The HoneyMap shows a real-time visualization of attacks against the Honeynet Project’s sensors deployed around the world. It leverages the internal data sharing protocol hpfeeds as its data source. Read this post to learn about the technical details and frequently asked questions. Before going into explanations, take a look at the map itself: map.honeynet.org!
We have seen attack visualizations for quite some time in various forms and availabilities. So far, we only had a GTK canvas based solution and a project around Google Earth and WebGL that would show attacks against our honeypot systems.
Hi everyone, I am announcing an initial release of the Ovizart, Network Analyzer Project. Ovizart (OV - Open VİZual Analsis foR network Traffic ) is a web based application that will let users upload captured traffic in a PCAP format, analyze the traffic, and present the traffic in an intuitive manner. The current development branch is located on Github: https://github.com/oguzy/ovizart.
In this initial release, I am rolling out the basic GUI that people can start using, and then within the next week, I will enable the upload of PCAPs for analysis and visualization.
While the quantity of submissions for FC10 was lower than usual - we had expected this because of the amount of work required to submit plus being over the Christmas break - the quality of the solutions was really inspiring.
Of course the hardest part was deciding the winners, and as expected the traditional scoring method was not ideal for this type of challenge because the challenge was about creating and developing ideas, rather than just answering a number of dry questions.
I would like to inform you all about our recent activities that we are attempting to achieve.
First of all, we have totally rebuilt our web site. This new ones aim to be a central repository of all the (external/internal) news concerning botnets (mainly) and malwares (secondary).
We will use the blog for posting about our project developments, and for commenting/reporting interesting news concerning the field that we are currently treating, so you can now add a new entry to your feeds reader :)
Many people have asked us, how Conficker looks like. That’s a tough question for something that’s hidden and tries to be as stealthy as possible. The last time somebody asked me: “Can you show me Conficker?”, I decided to visualize Conficker. Here is a little video that shows the evil core of Conficker.C.
The video is a 3D animation of the functions inside Conficker.C and their functional relationships. Yellow balls are functions found inside Conficker.
The new release 0.5 of Picviz is out. This version comes with real-time mode enabled (and adds the libevent dependency) among other things, such as new properties and variables.
Get it from the usual place.
What is Picviz?
When considering log files for security, usual applications available today
either look for patterns using signature databases or use a behavioral
approach. In both cases, information can be missed. The problem becomes