To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.

Blogs

Dionaea Installation

This summer, I will be dealing with the malware analysis distribution from a visualization perspective at a timeline and geographic basis. To collect data related with malwares, I installed the Dionaea, which is a successor of Nepenthes. The documentation of the Dionaea is plain and easy to follow. I chosed Debian Squeeze to install the honeypot on it. Installing the base system from netinstall CD and following the documentation was enough till i got an error message during the compiling process of Dionaea.

Forensic Challenge 8 - "Malware Reverse Engineering"

I am pleased to announce the next forensic challenge: Forensic Challenge 8 - "Malware Reverse Engineering".

The challenge has been created by Angelo Dell'Aera and Guido Landi from the Sysenter Honeynet Project Chapter.

Submission deadline is June 15th and we will be announcing winners around the third week of July. We have a few small prizes for the top three submissions.

Have fun!

Angelo Dell'Aera
The Honeynet Project

Forensic Challenge 7 – “Forensic Analysis of a Compromised System” - And the winners are...

Folks, Guillame and Hugo have judged all submissions and results have been posted on the challenge web site. The winners are:

1. Dev Anand
2. Fernando Quintero & Camilo Zapata
3. (3 submissions) Matt Erasmus, Joseph Kahlich and Kevin Mau

Congratulations to the winners!

With challenge 7 completed, we are getting ready to launch challenge 8 on May 9th. This challenge has been prepared by Guido Landi and Angelo Dell'Aera from the Sysenter Chapter and it deals with

GSoC2011-THP Project 1 - Improve our high interaction client honeypot Capture-HPC

Project Description:
Proposed Capture-HPC Description

Capture-HPC is a high-interaction client honeypot that is capable of seeking out and identifying client-side attacks. It identifies these attacks by driving a vulnerable client to open a file or interact with a potentially malicious server. As it processes the data, Capture-HPC monitors the system for unauthorized state changes that indicate a successful attack has occurred. It is regularly used in surveys of malicious websites that launch drive-by-download attacks.

Forensic Challenge 7 - Publication of Results Delayed

An important update for Forensic Challenge 7 challengers. For reasons related to reviewers' everyday job committments the challenge results will be announced on Friday, May 6th 2011 and not on Friday, 29th April as announced in the previous blog post.

Thanks for your patience and regards.

Angelo Dell'Aera
The Honeynet Project

Google SoC 2011 - Accepted Projects Announced

Folks, Google has just announced the accepted projects on the GSoc website. We had an excellent line up of students and proposals this year and were able to accept 12 projects! Thanks for all the students who have applied this year and congratulations to all accepted!

Christian

2011 Honeynet Project Security Workshop Videos Online

Just a quick note to you let everybody know that the videos from 2011 Honeynet Project Security Workshop has been posted. The slides can be obtained at the same location.

The Honeynet Project Releases New Tool: streams

Tillmann Werner from the Giraffe Honeynet Project chapter just released the first version of "streams", a tool for browsing, mining and processing TCP streams in pcap files. If you ever needed to process large pcap files on a session level, you will love this tool. Have a look at the README to get an impression of its
capabilities.

The README contains some sample output and tool description.

Forensic Challenge 7 - Submission deadline passed

Folks the submission deadline for the Forensic Challenge 7 – “Forensic Analysis of a Compromised System” - put up by Hugo Gonzalez from the Mexico Chapter and Guillaume Arcas from the French Chapter - has passed. We have received 16 submissions and will be announcing results on Friday, Apr 29th 2011. The winners will get a copy of the book "Virtual Honeypots - From Botnet Tracking to Intrusion Detection" written by Niels Provos and Thorsten Holz.

UPDATE: Forensic Challenge 7 results will be announced on Friday, May 6th 2011.

Angelo Dell'Aera
The Honeynet Project

Google SoC 2011 - Student Applications In Progress

With GSoC 2011 student applications having been open for the past week, we've been having a number of interesting discussions with potential students on both #gsoc2011-honeynet on irc.freenode.net and on our public GSoC mailing list and this summer is already looking to have many exciting project ideas.

Syndicate content