- Sébastien Tricaud
- Guillaume Arcas
- Anthony Desnos
- Franck Guénichot
- François-René Hamelin
- Christophe Grenier
We have following technologies deployed:
- Kippo on honeycloud. Goal of this deployment is to provide a centralized instance of Kippo & share findings, logs, collected data.
- HoneyProxy on honeycloud.
RESEARCH AND DEVELOPMENT
* New tools
=> HoneyProxy as part of GSoC 2012.
=> FAUP (formerly furl)
=> A.R.E. / AndroGuard
At the middle of GSoC 2012, we are happy and proud to release a beta version of HoneyProxy, a lightweight tool that allows live HTTP and HTTPS traffic inspection and analysis.
Unlike other network tools like WireShark that display flow packet by packet, HoneyProxy only displays application layer data. Web objects then can be viewed through a browser.
We are proud and happy to announce that Cuckoo Sandbox and AndroGuard were choosen by Rapid7 for his Magnificent7 Program, an initiative created to fuel the success of seven bleeding edge open source projects and backed by a fund of $100,000.
Cuckoo Sandbox and AndroGuard are respectively developped by Claudio Guarnieri and Anthony Desnos and mentored during previous GSoC.
Congratulations to Claudio and Anthony !
We are proud and happy to announce that a new free malware analysis online service is born.
Malwr.com is based on Cuckoo Sandbox, a project mentored by the Honeynet Project, sponsored by GSoC and developped by Claudio "nex" Guarnieri (@botherder), Dario Fernandes and Alessandro "jekil" Tanasi (@jekil). Malwr.com hosting is provided by ShadowServer.
If you want to test Cuckoo's flavor before installing it or if you're too lazy to deploy your own sandbox, just go there ! :-)
Cuckoo Sandbox 0.3.1 has been released.
The most interesting improvements include:
Client honeypots are tools that actively search servers for malicious data like malware, exploits, malicious PDF files, etc.
The Polish Chapter just released a new version of Capture-HPC originally developed by Christian Seifert and Ramon Steenson of the New Zealand Chapter. Capture-HPC focuses primarily on attacks against, or involving the use of, Web browsers.
It is available for download as binary Debian package on Polish Chapter webpage:
Source code is made available via github:
Cuckoo Sandbox is an Open Source automated dynamic malware analysis system designed to analyze and report on suspicious files.
Cuckoo started as a Google Summer of Code project in 2010 within The Honeynet Project. It was designed and developed by Claudio Guarnieri who still maintains the project and lead its development efforts.
Cuckoo has been selected again this year for Google Summer of Code 2011 with The Honeynet Project and with Dario Fernandes who joined the team. The work being done in the last months lead to the release of the 0.2 version.
GSoC 2011 #8 project's goal was to add forensics features to the popular Wireshark network analyzer.
Wireshark is an open source network analyzer widely used for network debugging as well as security analysis. Wireshark provides network
analyzer with graphical interface as well as command line tools.
Wireshark also provides network protocol decoders and support filters that allow to search through packets with keywords.
GSoC plugins extend Wireshark capabilities when Wireshark is used to analyze network traffic with security and forensic in mind.
The Honeynet Project had mentored 12 projects this year for the Google Summer
of Code (GSoC). The 11th project was to extend the SIP module for
Dionaea to handle SIP udp, tcp and even tls. With the TLS part, the
Dionaea can even emulate a Microsoft Lync server. The TLS part was not
part of the original scope, but the hard work made that possible as