To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.

Blogs

2012 Honeynet Project Security Workshop @ Facebook, Inc. - SF Bay Area, CA, USA - March 19th/20th 2012


The Honeynet Project will hold its 2nd public security workshop at Facebook, Inc. in the San Francisco Bay Area. The workshop is going to be a two day event filled with technical presentations and hands-on tutorial training. On day 1 of the workshop, Honeynet Project members and Facebook will present on a wide range of information security topics: from honeypots and social networks to cybercrime and mobile malware. Day 2 will be a day of hands-on tutorial training. Our members will teach a total of 8 courses in forensics, honeypots, and visualization. For those who want to further hone their skills in a competitive setting, we will also host a capture-the-flag event on day 2.

Event details and registration information can be found at https://honeynet.org/SecurityWorkshops/2012_SF_Bay_Area. We hope to see you there!

Share:

Cuckoo 0.3.1 released

Cuckoo Sandbox 0.3.1 has been released.

The most interesting improvements include:

  • Extensive book guiding from setup to customization.
  • Improved analysis results processing engine.
  • Modular reporting engine with default HTML, TXT and JSON reports being generated.
  • Minimal web server/interface that allows you to browse, search and view HTML reports.
  • Introduction of support to URL submission.
  • UDP connections extraction.
  • A cool new logo. :-)
  • A lot of other things you can find listed in the CHANGELOG file.

Forensic Challenge 10 - "Attack Visualization" - Deadline Extended

Taking a look at the first submissions, it seems like more time is needed in order to solve the Forensic Challenge 10 - "Attack Visualization". For this reason we decided to extend the submission deadline to 2012, January 22th.

Have fun!

Angelo Dell'Aera
The Honeynet Project

HoneySpider Network Capture-HPC NG is out!

Client honeypots are tools that actively search servers for malicious data like malware, exploits, malicious PDF files, etc.

The Polish Chapter just released a new version of Capture-HPC originally developed by Christian Seifert and Ramon Steenson of the New Zealand Chapter. Capture-HPC focuses primarily on attacks against, or involving the use of, Web browsers.

It is available for download as binary Debian package on Polish Chapter webpage:
http://pl.honeynet.org

Source code is made available via github:

A new Cuckoo hatched his egg!

Overview

Cuckoo Sandbox is an Open Source automated dynamic malware analysis system designed to analyze and report on suspicious files.
Cuckoo started as a Google Summer of Code project in 2010 within The Honeynet Project. It was designed and developed by Claudio Guarnieri who still maintains the project and lead its development efforts.

Cuckoo has been selected again this year for Google Summer of Code 2011 with The Honeynet Project and with Dario Fernandes who joined the team. The work being done in the last months lead to the release of the 0.2 version.

WireShnork - A Snort plugin for Wireshark

GSoC 2011 #8 project's goal was to add forensics features to the popular Wireshark network analyzer.

Overview

Wireshark is an open source network analyzer widely used for network debugging as well as security analysis. Wireshark provides network
analyzer with graphical interface as well as command line tools.
Wireshark also provides network protocol decoders and support filters that allow to search through packets with keywords.

GSoC plugins extend Wireshark capabilities when Wireshark is used to analyze network traffic with security and forensic in mind.

Android Reverse Engineering (A.R.E.) Virtual Machine available for download now!

The Honeynet Project is happy to announce the release of the Android Reverse Engineering (A.R.E.) Virtual Machine.

Do you need to analyze a piece of Android malware, but dont have all your analysis tools at hand? The Android Reverse Engineering (A.R.E.) Virtual Machine, put together by Anthony Desnos from our French chapter, is here to help. A.R.E. combines the latest Android malware analysis tools in a readily accessible toolbox.

Tools currently found on A.R.E. are:

  • Androguard
  • Android sdk/ndk
  • APKInspector
  • Apktool
  • Axmlprinter

Forensic Challenge 10 - "Attack Visualization"

I am pleased to announce the next forensic challenge: Forensic Challenge 10 - "Attack Visualization".

The challenge has been created by Ben Reardon from Australia Chapter.

Submission deadline is December 18th and we will be announcing winners around the last week of January 2012. We have a few small prizes for the top three submissions.

Have fun!

Angelo Dell'Aera
The Honeynet Project

Forensic Challenge 9 – “Mobile Malware” - And the winners are...

Folks,
Frank, Mahmud, Azizan and Matt have judged all submissions and results have been posted on the challenge web site. The winners are:

1. Emilien Girault
2. Yuhao Luo, Wenbo Yang and Juanru Li
3. José Lopes Esteves

Really congratulations to the winners and thanks to the other partecipants.

Stay tuned because a new challenge is going to start in the next hours!

Angelo Dell'Aera
The Honeynet Project

Google Summer of Code 2011- Wrap up

In 2011, the Honeynet Project had once again the opportunity to participate in the Google Summer of Code program. In the last few weeks, we wrapped up all projects, beta tested the code, wrote documentation, and prepared releases.

To quickly recap: GSoc (Google Summer of Code) is an annual summer program sponsored by Google, in which Google pairs up students with organizations committed to open-source. Google supports each project with 5000USD of which the students receive the lion's share. The Honeynet Project has participated in GSoc since 2009. Visit http://honeynet.org/gsoc2009 and http://honeynet.org/gsoc2010 to get an idea on what we have accomplished through this program in the last couple of years.

This year, we were able to spin up and execute 12 projects! While there are still a couple of projects that are preparing their release as part of the larger underlying project, we would like to point you to the following links that provide a summary and references to the projects that already resulted in releases:

These projects address a wide array of security problems. APKInspector and DroidBox greatly simplify mobile malware analysis; Webviz and HoneyViz explore the space of visualization of data for the security analyst; HoneySink is the first open-source sinkhole solution available; sip module for dionaea extends the capability of this honeypot into the VoIP area; cHook & cHide makes the malware analysis platform Cuckoobox more resilient against detection & evasion; AxMock is a ActiveX emulation/detection module which can be used - for example to detect drive-by-download attacks with client honeypots, such as Capture-HPC - ; the libemu extension made shellcode analysis & execution much more performant; and the wireshark plugins extend the wireshark network monitoring tool with additional forensic and analysis capabilities, such as the integration with rules from the popular intrusion detection system Snort.

This is a really impressive list of projects!

The credit really goes to our awesome students that participated in GSoc this year. We want thank them for participating in this program and choosing the Honeynet Project as their mentoring organization. They all did a great job and I very impressed with their dedication and professionalism. I think the projects speak for themselves and some of the students will continue to be involved with these projects and our community long term! The students this year were:

  • Youzhi Bao (AxMock)
  • György Kohut (Honeeebox)
  • Lucas McDaniel (HoneyViz)
  • Oguz Yarimtepe (WebViz)
  • Patrik Lantz (DroidBox)
  • Cong Zheng (APKInspector)
  • Adam (Sinkhole)
  • Jakub Zawadzki (Wireshark Plugins)
  • Dario Fernandes (Cuckoobox)
  • Brandon Marken (HyperVisor)
  • PhiBo (VoIP module for dionaea)
  • Florian Schmitt (libemu qemu extension)

Also, we would like to thank the mentors and technical advisors who volunteered their time to support and mentor the students to be successful over the summer....

  • Ian Welch from the New Zealand Chapter (AxMock)
  • David Watson from the UK Chapter (Honeeebox)
  • Kara Nance from the Alaska Chapter (HoneyViz)
  • Ben Reardon from the Australian Chapter (WebViz)
  • Anthony Desnos from the French Chapter (DroidBox)
  • Ryan Smith from the RoT-1 Chapter (APKInspector)
  • Shaun Vlassis from the Australian Chapter (Sinkhole)
  • Guillaume Arcas from the French Chapter (Wireshark Plugins)
  • Claudio Guarnieri from the Global Chapter (Cuckoobox)
  • Brian Hay from the Alaska Chapter (HyperVisor)
  • Sjur Usken from the Norwegian Chapter (VoIP module for dionaea)
  • Markus Koetter, HP alumni (dionaea)
  • Felix Leder from the Giraffe Chapter (libemu qemu extension)

... and last but not least, we thank Google. The program greatly supports organizations like ours that are committed to open-source and trying to make a positive difference. We hope to be back next year :)

Christian Seifert
CEO, The Honeynet Project

Syndicate content