GSoC Project #5 - Improve High Interaction Honeypots

No public posts in this group. You must login and become a member in order to post messages, and view any private posts.

Improve our Capture-HPC and Capture-BAT high interaction client honeypots, including bug fixing, improved performance, new functionality and simplified use.
Primary Mentor: Peter KomisarczukStudent: Van Lam Le
Deliverables: Capture-HPC and Capture-BAT with new funtionalities as open source applications. Documentations are also available for communities (for using and developing)
Timeline:

  • First week: analyse current operations and identify functionalities which are developed for the new version of Capture-HPC, study source code to find out capabilities to develop those functionalities.
  • Second week: take database functionality recently developed for capture 3.0 and port to Capture 4.0 modular architecture. Test Capture-HPC and document.
  • Third week: Include network monitor functionality developed for version 3.0 into Capture-HPC 4.0. Test Capture-HPC and document.
  • Fourth week: Review potential techniques that can be used to detect events and determine potential responses and strategies. Design WindowsAI module with proposed techniques.
  • Week five to week 11: Start coding and testing in two week iterations for the WindowsAI functionality for Capture-HPC.
  • Twelfth week: Finish coding and undertake system testing including some more extensive tests on a variety of web sites.
  • Weeks 13 and 14: Get feedback from communities. Document and complete testing. Package for delivery.

Mid-term Evaluation Updates:

  • Capture-server: Adding database
    functionalities which supports both MySQL and PostgreSQL. It has worked fine now.
  • Capture-client: When I wrote the plan for GSoC, I thought network monitor functinalities had implemented and tested by a summer project. However, they haven't. I spent a lot of time to doing network monitor functionalities, going through available codes from Ramon (Thank you very much, Ramon!), testing all cases in TCP and UDP for both outgoing and incoming connections. Helps from Ramon are really appreciated. Network monitor functionalities has been done and worked fine now!
Syndicate content