“Fixing” the Advanced PHP Debugger

Abgelegt unter Sandbox am 30 September 2012
Other Languages: None

I’m by no means a C developer. I have never written a Zend extension before (there are actually some good starting points available) and I have only a rough idea whats happening in the PHP internals. So when the Advanced PHP Debugger (APD) failed to build on PHP –version >= 5.4 due to the new Zend Api (or engine) and after looking at the APD issues list, I decided to “extract” the renaming and overwriting feature of APD and pack it into something I called BFR – Better Function Replacer. I basically removed all unneeded functionality via an ugly “remove if build fails bring back” approach. It works and I would appreciate feedback.

Honeynet Project completes Cyber Fast Track Project: Web Application Honeypots

Abgelegt unter Glastopf, Honeypot am 12 September 2012
Other Languages: None

I successfully finished the Cyber Fast Track project with the Honeynet Project. Details can be found in the blog post from the Honeynet Project or in the final document which you should read if you are interested in the new changes in Glastopf v3.

Honeynet Project Annual Workshop 2012

Abgelegt unter General am 4 March 2012
Other Languages: None

Annual Workshop 2012The annual workshop is happening again this year. This time in San Francisco with an even better public day than last year. If you are interested and not yet registered, make sure to check out the workshops web site. We will have one public day with talks from Honeynet Project members and invited guests and hands-on training on the second day with highlights like: malware reversing engineering, android reverse malware forensics and Cuckoo box.

Cyscon is using Glastopf data

Abgelegt unter Glastopf am 4 March 2012
Other Languages: None

Cyscon’s Thorsten Kraft informed me recently that his company is using Glastopf data to generate abuse tickets which lead to take downs of compromised websites. It’s great to hear that people actually using the data we collect and furthermore extracting actionable information which makes the internet a safer place.

Wepawet XML report

Abgelegt unter Sandbox am 4 November 2011
Other Languages: None

In case anyone is also looking for the XML report for the Wepawet analysis:
Sadly this is nowhere documented and the feedback form is probably not checked very often.

I got root!

Abgelegt unter Glastopf, Honeypot, RFI, Sandbox, Web Honeypot am 17 September 2011
Other Languages: None

ID: FeeLCoMz
OS: Linux
UNAME: Linux Server 2.6.38-11-generic (*snip*)
USER: root
UID: uid=0(root) gid=0(root) groups=0(root)
DIR: /var/www
HDD: Used: 13.52 GB Free: 34.18 GB Total: 47.7 GB

No, not really:

php apd_sandbox.php samples/feelcomz.txt

Working on Glastopf

Abgelegt unter Glastopf, Honeypot am 8 September 2011
Other Languages: None

I was quite busy the last 6 months and not able to work on Glastopf at all. Which doesn’t mean I’m not doing related work.
Since one week, I got some free time and I’m finally able to work on Glastopf again. Main goal will be a revamp of the core. After this you will be able to use Glastopf in your tool (web server) with just a few lines of code:

import glastopf
response = glastopf.handle_request(data, self.addr)

I’ll also include a small web server so Glastopf will be still a stand-alone tool ;)
Glastopf will also benefit from my work on advanced dork lists and SQL injections from my internship during spring this year.
I have another 3 weeks for Glastopf before I’ll stay in Taiwan for 3 months. During those 3 months, I’ll be definitely able to continue my work.
I hope to release the next version in two weeks. Stay tuned!

Public Workshop Videos online

Abgelegt unter General am 25 April 2011
Other Languages: None

The videos are online, I recommend to watch them if you want to get an idea, what we are working on.

Honeynet Project finished GSoC’11 application

Abgelegt unter Honeypot am 12 March 2011
Other Languages: None

The Honeynet Project just finished their application for this years Google Summer of Code:

23:00 UTC Friday March 11th was the first deadline for Google Summer of Code 2011, and the cut off point for organizations interesting in participating to complete their org application.

I’m very pleased to confirm that the Honeynet Project have once again applied. Whilst we now patiently wait for Google to announce which organizations will be selected to participate on March 18th, interested prospective students can start looking at our our initial GSoC 2011 project ideas and find more information about getting involved with the Honeynet Project and Google Summer of Code 2011 here – including contact details for email and IRC. Please feel free to get in touch if you have any questions or project ideas.

Fingers crossed we’ll be working on some great student projects once again this summer, and big thanks to Google for their continued support for FOSS (and hopefully honeynet R&D!) in 2011 ;-)

Problems running GlastopfNG in a Desktop environment?

Abgelegt unter GlastopfNG, Honeypot am 12 March 2011
Other Languages: None

There was a issue reported when running GlastopfNG in a desktop environment a couple of months ago. The problem was the name of the log file used by the cleanLog reporting module: cleanLog.log. When starting up GlastopfNG, the module loader has tried to load the scripting engine for the cleanLog module based on the file extension. In the desktop environment case not *.rb (JRuby) but the *.log file extension. This obviously (there is no scripting module matching the log extension) cause trouble.
To solve the issue I had to change the log file name to logfile.log (the module loader checks the extension from the file called cleanLog.*) and adjust the config.xml accordingly.
I also release a fixed version: 1.2.2 available as usual here: http://dev.glastopf.org/projects/glastopfng/files (be careful Redmine sorts based on filename not date!).

Design von Robin Hastings - Farbanpassung von Ulysses Ronquillo