneySink is the first open-source sinkhole solution available; sip module for dionaea extends the capability of this honeypot into the VoIP area; cHook & cHide makes the malware analysis platform Cuckoobox more resilient against detection & evasion; AxMock is a ActiveX emulation/detection module which can be used - for example to detect drive-by-download attacks with client honeypots, such as Capture-HPC - ; the libemu extension made shellcode analysis & execution much more performant; and the wireshark plugins extend the wireshark network monitoring tool with additional forensic and analysis capabilities, such as the integration with rules from the popular intrusion detection system Snort.
This is a really impressive list of projects!
The credit really goes to our awesome students that participated in GSoc this year. We want thank them for participating in this program and choosing the Honeynet Project as their mentoring organization. They all did a great job and I very impressed with their dedication and professionalism. I think the projects speak for themselves and some of the students will continue to be involved with these projects and our community long term! The students this year were:
Also, we would like to thank the mentors and technical advisors who volunteered their time to support and mentor the students to be successful over the summer....
... and last but not least, we thank Google. The program greatly supports organizations like ours that are committed to open-source and trying to make a positive difference. We hope to be back next year :)
CEO, The Honeynet Project
Folks, Google has just announced the accepted projects on the GSoc website. We had an excellent line up of students and proposals this year and were able to accept 12 projects! Thanks for all the students who have applied this year and congratulations to all accepted!
Folks, challenge 7 - forensic analysis of a compromised server - put up by Hugo Gonzalez from the Mexico Chapter and Guillaume Arcas from the French Chapter is in full swing. Submissions are due by March 31st, so if you want to participate, you have 5 days left. We award little prizes for the top three submissions! Hope to see your submission.
Folks, we had a great day at the first-ever public Honeynet Project Security Workshop yesterday with many excellent presentations by our members from around the globe. The presentations ranged from deep technical dives around shellcode detection and mobile malware reverse engineering to views on social dynamics of attackers and ethics of computer security research.
Further, we hosted a small capture-the-flag/forensic challenge competition, which received plentiful participation - especially with the younger crowd.
We hope that everybody enjoyed the workshop. If you were not able to make it to the workshop this year, we have attached the slides to this blog post. Hope to see you again in 2012.
CEO, The Honeynet Project
Carl Pulley, a loyal follower of our Forensic Challenges, has written up an analysis on how could one determine the Apache version that generated the logs. His analysis can be found at http://acme-labs.org.uk/news/2011/01/20/apache2-version-analysis/ and http://acme-labs.org.uk/news/2011/01/21/apache2-version-analysis-data-visualisation/. Check it out!
Folks, Chengyu Song has been busy the last few weeks and made some upgrades to the honeypot monitoring tool Qebek. He has ported it from QEMU 0.9.1 to QEMU 0.13.0. As a result, Qebek's performance (boot time) is better and it no longer requires gcc 3.4. You can check it out
svn co https://projects.honeynet.org/svn/sebek/virtualization/qebek/trunk/
If you don't know what Qebek is or how to use it, take a look at our whitepaper at http://honeynet.org/papers/KYT_qebek.
Folks, holiday greetings from forensic challenge headquarter in Seattle. Mahmud and Ahmad from the Malaysian Chapter have judged all submissions and results have been posted on the challenge web site. The winners are:
1. Vos from Russia with perfect score!
2. Codrut from Romania
3. Mike from Canada
We received a total of 21 submissions and they were very competitive. The top three submissions came within a point of a perfect score and Vos from Russia actually received a perfect score. We have posted the top three submissions from Vos, Cordut and Mike on the challenge web site . As I said, these submissions are top notch and I encourage you to read through them.
With the forensic challenge 2010 coming to an end, we will be taking a little break for the holidays, but will be back in full force in early 2011.
Chief Communications Officer
The Honeynet Project