Join us for the Honeynet Workshop 2024: May 27th–29th, Copenhagen, Denmark

GSoC 2017: First Month Progress

30 Jun 2017 Maximilian Hils gsoc
At the end of February we were very happy to announce that The Honeynet Project had once again been selected to be a mentoring organization for Google Summer of Code (GSoC) 2017. Since then, there has a been a flurry of activity: We received more than 50 project proposals during the application phase, selected 14 fantastic students, set them up to work with us during the community bonding period, and now completed the first month of actual work!

GSoC 2016 Wrap Up: Mitmproxy

13 Feb 2017 Maximilian Hils gsoc mitmproxy
With Google Summer of Code (GSoC) 2017 being around the corner, we’d like to do a short flashback to 2016, our most successful GSoC year for mitmproxy so far! GSoC 2016 was mitmproxy’s fourth time participating in the program under the umbrella of the Honeynet Project. For the first time, we were able to mentor three students over the summer to work on both our Python core and the brand new web interface.

Google Summer of Code 2017

11 Feb 2017 Maximilian Hils gsoc
After successfully participating in GSoC between 2009 and 2016, and having created or extended many honeynet technologies that have since gone on to become industry standard tools, we are very happy to annouce that The Honeynet Project has applied to be a mentoring organization once again in GSoC 2017. This year sees significant changes in the GSoC program with a new payment model and an added third evaluation! We are excited about those changes and very curious to see how they play out.

A new and improved version of Rumal

05 Sep 2016 Roberto Tanara gsoc gsoc2016 rumal thug
Thug is a client honeypot that emulates a real web browser, fetches and executes any internal or external JavaScript, follows all redirects, downloadable files just like any browser would do, and collects the results in a mongodb collection. The purpose of this tool is to study, analyse and locate exploit kits and malicious websites. Thug’s analysis can be difficult to navigate or understand and this is where Rumal comes in. Rumal’s function is to be Thug’s GUI, providing users with trees, graphs, maps, tables and intuitive representations of Thug’s data.

Introduction to CuckooML: Machine Learning for Cuckoo Sandbox

26 Aug 2016 Roberto Tanara cuckoo gsoc
CuckooML is a GSOC 2016 project by Kacper Sokol that aims to deliver the possibility to find similarities between malware samples based on static and dynamic analysis features of binaries submitted to Cuckoo Sandbox. By using anomaly detection techniques, such mechanism is able to cluster and identify new types of malware and can constitute an invaluable tool for security researchers. It’s all about data.. Malware datasets tend to be relatively large and sparse.

GSoC 2016 Student Selection Officially Announced

30 Apr 2016 David Watson gsoc
At the end of February we were very happy to announce that The Honeynet Project had once again been selected to be a mentoring organization in Google Summer of Code (GSoC) 2016. Since then, there as been a flurry of activity: GSoC 2016 student applications opened on March 14th at 19:00 UTC and closed on March 25th at 19:00 UTC. We received 54 student project applications, and our 24 mentors and org admins were hard at work in the following weeks assessing them and the students who applied.

Honeynet Project accepted as mentoring org in GSoC 2016!

29 Feb 2016 David Watson gsoc
As I blogged two weeks ago, after some great student projects between 2009 and 2015, The Honeynet Project had applied again this year to be a mentoring organization in Google Summer of Code (GSoC) 2016. After a few anxious days of waiting, Google today published the official list of accepted GSoC 2016 mentoring orgizations. The great news if that we have been accepted once again. Hurrah! GSoC 2016 student applications open on March 14th at 19:00 UTC and close on March 25th at 19:00 UTC.

Improving dynamic analysis coverage in Android with DroidBot

23 Feb 2016 Roberto Tanara android droidbot droidbox gsoc
Hi there, my name is Li Yuanchun and I’m glad to introduce DroidBot, a tool to improve the coverage of dynamic analysis. As it is the case for malware targeting the desktop, static and dynamic analysis are also used for detection of Android malware. However, existing static analysis tools such as FlowDroid or DroidSafe lack accuracy because of specific characteristics of the Android framework like ICC (Inter-Component Communication), dynamic loading, alias, etc.

dpkt v2.0

22 Feb 2016 Kiran Bandla dpkt gsoc python
What is dpkt? dpkt is a Python library that helps with “fast, simple packet creation/parsing, with definitions for the basic TCP/IP protocols”. It supports a lot of protocols (currently about 63) and has been increasingly used in a lot of network security projects. It is 44x faster than Scapy2, and 5x faster than Impacket3. With Scapy no longer in development, dpkt is the only network creation/parsing library for Python that is active.

Rumal, a web GUI for Thug

22 Feb 2016 Pietro Delsante gsoc rumal thug
As you may know, Thug is a handy tool for studying exploit kits, as it emulates a real browser complete of a set of plugins like Adobe Reader, Flash and Java. When you feed Thug with the URL of a suspicious web page, it “crawls” it and starts fetching and executing any internal or external JavaScript, following redirects and downloading files just like a browser would do. When Thug encounters some files it cannot analyze by itself (like Flash, Java and PDF), it passes them to external tools.