What's new on PHoneyC (4): Try it out!

10 Aug 2009 Zhijie Chen gsoc libemu phoneyc shellcode spidermonkey

Hi all:

       I have finished almost all the coding stuff of Project #1, now you can try out the new PHoneyC with shellcode/heapspray detection here:

http://code.google.com/p/phoneyc/source/browse/phoneyc#phoneyc/branches/phoneyc-honeyjs

        Please feel free to report any bug or suggestion on shellcode/heapspray detection to me.

        As Geng and his partner is still working on the DOM simulation of PHoneyC (Project #2), I will do more test and write an overall introduction to the ideas and structure of the new PHoneyC after merging in his final commit.

What's new on phoneyc (3)--- Mid-term Evaluation

05 Jul 2009 Zhijie Chen gsoc libemu phoneyc shellcode spidermonkey

Mid-term Report on PHoneyC GSoC project 1

Info See https://www.honeynet.org/gsoc/project1 for project details.
Author Zhijie Chen (Joyan) [email protected]
Mentor Jose Nazario
Description Mid-term Report on PHoneyC GSoC project 1. This report describes what I have done on the PHoneyC’s libemu integration for shellcode and heapspray detection during the first half of the GSoC. Till now, the main ideas on this feature have been fast-implemented (actually I mean poor coding style) and the whole flow works well, with some code rewriting and performance optimization needed in the future.

Introduction

PHoneyC is a low-interaction honeyclient written by Jose Nazario. The
shellcode (SC for short) and heapspray (HS for short) detection module
for PHoneyC is listed on the GSoC this year and I feel lucky to be
chosen to implement it. This report is the main idea about how to
detect SC/HS in PHoneyC and how to build and run this version of
PHoneyC. Note that this module (I call it honeyjs) is far from
complete currently and this report is only for midterm evaluation. So
it is possible that the way to build and run it won’t work in the
future.

What's new in phoneyc (2)--- Shellcode and Heapspray Dectection

01 Jun 2009 Zhijie Chen gsoc phoneyc shellcode spidermonkey

Hi folks:

      I have done some basic shellcode and heapspray detection codes in the phoneyc’s ‘honeyjs’ javascript engine (based on python-spidermonkey, with extra tracing and auditing works). And also I have made a presentation on the local honeynet chinese chapter last weeked. Details about my current approaches can be found on this slide: http://is.gd/J9QP

Z. Chen (Joyan)

PS: This post is also available on my personal blog: http://joyan.appspot.com/2009/06/1/whats_new_phoneyc_2_shellcode_detection.html

What's new in phoneyc's shellcode detection (1)--- Tracing spidermonkey

25 May 2009 Zhijie Chen gsoc phoneyc shellcode spidermonkey

1. Overview

As I wrote in my project outline (https://www.honeynet.org/gsoc/project1) . I should have done some basic  enhancement and experiments on python-spidermonkey for a more fine-granted tracing on spidermonkey. So till now what I have done on it includes:                                                                              

a. Implemented the get_globj method in the Context class, which enables one to ‘pull’ all the properties of the global object inside spidermonkey ( namely the global variables, because all the global variables are properties of the global object ) into python context.