PhoneyC is a low-interaction client honeypot designed to allow researcher to quickly and easily identify and analyze malicious websites and their malware. We hope to be adding DOM emulation and automated shellcode detection using LibEmu this summer, amongst other features, to help improve detection and performance.
Primary Mentor: Jose Nazario
Student: Mark Shloesser
- pyprofjsploit integration (spidermonkey + libemu)
- DOM emulation to support DOM-based obfuscation
- Real World testing and evaluation
- Testing constructed corner-cases
- Beginning May 23rd: Exploration of codebase, planning integration of pyprofjsploit, evaluating approaches for DOM support
- July 6th: PHoneyC should be running with spidermonkey and libemu support by now, next step would be supporting DOM based obfuscations and further improving detections
- August 10th: Hopefully working detection of DOM-obfuscated exploits. Last phase would be more testing, evaluation and improving the code.