Just a quick note to you let everybody know that the videos from 2011 Honeynet Project Security Workshop has been posted. The slides can be obtained at the same location.
Tillmann Werner from the Giraffe Honeynet Project chapter just released the first version of "streams", a tool for browsing, mining and processing TCP streams in pcap files. If you ever needed to process large pcap files on a session level, you will love this tool. Have a look at the README to get an impression of its
The README contains some sample output and tool description.
The Honeynet Project has been all over the media again lately, mostly due to our visualization research.
Just a reminder, there is still time to register for The 2011 Honeynet Project Security Workshop.
More information: honeynet.org/node/602
About the event:
Not all of you might know it, but The Honeynet Project is well-represented on social media. Apart from this blog, we have:
The plot? As usual:
A Linux server was possibly compromised and a forensic analysis is required in order to understand what really happened. Hard disk dumps and memory snapshots of the machine are provided in order to solve the challenge.
Are you up to the challenge? All details are here
Here are the questions that need your answers:
What service and what account triggered the alert? (1pt)
What kind of system runs on targeted server? (OS, CPU, etc) (1pt)
The following are the Top 5 popular blog posts from The Honeynet Project blog this month.
Here is another tool release from The Honeynet Project: Cuckoo Box by Claudio Guarnieri. Cuckoo is a binary analysis sandbox, designed and developed with the general purpose of automating the analysis of malware. Read more about the tool here, grab the tool here – but please read detailed setup guide here (make sure to read it!). BTW, this tool is really well-documented, so make use of it before deploying it.
Here is another new release from the Project: a release of a new tool called PhoneyC, a virtual client honeypot.
PhoneyC is a virtual client honeypot, meaning it is not a real application (that can be compromised by attackers and then monitored for analysis of attacker behavior), but rather an emulated client, implemented in Python. The main thing it does is scour web pages looking for those that attack the browser.
It is with great pleasure I announce the first-ever Honeynet Project Public Conference, held alongside with the traditional Honeynet Project Annual Workshop. The event will be held on March 21, 2011 in Paris. For those who just want to register now, go here.
Date: 21 March 2011 (Monday)
8:30AM ~ 18:00PM (GMT+1)