Intel Owl is an Open Source Intelligence, or OSINT solution to get threat intelligence data about a specific file or observable from a single API at scale. Intel Owl helps enrich threat intelligence data, especially speeding up retrieval of info because it is composed of 100+ analyzers (tools, external APIs, etc.). Organizations can host their own instance of Intel Owl to help mitigate threats more effectively.
I am passionate about Network Security, Cybersecurity, and programming, and I wanted to get involved with a project that includes it all.
HosTaGe project drew my attention because I found it really fascinating the idea that any android device can be turned into a honeypot and be transformed into an essential tool for attack detection.
I wanted to work on this project because it allowed me to improve this new generation of mobile honeypots and consequently improve the security of the internet in general.
We are excited to announce the release of mitmproxy 5.2, a free and open source interactive HTTPS proxy! As the first part of his Google Summer of Code (GSoC) at the Honeynet Project, our student Martin Plattner (@MartinPlattnr) has completely revamped mitmproxy’s replacement feature, which is a powerful tool to modify and redirect HTTP messages.
As a small demonstration, Martin showed us how we can make these turbulent times much more bearable with a simple mitmproxy invocation:
Intel Owl is an Open Source Intelligence, or OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API at scale. It integrates a number of analyzers available online and is for everyone who needs a single point to query for info about a specific file or observable.
Born at the start of 2020 (announcement), this fresh and new tool was accepted as part of the Google Summer of Code under The Honeynet Project. Great improvements have been developed since the start of this project.
Student: Vakaris Žilius
Mentor: Daniel Goldberg
During GSOC 2018, Vakaris worked with me on the Infection Monkey.
The Infection Monkey is an open source security tool for testing a data center’s resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server.
Abhinav Saxena wrote this post as a project summary of his GSoC2018 experience.
The following features and changes were implemented:
After successfully participating in GSoC between 2009 and 2017, and having created or extended many honeynet technologies that have since gone on to become industry standard tools, we are very happy to announce that The Honeynet Project has applied to be a mentoring organization once again in GSoC 2018.
While last year’s GSoC saw significant changes to the program structure, the program has not seen major adjustments this year. We are very happy that the new payment model and the added third evaluation came to stay! At Honeynet, we collected extensive feedback from mentors last year and will use that to improve our students’ experience - more on that later. Based on the very positive feedback from last year, we’ll definitely continue to use our now not-so-new-anymore GSoC Slack channel and we are excited to talk to you there!
Issues Resolved: #72, #59
Description Glutton support number of services (protocol handlers) so each service mean number of connection on that service. So It crash after some time with error: [user.tcp] accept tcp [::]:5000: accept4: too many open files, and this error was due to the allowance of limited number of open file descriptors by the operating system. There was no deadline set for opened connections so most of the connections never get closed. In result, the number of opened connections gradually cross the maximum open file descriptors limit and cause panic. So I added connection timeout = 72 second, number of opened connection will never reach the open file descriptor limit. Another reason was Freki; Glutton useses freki as a networking core so freki handler crashes because of improper error handling in Glutton. So I improved error handling of protocol handlers and glutton stops crashing.
Previously, Tanner supported SQL Injection using SQLITE but since MySQL is widely used so it is badly needed in my opinion. Also with MySQL, Time-based Blind SQLI can be emulated which can’t be done in SQLITE based emulator. It is implemented using aiosql library using the same approach used in SQLITE emulation previously.
This emulator emulates Command Execution/Injection vulnerability.It is implemented using docker considering its safety features. I used Busybox as default docker image which provides a nice Linux shell, file system and most importantly very light in size. Attack is identified using the regex .*(alias|cat|cd|cp|echo|exec|find|for|grep|ifconfig|ls|man|mkdir|netstat|ping|ps|pwd|uname|wget|touch|while).* and then injected in the busbox docker image to get command injecion results.
This is a contribution by GSoC student Ziyue Yang, find him on Github yzygitzh.
My project for GSoC 2017 is Android Sandbox Detection and Countermeasure, which came out to be the ReDroid toolbox. This post was presented for the final evaluation of my GSoC 2017 project.
ReDroid is a toolbox for automatically detecting and countering anti-sandbox behaviors in Android apps. You can:
Before GSoC 2017 begins, my GSoC mentor Yuanchun Li discussed with me about the proposal for the GSoC project. Generally our goal was to develop some mechanism that can counter anti-sandbox techniques presented in Android apps.