The HoneyMap shows a real-time visualization of attacks against the Honeynet Project’s sensors deployed around the world. It leverages the internal data sharing protocol hpfeeds as its data source. Read this post to learn about the technical details and frequently asked questions. Before going into explanations, take a look at the map itself: map.honeynet.org!

We have seen attack visualizations for quite some time in various forms and availabilities. So far, we only had a GTK canvas based solution and a project around Google Earth and WebGL that would show attacks against our honeypot systems. The most awesome related projects are coming from our Australian folks (thanks Ben) - make sure to take a look at their site.

Hi everyone, I am announcing an initial release of the Ovizart, Network Analyzer Project. Ovizart (OV - Open VİZual Analsis foR network Traffic ) is a web based application that will let users upload captured traffic in a PCAP format, analyze the traffic, and present the traffic in an intuitive manner. The current development branch is located on Github: https://github.com/oguzy/ovizart.

In this initial release, I am rolling out the basic GUI that people can start using, and then within the next week, I will enable the upload of PCAPs for analysis and visualization.

While the quantity of submissions for FC10 was lower than usual - we had expected this because of the amount of work required to submit plus being over the Christmas break - the quality of the solutions was really inspiring.

Of course the hardest part was deciding the winners, and as expected the traditional scoring method was not ideal for this type of challenge because the challenge was about creating and developing ideas, rather than just answering a number of dry questions. Quite a few people people used the challenge not so much to win a prize, but to have fun, develop an idea they’ve had, practice on some real datasets, learn, and teach. This was exactly the spirit we’d hoped for, so thanks to everyone for putting in a big effort.

Folks,

I would like to inform you all about our recent activities that we are attempting to achieve.

First of all, we have totally rebuilt our web site. This new ones aim to be a central repository of all the (external/internal) news concerning botnets (mainly) and malwares (secondary).
We will use the blog for posting about our project developments, and for commenting/reporting interesting news concerning the field that we are currently treating, so you can now add a new entry to your feeds reader :)
The repository section aims to maintain a complete library of all the publications redacted (by us or others) until today about botnets. Each one can be tagged and classified for giving an easy way for searching what a researcher needs. If you have a paper/doc about botnets, we will be proud to upload it here!
The Dorothy section is the web GUI of the framework developed by me about irc-botnet tracking through interactive visualization. Maybe you have seen it before (I’ve posted the link in this mailing list some months ago), since that I’ve improved the GUI adding a “malwares” task for each C&C, and providing an afterglow graph for each malware and for each C&C .
We are also maintaining a Wiki, here you can find all information about our tools/activities: you are all invited to contribute on it. The wiki has been recently “plugged” with the GUI giving the possibility to create a new page for each C&C, in this way, every researcher can write about his own investigation about it.

Many people have asked us, how Conficker looks like. That’s a tough question for something that’s hidden and tries to be as stealthy as possible. The last time somebody asked me: “Can you show me Conficker?”, I decided to visualize Conficker. Here is a little video that shows the evil core of Conficker.C.

The video is a 3D animation of the functions inside Conficker.C and their functional relationships. Yellow balls are functions found inside Conficker. Green loops are functions imported from Dlls and red boxes are jump holes into other functions. The video shows the way our tools analyze Conficker and the derivation of dependencies among the control flow graph.

The new release 0.5 of Picviz is out. This version comes with real-time mode enabled (and adds the libevent dependency) among other things, such as new properties and variables.

Get it from the usual place.

What is Picviz?

When considering log files for security, usual applications available today
either look for patterns using signature databases or use a behavioral
approach. In both cases, information can be missed. The problem becomes
bigger with systems receiving a massive amount of logs.