United Arab Emirates Chapter

We are excited to announce the latest chapter coming on Board, the United Arab Emirates Chapter, hosted and formed by aeCERT.  This is the very first Chapter to be joining from the middle-east, we are very excited to have them on board and expect great things from them!


Last week I had the honor of being interviewed by the sharp team at PaulDotCom, in which they quized me extensively about honeypots and honeypot technology.  I have had the chance to work with John Strands of the team, who is one of the best penetration testers I know, he really knows his stuff and creates great demonstration hacking videos.  If you have a chance, check it out, they are smart group of fun guys.
 http://pauldotcom.com/2009/07/pauldotcom-security-weekly---e-19.html Read more »

Confusion About Honeypots

Honeypots have been actively used by the security community for over ten years now.  They are used for a variety of purposes, but now a days primarily for information gathering.   When honeypots first were being used they generated a great deal of discussion about the legal issues.  However, through the years this debate has died down, most organizations feeling these issues are minor.  I just wanted to share an update on these thoughts.
  Read more »

First Improvement of PICVIZ is done

Hi all!

As defined in gsoc proposal the first step was prepare PicViz-Gui to allow change axes order, including add duplicated axes. Even before start the codification process this feature is done. I hope this is a little sinal of we'll have success in all tasks that were defined. See a shot:

axis0, As first and last.

Read more »

Honeywall update

Finally updated the roo-base rpm to point at http://yum.honeynet.org/roo/repo-1.4/ for the location of the yum repository.  Once I have access to the server, someone with an old deployment of roo 1.4, will be able to upgrade their honeywall as follows:

  1. rpm -i http://yum.honeynet.org/roo/repo-1.4/roo-base-5-36.hw.noarch.rpm
  2. yum update

This will update the honeywall with all updated system rpms effective 25 April 2009.
  Read more »

A view on Conficker's inside

Many people have asked us, how Conficker looks like. That's a tough question for something that's hidden and tries to be as stealthy as possible. The last time somebody asked me: "Can you show me Conficker?", I decided to visualize Conficker. Here is a little video that shows the evil core of Conficker.C.
  Read more »

LEET09 Paper: PhoneyC: A Virtual Client Honeypot

Earlier this week I had the good fortune to be in Boston for LEET09, a workshop on exploits, malware, and large-scale trends. I presented on PhoneyC, the Python honeyclient I've been working on. The paper describes the architecture and features of the tool and a real world evaluation and test. The talk was well received, and many thanks to the organizers of the conference and the PC for their helpful reviews.
Usenix has made the full paper available to all for free. Read more »

GSoC 2009 Student Slots Announced

The results for Google Summer of Code 2009 are out and the Honeynet Project are very excited to have been allocated 9 official slots by Google. You can view the project selection here:
  Read more »

Simple Conficker Scanner v2

Today we released version 2 of our Simple Conficker Scanner (SCSv2). It contains a new scanning method which allows for detection of machines infected with the recent Conficker version (D or E, depending on the naming scheme - the tool calls it D). Although the patch to the vulnerable function NetpwPathCanonicalize() was updated in the new variant, the RPC response codes for specially crafted requests are still different for infected machines. Read more »

Google Summer of Code Applications

The Honeynet Project is very excited to be a member of the Google Summer of Code.  We are sponsoring at least eight GSoC projects and potentialy more, depending on how many other ideas we received.  Google has just closed the application period, we are thrlled to see we received 55 applications.  Our mentors will spend the next week reviewing and ranking each application.  Then, on 15 April Google will select our top applicants.  At this time we do not know how many applicants will be allowed in our program, but we are hoping it will be quite a few! Read more »

Syndicate content