Midterm Report: The sniffer and emulator for COM components

By now, what I have done for Capture-HPC is: Read more »

GSoC2011-THP Project 1 - Improve our high interaction client honeypot Capture-HPC

Project Description:
Proposed Capture-HPC Description

Capture-HPC is a high-interaction client honeypot that is capable of seeking out and identifying client-side attacks. It identifies these attacks by driving a vulnerable client to open a file or interact with a potentially malicious server. As it processes the data, Capture-HPC monitors the system for unauthorized state changes that indicate a successful attack has occurred. It is regularly used in surveys of malicious websites that launch drive-by-download attacks. Read more »

GSoC 2010 Timeline announced and Honeynet Project will be applying

Last year the Honeynet Project entered Google Summer of Code ( for the first time. We received 9 Google funded student places and also funded 3 more places of our own, all of whom successfully completed their projects in a wide range of areas of open source security R&D. You can find out more in our Google SoC 2009 section of our website ( Read more »

What's new on PHoneyC (4): Try it out!

Hi all:
       I have finished almost all the coding stuff of Project #1, now you can try out the new PHoneyC with shellcode/heapspray detection here:
        Please feel free to report any bug or suggestion on shellcode/heapspray detection to me. Read more »

What's new on phoneyc (3)--- Mid-term Evaluation


Mid-term Report on PHoneyC GSoC project 1

Info: See <> for
project details.
Author: Zhijie Chen (Joyan) <[email protected]>
Mentor: Jose Nazario
Description: Mid-term Report on PHoneyC GSoC project 1. This report
describes what I have done on the PHoneyC's libemu integration
for shellcode and heapspray detection during the first half of
the GSoC. Till now, the main ideas on this feature has been
fast-implemented (actually I mean poor coding style) and the
whole flow works well, with some code rewriting and performance
optimization needed in the future.

nebula - Client library and revised signature segment selection

nebula Logo    One project mentored by the Honeynet Project during GSoC aims at improving nebula, an automated intrusion signature generator. There are two critical components in the signature generator: A clustering engine that groups similar attacks into classes, and a signature assembler that extracts common features and selects some of them for the actual signature. Read more »

What's new in phoneyc (2)--- Shellcode and Heapspray Dectection

Hi folks:

      I have done some basic shellcode and heapspray detection codes in the phoneyc's 'honeyjs' javascript engine (based on python-spidermonkey, with extra tracing and auditing works). And also I have made a presentation on the local honeynet chinese chapter last weeked. Details about my current approaches can be found on this slide:


Z. Chen (Joyan) Read more »

Introducing Glastopf, a Web Application Honeypot

Hello, this initial blog post is used to introduce me and to provide a brief overview of my GSoC Project.

My name is Lukas Rist (my personal blog) and I am currently studying Math and Physics at the University of Kaiserslauter in Germany. This is my first time in GSoC and I will be working with Thorsten Holz on Glastopf, a Web Application Honeypot. Read more »

GSoC 2009 Student Slots Announced

The results for Google Summer of Code 2009 are out and the Honeynet Project are very excited to have been allocated 9 official slots by Google. You can view the project selection here:
  Read more »

Syndicate content