Proof of concept alpha release of Honeysnap made available. Honeysnap is a small utility to parse daily pcap logs from honeynets and produce summary reports to aid in incident analysis.
[Now obselete, see Honeysnap for the current version.]
mwcollect (malware collect) tool released by the German Honeynet Project. This is an new tool designed for the automated collection of malware, as documented in “KYE: Tracking Botnets” and several more papers. One of the first next generation client honeypots, it is designed to capture Windows worms and bot attacks without having to run a Microsoft OS.
Distributed Open Proxy Honeypot Project: “The WASC solution is to use one of the web attacker’s most trusted tools against him – the Open Proxy server. Instead of being the target of the attacks, we opt to be used as a conduit of the attack data in order to gather our intelligence. By deploying multiple, specially configured open proxy server (or proxypot), we aim to take a birds-eye look at the types of malicious traffic that traverse these systems. The honeypot systems will conduct real-time analysis on the HTTP traffic to categorize the requests into threat classifications outlined by the Web Security Threat Classification and report all logging data to a centralized location.”
Adjust.pl utility released, to synchronise Sebek logs for clients with out of step local clocks. Potentially useful if you are trying to match IDS and pcap files to attacker keystrokes.
Ever used google and come across links to insecure computer system management interfaces? The Google Hack Honeypot is designed to provide reconaissance against attackers that use search engines as a hacking tool against your resources. GHH is powered by the Google search engine index and the Google Hacking Database (GHDB) and is an interesting spin on traditional honeypot technology.