To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.

Blogs

Google Summer of Code

We are very excited to announce the Honeynet Project has applied for the Google Summer of Code for 2009.

Annual Honeynet Workshop

Once a year the Honeynet Project brings together members from around the world for a one week workshop on honeypot research, development and deployments.  This year's event was hosted and sponsored by the International Multilateral Partnership Against Cyber-Threats (IMPACT), a public-private alliance against cyber threats.  The event was held in IMPACT's facilities based in Cyberjaya, Malaysia.  Without a doubt, this was our most successful and productive workshop ever.  We had over twenty countries and organizations represented, all dedicat

Mexican Chapter - Annual Report

=== ORGANIZATION ===

The Mexican HP Chapter members are:
Miguel Hernández y López (miguel_at_honeynet.org.mx)
Hugo Gonzalez Robledo (hugo_at_honeynet.org.mx)

=== DEPLOYMENTS ===

* Capture HP deployment and a nepenthes sensor in several networks.
* Working with different government agencies in Argentina to implement Nepenthes sensors and honeynets Nepenthes within their networks

UNAM Chapter Blog

UNAM Chapter Status Report has been published.
More details

Speaking Waledac

While it seems to be impossible to say whether waledac is the successor of storm or not, what we can do is take a look at the traffic encryption. They guys over at Shadowserver have already blogged some details about this. We at the Giraffe Chapter investigated waledac's communication protocol further. Here are our results.

Picviz 0.5 out

The new release 0.5 of Picviz is out. This version comes with real-time mode enabled (and adds the libevent dependency) among other things, such as new properties and variables.

Get it from the usual place.

What is Picviz?

When considering log files for security, usual applications available today
either look for patterns using signature databases or use a behavioral
approach. In both cases, information can be missed. The problem becomes
bigger with systems receiving a massive amount of logs.

Happy new year to all

Hello all
 
Wishing you all the best for the new year, and all the best for the honeynet project,
 
Sami
Canadian chapter

Waledac is wishing merry christmas

Waledac is wishing merry christmas
There is a new bot in town. It's called Waledac. The way it is spreading reminds a lot of people of the good old storm botnet: An email is sent containing a "christmas card" in form of the executable "postcard.exe".
Waledac social engineering
A preliminary view on the binary has been given by the Shadowserver guys (Steve Adair).

I had the chance to have a first look at the binary (MD5 ccddda141a19d693ad9cb206f2ae0de9) and want to note down some of my few findings to let the hunt begin.

Annual Honeynet Project Workshop

Once a year the Honeynet Project brings together members from around the world for a one week workshop on honeyopt research, development and deployments.  We are excited that for this year's event the workshop will be sponsored and hosted by the International Multilateral Partnership Against Cyber-Threats (IMPACT), a public-private alliance against cyber threats.  IMPACT is based in Cyberjaya, Malaysia.  We are very excited for this opportunity as it will be the first time we have hosted the event in Asia.  We would like to thank IMPACT for t

libemu: Detecting selfencrypted shellcode in network streams

As libemu had it's second release (0.2.0) lately, I'll try to introduce it to the audience who did not hear about it yet.
libemu is a small library written in c offering basic x86 emulation and shellcode detection using GetPC heuristics. Intended use is within network intrusion/prevention detections and honeypots.
This post is split into four parts:

  • Practical libemu usecase, showing how it executes shellcode and which information we get from it
  • Explanation of libemu and how it detects shellcode
  • High level shellcode profiling and pre-requirements for this step
  • API call hooking internals
Syndicate content