To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.

Blogs

Forensic Challenge 12 – “Hiding in Plain Sight“

I am pleased to announce a new forensic challenge: Forensic Challenge 12 – “Hiding in Plain Sight“. The challenge has been provided by the Alaska Chapter under the leadership of Lucas McDaniel.

Submission deadline is Sep 9th and we will be announcing winners around the first week of October 2012.

Have fun!

Angelo Dell'Aera
The Honeynet Project

Forensic Challenge 11 - "Dive Into Exploit" - And the winners are...

Folks,
Georg Wicherski has judged the two really cool submissions and results have been posted on the challenge page. The winners are:

1. Ruud Schramp
1.5. Carl Pulley

Quechua - beta version

Quechua beta version

Hello World!

All GSoC 2012 students, including those working for HoneyNet, started their projects a long time ago. Since “Midterm evaluation” has passed too, I would like to share some experience and code with you. Please keep in mind this is still a beta version and some things may change during the second part of coding period, however comments and tips will be helpful, as always :-)

Interesting Reads: Mon^H^H^HTuesday 24th July

Good morning folks

My apologies for the delay on this one. It appears the the wily coyote has passed on his tricks to my Internet connection and as such I've been offline for a fairly large portion of time. No matter....onward to the readables !!

Malware

An in-depth code analysis of mssecmgr.ocx from the ESET folks is here.

Current Status of Ghost

As the first half of the HP summer of code has passed, I'd like to give a short update on the current status of the Ghost USB honeypot.

HoneyProxy HTTP/HTTPS - Beta Release

At the middle of GSoC 2012, we are happy and proud to release a beta version of HoneyProxy, a lightweight tool that allows live HTTP and HTTPS traffic inspection and analysis.

Unlike other network tools like WireShark that display flow packet by packet, HoneyProxy only displays application layer data. Web objects then can be viewed through a browser.

AfterGlow Cloud: Initial release

With the marking of the mid-term milestone in GSoC 2012, we're happy to announce a first version release of AfterGlow Cloud. After a lot of discussions and review the project seems to be in a good position for an initial release. The project in essential is based on AfterGlow [1], a security visualization tool which facilitates generating visual graphs from data you upload. The tool described at [1] is originally command-line based, the aim of this project, in general is to bring this tool and its options to the cloud -- so as to provide a neat interface for on-the-fly visualizations.

Synchronous Communication between Kernel and User Space

In this post I'd like to describe some aspects of the communication between kernel and user mode in the Ghost USB honeypot. More specifically, I'll focus on how to realize blocking communication with the Windows Driver Frameworks (WDF).

Forensic Challenge 11 - "Dive Into Exploit" - Submission Deadline Passed

Folks,
the submission deadline for the Forensic Challenge 11 "Dive Into Exploit" created by Georg Wicherski from Giraffe Chapter has passed.

We have received 2 good submissions and will be announcing results before the end of July. Without doubt, this challenge was one of the most difficult ones the Honeynet Project provided in the last years so we are really glad about the submitted solutions which seems really high-level at a first glance.

Angelo Dell'Aera
The Honeynet Project

Interesting Reads: Monday 25th June

Another Monday has been and gone (on this side of the world at least). I thought I'd sit down again and share some of the interestingness (yes, that's a word now) that came through my various news feeds over the course of the weekend. I'm hoping this week will be a little less malware focused, but I can't make any promises.

news.source == "twitter"

@mboman: New blog post: MART - Malware Analyst Research Toolkit: Cuckoo Sandbox:

Syndicate content