To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.

Blogs

Thug 0.6 released!

Mon, 01/05/2015 - 19:18 — angelo.dellaera

Thug 0.6 was released just a few hours ago. The most important change introduced during the 0.5 branch was a complete redesign of the logging infrastructure which is now completely modular. This makes adding (or removing) new logging modules extremely easy.

Meet the CEO

Tue, 11/25/2014 - 20:32 — leon.van.der.eijk

Angelo, you have been HNP CEO for more than over a year now. What were your goals when you started and did you achieve them?

First of all let me confess that it seems really incredible to me that a year has already gone by. I took over the CEO position for the Honeynet Project from Christian Seifert more than a year ago and at times the role appeared quite intimidating to me. Christian and Honeynet Project founder Lance Spitzner did an awesome job of driving the organization

Kippo fork - all in one

Wed, 11/12/2014 - 18:05 — katarina.durechova

Hello,

last week I published kippo fork https://gitlab.labs.nic.cz/honeynet/kippo
which contains commits from https://github.com/micheloosterhof/kippo-mo
(Michel Oosterhof brought awesome SFTP, and exec support)
and original kippo https://github.com/desaster/kippo
(I am very pleased is now on github. was on google code before).

On top of that are my changes:

The new version of dorothy2 is out!

Mon, 10/27/2014 - 21:32 — marco.riccardi

Howdy all,
The Italian Chapter is proud to release the latest version of dorothy2 (our ruby-based malware analysis framework) :).

Bifrozt - A high interaction honeypot solution for Linux based systems.

Tue, 09/02/2014 - 12:34 — are.hansen

A few days ago I was contacted by our CPRO, Leon van der Eijk, and asked to write a blog post about my own project called Bifrozt; something which I was more than happy to do. :) This post will explain what Bifrozt is, how this got started, the overall status of the project and what will happen further down the road.


What is Bifrozt?

Beeswarm - active deceptions made easy

Mon, 08/25/2014 - 21:34 — johnny.vestergaard

Finally we can announce with great pleasure the first public beta of the Beeswarm project.
Beeswarm is an active IDS project that provides easy configuration, deployment and management of honeypots and clients. The project differentiates itself by two key items:

  • Active deceptions
  • Simplicity and ease of use

Active deceptions

Global Glastopf statistics for June 2014

Fri, 08/08/2014 - 12:43 — mikael.keri

During the month of June the following information was obtained from Glastopf installations worldwide

Geographical spread

worldmap_201406

10 most popular injected files during the period

Short introduction to RFI:

Get STIX Reports from ICS Honeypot Conpot

Wed, 08/06/2014 - 22:54 — lukas.rist

The team working on the ICS/SCADA honeypot Conpot, just merged in a more mature support for STIX (Structured Threat Information eXpression) formatted reporting via TAXII (Trusted Automated eXchange of Indicator Information) into the master branch on Github.

Outsmarting the smart meter

Sat, 08/02/2014 - 02:04 — johnny.vestergaard

The Conpot team recently introduced what we call the proxy module. Basically we forward the traffic from one service in Conpot to a service running on a real piece of hardware. This is a very successful technique when figuring out a unknown hardware or protocol. Next step then is to decode the messages logged in the proxy module. Most of this step is done by studying books of specifications, leaked manuals and offensive tools. This then gives us insight into the protocol, the commands sent and responses generated.

Syndicate content