Folks, holiday greetings from forensic challenge headquarter in Seattle. Mahmud and Ahmad from the Malaysian Chapter have judged all submissions and results have been posted on the challenge web site. The winners are:
Vos from Russia with perfect score! Codrut from Romania Mike from Canada Congratulations!
We received a total of 21 submissions and they were very competitive. The top three submissions came within a point of a perfect score and Vos from Russia actually received a perfect score.
Basically, The TWMAN is an automated behavioral malware analysis environment to analyze the malware targeted at Microsoft Windows, and it can develop a free and open source software, and the environment is built around Joe Stewart’s TRUMAN sandnet. Although, there are many services of analysis malware behavioral, such as the Norman Sandbox, CWSandbox, Threat Expert, etc. For privacy and policy reasons, it must be treated as if they contain personally identifiable information.
I’m developing a syscall interception tool for Android as a course’s project. While it is relatively simple to intercept calling into the system services (introduced at the end), it is harder to get the syscall return. The reason is, the latest Android emulator is build upon QEMU 0.10.50, meaning it’s TCG based. So we cannot use the same way Qebek or TEMU uses to intercept the syscall return. Therefore I looked into the new code to find if I could find a way to solve this problem.
Folks, I am very pleased to announce the publication of our Know Your Tools paper: Glastopf - A dynamic, low-interaction web application honeypot authored by Lukas Rist of the Chicago Honeynet Project Chaper and Sven Vetsch, Marcel Kossin, and Michael Mauer.
The paper is available from https://honeynet.org/papers/KYT_glastopf.
Paper abstract Currently, attacks against web applications make up more than 60% of the total number of attempted attacks on the Internet. Organizations cannot afford to allow their websites be compromised, as this can result in serving malicious content to customers, or leaking customer’s data.
We just finished grading the results of Project Honeynet “Log Mysteries” Challenge #5 and there are some useful lessons for BOTH future challenge respondents and to log analysts and incident investigators everywhere.
If you look at the challenge at high level, things seem straightforward: a bunch of log data (not that much data, mind you – only 1.14MB compressed) from a Linux system. You can squeak by even if you use manual analysis and simple scripting.
Christian Seifert (CPRO of The Honeynet Project) has just announced publication of our Know Your Tools series: Qebek - Conceal the Monitoring, authored by Chengyu Song and Jianwei Zhuge from the Chinese Chapter and Brian Hay from the Alaskan Chapter. The paper is based on Chengyu’s hard work during the GSoC 2009, Brian Hay and me acted as his mentors for the Qebek GSoC Project. Congrats to Chengyu and Chinese Chapter.
I am very pleased to announce another publication of our Know Your Tools series: Qebek - Conceal the Monitoring authored by Chengyu Song and Jianwei Zhuge from the Chinese Chapter and Brian Hay from the Alaskan Chapter.
The paper is available from https://honeynet.org/papers/KYT_qebek.
Paper abstract
For the last few years, while low-interaction (LI) honeypot systems like Nepenthes and PHoneyC are getting more and more powerful, the progress of high-interaction (HI) honeypot technology has been somewhat slower.
Before we are getting worse than Duke Nukem Forever, we decided to finally release the next generation of the web application honeypot Glastopf, aka GlastopfNG!
Today we find web applications in every environment independent of company size and even in home networks. Over web attack vectors like SQL Injections and Remote File Inclusions, criminals can overtake web servers which than become part of a botnet or even a command and control server.