Google Soc 2012 - Honeynet Project Accepted

We have just been notified by Google that the Honeynet Project has - once again - been accepted as one of the mentoring organization for Google Summer of Code 2012 (in total 180 organizations were selected). We are very excited and are looking forward to a great summer! Already a big thank you to Google for their continued support!

While student applications are not officially open yet, interested students are encouraged to check out our ideas page and get in contact with us via [email protected] and/or IRC (#gsoc2012-honeynet on in the next few ideas to meet the mentors and discuss project ideas. Student applications officially open on March 26th 2012 and close on April 6th 2012.

We are looking forward to hearing from you!

WireShnork - A Snort plugin for Wireshark

GSoC 2011 #8 project's goal was to add forensics features to the popular Wireshark network analyzer.


Wireshark is an open source network analyzer widely used for network debugging as well as security analysis. Wireshark provides network
analyzer with graphical interface as well as command line tools.
Wireshark also provides network protocol decoders and support filters that allow to search through packets with keywords.

GSoC plugins extend Wireshark capabilities when Wireshark is used to analyze network traffic with security and forensic in mind. Read more »

HoneySink: Beta Release

The Beta version of HoneySink is out!

What is HoneySink?

HoneySink is an open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network.

Able to be deployed both internally and externally it is designed to log and respond to incoming requests for a number of network protocols.

With configuration and scalability in mind, HoneySink was designed from the ground up with a non-blocking architecture to handle extremely large amounts of traffic while being able to perform customised interactions and logging. Read more »

Midterm Report: The sniffer and emulator for COM components

By now, what I have done for Capture-HPC is: Read more »

GSoC2011-THP Project 1 - Improve our high interaction client honeypot Capture-HPC

Project Description:
Proposed Capture-HPC Description

Capture-HPC is a high-interaction client honeypot that is capable of seeking out and identifying client-side attacks. It identifies these attacks by driving a vulnerable client to open a file or interact with a potentially malicious server. As it processes the data, Capture-HPC monitors the system for unauthorized state changes that indicate a successful attack has occurred. It is regularly used in surveys of malicious websites that launch drive-by-download attacks. Read more »

GSoC 2010 Timeline announced and Honeynet Project will be applying

Last year the Honeynet Project entered Google Summer of Code ( for the first time. We received 9 Google funded student places and also funded 3 more places of our own, all of whom successfully completed their projects in a wide range of areas of open source security R&D. You can find out more in our Google SoC 2009 section of our website ( Read more »

What's new on PHoneyC (4): Try it out!

Hi all:
       I have finished almost all the coding stuff of Project #1, now you can try out the new PHoneyC with shellcode/heapspray detection here:
        Please feel free to report any bug or suggestion on shellcode/heapspray detection to me. Read more »

What's new on phoneyc (3)--- Mid-term Evaluation


Mid-term Report on PHoneyC GSoC project 1

Info: See <> for
project details.
Author: Zhijie Chen (Joyan) <[email protected]>
Mentor: Jose Nazario
Description: Mid-term Report on PHoneyC GSoC project 1. This report
describes what I have done on the PHoneyC's libemu integration
for shellcode and heapspray detection during the first half of
the GSoC. Till now, the main ideas on this feature has been
fast-implemented (actually I mean poor coding style) and the
whole flow works well, with some code rewriting and performance
optimization needed in the future.

nebula - Client library and revised signature segment selection

nebula Logo    One project mentored by the Honeynet Project during GSoC aims at improving nebula, an automated intrusion signature generator. There are two critical components in the signature generator: A clustering engine that groups similar attacks into classes, and a signature assembler that extracts common features and selects some of them for the actual signature. Read more »

What's new in phoneyc (2)--- Shellcode and Heapspray Dectection

Hi folks:

      I have done some basic shellcode and heapspray detection codes in the phoneyc's 'honeyjs' javascript engine (based on python-spidermonkey, with extra tracing and auditing works). And also I have made a presentation on the local honeynet chinese chapter last weeked. Details about my current approaches can be found on this slide:


Z. Chen (Joyan) Read more »

Syndicate content