Blogs
Kippo fork - all in one
Hello,
last week I published kippo fork https://gitlab.labs.nic.cz/honeynet/kippo
which contains commits from https://github.com/micheloosterhof/kippo-mo
(Michel Oosterhof brought awesome SFTP, and exec support)
and original kippo https://github.com/desaster/kippo
(I am very pleased is now on github. was on google code before).
On top of that are my changes: Read more »
Twitter
Facebook
LinkedInThe new version of dorothy2 is out!
Howdy all,
The Italian Chapter is proud to release the latest version of dorothy2 (our ruby-based malware analysis framework) :). Read more »
Bifrozt - A high interaction honeypot solution for Linux based systems.
A few days ago I was contacted by our CPRO, Leon van der Eijk, and asked to write a blog post about my own project called Bifrozt; something which I was more than happy to do. :) This post will explain what Bifrozt is, how this got started, the overall status of the project and what will happen further down the road.
What is Bifrozt? Read more »
Beeswarm - active deceptions made easy
Finally we can announce with great pleasure the first public beta of the Beeswarm project.
Beeswarm is an active IDS project that provides easy configuration, deployment and management of honeypots and clients. The project differentiates itself by two key items:
- Active deceptions
- Simplicity and ease of use
Active deceptions Read more »
Global Glastopf statistics for June 2014
During the month of June the following information was obtained from Glastopf installations worldwide
Geographical spread
10 most popular injected files during the period
Short introduction to RFI: Read more »
Get STIX Reports from ICS Honeypot Conpot
Wed, 08/06/2014 - 22:54 — lukas.ristThe team working on the ICS/SCADA honeypot Conpot, just merged in a more mature support for STIX (Structured Threat Information eXpression) formatted reporting via TAXII (Trusted Automated eXchange of Indicator Information) into the master branch on Github. Read more »
Outsmarting the smart meter
The Conpot team recently introduced what we call the proxy module. Basically we forward the traffic from one service in Conpot to a service running on a real piece of hardware. This is a very successful technique when figuring out a unknown hardware or protocol. Next step then is to decode the messages logged in the proxy module. Most of this step is done by studying books of specifications, leaked manuals and offensive tools. This then gives us insight into the protocol, the commands sent and responses generated. Read more »
New release of HoneyDrive; the honeypot bundle Linux distro
Sat, 07/26/2014 - 18:36 — ioannis.koniarisIt is my great pleasure to announce that HoneyDrive 3 is here, codenamed Royal Jelly!
For those in need of a more official description or for people that haven’t heard of HoneyDrive before, here is one: Read more »
Vagrant configuration for Thug honeyclient
Sat, 07/26/2014 - 18:27 — ioannis.koniarisVagrant and Docker and wonderful tools that enable security practitioners to easily dive into the DevOps world and use them for InfoSec projects. Continuing from the previous blog post Thug in 5 minutes, here is a Vagrant configuration to setup Thug honeyclient. Read more »
Global Glastopf statistics for May 2014
During the month of May the following information was obtained from Glastopf installations worldwide
Number of alert for the period: 1859863
Filenames (RFI) - 10 most popular during the period:
| Hash: | Hits: |
| 48101bbdd897877cc62b8704a293a436 | 2425 |
| 4997ed27142837860014e946eed96124 | 2050 |
| d070c4cccf556b9da81da1e2de3cba54 | 644 |
| 3cc11c8fa7e3e36f0164bdcae9de78ec | 330 |
We are a 501c3 non-profit, all volunteer organization. Consider donating to support our forensic challenges, tools development, and research.