08 September, 2008
- Updated Tool Release:
The Honeynet Project and School of Mathematics, Statistics and
Computer Science at Victoria University of Wellington are excited to announce the release of
Capture-HPC v2.5.1. Capture-HPC is an innovative security product that is able to find and
investigate the increasing problem of client-side computer attacks. This new software release
aims at further improving the speed and scalability of the software allowing for large scale
deployments of client honeypots. It is written and distributed under the
GNU General Public License, v2. Capture-HPC is a computer security product that allows anyone
to: investigate client-side computer attacks; security researchers to find and study malicious
servers; virus and malware researchers to collect malware pushed by malicious servers;
network administrators to monitor their systems for client-side attacks; and web site
operators to monitor their web sites for unauthorized modifications with client- side attack code.
06 June, 2008
27 May, 2008
- New Tool Release:
Nebula is a data analysis tool that automatically generates intrusion signatures from attack traces. It runs as a daemon that processes data submitted from honeypots. New signatures are published as snort rules and can be used to defend a network from future intrusion attempts. Nebula is developed by the Giraffe Chapter.
27 March, 2008
- Updated Tool Release:
The Honeynet Project and
Mathematics, Statistics and Computer Science at Victoria University of
Wellington are excited to announce the
Capture-HPC v2.1. Capture-HPC is an innovative security
product that is able to find and investigate the increasing problem of
client-side computer attacks. This new software release increases the
features and speeds performance allowing anyone to investigate a larger
range and quantity of client-side computer attacks.
It is written and distributed under the GNU General Public License, v2.
27 February, 2008
23 February, 2008
- New Tool: We are excited to announce the release of the new
tool Tracker developed by
the Honeynet Project Australian Chapter.
Tracker facilitates the identification of abnormal DNS
activity. It will find domains that are resolving to a large number of
IP's in a short period of time then continue to track those hostname->IP
mappings untill either the hostname nolonger responds or the user decides
to stop tracking that hostname. Really efficient at finding fast-flux domains
and other dodgy A-Record rotations.
10 February, 2008
07 February, 2008
29 January, 2008
- New KYE Paper: We are excited to announce the release
of our latest KYE paper, KYE Lite: Proxy Threats - Socks v666.
This paper is our first ever "KYE Lite" paper. These are shorter papers that focus on very
specific topics. In this paper we discuss: the basic operational concept of how
reverse tunnel proxies work, a new customized control protocol in use, the advantages to the criminal
community, a detailed example and it's similarities to legacy SOCKS protocols, and how this
activity can be further identified including mitigation strategies.
22 January, 2008
- New Chapter: We are thrilled to announce a new
Chapter on the team, the
Malaysian Chapter. Led by Meling Mudin, we are excited to have
him and his members on board.
17 January, 2008
- Conference Presentation:
Dooh! A bit late, but team member David Watson presented on
Honeynets (GDH) at PacSec, 2007. Check out what Dave has planned for
the near future.
13 January, 2008
- New Paper:
The Spanish Honeynet Project has released their own paper
The Wireless Honeypot". This paper covers monitoring the attacker's
activities in wireless networks and focuses on design and architectural
overview. Also released
in Spanish. Gracias!
07 January, 2008
- New Honeywall Released:
We are excited to announce the release of version 1.3 of the Honeywall CDROM.
This version includes numerous fixes, is based on CentOS 5.0, and has been moved to
our new SVN/TRAC server. Check it out!
Don't forget you can also find Honeysnap on
the new TRAC/SVN server.