To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.

Blogs

Release of WoLF Viz

Frasier, who participated in our recent visualization forensic challenge has released his visualization tool WoLF Viz at http://code.google.com/p/wolf-viz/. WoLF Viz works by parsing arbitrary text log files into a network (graph) of words, where the words are nodes and the edges are adjacent word pairs. The edge weights are based on how often the two words are seen next to each other.

Last chance for early bird registration

Early bird registration to our 2012 Honeynet Project Security Workshop ends today. The workshop will be held at the Facebook offices in the SF Bay Area. Secure your spot today for the workshop or one of the eleven hands-on training sessions we are offering. You can check out the agenda and training sessions at https://honeynet.org/SecurityWorkshops/2012_SF_Bay_Area. Hope to see you there!
Christian Seifert
CEO, The Honeynet Project

Forensic Challenge 10 - "Attack Visualization" - And the winners are...

Folks,
Ben Reardon has judged all submissions and results have been posted on the challenge page. The winners are:

1. Fabian Fischer
2. Chris Horsley
3. Fraser Scott
4. Dan Gleebits
5. Johnathan Tracz

Take a look at Ben's blog post for additional details. Congratulations to the winners and thanks to the other participants!

Angelo Dell'Aera
The Honeynet Project

Congratulations to the winners of Forensic Challenge FC10- Attack Visualization !

While the quantity of submissions for FC10 was lower than usual - we had expected this because of the amount of work required to submit plus being over the Christmas break - the quality of the solutions was really inspiring.

Of course the hardest part was deciding the winners, and as expected the traditional scoring method was not ideal for this type of challenge because the challenge was about creating and developing ideas, rather than just answering a number of dry questions. Quite a few people people used the challenge not so much to win a prize, but to have fun, develop an idea they've had, practice on some real datasets, learn, and teach. This was exactly the spirit we'd hoped for, so thanks to everyone for putting in a big effort.

The Winners and their solutions:
Fabian Fischer - solution

Chris Horsley - solution

Fraser Scott - solution

Dan Gleebits - solution

Johnathan Tracz - solution

The standout theme in the submissions for me was the use of interactive and flexible tools to analyse the data. As we move further into the big data world, its going to be imperative to get inside the data interactively to understand it. Some of the solutions focused on developing brand new applications/frameworks to interactively data sets - Check out the submissions from Fabian and Chris as really good examples of this. While Fraser put forward the idea of rendering images in 3D - which is not that far-out an idea actually, why not?!.

We hope that this challenge was enjoyable for those who participated, and for those downloading the submissions for inspiration. These challenges have a long legacy, we see people downloading, attempting and referencing these challenges and the solutions for education purposes years afterwards, so they are an important program at the Honeynet Project.

It would be great to see solutions to future forensic challenges use visualization, not only to analyse and detect trends, but also to describe the problem space to the layperson. With that said - the next Forensic challenge, FC11 should be released shortly - so stay tuned.

And lastly, if anyone wants to develop their ideas further, a good way (i.e. get paid if you are accepted!) is to get involved in our upcoming Google Summer of Code program GSOC12

Identifying unknown files by using fuzzy hashing

Identifying unknown files by using fuzzy hashing

Over the last couple of years I have captured about 2 gigabytes of malware using the Dionaea honeypot. Analysing and identifying those files can mostly be done by sites as Virustotal, Anubis or CWsandbox. By modifying the ihandler section in the dionaea.conf this can be done fully automated.
Every now and then even these excellent analysis sites come up with nothing. No result or whatsoever. This could be because its a brand new sample of malware which simply isn't recognised yet or it is a morphed sample of a known and existing one.

Malwr.com: powered by Cuckoo

We are proud and happy to announce that a new free malware analysis online service is born.

Malwr.com is based on Cuckoo Sandbox, a project mentored by the Honeynet Project, sponsored by GSoC and developped by Claudio "nex" Guarnieri (@botherder), Dario Fernandes and Alessandro "jekil" Tanasi (@jekil). Malwr.com hosting is provided by ShadowServer.

If you want to test Cuckoo's flavor before installing it or if you're too lazy to deploy your own sandbox, just go there ! :-)

http://malwr.com/
http://cuckoobox.org/

2012 Honeynet Project Security Workshop @ Facebook, Inc. - SF Bay Area, CA, USA - March 19th/20th 2012


The Honeynet Project will hold its 2nd public security workshop at Facebook, Inc. in the San Francisco Bay Area. The workshop is going to be a two day event filled with technical presentations and hands-on tutorial training. On day 1 of the workshop, Honeynet Project members and Facebook will present on a wide range of information security topics: from honeypots and social networks to cybercrime and mobile malware. Day 2 will be a day of hands-on tutorial training. Our members will teach a total of 8 courses in forensics, honeypots, and visualization. For those who want to further hone their skills in a competitive setting, we will also host a capture-the-flag event on day 2.

Event details and registration information can be found at https://honeynet.org/SecurityWorkshops/2012_SF_Bay_Area. We hope to see you there!

Share:

Cuckoo 0.3.1 released

Cuckoo Sandbox 0.3.1 has been released.

The most interesting improvements include:

  • Extensive book guiding from setup to customization.
  • Improved analysis results processing engine.
  • Modular reporting engine with default HTML, TXT and JSON reports being generated.
  • Minimal web server/interface that allows you to browse, search and view HTML reports.
  • Introduction of support to URL submission.
  • UDP connections extraction.
  • A cool new logo. :-)
  • A lot of other things you can find listed in the CHANGELOG file.

Forensic Challenge 10 - "Attack Visualization" - Deadline Extended

Taking a look at the first submissions, it seems like more time is needed in order to solve the Forensic Challenge 10 - "Attack Visualization". For this reason we decided to extend the submission deadline to 2012, January 22th.

Have fun!

Angelo Dell'Aera
The Honeynet Project

HoneySpider Network Capture-HPC NG is out!

Client honeypots are tools that actively search servers for malicious data like malware, exploits, malicious PDF files, etc.

The Polish Chapter just released a new version of Capture-HPC originally developed by Christian Seifert and Ramon Steenson of the New Zealand Chapter. Capture-HPC focuses primarily on attacks against, or involving the use of, Web browsers.

It is available for download as binary Debian package on Polish Chapter webpage:
http://pl.honeynet.org

Source code is made available via github:

Syndicate content