AxMock is released for your review

19 Aug 2011 Youzhi Bao capture-hpc gsoc-gsoc2011
We build up a project in google code, you can browse AxMock by the link http://code.google.com/p/axmock AxMock is a detection tool for malicious webpage attacking ActiveX controls. It runs in Internet Explorer 7 and the formal version. It is tested in Visual Studio 2008 and Python 2.6 with pywin32 package, though I believe that you can also compile it in later version. For more using information, please check out Wiki in my project google code page.

Midterm Report: The sniffer and emulator for COM components

08 Jul 2011 Youzhi Bao capture-hpc gsoc
By now, what I have done for Capture-HPC is: Write a Mock Capture Server. This is to help dubugging and coding the Capture client. According to the message format defined in ealier Capture, the mock server will send an command to client firstly and then keep listening to client’s log. After the server’s working, we can start the Capture Client. The command is same as the earlier beta, although I updated the client code, which changes the way that invoke an IE process.

GSoC2011-THP Project 1 - Improve our high interaction client honeypot Capture-HPC

05 May 2011 Youzhi Bao capture-hpc gsoc
Project Description: Proposed Capture-HPC Description Capture-HPC is a high-interaction client honeypot that is capable of seeking out and identifying client-side attacks. It identifies these attacks by driving a vulnerable client to open a file or interact with a potentially malicious server. As it processes the data, Capture-HPC monitors the system for unauthorized state changes that indicate a successful attack has occurred. It is regularly used in surveys of malicious websites that launch drive-by-download attacks.