Out Of The Box » Thug http://buffer.antifork.org/blog Thu, 10 Jul 2014 09:08:13 +0000 en-US hourly 1 http://wordpress.org/?v=4.0.13 Thug 0.5 and KYT paper http://buffer.antifork.org/blog/2014/07/10/thug-0-5-and-kyt-paper/ http://buffer.antifork.org/blog/2014/07/10/thug-0-5-and-kyt-paper/#comments Thu, 10 Jul 2014 09:07:33 +0000 http://buffer.antifork.org/blog/?p=472 Thug 0.4.0 was released on June, 8th 2012 and a huge number of really important features were added since then. During the last two years I had a lot of fun thinking and designing the future of the project and I’m really proud of what Thug is now. I have to thank a lot of persons who contributed with their suggestions, ideas, bug reports and sometimes patches. You know who you are. Really thanks!

But I have decided that it’s time to start a new branch. Thug 0.5.0 will be hopefully released before the end of July and the branch 0.5 will be more focused on performance, scalability and efficiency optimizations.

Moreover I decided to start writing a Know Your Tools (KYT) paper about Thug. Please take a look at the KYE/KYT papers published by the Honeynet Project at https://www.honeynet.org/papers). But we were thinking about using a different approach this time. Historically there exists an Honeynet Project KYE/KYT committee which takes care of the quality of the paper through a strong review process. And this is good obviously. But the paper is not public until it is published. Obviously.

But if I take a look at Thug I realize there are a lot of persons out there which are using it daily sometimes in unexpected ways. And their feedback could be useful as well. So the idea is starting writing the paper and update it in the same GitHub tree (https://github.com/buffer/thug). This could allow everyone to easily contribute to the paper through GitHub pull requests. The KYE/KYT committee will still guarantee the high quality of the paper through its review job but this is the first experiment of a collaborative paper. So if you are a Thug user and want to share some of your experiences, tips and tricks you are welcome to contribute!

]]>
http://buffer.antifork.org/blog/2014/07/10/thug-0-5-and-kyt-paper/feed/ 0
Low-interaction honeyclient Thug released! http://buffer.antifork.org/blog/2012/04/06/low-interaction-honeyclient-thug-released/ http://buffer.antifork.org/blog/2012/04/06/low-interaction-honeyclient-thug-released/#comments Fri, 06 Apr 2012 10:14:42 +0000 http://buffer.antifork.org/blog/?p=419 I’m glad to announce I publicly released a brand new low-interaction honeyclient I’m working on from a few months now. The project name is Thug and it was publicly presented during the Honeynet Project Security Workshop in Facebook HQ in Menlo Park. Please take a look at the presentation for details about Thug.

Just a few highlights about Thug:

  • DOM (almost) compliant with W3C DOM Core and HTML specifications (Level 1, 2 and partially 3) and partially compliant with W3C DOM Events and Style specifications
  • Google V8 Javascript engine wrapped through PyV8
  • Vulnerability modules (ActiveX controls, core browser functionalities, browser plugins)
  • Currently 6 IE personalities supported
  • Hybrid static/dynamic analysis
  • MITRE MAEC native logging format
  • HPFeeds and MongoDB logging

The source code is available here.

Feedback and comments welcome.

Have fun!

]]>
http://buffer.antifork.org/blog/2012/04/06/low-interaction-honeyclient-thug-released/feed/ 0