To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.

Blogs

Google Summer of Code 2011 - Org Applications Open

Has it really been another year already? Having really enjoyed our experience as a successful mentoring organization in Google Summer of Code 2009 and Google Summer of Code 2010, The Honeynet Project is very pleased to announce that we will once again be applying to be accepted this year as a potential mentoring organization for Google Summer of Code 2011 (note the changed URL for GSoC 2011).

New Honeynet Project Challenge (#7): Forensic Analysis of a Compromised Server

The plot? As usual:

A Linux server was possibly compromised and a forensic analysis is required in order to understand what really happened. Hard disk dumps and memory snapshots of the machine are provided in order to solve the challenge.

Are you up to the challenge? All details are here

Here are the questions that need your answers:

What service and what account triggered the alert? (1pt)
What kind of system runs on targeted server? (OS, CPU, etc) (1pt)

Honeynet Project Blog Top Posts in February 2011

The following are the Top 5 popular blog posts from The Honeynet Project blog this month.

The Honeynet Project Releases New Tool: Cuckoo

Here is another tool release from The Honeynet Project: Cuckoo Box by Claudio Guarnieri. Cuckoo is a binary analysis sandbox, designed and developed with the general purpose of automating the analysis of malware. Read more about the tool here, grab the tool here – but please read detailed setup guide here (make sure to read it!). BTW, this tool is really well-documented, so make use of it before deploying it.

The Honeynet Project Releases New Tool: PhoneyC

Here is another new release from the Project: a release of a new tool called PhoneyC, a virtual client honeypot.
PhoneyC is a virtual client honeypot, meaning it is not a real application (that can be compromised by attackers and then monitored for analysis of attacker behavior), but rather an emulated client, implemented in Python. The main thing it does is scour web pages looking for those that attack the browser.

Improve the security of unlocking your smartphone

There is a paper at WOOT 10' described how to use smudges on the touch sceen of a smartphone to get largely decrease the time an attacker need to guess the right password to unlock the screen. For example, by for 4 passcode based iPhone, one just need to try at most P(4,4) = 4! = 24 times before he get the right one.

First-ever Honeynet Project Public Conference–Paris 2011

It is with great pleasure I announce the first-ever Honeynet Project Public Conference, held alongside with the traditional Honeynet Project Annual Workshop. The event will be held on March 21, 2011 in Paris. For those who just want to register now, go here.

Date:  21 March 2011 (Monday)

8:30AM ~ 18:00PM (GMT+1)

Forensic Challenge 2010/5 - Log Mysteries - What Apache version was used?

Carl Pulley, a loyal follower of our Forensic Challenges, has written up an analysis on how could one determine the Apache version that generated the logs. His analysis can be found at http://acme-labs.org.uk/news/2011/01/20/apache2-version-analysis/ and http://acme-labs.org.uk/news/2011/01/21/apache2-version-analysis-data-visualisation/. Check it out!

New version of honeypot monitoring tool Qebek available

Folks, Chengyu Song has been busy the last few weeks and made some upgrades to the honeypot monitoring tool Qebek. He has ported it from QEMU 0.9.1 to QEMU 0.13.0. As a result, Qebek's performance (boot time) is better and it no longer requires gcc 3.4. You can check it out

svn co https://projects.honeynet.org/svn/sebek/virtualization/qebek/trunk/

If you don't know what Qebek is or how to use it, take a look at our whitepaper at http://honeynet.org/papers/KYT_qebek.

Forensic Challenge 2010/6 - Analyzing Malicious Portable Destructive Files - The winners are ...

Folks, holiday greetings from forensic challenge headquarter in Seattle. Mahmud and Ahmad from the Malaysian Chapter have judged all submissions and results have been posted on the challenge web site. The winners are:

1. Vos from Russia with perfect score!
2. Codrut from Romania
3. Mike from Canada

Congratulations!

We received a total of 21 submissions and they were very competitive. The top three submissions came within a point of a perfect score and Vos from Russia actually received a perfect score. We have posted the top three submissions from Vos, Cordut and Mike on the challenge web site . As I said, these submissions are top notch and I encourage you to read through them.

With the forensic challenge 2010 coming to an end, we will be taking a little break for the holidays, but will be back in full force in early 2011.

Happy Holidays.

Christian Seifert
Chief Communications Officer
The Honeynet Project

Syndicate content