The summer is coming to the end as well as my GSoC17 happy days. So, now it’s time to sum up the results and say goodbye to the GSoC until the next year.
My impressions about working on the Heralding project Working on the Heralding project was awesome experience for me. I feel I did something helpful, fun and challenging at the same time. I hadn’t wanted anything else before the summer!
Hi, I’m Matthew Shao from China. This year, I got the honor to be selected as a Google Summer of Code student for the mitmproxy project. With the help of my kindly mentors Maximilian Hils and Clemens Brunner, I managed to improve the source code of mitmweb, which is a web interface for mitmproxy, and added some exciting new features for it. Here I’m going to present you the work I’ve done during this fulfilling summer.
At the end of February we were very happy to announce that The Honeynet Project had once again been selected to be a mentoring organization for Google Summer of Code (GSoC) 2017. Since then, there has a been a flurry of activity: We received more than 50 project proposals during the application phase, selected 14 fantastic students, set them up to work with us during the community bonding period, and now completed the first month of actual work!
On May 25, 2017, Representative Tom Graves released the second draft of proposed amendments to 18 U.S.C. 1030 (known as the Computer Fraud and Abuse Act). Representative Graves’ bill is known as the Active Cyber Defense Certainty Act (or ACDC Act). There is no universally accepted umbrella term for this, but it is variously called “Active Defense”, “Active Cyber Defense”, “hacking back,” “hackback”, and “strike back.” You will find the word “active” applied almost universally in these discussions, though it frequently results in establishing a simple (though false) dichotomy of “passive defense” vs.
This is a contribution by Tan Kean Siong, follow him on Twitter @gento_ .
The open source honeypot Dionaea supported SMB since long but lacked support for the recent WannaCry ransomware SMB vulnerability and the most recent Samba RCE vulnerability CVE 2017-7494 dubbed “SambaCry” wormable attacks. With the recent changes, both attack vectors are supported and respective samples caught in the wild.
Dionaea is a low interaction, server side honeypot which emulates a vulnerable system or device.
With Google Summer of Code (GSoC) 2017 being around the corner, we’d like to do a short flashback to 2016, our most successful GSoC year for mitmproxy so far! GSoC 2016 was mitmproxy’s fourth time participating in the program under the umbrella of the Honeynet Project. For the first time, we were able to mentor three students over the summer to work on both our Python core and the brand new web interface.
After successfully participating in GSoC between 2009 and 2016, and having created or extended many honeynet technologies that have since gone on to become industry standard tools, we are very happy to annouce that The Honeynet Project has applied to be a mentoring organization once again in GSoC 2017.
This year sees significant changes in the GSoC program with a new payment model and an added third evaluation! We are excited about those changes and very curious to see how they play out.
Back in November, the Honeynet Project announced the appointment of a new Chief Research Officer: Lukas Rist took the role after a long and successful tenure by David Watson. The research office will also be supported by Maximilian Hils and Cornelius Aschermann.
Lukas is a German living in Norway: after working on Symantec’s malware sandbox solution, he switched to the team running the back-end systems. Among others, he’s responsible for a system analyzing between 500k to one million potentially malicious samples per day, producing the behavioral data used by Symantec analysts for threat hunting.
SIDN Fund offers financial support for DDOS alerting service Within our HoneyNED chapter two people are working on DDOS detection techniques by using honeypot technology. The knowledge about which DDOS attacks are ‘running’ and which sites are under attack is interesting for a broader audience than our HoneyNED chapter. We’ve decided to start creating a public DDOS alerting service and applied for financial support here for by SIDN Fund.
SIDN Fund stands for ‘a strong internet for all’ and provides financial support to ideas and projects that aim to make the internet stronger or that use the internet in innovative ways.