Since my last post about the Google Summer Of Code 2012 Student Applications deadline closing and sharing some initial student applications statistics, all the GSoC 2012 mentoring organisations have been hard at work reviewing and scoring their student applications.

After what seems like a very long few weeks for students, mentors and org-admins alike, the waiting is finally over! If you haven’t already seen it, the GSoC 2012 student selection results were formally announced by Google on Monday April 23rd:

After a slower than usual start, this years Google Summer of Code (GSoC) student applications period closed at 19:00 UTC on Friday April 6th, with a major application rush in the last couple of days which kept us busy right up to the deadline! Many thanks to all the interested students who applied, and our mentors and org admins for taking the time to respond to students on IRC, email and through Melange. Even if you don’t get accepted as student for GSoC 2012 with the Honeynet Project, please do consider trying to work on your chosen project and becoming part of our community anyway, as we are all volunteers and would be happy to welcome and support you too.

If you have been following our blog you’ll know that the Honeynet Project was very happy to have been accepted as a mentoring organization for Google Summer of Code (GSoC) 2012.

If you are a student interested in applying to the Honeynet Project, the student application deadline is 19:00 UTC on Friday April 6th. So with 3 days to go, you need to be planning on submitting your project application via the Melange system soon. To avoid disappointment, please don’t leave your application until the last minute - you can edit as often as you want before the deadline.

We are proud and happy to announce that Cuckoo Sandbox and AndroGuard were choosen by Rapid7 for his Magnificent7 Program, an initiative created to fuel the success of seven bleeding edge open source projects and backed by a fund of $100,000.

Cuckoo Sandbox and AndroGuard are respectively developped by Claudio Guarnieri and Anthony Desnos and mentored during previous GSoC.

Congratulations to Claudio and Anthony !

Rapid7 Sponsors Androguard and Cuckoo Sandbox in the First Round of the Magnificent7 Program
Cuckoo Sandbox
AndroGuard

We have just been notified by Google that the Honeynet Project has - once again - been accepted as one of the mentoring organization for Google Summer of Code 2012 (in total 180 organizations were selected). We are very excited and are looking forward to a great summer! Already a big thank you to Google for their continued support!

While student applications are not officially open yet, interested students are encouraged to check out our ideas page and get in contact with us via [email protected] and/or IRC (#gsoc2012-honeynet on irc.freenode.net) in the next few ideas to meet the mentors and discuss project ideas. Student applications officially open on March 26th 2012 and close on April 6th 2012.

We are proud and happy to announce that a new free malware analysis online service is born.

Malwr.com is based on Cuckoo Sandbox, a project mentored by the Honeynet Project, sponsored by GSoC and developped by Claudio “nex” Guarnieri (@botherder), Dario Fernandes and Alessandro “jekil” Tanasi (@jekil). Malwr.com hosting is provided by ShadowServer.

If you want to test Cuckoo’s flavor before installing it or if you’re too lazy to deploy your own sandbox, just go there ! :-)

GSoC 2011 #8 project’s goal was to add forensics features to the popular Wireshark network analyzer.

Overview

Wireshark is an open source network analyzer widely used for network debugging as well as security analysis. Wireshark provides network analyzer with graphical interface as well as command line tools. Wireshark also provides network protocol decoders and support filters that allow to search through packets with keywords.

GSoC plugins extend Wireshark capabilities when Wireshark is used to analyze network traffic with security and forensic in mind.

In 2011, the Honeynet Project had once again the opportunity to participate in the Google Summer of Code program. In the last few weeks, we wrapped up all projects, beta tested the code, wrote documentation, and prepared releases.

To quickly recap: GSoc (Google Summer of Code) is an annual summer program sponsored by Google, in which Google pairs up students with organizations committed to open-source. Google supports each project with 5000USD of which the students receive the lion’s share. The Honeynet Project has participated in GSoc since 2009. Visit https://honeynet.org/gsoc2009 and https://honeynet.org/gsoc2010 to get an idea on what we have accomplished through this program in the last couple of years.

The Honeynet Project had mentored 12 projects this year for the Google Summer
of Code (GSoC). The 11th project was to extend the SIP module for
Dionaea to handle SIP udp, tcp and even tls. With the TLS part, the
Dionaea can even emulate a Microsoft Lync server. The TLS part was not
part of the original scope, but the hard work made that possible as
well!

[Dionaea] intention is to trap malware
exploiting vulnerabilities exposed by services offered to a network,
the ultimate goal is gaining a copy of the malware. With the SIP
module, you can answer the SIP attacks, record the information. It is
also possible to make “real” users, so the attacker will get different
answers depending on which accounts he tries to hack. If you would
fake a Microsoft Lync installation, you could add some of the real
user names from your server and see if somebody is doing a targeted
attack towards you. (but of course, don’t use the same passwords…. )

The Beta version of HoneySink is out!

What is HoneySink?

HoneySink is an open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network.

Able to be deployed both internally and externally it is designed to log and respond to incoming requests for a number of network protocols.

With configuration and scalability in mind, HoneySink was designed from the ground up with a non-blocking architecture to handle extremely large amounts of traffic while being able to perform customised interactions and logging.