Last Friday was the deadline for GSoC 2012 Mentoring Organization Applications. After three successful participations in the Google Summer of Code program in 2009, 2010, and 2011, we - once again - applied to be part of GSoC again this year. Our experience with the program has been tremendous. We have been able to excite students worldwide (many which have gone on to become members of the Honeynet Project) for open-source development in the information security space and several of the leading honeynet open-source tools started with a GSoC project. We are looking forward to get students involved with our expert mentors again this year to tackle the many research and development problems still remaining in information security.
While we patiently await Google's response to our application (the list of list of officially accepted GSoC 2012 orgs is announced on March 16th 23:00 UTC, we urge you to check out our project ideas page for some suggestions of the type of projects we would like to mentor (although students can also suggest their own ideas too). You can start getting in contact with us on IRC and email to discuss potential project ideas (some of you are already are doing so, which is great). You can reach us at #gsoc2012-honeynet on irc.freenode.net as well as by joining our public GSoC ideas mailing list. We hope to hear from you!
A big thanks to Google for their continued support for FOSS. We hope we will be accepted to participate as a GSoC mentoring organization again this year and we are all looking forward to a productive and exciting GSoC 2012!
Frasier, who participated in our recent visualization forensic challenge has released his visualization tool WoLF Viz at http://code.google.com/p/wolf-viz/. WoLF Viz works by parsing arbitrary text log files into a network (graph) of words, where the words are nodes and the edges are adjacent word pairs. The edge weights are based on how often the two words are seen next to each other.
Early bird registration to our 2012 Honeynet Project Security Workshop ends today. The workshop will be held at the Facebook offices in the SF Bay Area. Secure your spot today for the workshop or one of the eleven hands-on training sessions we are offering. You can check out the agenda and training sessions at https://honeynet.org/SecurityWorkshops/2012_SF_Bay_Area. Hope to see you there!
CEO, The Honeynet Project
Ben Reardon has judged all submissions and results have been posted on the challenge page. The winners are:
1. Fabian Fischer
2. Chris Horsley
3. Fraser Scott
4. Dan Gleebits
5. Johnathan Tracz
Take a look at Ben's blog post for additional details. Congratulations to the winners and thanks to the other participants!
The Honeynet Project
While the quantity of submissions for FC10 was lower than usual - we had expected this because of the amount of work required to submit plus being over the Christmas break - the quality of the solutions was really inspiring.
Of course the hardest part was deciding the winners, and as expected the traditional scoring method was not ideal for this type of challenge because the challenge was about creating and developing ideas, rather than just answering a number of dry questions. Quite a few people people used the challenge not so much to win a prize, but to have fun, develop an idea they've had, practice on some real datasets, learn, and teach. This was exactly the spirit we'd hoped for, so thanks to everyone for putting in a big effort.
The Winners and their solutions:
Fabian Fischer - solution
Chris Horsley - solution
Fraser Scott - solution
Dan Gleebits - solution
Johnathan Tracz - solution
The standout theme in the submissions for me was the use of interactive and flexible tools to analyse the data. As we move further into the big data world, its going to be imperative to get inside the data interactively to understand it. Some of the solutions focused on developing brand new applications/frameworks to interactively data sets - Check out the submissions from Fabian and Chris as really good examples of this. While Fraser put forward the idea of rendering images in 3D - which is not that far-out an idea actually, why not?!.
We hope that this challenge was enjoyable for those who participated, and for those downloading the submissions for inspiration. These challenges have a long legacy, we see people downloading, attempting and referencing these challenges and the solutions for education purposes years afterwards, so they are an important program at the Honeynet Project.
It would be great to see solutions to future forensic challenges use visualization, not only to analyse and detect trends, but also to describe the problem space to the layperson. With that said - the next Forensic challenge, FC11 should be released shortly - so stay tuned.
And lastly, if anyone wants to develop their ideas further, a good way (i.e. get paid if you are accepted!) is to get involved in our upcoming Google Summer of Code program GSOC12
We are proud and happy to announce that a new free malware analysis online service is born.
Malwr.com is based on Cuckoo Sandbox, a project mentored by the Honeynet Project, sponsored by GSoC and developped by Claudio "nex" Guarnieri (@botherder), Dario Fernandes and Alessandro "jekil" Tanasi (@jekil). Malwr.com hosting is provided by ShadowServer.
If you want to test Cuckoo's flavor before installing it or if you're too lazy to deploy your own sandbox, just go there ! :-)
The Honeynet Project will hold its 2nd public security workshop at Facebook, Inc. in the San Francisco Bay Area. The workshop is going to be a two day event filled with technical presentations and hands-on tutorial training. On day 1 of the workshop, Honeynet Project members and Facebook will present on a wide range of information security topics: from honeypots and social networks to cybercrime and mobile malware. Day 2 will be a day of hands-on tutorial training. Our members will teach a total of 8 courses in forensics, honeypots, and visualization. For those who want to further hone their skills in a competitive setting, we will also host a capture-the-flag event on day 2.
Event details and registration information can be found at https://honeynet.org/SecurityWorkshops/2012_SF_Bay_Area. We hope to see you there!
Cuckoo Sandbox 0.3.1 has been released.
The most interesting improvements include:
Taking a look at the first submissions, it seems like more time is needed in order to solve the Forensic Challenge 10 - "Attack Visualization". For this reason we decided to extend the submission deadline to 2012, January 22th.
The Honeynet Project
Client honeypots are tools that actively search servers for malicious data like malware, exploits, malicious PDF files, etc.
The Polish Chapter just released a new version of Capture-HPC originally developed by Christian Seifert and Ramon Steenson of the New Zealand Chapter. Capture-HPC focuses primarily on attacks against, or involving the use of, Web browsers.
It is available for download as binary Debian package on Polish Chapter webpage:
Source code is made available via github: