peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. With peepdf it’s possible to see all the objects in the document showing the suspicious elements, supports the most used filters and encodings, it can parse different versions of a file, object streams and encrypted files. With the installation of PyV8 and Pylibemu it provides Javascript and shellcode analysis wrappers too. Apart of this it is able to create new PDF files, modify existing ones and obfuscate them.

Although it is still winter in much of the northern hemisphere, for students and open source software developers, the gradually lengthing days mean that spring will soon be with us - and of course that means another chance to potentially get involved in Google Summer of Code (GSoC).

After successfully participating in GSoC between 2009 and 2015, and having created or extended many honeynet technologies that have since gone on to become industry standard tools, we are very happy to annouce that The Honeynet Project has applied to be a mentoring organization once again in GSoC 2016.

We are happy to announce the immediate availability of mitmproxy 0.16! As a major new feature, Thomas Kriechbaumer – who joined us as a Google Summer of Code (GSoC) Student last year – contributed a brand new HTTP/2 implementation built on top of hyper-h2. HTTP/2 requests now blend into the mitmproxy UI just like regular HTTP 1 requests, making mitmproxy the first interactive HTTPS proxy with HTTP/2 support! All HTTP/2 features from RFC7540 are supported - including PUSH_PROMISE, RST_STREAM, and as many concurrent streams as you want. We are super excited about the improvements Thomas is bringing us here and we encourage you to try them out. To make a transition as seamless as possible, HTTP/2 needs to be enabled manually for now by passing --http2 to mitmproxy. We plan to remove this requirement with one of the next releases. For a full list of changes, take a look at the changelog posted below!

During Google Summer of Code 2015, in the Honeynet Project open-source org, Valerio Costamagna and Cong Zheng (mentor) worked on ARTDroid, an easy-to-use framework for hooking virtual-method under latest Android runtime (ART).

Introduction
We propose ARTDroid, a framework which allows to analyze Android apps without modifications to both Android framework and apps. The core technology is the library injection and virtual methods hooking by vtable tampering after getting the root privilege.

After a tense few days of waiting, which is always the most stressful part of GSoC for mentoring organizations and org admins, 19:00 UTC today was the moment of truth when some lucky orgs found out that they were accepted for GSoC 2015, and other orgs sadly discovered that they would not be taking part.

After missing GSoC 2014 we were particularly tense, but the great news is that we are very pleased to announce that The Honeynet Project has been accepted as a mentoring organization for GSoC 2015. Woohoo! It is going to be another exciting summer… :-)

With winter in the northern hemisphere beginning to turn into spring, it is once again time to think about summer. And of course, for many open source organizations, that means Google Summer of Code (GSoC).

After successfully participating in GSoC between 2009 and 2013 to create or extended many honeynet technologies that have gone on to become industry standard tools, we are very happy to annouce that The Honeynet Project has applied to be a mentoring organization in GSoC 2015.

Over the past five years, The Honeynet Project has been had the pleasure of mentoring over 70 lucky bachelors, masters and PhD students from all over the world through Google Summer of Code (GSoC), Google’s ongoing programme of support for international students working on free open source software (FOSS). Together we have worked on a large number of information security tools, including some that have gone on to be the leading examples of tools in their chosen field. Overall it has been a hugely positive experience for us and our students, and has resulted in many becoming active long term members of our community. We very much hope that will continue in the future.

MalwareZ is a visualization project that is started as a YakindanEgitim (YE) project. YE is a startup that me and some collegues mentor young people on specific projects, remotely. It is announced as a local fork of Google Summer of Code, except neither mentors nor mentees are paid.

Gürcan Gerçek was the main developer for the MalwareZ project and my role was mentoring him.

MalwareZ project idea arose from the 2011 GSoC project idea. The aim was to generate 3D visualizations of malware visualizations with heatmap mesh grids. It has been a while since the project is not edited and become more usable so the idea is used instead.

To have a better visibility of this years GSoC projects we have created a blog for the students and their mentors. This blog is the place where students should post weekly updates about their progress. It is also the place where students and mentors can share their findings and experiences about and during the GSoC projects as they happen. The first updates have already started to drip in and it is getting interesting.

After a pretty hectic few weeks of student application review, setting and scoring coding challenges, and assessing proposals, mentoring organizations participating in GSoC 2013 had to confirm their student slot allocations and final short list of preferred candidates by Friday May 24th at 19:00 UTC. This is always one of the most difficult periods for us, with many tough decisions required trying to balance the best mix of students/projects/mentors into a limited number of student slots. It is always less that we would ideally like, making it impossible to keep everyone happy, and often pretty challenging. This year was no different, with a lot of late nights and last minute debate.