1:00, June 10th, 2005 by david
DFRWS 2005 Forensic “Memory Analysis” Challenge: “Memory analysis is one of the primary themes of the 2005 Digital Forensics Research Workshop (DFRWS). In an effort to motivate discourse, research and tool development in this area, the Organizing Committee has created the intrusion/intellectual property theft scenario detailed at http://www.dfrws.org/2005/challenge/. This memory challenge is open to all, and team efforts are encouraged. An award will be given to the group that extracts the most information from the memory dumps, and the quality of documentation and novelty of techniques will be considered when choosing the winner. Network traffic associated with this intrusion will be made available during the workshop.”
Posted in News | Comments Off on DFRWS 2005 Forensic “Memory Analysis” Challenge announced
1:00, June 3rd, 2005 by david
Honeynet Project Add Individual Whitepapers: the Honeynet Project have added a section to their public web site for non-KYE whitepapers by individual members of the Honeynet Project Research Alliance: http://www.honeynet.org/papers/ This should be a useful resource for researchers and the community. Hopefully external and peer reviewed papers will also be added shortly.
Posted in News | Comments Off on Honeynet Project adds non-KYE papers section to website
1:00, May 26th, 2005 by david
Microsoft Honeymonkeys: Microsoft’s honeymonkeys initiative is in the news and generating a lot of interest: http://www.newscientist.com/channel/info-tech/dn7400 “…out code designed to attack a computer and will sound an alarm if any code is executed in contravention of a machine’s security settings, or if key system-parameters are unexpectedly altered. They use a software forensics package called Strider, previously created by Microsoft researchers to detect such changes.” More details here and should be interesting: http://research.microsoft.com/sm/strider/
http://www.research.microsoft.com/asia/dload_files/group/system/2003/LISA.pdf
Posted in News | Comments Off on Microsoft Honeymonkeys
1:00, May 17th, 2005 by david
New Honeynet Project Know Your Enemy paper, KYE: Phishing, released. This paper is based on combined phishing research by the UK and German Honeynet Projects and details real world phishing incidents, including tools and techniques used, incident timelines and common trends.
Posted in Whitepapers | Comments Off on KYE: Phishing released
1:00, May 1st, 2005 by david
Proof of concept alpha release of Honeysnap made available. Honeysnap is a small utility to parse daily pcap logs from honeynets and produce summary reports to aid in incident analysis.
[Now obselete, see Honeysnap for the current version.]
Posted in Tool Releases, UK Tool Releases | Comments Off on Honeysnap POC released
1:00, April 30th, 2005 by david
Honeynet Research Alliance bi-annual reports published.
Posted in News | Comments Off on Honeynet Research Alliance status reports published
1:00, April 20th, 2005 by david
mwcollect (malware collect) tool released by the German Honeynet Project. This is an new tool designed for the automated collection of malware, as documented in “KYE: Tracking Botnets” and several more papers. One of the first next generation client honeypots, it is designed to capture Windows worms and bot attacks without having to run a Microsoft OS.
Posted in Tool Releases | Comments Off on MWcollect released
1:00, April 13th, 2005 by david
Posted in Incidents | Comments Off on Rootkit websites taken down by DDoS attacks
Welcome to the UK Honeynet Project