A new improvement in PHoneyC DOM emulation code was committed in SVN r1624. The idea is to better emulate the DOM behaviour depending on the selected browser personality. Let’s take a look at the code starting from the personalities definition in config.py. 39 UserAgents = [ 40 (1, 41 "Internet Explorer 6.0 (Windows 2000)", 42 [...]
“Dionaea is meant to be a Nepenthes successor, embedding Python as scripting language, using libemu to detect shellcodes, supporting IPv6 and TLS” (taken from Dionaea homepage). Besides being the most interesting project for trapping malware exploiting vulnerabilities, Dionaea supports a really cool feature which allows it to log to XMPP services as described here. TIP [...]
A few weeks ago I started reviewing the PHoneyC DOM emulation code and realized it was turning to be hard to maintain and debug due to a huge amount of undocumented (and sometimes awful) hacks. For this reason I decided it was time to patch (and sometimes rewrite from scratch) such code. These posts will [...]
Today I was in need for fun and so I started adding a new API call which allows to check if a domain is malicious or not. The check avoids to hit the database at all but just queries the search index. The results I got are quite surprising. Take a look at it considering [...]
It’s really a long time I do not post about TIP. The good news is that TIP is starting growing really fast and this is mainly due to its modular design which allows to plug different kind of tracking modules with minimum effort. In this post I’ll provide a brief overview of the new still [...]
Challenge 4 of the Honeynet Project Forensic Challenge – titled “VoIP” – is now live. This challenge 4 – provided by Ben Reardon from the Australian and Sjur Eivind Usken from Norwegian Chapter – takes you into the realm of voice communications on the Internet. VoIP with SIP is becoming the de-facto standard. As this [...]
Honeynet Project Challenge 2010/3 – “Banking Troubles” has just been posted and is to investigate a memory image of an infected virtual machine. The challenge has been provided by Josh Smith and Matt Cote from The Rochester Institute of Technology Chapter, Angelo Dell’Aera from the Italian Chapter and Nicolas Collery from the Singapore Chapter. Submit [...]
Challenge 2 of the Honeynet Project Forensic Challenge has just been posted. The challenge has been provided by Nicolas Collery from the Singapore Chapter and Guillaume Arcas from the French Chapter and is titled browsers under attack. Submission deadline is March 1st and results will be released on Monday, March 15th 2010. Small prizes will [...]
About two months ago I started contributing PhoneyC, a pure Python honeyclient implementation originally developed by Jose Nazario. The perception is that our development efforts are moving on the right track. The code can be downloaded here. If you’re interested take a look at the different development branches and give us your feedback. Moreover if [...]
After several years without any Honeynet Project Challenges, there will finally be new Forensic Challenges starting next Monday (January 18th, 2010). Here is the official announcement. I am very happy to announce the Honeynet Project Forensic Challenge 2010. The purpose of the Forensic Challenges is to take learning one step farther. Instead of having the [...]
Bad Behavior has blocked 23 access attempts in the last 7 days.