Rapid7 have announced the selected projects for the second round of their Magnificent7 program. The program sponsors open source efforts in the area of IT security over the course of a year and provides them with Rapid7’s technological and marketing expertise.
In March, Cuckoo and Androguard - both developed by members of the Honeynet Project - were chosen, and today’s press release revealed two more of our members’ projects to be supported under the Magnificent7 program.
The HoneyMap shows a real-time visualization of attacks against the Honeynet Project’s sensors deployed around the world. It leverages the internal data sharing protocol hpfeeds as its data source. Read this post to learn about the technical details and frequently asked questions. Before going into explanations, take a look at the map itself: map.honeynet.org!
We have seen attack visualizations for quite some time in various forms and availabilities. So far, we only had a GTK canvas based solution and a project around Google Earth and WebGL that would show attacks against our honeypot systems.
Folks,
the submission deadline for the Forensic Challenge 12 – “Hiding in Plain Sight“ put up by the Alaska Chapter under the leadership of Lucas McDaniel has passed. We have received 4 submissions and will be announcing results on Mon, Oct 15th 2012. The top three submissions will be awarded little prizes.
Angelo Dell’Aera
The Honeynet Project
Finally it is good enough to announce my GSoC project - HpfeedsHoneyGraph which is a Splunk APP to display attack graph for hpfeeds logs. It is not a easy project for me to complete in short time. During the last three months, I have to learn several skills for implementation including HPfeeds logs correlation of several hpfeeds channels, Splunk frameworks, Splunk REST API , D3.v2.js graph library and fast-fluxing modules. The most difficult challenge for me is to write javascript code.
The updated version of APKInspector is a powerful static analysis tool for Android Malicious applications. It provide convenient and various features for smartphone security engineers. With the sensitive permission analysis, static instrumentation and easy-to-use graph-code interaction .etc, they can get a thorough and deep understanding of the malicious applications on Android. The improvement mainly focus on two categories: User Interface and Security Analysis. The goal is to build an easy-to-use tool with strong security analysis features.
We’ve just released version 0.2 of the Ghost USB honeypot for Windows XP and Windows 7 with a lot of great new features. You can download the new version from the project page. In this post, I’m going to give an overview of the changes.
Let’s start with what you usually do first: install Ghost. Installing the honeypot has been tedious in the past, so we’ve built an installer that handles most of the work for you.
1 Introduction
As the end of GSoC 2012 will come in the next few days, i am proud to announce IPv6-guard. IPv6-guard is an IPv6 attack detector tool including some defense mechanisms to protect against most of recent attacks on ipv6 protocol suite.
2 IPv6-Guard
2.1 How it works
At first, the tool will gather “genuine” informations of connected network. Those information includes IP and MAC address of neighbors and routers on the network.
6Guard is a honeypot-based IPv6 attack detector aiming at detecting the link-local level attacks, especially when the port-mirror feature of switch is unavailable.
Intallation Download and install Scapy in your machine. (apt-get install python-scapy) Download the v1.0 tarball directly or the latest code from Github Repository, then extract it into a directory. Usage Enter the directory of 6Guard. Run $ sudo ./conf_generator.py to generate the configuration files. Run $ sudo .
AREsoft-updater is a simple updater script for Android Reverse Engineering Software belongs to Android Reverse Engineering (A.R.E.) Virtual Machine from the Honeynet Project
AREsoft-updater will check for the latest available version of each individual project/tool listed above and compare it with the local (installed) version in A.R.E. If newer version is available, AREsoft-updater will automatically download and install the update for your A.R.E
AREsoft-updater also support the latest (recently released) DroidBox for Android 2.
I’m announcing the new features of Android dynamic analysis tool DroidBox as GSoC 2012 approaches the end. In this release, I would like to introduce two parts of my work: DroidBox porting and APIMonitor.
DroidBox for Android 2.3 Based on TaintDroid 2.3, I’ve ported DroidBox to support Android 2.3 and fixed some bugs.
Download bata version: http://droidbox.googlecode.com/files/DroidBox23.tar.gz Source code repository: https://github.com/kelwin Usage is same with the previous version. You can check the project page.