To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.

Blogs

Low-interaction honeyclient Thug released!

I'm glad to announce I finally publicly released a brand new low-interaction honeyclient I'm working on from a few months now. The project name is Thug and it was publicly presented a few hours ago during the Honeynet Project Security Workshop in Facebook HQ in Menlo Park. Please take a look at the (attached) presentation for details about Thug.

Just a few highlights about Thug:

  • DOM (almost) compliant with W3C DOM Core and HTML specifications (Level 1, 2 and partially 3) and partially compliant with W3C DOM Events and Style specifications

Google Soc 2012 - Honeynet Project Accepted

We have just been notified by Google that the Honeynet Project has - once again - been accepted as one of the mentoring organization for Google Summer of Code 2012 (in total 180 organizations were selected). We are very excited and are looking forward to a great summer! Already a big thank you to Google for their continued support!

While student applications are not officially open yet, interested students are encouraged to check out our ideas page and get in contact with us via gsoc@public.honeynet.org and/or IRC (#gsoc2012-honeynet on irc.freenode.net) in the next few ideas to meet the mentors and discuss project ideas. Student applications officially open on March 26th 2012 and close on April 6th 2012.

We are looking forward to hearing from you!

Release of WoLF Viz

Frasier, who participated in our recent visualization forensic challenge has released his visualization tool WoLF Viz at http://code.google.com/p/wolf-viz/. WoLF Viz works by parsing arbitrary text log files into a network (graph) of words, where the words are nodes and the edges are adjacent word pairs. The edge weights are based on how often the two words are seen next to each other.

Last chance for early bird registration

Early bird registration to our 2012 Honeynet Project Security Workshop ends today. The workshop will be held at the Facebook offices in the SF Bay Area. Secure your spot today for the workshop or one of the eleven hands-on training sessions we are offering. You can check out the agenda and training sessions at https://honeynet.org/SecurityWorkshops/2012_SF_Bay_Area. Hope to see you there!
Christian Seifert
CEO, The Honeynet Project

Forensic Challenge 10 - "Attack Visualization" - And the winners are...

Folks,
Ben Reardon has judged all submissions and results have been posted on the challenge page. The winners are:

1. Fabian Fischer
2. Chris Horsley
3. Fraser Scott
4. Dan Gleebits
5. Johnathan Tracz

Take a look at Ben's blog post for additional details. Congratulations to the winners and thanks to the other participants!

Angelo Dell'Aera
The Honeynet Project

Congratulations to the winners of Forensic Challenge FC10- Attack Visualization !

While the quantity of submissions for FC10 was lower than usual - we had expected this because of the amount of work required to submit plus being over the Christmas break - the quality of the solutions was really inspiring.

Of course the hardest part was deciding the winners, and as expected the traditional scoring method was not ideal for this type of challenge because the challenge was about creating and developing ideas, rather than just answering a number of dry questions. Quite a few people people used the challenge not so much to win a prize, but to have fun, develop an idea they've had, practice on some real datasets, learn, and teach. This was exactly the spirit we'd hoped for, so thanks to everyone for putting in a big effort.

The Winners and their solutions:
Fabian Fischer - solution

Chris Horsley - solution

Fraser Scott - solution

Dan Gleebits - solution

Johnathan Tracz - solution

The standout theme in the submissions for me was the use of interactive and flexible tools to analyse the data. As we move further into the big data world, its going to be imperative to get inside the data interactively to understand it. Some of the solutions focused on developing brand new applications/frameworks to interactively data sets - Check out the submissions from Fabian and Chris as really good examples of this. While Fraser put forward the idea of rendering images in 3D - which is not that far-out an idea actually, why not?!.

We hope that this challenge was enjoyable for those who participated, and for those downloading the submissions for inspiration. These challenges have a long legacy, we see people downloading, attempting and referencing these challenges and the solutions for education purposes years afterwards, so they are an important program at the Honeynet Project.

It would be great to see solutions to future forensic challenges use visualization, not only to analyse and detect trends, but also to describe the problem space to the layperson. With that said - the next Forensic challenge, FC11 should be released shortly - so stay tuned.

And lastly, if anyone wants to develop their ideas further, a good way (i.e. get paid if you are accepted!) is to get involved in our upcoming Google Summer of Code program GSOC12

Identifying unknown files by using fuzzy hashing

Identifying unknown files by using fuzzy hashing

Over the last couple of years I have captured about 2 gigabytes of malware using the Dionaea honeypot. Analysing and identifying those files can mostly be done by sites as Virustotal, Anubis or CWsandbox. By modifying the ihandler section in the dionaea.conf this can be done fully automated.
Every now and then even these excellent analysis sites come up with nothing. No result or whatsoever. This could be because its a brand new sample of malware which simply isn't recognised yet or it is a morphed sample of a known and existing one.

Malwr.com: powered by Cuckoo

We are proud and happy to announce that a new free malware analysis online service is born.

Malwr.com is based on Cuckoo Sandbox, a project mentored by the Honeynet Project, sponsored by GSoC and developped by Claudio "nex" Guarnieri (@botherder), Dario Fernandes and Alessandro "jekil" Tanasi (@jekil). Malwr.com hosting is provided by ShadowServer.

If you want to test Cuckoo's flavor before installing it or if you're too lazy to deploy your own sandbox, just go there ! :-)

http://malwr.com/
http://cuckoobox.org/

2012 Honeynet Project Security Workshop @ Facebook, Inc. - SF Bay Area, CA, USA - March 19th/20th 2012


The Honeynet Project will hold its 2nd public security workshop at Facebook, Inc. in the San Francisco Bay Area. The workshop is going to be a two day event filled with technical presentations and hands-on tutorial training. On day 1 of the workshop, Honeynet Project members and Facebook will present on a wide range of information security topics: from honeypots and social networks to cybercrime and mobile malware. Day 2 will be a day of hands-on tutorial training. Our members will teach a total of 8 courses in forensics, honeypots, and visualization. For those who want to further hone their skills in a competitive setting, we will also host a capture-the-flag event on day 2.

Event details and registration information can be found at https://honeynet.org/SecurityWorkshops/2012_SF_Bay_Area. We hope to see you there!

Share:

Cuckoo 0.3.1 released

Cuckoo Sandbox 0.3.1 has been released.

The most interesting improvements include:

  • Extensive book guiding from setup to customization.
  • Improved analysis results processing engine.
  • Modular reporting engine with default HTML, TXT and JSON reports being generated.
  • Minimal web server/interface that allows you to browse, search and view HTML reports.
  • Introduction of support to URL submission.
  • UDP connections extraction.
  • A cool new logo. :-)
  • A lot of other things you can find listed in the CHANGELOG file.
Syndicate content