To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.

Blogs

Introducing Glastopf, a Web Application Honeypot

Hello, this initial blog post is used to introduce me and to provide a brief overview of my GSoC Project.

My name is Lukas Rist (my personal blog) and I am currently studying Math and Physics at the University of Kaiserslauter in Germany. This is my first time in GSoC and I will be working with Thorsten Holz on Glastopf, a Web Application Honeypot.

HoneyWeb, a web interface to manage client honeypots

Hi folks !

As the GSoC started, this blog entry will introduce to you, myself and my project.

My name is Thibaut, I am still a student like all GSoC participants I guess and I belong to the ENSI of Bourges (France). I took one year off for doing research at the university of Maryland (USA) in the IT security field, especially in honeypots.

Iteolih: Python Benchmark

As the plan is to embedd python as scripting language into the honeypot, I ran a benchmark on a testsuite. The 'testsuite' is a c core which accepts connections, and allows python to deal with the input. The protocol used for benchmarking is http, the service serves a non static html page.
I tested

  • 2.6.2_(release26-maint,_Apr_19_2009,_02:15:38)
  • 3.0.1+_(r301:69556,_Apr_15_2009,_17:22:45)_
  • 3.1a1+_(py3k,_Mar_30_2009,_02:02:26)_

To benchmark, I ran the apache benchmark tool ab

Introductions: Sebek Visualization Project

Hello all,

As today is the official start of the Google Summer of Code, an introduction both to the project, and for myself seems to be in order. My name is Kevin Galloway, and I'm currently a graduate student, in Computer Science at the University of Alaska, Fairbanks. Most of my background is more on the security side of things, although, at the start, graphics were one of the main reasons I chose computer science. This project was a way to combine those two passions of mine.

First Improvement of PICVIZ is done

Hi all!

As defined in gsoc proposal the first step was prepare PicViz-Gui to allow change axes order, including add duplicated axes. Even before start the codification process this feature is done. I hope this is a little sinal of we'll have success in all tasks that were defined. See a shot:

axis0, As first and last.

Honeywall update

Finally updated the roo-base rpm to point at http://yum.honeynet.org/roo/repo-1.4/ for the location of the yum repository.  Once I have access to the server, someone with an old deployment of roo 1.4, will be able to upgrade their honeywall as follows:

  1. rpm -i http://yum.honeynet.org/roo/repo-1.4/roo-base-5-36.hw.noarch.rpm
  2. yum update

This will update the honeywall with all updated system rpms effective 25 April 2009.
 

A view on Conficker's inside

Many people have asked us, how Conficker looks like. That's a tough question for something that's hidden and tries to be as stealthy as possible. The last time somebody asked me: "Can you show me Conficker?", I decided to visualize Conficker. Here is a little video that shows the evil core of Conficker.C.
 

LEET09 Paper: PhoneyC: A Virtual Client Honeypot

Earlier this week I had the good fortune to be in Boston for LEET09, a workshop on exploits, malware, and large-scale trends. I presented on PhoneyC, the Python honeyclient I've been working on. The paper describes the architecture and features of the tool and a real world evaluation and test. The talk was well received, and many thanks to the organizers of the conference and the PC for their helpful reviews.
Usenix has made the full paper available to all for free.

GSoC 2009 Student Slots Announced

The results for Google Summer of Code 2009 are out and the Honeynet Project are very excited to have been allocated 9 official slots by Google. You can view the project selection here:
 
http://socghop.appspot.com/org/home/google/gsoc2009/honeynet
 

Syndicate content