To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.

Blogs

Parser Redux and Libraries

I know I said that I would post a screenshot a week ago, but it's been a little busy, but here's an older attached image. One of the reasons there was a delay is that the code that I was using was based on one of the wxPython demo programs, hence the RunDemo title bar. I'm in the process of revamping that code into something that's a little more standalone.

New features added !

Hi folks,
It took me a long time to work on the data model, the back-end, to setup all my framework(Tapestry+hibernate+Spring+ACEGI+Maven) but it's done right now.
So I will post once a week I guess about new features I added.
I'd like to speak a bit about how my webapp works. The main goal is to separate every layer of my web. e.g front-end/business/back-end :
Layers model
This week, you I added

Picviz 'Durian gostoso' 0.6 is out

Hello all!
In Last night we had released the newest version of PicViz suite (that contains all PicViz tools). Specifically for the GUI, now we can brush the lines dynamically and apply zoom in graph. To allow line brush has been necessary reimplement some important classes of PyQt used in the GUI. It wasn't easy. But now it works, despite of we must continually improve the line (event) selection.

A python object: It can be everything!

The code is like this:
class unknown_obj(object):
    def __call__(self, *arg): return unknown_obj()
    def __getitem__(self, key): return unknown_obj()
    def __getattr__(self, name): return unknown_obj()
 
The three methods are: __call__ for function calls (*arg means arg is the argument list), __getitem__ for the visit to members using '[]', such as a[3] and 3 is the key, __getattr__ just like we mentioned, for any visit to members using '.'. So almost every kind of codes is legal to an object like this. For example:

Another Features is ready!

Hi folks! I'm happy cause the work on Picviz Projetct goes well. Another feature was finish, and was determined on our Porposal we are work to improve the Picviz interface.
Item 2 from our Proposal, that is ready:

A little demo of Change Axis tool

In PCP research, axes reorder is an vital type of analysis. A difficult task is recognize relationships among a small number of variables, specially if those variables were distant in the representation, readjust position of each variable can be interactively explored to improve the graphics and extract more information of them.
You could saw this feature was done and how I haven't posted an effective demonstration for readers of honeynet blog yet. With help of my tutor Sebastien, we was created a gif that represents the axes reorder in action.

Data model and tutorial

Hi everyone,
I just wanted to share few things with you about my project.
I'm still very excited to work on my project and if anyone is intersted in what I've done, here is a short tutorial I created to setup the project quickly.
If some kind people would like to test it to give me their feedback. It could be the best way for me to improve it.

http://docs.google.com/View?id=dfmnx2fx_74g99bnpgx

Improving Glastopf

Last saturday I've finally released a new Glastopf version. There are some new features and many changes under the hood.

Precall and Postcall

When using hooking technology to intercept system calls, there are two different places to collect information: before the original function is called (precall) and after the original function returns (postcall). For example, in Sebek Win32 client, when callback function OnZwReadFile is called, it first calls the original function s_fnZwReadFile, after the original function returns, it checks whether the original call succeeds,  if does, it then calls the data collection function LogIfStdHandle:

How to transparently redirect a TCP connection

TCP was built to allow 2 hosts to exchange a stream of packets reliably. Honeybrid must add a third host to this operation when it decides to investigate further a connection. The keys for this process to work are: 1) a replay process that gets the high interaction honeypot to the same state than the low interaction honeypot; and 2) a forwarding process that translates not only IP addresses but also TCP sequence and acknowledgement numbers. Here is how things work in detail:

Syndicate content