The New Zealand HoneyNet Project
honey project
creative commons
RSS Feed 2.0

NZ-Honeynet Project News

Capture-HPC v2.1 enables investigation of client-side computer attacks - 03-26-2008 12:19

Wellington, New Zealand
Wednesday, March 26, 2008

The Honeynet Project (http://www.honeynet.org) and School of Mathematics, Statistics and Computer Science at Victoria University of Wellington (http://www.mcs.vuw.ac.nz/) are excited to announce the release of Capture-HPC v2.1. Capture-HPC is an innovative security product that is able to find and investigate the increasing problem of client-side computer attacks. This new software release increases the features and speeds performance allowing anyone to investigate a larger range and quantity of client-side computer attacks. Capture-HPC is freely available from our web site at: https://projects.honeynet.org/capture-hpc/wiki. It is written and distributed under the GNU General Public License, v2.

Capture-HPC is a computer security product that allows anyone to: investigate client-side computer attacks; security researchers to find and study malicious servers; virus and malware researchers to collect malware pushed by malicious servers; network administrators to monitor their systems for client-side attacks; and web site operators to monitor their web sites for unauthorized modifications with client-side attack code.

With version 2.1, several new features were introduced:
* 500% increase in performance over the previous version. This enables security researchers with little resources to investigate client-side attacks in an automated fashion.
* Increase in data being collected by the Capture-HPC system. Besides malware and unauthorized state changes, Capture-HPC now collects network traffic for all client/server interactions. In addition, Capture-HPC now reports statistics about the performance of the system allowing operators to monitor and tune the Capture-HPC system during operation.
* Introduction of a client plug-in framework. This framework allows third-party developers to include client applications that are currently not supported by Capture-HPC. A Safari browser plug-in that makes use of this feature is provided with the 2.1 version of Capture-HPC adding support for this browser and demonstrating the capabilities of this framework. In addition, a wide range of browsers, office applications, and media players are supported by Capture-HPC.

Capture-HPC is freely available from our web site https://projects.honeynet.org/capture-hpc/wiki. It is written and distributed under the GNU General Public License, v2. A public mailing list is available at https://public.honeynet.org/mailman/listinfo/capture-hpcproviding support and a forum to exchange configuration files, plug-ins, results, etc.

About The Honeynet Project
Founded in 1999, The Honeynet Project (http://www.honeynet.org) is an international, non-profit (501c3) research organization dedicated to improving the security of the Internet at no cost to the public. With chapters around the world, our volunteers are firmly committed to the ideals of OpenSource. Our goal, simply put, is to make a difference.

About School of Mathematics, Statistics and Computer Science at Victoria University of Wellington
School of Mathematics, Statistics and Computer Science at Victoria University of Wellington (http://www.mcs.vuw.ac.nz/) is one of New Zealand's leading centers of research in each of its teaching disciplines of mathematics, statistics, operations research and computer science. The School attracts large external research grants and provides a range of services to the broader community to enhance the application of mathematical, statistical and advanced information technology in New Zealand. We utilize the knowledge generated from this cutting-edge research to create challenging, interesting and practical courses.

Contact Information:
Ralph Logan, Chief Public Relations Officer, Honeynet Project, 713-869-5162 or ralph.logan@honeynet.org
Christian Seifert, PhD Candidate, New Zealand Honeynet Project Lead, +1-206-265-1944, Christian.Seifert@gmail.com

Related links:
# http://www.honeynet.org
# http://blog.honeynet.org
# https://projects.honeynet.org/capture-hpc/wiki

Terms and conditions, including restrictions on redistribution, apply.
Copyright © 1999-2008 The Honeynet Project All Rights Reserved.

New Paper Released: KYE - Behind the Scenes of Malicious Web Servers - 07-11-2007 12:19
We are excited to announce the release of a new paper of our Know Your Enemy series, KYE: Behind the Scenes of Malicious Web Servers. In this paper, we increase our understanding of malicious web servers through analysis of several web exploitation kits that have appeared in 2006/07: WebAttacker, MPack, and IcePack. Our discoveries will necessitate adjustments on how we think about malicious web servers and will have direct implications on client honeypot technology and future studies.

Support mailing list for Capture-BAT is now available - 21-09-2007 11:29
We have setup a public mailing list for Capture-BAT. It allows you to discuss issues around installation & operation, request support, voice feature requests, share your findings, etc. You can access more information about the list at https://public.honeynet.org/mailman/listinfo/capture-bat.

New Client Honeynet Project Chapter - 09-09-2007 14:31
In order to consolidate our research on client honeypots on a global level, we have established a new chapter within the Honeynet Project that is dedicated to research on client honeypots, client-side attacks, and malicious servers: The Client Honeynet Project. All the work of the NZ Honeynet Project has moved to the new site. Expect a lot of new exciting things to come out from this new project ...

Release of Capture BAT 2.0 - 02-09-2007 20:58
The New Zealand Honeynet Project and Victoria University of Wellington are excited to announce the release of a new version of our behavioral analysis tool Capture BAT: version 2.0. There are many new exciting features in this release. The tool and the source code are available from http://newzealand.honeynet.org/cbatreleases.html. It is distributed under the GNU General Public License v2.

Announcing new KYE paper: Malicious Web Servers - 13-08-2007 14:20
The Honeynet Project & Research Alliance are excited to announce the release of a new paper in our Know Your Enemy series, "KYE: Malicious Web Servers". In this paper, we take an in-depth look at malicious web servers that attack web browsers, and we evaluate several defensive strategies that can be employed to counter this threat of clients-side attacks. All the malicious web servers identified in this study were found with our client honeypoet Capture-HPC, which we make freely available from our web site at http://newzealand.honeynet.org/capture.html.