Interesting new tools
There has been a number of releases of new and interesting tools by members of the Honeynet Project’s and the Research Alliance over the past few weeks. In particular, the following are definitely worthy of further investigation:
HoneyC is a low interaction client honeypot / honeyclient designed emulate web clients and identify malicious servers on the web. HoneyC is developed and maintained by Christian Seifert of the NZ Chapter.
Capture-HPC is a high interaction client honeypot. A client honeypot is a security technology that allows one to find malicious servers on a network. Capture identifies malicious servers by interacting with potentially malicious servers using a dedicated virtual machine and observing its system state changes. Capture-HPC is developed and maintained by Christian Seifert of the NZ Chapter.
CaptureBAT is a behavioral analysis tool of applications for the Win32 operating system family. Capture BAT is able to monitor the state of a system during the execution of applications and processing of documents, which provides an analyst with insights on how the software operates even if no source code is available. Capture BAT monitors state changes on a low kernel level and can easily be used across various Win32 operating system versions and configurations. CaptureBAT is developed and maintained by Christian Seifert of the NZ Chapter.
Pehunter is a snort dynamic preprocessor that grabs Windows executables off the network and is it designed to sit in-line in front of high-interactive honeypots. Developed and maintained by Tillmann Werner of the German Honeynet Project.
The High Interaction Honeypot Analysis Toolkit (HIHAT) attempts to transform arbitrary PHP applications into web-based high-interaction honeypots. A typical use would be the transformation of PHPNuke, PHPMyAdmin or OSCommerce into a full functional honeypot, and HIHAT provides a graphical user interface to supports the process of monitoring the honeypot, analyzing the acquired data and generating statistics. Developed and maintained by Michael Mueter of the German Honeynet Project.