Chinese Chapter

Chinese Chapter Status Report For 2012 (Sep 2011 - Aug 2012)

jianwei.zhuge — Tue, 30 Oct 2012 23:39:39 -0500

ORGANIZATION

The Chinese Chapter was founded in 2008 based on Artemis research team in PKU and currently consists of the following people:

Dr. Jianwei Zhuge, Chapter Leader, Tsinghua Asso. Prof.
Chengyu Song, Gatech ph.d. student
Zhijie Chen, Berkeley ph.d. student
Dr. Xinhui Han, PKU Asso. Prof.
Dr. Yong Tang, NUDT Asso. Prof.
Huilin Zhang, PKU ph.d. student
Lingfeng Sun, Huawei engineer
Jian Jiang, Tsinghua phd. student
Cong Zheng, PKU ms. student

Chinese Chapter

The Honeynet Project Chinese Chapter - Status Report 2011

jianwei.zhuge — Thu, 30 Jun 2011 21:16:47 -0500

ORGANIZATION

The Chinese Chapter consists of the following people:
* Jianwei Zhuge, Tsinghua
* Chengyu Song, Gatech
* Zhijie Chen, Berkeley
* Xinhui Han, PKU
* Yong Tang, NUDT
* Huilin Zhang, PKU
* Zhongjie Wang, PKU
* Lingfeng Sun, HuaweiSymantec
* Jian Jiang, Tsinghua
* Youzhi Bao, PKU
* Cong Zheng, PKU

The Chapter members are interested in research projects covering the following topics:

1. Low-interaction/high-interaction client honeypots
2. Distributed honeynet deployment, operation and data analysis
3. Automated malware collection and analysis systems

Chinese Chapter

Know Your Tools: Qebek - Conceal the Monitoring has been published

jianwei.zhuge — Fri, 05 Nov 2010 00:56:24 -0500

Christian Seifert (CPRO of The Honeynet Project) has just announced publication of our Know Your Tools series: Qebek - Conceal the Monitoring, authored by Chengyu Song and Jianwei Zhuge from the Chinese Chapter and Brian Hay from the Alaskan Chapter. The paper is based on Chengyu's hard work during the GSoC 2009, Brian Hay and me acted as his mentors for the Qebek GSoC Project. Congrats to Chengyu and Chinese Chapter.

The paper is available from http://honeynet.org/papers/KYT_qebek.

Paper abstract

Chinese Chapter

TraceExploit: Replaying method dissection

zhongjie.wang — Tue, 17 Aug 2010 04:08:13 -0500

I've been working on the GSOC Project 14 in recent months. We are meant to start a new tool which can replay the collected exploit traces.

We know that during the process of exploit replay, there're many fields need to be changed in the original application messages. Some of them are platform independent, and the others are platform specific. Platform-independent variables are those changed each time we exploit, like timestamp, cookie, length, etc. And platform-specific variables are those changed only if the target system is changed, like target address, return address point to the shellcode.

Chinese Chapter

The Honeynet Project取证分析挑战中文版启航，欢迎华语世界安全人士参与

jianwei.zhuge — Tue, 01 Jun 2010 20:40:11 -0500

The Honeynet Project是一个国际知名的开源信息安全研究团队，致力于提升Internet的安全。

Chinese Chapter

What's new on PHoneyC (4): Try it out!

zhijie.chen — Mon, 10 Aug 2009 14:19:38 -0500

Hi all:
I have finished almost all the coding stuff of Project #1, now you can try out the new PHoneyC with shellcode/heapspray detection here:

http://code.google.com/p/phoneyc/source/browse/phoneyc#phoneyc/branches/phoneyc-honeyjs

Please feel free to report any bug or suggestion on shellcode/heapspray detection to me.

Chinese Chapter

NtDeviceIoControlFile

chengyu.song — Thu, 30 Jul 2009 11:01:41 -0500

As the console spy is almost finished, the next stage is mainly for network activities. Sebek Win32 version uses TDI hook to get this done. However, since getting driver object in virtualization layer is hard and TDI is TDI is on the path to deprecation, I need to find another way. The best solution seems to be hooking NtDeviceIoControlFile, the API Windows uses to do network related stuff and has been widely mentioned in malware behavior analysis papers. After some days of searching, I encounter a very useful resources today, a master thesis from TTAnalyze team:

Chinese Chapter

Chinese Chapter Status Report (Period Apr 2007 to Dec 2008)

jianwei.zhuge — Wed, 14 Jan 2009 06:35:49 -0600

The Honeynet Project Chinese Chapter Status Report (Period Apr 2007 to Dec 2008)

ORGANIZATION

1. Changes in the structure of your organization.
All members of Chinese Chapter (i.e. The Artemis Project) are still from ERCIS, Institute of Computer Science and Technology, Peking University, China. Although we are seaking for contributors from other organizations.

Chinese Chapter

About The Honeynet Project

drupal — Sun, 10 Aug 2008 19:54:48 -0500

The Honeynet Project is a leading international 501c3 non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools to improve Internet security. With Chapters around the world, our volunteers have contributed to fight again malware (such as Confickr), discovering new attacks and creating security tools used by businesses and government agencies all over the world.

Alaskan Chapter