To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.

Blogs

The Honeynet Project Partners With DigitalOcean To Drive Internet Security Research

DigitalOcean, a leading cloud computing platform, announced its support of The Honeynet Project with donation of Web infrastructure and support services. The partnership will allow The Honeynet Project to continue its mission of ongoing research and education surrounding Internet security and risk prevention. “We’re incredibly grateful to DigitalOcean for their support,” said Faiz Shuja, CEO of The Honeynet Project. Read more »

Thoughts on the Active Cyber Defense Certainty Act 2.0

On May 25, 2017, Representative Tom Graves released the second draft of proposed amendments to 18 U.S.C. 1030 (known as the Computer Fraud and Abuse Act). Representative Graves’ bill is known as the Active Cyber Defense Certainty Act (or ACDC Act). There is no universally accepted umbrella term for this, but it is variously called “Active Defense”, “Active Cyber Defense”, “hacking back,” “hackback”, and “strike back.” You will find the word “active” applied almost universally in these discussions, though it frequently results in establishing a simple (though false) dichotomy of “passive defense” vs. “active defense” and frequently leading to fallacious “straw man” arguments. I prefer the term “Active Response Continuum” to explicitly avoid setting up such binary choices. [Dittrich and Himma(2005)]
Without technical knowledge and a clear contextual understanding of the criminal actions, potentially triggering legal defensive response, two paradoxes emerge. First, the “attributional technology” cited in the draft ACDC Act may not achieve its desired goals. Second, some actions disallowed by the ACDC Act include previously witnessed “strike back” actions that have motivated calls for the kind of amendments embodied in the ACDC Act. [Robinson(2017)]
Read full post here Read more »

Dionaea honeypot: from Conficker to WannaCry + SambaCry CVE 2017-7494

This is a contribution by Tan Kean Siong, follow him on Twitter @gento_ .

  Read more »

GSoC 2016 Wrap Up: Mitmproxy

With Google Summer of Code (GSoC) 2017 being around the corner, we’d like to do a short flashback to 2016, our most successful GSoC year for mitmproxy so far! GSoC 2016 was mitmproxy’s fourth time participating in the program under the umbrella of the Honeynet Project. For the first time, we were able to mentor three students over the summer to work on both our Python core and the brand new web interface. As a major milestone, mitmproxy is now a Python 3 project and has a fantastic user interface that even works on Windows. Read more »

Google Summer of Code 2017

GSoC Logo

After successfully participating in GSoC between 2009 and 2016, and having created or extended many honeynet technologies that have since gone on to become industry standard tools, we are very happy to annouce that The Honeynet Project has applied to be a mentoring organization once again in GSoC 2017. Read more »

Meet Lukas Rist, our new Chief Research Officer

Back in November, the Honeynet Project announced the appointment of a new Chief Research Officer: Lukas Rist took the role after a long and successful tenure by David Watson. The research office will also be supported by Maximilian Hils and Cornelius Aschermann. Read more »

DDOS alerting service

SIDN Fund offers financial support for DDOS alerting service

 
Within our HoneyNED chapter two people are working on DDOS detection techniques by using honeypot technology. The knowledge about which DDOS attacks are 'running' and which sites are under attack is interesting for a broader audience than our HoneyNED chapter. We've decided to start creating a public DDOS alerting service and applied for financial support here for by SIDN Fund.
  Read more »

Email analysis with SpamScope

SpamScope (https://github.com/SpamScope/spamscope) is a fast and advanced tool for email analysis developed by Fedele Mantuano Read more »

Initial analysis of four million login attempts

Introduction
This blog post is a follow up to an earlier article, where I set out to conceive a system that could deliver the data needs to answer 5 specific questions.

The setup Read more »

A new and improved version of Rumal

Thug is a client honeypot that emulates a real web browser, fetches and executes any internal or external JavaScript, follows all redirects, downloadable files just like any browser would do, and collects the results in a mongodb collection. The purpose of this tool is to study, analyse and locate exploit kits and malicious websites. Thug’s analysis can be difficult to navigate or understand and this is where Rumal comes in. Rumal’s function is to be Thug’s GUI, providing users with trees, graphs, maps, tables and intuitive representations of Thug’s data. Read more »

Syndicate content