Uncategorized

July 10, 2009

Conficker.A going down?

Conficker contains a piece of code that has been object of speculation: It does not infect boxes located in the Ukraine. Before sending an exploit, it […]
June 5, 2009

Iteolih: Is this worth your time?

Hello, due to the length of the whole term Improving the effectiveness of low interaction honeypots, I decided to use Iteolih as uniq abbrevitation. Things are […]
May 24, 2009

Iteolih: Python Benchmark

As the plan is to embedd python as scripting language into the honeypot, I ran a benchmark on a testsuite. The ‘testsuite’ is a c core […]
January 27, 2009

Speaking Waledac

While it seems to be impossible to say whether waledac is the successor of storm or not, what we can do is take a look at […]
January 2, 2009

Waledac is wishing merry christmas

Waledac is wishing merry christmas There is a new bot in town. It’s called Waledac. The way it is spreading reminds a lot of people of […]
December 10, 2008

libemu: Detecting selfencrypted shellcode in network streams

As libemu had it’s second release (0.2.0) lately, I’ll try to introduce it to the audience who did not hear about it yet. libemu is a […]
October 6, 2008

HeX 2.0 “Bonobo” is now!

After long development, we have finally managed to produce release version 2 of HeX, codename “Bonobo”. What’s news in HeX 2.0? Check out https://trac.security.org.my/hex/wiki/WhatsNew. Official announcement […]
August 27, 2008

No more emulation!

Emulation is an important technology in honeypots and honeynets. It’s not always what we want, though, and here’s why. As you might know, most bots perform […]