This summer, I will be dealing with the malware analysis distribution from a visualization perspective at a timeline and geographic basis. To collect data related with malwares, I installed the Dionaea, which is a successor of Nepenthes. The documentation of the Dionaea is plain and easy to follow. I chosed Debian Squeeze to install the honeypot on it. Installing the base system from netinstall CD and following the documentation was enough till i got an error message during the compiling process of Dionaea. “common” from the irc channel of Nepenthess was helpful about the solution of the problem. The problem was defined at http://sourceforge.net/mailarchive/message.php?msg_id=27441025. It was because of the wrong Cython version usage with a makefile error.

I am pleased to announce the next forensic challenge: Forensic Challenge 8 - “Malware Reverse Engineering”.

The challenge has been created by Angelo Dell’Aera and Guido Landi from the Sysenter Honeynet Project Chapter.

Submission deadline is June 15th and we will be announcing winners around the third week of July. We have a few small prizes for the top three submissions.

Have fun!

Angelo Dell’Aera
The Honeynet Project

Project Description:
Proposed Capture-HPC Description

Capture-HPC is a high-interaction client honeypot that is capable of seeking out and identifying client-side attacks. It identifies these attacks by driving a vulnerable client to open a file or interact with a potentially malicious server. As it processes the data, Capture-HPC monitors the system for unauthorized state changes that indicate a successful attack has occurred. It is regularly used in surveys of malicious websites that launch drive-by-download attacks.

An important update for Forensic Challenge 7 challengers. For reasons related to reviewers’ everyday job committments the challenge results will be announced on Friday, May 6th 2011 and not on Friday, 29th April as announced in the previous blog post.

Thanks for your patience and regards.

Angelo Dell’Aera
The Honeynet Project

Folks, Google has just announced the accepted projects on the GSoc website. We had an excellent line up of students and proposals this year and were able to accept 12 projects! Thanks for all the students who have applied this year and congratulations to all accepted!

Christian

Just a quick note to you let everybody know that the videos from 2011 Honeynet Project Security Workshop has been posted. The slides can be obtained at the same location.

Folks the submission deadline for the Forensic Challenge 7 – “Forensic Analysis of a Compromised System” - put up by Hugo Gonzalez from the Mexico Chapter and Guillaume Arcas from the French Chapter - has passed. We have received 16 submissions and will be announcing results on Friday, Apr 29th 2011. The winners will get a copy of the book “Virtual Honeypots - From Botnet Tracking to Intrusion Detection” written by Niels Provos and Thorsten Holz.

Tillmann Werner from the Giraffe Honeynet Project chapter just released the first version of “streams”, a tool for browsing, mining and processing TCP streams in pcap files. If you ever needed to process large pcap files on a session level, you will love this tool. Have a look at the README to get an impression of its
capabilities.

The README contains some sample output and tool description.

Tillmann’s talk “High Performance Sniffing” from The Honeynet Project public workshop covers this tool:

With GSoC 2011 student applications having been open for the past week, we’ve been having a number of interesting discussions with potential students on both #gsoc2011-honeynet on irc.freenode.net and on our public GSoC mailing list and this summer is already looking to have many exciting project ideas.

Student applications run through to Friday April 8th at 19:00 UTC, so if you are a student interested in participating in GSoC 2011 with the Honeynet Project, please take a look at our GSoC 2011 project ideas and make the most of the remaining time to get involved. We cover a very wide range of projects, tools and technologies, so hopefully there is something available to interest everyone, whatever their experience.

Folks, challenge 7 - forensic analysis of a compromised server - put up by Hugo Gonzalez from the Mexico Chapter and Guillaume Arcas from the French Chapter is in full swing. Submissions are due by March 31st, so if you want to participate, you have 5 days left. We award little prizes for the top three submissions! Hope to see your submission.

Christian