AfterGlow cloud has evolved further into another release; with many improvements added to the initial version. With GSoC 2012 approaching an end, we’ve covered all the additional features we planned for in the second phase of development, post mid-term. Building up on the initial version, this post will run you through the general features and additional improvements covered.

A live demo of this release can be found here: http://andromeda.ayrus.net:8080/

Data sources: In addition to the initial method of uploading AfterGlow compatible CSV file, the application now supports two new methods of visualizing your data. You can now upload your logs straight from the source and have it parsed (to a CSV file) and then, rendered on the fly. Additionally, AfterGlow Cloud is now integrated with Loggly.com’s API. Loggly is a service which is used collect log data for monitoring and analyzing the data. With an account at Loggly, you can now search and import your logs straight from Loggly and have it visualized. Your authorization to the application to access your account at Loggly remains on our end for about a hundred days, beyond which you’ll have to re-authenticate the application again. You can however revoke access to the application anytime. Both of these new additions, require you to specify a parsing scheme which is covered below.

As the GSOC approaches the end. I would like to publish a beta version of my project for Network Malware Simulation.

The name for the new open source software is Imalse, which is the acronym of Integrated MALware Simulator & Emulator

The website for the project is http://people.bu.edu/wangjing/open-source/imalse/html/index.html, in which you can get detailed description, instructions for installation and demos.

I recorded two videos which are available at http://www.youtube.com/watch?v=CZ91McFlIvo&feature=relmfu and http://www.youtube.com/watch?v=PSXyEXFRSYs

The ultimate goal of Imalse is “Write once, Run Everywhere”. You can just write one copy of code for Malware Simulation(Now I focus on botnet based malware) and it can run at different levels of abstraction, from complete simulation to real testbed.

Hi everyone, I am announcing an initial release of the Ovizart, Network Analyzer Project. Ovizart (OV - Open VİZual Analsis foR network Traffic ) is a web based application that will let users upload captured traffic in a PCAP format, analyze the traffic, and present the traffic in an intuitive manner. The current development branch is located on Github: https://github.com/oguzy/ovizart.

In this initial release, I am rolling out the basic GUI that people can start using, and then within the next week, I will enable the upload of PCAPs for analysis and visualization.

Quechua beta version

Hello World!

All GSoC 2012 students, including those working for HoneyNet, started their projects a long time ago. Since “Midterm evaluation” has passed too, I would like to share some experience and code with you. Please keep in mind this is still a beta version and some things may change during the second part of coding period, however comments and tips will be helpful, as always :-)

At the middle of GSoC 2012, we are happy and proud to release a beta version of HoneyProxy, a lightweight tool that allows live HTTP and HTTPS traffic inspection and analysis.

Unlike other network tools like WireShark that display flow packet by packet, HoneyProxy only displays application layer data. Web objects then can be viewed through a browser.

HoneyProxy can be installed on a gateway or a bridge between analyzed computers and external networks like Internet, or on a Host to analyze HTTP/S connections from/to a Virtual Machine. It is intended to be used for malware analysis or network forensics/investigation.

With the marking of the mid-term milestone in GSoC 2012, we’re happy to announce a first version release of AfterGlow Cloud. After a lot of discussions and review the project seems to be in a good position for an initial release. The project in essential is based on AfterGlow [1], a security visualization tool which facilitates generating visual graphs from data you upload. The tool described at [1] is originally command-line based, the aim of this project, in general is to bring this tool and its options to the cloud – so as to provide a neat interface for on-the-fly visualizations.

Although it is still time for the official coding period start at GSoC 2012, i started to make my commits for the Network Analyzer project . The output of the project will be a web based traffic analyzer. It is aimed to let people upload their files from web interface and see the results. Instead of the detail header information, network analyzer will be focusing on applicaiton level data for display. One will be able to find answer to questions like what is the response HTML, is there any malicous javascript files at the header of the HTML file, is there any binary attachment at the sent mail, is it malicious, etc. The project is aimed to display these results by using visualization. The visualization details can be found at the project site:

We where glad to announce yet another tool during our annual workshop in San Francisco. Glaspot is the third version of the web application honeypot Glastopf and it come with some very powerful new features:

• A build-in PHP sandbox for code injection emulation, allowing us to bring vulnerability emulation to a new level
• Hooked up to the HPFeeds generic data feed system for centralized data collection and tight integration into our sandbox and web server botnet monitoring system
• Modular implementation: Turn your web application into a honeypot with a few easy steps
• Runs in his own lightweight Python server or as a WSGI module in common web server environments
• Automated attack surface generation and expansion

In the next three months we are working on even more exciting new features and a much stronger integration into our web thread analysis platform.
Additionally Phani Vadrevu got accepted as a Google Summer of Code student to help us with additional improvements like request classification based on attacker profiling, hardening the internal sandbox and extending the attack surface. Details can be found in his project description: Glastopf Improvements.

Since my last post about the Google Summer Of Code 2012 Student Applications deadline closing and sharing some initial student applications statistics, all the GSoC 2012 mentoring organisations have been hard at work reviewing and scoring their student applications.

After what seems like a very long few weeks for students, mentors and org-admins alike, the waiting is finally over! If you haven’t already seen it, the GSoC 2012 student selection results were formally announced by Google on Monday April 23rd:

After a slower than usual start, this years Google Summer of Code (GSoC) student applications period closed at 19:00 UTC on Friday April 6th, with a major application rush in the last couple of days which kept us busy right up to the deadline! Many thanks to all the interested students who applied, and our mentors and org admins for taking the time to respond to students on IRC, email and through Melange. Even if you don’t get accepted as student for GSoC 2012 with the Honeynet Project, please do consider trying to work on your chosen project and becoming part of our community anyway, as we are all volunteers and would be happy to welcome and support you too.