- About us
- Code of Conduct
- Google SoC
- Recent posts
- Security Workshops
I've the pleasure to *finally* unveil the second version of Dorothy: a malware/botnet analysis framework written in Ruby.
Dorothy2 is a framework created for mass malware analysis. Currently, it is mainly based on analyzing the network behavior of a virtual machine where a suspicious executable was executed. However, static binary analysis and system behavior analysis will be shortly introduced in further versions.
After a pretty hectic few weeks of student application review, setting and scoring coding challenges, and assessing proposals, mentoring organizations participating in GSoC 2013 had to confirm their student slot allocations and final short list of preferred candidates by Friday May 24th at 19:00 UTC.
[This post expresses the personal opinion of the author and is not an official statement representing the Honeynet Project.]
At the AusCERT 2013 conference, Dmitri Alperovich called for debate about, "the kinds of actions that infosec professionals are allowed to take against attackers." I agree with Dmitri, and in fact I made the same call, at the same conference on May 23, 2005! (AusCERT invited me to speak on an emerging topic and I chose to speak for the first time publicly at AusCERT 2005 about the Active Response Continuum research I had been doing with funding from Cisco.) As one of the world's foremost experts on this topic, with over two decades of security operations experience, I welcome Dmitri to the debate. :)
What follows is adapted from the forthcoming book, "The Active Response Continuum: Ethical and Legal Issues
of Aggressive Computer Network Defense," by David Dittrich. I welcome any comments, suggested modifications and/or additions.
There are many challenges facing those who are victimized by computer crimes, who are frustrated with what they perceive to be a lack of effective law enforcement action to protect them, and who want to unilaterally take some aggressive action to directly counter the threats to their information and information systems. This has been called active defense, aggressive [network] self-defense, counter-attack, and even hacking back. Regardless of the reasons why someone would want to take such actions, it is necessary to discuss the options, acknowledge the risk and benefit tradeoffs, and identify how aggressive actions can be taken in a manner that is safe, controlled, and justifiable (as best this can be accomplished). This cannot be accomplished, however, if everyone comes at the subject with their own individual frame of reference and language. (This was pointed out by more than one person at this year's Suits & Spooks DC 2013 conference.)
We proudly announce the first release of our Industrial Control System honeypot named Conpot.
Until now setting up an ICS honeypot required substantial manual work, real systems which are usually either inaccessible or expensive and lecture of quite tedious protocol specifications. With implementing a master server for a larger set of common industrial communication protocols and virtual slaves which are easy to configure, we provide an easy entry into the analysis of threats against industrial infrastructures and control systems.
Having being very pleased to be accepted once again by Google as one of the lucky mentoring organization for GSoC 2013, we had eagerly awaited the student application period starting and the excitement (and occasional drama) that always brings.
With less that 24 hours now remaining until the official deadline for Google Summer of Code (GSoC) 2013 student applications (19:00 UTC Friday May 3rd 2013), this is our final call for interested and eligible GSoC students.
As you may know, the annual workshop is a key event to bring together top information security experts from around the globe to present their research efforts as well as discuss insights and strategies to combat new emerging threats. The annual workshop held in February or March every year is a five-days event including a one-day briefing, two-days of hands-on training open to public and two-days of private meetings by invitation only.
After a tense few days for all of the organizations who applied, The Honeynet Project is delighted to announce that it has once again been selected as one the participating mentoring organizations in Google Summer of Code (GSoC) 2013.
the Honeynet Project Pacific Northwest Chapter has judged all submissions and results have been posted on the challenge page. The winners are:
1. Faure Bastien
2. Andrey "Zed" Zaikin
Congratulations to the winners and thanks to the other participants!
The Honeynet Project
Today I've released version 0.3 of the Ghost USB honeypot, which introduces a lot of new features, including a completely rewritten core for better malware detection. The new version is available on the project page. This post outlines the major changes.