Last year the Honeynet Project entered Google Summer of Code (http://socghop.appspot.com/gsoc/program/home/google/gsoc2009) for the first time. We received 9 Google funded student places and also funded 3 more places of our own, all of whom successfully completed their projects in a wide range of areas of open source security R&D. You can find out more in our Google SoC 2009 section of our website (https://www.honeynet.org/gsoc).

The time-line for GSoC 2010 has now been made public (http://socghop.appspot.com/document/show/gsoc_program/google/gsoc2010/timeline) and organisational applications will be held between March 8 - March 13th, with the Honeynet Project hoping to be accepted for at least as many student places as last year.

Hi all:

       I have finished almost all the coding stuff of Project #1, now you can try out the new PHoneyC with shellcode/heapspray detection here:

http://code.google.com/p/phoneyc/source/browse/phoneyc#phoneyc/branches/phoneyc-honeyjs

        Please feel free to report any bug or suggestion on shellcode/heapspray detection to me.

        As Geng and his partner is still working on the DOM simulation of PHoneyC (Project #2), I will do more test and write an overall introduction to the ideas and structure of the new PHoneyC after merging in his final commit.

Mid-term Report on PHoneyC GSoC project 1

Introduction

PHoneyC is a low-interaction honeyclient written by Jose Nazario. The
shellcode (SC for short) and heapspray (HS for short) detection module
for PHoneyC is listed on the GSoC this year and I feel lucky to be
chosen to implement it. This report is the main idea about how to
detect SC/HS in PHoneyC and how to build and run this version of
PHoneyC. Note that this module (I call it honeyjs) is far from
complete currently and this report is only for midterm evaluation. So
it is possible that the way to build and run it won’t work in the
future.

One project mentored by the Honeynet Project during GSoC aims at improving nebula, an automated intrusion signature generator. There are two critical components in the signature generator: A clustering engine that groups similar attacks into classes, and a signature assembler that extracts common features and selects some of them for the actual signature.

The first work package’s goal is to improve the overall signature quality. This can be achieved by tuning the core components, i.e. the clustering and the signature assembler. Further, nebula looses all states upon restart in its current version. The second goal is to make nebula state-aware and add the ability to save and load states.

Hello all!

Currently I’m very busy in hard work on PicViz gsoc tasks, nevertheless I still taking arbitrary tickets (tasks that I not proposed for gsoc) of this tool. Some bit but very useful features  were done.

For first picviz-gui has a set of rows that shows data about plotted events and have a slider for hide events. I got a ticket that required connection about these, i.e., when user moves the slider Picviz should hide the rows (data) that makes reference about event. And now this is done!

Hi folks:

      I have done some basic shellcode and heapspray detection codes in the phoneyc’s ‘honeyjs’ javascript engine (based on python-spidermonkey, with extra tracing and auditing works). And also I have made a presentation on the local honeynet chinese chapter last weeked. Details about my current approaches can be found on this slide: http://is.gd/J9QP

Z. Chen (Joyan)

PS: This post is also available on my personal blog: http://joyan.appspot.com/2009/06/1/whats_new_phoneyc_2_shellcode_detection.html

The goal of this post is to introduce myself and my project: my name is Robin Berthier and I just got my PhD from the University of Maryland. I’ll be working this summer on improving Honeybrid, a hybrid honeypot architecture. I’ve been working with honeypot technologies for the past 4 years, and Honeybrid represents a central part of my dissertation. 

Honeypots are usually divided into two categories according to the level of interaction they provide to attackers. First, we have low interaction honeypots that emulates network services and collect the beginning of attack processes. And then we have high interaction honeypots that are identical to production machines and collect detailed information about attacks. These two types of honeypot offer complementary advantages and limitations. The goal of honeybrid is to combine the best of both world. As such, Honeybrid is a hybrid honeypot solution.

Hello, this initial blog post is used to introduce me and to provide a brief overview of my GSoC Project.

My name is Lukas Rist (my personal blog) and I am currently studying Math and Physics at the University of Kaiserslauter in Germany. This is my first time in GSoC and I will be working with Thorsten Holz on Glastopf, a Web Application Honeypot.

Glastopf is a minimalistic web server emulator written in Python. The honeypot tool collects information about web application-based attacks like for example remote file inclusion, SQL injection, and local file inclusion attacks.

Hi folks !

As the GSoC started, this blog entry will introduce to you, myself and my project.

My name is Thibaut, I am still a student like all GSoC participants I guess and I belong to the ENSI of Bourges (France). I took one year off for doing research at the university of Maryland (USA) in the IT security field, especially in honeypots.

About my GSoC project, here is a short description of it:

1. Overview

As I wrote in my project outline (https://www.honeynet.org/gsoc/project1) . I should have done some basic  enhancement and experiments on python-spidermonkey for a more fine-granted tracing on spidermonkey. So till now what I have done on it includes:                                                                              

a. Implemented the get_globj method in the Context class, which enables one to ‘pull’ all the properties of the global object inside spidermonkey ( namely the global variables, because all the global variables are properties of the global object ) into python context.