The Honeynet Project

I'm proud to announce the release of new Capture HPC client module.

The new version - 0.9 beta implements totally new system monitoring method. The old one - strace - was replaced by kernel module that intercepts some system calls to record events for later analysis.

There is a vm image, that you can import the appliance and see the application at your own machine. You may download the ova file here: http://www.loopbacking.info/ovizart/

To import the image, you will need VirtulBox installed.

Hi everyone, I am announcing an initial release of the Ovizart,
Network Analyzer Project. Ovizart (OV - Open VİZual Analsis foR network Traffic ) is a web based application that will let users upload captured traffic in a PCAP format, analyze the traffic, and present the traffic in an intuitive manner. The current development branch is located on Github: https://github.com/oguzy/ovizart.

This is a short introduction to one of the features that the upcoming Ghost 0.2 will offer. I expect to release the new version in late August or early September.

There is a command-line frontend for Ghost already that controls the honeypot's operation, but its capabilities are limited. In particular, the only way to get feedback from Ghost is to read the command-line output. That's only slightly inconvenient if you run the tool manually, but it's not at all suitable for automation, and it makes integrating Ghost into individual analysis setups unnecessarily complicated.

I am pleased to announce a new forensic challenge: Forensic Challenge 12 – “Hiding in Plain Sight“. The challenge has been provided by the Alaska Chapter under the leadership of Lucas McDaniel.

Submission deadline is Sep 9th and we will be announcing winners around the first week of October 2012.

Have fun!

Angelo Dell'Aera
The Honeynet Project

Folks,
Georg Wicherski has judged the two really cool submissions and results have been posted on the challenge page. The winners are:

1. Ruud Schramp
1.5. Carl Pulley

Quechua beta version

Hello World!

All GSoC 2012 students, including those working for HoneyNet, started their projects a long time ago. Since “Midterm evaluation” has passed too, I would like to share some experience and code with you. Please keep in mind this is still a beta version and some things may change during the second part of coding period, however comments and tips will be helpful, as always :-)

Good morning folks

My apologies for the delay on this one. It appears the the wily coyote has passed on his tricks to my Internet connection and as such I've been offline for a fairly large portion of time. No matter....onward to the readables !!

Malware

An in-depth code analysis of mssecmgr.ocx from the ESET folks is here.

As the first half of the HP summer of code has passed, I'd like to give a short update on the current status of the Ghost USB honeypot.

At the middle of GSoC 2012, we are happy and proud to release a beta version of HoneyProxy, a lightweight tool that allows live HTTP and HTTPS traffic inspection and analysis.

Unlike other network tools like WireShark that display flow packet by packet, HoneyProxy only displays application layer data. Web objects then can be viewed through a browser.