Today I’ve released version 0.3 of the Ghost USB honeypot, which introduces a lot of new features, including a completely rewritten core for better malware detection. The new version is available on the project page. This post outlines the major changes.
In a previous blogpost I’ve already written about the wide-ranging changes to the core of Ghost. We basically switched to a new emulation technique in order to make it harder for malware to recognize Ghost’s fake USB device.
On March 4, 2013, a contest was held at the Nullcon conference in Goa, India, to see who could take over a botnet. The Times of India reported that the prize money was provided by an Indian government official and was awarded to the Garage4Hackers team. The co-founder of the Nullcon conference, Antriksh Shah, said “At Nullcon Goa 2013, for the first time in the world the government has come forward and announced a bounty prize of Rs 35,000 to whoever provides critical information on the command and control servers of a malware recently found in one of the government installations in India,” and then tweeted, “Dawn of new infosec era.
Like many other open source organizations, The Honeynet Project’s members have been excitedly waiting to hear if Google would be running their Google Summer of Code (GSoC) initiative again this year. Well, the wait the over and GSoC 2013 has officially been announced on Google’s Open Source Blog. This is great news!
The timing of Google’s announcement was perfect, since the Honeynet Project were holding our Annual Workshop in Dubai the same week, which gave us time to hit the ground running and kick off internal preparations.
Taking a look at the first submissions, it seems like more time is needed in order to solve the Forensic Challenge 13 - “A Message In A Picture”. For this reason we decided to extend the submission deadline to 2013, March 15th.
Have fun!
Angelo Dell’Aera
The Honeynet Project
The broader picture a the conference will be given by a well known person in this field. He will talk about “Security 2020” This is Dr. Anton Chuvakin, and he is a Research Director at Gartner’s Gartner for Technical Professionals (GTP) Security and Risk Management Strategies team in his day job.
Anton is a recognized security expert in the field of log management, SIEM and PCI DSS compliance. He is an author of books “Security Warrior” and “PCI Compliance” and a contributor to “Know Your Enemy II”, “Information Security Management Handbook” and others.
We have finally gotten an interview with Mark Schloesser. This is the guy that does not say too much, but delivers as hell. “Less talk more code” could easily describe him. He will take you through Configuring an Environment for Threat Assessment This is building a functional and centralized threat intelligence framework! We are really looking forward to this workshop!
Tell us Mark, why did you become a security expert?
We have interviewed Mahmud ab Rahman, who currently works as an Information Security Specialist for Malaysia Computer Emergency and Response Team (MyCERT) under the umbrella of CyberSecurity Malaysia. His areas of focus are network security,botnet monitoring, and malware analysis. He is also one of the teachers for the Honeynet Workshop in Dubai 10-12 of February and will give a talk about Reversing Malicious Flashy Flash and a full workshop on Dissecting Malicious Document Attacks
Ready for the Honeynet Project Meeting in February, we are pleased to announce our second release of HoneyProxy!
Started as a Google Summer of Code 2012 project, HoneyProxy is a lightweight tool that allows live HTTP and HTTPS traffic inspection and analysis. This release features a new Report Editor which allows you to analyze your flows, aggregate data or search for anomalies in your traffic dumps. It is our first independent release after GSoC 2012 and I’m happy to say that HoneyProxy has grown steadily over the last months.
We have interviewed Felix Leder, who works as an innovation and new technology architect for Norman ASA. He has has presented classes around the world on malware analysis, reverse engineering, and anti-botnet approaches. He is also one of the teachers for the Honeynet Workshop in Dubai 10-12th of February and he will give a talk about: Lord of the Rings – Monitoring malware behavior on all layers and also teach a class on Malware Reverse Engineering
At the last BruCON conference in Ghent last year I had the pleasure to talk to Soraya (Iggi), Bsides London co-organizer. She convinced me into submitting a workshop proposal for the Bsides London 2013.
And guess what, it got accepted.
So I will be doing a workshop on setting up a basic kippo SSH honeypot from Upi Tamminen (http://code.google.com/p/kippo/) and if time permits, using Ioannis Koniaris (Ion) kippo visualization tool kippo-graph (http://bruteforce.