AfterGlow cloud has evolved further into another release; with many improvements added to the initial version. With GSoC 2012 approaching an end, we’ve covered all the additional features we planned for in the second phase of development, post mid-term. Building up on the initial version, this post will run you through the general features and additional improvements covered.
A live demo of this release can be found here: http://andromeda.ayrus.net:8080/
Data sources: In addition to the initial method of uploading AfterGlow compatible CSV file, the application now supports two new methods of visualizing your data.
…and the summer is over. During the last three months I have tried to make sense of the highly unstructured data set that comes from merging the data streams of several hpfeeds channels. I have had to learn the inner workings of Splunk, their SDKs, the D3.js graphic library and explore different machine learning frameworks and clustering algorithms.
Today I am presenting the first release of Acapulco, a tool to find and display clusters of meta-events built from different types of hpfeeds events within a parallel graph, one of the best ways to represent multidimensional security data in a single visualization.
As the GSOC approaches the end. I would like to publish a beta version of my project for Network Malware Simulation.
The name for the new open source software is Imalse, which is the acronym of Integrated MALware Simulator & Emulator
The website for the project is http://people.bu.edu/wangjing/open-source/imalse/html/index.html, in which you can get detailed description, instructions for installation and demos.
I recorded two videos which are available at http://www.youtube.com/watch?v=CZ91McFlIvo&feature=relmfu and http://www.
I’m proud to announce the release of new Capture HPC client module.
The new version - 0.9 beta implements totally new system monitoring method. The old one - strace - was replaced by kernel module that intercepts some system calls to record events for later analysis.
The communication between kernel and userland is done via proc file. It means that module might be easily used with other applications. File output has a format that is simple to parse and by writing to the file one can modify module behaviour.
Hi everyone, I am announcing an initial release of the Ovizart, Network Analyzer Project. Ovizart (OV - Open VİZual Analsis foR network Traffic ) is a web based application that will let users upload captured traffic in a PCAP format, analyze the traffic, and present the traffic in an intuitive manner. The current development branch is located on Github: https://github.com/oguzy/ovizart.
In this initial release, I am rolling out the basic GUI that people can start using, and then within the next week, I will enable the upload of PCAPs for analysis and visualization.
There is a vm image, that you can import the appliance and see the application at your own machine. You may download the ova file here: http://www.loopbacking.info/ovizart/
To import the image, you will need VirtulBox installed.
It is a virtual machine image, and Ubuntu server 12.04 is installed on it. To login the system you will need username and password. Use demo as username and ovizartdemo as password. After logged in, become root by using sudo su command and learn your IP address (use ifconfig command at the command line).
This is a short introduction to one of the features that the upcoming Ghost 0.2 will offer. I expect to release the new version in late August or early September.
There is a command-line frontend for Ghost already that controls the honeypot’s operation, but its capabilities are limited. In particular, the only way to get feedback from Ghost is to read the command-line output. That’s only slightly inconvenient if you run the tool manually, but it’s not at all suitable for automation, and it makes integrating Ghost into individual analysis setups unnecessarily complicated.
I am pleased to announce a new forensic challenge: Forensic Challenge 12 – “Hiding in Plain Sight“. The challenge has been provided by the Alaska Chapter under the leadership of Lucas McDaniel.
Submission deadline is Sep 9th and we will be announcing winners around the first week of October 2012.
Have fun!
Angelo Dell’Aera
The Honeynet Project
Quechua beta version
Hello World!
All GSoC 2012 students, including those working for HoneyNet, started their projects a long time ago. Since “Midterm evaluation” has passed too, I would like to share some experience and code with you. Please keep in mind this is still a beta version and some things may change during the second part of coding period, however comments and tips will be helpful, as always :-)
Good morning folks
My apologies for the delay on this one. It appears the the wily coyote has passed on his tricks to my Internet connection and as such I’ve been offline for a fairly large portion of time. No matter….onward to the readables !!
Malware
An in-depth code analysis of mssecmgr.ocx from the ESET folks is here.
The Virus Total crew are bringing some seriously cool features to VT. More here