Archive for March, 2008

Capture-HPC version 2.1 released

Thursday, March 27th, 2008

A new release of Capture-HPC has been made available:

“The Honeynet Project (http://www.honeynet.org) and School of Mathematics, Statistics and Computer Science at Victoria University of Wellington (http://www.mcs.vuw.ac.nz/) are excited to announce the release of Capture-HPC v2.1. Capture-HPC is an innovative security product that is able to find and investigate the increasing problem of client-side computer attacks. This new software release increases the features and speeds performance allowing anyone to investigate a larger range and quantity of client-side computer attacks. Capture-HPC is freely available from our web site at: https://projects.honeynet.org/capture-hpc/wiki. It is written and distributed under the GNU General Public License, v2.”

Improvements include better performance, increased data capture and a new client plug-in framework.

The full press release can be found here:

http://www.honeynet.org/press/honeynet-project-press-release-capture-hpc.pdf

New version of Argos honeypot released

Tuesday, March 11th, 2008

The team over at Vrije University in Amsterdam (the location for the upcoming invite-only WOMBAT honeynet data sharing workshop) have released a new version of their Argos honeypot tool:

http://www.few.vu.nl/argos/

This interesting honeypot system uses dynamic taint analysis to track network data and identify unknown malware. So far we’ve only experimented with it, but it looks like a promising project and an ideal companion to Nepenthes based capture of known malware variants.

UKHP attend ISOI4

Tuesday, March 4th, 2008

I was one of the attendees at the fourth ISOI workshop last week, which this time was held in sunny San Jose. Once again, the event had an interesting range of presentations and discussions, mostly focused around what system defenders could do now to make a difference to the continuing tide of cybercrime observed every day. There was also plenty of opportunity to catch up with people in the security community, and put faces to names, so thanks to Gadi and co for the continued invites. I also got a bit of time to hang out with various Honeynet Project people and some of the guys from Shadowserver, and hopefully we’ll see some interesting spin offs in the coming months. Being from the UK, the obligatory Silicon Valley geek tourism was also fun too.