We are happy to be able to announce the successful completion of The Honeynet Project's participation in DARPA's Cyber Fast Track program with our Web Application Honeypot project.
Imperva's recent Web Application Attack Report shows the picture of large scale automated threats towards web applications. Adversaries are basically scanning millions of web applications for vulnerabilities every day and a single successful infection increases their army of workers and thereby their capability for doing more damage. Without a specific target, attackers can leverage automated tools and search engines excellent information aggregation service to find their victims, identify the vulnerability, and launch an attack.
The majority of web application attacks target the web application's database. These - so called SQL injection attacks - manipulate the underlying database by providing user input that - due to the vulnerability in the web application - is converted into SQL statements. The main goal of this project was the development of a SQL injection vulnerability emulator that goes beyond the collection of SQL vulnerability probings. It deceives the adversary with crafted responses matching his request into sending us the malicious payload which could include all kinds of malicious code.
The project is being released as open-source and installation instructions can be found on the project page.
A detailed report was created as part of the project.
We've just released version 0.2 of the Ghost USB honeypot for Windows XP and Windows 7 with a lot of great new features. You can download the new version from the project page. In this post, I'm going to give an overview of the changes.
Let's start with what you usually do first: install Ghost. Installing the honeypot has been tedious in the past, so we've built an installer that handles most of the work for you. Just run it and enjoy.
As the end of GSoC 2012 will come in the next few days, i am proud to announce IPv6-guard. IPv6-guard is an IPv6 attack detector tool including some defense mechanisms to protect against most of recent attacks on ipv6 protocol suite.
2.1 How it works
6Guard is a honeypot-based IPv6 attack detector aiming at detecting the link-local level attacks, especially when the port-mirror feature of switch is unavailable.
AREsoft-updater will check for the latest available version of each individual project/tool listed above and compare it with the local (installed) version in A.R.E. If newer version is available, AREsoft-updater will automatically download and install the update for your A.R.E
I'm announcing the new features of Android dynamic analysis tool DroidBox as GSoC 2012 approaches the end. In this release, I would like to introduce two parts of my work: DroidBox porting and APIMonitor.
AfterGlow cloud has evolved further into another release; with many improvements added to the initial version. With GSoC 2012 approaching an end, we've covered all the additional features we planned for in the second phase of development, post mid-term. Building up on the initial version, this post will run you through the general features and additional improvements covered.
A live demo of this release can be found here: http://andromeda.ayrus.net:8080/
…and the summer is over. During the last three months I have tried to make sense of the highly unstructured data set that comes from merging the data streams of several hpfeeds channels. I have had to learn the inner workings of Splunk, their SDKs, the D3.js graphic library and explore different machine learning frameworks and clustering algorithms.
As the GSOC approaches the end. I would like to publish a beta version of my project for Network Malware Simulation.
The name for the new open source software is Imalse, which is the acronym of Integrated MALware Simulator & Emulator
The website for the project is http://people.bu.edu/wangjing/open-source/imalse/html/index.html, in which you can get detailed description, instructions for installation and demos.
I'm proud to announce the release of new Capture HPC client module.
The new version - 0.9 beta implements totally new system monitoring method. The old one - strace - was replaced by kernel module that intercepts some system calls to record events for later analysis.