spacer TO LEARN THE TOOLS, TACTICS, AND MOTIVES OF THE email the Honeynet Project
Home
About the Project
Challenges
Presentations
Whitepapers
Tools
Our Book
Funding/Donations
Status Reports
Mirrors

spacer

RSS RSS Feed

spacer  
spacer

08 September, 2008

  • Updated Tool Release: The Honeynet Project and School of Mathematics, Statistics and Computer Science at Victoria University of Wellington are excited to announce the release of Capture-HPC v2.5.1. Capture-HPC is an innovative security product that is able to find and investigate the increasing problem of client-side computer attacks. This new software release aims at further improving the speed and scalability of the software allowing for large scale deployments of client honeypots. It is written and distributed under the GNU General Public License, v2. Capture-HPC is a computer security product that allows anyone to: investigate client-side computer attacks; security researchers to find and study malicious servers; virus and malware researchers to collect malware pushed by malicious servers; network administrators to monitor their systems for client-side attacks; and web site operators to monitor their web sites for unauthorized modifications with client- side attack code.

06 June, 2008

27 May, 2008

  • New Tool Release: Nebula is a data analysis tool that automatically generates intrusion signatures from attack traces. It runs as a daemon that processes data submitted from honeypots. New signatures are published as snort rules and can be used to defend a network from future intrusion attempts. Nebula is developed by the Giraffe Chapter.

27 March, 2008

  • Updated Tool Release: The Honeynet Project and School of Mathematics, Statistics and Computer Science at Victoria University of Wellington are excited to announce the release of Capture-HPC v2.1. Capture-HPC is an innovative security product that is able to find and investigate the increasing problem of client-side computer attacks. This new software release increases the features and speeds performance allowing anyone to investigate a larger range and quantity of client-side computer attacks. It is written and distributed under the GNU General Public License, v2.

27 February, 2008

23 February, 2008

  • New Tool: We are excited to announce the release of the new tool Tracker developed by the Honeynet Project Australian Chapter. Tracker facilitates the identification of abnormal DNS activity. It will find domains that are resolving to a large number of IP's in a short period of time then continue to track those hostname->IP mappings untill either the hostname nolonger responds or the user decides to stop tracking that hostname. Really efficient at finding fast-flux domains and other dodgy A-Record rotations.

10 February, 2008

07 February, 2008

29 January, 2008

  • New KYE Paper: We are excited to announce the release of our latest KYE paper, KYE Lite: Proxy Threats - Socks v666. This paper is our first ever "KYE Lite" paper. These are shorter papers that focus on very specific topics. In this paper we discuss: the basic operational concept of how reverse tunnel proxies work, a new customized control protocol in use, the advantages to the criminal community, a detailed example and it's similarities to legacy SOCKS protocols, and how this activity can be further identified including mitigation strategies.

22 January, 2008

  • New Chapter: We are thrilled to announce a new Chapter on the team, the Malaysian Chapter. Led by Meling Mudin, we are excited to have him and his members on board.

17 January, 2008

  • Conference Presentation: Dooh! A bit late, but team member David Watson presented on Global Distributed Honeynets (GDH) at PacSec, 2007. Check out what Dave has planned for the near future.

13 January, 2008

  • New Paper: The Spanish Honeynet Project has released their own paper titled HoneySpot: The Wireless Honeypot". This paper covers monitoring the attacker's activities in wireless networks and focuses on design and architectural overview. Also released in Spanish. Gracias!

07 January, 2008

  • New Honeywall Released: We are excited to announce the release of version 1.3 of the Honeywall CDROM. This version includes numerous fixes, is based on CentOS 5.0, and has been moved to our new SVN/TRAC server. Check it out! Don't forget you can also find Honeysnap on the new TRAC/SVN server.