To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.


New blog space at HP

Just received account details from the HP. New blog space for me to post some stuff. ;-)

No more emulation!

Emulation is an important technology in honeypots and honeynets. It's not always what we want, though, and here's why. As you might know, most bots perform attacks in multiple stages, i.e., they

  • send some exploit code to the victim that opens a shell,
  • connect to that shell or let the shell connect back,
  • invoke commands to download the actual malware binary,
  • execute the malware.

Catching the exploit and providing a fake shell isn't too hard, as shown in this post. But we certainly don't want a malware to get executed on our honeypot, not even in an emulated environment. Instead, we want to do different things with it, e.g., submit it to a central service for automated analysis. Read more »

Our New Website

Greetings! First I want to start off by thanking Steve Mumford, Christine Kilger, Jamie Riden, David Watson and Markus Koetter, they are the people that made our new website possible. Second, I wanted to share with you how excited I am about this. One of the challenges we have had for years is coordinating all the different research projects are members are doing. This site will allow each person to share as much as they want, however they want. Expect things like individual blogs, special interest groups and other research areas. Read more »

Content formatting for beginners

  • Allowed HTML tags:
    <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Embedding preformatted code, such as sourcecode:
    <code lang=text|php|c|cpp|java|mysql|...> <//code>

    if no lang is provided, rendering uses lang=text.
    If lang is given, the code will be highlighted.


    int main(int argc, const char *argv[])
         return foo(argc-1,argv+1);

  • Embedding Images:
Syndicate content