With less that 24 hours now remaining until the official deadline for Google Summer of Code (GSoC) 2013 student applications (19:00 UTC Friday May 3rd 2013), this is our final call for interested and eligible GSoC students. If you are interested or intend to get involved, please apply now.

For anyone new to the GSoC program, or anyone who has already talked to us on IRC (#gsoc-honeynet on irc.freenode.net) or on our public GSoC mailing list, please remember that you must still submit your student application the Google’s official GSoC 2013 form in Melange for it to be official.

As you may know, the annual workshop is a key event to bring together top information security experts from around the globe to present their research efforts as well as discuss insights and strategies to combat new emerging threats. The annual workshop held in February or March every year is a five-­days event including a one-­day briefing, two-­days of hands-­on training open to public and two-­days of private meetings by invitation only. Past annual workshops have been held at government, university and private company venues in Dubai (2013), San Francisco (2012), Paris (2011), Mexico City (2010) and Kuala Lumpur (2009), attracting more than 400 participants from around the world.

After a tense few days for all of the organizations who applied, The Honeynet Project is delighted to announce that it has once again been selected as one the participating mentoring organizations in Google Summer of Code (GSoC) 2013. This is great news and should make for another very exciting summer for many students, mentors and team members, so many thanks to Google’s and their Open Source Projects Office for their continued support of both us and free open source software (FLOSS) in general. We all really appreciate the support :-)

Today I’ve released version 0.3 of the Ghost USB honeypot, which introduces a lot of new features, including a completely rewritten core for better malware detection. The new version is available on the project page. This post outlines the major changes.

In a previous blogpost I’ve already written about the wide-ranging changes to the core of Ghost. We basically switched to a new emulation technique in order to make it harder for malware to recognize Ghost’s fake USB device. The new core is considered stable by now and thus included in version 0.3.

On March 4, 2013, a contest was held at the Nullcon conference in Goa, India, to see who could take over a botnet. The Times of India reported that the prize money was provided by an Indian government official and was awarded to the Garage4Hackers team. The co-founder of the Nullcon conference, Antriksh Shah, said “At Nullcon Goa 2013, for the first time in the world the government has come forward and announced a bounty prize of Rs 35,000 to whoever provides critical information on the command and control servers of a malware recently found in one of the government installations in India,” and then tweeted, “Dawn of new infosec era. Govt of India announced (and actually paid) first ever bounty (Rs. 35 k) at nullcon to take down a c&c.” When asked whether this was a live botnet, or a simulated botnet held within a safe and isolated virtual network where no harm could result, Nullcon tweeted, “it was a live campaign up since a couple of yrs and the malware was found in a gov. Infra.”

Like many other open source organizations, The Honeynet Project’s members have been excitedly waiting to hear if Google would be running their Google Summer of Code (GSoC) initiative again this year. Well, the wait the over and GSoC 2013 has officially been announced on Google’s Open Source Blog. This is great news!

The timing of Google’s announcement was perfect, since the Honeynet Project were holding our Annual Workshop in Dubai the same week, which gave us time to hit the ground running and kick off internal preparations. We ran a GSoC recap session with our members who were present (plus live streaming for those who could not make it) and are busy preparing our application to be a mentoring organization again this year, as well as drawing up an internal list of potential student project topics. We also discussed lessons learned from our past four (excellent) years of GSoC experience, particularly how we might standardize and improve our student selection process, and make better use of the community bonding period. It was particularly satisfying to have many of last years successful GSoC students attending the workshop, presenting what they worked on and continuing to become involved in our community and other non-GSoC projects too.

Taking a look at the first submissions, it seems like more time is needed in order to solve the Forensic Challenge 13 - “A Message In A Picture”. For this reason we decided to extend the submission deadline to 2013, March 15th.

Have fun!

Angelo Dell’Aera
The Honeynet Project

The broader picture a the conference will be given by a well known person in this field. He will talk about “Security 2020” This is Dr. Anton Chuvakin, and he is a Research Director at Gartner’s Gartner for Technical Professionals (GTP) Security and Risk Management Strategies team in his day job.
Anton is a recognized security expert in the field of log management, SIEM and PCI DSS compliance. He is an author of books “Security Warrior” and “PCI Compliance” and a contributor to “Know Your Enemy II”, “Information Security Management Handbook” and others. Anton has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS, security management. His blog “Security Warrior” is one of the most popular in the industry.

We have finally gotten an interview with Mark Schloesser. This is the guy that does not say too much, but delivers as hell. “Less talk more code” could easily describe him. He will take you through Configuring an Environment for Threat Assessment This is building a functional and centralized threat intelligence framework! We are really looking forward to this workshop!

Tell us Mark, why did you become a security expert?

To be honest I did not really choose security - I basically just slipped into it because of my colleagues, friends and a big interest in problem solving. I really enjoy sitting down with a team and tackling a certain
problem - which could for example mean trying to solve a puzzle or write an exploit for a vulnerability. This is also the reason why I like to play in Capture The Flag competitions and help organizing one myself.

We have interviewed Mahmud ab Rahman, who currently works as an Information Security Specialist for Malaysia Computer Emergency and Response Team (MyCERT) under the umbrella of CyberSecurity Malaysia. His areas of focus are network security,botnet monitoring, and malware analysis. He is also one of the teachers for the Honeynet Workshop in Dubai 10-12 of February and will give a talk about Reversing Malicious Flashy Flash and a full workshop on Dissecting Malicious Document Attacks