To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.

Blogs

Summary on Webviz Project

The review period is coming and i decided to write an entry to inform about the Webviz project. Till now the first output of the project is a proof of concept work[1] (requires WebGL supported browser, tested on Firefox 5 and Firefox 4, on other browsers i don't guarantee it works fine).

WebGl Globe Visualization for the hpfeeds data

The figure displays the visualized data. The elevations corresponds to the geograpical malware numbers. The more malware detected the higher peeks are represented with changing color.

Forensic Challenge 8 - "Malware Reverse Engineering" - Deadline Extended Again

We are realizing that the Forensic Challenge 8 - "Malware Reverse Engineering" - is really difficult to solve because right now we received just 5 submissions. For this reason we decided to extend the submission deadline again to July 31th.

Those who already submitted a solution before June 30th are granted the possibility to submit again thus taking advantage of this one-month extra time. Moreover a few extra bonus points will be assigned to them.

Have fun!

Angelo Dell'Aera
The Honeynet Project

Forensic Challenge 8 "Malware Reverse Engineering" - 4 days left!

Folks,
Forensic Challenge 8 "Malware Reverse Engineering" put up by Guido Landi and Angelo Dell'Aera from the Sysenter Chapter is in full swing. Submissions are due by June 30th, so if you want to participate, you have 4 days left. We award little prizes for the top three submissions! Hope to see your submission.

Angelo Dell'Aera
The Honeynet Project

DroidBox: testing with Geinimi sample

One of the very first Android malwares, Geinimi has been analyzed in the application sandbox DroidBox that is currently being developed. The project is part of GSoC 2011 in collaboration with Honeynet and as a master thesis. The Geinimi application uses DES encryption, and it's possible to uncrypt statically the content, see picture below.

Forensic Challenge 8 - "Malware Reverse Engineering" - Deadline Extended

Taking a look at the first submissions it seems like the Forensic Challenge 8 - "Malware Reverse Engineering" - is quite difficult to solve. For this reason we decided to extend the submission deadline to June 30th.

Have fun!

Angelo Dell'Aera
The Honeynet Project

Lion and iOS 5

Today Apple unveiled the next generation of OS X, Lion and new iOS 5. Among the features, I'm concerned about two features: AriDrop and iCloud.

Mapping geographic data

Visualization is a niche area especially at the security analysis. As mentioned in a well-known sentence; "A picture is worth a thousand words". The importance and the power of the visualization in the security area stands out with the ability to define multi-dimensional data with a single shape. When addressing the creating a mesh tiled 3D view on an Earth map, i was reading about the geoweb application development. A geoweb application consists of some components.

Spatial Data

Dionaea Installation

This summer, I will be dealing with the malware analysis distribution from a visualization perspective at a timeline and geographic basis. To collect data related with malwares, I installed the Dionaea, which is a successor of Nepenthes. The documentation of the Dionaea is plain and easy to follow. I chosed Debian Squeeze to install the honeypot on it. Installing the base system from netinstall CD and following the documentation was enough till i got an error message during the compiling process of Dionaea.

Forensic Challenge 8 - "Malware Reverse Engineering"

I am pleased to announce the next forensic challenge: Forensic Challenge 8 - "Malware Reverse Engineering".

The challenge has been created by Angelo Dell'Aera and Guido Landi from the Sysenter Honeynet Project Chapter.

Submission deadline is June 15th and we will be announcing winners around the third week of July. We have a few small prizes for the top three submissions.

Have fun!

Angelo Dell'Aera
The Honeynet Project

Forensic Challenge 7 – “Forensic Analysis of a Compromised System” - And the winners are...

Folks, Guillame and Hugo have judged all submissions and results have been posted on the challenge web site. The winners are:

1. Dev Anand
2. Fernando Quintero & Camilo Zapata
3. (3 submissions) Matt Erasmus, Joseph Kahlich and Kevin Mau

Congratulations to the winners!

With challenge 7 completed, we are getting ready to launch challenge 8 on May 9th. This challenge has been prepared by Guido Landi and Angelo Dell'Aera from the Sysenter Chapter and it deals with

Syndicate content