I'm very pleased to announce that we have released the first public version of the Ghost USB honeypot.
Ghost is a honeypot for malware that uses USB storage devices for propagation. It is able to capture such malware without any further knowledge - especially, it doesn't need signatures or the like to accomplish its task.
Detection is achieved by emulating a USB flash drive on Windows systems and observing the emulated device. The assumption is that on an infected machine the malware will eventually copy itself to the removable device.
Taking a look at the submissions we realized that... mmh no submissions at all... We already knew that solving this challenge requires high skills but it seems like more time is needed in order to solve the Forensic Challenge 11 - "Dive Into Exploit". For this reason we decided to extend the submission deadline to 2012, July 1st.
Have fun (and don't be shy)!
The Honeynet Project
I am very pleased to announce the publication of another paper in our Know Your Enemy white paper series: "KYE - Social Dynamics of Hacking" authored by Thomas J. Holt and Max Kilger from our Spartan Devils Honeynet Project Chapter. In this paper, Tom and Max go to the roots of the Know Your Enemy series and shine light on the social groups that are involved in hacking.
Though most information security research focuses on current threats, tools, and techniques to defeat attacks, it is vital to recognize and understand the humans behind attacks. Individual attackers have various skills, motives, and social relationships that shape their actions and the resources they target. In this paper we will explore the distribution of skill in the global hacker community, the influence of on and off-line social relationships, motivations across attackers, and the near-future of threats to improve our understanding of the hacker and attacker community.
In the last months I spent a lot of efforts in Thug development. During these months a few interesting features and improvements were introduced but right now I want to spend some time for taking a look at the new plugin framework introduced in the version 0.3.0. If you ever thought about extending Thug with additional features but didn’t know how to do it you should really keep on reading. Let’s start by taking a look a the code.
Taking a look at src/thug.py we can now read these lines of code
Although it is still time for the official coding period start at GSoC 2012, i started to make my commits for the Network Analyzer project . The output of the project will be a web based traffic analyzer. It is aimed to let people upload their files from web interface and see the results. Instead of the detail header information, network analyzer will be focusing on applicaiton level data for display.
We where glad to announce yet another tool during our annual workshop in San Francisco. Glaspot is the third version of the web application honeypot Glastopf and it come with some very powerful new features:
Since my last post about the Google Summer Of Code 2012 Student Applications deadline closing and sharing some initial student applications statistics, all the GSoC 2012 mentoring organisations have been hard at work reviewing and scoring their student applications.
At the Honeynet Project workshop 2012, we raffled off a brand new Norman Malware Analyzer G2. Thanks everybody for participating in the raffle.
The winner of this year's raffle is Todd Straceski from Zynga. Congratulations to Todd!
Thanks again to Norman to sponsoring the Honeynet Project workshop 2012. We hope to see you all again next year.
After a slower than usual start, this years Google Summer of Code (GSoC) student applications period closed at 19:00 UTC on Friday April 6th, with a major application rush in the last couple of days which kept us busy right up to the deadline! Many thanks to all the interested students who applied, and our mentors and org admins for taking the time to respond to students on IRC, email and through Melange.
Folks, we had a great time at the Honeynet Project Security Workshop @ Facebook. We'd like to thank again our execellent hosts Facebook, the attendees, and our many speakers.
If you were not able to attend, you can check out the videos at http://honeynet.org/SecurityWorkshops/2012_SF_Bay_Area/Mar_19/Workshop_Program_Agenda.