SpamScope (https://github.com/SpamScope/spamscope) is a fast and advanced tool for email analysis developed by Fedele Mantuano (@fedelemantuano). The analysis engine it’s based on Apache Storm and Streamparse.
Why use Apache Storm?
Apache Storm works with streams, and in this case we analyze a stream of email messages. Apache Storm allows you to start small and scale horizontally as you grow. Simply add more workers, that can be on different hosts.
An application is designed as a “topology” in the shape of a directed acyclic graph (DAG) with spouts and bolts acting as the graph vertices.
Introduction
This blog post is a follow up to an earlier article, where I set out to conceive a system that could deliver the data needs to answer 5 specific questions.
The setup
To provide the data needed for this analysis, my setup consisted of 4 VPS situated respectively at Amazon EC2, Azure, MeeBox and a Danish ISP end-user connection. Even though the same 4 VPS were used throughout the data collection, 6 different IP addresses were used for the honeypots - the reason for this was that one of the honeypots had a dynamically assigned IP address.
Thug is a client honeypot that emulates a real web browser, fetches and executes any internal or external JavaScript, follows all redirects, downloadable files just like any browser would do, and collects the results in a mongodb collection. The purpose of this tool is to study, analyse and locate exploit kits and malicious websites. Thug’s analysis can be difficult to navigate or understand and this is where Rumal comes in. Rumal’s function is to be Thug’s GUI, providing users with trees, graphs, maps, tables and intuitive representations of Thug’s data.
CuckooML is a GSOC 2016 project by Kacper Sokol that aims to deliver the possibility to find similarities between malware samples based on static and dynamic analysis features of binaries submitted to Cuckoo Sandbox. By using anomaly detection techniques, such mechanism is able to cluster and identify new types of malware and can constitute an invaluable tool for security researchers.
It’s all about data.. Malware datasets tend to be relatively large and sparse.
DigitalOcean, a leading cloud computing platform, announced its support of The Honeynet Project with donation of Web infrastructure and support services. The partnership will allow The Honeynet Project to continue its mission of ongoing research and education surrounding Internet security and risk prevention. “We’re incredibly grateful to DigitalOcean for their support,” said Faiz Shuja, CEO of The Honeynet Project. “As an open source research organization, this donation will prove extremely valuable in supporting our members working to make the Internet a safer place.
At the end of February we were very happy to announce that The Honeynet Project had once again been selected to be a mentoring organization in Google Summer of Code (GSoC) 2016.
Since then, there as been a flurry of activity: GSoC 2016 student applications opened on March 14th at 19:00 UTC and closed on March 25th at 19:00 UTC. We received 54 student project applications, and our 24 mentors and org admins were hard at work in the following weeks assessing them and the students who applied.
Sometimes (actually, most times) you don’t need advanced deception technology, but rather just a simple tool to answer some simple questions. I was recently in that situation, and needed the answers to the following questions:
Which protocols does my adversary try to brute-force?
Which username and password did he use?
At which speed did he brute-force?
From where did he proxy from?
What time of day did he brute-force?
To answer these questions, I needed a tool that would output something similar to:
As I blogged two weeks ago, after some great student projects between 2009 and 2015, The Honeynet Project had applied again this year to be a mentoring organization in Google Summer of Code (GSoC) 2016.
After a few anxious days of waiting, Google today published the official list of accepted GSoC 2016 mentoring orgizations. The great news if that we have been accepted once again. Hurrah!
GSoC 2016 student applications open on March 14th at 19:00 UTC and close on March 25th at 19:00 UTC.
Hi there, my name is Li Yuanchun and I’m glad to introduce DroidBot, a tool to improve the coverage of dynamic analysis.
As it is the case for malware targeting the desktop, static and dynamic analysis are also used for detection of Android malware. However, existing static analysis tools such as FlowDroid or DroidSafe lack accuracy because of specific characteristics of the Android framework like ICC (Inter-Component Communication), dynamic loading, alias, etc.
What is dpkt? dpkt is a Python library that helps with “fast, simple packet creation/parsing, with definitions for the basic TCP/IP protocols”. It supports a lot of protocols (currently about 63) and has been increasingly used in a lot of network security projects. It is 44x faster than Scapy2, and 5x faster than Impacket3. With Scapy no longer in development, dpkt is the only network creation/parsing library for Python that is active.