HoneyMap - Visualizing Worldwide Attacks in Real-Time

01 Oct 2012 Mark Schloesser honeymap honeypot visualization worldmap
The HoneyMap shows a real-time visualization of attacks against the Honeynet Project’s sensors deployed around the world. It leverages the internal data sharing protocol hpfeeds as its data source. Read this post to learn about the technical details and frequently asked questions. Before going into explanations, take a look at the map itself: map.honeynet.org! We have seen attack visualizations for quite some time in various forms and availabilities. So far, we only had a GTK canvas based solution and a project around Google Earth and WebGL that would show attacks against our honeypot systems.

First release from Network Analyzer project

19 Aug 2012 Oguz Yarimtepe gsoc traffic-analyze visualization
Hi everyone, I am announcing an initial release of the Ovizart, Network Analyzer Project. Ovizart (OV - Open V─░Zual Analsis foR network Traffic ) is a web based application that will let users upload captured traffic in a PCAP format, analyze the traffic, and present the traffic in an intuitive manner. The current development branch is located on Github: https://github.com/oguzy/ovizart. In this initial release, I am rolling out the basic GUI that people can start using, and then within the next week, I will enable the upload of PCAPs for analysis and visualization.

Congratulations to the winners of Forensic Challenge FC10- Attack Visualization !

16 Feb 2012 Ben Reardon challenge fc10-d13 forensic-challenge visualization
While the quantity of submissions for FC10 was lower than usual - we had expected this because of the amount of work required to submit plus being over the Christmas break - the quality of the solutions was really inspiring. Of course the hardest part was deciding the winners, and as expected the traditional scoring method was not ideal for this type of challenge because the challenge was about creating and developing ideas, rather than just answering a number of dry questions.

Italian Chapter updates

16 Dec 2009 Marco Riccardi botnets dorothy visualization
Folks, I would like to inform you all about our recent activities that we are attempting to achieve. First of all, we have totally rebuilt our web site. This new ones aim to be a central repository of all the (external/internal) news concerning botnets (mainly) and malwares (secondary). We will use the blog for posting about our project developments, and for commenting/reporting interesting news concerning the field that we are currently treating, so you can now add a new entry to your feeds reader :)

A view on Conficker's inside

24 Apr 2009 Felix Leder conficker control-flow dependencies malware visualization
Many people have asked us, how Conficker looks like. That’s a tough question for something that’s hidden and tries to be as stealthy as possible. The last time somebody asked me: “Can you show me Conficker?”, I decided to visualize Conficker. Here is a little video that shows the evil core of Conficker.C. The video is a 3D animation of the functions inside Conficker.C and their functional relationships. Yellow balls are functions found inside Conficker.

Picviz 0.5 out

25 Jan 2009 Sebastien Tricaud picviz visualization
The new release 0.5 of Picviz is out. This version comes with real-time mode enabled (and adds the libevent dependency) among other things, such as new properties and variables. Get it from the usual place. What is Picviz? When considering log files for security, usual applications available today either look for patterns using signature databases or use a behavioral approach. In both cases, information can be missed. The problem becomes