Shreya Malviya wrote this post as a project summary of her GSoC2020 experience.

Team:
Mentors: Shay Nehmad, Daniel Goldberg
Student: Shreya Malviya

Introduction

What is Infection Monkey?

Infection Monkey is an open-source security tool for testing a data center’s resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self-propagate across on-premises/cloud-based data centers and finds their weaknesses, whose results it then reports to a centralized Monkey Island Command and Control server.

Our GSoC student Eshaan Bansal was working for three months under the supervision of Matteo Lodi on the OSINT platform IntelOwl, specifically introducing a brand new front-end written in Angular and analyzers to automate integrations.

Read on for an overview of their achievements and how they successfully contributed towards IntelOwl and some considerations for the future.

We are excited to announce the release of mitmproxy 5.2, a free and open source interactive HTTPS proxy! As the first part of his Google Summer of Code (GSoC) at the Honeynet Project, our student Martin Plattner (@MartinPlattnr) has completely revamped mitmproxy’s replacement feature, which is a powerful tool to modify and redirect HTTP messages.

As a small demonstration, Martin showed us how we can make these turbulent times much more bearable with a simple mitmproxy invocation:

Intel Owl is an Open Source Intelligence, or OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API at scale. It integrates a number of analyzers available online and is for everyone who needs a single point to query for info about a specific file or observable.

Born at the start of 2020 (announcement), this fresh and new tool was accepted as part of the Google Summer of Code under The Honeynet Project. Great improvements have been developed since the start of this project.

The Honeynet Project recently appointed a new Chief Research Officer, Tamas Lengyel.  We want to thank again Lukas Rist for leading and growing our research over the past years, and welcome Tamas that accepted the role.

Tamas is Chapter Lead of Malware Analytics at Scale (MAS) and has been an active GSoC mentor over several years now with Honeynet. In his day job he is Senior Security Researcher at Intel, where he is focusing on low-level system security research, primarily working with hypervisors and firmware. He is a maintainer of the Xen Project Hypervisor, LibVMI and the DRAKVUF binary analysis system. Tamas received his PhD from the University of Connecticut and regularly publishes at top-tier academic conferences. He gave talks at conferences such as BlackHat, CCC and Microsoft Digital Crime Consortium.

The Honeynet Project Workshop 2019

Hotel Grauer Bär

Universitätsstraße 5-7

6020 Innsbruck, Austria

July 1st–3rd, 2019

https://austria2019.honeynet.org/

The Infection-Monkey team for GSoC 2018 wrote this post as a project summary of their GSoC 2018 experience

Team:

Student: Vakaris Žilius

Mentor: Daniel Goldberg

Introduction

During GSOC 2018, Vakaris worked with me on the Infection Monkey.

The Infection Monkey is an open source security tool for testing a data center’s resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server.

Abhinav Saxena wrote this post as a project summary of his GSoC2018 experience.

What did we achieve?

The following features and changes were implemented:

• Migration of the codebase from Python 2.7 to Python 3.5 (issue #358, code: #374)
• Implementation of FTP (RFC 959) and TFTP (RFC 1350) protocol stacks based on gevent (issue #352, code: ftp and tftp)
• Implementation of an abstract filesystem that proxies and wraps an actual file system by providing os.* wrappers (code: #375 and #382)
• Wrote 123 unit tests and refactored all existing 44 unit tests, increasing coverage from 44% to 72% at the time of this writing  (code: #374, #375 and #382)
• Bug fixes and refactoring of the existing BACnet and IPMI protocol stacks (issue #341, code #382)
• Bug fixes in auxiliary Docker files (issue: #378, code: #380 and  #392)
• Refactoring of an existing telnet library to be compatible to the Conpot codebase (issue #285, code: mushorg/telnetsrvlib)
• Wrote an internal interface implementation that introduces a decorator, allowing protocol servers to interact more deeply with each other.  (issue #259, code #375)
• Helping users with issues and pull request reviews: link

All commits can be seen here and here.

After successfully participating in GSoC between 2009 and 2017, and having created or extended many honeynet technologies that have since gone on to become industry standard tools, we are very happy to announce that The Honeynet Project has applied to be a mentoring organization once again in GSoC 2018.

While last year’s GSoC saw significant changes to the program structure, the program has not seen major adjustments this year. We are very happy that the new payment model and the added third evaluation came to stay! At Honeynet, we collected extensive feedback from mentors last year and will use that to improve our students’ experience - more on that later. Based on the very positive feedback from last year, we’ll definitely continue to use our now not-so-new-anymore GSoC Slack channel and we are excited to talk to you there!

Analysis of 24 Hours Internet Attacks: A Brief Overview of Malicious Traffic Targeting Featureless Servers on the Web.

Bots_Keep_Talking_To_Us