The Honeynet Project

Folks,
the submission deadline for the Forensic Challenge 12 – “Hiding in Plain Sight“ put up by the Alaska Chapter under the leadership of Lucas McDaniel has passed. We have received 4 submissions and will be announcing results on Mon, Oct 15th 2012. The top three submissions will be awarded little prizes.

Angelo Dell'Aera
The Honeynet Project

The updated version of APKInspector is a powerful static analysis tool for Android Malicious applications. It provide convenient and various features for smartphone security engineers. With the sensitive permission analysis, static instrumentation and easy-to-use graph-code interaction .etc, they can get a thorough and deep understanding of the malicious applications on Android.
The improvement mainly focus on two categories: User Interface and Security Analysis. The goal is to build an easy-to-use tool with strong security analysis features. Read more »

We've just released version 0.2 of the Ghost USB honeypot for Windows XP and Windows 7 with a lot of great new features. You can download the new version from the project page. In this post, I'm going to give an overview of the changes.

Let's start with what you usually do first: install Ghost. Installing the honeypot has been tedious in the past, so we've built an installer that handles most of the work for you. Just run it and enjoy. Read more »

1 Introduction

As the end of GSoC 2012 will come in the next few days, i am proud to announce IPv6-guard. IPv6-guard is an IPv6 attack detector tool including some defense mechanisms to protect against most of recent attacks on ipv6 protocol suite.

2 IPv6-Guard

2.1 How it works Read more »

6Guard is a honeypot-based IPv6 attack detector aiming at detecting the link-local level attacks, especially when the port-mirror feature of switch is unavailable. Read more »

AREsoft-updater is a simple updater script for Android Reverse Engineering Software belongs to Android Reverse Engineering (A.R.E.) Virtual Machine from the Honeynet Project

AREsoft-updater will check for the latest available version of each individual project/tool listed above and compare it with the local (installed) version in A.R.E. If newer version is available, AREsoft-updater will automatically download and install the update for your A.R.E Read more »

I'm announcing the new features of Android dynamic analysis tool DroidBox as GSoC 2012 approaches the end. In this release, I would like to introduce two parts of my work: DroidBox porting and APIMonitor. Read more »

AfterGlow cloud has evolved further into another release; with many improvements added to the initial version. With GSoC 2012 approaching an end, we've covered all the additional features we planned for in the second phase of development, post mid-term. Building up on the initial version, this post will run you through the general features and additional improvements covered.

A live demo of this release can be found here: http://andromeda.ayrus.net:8080/ Read more »

…and the summer is over. During the last three months I have tried to make sense of the highly unstructured data set that comes from merging the data streams of several hpfeeds channels. I have had to learn the inner workings of Splunk, their SDKs, the D3.js graphic library and explore different machine learning frameworks and clustering algorithms. Read more »

As the GSOC approaches the end. I would like to publish a beta version of my project for Network Malware Simulation.

The name for the new open source software is Imalse, which is the acronym of Integrated MALware Simulator & Emulator

The website for the project is http://people.bu.edu/wangjing/open-source/imalse/html/index.html, in which you can get detailed description, instructions for installation and demos. Read more »