To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.

Blogs

TraceExploit

The first part to the format discovery is 90% completed.
The program is now able to tokenize the sample packets and sort them to clusters according to token pattern.
The structure for a token looks like this:

// definition of a node for initial tokenization
struct sToken {
struct inferProperty* sProperty;
struct inferSemantic* sSemantic;
struct formatDistinguisher* sFD;
struct sToken* next;
};

struct inferProperty {
char szType[4]; //"s-c/c-s" / "bin" / "txt"
unsigned char* pValue; //value of token. Will include

null and unicode, if there is

The winners of the 4th Forensic Challenge 2010 VoIP are ...

The 4th Forensic Challenge on VoIP has come to an end. We had a total of 21 submissions with several submissions from Chinese speakers which has been made possible by Julia, Jianwei and Roland from the Chinese speaking chapters.

The winners of the 4th Forensic Challenge 2010 VoIP are:

  1. Franck Guenichot (France)
  2. Fabio Panigatti (Italy)
  3. Shaun Zinck (USA)

We have posted their submissions onto the challenge web site so you can see what top notch submissions they provided. Franck, Fabio and Shaun will be awarded with small book prizes. Congratulations!

Thanks to all who participated in the challenge in particular Ben Reardon from the Australian and Sjur Eivind Usken from Norwegian Chapter who made this challenge possible.

Forensic Challenge 2010/4 - VoIP - 4 days left!

Folks, the submission deadline for our Forensic Challenge 4 - VoIP is quickly approaching. The deadline is this Wednesday and so you have another 4 days to submit your solution.

The challenge is quite different than our previous challenges. It was provided by Ben Reardon from the Australian and Sjur Eivind Usken from Norwegian Chapter - and takes you into the realm of voice communication on the Internet. Thanks to our Chinese speaking chapters, it is also available in simplified Chinese and traditional Chinese.

The Honeynet Project 鑑識分析挑戰中文版啟航

The Honeynet Project 是一個國際知名的開源資訊安全研究團隊,致力於提升Internet的安全。

The Honeynet Project取证分析挑战中文版启航,欢迎华语世界安全人士参与

The Honeynet Project是一个国际知名的开源信息安全研究团队,致力于提升Internet的安全。

Forensic Challenge 2010/4 - VoIP is now live

Challenge 4 of the Honeynet Project Forensic Challenge - titled "VoIP" - is now live. This challenge 4 - provided by Ben Reardon from the Australian and Sjur Eivind Usken from Norwegian Chapter - takes you into the realm of voice communications on the Internet. VoIP with SIP is becoming the de-facto standard. As this technology becomes more common, malicious parties have more opportunities and stronger motives to take control of these systems to conduct nefarious activities. This Challenge is designed to examine and explore some of attributes of the SIP and RTP protocols.

Note that our Chinese speaking chapters (Julia Cheng from the Taiwanese Chapter, Jianwei Zhuge from the Chinese Chapter and Roland Cheung from the Hongkong Chapter) have taken great initiative and translated the challenge into Chinese, which is available from the simplified Chinese and traditional Chinese pages (will be posted by EOD today.)

With this challenge, we are getting on a firm 2 month cycle. You will have one month to submit (deadline is June 30th 2010) and results will be released approximately 3 weeks later. Small prizes will be awarded to the top three submissions.

Enjoy the challenge!

Waledac's Anti-Debugging Tricks

The last spreading malware version of Waledac, a notorious spamming botnet that has been taken down in a collaborative effort lead by Microsoft earlier this year, contained some neat anti-debugging tricks in order to make reverse-engineering more difficult. Felix Leder and I have been presenting about the approach at SIGINT 2010 in Cologne yesterday, and as the method seems to be not publicly known yet, I will quickly describe it here as well.

Forensic Challenge 2010/3 - "banking troubles" - and the winners are ....

Josh, Angelo, Matt and Nicolas finished evaluating the submissions for FC2010/3 banking troubles. Again, lots of great submissions! We had a total of 22 and the top performers for FC2010/3 are:

  1. Mario Pascucci (Italy)
  2. Tyler Hudak (USA)
  3. Carl Pulley (UK)

Congratulations to the winners and all the folks that participated in the challenge - this was not an easy one. Each winner will receive a signed book from one of our Honeynet Project authors. We have posted the submissions of the winners and sample solution on the FC2010/3 web page. All participants should have also received an email today with information about their individual score as well as placement.

How can we improve the Forensic Challenge?

Folks, the submission deadline for the Forensic Challenge 3 – “Banking Troubles” has passed. We have received 22 submissions and will be announcing results on Wednesday, May 12th 2010. With the 3rd challenge coming to an end, we would love to get your feedback on the challenges: Which challenge did you enjoy in particular and why? Do you have any suggestions on how to improve the challenge? Is there a particular challenge you would like to see in the future? Send your feedback to forensicchallenge2010@honeynet.org.

Honeynet Annual Workshop has kicked off

The 2010 Honeynet Workshop has kicked off, in the wonderful surroundings of UNAM, Mexico City. Many thanks to our hosts!

Syndicate content