If you have been following our blog you’ll know that the Honeynet Project was very happy to have been accepted as a mentoring organization for Google Summer of Code (GSoC) 2012.

If you are a student interested in applying to the Honeynet Project, the student application deadline is 19:00 UTC on Friday April 6th. So with 3 days to go, you need to be planning on submitting your project application via the Melange system soon. To avoid disappointment, please don’t leave your application until the last minute - you can edit as often as you want before the deadline.

We are proud and happy to announce that Cuckoo Sandbox and AndroGuard were choosen by Rapid7 for his Magnificent7 Program, an initiative created to fuel the success of seven bleeding edge open source projects and backed by a fund of $100,000.

Cuckoo Sandbox and AndroGuard are respectively developped by Claudio Guarnieri and Anthony Desnos and mentored during previous GSoC.

Congratulations to Claudio and Anthony !

Rapid7 Sponsors Androguard and Cuckoo Sandbox in the First Round of the Magnificent7 Program
Cuckoo Sandbox
AndroGuard

We have just been notified by Google that the Honeynet Project has - once again - been accepted as one of the mentoring organization for Google Summer of Code 2012 (in total 180 organizations were selected). We are very excited and are looking forward to a great summer! Already a big thank you to Google for their continued support!

While student applications are not officially open yet, interested students are encouraged to check out our ideas page and get in contact with us via [email protected] and/or IRC (#gsoc2012-honeynet on irc.freenode.net) in the next few ideas to meet the mentors and discuss project ideas. Student applications officially open on March 26th 2012 and close on April 6th 2012.

We are proud and happy to announce that a new free malware analysis online service is born.

Malwr.com is based on Cuckoo Sandbox, a project mentored by the Honeynet Project, sponsored by GSoC and developped by Claudio “nex” Guarnieri (@botherder), Dario Fernandes and Alessandro “jekil” Tanasi (@jekil). Malwr.com hosting is provided by ShadowServer.

If you want to test Cuckoo’s flavor before installing it or if you’re too lazy to deploy your own sandbox, just go there ! :-)

GSoC 2011 #8 project’s goal was to add forensics features to the popular Wireshark network analyzer.

Overview

Wireshark is an open source network analyzer widely used for network debugging as well as security analysis. Wireshark provides network analyzer with graphical interface as well as command line tools. Wireshark also provides network protocol decoders and support filters that allow to search through packets with keywords.

GSoC plugins extend Wireshark capabilities when Wireshark is used to analyze network traffic with security and forensic in mind.

In 2011, the Honeynet Project had once again the opportunity to participate in the Google Summer of Code program. In the last few weeks, we wrapped up all projects, beta tested the code, wrote documentation, and prepared releases.

To quickly recap: GSoc (Google Summer of Code) is an annual summer program sponsored by Google, in which Google pairs up students with organizations committed to open-source. Google supports each project with 5000USD of which the students receive the lion’s share. The Honeynet Project has participated in GSoc since 2009. Visit https://honeynet.org/gsoc2009 and https://honeynet.org/gsoc2010 to get an idea on what we have accomplished through this program in the last couple of years.

The Honeynet Project had mentored 12 projects this year for the Google Summer
of Code (GSoC). The 11th project was to extend the SIP module for
Dionaea to handle SIP udp, tcp and even tls. With the TLS part, the
Dionaea can even emulate a Microsoft Lync server. The TLS part was not
part of the original scope, but the hard work made that possible as
well!

[Dionaea] intention is to trap malware
exploiting vulnerabilities exposed by services offered to a network,
the ultimate goal is gaining a copy of the malware. With the SIP
module, you can answer the SIP attacks, record the information. It is
also possible to make “real” users, so the attacker will get different
answers depending on which accounts he tries to hack. If you would
fake a Microsoft Lync installation, you could add some of the real
user names from your server and see if somebody is doing a targeted
attack towards you. (but of course, don’t use the same passwords…. )

The Beta version of HoneySink is out!

What is HoneySink?

HoneySink is an open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network.

Able to be deployed both internally and externally it is designed to log and respond to incoming requests for a number of network protocols.

With configuration and scalability in mind, HoneySink was designed from the ground up with a non-blocking architecture to handle extremely large amounts of traffic while being able to perform customised interactions and logging.

We’ve set up a demonstration site for HoneyViz (Project #3) at

http://50.16.162.188:6174/

HoneyViz is an interactive java applet which visualizes sensor data (similar to Project #4). The goal of this project has been to allow the end user to select a set of data that is of interest and generate a variety of useful visualizations based off of this selection in realtime.

The site offers some user-level documentation to explain how the tool works and provides suggestions for a few interesting visualizations we have found. Although, the best way to become familiar with the tool is simply to play with it – select different sets of events, make menu or color changes, select regions on the map, etc.

As the deadline of GSOC has passed, I would like to announce the APKinspector Beta1.0. APKinspector is a tool to help Android application analysts and reverse engineers to analyze the compiled Android packages and their corresponding codes. You can review the Alpha version report and the page of this project to know more about it.

Click the picture below to watch a full demonstration video of APKInspector:

Chinese viewers may view the demo at: http://v.youku.com/v_show/id_XMjk3ODAwMzU2.html