PHoneyC DOM Emulation – Browser Personality

22 Aug 2010 Angelo Dellaera phoneyc
A new improvement in PHoneyC DOM emulation code was committed in SVN r1624. The idea is to better emulate the DOM behaviour depending on the selected browser personality. Let’s take a look at the code starting from the personalities definition in config.py. 39 UserAgents = [ 40 (1, 41 "Internet Explorer 6.0 (Windows 2000)", 42 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)", 43 "Mozilla", 44 "Microsoft Internet Explorer", 45 "4.

PHoneyC DOM Emulation - Window

10 Aug 2010 Angelo Dellaera phoneyc
A few weeks ago I started reviewing the PHoneyC DOM emulation code and realized it was turning to be hard to maintain and debug due to a huge amount of undocumented (and sometimes awful) hacks. For this reason I decided it was time to patch (and sometimes rewrite from scratch) such code. These posts will describe how the new DOM emulation code will work. The patch is not available right now since I’m testing the code but plans exists to commit it in the PHoneyC SVN in the next days.

What's new on PHoneyC (4): Try it out!

10 Aug 2009 Zhijie Chen gsoc libemu phoneyc shellcode spidermonkey
Hi all: I have finished almost all the coding stuff of Project #1, now you can try out the new PHoneyC with shellcode/heapspray detection here: http://code.google.com/p/phoneyc/source/browse/phoneyc#phoneyc/branches/phoneyc-honeyjs Please feel free to report any bug or suggestion on shellcode/heapspray detection to me. As Geng and his partner is still working on the DOM simulation of PHoneyC (Project #2), I will do more test and write an overall introduction to the ideas and structure of the new PHoneyC after merging in his final commit.

What's new on phoneyc (3)--- Mid-term Evaluation

05 Jul 2009 Zhijie Chen gsoc libemu phoneyc shellcode spidermonkey
Mid-term Report on PHoneyC GSoC project 1 Introduction PHoneyC is a low-interaction honeyclient written by Jose Nazario. The shellcode (SC for short) and heapspray (HS for short) detection module for PHoneyC is listed on the GSoC this year and I feel lucky to be chosen to implement it. This report is the main idea about how to detect SC/HS in PHoneyC and how to build and run this version of

What's new in phoneyc (2)--- Shellcode and Heapspray Dectection

01 Jun 2009 Zhijie Chen gsoc phoneyc shellcode spidermonkey
Hi folks: I have done some basic shellcode and heapspray detection codes in the phoneyc’s ‘honeyjs’ javascript engine (based on python-spidermonkey, with extra tracing and auditing works). And also I have made a presentation on the local honeynet chinese chapter last weeked. Details about my current approaches can be found on this slide: http://is.gd/J9QP Z. Chen (Joyan) PS: This post is also available on my personal blog: http://joyan.appspot.com/2009/06/1/whats_new_phoneyc_2_shellcode_detection.html

What's new in phoneyc's shellcode detection (1)--- Tracing spidermonkey

25 May 2009 Zhijie Chen gsoc phoneyc shellcode spidermonkey
1. Overview As I wrote in my project outline (https://www.honeynet.org/gsoc/project1) . I should have done some basic enhancement and experiments on python-spidermonkey for a more fine-granted tracing on spidermonkey. So till now what I have done on it includes: a. Implemented the get_globj method in the Context class, which enables one to ‘pull’ all the properties of the global object inside spidermonkey ( namely the global variables, because all the global variables are properties of the global object ) into python context.

LEET09 Paper: PhoneyC: A Virtual Client Honeypot

24 Apr 2009 Jose Nazario phoneyc paper leet09 honeyclient
Earlier this week I had the good fortune to be in Boston for LEET09, a workshop on exploits, malware, and large-scale trends. I presented on PhoneyC, the Python honeyclient I’ve been working on. The paper describes the architecture and features of the tool and a real world evaluation and test. The talk was well received, and many thanks to the organizers of the conference and the PC for their helpful reviews.