Archive for the ‘Tool Releases’ Category

Honeysnap POC released

Sunday, May 1st, 2005

Proof of concept alpha release of Honeysnap made available. Honeysnap is a small utility to parse daily pcap logs from honeynets and produce summary reports to aid in incident analysis.

[Now obselete, see Honeysnap for the current version.]

MWcollect released

Wednesday, April 20th, 2005

mwcollect (malware collect) tool released by the German Honeynet Project. This is an new tool designed for the automated collection of malware, as documented in “KYE: Tracking Botnets” and several more papers. One of the first next generation client honeypots, it is designed to capture Windows worms and bot attacks without having to run a Microsoft OS.

Distributed Open Proxy Honeypot Project

Friday, April 8th, 2005

Distributed Open Proxy Honeypot Project: “The WASC solution is to use one of the web attacker’s most trusted tools against him – the Open Proxy server. Instead of being the target of the attacks, we opt to be used as a conduit of the attack data in order to gather our intelligence. By deploying multiple, specially configured open proxy server (or proxypot), we aim to take a birds-eye look at the types of malicious traffic that traverse these systems. The honeypot systems will conduct real-time analysis on the HTTP traffic to categorize the requests into threat classifications outlined by the Web Security Threat Classification and report all logging data to a centralized location.”

Adjust.pl Sebek utility released

Friday, March 25th, 2005

Adjust.pl utility released, to synchronise Sebek logs for clients with out of step local clocks. Potentially useful if you are trying to match IDS and pcap files to attacker keystrokes.

Google Hack Honeypot launched

Wednesday, February 16th, 2005

Ever used google and come across links to insecure computer system management interfaces? The Google Hack Honeypot is designed to provide reconaissance against attackers that use search engines as a hacking tool against your resources. GHH is powered by the Google search engine index and the Google Hacking Database (GHDB) and is an interesting spin on traditional honeypot technology.