We have just been notified by Google that the Honeynet Project has - once again - been accepted as one of the mentoring organization for Google Summer of Code 2012 (in total 180 organizations were selected). We are very excited and are looking forward to a great summer! Already a big thank you to Google for their continued support!
While student applications are not officially open yet, interested students are encouraged to check out our ideas page and get in contact with us via firstname.lastname@example.org and/or IRC (#gsoc2012-honeynet on irc.freenode.net) in the next few ideas to meet the mentors and discuss project ideas. Student applications officially open on March 26th 2012 and close on April 6th 2012.
We are looking forward to hearing from you!
GSoC 2011 #8 project's goal was to add forensics features to the popular Wireshark network analyzer.
Wireshark is an open source network analyzer widely used for network debugging as well as security analysis. Wireshark provides network
analyzer with graphical interface as well as command line tools.
Wireshark also provides network protocol decoders and support filters that allow to search through packets with keywords.
GSoC plugins extend Wireshark capabilities when Wireshark is used to analyze network traffic with security and forensic in mind.
The Beta version of HoneySink is out!
What is HoneySink?
HoneySink is an open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network.
Able to be deployed both internally and externally it is designed to log and respond to incoming requests for a number of network protocols.
With configuration and scalability in mind, HoneySink was designed from the ground up with a non-blocking architecture to handle extremely large amounts of traffic while being able to perform customised interactions and logging.
By now, what I have done for Capture-HPC is:
Proposed Capture-HPC Description
Capture-HPC is a high-interaction client honeypot that is capable of seeking out and identifying client-side attacks. It identifies these attacks by driving a vulnerable client to open a file or interact with a potentially malicious server. As it processes the data, Capture-HPC monitors the system for unauthorized state changes that indicate a successful attack has occurred. It is regularly used in surveys of malicious websites that launch drive-by-download attacks.
Last year the Honeynet Project entered Google Summer of Code (http://socghop.appspot.com/gsoc/program/home/google/gsoc2009) for the first time. We received 9 Google funded student places and also funded 3 more places of our own, all of whom successfully completed their projects in a wide range of areas of open source security R&D. You can find out more in our Google SoC 2009 section of our website (https://www.honeynet.org/gsoc).
I have finished almost all the coding stuff of Project #1, now you can try out the new PHoneyC with shellcode/heapspray detection here:
Please feel free to report any bug or suggestion on shellcode/heapspray detection to me.
|Info:||See <https://www.honeynet.org/gsoc/project1> for
|Author:||Zhijie Chen (Joyan) <email@example.com>|
|Description:||Mid-term Report on PHoneyC GSoC project 1. This report
describes what I have done on the PHoneyC's libemu integration
for shellcode and heapspray detection during the first half of
the GSoC. Till now, the main ideas on this feature has been
fast-implemented (actually I mean poor coding style) and the
whole flow works well, with some code rewriting and performance
optimization needed in the future.
One project mentored by the Honeynet Project during GSoC aims at improving nebula, an automated intrusion signature generator. There are two critical components in the signature generator: A clustering engine that groups similar attacks into classes, and a signature assembler that extracts common features and selects some of them for the actual signature.
Z. Chen (Joyan)