phoneyc
PHoneyC DOM Emulation – Browser Personality
Sun, 08/22/2010 - 15:03 — angelo.dellaeraA new improvement in PHoneyC DOM emulation code was committed in SVN r1624. The idea is to better emulate the DOM behaviour depending on the selected browser personality. Let's take a look at the code starting from the personalities definition in config.py.
40 (1,
41 "Internet Explorer 6.0 (Windows 2000)",
42 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)",
43 "Mozilla",
44 "Microsoft Internet Explorer",
PHoneyC DOM Emulation - Window
Tue, 08/10/2010 - 13:14 — angelo.dellaeraA few weeks ago I started reviewing the PHoneyC DOM emulation code and realized it was turning to be hard to maintain and debug due to a huge amount of undocumented (and sometimes awful) hacks. For this reason I decided it was time to patch (and sometimes rewrite from scratch) such code. These posts will describe how the new DOM emulation code will work. The patch is not available right now since I'm testing the code but plans exists to commit it in the PHoneyC SVN in the next days.
What's new on PHoneyC (4): Try it out!
Mon, 08/10/2009 - 19:19 — zhijie.chenHi all:
I have finished almost all the coding stuff of Project #1, now you can try out the new PHoneyC with shellcode/heapspray detection here:
http://code.google.com/p/phoneyc/source/browse/phoneyc#phoneyc/branches/phoneyc-honeyjs
Please feel free to report any bug or suggestion on shellcode/heapspray detection to me.
What's new on phoneyc (3)--- Mid-term Evaluation
Sun, 07/05/2009 - 17:41 — zhijie.chen
Mid-term Report on PHoneyC GSoC project 1
| Info: | See <https://www.honeynet.org/gsoc/project1> for project details. |
|---|---|
| Author: | Zhijie Chen (Joyan) <czj.pub@gmail.com> |
| Mentor: | Jose Nazario |
| Description: | Mid-term Report on PHoneyC GSoC project 1. This report describes what I have done on the PHoneyC's libemu integration for shellcode and heapspray detection during the first half of the GSoC. Till now, the main ideas on this feature has been fast-implemented (actually I mean poor coding style) and the whole flow works well, with some code rewriting and performance optimization needed in the future. |
What's new in phoneyc (2)--- Shellcode and Heapspray Dectection
Mon, 06/01/2009 - 15:37 — zhijie.chenHi folks:
I have done some basic shellcode and heapspray detection codes in the phoneyc's 'honeyjs' javascript engine (based on python-spidermonkey, with extra tracing and auditing works). And also I have made a presentation on the local honeynet chinese chapter last weeked. Details about my current approaches can be found on this slide: http://is.gd/J9QP
Z. Chen (Joyan)
What's new in phoneyc's shellcode detection (1)--- Tracing spidermonkey
Mon, 05/25/2009 - 08:18 — zhijie.chen1. Overview -------------------------------
We are a 501c3 non-profit, all volunteer organization. Consider donating to support our forensic challenges, tools development, and research.