To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.


HpfeedsHoneyGraph - Automated Attack Graph Construction for Hpfeeds Logs

Finally it is good enough to announce my GSoC project - HpfeedsHoneyGraph which is a Splunk APP to display attack graph for hpfeeds logs. It is not a easy project for me to complete in short time. During the last three months, I have to learn several skills for implementation including HPfeeds logs correlation of several hpfeeds channels, Splunk frameworks, Splunk REST API , D3.v2.js graph library and fast-fluxing modules. The most difficult challenge for me is to write javascript code. I SUPER hate javascript. Read more »

Forensic Challenge 12 – “Hiding in Plain Sight“ - Submission deadline passed

the submission deadline for the Forensic Challenge 12 – “Hiding in Plain Sight“ put up by the Alaska Chapter under the leadership of Lucas McDaniel has passed. We have received 4 submissions and will be announcing results on Mon, Oct 15th 2012. The top three submissions will be awarded little prizes.

Angelo Dell'Aera
The Honeynet Project

Project 12 - Improving APKInspektor

The updated version of APKInspector is a powerful static analysis tool for Android Malicious applications. It provide convenient and various features for smartphone security engineers. With the sensitive permission analysis, static instrumentation and easy-to-use graph-code interaction .etc, they can get a thorough and deep understanding of the malicious applications on Android.
The improvement mainly focus on two categories: User Interface and Security Analysis. The goal is to build an easy-to-use tool with strong security analysis features. Read more »

Ghost version 0.2 released

We've just released version 0.2 of the Ghost USB honeypot for Windows XP and Windows 7 with a lot of great new features. You can download the new version from the project page. In this post, I'm going to give an overview of the changes.

Let's start with what you usually do first: install Ghost. Installing the honeypot has been tedious in the past, so we've built an installer that handles most of the work for you. Just run it and enjoy. Read more »

Project 6 - IPv6 attack detector Report

1 Introduction

As the end of GSoC 2012 will come in the next few days, i am proud to announce IPv6-guard. IPv6-guard is an IPv6 attack detector tool including some defense mechanisms to protect against most of recent attacks on ipv6 protocol suite.

2 IPv6-Guard

2.1 How it works Read more »

6Guard: a honeypot-based IPv6 attack detector

6Guard is a honeypot-based IPv6 attack detector aiming at detecting the link-local level attacks, especially when the port-mirror feature of switch is unavailable. Read more »

AREsoft-updater Released

AREsoft-updater is a simple updater script for Android Reverse Engineering Software belongs to Android Reverse Engineering (A.R.E.) Virtual Machine from the Honeynet Project

AREsoft-updater will check for the latest available version of each individual project/tool listed above and compare it with the local (installed) version in A.R.E. If newer version is available, AREsoft-updater will automatically download and install the update for your A.R.E Read more »

Beta Release of DroidBox for Android 2.3 and APIMonitor

I'm announcing the new features of Android dynamic analysis tool DroidBox as GSoC 2012 approaches the end. In this release, I would like to introduce two parts of my work: DroidBox porting and APIMonitor. Read more »

AfterGlow Cloud: Second release

AfterGlow cloud has evolved further into another release; with many improvements added to the initial version. With GSoC 2012 approaching an end, we've covered all the additional features we planned for in the second phase of development, post mid-term. Building up on the initial version, this post will run you through the general features and additional improvements covered.

A live demo of this release can be found here: Read more »

Introducing Acapulco: Building Clustered Parallel Coordinates Graphs from HPFeeds data

…and the summer is over. During the last three months I have tried to make sense of the highly unstructured data set that comes from merging the data streams of several hpfeeds channels. I have had to learn the inner workings of Splunk, their SDKs, the D3.js graphic library and explore different machine learning frameworks and clustering algorithms. Read more »

Syndicate content